- 11 Jun, 2019 2 commits
-
-
Dmitri Shuralyov authored
Change-Id: If078ff25a79a18429e3383207eae32bb9c8aec12 Reviewed-on: https://go-review.googlesource.com/c/go/+/181657Reviewed-by:
Katie Hockman <katie@golang.org> Reviewed-by:
Filippo Valsorda <filippo@golang.org> Run-TryBot: Dmitri Shuralyov <dmitshur@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>
-
Dmitri Shuralyov authored
Change-Id: I1c3e3305dfee4545a6caedd48243770ab3b28277 Reviewed-on: https://go-review.googlesource.com/c/go/+/181550Reviewed-by:
-
- 07 Jun, 2019 1 commit
-
-
Filippo Valsorda authored
CFDictionaryGetValueIfPresent does not take ownership of the value, so releasing the properties dictionary before passing the value to CFEqual can crash. Not really clear why this works most of the time. See https://developer.apple.com/library/archive/documentation/CoreFoundation/Conceptual/CFMemoryMgmt/Concepts/Ownership.html Fixes #32281 Updates #28092 Updates #30763 Change-Id: I5ee7ca276b753a48abc3aedfb78b8af68b448dd4 Reviewed-on: https://go-review.googlesource.com/c/go/+/178537Reviewed-by:
Adam Langley <agl@golang.org> (cherry picked from commit a3d4655c) Reviewed-on: https://go-review.googlesource.com/c/go/+/179340 Run-TryBot: Dmitri Shuralyov <dmitshur@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by:
Dmitri Shuralyov <dmitshur@golang.org>
-
- 06 May, 2019 3 commits
-
-
Andrew Bonventre authored
Change-Id: Id0cb0233c689fd97aa37870126d19b472bd1b85d Reviewed-on: https://go-review.googlesource.com/c/go/+/175445 Run-TryBot: Andrew Bonventre <andybons@golang.org> Reviewed-by:
Brad Fitzpatrick <bradfitz@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>
-
Andrew Bonventre authored
Change-Id: Icca4495f727e3921b717a4bbb441cd832d321d46 Reviewed-on: https://go-review.googlesource.com/c/go/+/175439Reviewed-by:
Andrew Bonventre <andybons@golang.org>
-
Jason A. Donenfeld authored
While many other call sites have been moved to using the proper higher-level system loading, these areas were left out. This prevents DLL directory injection attacks. This includes both the runtime load calls (using LoadLibrary prior) and the implicitly linked ones via cgo_import_dynamic, which we move to our LoadLibraryEx. The goal is to only loosely load kernel32.dll and strictly load all others. Meanwhile we make sure that we never fallback to insecure loading on older or unpatched systems. This is CVE-2019-9634. Fixes #30989 Updates #14959 Updates #28978 Updates #30642 Change-Id: I401a13ed8db248ab1bb5039bf2d31915cac72b93 Reviewed-on: https://go-review.googlesource.com/c/go/+/165798 Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by:
Alex Brainman <alex.brainman@gmail.com> (cherry picked from commit 9b6e9f0c) Reviewed-on: https://go-review.googlesource.com/c/go/+/175378 Run-TryBot: Dmitri Shuralyov <dmitshur@golang.org> Reviewed-by:
-
- 22 Apr, 2019 1 commit
-
-
Ian Lance Taylor authored
The test doesn't really require cgo, but it does require that we know the right flags to use to run the C compiler, and that is not necessarily correct if we don't support cgo. Fixes #31565 Change-Id: I04dc8db26697caa470e91ad712376aa621cf765d Reviewed-on: https://go-review.googlesource.com/c/go/+/172981 Run-TryBot: Ian Lance Taylor <iant@golang.org> Reviewed-by:
-
- 18 Apr, 2019 1 commit
-
-
Ian Lance Taylor authored
New versions of clang can generate multiple sections named ".text" when using vague C++ linkage. This is valid ELF, but would cause the Go linker to report an error when using internal linking: symbol PACKAGEPATH(.text) listed multiple times Avoid the problem by renaming section symbol names if there is a name collision. Change-Id: I41127e95003d5b4554aaf849177b3fe000382c02 Reviewed-on: https://go-review.googlesource.com/c/go/+/172697 Run-TryBot: Ian Lance Taylor <iant@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by:Cherry Zhang <cherryyz@google.com> (cherry picked from commit 3235f7c0) Reviewed-on: https://go-review.googlesource.com/c/go/+/172702
-
- 11 Apr, 2019 2 commits
-
-
Andrew Bonventre authored
Change-Id: If4ab7c431f11a2d3db677b323dd85e0e8ce6de03 Reviewed-on: https://go-review.googlesource.com/c/go/+/171837 Run-TryBot: Andrew Bonventre <andybons@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by:
-
Brad Fitzpatrick authored
Updates #31293 Change-Id: I3d72f732be7b28059310ea6fc134c3bfac81492d Reviewed-on: https://go-review.googlesource.com/c/go/+/171578Reviewed-by:
Bryan C. Mills <bcmills@google.com>
-
- 08 Apr, 2019 3 commits
-
-
Andrew Bonventre authored
Change-Id: Ie15c45050f817213b3f5955dc98b48a6cf2a6317 Reviewed-on: https://go-review.googlesource.com/c/go/+/171148 Run-TryBot: Andrew Bonventre <andybons@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by:
-
Andrew Bonventre authored
Change-Id: I09e0c2720ec0a51dc73c24b4550a749448656025 Reviewed-on: https://go-review.googlesource.com/c/go/+/171143Reviewed-by:
-
Andrew Bonventre authored
Change-Id: Ia06f7005f466e55a22c76bf2b47d74ee8eb77dd1 Reviewed-on: https://go-review.googlesource.com/c/go/+/171139Reviewed-by:
-
- 05 Apr, 2019 2 commits
-
-
Andrew Bonventre authored
Change-Id: I14c2be9eedb5332d0b3a66029a86f7cb9e6091cc Reviewed-on: https://go-review.googlesource.com/c/go/+/170889 Run-TryBot: Andrew Bonventre <andybons@golang.org> Reviewed-by:
-
Andrew Bonventre authored
Change-Id: Iec5e69b3ea163f42234d3b73696427a7aa8732e3 Reviewed-on: https://go-review.googlesource.com/c/go/+/170884Reviewed-by:
-
- 27 Mar, 2019 1 commit
-
-
Brad Fitzpatrick authored
Google's 8.8.8.8 DNS server used to reports its reverse DNS name as ending in ".google.com". Now it's "dns.google.". Change-Id: I7dd15f03239e5c3f202e471618ab867690cb4f9d Reviewed-on: https://go-review.googlesource.com/c/go/+/169679 Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by:
-
- 19 Mar, 2019 1 commit
-
-
Austin Clements authored
The current wasm write barrier implementation incorrectly implements the "deletion" part of the barrier. It correctly greys the new value of the pointer, but rather than also greying the old value of the pointer, it greys the object containing the slot (which, since the old value was just overwritten, is not going to contain the old value). This can lead to unmarked, reachable objects. Often, this is masked by other marking activity, but one specific sequence that can lead to an unmarked object because of this bug is: 1. Initially, GC is off, object A is reachable from just one pointer in the heap. 2. GC starts and scans the stack of goroutine G. 3. G copies the pointer to A on to its stack and overwrites the pointer to A in the heap. (Now A is reachable only from G's stack.) 4. GC finishes while A is still reachable from G's stack. With a functioning deletion barrier, step 3 causes A to be greyed. Without a functioning deletion barrier, nothing causes A to be greyed, so A will be freed even though it's still reachable from G's stack. This CL fixes the wasm write barrier. Fixes #30872. Change-Id: I8a74ee517facd3aa9ad606e5424bcf8f0d78e754 Reviewed-on: https://go-review.googlesource.com/c/go/+/167743 Run-TryBot: Austin Clements <austin@google.com> Reviewed-by:
-
- 14 Mar, 2019 3 commits
-
-
Andrew Bonventre authored
Change-Id: I944d7cb825b8791486446d78feae9eed0a5479c4 Reviewed-on: https://go-review.googlesource.com/c/go/+/167705 Run-TryBot: Andrew Bonventre <andybons@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by:
-
Michael Anthony Knyszek authored
This change splits a testprog out of TestLockOSThreadExit and makes it its own test. Then, this change makes the testprog exit prematurely with a special message if unshare fails with EPERM because not all of the builders allow the user to call the unshare syscall. Also, do some minor cleanup on the TestLockOSThread* tests. Fixes #29366. Change-Id: Id8a9f6c4b16e26af92ed2916b90b0249ba226dbe Reviewed-on: https://go-review.googlesource.com/c/155437 Run-TryBot: Michael Knyszek <mknyszek@google.com> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by:
Michael Knyszek <mknyszek@google.com>
-
Andrew Bonventre authored
Change-Id: I99832fa4f2c3ec28e2dad46cf7607f3766948031 Reviewed-on: https://go-review.googlesource.com/c/go/+/167698Reviewed-by:
-
- 27 Feb, 2019 1 commit
-
-
Tobias Klauser authored
After CL 128056 the build fails on darwin/386 with src/crypto/x509/root_cgo_darwin.go:218:55: warning: values of type 'SInt32' should not be used as format arguments; add an explicit cast to 'int' instead [-Wformat] go build crypto/x509: C compiler warning promoted to error on Go builders Fix the warning by explicitly casting the argument to an int as suggested by the warning. Fixes #30444 Change-Id: Icb6bd622a543e9bc5f669fd3d7abd418b4a8e579 Reviewed-on: https://go-review.googlesource.com/c/152958 Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by:
Ian Lance Taylor <iant@golang.org> (cherry picked from commit ec0077c5) Reviewed-on: https://go-review.googlesource.com/c/164240 Run-TryBot: Filippo Valsorda <filippo@golang.org> Reviewed-by:
-
- 26 Feb, 2019 1 commit
-
-
Filippo Valsorda authored
If a certificate somehow has an AKID, it should still chain successfully to a parent without a SKID, even if the latter is invalid according to RFC 5280, because only the Subject is authoritative. This reverts to the behavior before #29233 was fixed in 77013065. Roots with the right subject will still be shadowed by roots with the right SKID and the wrong subject, but that's been the case for a long time, and is left for a more complete fix in Go 1.13. Updates #30079 Fixes #30081 Change-Id: If8ab0179aca86cb74caa926d1ef93fb5e416b4bb Reviewed-on: https://go-review.googlesource.com/c/161097Reviewed-by:
-
- 25 Feb, 2019 1 commit
-
-
Cherry Zhang authored
In the case of x+d >= w, where d and w are constants, we are deriving x is within the bound of min=w-d and max=maxInt-d. When there is an overflow (min >= max), we know only one of x >= min or x <= max is true, and we derive this by excluding the other. When excluding x >= min, we did not consider the equal case, so we could incorrectly derive x <= max when x == min. Updates #29502. Fixes #29503. Change-Id: Ia9f7d814264b1a3ddf78f52e2ce23377450e6e8a Reviewed-on: https://go-review.googlesource.com/c/156019Reviewed-by:
David Chase <drchase@google.com> (cherry picked from commit 2e217fa7) Reviewed-on: https://go-review.googlesource.com/c/163724 Run-TryBot: Cherry Zhang <cherryyz@google.com> Reviewed-by:
-
- 22 Feb, 2019 2 commits
-
-
Filippo Valsorda authored
Certificates without any trust settings might still be in the keychain (for example if they used to have some, or if they are intermediates for offline verification), but they are not to be trusted. The only ones we can trust unconditionally are the ones in the system roots store. Moreover, the verify-cert invocation was not specifying the ssl policy, defaulting instead to the basic one. We have no way of communicating different usages in a CertPool, so stick to the WebPKI use-case as the primary one for crypto/x509. Updates #24652 Fixes #26039 Change-Id: Ife8b3d2f4026daa1223aa81fac44aeeb4f96528a Reviewed-on: https://go-review.googlesource.com/c/128116Reviewed-by:
Adam Langley <agl@google.com> Reviewed-by:
-
Filippo Valsorda authored
The cgo path was not taking policies into account, using the last security setting in the array whatever it was. Also, it was not aware of the defaults for empty security settings, and for security settings without a result type. Finally, certificates restricted to a hostname were considered roots. The API docs for this code are partial and not very clear, so this is a best effort, really. Updates #24652 Updates #26039 Change-Id: I8fa2fe4706f44f3d963b32e0615d149e997b537d Reviewed-on: https://go-review.googlesource.com/c/128056 Run-TryBot: Filippo Valsorda <filippo@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by:
-
- 01 Feb, 2019 4 commits
-
-
Yuval Pavel Zholkover authored
CL 159859 causes build failure with old clang versions (3.4.1) on FreeBSD 10.3/10.4. Update #29962 Reviewed-on: https://go-review.googlesource.com/c/160777 Run-TryBot: Ian Lance Taylor <iant@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by:
-
Ian Lance Taylor authored
GCC 9 has started emitting warnings when taking the address of a field in a packed struct may cause a misaligned pointer. We use packed structs in cgo to ensure that our field layout matches the C compiler's layout. Our pointers are always aligned, so disable the warning Updates #29962 Fixes #29967 Change-Id: I7e290a7cf694a2c2958529e340ebed9fcd62089c Reviewed-on: https://go-review.googlesource.com/c/159859 Run-TryBot: Ian Lance Taylor <iant@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by:
-
Brad Fitzpatrick authored
Cherry pick of combined CL 159157 + CL 160178. Fixes #29923 Updates #27302 Updates #22907 Change-Id: I6de92c14284595a58321a4b4d53229285979b872 Reviewed-on: https://go-review.googlesource.com/c/160798 Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by:
-
Yuval Pavel Zholkover authored
The in-tree GDB is too old (6.1.1) on all the builders except the FreeBSD 12.0 one, where it was removed from the base system. Update #29508 Change-Id: Ib6091cd86440ea005f3f903549a0223a96621a6f Reviewed-on: https://go-review.googlesource.com/c/156717Reviewed-by:
Yuval Pavel Zholkover <paulzhol@gmail.com>
-
- 23 Jan, 2019 5 commits
-
-
Julie Qiu authored
Change-Id: Ic59638be13c6dadeccd5974ec6cd9ef4b5b4b526
-
Julie Qiu authored
Change-Id: Ib957fc19ae0633f77e2a5a9219f7a11ceda3f092 Reviewed-on: https://team-review.git.corp.google.com/c/400909Reviewed-by:
Filippo Valsorda <valsorda@google.com>
-
Ian Lance Taylor authored
Fixes #29698 Change-Id: I0531c0a274b120af8871aa2f5975744ff6c912a3 Reviewed-on: https://go-review.googlesource.com/c/157638 Run-TryBot: Ian Lance Taylor <iant@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by:
-
Julie Qiu authored
Change-Id: I97ce42e1e9a6d10bf1eeccc2763e043d8ebe5bab Reviewed-on: https://team-review.git.corp.google.com/c/400906Reviewed-by:
-
Filippo Valsorda authored
If beta8 is unusually large, the addition loop might take a very long time to bring x3-beta8 back positive. This would lead to a DoS vulnerability in the implementation of the P-521 and P-384 elliptic curves that may let an attacker craft inputs to ScalarMult that consume excessive amounts of CPU. This fixes CVE-2019-6486. Change-Id: Ia969e8b5bf5ac4071a00722de9d5e4d856d8071a Reviewed-on: https://team-review.git.corp.google.com/c/399777Reviewed-by:
Julie Qiu <julieqiu@google.com> (cherry picked from commit 746d6abe2dfb9ce7609f8e1e1a8dcb7e221f423e) Reviewed-on: https://team-review.git.corp.google.com/c/401142Reviewed-by:
-
- 14 Jan, 2019 1 commit
-
-
Ian Lance Taylor authored
Updates #29698 Fixes #29700 Change-Id: I0531c0a274b120af8871aa2f5975744ff6c912a3 Reviewed-on: https://go-review.googlesource.com/c/157638 Run-TryBot: Ian Lance Taylor <iant@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by:
-
- 07 Jan, 2019 1 commit
-
-
Alessandro Arzilli authored
Fixes bug introduced by https://golang.org/cl/129059 where gcflags='all=...' and ldflags='all=...' would not be applied to some packages built by 'go test'. LoadImport used to set gcflags/ldflags for the Package objects it created, in https://golang.org/cl/129059 this code was factored out to setToolFlags. The codepath of `go build` was updated to call setToolFlags appropriatley, but the codepath of `go test -c` wasn't, resulting in gcflags/ldflags being applied inconsistently when building tests. This commit changes TestPackagesFor to call setToolFlags on the package objects it creates. Fixes #28346 Change-Id: Idcbec0c989ee96ec066207184611f08818873e8d Reviewed-on: https://go-review.googlesource.com/c/136275 Run-TryBot: Jay Conrod <jayconrod@google.com> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by:
Jay Conrod <jayconrod@google.com> (cherry picked from commit 374546d8) Reviewed-on: https://go-review.googlesource.com/c/156377 Run-TryBot: Alessandro Arzilli <alessandro.arzilli@gmail.com>
-
- 04 Jan, 2019 4 commits
-
-
Keith Randall authored
Use the length of the bitmap to decide how much to pass to the write barrier, not the total length of the arguments. The test needs enough arguments so that two distinct bitmaps get interpreted as a single longer bitmap. Fixes #29565 Change-Id: I78f3f7f9ec89c2ad4678f0c52d3d3def9cac8e72 Reviewed-on: https://go-review.googlesource.com/c/156123 Run-TryBot: Keith Randall <khr@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by:
Austin Clements <austin@google.com> Reviewed-on: https://go-review.googlesource.com/c/156359Reviewed-by:
-
Keith Randall authored
Derived from Naoki's reproducer. Update #29565 Change-Id: I1cbd33b38a2f74905dbc22c5ecbad4a87a24bdd1 Reviewed-on: https://go-review.googlesource.com/c/156122 Run-TryBot: Keith Randall <khr@golang.org> Reviewed-by:
-
Inada Naoki authored
After CL 31455, "go fun(n)" may put "n" to write barrier buffer when there are no pointers in fun's arguments. Updates #29565 Change-Id: Icfa42b8759ce8ad9267dcb3859c626feb6fda381 Reviewed-on: https://go-review.googlesource.com/c/155779Reviewed-by:
Keith Randall <khr@golang.org> (cherry picked from commit 5372257e) Reviewed-on: https://go-review.googlesource.com/c/156357 Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by:
-
Cherry Zhang authored
(SGTconst [c] (SRLconst _ [d])) && 0 <= int32(c) && uint32(d) <= 31 && 1<<(32-uint32(d)) <= int32(c) -> (MOVWconst [1]) This rule is problematic. 1<<(32-uint32(d)) <= int32(c) meant to say that it is true if c is greater than the largest possible value of the right shift. But when d==1, 1<<(32-1) is negative and results in the wrong comparison. Rewrite the rules in a more direct way. Updates #29402. Fixes #29442. Change-Id: I5940fc9538d9bc3a4bcae8aa34672867540dc60e Reviewed-on: https://go-review.googlesource.com/c/155798 Run-TryBot: Cherry Zhang <cherryyz@google.com> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by:
-
