gostls13.git log

commit dd8b7ad9268c2fbde675132a41b4e4da02eef94d [browse]
Author: Gopher Robot
Date: 2025-08-06 11:05:37 -07:00

[release-branch.go1.23] go1.23.12

Change-Id: Ibd36536a8c9d9c8d90f466d420a30d4e3162ff25
Reviewed-on: https://go-review.googlesource.com/c/go/+/693698
TryBot-Bypass: Gopher Robot <gobot@golang.org>
Auto-Submit: Gopher Robot <gobot@golang.org>
Reviewed-by: Mark Freeman <markfreeman@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>

commit 8a924caaf348fdc366bab906424616b2974ad4e9 [browse]
Author: Damien Neil
Date: 2025-07-23 14:26:54 -07:00

[release-branch.go1.23] database/sql: avoid closing Rows while scan is in progress

A database/sql/driver.Rows can return database-owned data
from Rows.Next. The driver.Rows documentation doesn't explicitly
document the lifetime guarantees for this data, but a reasonable
expectation is that the caller of Next should only access it
until the next call to Rows.Close or Rows.Next.

Avoid violating that constraint when a query is cancelled while
a call to database/sql.Rows.Scan (note the difference between
the two different Rows types!) is in progress. We previously
took care to avoid closing a driver.Rows while the user has
access to driver-owned memory via a RawData, but we could still
close a driver.Rows while a Scan call was in the process of
reading previously-returned driver-owned data.

Update the fake DB used in database/sql tests to invalidate
returned data to help catch other places we might be
incorrectly retaining it.

Updates #74831
Fixes #74832

Change-Id: Ice45b5fad51b679c38e3e1d21ef39156b56d6037
Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2540
Reviewed-by: Roland Shoemaker <bracewell@google.com>
Reviewed-by: Neal Patel <nealpatel@google.com>
Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2601
Reviewed-on: https://go-review.googlesource.com/c/go/+/693558
TryBot-Bypass: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Mark Freeman <markfreeman@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Auto-Submit: Dmitri Shuralyov <dmitshur@google.com>

commit 8fa31a2d7d9e60c50a3a94080c097b6e65773f4b [browse]
Author: Olivier Mengué
Date: 2025-06-30 16:58:59 +02:00

[release-branch.go1.23] os/exec: fix incorrect expansion of "", "." and ".." in LookPath

Fix incorrect expansion of "" and "." when $PATH contains an executable
file or, on Windows, a parent directory of a %PATH% element contains an
file with the same name as the %PATH% element but with one of the
%PATHEXT% extension (ex: C:\utils\bin is in PATH, and C:\utils\bin.exe
exists).

Fix incorrect expansion of ".." when $PATH contains an element which is
an the concatenation of the path to an executable file (or on Windows
a path that can be expanded to an executable by appending a %PATHEXT%
extension), a path separator and a name.

"", "." and ".." are now rejected early with ErrNotFound.

Fixes CVE-2025-47906
Fixes #74803

Change-Id: Ie50cc0a660fce8fbdc952a7f2e05c36062dcb50e
Reviewed-on: https://go-review.googlesource.com/c/go/+/685755
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Damien Neil <dneil@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
(cherry picked from commit e0b07dc22eaab1b003d98ad6d63cdfacc76c5c70)
Reviewed-on: https://go-review.googlesource.com/c/go/+/691855
Reviewed-by: Michael Knyszek <mknyszek@google.com>

commit e8794e650e05fad07a33fb6e3266a9e677d13fa8 [browse]
Author: Keith Randall
Date: 2025-07-21 10:09:35 -07:00

[release-branch.go1.23] cmd/compile: for arm64 epilog, do SP increment with a single instruction

That way, the frame is atomically popped. Previously, for big frames
the SP was unwound in two steps (because arm64 can only add constants
up to 1<<12 in a single instruction).

Fixes #74693

Change-Id: I382c249194ad7bc9fc19607c27487c58d90d49e5
Reviewed-on: https://go-review.googlesource.com/c/go/+/689235
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Michael Pratt <mpratt@google.com>
Reviewed-by: Keith Randall <khr@google.com>
(cherry picked from commit f7cc61e7d7f77521e073137c6045ba73f66ef902)
Reviewed-on: https://go-review.googlesource.com/c/go/+/689595

commit 6c9c80b61198430eedfd02c98d4f5baf8abd085e [browse]
Author: Dmitri Shuralyov
Date: 2025-07-23 14:01:42 -04:00

[release-branch.go1.23] cmd/go: skip known TestScript/build_trimpath_cgo failure on darwin/arm64

The failure is understood. Skip the test since it's failing without
producing new information.

For #73922.
Fixes #74721.

Change-Id: I339882e1a9772255b185a33daf8dee97f764f830
Reviewed-on: https://go-review.googlesource.com/c/go/+/689917
TryBot-Bypass: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Michael Matloob <matloob@golang.org>
Reviewed-by: Michael Knyszek <mknyszek@google.com>

clone the repository to get more history