Signing with RSA-PSS can uncover faulty crypto.Signer implementations,
and it can fail for (broken) small keys. We'll have to take that
breakage eventually, but it would be nice for it to be opt-out at first.
TLS 1.3 requires RSA-PSS and is opt-out in Go 1.13. Instead of making a
TLS 1.3 opt-out influence a TLS 1.2 behavior, let's wait to add RSA-PSS
to TLS 1.2 until TLS 1.3 is on without opt-out.
Note that since the Client Hello is sent before a protocol version is
selected, we have to advertise RSA-PSS there to support TLS 1.3.
That means that we still support RSA-PSS on the client in TLS 1.2 for
verifying server certificates, which is fine, as all issues arise on the
signing side. We have to be careful not to pick (or consider available)
RSA-PSS on the client for client certificates, though.
We'd expect tests to change only in TLS 1.2:
* the server won't pick PSS to sign the key exchange
(Server-TLSv12-* w/ RSA, TestHandshakeServerRSAPSS);
* the server won't advertise PSS in CertificateRequest
(Server-TLSv12-ClientAuthRequested*, TestClientAuth);
* and the client won't pick PSS for its CertificateVerify
(Client-TLSv12-ClientCert-RSA-*, TestHandshakeClientCertRSAPSS,
Client-TLSv12-Renegotiate* because "R" requests a client cert).
Client-TLSv13-ClientCert-RSA-RSAPSS was updated because of a fix in the test.
This effectively reverts 8834353072.
Testing was made more complex by the undocumented semantics of OpenSSL's
-[client_]sigalgs (see openssl/openssl#9172).
Updates #32425
Change-Id: Iaddeb2df1f5c75cd090cc8321df2ac8e8e7db349
Reviewed-on: https://go-review.googlesource.com/c/go/+/182339
Reviewed-by: Adam Langley <agl@golang.org>
For later versions of MacOS, the dynamic loader is more picky about
enforcing restrictions on __DWARF MachO load commands/segments,
triggering aborts of the form
dyld: malformed mach-o image: segment __DWARF has vmsize < filesize
for Go programs that use cgo on Darwin. The error is being triggered
because the Go linker is setting "vmsize" in the DWARF segment entry
to zero as a way to signal that the DWARF doesn't need to be mapped
into memory at runtime (which we need to continue to do).
This patch changes the initial protection on the __DWARF segment to
zero, which dyld seems to be happy with (this is used for other similar
non-loadable sections such as __LLVM).
Fixes#32673
Change-Id: I9a73449c6d26c172f3d70361719943af381f37e6
Reviewed-on: https://go-review.googlesource.com/c/go/+/182958
Run-TryBot: Than McIntosh <thanm@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Cherry Zhang <cherryyz@google.com>
Fix a stale reference to Apple's Mach-O file format reference in the
header comment.
Change-Id: I5f120fd5bf31ee0b8b29a33879305abb31a7913d
Reviewed-on: https://go-review.googlesource.com/c/go/+/182957
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Previously, when we resolved a commit hash (not a complete version),
we always checked the contents of the module cache for any
pseudo-version matching that commit.
However, there are many possible names for a given commit. Generally
the semantically-highest valid name is the best, and that may change
over time as new tags are added, so if we are able to fetch a better
name from upstream we should do so. Otherwise, we should fall back to
the highest appropriate name found in the cache.
Fixes#27171
Updates #27173
Change-Id: Ib5c7d99eb463af84674e969813039cbbee7e395b
Reviewed-on: https://go-review.googlesource.com/c/go/+/182178
Run-TryBot: Bryan C. Mills <bcmills@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Jay Conrod <jayconrod@google.com>
Reviewed-by: roger peppe <rogpeppe@gmail.com>
CL 46434 changed the doc for Server.IdleTimeout to include
falling back to Server.ReadHeaderTimeout if both
Server.IdleTimeout and Server.ReadTimeout are zero.
However, we explicitly set the ReadDeadlines firstly based
off Server.IdleTimeout or Server.ReadTimeout before attempting
to read the next request, thus the current doc is incorrect.
This CL reverts CL 46434 and also updates the doc for
Server.ReadHeaderTimeout to documenting falling back
to Server.ReadTimeout, if the former is zero, otherwise
there is no timeout.
Fixes#32053
Change-Id: I43dd0252d1bcee6c29a8529abd84c84a49b2fba9
GitHub-Last-Rev: e1cdb59977
GitHub-Pull-Request: golang/go#32164
Reviewed-on: https://go-review.googlesource.com/c/go/+/178337
Reviewed-by: Emmanuel Odeke <emm.odeke@gmail.com>
Broadened the regular expression used to test error messages for
failing to connect to "localhost.localdev/sumdb". Some DNS servers
resolve unknown domains like "localhost.localdev" to real IP addresses
to serve ads. We may get a variety of error messages.
Fixes#31779
Change-Id: Ib389c633c9a9f70f8e89bbcba5282a375da4e708
Reviewed-on: https://go-review.googlesource.com/c/go/+/182799
Run-TryBot: Jay Conrod <jayconrod@google.com>
Reviewed-by: Bryan C. Mills <bcmills@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
There is a subtle distinction between a value
*being* the zero value vs being *equal to* the zero value.
This was discussed at length in #31450.
Using "a zero value" in the docs suggests that there may
be more than zero value. That is possible on the "equal to
zero value" reading, but not the "is zero" reading that we
selected for the semantics of IsZero.
This change attempts to prevent any confusion on this front by
switching to "the zero value" in the documentation.
And while we're here, eliminate a double-space.
(Darn macbook keyboards.)
Change-Id: Iaa02ba297438793f5a90be9919a4d53baef92f8e
Reviewed-on: https://go-review.googlesource.com/c/go/+/182617
Run-TryBot: Josh Bleecher Snyder <josharian@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
This fixes a regression introduced in CL 180337. When we query a
module at "latest" that has no tagged versions, we tried to use ""
as the version because we used info.Name instead of info.Version. This
only happened when using a proxy: in direct mode, info.Name is set to
the underlying VCS revision, which is fine.
Also: serve "/mod/path/@latest" through our test proxy.
Previously, we served a 404, which made this bug hard to detect.
Fixes#32636
Change-Id: I5c60975656297f862cad66675170e819685ebd39
Reviewed-on: https://go-review.googlesource.com/c/go/+/182697
Run-TryBot: Jay Conrod <jayconrod@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Bryan C. Mills <bcmills@google.com>
This change updates the doc comments of the various ParseGlob functions
and methods to state that they use the semantics of filepath.Match when
matching the file name pattern.
Fixes#30608
Change-Id: Iee4bdc0a2a2f8647d1f9a910e4d72a5de9204d11
Reviewed-on: https://go-review.googlesource.com/c/go/+/179739
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
Write release notes for a few reflect, runtime, and syscall changes.
The init randomization has been reverted.
Change-Id: Idae481ca015e325eb7302abaa15b2792312f4c32
Reviewed-on: https://go-review.googlesource.com/c/go/+/181577
Reviewed-by: Austin Clements <austin@google.com>
Add a special case to print a generic nil error when context.err is
nil.
Previously, this case was unchecked, leading to a call to (*Error).Error
with a nil receiver, which was triggering a nil pointer access. However,
this bug was masked by the panic-recovery code in package fmt.
I tested this change by running `dlv test` in src/html/template, running
the `continue` command, and verifying that no "bad access" errors are
returned.
Fixes#28854
Change-Id: I0b637b943de003d9efc294f6f1e49b793668d037
Reviewed-on: https://go-review.googlesource.com/c/go/+/181579
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
* In doc/install-source.html, clarify the meaning of $GOBIN and
describe where executables from the Go distribution are
installed. Also describe $GOPATH, since it provides a default value
for $GOBIN and may conflict with $GOROOT.
* Add more detail to 'go help install' as well.
Fixes#31576
Change-Id: Ib8a8c21677c3aa0ebef97a3b587b6f8fe338b80e
Reviewed-on: https://go-review.googlesource.com/c/go/+/182341
Run-TryBot: Jay Conrod <jayconrod@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Bryan C. Mills <bcmills@google.com>
Fixes the test on the linux-arm64-packet builder.
Change-Id: Icaf9edf9542f4f6e3791ca43298a1e7051eaa576
Reviewed-on: https://go-review.googlesource.com/c/go/+/182378
Run-TryBot: Elias Naur <mail@eliasnaur.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
It is forbidden by App Store.
Fixes#31628
Change-Id: Ie6d14a524ee55b57af8db685f3a79f474733add5
Reviewed-on: https://go-review.googlesource.com/c/go/+/182297
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Keith Randall <khr@golang.org>
Changes Darwin semaphore support from using pthread mutexes and
condition variables to using dispatch semaphores. Signaling a dispatch
semaphore is async-signal-safe.
Fixes#31264
Change-Id: If0ce47623501db13e3804b14ace5f4d8eaef461e
Reviewed-on: https://go-review.googlesource.com/c/go/+/182258
Reviewed-by: Elias Naur <mail@eliasnaur.com>
Reviewed-by: Keith Randall <khr@golang.org>
Currently, 'go get -u' and 'go get -u=patch' avoid accidentally
downgrading modules by preventing upgrades in two cases:
1) If the current version is a prerelease that is semantically later
than the "latest" or "patch" version.
2) If the current version is a pseudoversion that is chronologically
newer than the "latest" or "patch" version.
With this change, 'go get m@latest' and 'go get m@patch' prevent
downgrades using the same checks.
Also: 'go get m@patch' now works if m is a module path but not a
package path (i.e., there is no package in the module root directory).
Fixes#30634Fixes#32537
Change-Id: I916630c385b5f3ba7c13e0d65ba08f73a1a67829
Reviewed-on: https://go-review.googlesource.com/c/go/+/180337
Run-TryBot: Jay Conrod <jayconrod@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Bryan C. Mills <bcmills@google.com>
Add support for scanning decimal types into values. If the dest
supports the decimal composer interface and the src supports
the decimal decomposer, set the value of the decimal when Scanning.
Add support for sending decimal decomposer interface values
as parameters.
For #30870
Change-Id: Ic5dbf9069df8d56405852b17542a9188d55c2947
Reviewed-on: https://go-review.googlesource.com/c/go/+/174181
Run-TryBot: Daniel Theophanes <kardianos@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Exposing the underlying driver conn will allow the use of the
standard connection pool while still able to run special function
directly on the driver.
Fixes#29835
Change-Id: Ib6d3b9535e730f008916805ae3bf76e4494c88f9
Reviewed-on: https://go-review.googlesource.com/c/go/+/174182
Run-TryBot: Daniel Theophanes <kardianos@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Factor the try-on-failure variants are now in the package
cmd/go/internal/robustio.
Add to them a RemoveAll variant using the same retry loop,
and use it to attempt to address the observed flakes in
TestLinkXImportPathEscape.
Fixes#19491
Updates #25965
Updates #28387
Updates #32188
Change-Id: I9db1a0c7537b8aaadccab1b9eca734595668ba29
Reviewed-on: https://go-review.googlesource.com/c/go/+/181541
Run-TryBot: Bryan C. Mills <bcmills@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Alex Brainman <alex.brainman@gmail.com>
Reviewed-by: Jay Conrod <jayconrod@google.com>
Reviewed-by: Russ Cox <rsc@golang.org>
Also, in 'go get' in GOPATH mode, report an error for package paths
that start with '-'.
Change-Id: Ic2575381aa2d093ba15c53b893bf2eaded8b6066
Reviewed-on: https://go-review.googlesource.com/c/go/+/181237
Run-TryBot: Jay Conrod <jayconrod@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Bryan C. Mills <bcmills@google.com>
While it is possible for the connection pool to guard against panics
on every valuer read, this seems like a high cost to be added,
in both code complexity and possible runtime performance.
Most uses of the Valuer will be trivial, like returning
a struct field. Optimize for that case. If sometime may panic the
valuer should itself use recover and return an error.
Fixes#26332
Change-Id: Iad18780b8028f669f5a7841b74a5384d62fb6a7e
Reviewed-on: https://go-review.googlesource.com/c/go/+/170700
Reviewed-by: Ian Lance Taylor <iant@golang.org>
This change makes the release notes for Go 1.13 more complete
by mentioning a new function in the os package.
Change-Id: I0d637fd70ff6d14782bbfb7c13985a0f83b19d6d
Reviewed-on: https://go-review.googlesource.com/c/go/+/181945
Reviewed-by: Ian Lance Taylor <iant@golang.org>
It is too confusing to have to set GONOSUMDB and GONOPROXY
in common use cases, but one cannot be guaranteed to be a
subset of the other.
This CL adds GOPRIVATE, which takes the same kind of pattern list
but is defined as "these patterns are private (non-public) modules".
Today the implication is that GOPRIVATE is the default setting for
GONOSUMDB and GONOPROXY. If there are other accommodations
to make for private packages in the future or in other tools,
having this clear statement of intent will let us do that.
(For example maybe an IDE integration would hyperlink an import
path to godoc.org; consulting GOPRIVATE would be a reasonable
way to decide not to do that for certain imports. In contrast,
consulting GONOPROXY or GONOSUMDB clearly would not.)
Fixes#32184.
Change-Id: If54c12d353c7a0a5c0e0273764140cce3c154a02
Reviewed-on: https://go-review.googlesource.com/c/go/+/181719
Run-TryBot: Russ Cox <rsc@golang.org>
Reviewed-by: Bryan C. Mills <bcmills@google.com>
Reviewed-by: Jay Conrod <jayconrod@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
For int8, int16, and int32, comparing their unsigned value to MaxInt64
to determine non-negativity doesn't make sense, because they have
negative values whose unsigned representation is smaller than that.
Fix is simply to compare with the appropriate upper bound based on the
value type's size.
Fixes#32560.
Change-Id: Ie7afad7a56af92bd890ba5ff33c86d1df06cfd9a
Reviewed-on: https://go-review.googlesource.com/c/go/+/181797
Run-TryBot: Matthew Dempsky <mdempsky@google.com>
Reviewed-by: Josh Bleecher Snyder <josharian@gmail.com>
Reviewed-by: David Chase <drchase@google.com>
Reviewed-by: Keith Randall <khr@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Change-Id: Idb5bf2a61bff635e3ebd926bdeacf943578ac874
Reviewed-on: https://go-review.googlesource.com/c/go/+/181681
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Reviewed-by: Bryan C. Mills <bcmills@google.com>
Make "go test" run the new errorsas vet check by default.
Fixes#31213.
Change-Id: I5c93c000874ffe1c0b6d647bf10de803f414c5c1
Reviewed-on: https://go-review.googlesource.com/c/go/+/179977
Run-TryBot: Jonathan Amsterdam <jba@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Michael Matloob <matloob@golang.org>
This change revendors golang.org/x/tools to include the check and
modifies cmd/vet to add it to the command.
CL 179977 will enable the check by default for 'go test'.
Commands run (starting in GOROOT/src):
cd cmd
emacs vet/main.go
go get -u=patch golang.org/x/tools/go/analysis/passes/errorsas@latest
go mod tidy
go mod vendor
cd ..
./make.bash
go test all
Updates #31213
Change-Id: Ic2ba9bd2d31c4c5fd9e7c42ca14e8dc38520c93b
Reviewed-on: https://go-review.googlesource.com/c/go/+/181717
Reviewed-by: Jonathan Amsterdam <jba@google.com>
