[dev.typeparams] all: merge master (16e82be) into dev.typeparams

Merge List: + 2021-06-21 16e82be runtime: fix crash during VDSO calls on PowerPC + 2021-06-21 2e542c3 runtime/pprof: deflake TestMorestack more + 2021-06-21 ced0fdb doc/go1.17: note deprecation of 'go get' for installing commands + 2021-06-21 7a5e704 doc/go1.17: add Go 1.18 pre-announcements + 2021-06-21 85a2e24 doc/go1.17: add security-related release notes + 2021-06-21 1de3329 doc/go1.17: document go/parser.SkipObjectResolution + 2021-06-21 117ebe0 cmd/go: do not require the module cache to exist for 'go mod edit' + 2021-06-20 460900a os/signal: test with a significantly longer fatal timeout + 2021-06-19 b73cc4b database/sql: do not rely on timeout for deadlock test + 2021-06-18 86743e7 image: add RGBA64Image interface + 2021-06-18 9401172 runtime: clarify Frames.Next documentation + 2021-06-18 57aaa19 runtime: disable CPU profiling before removing the SIGPROF handler + 2021-06-18 6f22d2c doc/go1.17: fix typo + 2021-06-17 45f251a cmd/pprof,runtime/pprof: disable test on more broken platforms + 2021-06-17 ed83485 cmd/go: replace a TODO with an explanatory comment + 2021-06-17 4dede02 cmd/pprof: make ObjAddr a no-op + 2021-06-17 97cee43 testing: drop unusual characters from TempDir directory name + 2021-06-17 b0355a3 time: fix receiver for Time.IsDST method + 2021-06-17 881b6ea doc/go1.17: fix redundant space + 2021-06-16 0e67ce3 cmd/go: in lazy modules, add transitive imports for 'go get' arguments + 2021-06-16 6ea2af0 cmd/go: add a regression test for #45979 + 2021-06-16 a294e4e math/rand: mention half-open intervals explicitly + 2021-06-16 a6a853f cmd/asm: restore supporting of *1 scaling on ARM64 Change-Id: Ifdcb817fd44b4fa9c477042b41da55d1d769b016
golang · Jun 21, 2021 · d626ba2 · d626ba2
2 parents 844c076 + 16e82be
commit d626ba2
Show file tree

Hide file tree

Showing 30 changed files with 967 additions and 96 deletions.
diff --git a/api/go1.17.txt b/api/go1.17.txt
@@ -28,6 +28,38 @@ pkg encoding/csv, method (*Reader) FieldPos(int) (int, int)
 pkg go/build, type Context struct, ToolTags []string
 pkg go/parser, const SkipObjectResolution = 64
 pkg go/parser, const SkipObjectResolution Mode
+pkg image, method (*Alpha) RGBA64At(int, int) color.RGBA64
+pkg image, method (*Alpha) SetRGBA64(int, int, color.RGBA64)
+pkg image, method (*Alpha16) RGBA64At(int, int) color.RGBA64
+pkg image, method (*Alpha16) SetRGBA64(int, int, color.RGBA64)
+pkg image, method (*CMYK) RGBA64At(int, int) color.RGBA64
+pkg image, method (*CMYK) SetRGBA64(int, int, color.RGBA64)
+pkg image, method (*Gray) RGBA64At(int, int) color.RGBA64
+pkg image, method (*Gray) SetRGBA64(int, int, color.RGBA64)
+pkg image, method (*Gray16) RGBA64At(int, int) color.RGBA64
+pkg image, method (*Gray16) SetRGBA64(int, int, color.RGBA64)
+pkg image, method (*NRGBA) RGBA64At(int, int) color.RGBA64
+pkg image, method (*NRGBA) SetRGBA64(int, int, color.RGBA64)
+pkg image, method (*NRGBA64) RGBA64At(int, int) color.RGBA64
+pkg image, method (*NRGBA64) SetRGBA64(int, int, color.RGBA64)
+pkg image, method (*NYCbCrA) RGBA64At(int, int) color.RGBA64
+pkg image, method (*Paletted) RGBA64At(int, int) color.RGBA64
+pkg image, method (*Paletted) SetRGBA64(int, int, color.RGBA64)
+pkg image, method (*RGBA) RGBA64At(int, int) color.RGBA64
+pkg image, method (*RGBA) SetRGBA64(int, int, color.RGBA64)
+pkg image, method (*YCbCr) RGBA64At(int, int) color.RGBA64
+pkg image, type RGBA64Image interface { At, Bounds, ColorModel, RGBA64At }
+pkg image, type RGBA64Image interface, At(int, int) color.Color
+pkg image, type RGBA64Image interface, Bounds() Rectangle
+pkg image, type RGBA64Image interface, ColorModel() color.Model
+pkg image, type RGBA64Image interface, RGBA64At(int, int) color.RGBA64
+pkg image/draw, type RGBA64Image interface { At, Bounds, ColorModel, RGBA64At, Set, SetRGBA64 }
+pkg image/draw, type RGBA64Image interface, At(int, int) color.Color
+pkg image/draw, type RGBA64Image interface, Bounds() image.Rectangle
+pkg image/draw, type RGBA64Image interface, ColorModel() color.Model
+pkg image/draw, type RGBA64Image interface, RGBA64At(int, int) color.RGBA64
+pkg image/draw, type RGBA64Image interface, Set(int, int, color.Color)
+pkg image/draw, type RGBA64Image interface, SetRGBA64(int, int, color.RGBA64)
 pkg io/fs, func FileInfoToDirEntry(FileInfo) DirEntry
 pkg math, const MaxFloat64 = 1.79769e+308 // 179769313486231570814527423731704356798070567525844996598917476803157260780028538760589558632766878171540458953514382464234321326889464182768467546703537516986049910576551282076245490090389328944075868508455133942304583236903222948165808559332123348274797826204144723168738177180919299881250404026184124858368
 pkg math, const MaxInt = 9223372036854775807
@@ -153,7 +185,7 @@ pkg time, const Layout = "01/02 03:04:05PM '06 -0700"
 pkg time, const Layout ideal-string
 pkg time, func UnixMicro(int64) Time
 pkg time, func UnixMilli(int64) Time
-pkg time, method (*Time) IsDST() bool
 pkg time, method (Time) GoString() string
+pkg time, method (Time) IsDST() bool
 pkg time, method (Time) UnixMicro() int64
 pkg time, method (Time) UnixMilli() int64
diff --git a/doc/go1.17.html b/doc/go1.17.html
@@ -162,7 +162,7 @@ <h4 id="lazy-loading">Lazy module loading</h4>
  By default, <code>go</code> <code>mod</code> <code>tidy</code> verifies that
  the selected versions of dependencies relevant to the main module are the same
  versions that would be used by the prior Go release (Go 1.16 for a module that
- spsecifies <code>go</code> <code>1.17</code>), and preserves
+ specifies <code>go</code> <code>1.17</code>), and preserves
  the <code>go.sum</code> entries needed by that release even for dependencies
  that are not normally needed by other commands.
 </p>
@@ -214,6 +214,16 @@ <h4 id="go-get"><code>go</code> <code>get</code></h4>
  <code>environment</code> for details.
 </p>
 
+<p><!-- golang.org/issue/43684 -->
+ <code>go</code> <code>get</code> prints a deprecation warning when installing
+ commands outside the main module (without the <code>-d</code> flag).
+ <code>go</code> <code>install</code> <code>cmd@version</code> should be used
+ instead to install a command at a specific version, using a suffix like
+ <code>@latest</code> or <code>@v1.2.3</code>. In Go 1.18, the <code>-d</code>
+ flag will always be enabled, and <code>go</code> <code>get</code> will only
+ be used to change dependencies in <code>go.mod</code>.
+</p>
+
 <h4 id="missing-go-directive"><code>go.mod</code> files missing <code>go</code> directives</h4>
 
 <p><!-- golang.org/issue/44976 -->
@@ -387,7 +397,7 @@ <h2 id="compiler">Compiler</h2>
  registers instead of the stack. This work is enabled for Linux, MacOS, and
  Windows on the 64-bit x86 architecture (the <code>linux/amd64</code>,
  <code>darwin/amd64</code>, <code>windows/amd64</code> ports). For a
- representative set of Go  packages and programs, benchmarking has shown
+ representative set of Go packages and programs, benchmarking has shown
  performance improvements of about 5%, and a typical reduction in binary size
  of about 2%.
 </p>
@@ -441,6 +451,67 @@ <h3 id="runtime/cgo"><a href="/pkg/runtime/cgo">Cgo</a></h3>
  <a href="/pkg/runtime/cgo#Handle">runtime/cgo.Handle</a> for more information.
 </p>
 
+<h3 id="semicolons">URL query parsing</h3>
+<!-- CL 325697, CL 326309 -->
+
+<p>
+ The <code>net/url</code> and <code>net/http</code> packages used to accept
+ <code>";"</code> (semicolon) as a setting separator in URL queries, in
+ addition to <code>"&"</code> (ampersand). Now, settings with non-percent-encoded
+ semicolons are rejected and <code>net/http</code> servers will log a warning to
+ <a href="/pkg/net/http#Server.ErrorLog"><code>Server.ErrorLog</code></a>
+ when encountering one in a request URL.
+</p>
+
+<p>
+ For example, before Go 1.17 the <a href="/pkg/net/url#URL.Query"><code>Query</code></a>
+ method of the URL <code>example?a=1;b=2&c=3</code> would have returned
+ <code>map[a:[1] b:[2] c:[3]]</code>, while now it returns <code>map[c:[3]]</code>.
+</p>
+
+<p>
+ When encountering such a query string,
+ <a href="/pkg/net/url#URL.Query"><code>URL.Query</code></a>
+ and
+ <a href="/pkg/net/http#Request.FormValue"><code>Request.FormValue</code></a>
+ ignore any settings that contain a semicolon,
+ <a href="/pkg/net/url#ParseQuery"><code>ParseQuery</code></a>
+ returns the remaining settings and an error, and
+ <a href="/pkg/net/http#Request.ParseForm"><code>Request.ParseForm</code></a>
+ and
+ <a href="/pkg/net/http#Request.ParseMultipartForm"><code>Request.ParseMultipartForm</code></a>
+ return an error but still set <code>Request</code> fields based on the
+ remaining settings.
+</p>
+
+<p>
+ <code>net/http</code> users can restore the original behavior by using the new
+ <a href="/pkg/net/http#AllowQuerySemicolons"><code>AllowQuerySemicolons</code></a>
+ handler wrapper. This will also suppress the <code>ErrorLog</code> warning.
+ Note that accepting semicolons as query separators can lead to security issues
+ if different systems interpret cache keys differently.
+ See <a href="https://golang.org/issue/25192">issue 25192</a> for more information.
+</p>
+
+<h3 id="ALPN">TLS strict ALPN</h3>
+<!-- CL 289209, CL 325432 -->
+
+<p>
+ When <a href="/pkg/crypto/tls#Config.NextProtos"><code>Config.NextProtos</code></a>
+ is set, servers now enforce that there is an overlap between the configured
+ protocols and the ALPN protocols advertised by the client, if any. If there is
+ no mutually supported protocol, the connection is closed with the
+ <code>no_application_protocol</code> alert, as required by RFC 7301. This
+ helps mitigate <a href="https://alpaca-attack.com/">the ALPACA cross-protocol attack</a>.
+</p>
+
+<p>
+ As an exception, when the value <code>"h2"</code> is included in the server's
+ <code>Config.NextProtos</code>, HTTP/1.1 clients will be allowed to connect as
+ if they didn't support ALPN.
+ See <a href="https://golang.org/issue/46310">issue 46310</a> for more information.
+</p>
+
 <h3 id="minor_library_changes">Minor changes to the library</h3>
 
 <p>
@@ -549,14 +620,6 @@ <h3 id="minor_library_changes">Minor changes to the library</h3>
  methods. Canceling the context after the handshake has finished has no effect.
  </p>
 
- <p><!-- CL 289209 -->
- When <a href="/pkg/crypto/tls#Config.NextProtos"><code>Config.NextProtos</code></a>
- is set, servers now enforce that there is an overlap between the
- configured protocols and the protocols advertised by the client, if any.
- If there is no overlap the connection is closed with the
- <code>no_application_protocol</code> alert, as required by RFC 7301.
- </p>
-
  <p><!-- CL 314609 -->
  Cipher suite ordering is now handled entirely by the
  <code>crypto/tls</code> package. Currently, cipher suites are sorted based
@@ -576,6 +639,15 @@ <h3 id="minor_library_changes">Minor changes to the library</h3>
  weakness</a>. They are still enabled by default but only as a last resort,
  thanks to the cipher suite ordering change above.
  </p>
+
+ <p><!-- golang.org/issue/45428 -->
+ Beginning in the next release, Go 1.18, the
+ <a href="/pkg/crypto/tls/#Config.MinVersion"><code>Config.MinVersion</code></a>
+ for <code>crypto/tls</code> clients will default to TLS 1.2, disabling TLS 1.0
+ and TLS 1.1 by default. Applications will be able to override the change by
+ explicitly setting <code>Config.MinVersion</code>.
+ This will not affect <code>crypto/tls</code> servers.
+ </p>
  </dd>
 </dl><!-- crypto/tls -->
 
@@ -603,6 +675,14 @@ <h3 id="minor_library_changes">Minor changes to the library</h3>
  roots. This adds support for the new system trusted certificate store in
  FreeBSD 12.2+.
  </p>
+
+ <p><!-- golang.org/issue/41682 -->
+ Beginning in the next release, Go 1.18, <code>crypto/x509</code> will
+ reject certificates signed with the SHA-1 hash function. This doesn't
+ apply to self-signed root certificates. Practical attacks against SHA-1
+ <a href="https://shattered.io/">have been demonstrated in 2017</a> and publicly
+ trusted Certificate Authorities have not issued SHA-1 certificates since 2015.
+ </p>
  </dd>
 </dl><!-- crypto/x509 -->
 
@@ -658,6 +738,22 @@ <h3 id="minor_library_changes">Minor changes to the library</h3>
  </dd>
 </dl><!-- encoding/csv -->
 
+<dl id="encoding/xml"><dt><a href="/pkg/encoding/xml/">encoding/xml</a></dt>
+ <dd>
+ <p><!-- CL 277893 -->
+ When a comment appears within a
+ <a href="/pkg/encoding/xml/#Directive"><code>Directive</code></a>, it is now replaced
+ with a single space instead of being completely elided.
+ </p>
+
+ <p>
+ Invalid element or attribute names with leading, trailing, or multiple
+ colons are now stored unmodified into the
+ <a href="/pkg/encoding/xml/#Name"><code>Name.Local</code></a> field.
+ </p>
+ </dd>
+</dl><!-- encoding/xml -->
+
 <dl id="flag"><dt><a href="/pkg/flag/">flag</a></dt>
  <dd>
  <p><!-- CL 271788 -->
@@ -693,6 +789,29 @@ <h3 id="minor_library_changes">Minor changes to the library</h3>
  </dd>
 </dl><!-- go/format -->
 
+<dl id="go/parser"><dt><a href="/pkg/go/parser/">go/parser</a></dt>
+ <dd>
+ <p><!-- CL 306149 -->
+ The new <a href="/pkg/go/parser/#SkipObjectResolution"><code>SkipObjectResolution</code></a>
+ <code>Mode</code> value instructs the parser not to resolve identifiers to
+ their declaration. This may improve parsing speed.
+ </p>
+ </dd>
+</dl><!-- go/parser -->
+
+<dl id="image"><dt><a href="/pkg/image/">image</a></dt>
+ <dd>
+ <p><!-- CL 311129 -->
+ The concrete image types (<code>RGBA</code>, <code>Gray16</code> and so on)
+ now implement a new <a href="/pkg/image/#RGBA64Image"><code>RGBA64Image</code></a>
+ interface. Those concrete types, other than the chroma-subsampling
+ related <code>YCbCr</code> and <code>NYCbCrA</code>, also now implement
+ <a href="/pkg/image/draw/#RGBA64Image"><code>draw.RGBA64Image</code></a>, a
+ new interface in the <code>image/draw</code> package.
+ </p>
+ </dd>
+</dl><!-- image -->
+
 <dl id="io/fs"><dt><a href="/pkg/io/fs/">io/fs</a></dt>
  <dd>
  <p><!-- CL 293649 -->
@@ -721,6 +840,20 @@ <h3 id="minor_library_changes">Minor changes to the library</h3>
  </dd>
 </dl><!-- mime -->
 
+<dl id="mime/multipart"><dt><a href="/pkg/mime/multipart/">mime/multipart</a></dt>
+ <dd>
+ <p><!-- CL 313809 -->
+ <a href="/pkg/mime/multipart/#Part.FileName"><code>Part.FileName</code></a>
+ now applies
+ <a href="/pkg/path/filepath/#Base"><code>filepath.Base</code></a> to the
+ return value. This mitigates potential path traversal vulnerabilities in
+ applications that accept multipart messages, such as <code>net/http</code>
+ servers that call
+ <a href="/pkg/net/http/#Request.FormFile"><code>Request.FormFile</code></a>.
+ </p>
+ </dd>
+</dl><!-- mime/multipart -->
+
 <dl id="net"><dt><a href="/pkg/net/">net</a></dt>
  <dd>
  <p><!-- CL 272668 -->
@@ -740,7 +873,7 @@ <h3 id="minor_library_changes">Minor changes to the library</h3>
  the <a href="/pkg/net/#Error"><code>net.Error</code></a> interface.
  </p>
 
- <p><!-- CL325829 -->
+ <p><!-- CL 325829 -->
  The <a href="/pkg/net/#ParseIP"><code>ParseIP</code></a> and <a href="/pkg/net/#ParseCIDR"><code>ParseCIDR</code></a>
  functions now reject IPv4 addresses which contain decimal components with leading zeros.
 
@@ -771,6 +904,29 @@ <h3 id="minor_library_changes">Minor changes to the library</h3>
  The <a href="/pkg/net/http/#ReadRequest"><code>ReadRequest</code></a> function
  now returns an error when the request has multiple Host headers.
  </p>
+
+ <p><!-- CL 313950 -->
+ When producing a redirect to the cleaned version of a URL,
+ <a href="/pkg/net/http/#ServeMux"><code>ServeMux</code></a> now always
+ uses relative URLs in the <code>Location</code> header. Previously it
+ would echo the full URL of the request, which could lead to unintended
+ redirects if the client could be made to send an absolute request URL.
+ </p>
+
+ <p><!-- CL 308009, CL 313489 -->
+ When interpreting certain HTTP headers handled by <code>net/http</code>,
+ non-ASCII characters are now ignored or rejected.
+ </p>
+
+ <p><!-- CL 325697 -->
+ If
+ <a href="/pkg/net/http/#Request.ParseForm"><code>Request.ParseForm</code></a>
+ returns an error when called by
+ <a href="/pkg/net/http/#Request.ParseMultipartForm"><code>Request.ParseMultipartForm</code></a>,
+ the latter now continues populating
+ <a href="/pkg/net/http/#Request.MultipartForm"><code>Request.MultipartForm</code></a>
+ before returning it.
+ </p>
  </dd>
 </dl><!-- net/http -->
 

diff --git a/src/cmd/asm/internal/asm/parse.go b/src/cmd/asm/internal/asm/parse.go
@@ -1003,7 +1003,8 @@ func (p *Parser) registerIndirect(a *obj.Addr, prefix rune) {
  p.errorf("unimplemented two-register form")
  }
  a.Index = r1
- if scale != 0 && p.arch.Family == sys.ARM64 {
+ if scale != 0 && scale != 1 && p.arch.Family == sys.ARM64 {
+ // Support (R1)(R2) (no scaling) and (R1)(R2*1).
  p.errorf("arm64 doesn't support scaled register format")
  } else {
  a.Scale = int16(scale)

diff --git a/src/cmd/asm/internal/asm/testdata/arm64.s b/src/cmd/asm/internal/asm/testdata/arm64.s
@@ -547,6 +547,7 @@ TEXT foo(SB), DUPOK|NOSPLIT, $-8
 // shifted or extended register offset.
  MOVD (R2)(R6.SXTW), R4 // 44c866f8
  MOVD (R3)(R6), R5 // 656866f8
+ MOVD (R3)(R6*1), R5 // 656866f8
  MOVD (R2)(R6), R4 // 446866f8
  MOVWU (R19)(R20<<2), R20 // 747a74b8
  MOVD (R2)(R6<<3), R4 // 447866f8
@@ -579,6 +580,7 @@ TEXT foo(SB), DUPOK|NOSPLIT, $-8
  MOVB R4, (R2)(R6.SXTX) // 44e82638
  MOVB R8, (R3)(R9.UXTW) // 68482938
  MOVB R10, (R5)(R8) // aa682838
+ MOVB R10, (R5)(R8*1) // aa682838
  MOVH R11, (R2)(R7.SXTW<<1) // 4bd82778
  MOVH R5, (R1)(R2<<1) // 25782278
  MOVH R7, (R2)(R5.SXTX<<1) // 47f82578

diff --git a/src/cmd/go/internal/modfetch/cache.go b/src/cmd/go/internal/modfetch/cache.go
@@ -152,7 +152,7 @@ func lockVersion(mod module.Version) (unlock func(), err error) {
 // If err is nil, the caller MUST eventually call the unlock function.
 func SideLock() (unlock func(), err error) {
  if err := checkCacheDir(); err != nil {
- base.Fatalf("go: %v", err)
+ return nil, err
  }
 
  path := filepath.Join(cfg.GOMODCACHE, "cache", "lock")

diff --git a/src/cmd/go/internal/modget/get.go b/src/cmd/go/internal/modget/get.go
@@ -1153,6 +1153,7 @@ func (r *resolver) loadPackages(ctx context.Context, patterns []string, findPack
  Tags: imports.AnyTags(),
  VendorModulesInGOROOTSrc: true,
  LoadTests: *getT,
+ AssumeRootsImported: true, // After 'go get foo', imports of foo should build.
  SilencePackageErrors: true, // May be fixed by subsequent upgrades or downgrades.
  }
 

diff --git a/src/cmd/go/internal/modload/buildlist.go b/src/cmd/go/internal/modload/buildlist.go
@@ -443,7 +443,7 @@ func expandGraph(ctx context.Context, rs *Requirements) (*Requirements, *ModuleG
  // roots — but in a lazy module it may pull in previously-irrelevant
  // transitive dependencies.
 
- newRS, rsErr := updateRoots(ctx, rs.direct, rs, nil, nil)
+ newRS, rsErr := updateRoots(ctx, rs.direct, rs, nil, nil, false)
  if rsErr != nil {
  // Failed to update roots, perhaps because of an error in a transitive
  // dependency needed for the update. Return the original Requirements
@@ -517,11 +517,11 @@ func tidyRoots(ctx context.Context, rs *Requirements, pkgs []*loadPkg) (*Require
  return tidyLazyRoots(ctx, rs.direct, pkgs)
 }
 
-func updateRoots(ctx context.Context, direct map[string]bool, rs *Requirements, pkgs []*loadPkg, add []module.Version) (*Requirements, error) {
+func updateRoots(ctx context.Context, direct map[string]bool, rs *Requirements, pkgs []*loadPkg, add []module.Version, rootsImported bool) (*Requirements, error) {
  if rs.depth == eager {
  return updateEagerRoots(ctx, direct, rs, add)
  }
- return updateLazyRoots(ctx, direct, rs, pkgs, add)
+ return updateLazyRoots(ctx, direct, rs, pkgs, add, rootsImported)
 }
 
 // tidyLazyRoots returns a minimal set of root requirements that maintains the
@@ -661,7 +661,7 @@ func tidyLazyRoots(ctx context.Context, direct map[string]bool, pkgs []*loadPkg)
 //
 // (See https://golang.org/design/36460-lazy-module-loading#invariants for more
 // detail.)
-func updateLazyRoots(ctx context.Context, direct map[string]bool, rs *Requirements, pkgs []*loadPkg, add []module.Version) (*Requirements, error) {
+func updateLazyRoots(ctx context.Context, direct map[string]bool, rs *Requirements, pkgs []*loadPkg, add []module.Version, rootsImported bool) (*Requirements, error) {
  roots := rs.rootModules
  rootsUpgraded := false
 
@@ -688,6 +688,10 @@ func updateLazyRoots(ctx context.Context, direct map[string]bool, rs *Requiremen
  //
  // (This is the “import invariant” that makes lazy loading possible.)
 
+ case rootsImported && pkg.flags.has(pkgFromRoot):
+ // pkg is a transitive dependency of some root, and we are treating the
+ // roots as if they are imported by the main module (as in 'go get').
+
  case pkg.flags.has(pkgIsRoot):
  // pkg is a root of the package-import graph. (Generally this means that
  // it matches a command-line argument.) We want future invocations of the