commit f3c81ed821268e2f2e2945b0816f495809bbdf21 [browse]
Author: Andrew Gerrand
Date: 2014-09-25 22:32:20 Z

go1.3.2

commit ef34616d6b292c3ef30d16e553efcca66c3052f3 [browse]
Author: Andrew Gerrand
Date: 2014-09-25 22:32:20 Z

[release-branch.go1.3] doc: document Go 1.3.2

commit 247820ff6bfba6e1b7891f4bfc25511d68761d5d [browse]
Author: Andrew Gerrand
Date: 2014-09-25 22:32:20 Z

[release-branch.go1.3] crypto/tls: ensure that we don't resume when tickets are disabled

A security bug affects programs that use crypto/tls to implement a TLS server
from Go 1.1 onwards. If the server enables TLS client authentication using
certificates (this is rare) and explicitly sets SessionTicketsDisabled to true
in the tls.Config, then a malicious client can falsely assert ownership of any
client certificate it wishes.

This issue was discovered internally and there is no evidence of exploitation.

Change authored by Adam Langley <agl@golang.org>
https://golang.org/cl/148080043/

commit 7935b51b8b5cbc07f572a28dc2f82e03e5fcb449 [browse]
Author: Russ Cox
Date: 2014-09-26 08:06:45 +10:00

[release-branch.go1.3] runtime: keep g->syscallsp consistent after cgo->Go callbacks

This is a manual backport of CL 131910043
to the Go 1.3 release branch.

We believe this CL can cause arbitrary corruption
in programs that call into C from Go and then
call back into Go from C.

This change will be released in Go 1.3.2.

LGTM=iant
R=iant, hector
CC=adg, dvyukov, golang-codereviews, r
https://golang.org/cl/142690043

commit a3bfff1fbd67a91c1397abf5ec0332ac636c5360 [browse]
Author: Russ Cox
Date: 2014-09-25 14:14:11 -04:00

[release-branch.go1.3] net/http/httptest: disable TestIssue7264

This fails on my OS X machine,
just like it did in default branch.
In the default branch we removed the test.
It's just buggy.

LGTM=bradfitz
R=bradfitz
CC=golang-codereviews
https://golang.org/cl/144610043