1
0
mirror of https://github.com/golang/go synced 2024-11-23 15:00:03 -07:00
go/api
Damien Neil a2d8157a7e archive/tar, archive/zip: return ErrInsecurePath for unsafe paths
Return a distinguishable error when reading an archive file
with a path that is:

	- absolute
	- escapes the current directory (../a)
	- on Windows, a reserved name such as NUL

Users may ignore this error and proceed if they do not need name
sanitization or intend to perform it themselves.

Fixes #25849
Fixes #55356

Change-Id: Ieefa163f00384bc285ab329ea21a6561d39d8096
Reviewed-on: https://go-review.googlesource.com/c/go/+/449937
Reviewed-by: Joseph Tsai <joetsai@digital-static.net>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Damien Neil <dneil@google.com>
Auto-Submit: Damien Neil <dneil@google.com>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
2022-11-16 23:36:48 +00:00
..
next archive/tar, archive/zip: return ErrInsecurePath for unsafe paths 2022-11-16 23:36:48 +00:00
except.txt syscall: remove FreeBSD 11 and below 64bit inode compatibility shims 2022-09-16 01:17:28 +00:00
go1.1.txt strconv: quote rune 007F as \x7f, not \u007f 2022-03-31 20:37:15 +00:00
go1.2.txt
go1.3.txt
go1.4.txt
go1.5.txt
go1.6.txt
go1.7.txt
go1.8.txt
go1.9.txt cmd/api: set architecture sizes when type checking 2021-10-04 20:20:20 +00:00
go1.10.txt
go1.11.txt
go1.12.txt
go1.13.txt
go1.14.txt
go1.15.txt
go1.16.txt api/go1.16: add go/build/constraint APIs 2021-01-27 21:11:22 +00:00
go1.17.txt cmd/api: set architecture sizes when type checking 2021-10-04 20:20:20 +00:00
go1.18.txt runtime/debug: replace (*BuildInfo).Marshal methods with Parse and String 2022-02-09 19:44:03 +00:00
go1.19.txt debug/pe: add IMAGE_FILE_MACHINE_LOONGARCH{64,32} 2022-06-29 22:29:34 +00:00
go1.txt
README cmd/api: require proposal # for new API features 2022-03-14 21:43:16 +00:00

Files in this directory are data for Go's API checker ("go tool api", in src/cmd/api).

Each file is a list of API features, one per line.

go1.txt (and similarly named files) are frozen once a version has been
shipped. Each file adds new lines but does not remove any.

except.txt lists features that may disappear without breaking true
compatibility.

Starting with go1.19.txt, each API feature line must end in "#nnnnn"
giving the GitHub issue number of the proposal issue that accepted
the new API. This helps with our end-of-cycle audit of new APIs.
The same requirement applies to next/* (described below), which will
become a go1.XX.txt for XX >= 19.

The next/ directory contains the only files intended to be mutated.
Each file in that directory contains a list of features that may be added
to the next release of Go. The files in this directory only affect the
warning output from the go api tool. Each file should be named
nnnnn.txt, after the issue number for the accepted proposal.
(The #nnnnn suffix must also appear at the end of each line in the file;
that will be preserved when next/*.txt is concatenated into go1.XX.txt.)