gostls13.git log

commit adbfb672ba485630d75f8b5598228a63f4af08a4 [browse]
Author: Gopher Robot
Date: 2024-05-07 15:34:35 Z

[release-branch.go1.22] go1.22.3

Change-Id: Ie006d71637a9fa66c225f3fd6cb19dae2a403e76
Reviewed-on: https://go-review.googlesource.com/c/go/+/583856
Auto-Submit: Gopher Robot <gobot@golang.org>
Reviewed-by: Cherry Mui <cherryyz@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: David Chase <drchase@google.com>

commit fa0292d252c762ff3de92b87d13417c50704f3a0 [browse]
Author: Roland Shoemaker
Date: 2024-04-25 13:09:54 -07:00

[release-branch.go1.22] cmd/go: disallow -lto_library in LDFLAGS

The darwin linker allows setting the LTO library with the -lto_library
flag. This wasn't caught by our "safe linker flags" check because it
was covered by the -lx flag used for linking libraries. This change
adds a specific check for excluded flags which otherwise satisfy our
existing checks.

Loading a mallicious LTO library would allow an attacker to cause the
linker to execute abritrary code when "go build" was called.

Thanks to Juho Forsén of Mattermost for reporting this issue.

Fixes #67119
Fixes #67122
Fixes CVE-2024-24787

Change-Id: I77ac8585efbdbdfd5f39c39ed623b9408a0f9eaf
Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/1380
Reviewed-by: Russ Cox <rsc@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
(cherry picked from commit 9a79141fbbca1105e5c786f15e38741ca7843290)
Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/1420
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/583796
Reviewed-by: David Chase <drchase@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>

commit 947e43e3711948aa3f4d2bbb55ae51ccf54e7638 [browse]
Author: Cherry Mui
Date: 2024-05-06 20:16:53 Z

[release-branch.go1.22] Revert "cmd/compile: don't combine loads in generated equality functions"

This reverts CL 583417.

Reason for revert: release branch is currently frozen.

Change-Id: Ia6223911e0e124f14509c4bf978d7e37688e3d4c
Reviewed-on: https://go-review.googlesource.com/c/go/+/582960
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>

commit 9d2e28501c7dea1c0ddde00ac683105d0bfe9f63 [browse]
Author: khr@golang.org
Date: 2024-05-03 12:55:34 -07:00

[release-branch.go1.22] cmd/compile: don't combine loads in generated equality functions

... if the architecture can't do unaligned loads.
We already handle this in a few places, but this particular place
was added in CL 399542 and missed this additional restriction.

Fixes #67212

Change-Id: I45988f11ff3ed45df1c4da3f0931ab1fdb22dbfe
Reviewed-on: https://go-review.googlesource.com/c/go/+/583175
Reviewed-by: Cuong Manh Le <cuong.manhle.vn@gmail.com>
Auto-Submit: Keith Randall <khr@google.com>
Reviewed-by: Keith Randall <khr@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Derek Parker <parkerderek86@gmail.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
(cherry picked from commit 3c72dd513c30df60c0624360e98a77c4ae7ca7c8)
Reviewed-on: https://go-review.googlesource.com/c/go/+/583417

commit 93d8777d244962d1b706c0b695c8b72e9702577e [browse]
Author: Ian Lance Taylor
Date: 2024-04-11 14:36:25 -07:00

[release-branch.go1.22] net: check SkipAdditional error result

This will avoid a potential endless loop for a corrupt DNS packet.

For #66754
Fixes #67040

Change-Id: I46591b3f7695bcc88d2312833e45955f8c129d2b
Reviewed-on: https://go-review.googlesource.com/c/go/+/578375
Reviewed-by: Damien Neil <dneil@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Commit-Queue: Ian Lance Taylor <iant@google.com>
Auto-Submit: Ian Lance Taylor <iant@google.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
(cherry picked from commit ddfab21e464b9b4c15fe3dc97eb5d93a4932f434)
Reviewed-on: https://go-review.googlesource.com/c/go/+/581816
Reviewed-by: David Chase <drchase@google.com>

clone the repository to get more history