Steps run:
$ cd $(go env GOROOT)/src
$ go get -d golang.org/x/sys
$ go mod tidy
$ go mod vendor
$ go generate syscall/... internal/syscall/...
$ cd cmd
$ go get -d golang.org/x/sys
$ go mod tidy
$ go mod vendor
$ cd ..
$ git add .
This change subsumes CL 260860.
For #36905
Change-Id: I7c677c6aa1ad61b9cbd8cf9ed208ed5a30f29c87
Reviewed-on: https://go-review.googlesource.com/c/go/+/267103
Trust: Bryan C. Mills <bcmills@google.com>
Run-TryBot: Bryan C. Mills <bcmills@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Updates x/net/http2 to git rev 5d4f7005572804eaf7f5ecdd2473a62557f733ba
http2: send WINDOW_UPDATE on a body's write failure
https://golang.org/cl/245158 (fixes#40423)
also updates the vendored version of golang.org/x/net as per
$ go get golang.org/x/net@5d4f700557
$ go mod tidy
$ go mod vendor
$ go generate -run bundle std
For #40423.
Change-Id: I3270d0fb6f28889266596f7365d36d30ef2bb368
Reviewed-on: https://go-review.googlesource.com/c/go/+/258359
Run-TryBot: Emmanuel Odeke <emm.odeke@gmail.com>
TryBot-Result: Go Bot <gobot@golang.org>
Trust: Emmanuel Odeke <emm.odeke@gmail.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
Pick up GOOS=ios changes.
This is done by
cd $GOROOT/src
go get -d golang.org/x/net@latest
go mod tidy
go mod vendor
go get -d golang.org/x/sys@latest
go mod tidy
go mod vendor
cd $GOROOT/src/cmd
go get -d golang.org/x/sys@latest
go mod tidy
go mod vendor
Updates #38485.
Change-Id: Ic2b54febb1f851814c9d76c4b55a8837ac4779f8
Reviewed-on: https://go-review.googlesource.com/c/go/+/257618
Trust: Cherry Zhang <cherryyz@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
The Go 1.16 development cycle has started. This is the time to update
all golang.org/x/... module versions that contribute packages to the
std and cmd modules in the standard library to latest master versions.
Those versions have already gone through code review, and now they
will undergo additional testing during the development period.
If there are new issues in these dependencies discovered, we have
development period to deal with that. We will do this update once
more at the end of the development cycle, by the code freeze, and
so doing it now will make that update smaller and safer.
Overall, this change will help us build confidence that the
Go 1.16 release and its selected dependencies will be robust.
Also increment the Go language version to 1.16 in standard library
go.mod files.
This change was created with a program from CL 256357 patch set 1
(which updates golang.org/x modules only) and the bundle tool at
CL 255053 patch set 1:
$ updatestd -goroot=$HOME/gotip -branch=master
> go version
go version devel +eda1d40544 Mon Sep 21 16:50:07 2020 +0000 darwin/amd64
> go env GOROOT
/Users/dmitshur/gotip
> go version -m /Users/dmitshur/go/bin/bundle
/Users/dmitshur/go/bin/bundle: go1.15.2
path golang.org/x/tools/cmd/bundle
mod golang.org/x/tools (devel) # CL 255053 PS 1
dep golang.org/x/mod v0.3.0 h1:RM4zey1++hCTbCVQfnWeKs9/IEsaBLA8vTkd0WVtmH4=
dep golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE=
updating module cmd in /Users/dmitshur/gotip/src/cmd
skipping github.com/chzyer/logex (out of scope, it's not a golang.org/x dependency)
skipping github.com/chzyer/readline (out of scope, it's not a golang.org/x dependency)
skipping github.com/chzyer/test (out of scope, it's not a golang.org/x dependency)
skipping github.com/google/pprof (out of scope, it's not a golang.org/x dependency)
skipping github.com/ianlancetaylor/demangle (out of scope, it's not a golang.org/x dependency)
skipping github.com/yuin/goldmark (out of scope, it's not a golang.org/x dependency)
skipping rsc.io/pdf (out of scope, it's not a golang.org/x dependency)
> go mod edit -go=1.16
> go get -d golang.org/x/arch@b19915210f009e139b20abfd6a6052c7acc1f445 golang.org/x/crypto@5c72a883971a4325f8c62bf07b6d38c20ea47a6a golang.org/x/mod@ce943fd02449f621243c9ea6e64098e84752b92b golang.org/x/net@62affa334b73ec65ed44a326519ac12c421905e3 golang.org/x/sync@6e8e738ad208923de99951fe0b48239bfd864f28 golang.org/x/sys@af09f7315aff1cbc48fb21d21aa55d67b4f914c5 golang.org/x/text@a8b4671254579a87fadf9f7fa577dc7368e9d009 golang.org/x/tools@d647fc2532668b2b75a92f468487b8085e6ed58b golang.org/x/xerrors@5ec99f83aff198f5fbd629d6c8d8eb38a04218ca
go: golang.org/x/sys af09f7315aff1cbc48fb21d21aa55d67b4f914c5 => v0.0.0-20200918174421-af09f7315aff
go: golang.org/x/text a8b4671254579a87fadf9f7fa577dc7368e9d009 => v0.3.4-0.20200826142016-a8b467125457
go: golang.org/x/tools d647fc2532 => v0.0.0-20200918232735-d647fc253266
go: golang.org/x/net 62affa334b73ec65ed44a326519ac12c421905e3 => v0.0.0-20200904194848-62affa334b73
go: golang.org/x/crypto 5c72a883971a4325f8c62bf07b6d38c20ea47a6a => v0.0.0-20200820211705-5c72a883971a
go: golang.org/x/arch b19915210f009e139b20abfd6a6052c7acc1f445 => v0.0.0-20200826200359-b19915210f00
go: golang.org/x/xerrors 5ec99f83aff198f5fbd629d6c8d8eb38a04218ca => v0.0.0-20200804184101-5ec99f83aff1
> go mod tidy
> go mod vendor
updating module std in /Users/dmitshur/gotip/src
> go mod edit -go=1.16
> go get -d golang.org/x/crypto@5c72a883971a4325f8c62bf07b6d38c20ea47a6a golang.org/x/net@62affa334b73ec65ed44a326519ac12c421905e3 golang.org/x/sys@af09f7315aff1cbc48fb21d21aa55d67b4f914c5 golang.org/x/text@a8b4671254579a87fadf9f7fa577dc7368e9d009 golang.org/x/tools@d647fc2532668b2b75a92f468487b8085e6ed58b
go: golang.org/x/crypto 5c72a883971a4325f8c62bf07b6d38c20ea47a6a => v0.0.0-20200820211705-5c72a883971a
go: golang.org/x/text a8b4671254579a87fadf9f7fa577dc7368e9d009 => v0.3.4-0.20200826142016-a8b467125457
go: golang.org/x/sys af09f7315aff1cbc48fb21d21aa55d67b4f914c5 => v0.0.0-20200918174421-af09f7315aff
go: golang.org/x/tools d647fc2532 => v0.0.0-20200918232735-d647fc253266
> go mod tidy
> go mod vendor
updating bundles in /Users/dmitshur/gotip/src
> go generate -run=bundle std cmd
Other non-golang.org/x module dependencies (pprof and demangle)
still need to be updated in a future CL.
For #36905.
Change-Id: I83a350bf8714ebc249284c0d69abe4941700565e
Reviewed-on: https://go-review.googlesource.com/c/go/+/255860
Reviewed-by: Bryan C. Mills <bcmills@google.com>
Trust: Dmitri Shuralyov <dmitshur@golang.org>
Updates x/net/http2 to git rev 62affa334b73ec65ed44a326519ac12c421905e3
x/net/http2: reject HTTP/2 Content-Length headers containing a sign
https://go-review.googlesource.com/c/net/+/236098/ (fixes#39017)
also updates the vendored version of golang.org/x/net by running
go get golang.org/x/net@62affa334b73ec65ed44a326519ac12c421905e3
go mod tidy
go mod vendor
go generate -run bundle net/http
Change-Id: I7ecfdb7644574c44c3616e3b47664eefd4c926f3
Reviewed-on: https://go-review.googlesource.com/c/go/+/253238
Reviewed-by: Emmanuel Odeke <emm.odeke@gmail.com>
Run-TryBot: Emmanuel Odeke <emm.odeke@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Updates x/net/http2 to git rev c89045814202410a2d67ec20ecf177ec77ceae7f
http2: perform connection health check
https://golang.org/cl/198040 (fixes#31643)
http2: use ASCII space trimming for parsing Trailer header
https://golang.org/cl/231437
all: update golang.org/x/crypto to v0.0.0-20200622213623-75b288015ac9
https://golang.org/cl/239700 (updates #30965)
net/http2: fix erringRoundTripper
https://golang.org/cl/243257 (updates #40213)
also updates the vendored version of golang.org/x/net as per
$ go get golang.org/x/net@c890458142
$ go mod tidy
$ go mod vendor
$ go generate -run bundle std
Change-Id: Iea2473ef086df760144d9656f03a0218eb9da91f
Reviewed-on: https://go-review.googlesource.com/c/go/+/249842
Run-TryBot: Emmanuel Odeke <emm.odeke@gmail.com>
Run-TryBot: Bryan C. Mills <bcmills@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Bryan C. Mills <bcmills@google.com>
Pull in dns/dnsmessage fix to drop fmt dependency.
Also pulled in minor bug fix in x/crypto (dep of net).
Change-Id: I0f618e81a24ac24a5adae00af34b728b243dfdbb
Reviewed-on: https://go-review.googlesource.com/c/go/+/241257
Run-TryBot: Russ Cox <rsc@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
The Go 1.15 code freeze has just started. This is the time to update
all golang.org/x/... module versions that contribute packages to the
std and cmd modules in the standard library to latest master versions.
Those versions have already gone through code review, and now they
will undergo additional testing during the freeze period.
If there are new issues in these dependencies discovered, we have
the freeze period to deal with that. By the end of the freeze period,
we will have confidence that the Go 1.15 release and the dependency
versions it has selected are robust.
If one of the Go 1.15.x minor releases requires changing code in one of
the vendored packages, we'll be able to do so on top of the versions
that are selected here, and not be forced to use versions that came
from different time periods, or try to jump across multiple untested
versions in a minor release.
The dependency versions that are selected in this commit are:
github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3
github.com/ianlancetaylor/demangle v0.0.0-20200414190113-039b1ae3a340
golang.org/x/arch v0.0.0-20200312215426-ff8b605520f4
golang.org/x/crypto v0.0.0-20200429183012-4b2356b1ed79
golang.org/x/mod v0.2.1-0.20200429172858-859b3ef565e2
golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5
golang.org/x/sys v0.0.0-20200501145240-bc7a7d42d5c3
golang.org/x/text v0.3.3-0.20200430171850-afb9336c4530
golang.org/x/tools v0.0.0-20200504152539-33427f1b0364
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543
github.com/ianlancetaylor/demangle is considered in scope and updated.
github.com/google/pprof is out of scope and was not updated.
For #36905.
Change-Id: Icb6996eb0df11f16edd9a42e04434012c0336354
Reviewed-on: https://go-review.googlesource.com/c/go/+/231657
Reviewed-by: Bryan C. Mills <bcmills@google.com>
Run-TryBot: Dmitri Shuralyov <dmitshur@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
For latest http2 changes.
Which then required updating golang.org/x/sys in cmd too.
Change-Id: I3fac5f3a15f4c9381baaff597873ed0c6209dbac
Reviewed-on: https://go-review.googlesource.com/c/go/+/231457
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Re-vendor x/net/dns/dnsmessage, x/net/route, and github.com/google/pprof
(commit 1ebb73c). The updated dependencies fix the string(int)
conversions, in preparation for the vet warning.
Updates #32479.
Change-Id: I023a4e30415d060f8b403b9943fe911f6d19f2e9
Reviewed-on: https://go-review.googlesource.com/c/go/+/221337
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
cryptobyte: fix panic due to malformed ASN.1 inputs on 32-bit archs
When int is 32 bits wide (on 32-bit architectures like 386 and arm), an
overflow could occur, causing a panic, due to malformed ASN.1 being
passed to any of the ASN1 methods of String.
Tested on linux/386 and darwin/amd64.
This fixes CVE-2020-7919 and was found thanks to the Project Wycheproof
test vectors.
Change-Id: I8c9696a8bfad1b40ec877cd740dba3467d66ab54
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/645211
Reviewed-by: Katie Hockman <katiehockman@google.com>
Reviewed-by: Adam Langley <agl@google.com>
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/216677
Run-TryBot: Katie Hockman <katie@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
x/crypto/cryptobyte is used in crypto/x509 for parsing certificates.
Malformed certificates might cause a panic during parsing on 32-bit
architectures (like arm and 386).
Change-Id: I840feb54eba880dbb96780ef7adcade073c4c4e3
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/647741
Reviewed-by: Katie Hockman <katiehockman@google.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/216680
Reviewed-by: Katie Hockman <katie@golang.org>
CL 209077 updated bundled http2 to x/net git rev ef20fe5d7 without
bumping the go.mod version.
Identified with the new go/packages based cmd/bundle from CL 189818.
$ go get golang.org/x/net@ef20fe5d7
$ go mod tidy
$ go mod vendor
$ go generate -run bundle std # with CL 189818
Updates #32031
Change-Id: I581d35f33e2adafb588b2b0569648039187234a7
Reviewed-on: https://go-review.googlesource.com/c/go/+/209901
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
This does not include an upgrade of golang.org/x/net.
This is optional and best done as a separate CL.
Change-Id: Ifecc3fb6e3b7fe026b4ddefbe637186a3445b0bc
Reviewed-on: https://go-review.googlesource.com/c/go/+/204658
Run-TryBot: Marcel van Lohuizen <mpvl@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
This picks up CL 202317 which fixes golang.org/x/net for Dragonfly
master (upcoming 5.8 release). Also re-enable the interface tests
disabled in CL 201482.
Vendored using:
$ go get golang.org/x/net@24d2ffbea1e8
$ go mod tidy
$ go mod vendor
Fixes#34368
Change-Id: Iac152b7ffaa607bfedbb4024b4e1ffc9b649d689
Reviewed-on: https://go-review.googlesource.com/c/go/+/202438
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Bryan C. Mills <bcmills@google.com>
Update golang.org/x/net to v0.0.0-20190813141303-74dc4d7220e7 to import
the following security fix.
commit 74dc4d7220e7acc4e100824340f3e66577424772
Author: Filippo Valsorda <filippo@golang.org>
Date: Sun Aug 11 02:12:18 2019 -0400
http2: limit number of control frames in server send queue
An attacker could cause servers to queue an unlimited number of PING
ACKs or RST_STREAM frames by soliciting them and not reading them, until
the program runs out of memory.
Limit control frames in the queue to a few thousands (matching the limit
imposed by other vendors) by counting as they enter and exit the scheduler,
so the protection will work with any WriteScheduler.
Once the limit is exceeded, close the connection, as we have no way to
communicate with the peer.
Change-Id: I842968fc6ed3eac654b497ade8cea86f7267886b
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/525552
Reviewed-by: Brad Fitzpatrick <bradfitz@google.com>
This change was generated with cmd/go and cmd/bundle:
$ go get -u golang.org/x/net
$ go mod tidy
$ go mod vendor
$ go generate net/http
Fixes CVE-2019-9512 and CVE-2019-9514
Fixes#33606
Change-Id: I464baf96175006aa101d65d3b0f6494f28a626ab
Reviewed-on: https://go-review.googlesource.com/c/go/+/190137
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
The bundle included changes from a commit after the one referred to by
the go.mod, probably due to cmd/bundle using the GOPATH source.
Identified with the new go/packages based cmd/bundle from CL 189818.
$ go get golang.org/x/net@461777fb6f
$ go mod tidy
$ go mod vendor
$ go generate net/http # with CL 189818
Also, updated the socks_bundle.go generate command to drop obsolete
options and match h2_bundle.go. It caused no output changes.
Updates #32031
Change-Id: I0322d4e842dbfdad749455111072ca4872a62ad4
Reviewed-on: https://go-review.googlesource.com/c/go/+/189897
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
This is the net/http half of #32476. This supplies the method needed
by the other half in x/net/http2 in the already-submitted CL 181259,
which this CL also bundles in h2_bundle.go.
Thanks to Tom Thorogood (@tmthrgd) for the bug report and test.
Fixes#32476
Updates #30694
Change-Id: I79d2a280e486fbf75d116f6695fd3abb61278765
Reviewed-on: https://go-review.googlesource.com/c/go/+/181260
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
For:
http2: track reused connections
https://golang.org/cl/176720 (updates golang/go#31982)
Some x/sys/unix updates come along for the ride too.
I filed #32031 for making the bundling process less difficult and
error-prone in the future.
Change-Id: Ic822080991ffa2d50352c5f613e45648a327cf16
Reviewed-on: https://go-review.googlesource.com/c/go/+/177037
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
The most common failure mode of the current std/cmd setup is
going to be people running "go get m@latest" and then not running
"go mod vendor" and being confused about getting the old m.
Diagnose and report what to do.
Also, having done the check, when in the standard library,
switch the go command to -mod=vendor mode.
This avoids some network accesses I saw when running
'go clean -modcache' before doing some work in cmd.
Change-Id: I0ba4a66637b67225a9b97a1c89f26f9015b41673
Reviewed-on: https://go-review.googlesource.com/c/go/+/174528
Run-TryBot: Russ Cox <rsc@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Bryan C. Mills <bcmills@google.com>
This updates the packages from text and net to use
the Unicode 11 tables.
Updates golang/go#27945
Change-Id: I096e80283f37b596f2aa8bd3e5ffec6b7045469a
Reviewed-on: https://go-review.googlesource.com/c/go/+/174057
Run-TryBot: Marcel van Lohuizen <mpvl@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
This also updates the vendored-in versions of several packages: 'go
mod vendor' selects a consistent version of each module, but we had
previously vendored an ad-hoc selection of packages.
Notably, x/crypto/hkdf was previously vendored in at a much newer
commit than the rest of x/crypto. Bringing the rest of x/crypto up to
that commit introduced an import of golang.org/x/sys/cpu, which broke
the js/wasm build, requiring an upgrade of x/sys to pick up CL 165749.
Updates #30228
Updates #30241
Updates #25822
Change-Id: I5b3dbc232b7e6a048a158cbd8d36137af1efb711
Reviewed-on: https://go-review.googlesource.com/c/go/+/164623
Reviewed-by: Filippo Valsorda <filippo@golang.org>
