1.22.3 #89
Merged
1.22.3 #89
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Member
bradfitz
commented
May 7, 2024
bradfitz
commented
- [release-branch.go1.22] all: tidy dependency versioning after release
- [release-branch.go1.22] net/http: update bundled golang.org/x/net/http2
- [release-branch.go1.22] cmd/internal/obj/ppc64: fix incorrect int to int64 conversion when checking MOVD opcodes
- [release-branch.go1.22] cmd/compile: bail PGO method lookup on interface types
- [release-branch.go1.22] runtime: use bootstrapRand to initialize hashkey
- [release-branch.go1.22] net: check SkipAdditional error result
- [release-branch.go1.22] cmd/compile: don't combine loads in generated equality functions
- [release-branch.go1.22] Revert "cmd/compile: don't combine loads in generated equality functions"
- [release-branch.go1.22] cmd/go: disallow -lto_library in LDFLAGS
- [release-branch.go1.22] go1.22.3
Done with: go get golang.org/x/net@internal-branch.go1.22-vendor go mod tidy go mod vendor go generate net/http # zero diff since CL 576076 already did this For CVE-2023-45288. For golang#65051. For golang#66298. Change-Id: I2a0d69145d711a73eda92ef5ad4010c7c435f621 Reviewed-on: https://go-review.googlesource.com/c/go/+/576255 Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Auto-Submit: Dmitri Shuralyov <dmitshur@google.com> TryBot-Bypass: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: Than McIntosh <thanm@google.com>
Pull in CL 578338: db050b07 http2: send correct LastStreamID in stream-caused GOAWAY For golang#66668. Fixes golang#66698. Change-Id: Ie7cbc44cd559eb8bc34f6c4ad4ead678ec2f55ef Reviewed-on: https://go-review.googlesource.com/c/go/+/578358 Reviewed-by: Carlos Amedee <carlos@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
…int64 conversion when checking MOVD opcodes A type conversion from int to int64 was done in the wrong place causing some MOVD $const, Rx operations to be incorrectly transformed on 32 bit hosts cross-compiling for ppc64x. Fixes golang#67018 Change-Id: I023ba267a8dac6d6bd22f8146c0d9d2d473bc5c1 Reviewed-on: https://go-review.googlesource.com/c/go/+/580796 Reviewed-by: Mauri de Souza Meneguzzo <mauri870@gmail.com> Reviewed-by: Joedian Reid <joedian@google.com> Reviewed-by: Lynn Boger <laboger@linux.vnet.ibm.com> Reviewed-by: Cherry Mui <cherryyz@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-on: https://go-review.googlesource.com/c/go/+/581455
…ace types Interface types don't have concrete method implementations, so it does not make sense to attempt a lookup. An interface method would not normally appear in a PGO profile as it has no symbol in the final binary. However it can appear if the method was concrete when the profile was collected and it has since been refactored to an interface method in the code being compiled. The guards here (OTYPE, !Alias, !IsInterface) now match noder.linker.relocObj, which does a similar iteration of all methods. For golang#67016. Fixes golang#67017. Change-Id: I858c58929c890ac0b2019fbd7c99f683ab63f8bb Reviewed-on: https://go-review.googlesource.com/c/go/+/581436 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Cherry Mui <cherryyz@google.com> (cherry picked from commit 508e761) Reviewed-on: https://go-review.googlesource.com/c/go/+/581438
The seed for rand is not initialized until after alginit. Before initialization, rand returns a deterministic sequence, making hashkey deterministic across processes. Switch to bootstrapRand, like other early rand calls, such as initialization of aeskeysched. For golang#66885. Fixes golang#66886. Change-Id: I5023a9161232b49fda2ebd1d5f9338bbdd17b1fe Reviewed-on: https://go-review.googlesource.com/c/go/+/580136 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Keith Randall <khr@golang.org> Reviewed-by: Keith Randall <khr@google.com> (cherry picked from commit 1a3682b) Reviewed-on: https://go-review.googlesource.com/c/go/+/580018
This will avoid a potential endless loop for a corrupt DNS packet. For golang#66754 Fixes golang#67040 Change-Id: I46591b3f7695bcc88d2312833e45955f8c129d2b Reviewed-on: https://go-review.googlesource.com/c/go/+/578375 Reviewed-by: Damien Neil <dneil@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Commit-Queue: Ian Lance Taylor <iant@google.com> Auto-Submit: Ian Lance Taylor <iant@google.com> Reviewed-by: Ian Lance Taylor <iant@google.com> (cherry picked from commit ddfab21) Reviewed-on: https://go-review.googlesource.com/c/go/+/581816 Reviewed-by: David Chase <drchase@google.com>
… equality functions ... if the architecture can't do unaligned loads. We already handle this in a few places, but this particular place was added in CL 399542 and missed this additional restriction. Fixes golang#67212 Change-Id: I45988f11ff3ed45df1c4da3f0931ab1fdb22dbfe Reviewed-on: https://go-review.googlesource.com/c/go/+/583175 Reviewed-by: Cuong Manh Le <cuong.manhle.vn@gmail.com> Auto-Submit: Keith Randall <khr@google.com> Reviewed-by: Keith Randall <khr@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Derek Parker <parkerderek86@gmail.com> Reviewed-by: Cherry Mui <cherryyz@google.com> (cherry picked from commit 3c72dd5) Reviewed-on: https://go-review.googlesource.com/c/go/+/583417
…enerated equality functions" This reverts CL 583417. Reason for revert: release branch is currently frozen. Change-Id: Ia6223911e0e124f14509c4bf978d7e37688e3d4c Reviewed-on: https://go-review.googlesource.com/c/go/+/582960 Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
The darwin linker allows setting the LTO library with the -lto_library flag. This wasn't caught by our "safe linker flags" check because it was covered by the -lx flag used for linking libraries. This change adds a specific check for excluded flags which otherwise satisfy our existing checks. Loading a mallicious LTO library would allow an attacker to cause the linker to execute abritrary code when "go build" was called. Thanks to Juho Forsén of Mattermost for reporting this issue. Fixes golang#67119 Fixes golang#67122 Fixes CVE-2024-24787 Change-Id: I77ac8585efbdbdfd5f39c39ed623b9408a0f9eaf Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/1380 Reviewed-by: Russ Cox <rsc@google.com> Reviewed-by: Damien Neil <dneil@google.com> (cherry picked from commit 9a79141fbbca1105e5c786f15e38741ca7843290) Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/1420 Reviewed-by: Tatiana Bradley <tatianabradley@google.com> Reviewed-on: https://go-review.googlesource.com/c/go/+/583796 Reviewed-by: David Chase <drchase@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Change-Id: Ie006d71637a9fa66c225f3fd6cb19dae2a403e76 Reviewed-on: https://go-review.googlesource.com/c/go/+/583856 Auto-Submit: Gopher Robot <gobot@golang.org> Reviewed-by: Cherry Mui <cherryyz@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: David Chase <drchase@google.com>
…into bradfitz/1.22.3 Go 1.22.3
maisem
approved these changes
May 7, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.