gostls13.git log

commit e58941fc25771784319ebd0178e566ecf7d3d8c1 [browse]
Author: Gopher Robot
Date: 2023-07-11 15:32:18 Z

[release-branch.go1.19] go1.19.11

Change-Id: Ic6685cba7c4cf96dfc0c837df90002f557e9e86a
Reviewed-on: https://go-review.googlesource.com/c/go/+/508837
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Gopher Robot <gobot@golang.org>
Reviewed-by: Cherry Mui <cherryyz@google.com>
Reviewed-by: Heschi Kreinick <heschi@google.com>
Auto-Submit: Gopher Robot <gobot@golang.org>

commit 5fa6923b1ea891400153d04ddf1545e23b40041b [browse]
Author: Damien Neil
Date: 2023-06-28 13:20:08 -07:00

[release-branch.go1.19] net/http: validate Host header before sending

Verify that the Host header we send is valid.
Avoids surprising behavior such as a Host of "go.dev\r\nX-Evil:oops"
adding an X-Evil header to HTTP/1 requests.

Add a test, skip the test for HTTP/2. HTTP/2 is not vulnerable to
header injection in the way HTTP/1 is, but x/net/http2 doesn't validate
the header and will go into a retry loop when the server rejects it.
CL 506995 adds the necessary validation to x/net/http2.

Updates #60374
Fixes #61075
For CVE-2023-29406

Change-Id: I05cb6866a9bead043101954dfded199258c6dd04
Reviewed-on: https://go-review.googlesource.com/c/go/+/506996
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Damien Neil <dneil@google.com>
(cherry picked from commit 499458f7ca04087958987a33c2703c3ef03e27e2)
Reviewed-on: https://go-review.googlesource.com/c/go/+/507358
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>

commit c4590af14915e7f0aef40da4dec824eb8e3a419b [browse]
Author: Jelle van den Hooff
Date: 2023-06-21 18:28:05 -07:00

[release-branch.go1.19] runtime: set raceignore to zero when starting a new goroutine

When reusing a g struct the runtime did not reset
g.raceignore. Initialize raceignore to zero when initially
setting racectx.

A goroutine can end with a non-zero raceignore if it exits
after calling runtime.RaceDisable without a matching
runtime.RaceEnable. If that goroutine's g is later reused
the race detector is in a weird state: the underlying
g.racectx is active, yet g.raceignore is non-zero, and
raceacquire/racerelease which check g.raceignore become
no-ops. This causes the race detector to report races when
there are none.

For #60934
Fixes #60948

Change-Id: Ib8e412f11badbaf69a480f03740da70891f4093f
Reviewed-on: https://go-review.googlesource.com/c/go/+/505055
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Michael Knyszek <mknyszek@google.com>
(cherry picked from commit 48dbb6227acf3ebc8ac21924567aa2b6d5064915)
Reviewed-on: https://go-review.googlesource.com/c/go/+/505675
Reviewed-by: Keith Randall <khr@google.com>
Reviewed-by: Keith Randall <khr@golang.org>
TryBot-Bypass: Carlos Amedee <carlos@golang.org>

commit 16b198519bba9fefbf153f33d1fc198229b8c35c [browse]
Author: Alex Brainman
Date: 2023-03-04 14:35:35 +11:00

[release-branch.go1.19] runtime: allow for 5 more threads in TestWindowsStackMemory*

Original version of TestWindowsStackMemory did not consider sysmon and
other threads running during the test. Allow for 5 extra threads in this
test - this should cover any new threads in the future.

For #58570
Fixes #61054

Change-Id: I215790f9b94ff40a32ddd7aa54af715d1dc391c6
Reviewed-on: https://go-review.googlesource.com/c/go/+/473415
Reviewed-by: Michael Pratt <mpratt@google.com>
Run-TryBot: Alex Brainman <alex.brainman@gmail.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Cherry Mui <cherryyz@google.com>
(cherry picked from commit f6cbc1da05da141a78ee33954b52d17642c95130)
Reviewed-on: https://go-review.googlesource.com/c/go/+/506975
Run-TryBot: Michael Knyszek <mknyszek@google.com>
Auto-Submit: Michael Knyszek <mknyszek@google.com>
(cherry picked from commit 08a58dd8b6337c9bac93face4c386a918a3dd97b)
Reviewed-on: https://go-review.googlesource.com/c/go/+/506976
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>

commit 9a2e6c9cc2ffa970b8ac5ecf0ea272415e1d9e03 [browse]
Author: Cuong Manh Le
Date: 2023-06-07 10:18:06 +07:00

[release-branch.go1.19] cmd/go: skip TestScript/gccgo_link_ldflags on aix/ppc64

The gccgo on the builder is not updated to support runtime/cgo

For #60306.
For #60513.

Change-Id: If0fb1ccdf589cc9741f6a065bacfa4f06e64ec15
Reviewed-on: https://go-review.googlesource.com/c/go/+/501435
Reviewed-by: Ian Lance Taylor <iant@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Cuong Manh Le <cuong.manhle.vn@gmail.com>
Reviewed-by: Benny Siegert <bsiegert@gmail.com>
Auto-Submit: Cuong Manh Le <cuong.manhle.vn@gmail.com>
(cherry picked from commit 688d75b14fd7646d66c18825f22f0a67e9fafd9e)
Reviewed-on: https://go-review.googlesource.com/c/go/+/505596
Auto-Submit: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Than McIntosh <thanm@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Run-TryBot: Dmitri Shuralyov <dmitshur@golang.org>

clone the repository to get more history