gostls13.git log

commit ace5bb40d027b718b67556afcd31bf54cff050ab [browse]
Author: Gopher Robot
Date: 2024-06-04 17:44:00 Z

[release-branch.go1.22] go1.22.4

Change-Id: I7bdd3eccef31bfc66be5f5ebf6d124005f0c2bf7
Reviewed-on: https://go-review.googlesource.com/c/go/+/590418
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Gopher Robot <gobot@golang.org>
Reviewed-by: Matthew Dempsky <mdempsky@google.com>
Reviewed-by: Michael Knyszek <mknyszek@google.com>

commit 12d5810cdb1f73cf23d7a86462143e9463317fca [browse]
Author: Roland Shoemaker
Date: 2024-05-28 13:26:31 -07:00

[release-branch.go1.22] net/netip: check if address is v6 mapped in Is methods

In all of the Is* methods, check if the address is a v6 mapped v4
address, and unmap it if so.

Thanks to Enze Wang of Alioth (@zer0yu) and Jianjun Chen of Zhongguancun
Lab (@chenjj) for reporting this issue.

Fixes #67680
Fixes #67682
Fixes CVE-2024-24790

Change-Id: I6bd03ca1a5d93a0b59027d861c84060967b265b0
Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/1460
Reviewed-by: Russ Cox <rsc@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
(cherry picked from commit f7f270c1621fdc7ee48e0487b2fac0356947d19b)
Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/1480
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/590296
Auto-Submit: Michael Knyszek <mknyszek@google.com>
Reviewed-by: David Chase <drchase@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>

commit 745657509e0598cc883f63900910ed847d84dfbb [browse]
Author: Kir Kolyshkin
Date: 2024-05-25 23:08:37 -07:00

[release-branch.go1.22] os: RemoveAll: fix symlink race for unix

Since all the platforms now support O_DIRECTORY flag for open, it can be
used to (together with O_NOFOLLOW) to ensure we open a directory, thus
eliminating the need to call stat before open. This fixes the symlink race,
when a directory is replaced by a symlink in between stat and open calls.

While at it, rename openFdAt to openDirAt, because this function is (and was)
meant for directories only.

NOTE Solaris supports O_DIRECTORY since before Solaris 11 (which is the
only version Go supports since supported version now), and Illumos
always had it. The only missing piece was O_DIRECTORY flag value, which
is taken from golang.org/x/sys/unix.

Fixes #67696.

Change-Id: Ic1111d688eebc8804a87d39d3261c2a6eb33f176
Reviewed-on: https://go-review.googlesource.com/c/go/+/589056
Auto-Submit: Matthew Dempsky <mdempsky@google.com>
Reviewed-by: Carlos Amedee <carlos@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Matthew Dempsky <mdempsky@google.com>

commit 95389d3d9d403f6a408258524556db0c629da049 [browse]
Author: Kir Kolyshkin
Date: 2024-05-23 14:12:10 -07:00

[release-branch.go1.22] runtime: x_cgo_getstackbound: initialize pthread attr

In glibc versions older than 2.32 (before commit 4721f95058),
pthread_getattr_np does not always initialize the `attr` argument,
and when it fails, it results in a NULL pointer dereference in
pthread_attr_destroy down the road.

This is the simplest way to avoid this, and an alternative to CL 585019.

Fixes #67650.

Change-Id: If490fd37020b03eb084ebbdbf9ae0248916426d0
Reviewed-on: https://go-review.googlesource.com/c/go/+/587919
Auto-Submit: Ian Lance Taylor <iant@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Cherry Mui <cherryyz@google.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/587979
Reviewed-by: Carlos Amedee <carlos@golang.org>
Auto-Submit: Matthew Dempsky <mdempsky@google.com>
Reviewed-by: Matthew Dempsky <mdempsky@google.com>
Commit-Queue: Matthew Dempsky <mdempsky@google.com>

commit cf501ac0c5fe351a8582d20b43562027927906e7 [browse]
Author: Damien Neil
Date: 2024-05-14 14:39:10 -07:00

[release-branch.go1.22] archive/zip: treat truncated EOCDR comment as an error

When scanning for an end of central directory record,
treat an EOCDR signature with a record containing a truncated
comment as an error. Previously, we would skip over the invalid
record and look for another one. Other implementations do not
do this (they either consider this a hard error, or just ignore
the truncated comment). This parser misalignment allowed
presenting entirely different archive contents to Go programs
and other zip decoders.

For #66869
Fixes #67554

Change-Id: I94e5cb028534bb5704588b8af27f1e22ea49c7c6
Reviewed-on: https://go-review.googlesource.com/c/go/+/585397
Reviewed-by: Joseph Tsai <joetsai@digital-static.net>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
(cherry picked from commit 33d725e5758bf1fea62e6c77fc70b57a828a49f5)
Reviewed-on: https://go-review.googlesource.com/c/go/+/588796
Reviewed-by: Matthew Dempsky <mdempsky@google.com>

clone the repository to get more history