gostls13.git log

commit f5bcb9b8fe9dd8949d4682b74be6ba72e5d554fb [browse]
Author: Chris Broadfoot
Date: 2017-10-04 11:38:15 -07:00

[release-branch.go1.8] go1.8.4

Change-Id: Iae6c1ccd1e42656fa5a57d6367e43085143cd590
Reviewed-on: https://go-review.googlesource.com/68234
Reviewed-by: Russ Cox <rsc@golang.org>

commit 4be3fc33ef512532b916aa14258087e89eb47347 [browse]
Author: Russ Cox
Date: 2017-10-04 13:24:49 -04:00

[release-branch.go1.8] net/smtp: fix PlainAuth to refuse to send passwords to non-TLS servers

PlainAuth originally refused to send passwords to non-TLS servers
and was documented as such.

In 2013, issue #5184 was filed objecting to the TLS requirement,
despite the fact that it is spelled out clearly in RFC 4954.
The only possibly legitimate use case raised was using PLAIN auth
for connections to localhost, and the suggested fix was to let the
server decide: if it advertises that PLAIN auth is OK, believe it.
That approach was adopted in CL 8279043 and released in Go 1.1.

Unfortunately, this is exactly wrong. The whole point of the TLS
requirement is to make sure not to send the password to the wrong
server or to a man-in-the-middle. Instead of implementing this rule,
CL 8279043 blindly trusts the server, so that if a man-in-the-middle
says "it's OK, you can send me your password," PlainAuth does.
And the documentation was not updated to reflect any of this.

This CL restores the original TLS check, as required by RFC 4954
and as promised in the documentation for PlainAuth.
It then carves out a documented exception for connections made
to localhost (defined as "localhost", "127.0.0.1", or "::1").

Cherry-pick of CL 68170.

Change-Id: I1d3729bbd33aa2f11a03f4c000e6bb473164957b
Reviewed-on: https://go-review.googlesource.com/68023
Run-TryBot: Russ Cox <rsc@golang.org>
Reviewed-by: Chris Broadfoot <cbro@golang.org>

commit a4544a0f8af001d1fb6df0e70750f570ec49ccf9 [browse]
Author: Russ Cox
Date: 2017-09-22 12:17:21 -04:00

[release-branch.go1.8] cmd/go: reject update of VCS inside VCS

Cherry-pick of CL 68110.

Change-Id: Iae84c6404ab5eeb6950faa2364f97a017c67c506
Reviewed-on: https://go-review.googlesource.com/68190
Run-TryBot: Russ Cox <rsc@golang.org>
Reviewed-by: Chris Broadfoot <cbro@golang.org>

commit 9d1d78c34cc6cd5070d73cef2046e60c15c61951 [browse]
Author: Russ Cox
Date: 2017-10-04 12:28:20 -04:00

[release-branch.go1.8] runtime: deflake TestPeriodicGC

It was only waiting 0.1 seconds for the two GCs it wanted.
Let it wait 1 second.

Change-Id: Ib3cdc8127cbf95694a9f173643c02529a85063af
Reviewed-on: https://go-review.googlesource.com/68150
Run-TryBot: Russ Cox <rsc@golang.org>
Reviewed-by: Chris Broadfoot <cbro@golang.org>
Reviewed-by: Austin Clements <austin@google.com>

commit d45b26b1b7e7ac1823156b0a027911413e993d75 [browse]
Author: Alex Brainman
Date: 2017-04-30 15:51:55 +10:00

[release-branch.go1.8] os: skip TestNetworkSymbolicLink if Server service is not started

Fixes #20179

Change-Id: I2b405c9a212a75aae628ad51885616d33c054191
Reviewed-on: https://go-review.googlesource.com/42190
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-on: https://go-review.googlesource.com/68030
Run-TryBot: Chris Broadfoot <cbro@golang.org>
Reviewed-by: Alex Brainman <alex.brainman@gmail.com>
Reviewed-by: Ian Lance Taylor <iant@golang.org>

clone the repository to get more history