1
0
mirror of https://github.com/golang/go synced 2024-11-23 10:00:03 -07:00
Commit Graph

47 Commits

Author SHA1 Message Date
Roland Shoemaker
26a860706a doc/go1.16: add crypto/x509 CSR release note
Change-Id: If74d49c3be9299d8c136003673e0fee2a563389d
Reviewed-on: https://go-review.googlesource.com/c/go/+/268957
Trust: Roland Shoemaker <roland@golang.org>
Run-TryBot: Roland Shoemaker <roland@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Katie Hockman <katie@golang.org>
2020-11-11 17:12:34 +00:00
Jay Conrod
8f2db14cd3 cmd/go: release note for -mod=readonly by default
For #40728
Fixes #42466

Change-Id: If2b21b37a590c243828c4fd278ab10b2705450f0
Reviewed-on: https://go-review.googlesource.com/c/go/+/268859
Reviewed-by: Bryan C. Mills <bcmills@google.com>
Trust: Dmitri Shuralyov <dmitshur@golang.org>
2020-11-10 18:42:47 +00:00
Cherry Zhang
1948c00b6e doc/go1.16: add release notes for darwin ports
Updates #38485, #42100.
For #40700.

Change-Id: I2caaa8482f13f9b79d4c2d2fdd242543981060cf
Reviewed-on: https://go-review.googlesource.com/c/go/+/267718
Trust: Cherry Zhang <cherryyz@google.com>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
2020-11-10 18:03:53 +00:00
Roland Shoemaker
9f39a43e0d crypto/tls: de-prioritize AES-GCM ciphers when lacking hardware support
When either the server or client are lacking hardware support for
AES-GCM ciphers, indicated by the server lacking the relevant
instructions and by the client not putting AES-GCM ciphers at the top
of its preference list, reorder the preference list to de-prioritize
AES-GCM based ciphers when they are adjacent to other AEAD ciphers.

Also updates a number of recorded openssl TLS tests which previously
only specified TLS 1.2 cipher preferences (using -cipher), but not
TLS 1.3 cipher preferences (using -ciphersuites), to specify both
preferences, making these tests more predictable.

Fixes #41181.

Change-Id: Ied896c96c095481e755aaff9ff0746fb4cb9568e
Reviewed-on: https://go-review.googlesource.com/c/go/+/262857
Run-TryBot: Roland Shoemaker <roland@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Trust: Roland Shoemaker <roland@golang.org>
Trust: Katie Hockman <katie@golang.org>
2020-11-10 01:40:27 +00:00
Filippo Valsorda
d7fff1f2cf crypto/tls: ensure the server picked an advertised ALPN protocol
This is a SHALL in RFC 7301, Section 3.2.

Also some more cleanup after NPN, which worked the other way around
(with the possibility that the client could pick a protocol the server
did not suggest).

Change-Id: I83cc43ca1b3c686dfece8315436441c077065d82
Reviewed-on: https://go-review.googlesource.com/c/go/+/239748
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Trust: Filippo Valsorda <filippo@golang.org>
Trust: Roland Shoemaker <roland@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
2020-11-09 19:48:28 +00:00
Johan Brandhorst
fdecb5c5b4 crypto/tls: add HandshakeContext method to Conn
Adds the (*tls.Conn).HandshakeContext method. This allows
us to pass the context provided down the call stack to
eventually reach the tls.ClientHelloInfo and
tls.CertificateRequestInfo structs.
These contexts are exposed to the user as read-only via Context()
methods.

This allows users of (*tls.Config).GetCertificate and
(*tls.Config).GetClientCertificate to use the context for
request scoped parameters and cancellation.

Replace uses of (*tls.Conn).Handshake with (*tls.Conn).HandshakeContext
where appropriate, to propagate existing contexts.

Fixes #32406

Change-Id: I33c228904fe82dcf57683b63627497d3eb841ff2
Reviewed-on: https://go-review.googlesource.com/c/go/+/246338
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Trust: Roland Shoemaker <roland@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
2020-11-09 18:34:47 +00:00
Jay Conrod
8a368c63ec cmd/go: print deprecation messages for -i
build, install, and test will now print deprecation messages when the
-i flag is used. clean will continue to support -i.

For #41696

Change-Id: I956c235c487a872c5e6c1395388b4d6cd5ef817a
Reviewed-on: https://go-review.googlesource.com/c/go/+/266368
Trust: Jay Conrod <jayconrod@google.com>
Reviewed-by: Bryan C. Mills <bcmills@google.com>
2020-11-09 18:32:40 +00:00
Jay Conrod
65607683f5 cmd/go: print deprecation messages for 'go get' installing executables
For #40276

Change-Id: I5e631a4c9ce07f23640fb56eb455457bc55072c6
Reviewed-on: https://go-review.googlesource.com/c/go/+/266360
Run-TryBot: Jay Conrod <jayconrod@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Trust: Jay Conrod <jayconrod@google.com>
Reviewed-by: Bryan C. Mills <bcmills@google.com>
2020-11-09 18:32:36 +00:00
Katie Hockman
c9b9cd73bb crypto/tls: set Deadline before sending close notify alert
This change also documents the need to set a Deadline before
calling Read or Write.

Fixes #31224

Change-Id: I89d6fe3ecb0a0076b4c61765f61c88056f951406
Reviewed-on: https://go-review.googlesource.com/c/go/+/266037
Trust: Katie Hockman <katie@golang.org>
Run-TryBot: Katie Hockman <katie@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
2020-11-07 02:12:20 +00:00
Bryan C. Mills
06538fa723 cmd/go/internal/modget: resolve paths at the requested versions
Previously, we resolved each argument to 'go get' to a package path or
module path based on what was in the build list at existing versions,
even if the argument specified a different version explicitly. That
resulted in bugs like #37438, in which we variously resolved the wrong
version or guessed the wrong argument type for what is unambiguously a
package argument at the requested version.

We were also using a two-step upgrade/downgrade algorithm, which could
not only upgrade more that is strictly necessary, but could also
unintentionally upgrade *above* the requested versions during the
downgrade step.

This change instead uses an iterative approach, with an explicit
disambiguation step for the (rare) cases where an argument could match
the same package path in multiple modules. We use a hook in the
package loader to halt package loading as soon as an incorrect version
is found — preventing over-resolving — and verify that the result
after applying downgrades successfully obtained the requested versions
of all modules.

Making 'go get' be correct and usable is especially important now that
we are defaulting to read-only mode (#40728), for which we are
recommending 'go get' more heavily.

While I'm in here refactoring, I'm also reworking the API boundary
between the modget and modload packages. Previously, the modget
package edited the build list directly, and the modload package
accepted the edited build list without validation. For lazy loading
(#36460), the modload package will need to maintain additional
metadata about the requirement graph, so it needs tighter control over
the changes to the build list.

As of this change, modget no longer invokes MVS directly, but instead
goes through the modload package. The resulting API gives clearer
reasons in case of updates, which we can use to emit more useful
errors.

Fixes #37438
Updates #36460
Updates #40728

Change-Id: I596f0020f3795870dec258147e6fc26a3292c93a
Reviewed-on: https://go-review.googlesource.com/c/go/+/263267
Trust: Bryan C. Mills <bcmills@google.com>
Trust: Jay Conrod <jayconrod@google.com>
Run-TryBot: Bryan C. Mills <bcmills@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
2020-11-05 17:52:17 +00:00
Johan Knutzen
1e3b535b6e syscall: expose bInheritHandles of CreateProcess
Certain use cases require this parameter to be false. This includes
spawning a child process in a different windows session than session 0.

Docs regarding the behavior of this parameter to CreateProcess:
https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-createprocessa

Fixes #42098

Change-Id: If998f57d6f2962824aacbee75e1b508b255ab293
GitHub-Last-Rev: 584eb13e36
GitHub-Pull-Request: golang/go#41957
Reviewed-on: https://go-review.googlesource.com/c/go/+/261917
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Trust: Tobias Klauser <tobias.klauser@gmail.com>
Trust: Alex Brainman <alex.brainman@gmail.com>
2020-11-05 02:28:14 +00:00
Austin Clements
4fcb5068f6 doc/go1.16: document switch to MADV_DONTNEED
Updates #42330.

Change-Id: Ifda10a5c3dca30acf1258e9e0af202e9beffc68e
Reviewed-on: https://go-review.googlesource.com/c/go/+/267137
Trust: Austin Clements <austin@google.com>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
2020-11-02 21:08:14 +00:00
Cuong Manh Le
642329fdd5 Revert "cmd/compile: split exported/non-exported methods for interface type"
This reverts commit 8f26b57f9a.

Reason for revert: break a bunch of code, include standard library.

Fixes #42123

Change-Id: Ife90ecbafd2cb395623d1db555fbfc9c1b0098e0
Reviewed-on: https://go-review.googlesource.com/c/go/+/264026
Trust: Cuong Manh Le <cuong.manhle.vn@gmail.com>
Run-TryBot: Cuong Manh Le <cuong.manhle.vn@gmail.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
2020-10-28 17:10:08 +00:00
Daniel Martí
9113d8c37f doc/go1.16: document BuildID in 'go list -export'
This corresponds to the feature in https://golang.org/cl/263542, since
this can be a noteworthy change to people writing tools to inspect Go
builds.

Also amend the wording to clarify that build IDs are for an entire
compiled package, not just their export data or object file.

Change-Id: I2eb295492807d5d2997a35e5e2371914cb3ad3a0
Reviewed-on: https://go-review.googlesource.com/c/go/+/264158
Trust: Daniel Martí <mvdan@mvdan.cc>
Run-TryBot: Daniel Martí <mvdan@mvdan.cc>
Reviewed-by: Jay Conrod <jayconrod@google.com>
Reviewed-by: Bryan C. Mills <bcmills@google.com>
2020-10-27 20:22:56 +00:00
qmuntal
f1aa0b081e doc/go1.16: document ASLR support for -buildmode=c-shared on windows
Change-Id: I89c61e444b3ab36f0081a5252d210cb265344122
Reviewed-on: https://go-review.googlesource.com/c/go/+/264157
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Reviewed-by: Alex Brainman <alex.brainman@gmail.com>
Trust: Alex Brainman <alex.brainman@gmail.com>
2020-10-22 23:00:42 +00:00
Daniel Martí
de74ea5d74 cmd/go: set TOOLEXEC_IMPORTPATH for -toolexec tools
This way, a -toolexec tool can tell precisely what package is being
built when it's run. This was very hard to do before, because the tool
had to piece together that information given the build action's
arguments or flags.

Since there wasn't a good set of tests for -toolexec, add one in the
form of a test script. It builds a simple set of packages with a variety
of build tools, to ensure that all the cases behave as expected.

Like other recent master changes, include the changelog item for this
user-facing change too.

Fixes #15677.

Change-Id: I0a5a1d9485840323ec138b2e64b7e7dd803fdf90
Reviewed-on: https://go-review.googlesource.com/c/go/+/263357
Run-TryBot: Daniel Martí <mvdan@mvdan.cc>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Bryan C. Mills <bcmills@google.com>
Trust: Daniel Martí <mvdan@mvdan.cc>
2020-10-22 15:10:01 +00:00
Ian Lance Taylor
cb768c801a encoding/xml: fix reserved namespace check to be case-insensitive
Fixes the check for the reserved namespace prefix
"xml" to be case insensitive, so as to match all variants of:

    (('X'|'x')('M'|'m')('L'|'l'))

as mandated by Section 2.3 of https://www.w3.org/TR/REC-xml/

This is a roll forward of CL 203417, which was rolled back by CL 240179.
We've decided that the roll back was incorrect, and any broken tests
should be fixed.

The original CL 203417 was by Tamás Gulácsi.

Fixes #35151
For #39876

Change-Id: I2e6daa7aeb252531fba0b8a56086613e13059528
Reviewed-on: https://go-review.googlesource.com/c/go/+/264024
Trust: Ian Lance Taylor <iant@golang.org>
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Emmanuel Odeke <emm.odeke@gmail.com>
2020-10-21 23:51:30 +00:00
Kevin Burke
6af088bfc6 encoding/json: add "json: " prefix to SyntaxError messages
The other named errors - UnmarshalTypeError, etc - in this package do
the same, so we should prepend the package prefix to error messages
for consistency.

Add a note to the release docs in case this is interpreted as
a breaking change.

Fixes #36221.

Change-Id: Ie24b532bbf9812e108c259fa377e2a6b64319ed4
Reviewed-on: https://go-review.googlesource.com/c/go/+/263619
Run-TryBot: Kevin Burke <kev@inburke.com>
TryBot-Result: Go Bot <gobot@golang.org>
Trust: Kevin Burke <kev@inburke.com>
Trust: Daniel Martí <mvdan@mvdan.cc>
Reviewed-by: Daniel Martí <mvdan@mvdan.cc>
2020-10-21 18:50:01 +00:00
Cuong Manh Le
62f18d07ba doc/go1.16: document net TCP listener's backlog size update
Updates #41470

Change-Id: Iebd3a339504aa7f8834853d6a740557fb3bce3ef
Reviewed-on: https://go-review.googlesource.com/c/go/+/262938
Trust: Cuong Manh Le <cuong.manhle.vn@gmail.com>
Trust: Emmanuel Odeke <emm.odeke@gmail.com>
Run-TryBot: Cuong Manh Le <cuong.manhle.vn@gmail.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Reviewed-by: Emmanuel Odeke <emm.odeke@gmail.com>
2020-10-21 00:59:25 +00:00
Katie Hockman
2a206c7fcc crypto/hmac: panic if reusing hash.Hash values
Also put Reset in the correct place for the other
benchmarks.

name           old time/op    new time/op    delta
NewWriteSum-8    1.01µs ± 0%    1.01µs ± 1%   ~     (p=0.945 n=9+9)

name           old speed      new speed      delta
NewWriteSum-8  31.7MB/s ± 0%  31.6MB/s ± 1%   ~     (p=0.948 n=9+9)

name           old alloc/op   new alloc/op   delta
NewWriteSum-8      544B ± 0%      544B ± 0%   ~     (all equal)

name           old allocs/op  new allocs/op  delta
NewWriteSum-8      7.00 ± 0%      7.00 ± 0%   ~     (all equal)

Fixes #41089

Change-Id: I3dae660adbe4993963130bf3c2636bd53899164b
Reviewed-on: https://go-review.googlesource.com/c/go/+/261960
Trust: Katie Hockman <katie@golang.org>
Trust: Roland Shoemaker <roland@golang.org>
Run-TryBot: Katie Hockman <katie@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
2020-10-19 15:00:02 +00:00
Nigel Tao
a2eb53c571 strconv: use the Eisel-Lemire ParseFloat algorithm
Also fix BenchmarkAtof64Random* to initialize the test data when none
of the TestAtof* tests are run.

Passing "go test -test.count=5 -test.run=xxx -test.bench=Atof64" on to
benchstat:

name                  old time/op  new time/op  delta
Atof64Decimal-4       47.9ns ± 0%  48.3ns ± 1%     ~     (p=0.238 n=4+5)
Atof64Float-4         58.3ns ± 3%  57.7ns ± 0%     ~     (p=0.151 n=5+5)
Atof64FloatExp-4       107ns ± 0%    71ns ± 1%  -33.89%  (p=0.016 n=4+5)
Atof64Big-4            163ns ± 0%   166ns ± 2%     ~     (p=0.159 n=4+5)
Atof64RandomBits-4     299ns ± 1%   166ns ± 1%  -44.41%  (p=0.008 n=5+5)
Atof64RandomFloats-4   188ns ± 1%   144ns ± 0%  -23.03%  (p=0.008 n=5+5)

The canada.json file from github.com/miloyip/nativejson-benchmark is
full of geospatial coordinates (i.e. numbers). With this program:

    src, _ := ioutil.ReadFile("canada.json")
    for i := 0; i < 5; i++ {
        now := time.Now()
        for j := 0; j < 10; j++ {
            dst := interface{}(nil)
            if err := json.Unmarshal(src, &dst); err != nil {
                log.Fatal(err)
            }
        }
        fmt.Println(time.Since(now))
    }

Median of the 5 printed numbers, lower is better.
Before: 760.819549ms
After:  702.651646ms
Ratio:  1.08x

The new detailedPowersOfTen table weighs in at 596 * 16 = 9536 bytes,
but some of that weight gain can be clawed back, in a follow-up commit,
that folds in the existing powersOfTen table in extfloat.go.

RELNOTE=yes

Change-Id: I3953110deaa1f5f6941e88e8417c4665b649ed80
Reviewed-on: https://go-review.googlesource.com/c/go/+/260858
Run-TryBot: Nigel Tao <nigeltao@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Robert Griesemer <gri@golang.org>
Trust: Nigel Tao <nigeltao@golang.org>
2020-10-17 00:26:52 +00:00
Roland Shoemaker
2ec71e5732 crypto/x509: add signature verification to CreateCertificate
This changes checks the signature generated during CreateCertificate
and returns an error if the verification fails. A benchmark is also
added. For RSA keys the delta looks to be insignificant, but for
ECDSA keys it introduces a much larger delta which is not ideal.

name          old time/op  new time/op   delta
RSA_2048-8    1.38ms ± 6%   1.41ms ± 2%      ~     (p=0.182 n=10)
ECDSA_P256-8  42.6µs ± 4%  116.8µs ± 4%  +174.00%  (p=0.000 n=1

Fixes #40458

Change-Id: I22827795bb9bb6868b4fa47391927db1d3bc19a1
Reviewed-on: https://go-review.googlesource.com/c/go/+/259697
Run-TryBot: Roland Shoemaker <roland@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Trust: Emmanuel Odeke <emm.odeke@gmail.com>
Trust: Roland Shoemaker <roland@golang.org>
2020-10-14 20:17:49 +00:00
Cuong Manh Le
8f26b57f9a cmd/compile: split exported/non-exported methods for interface type
Currently, mhdr/methods is emitted with the same len/cap. There's no way
to distinguish between exported and non-exported methods statically.

This CL splits mhdr/methods into two parts, use "len" for number of
exported methods, and "cap" for all methods. This fixes the bug in
issue #22075, which intends to return the number of exported methods but
currently return all methods.

Note that with this encoding, we still can access either
all/exported-only/non-exported-only methods:

	mhdr[:cap(mhdr)]          // all methods
	mhdr                      // exported methods
	mhdr[len(mhdr):cap(mhdr)] // non-exported methods

Thank to Matthew Dempsky (@mdempsky) for suggesting this encoding.

Fixes #22075

Change-Id: If662adb03ccff27407d55a5578a0ed05a15e7cdd
Reviewed-on: https://go-review.googlesource.com/c/go/+/259237
Trust: Cuong Manh Le <cuong.manhle.vn@gmail.com>
Run-TryBot: Cuong Manh Le <cuong.manhle.vn@gmail.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Cherry Zhang <cherryyz@google.com>
Reviewed-by: Matthew Dempsky <mdempsky@google.com>
2020-10-09 02:14:32 +00:00
Roberto Clapis
542693e005 net/http: make SameSiteDefaultMode behavior match the specification
The current specification does not foresee a SameSite attribute without
a value. While the existing implementation would serialize SameSite in a
way that would likely be ignored by well-impelemented clients, it is
better to not rely on this kind of quirks.

Specification: https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-05#section-4.1.1

Fixes #36990

Change-Id: Ie51152741d7e84bab64d3e4e4f780286932acbde
Reviewed-on: https://go-review.googlesource.com/c/go/+/256498
Trust: Roberto Clapis <roberto@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
2020-10-08 08:53:13 +00:00
Dmitri Shuralyov
470829d474 doc/go1.16: document GO386=387 and GO386=softfloat
Also add a few more TODOs as found by the relnote command.
It's an incomplete list due to #41849.

For #40700.

Change-Id: Id17a9be86d3338e1fcb281d26e7298ff26e92864
Reviewed-on: https://go-review.googlesource.com/c/go/+/260337
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Trust: Dmitri Shuralyov <dmitshur@golang.org>
2020-10-07 19:50:44 +00:00
witchard
1fb149fd64 cmd/go/internal/get: improve -insecure deprecation docs
Updates #37519

Change-Id: I212607f1839b729d7da24b1258e56997b13ad830
GitHub-Last-Rev: db6d3c835b
GitHub-Pull-Request: golang/go#41613
Reviewed-on: https://go-review.googlesource.com/c/go/+/257157
Run-TryBot: Bryan C. Mills <bcmills@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Trust: Jay Conrod <jayconrod@google.com>
Trust: Bryan C. Mills <bcmills@google.com>
Reviewed-by: Bryan C. Mills <bcmills@google.com>
Reviewed-by: Jay Conrod <jayconrod@google.com>
2020-10-06 19:39:32 +00:00
Tobias Klauser
21eb3dcf93 doc/go1.16: announce netbsd/arm64 support
netbsd/arm64 now complies with all the requirements for a port as
specified on https://golang.org/wiki/PortingPolicy

Note that this was preliminarily announced in the Go 1.13 release notes
(CL 183637) but then removed again due to the port lacking a builder at
that time (CL 192997).

Updates #30824

Change-Id: I2f40fabc84fe9cb699282e6a9d13ed9b64478e36
Reviewed-on: https://go-review.googlesource.com/c/go/+/259277
Trust: Tobias Klauser <tobias.klauser@gmail.com>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
2020-10-02 20:23:33 +00:00
Filippo Valsorda
8f1c99035d crypto/dsa,crypto/x509: deprecate DSA and remove crypto/x509 support
Updates #40337

Change-Id: I5c1218df3ae7e13144a1d9f7d4a4b456e4475c0a
Reviewed-on: https://go-review.googlesource.com/c/go/+/257939
Trust: Filippo Valsorda <filippo@golang.org>
Trust: Roland Shoemaker <roland@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Katie Hockman <katie@golang.org>
2020-10-02 10:48:33 +00:00
Roland Shoemaker
2ca2e94731 doc/go1.16: fix crypto typo
Change-Id: Icf962098cc22f16b0acf75db1e82eaddb9fa0c80
Reviewed-on: https://go-review.googlesource.com/c/go/+/258777
Trust: Roland Shoemaker <roland@golang.org>
Run-TryBot: Roland Shoemaker <roland@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2020-10-01 15:04:29 +00:00
Roland Shoemaker
1eeaff75f9 crypto/x509: enforce SAN IA5String encoding restrictions
Extends the IA5String encoding restrictions that are currently applied
to name constraints to dNSName, rfc822Name, and
uniformResourceIdentifier elements of the SAN. The utility function
isIA5String is updated to use unicode.MaxASCII rather than utf8.RuneSelf
as it is somewhat more readable.

Certificates that include these badly encoded names do exist, but are
exceedingly rare. zlint and other linters enforce this encoding and
searching censys.io reveals only three currently trusted certificates
with this particular encoding issue.

Fixes #26362

Change-Id: I7a4f3e165a1754e5b4bfaeabc03e01eb7367f3c9
Reviewed-on: https://go-review.googlesource.com/c/go/+/235078
Run-TryBot: Roland Shoemaker <roland@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Trust: Roland Shoemaker <roland@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
2020-09-30 17:51:05 +00:00
Ainar Garipov
72a9dec156 doc/go1.16: document net.ErrClosed usage in crypto/tls
Change-Id: I130cf79b93c6456dbe87f0042209e204c4e319b2
Reviewed-on: https://go-review.googlesource.com/c/go/+/257457
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Reviewed-by: Emmanuel Odeke <emm.odeke@gmail.com>
Trust: Emmanuel Odeke <emm.odeke@gmail.com>
2020-09-27 06:23:18 +00:00
witchard
9e073b504f doc/go1.16: add -insecure deprecation to release notes
Updates #37519.

Change-Id: Iddf88a24334d4740f9c40caa2354127298692eeb
GitHub-Last-Rev: deda4c858b
GitHub-Pull-Request: golang/go#41545
Reviewed-on: https://go-review.googlesource.com/c/go/+/256419
Reviewed-by: Jay Conrod <jayconrod@google.com>
Trust: Jay Conrod <jayconrod@google.com>
Trust: Bryan C. Mills <bcmills@google.com>
2020-09-24 13:29:01 +00:00
Bryan C. Mills
3aa09489ab cmd/go: add a '-e' flag to 'mod tidy' and 'mod vendor'
This flag, like the -e flag to 'go list', instructs the command to
make a best effort to continue in spite of errors for specific packages.

Fixes #26603

Change-Id: I5ee2f50c71870ae8ef3f9b3e5b045474adcca525
Reviewed-on: https://go-review.googlesource.com/c/go/+/255960
Trust: Bryan C. Mills <bcmills@google.com>
Trust: Jay Conrod <jayconrod@google.com>
Run-TryBot: Bryan C. Mills <bcmills@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Michael Matloob <matloob@golang.org>
Reviewed-by: Jay Conrod <jayconrod@google.com>
2020-09-22 17:04:13 +00:00
Bryan C. Mills
4e1d812afc doc/go1.16: add subheads and adjust formatting in the 'Go command' section
Change-Id: I5f70684d4033d8b11e1cce89268d8222ed596c67
Reviewed-on: https://go-review.googlesource.com/c/go/+/256400
Trust: Bryan C. Mills <bcmills@google.com>
Run-TryBot: Bryan C. Mills <bcmills@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Jay Conrod <jayconrod@google.com>
Reviewed-by: Michael Matloob <matloob@golang.org>
2020-09-22 16:52:11 +00:00
Ian Lance Taylor
eaa97fbf20 cmd/cgo: don't translate bitfields into Go fields
The cgo tool would sometimes emit a bitfield at an offset that did not
correspond to the C offset, such as for the example in the new test.

Change-Id: I61b2ca10ee44a42f81c13ed12865f2060168fed5
Reviewed-on: https://go-review.googlesource.com/c/go/+/252378
Trust: Ian Lance Taylor <iant@golang.org>
Run-TryBot: Ian Lance Taylor <iant@golang.org>
Reviewed-by: Matthew Dempsky <mdempsky@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
2020-09-16 03:02:13 +00:00
Jay Conrod
e306363612 cmd/go: implement 'go install pkg@version'
With this change, 'go install' will install executables in module mode
without using or modifying the module in the current directory, if
there is one.

For #40276

Change-Id: I922e71719b3a4e0c779ce7a30429355fc29930bf
Reviewed-on: https://go-review.googlesource.com/c/go/+/254365
Run-TryBot: Jay Conrod <jayconrod@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Bryan C. Mills <bcmills@google.com>
Reviewed-by: Michael Matloob <matloob@golang.org>
2020-09-15 12:45:59 +00:00
Bryan C. Mills
d27ebc7b86 cmd/go/internal/modload: implement the "all" pattern for lazy loading
The new semantics of the "all" package pattern can be implemented
without actually changing module loading per se. This change
implements those semantics, so that the change can be decoupled from
the changes to the module requirement graph.

For #36460

Change-Id: I0ee8b17afa8b728dc470a42a540fcc01764a4442
Reviewed-on: https://go-review.googlesource.com/c/go/+/240623
Run-TryBot: Bryan C. Mills <bcmills@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Jay Conrod <jayconrod@google.com>
Reviewed-by: Michael Matloob <matloob@golang.org>
2020-09-09 22:37:22 +00:00
Ainar Garipov
c489330987 doc/go1.16: reformat the minor changes section as a definition list
Change the section to use <dl>, <dt>, and <dd> tags to match
previous documents.

Change-Id: Ide0bea698a84ed6b61b364ef9e2f3801ebb8d4d6
Reviewed-on: https://go-review.googlesource.com/c/go/+/250897
Reviewed-by: Ian Lance Taylor <iant@golang.org>
2020-09-05 18:40:02 +00:00
Emmanuel T Odeke
ef20f76b8b net/http: reject negative suffix-length Range:bytes=--N with 416 status code
Fixes the file server to reject requests of the form:
    "Range": "bytes=--N"
where "-N" is a negative suffix-length as designated by the
grammar in RFC 7233 Section 2.1, "Byte-Ranges", which specifies
that suffix-length MUST be of the form 1*DIGIT aka a non-negative digit.

Thus requests such as:
    "Range": "bytes=--2"
will be rejected with a "416 Range Not Satisfiable" response.

Fixes #40940

Change-Id: I3e89f8326c14af30d8bdb126998a50e02ba002d9
Reviewed-on: https://go-review.googlesource.com/c/go/+/252497
Run-TryBot: Emmanuel Odeke <emm.odeke@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Bryan C. Mills <bcmills@google.com>
2020-09-02 21:50:41 +00:00
Ariel Mashraki
c8ea03828b text/template: add CommentNode to template parse tree
Fixes #34652

Change-Id: Icf6e3eda593fed826736f34f95a9d66f5450cc98
Reviewed-on: https://go-review.googlesource.com/c/go/+/229398
Reviewed-by: Daniel Martí <mvdan@mvdan.cc>
Run-TryBot: Daniel Martí <mvdan@mvdan.cc>
TryBot-Result: Gobot Gobot <gobot@golang.org>
2020-08-28 21:45:12 +00:00
Ian Lance Taylor
4f76fe8675 cmd/go, testing, os: fail test that calls os.Exit(0)
This catches cases where a test calls code that calls os.Exit(0),
thereby skipping all subsequent tests.

Fixes #29062

Change-Id: If9478972f40189e27623557e7141469ca4234d89
Reviewed-on: https://go-review.googlesource.com/c/go/+/250977
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Bryan C. Mills <bcmills@google.com>
2020-08-27 23:19:15 +00:00
Ian Lance Taylor
e9ad52e46d net: export ErrClosed
This permits programs to reliably detect whether they are using a
closed network connection.

Fixes #4373

Change-Id: Ib4ce8cc82bbb134c4689f0ebc8b9b11bb8b32a22
Reviewed-on: https://go-review.googlesource.com/c/go/+/250357
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Tobias Klauser <tobias.klauser@gmail.com>
Reviewed-by: Russ Cox <rsc@golang.org>
2020-08-26 22:48:00 +00:00
Jay Conrod
008048c5f4 doc: add module retraction to release notes
For #24031

Change-Id: I9bd0905e9aacee4bec3463b7d91f6f0929744752
Reviewed-on: https://go-review.googlesource.com/c/go/+/228384
Reviewed-by: Michael Matloob <matloob@golang.org>
Reviewed-by: Bryan C. Mills <bcmills@google.com>
2020-08-26 21:17:33 +00:00
Andrew Gerrand
bb54a855a9 net/http: handle Request.URL.RawPath in StripPrefix
The StripPrefix wrapper strips a prefix string from the request's
URL.Path field, but doesn't touch the RawPath field. This leads to the
confusing situation when StripPrefix handles a request with URL.RawPath
populated (due to some escaped characters in the request path) and the
wrapped request's RawPath contains the prefix but Path does not.

This change modifies StripPrefix to strip the prefix from both Path and
RawPath. If there are escaped characters in the prefix part of the
request URL the stripped handler serves a 404 instead of invoking the
underlying handler with a mismatched Path/RawPath pair.

This is a backward incompatible change for a very small minority of
requests; I would be surprised if anyone is depending on this behavior,
but it is possible. If that's the case, we could make a more
conservative change where the RawPath is trimmed if possible, but when
the prefix contains escaped characters then we don't 404 but rather send
through the invalid Path/RawPath pair as before.

Fixes #24366

Change-Id: I7030b8c183a3dfce307bc0272bba9a18df4cfe08
Reviewed-on: https://go-review.googlesource.com/c/go/+/233637
Run-TryBot: Emmanuel Odeke <emm.odeke@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Emmanuel Odeke <emm.odeke@gmail.com>
Reviewed-by: Bryan C. Mills <bcmills@google.com>
2020-08-25 06:01:11 +00:00
Marcel van Lohuizen
8ec5a052ec unicode: upgrade to Unicode 13.0.0
Fixes #40755

Change-Id: I14b3977317994095db8ae1bd873c174641209356
Reviewed-on: https://go-review.googlesource.com/c/go/+/248765
Run-TryBot: Marcel van Lohuizen <mpvl@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
2020-08-20 13:41:13 +00:00
Than McIntosh
933ca0cfdc doc: add a release notes blurb on 1.16 linker improvements
Add a draft version of a blurb on improvements to the linker. This
will need to be finalized later in the release since there are still
some additional changes to be made to the linker in 1.16.

Updates #40703.

Change-Id: Id85c7e129071cc2faacb09c53a2968bd52b0a7b4
Reviewed-on: https://go-review.googlesource.com/c/go/+/248238
Reviewed-by: Cherry Zhang <cherryyz@google.com>
Reviewed-by: Austin Clements <austin@google.com>
2020-08-13 11:41:59 +00:00
Dmitri Shuralyov
b3de3e52c2 doc/go1.16: start draft release notes
This template is based on CL 220278 and previous ones like it.
Include Compiler and Linker sections proactively, they can be
removed if they don't end up being needed for Go 1.16.

Use two spaces of indentation for TODOs to set a better precedent
for the final text that will take its place.

'relnote -html' does not report any changes at this time.

For #40700.

Change-Id: I096b0ce0d33aaaa6fae9c91c0d2dfb89b9c5e94c
Reviewed-on: https://go-review.googlesource.com/c/go/+/248198
Reviewed-by: Carlos Amedee <carlos@golang.org>
2020-08-12 15:12:34 +00:00