mirror of
https://github.com/golang/go
synced 2024-11-08 18:36:22 -07:00
2ec71e5732
This changes checks the signature generated during CreateCertificate and returns an error if the verification fails. A benchmark is also added. For RSA keys the delta looks to be insignificant, but for ECDSA keys it introduces a much larger delta which is not ideal. name old time/op new time/op delta RSA_2048-8 1.38ms ± 6% 1.41ms ± 2% ~ (p=0.182 n=10) ECDSA_P256-8 42.6µs ± 4% 116.8µs ± 4% +174.00% (p=0.000 n=1 Fixes #40458 Change-Id: I22827795bb9bb6868b4fa47391927db1d3bc19a1 Reviewed-on: https://go-review.googlesource.com/c/go/+/259697 Run-TryBot: Roland Shoemaker <roland@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Filippo Valsorda <filippo@golang.org> Trust: Emmanuel Odeke <emm.odeke@gmail.com> Trust: Roland Shoemaker <roland@golang.org>
319 lines
12 KiB
HTML
319 lines
12 KiB
HTML
<!--{
|
|
"Title": "Go 1.16 Release Notes",
|
|
"Path": "/doc/go1.16"
|
|
}-->
|
|
|
|
<!--
|
|
NOTE: In this document and others in this directory, the convention is to
|
|
set fixed-width phrases with non-fixed-width spaces, as in
|
|
<code>hello</code> <code>world</code>.
|
|
Do not send CLs removing the interior tags from such phrases.
|
|
-->
|
|
|
|
<style>
|
|
main ul li { margin: 0.5em 0; }
|
|
</style>
|
|
|
|
<h2 id="introduction">DRAFT RELEASE NOTES — Introduction to Go 1.16</h2>
|
|
|
|
<p>
|
|
<strong>
|
|
Go 1.16 is not yet released. These are work-in-progress
|
|
release notes. Go 1.16 is expected to be released in February 2021.
|
|
</strong>
|
|
</p>
|
|
|
|
<h2 id="language">Changes to the language</h2>
|
|
|
|
<p>
|
|
TODO
|
|
</p>
|
|
|
|
<h2 id="ports">Ports</h2>
|
|
|
|
<h3 id="netbsd">NetBSD</h3>
|
|
|
|
<p><!-- golang.org/issue/30824 -->
|
|
Go now supports the 64-bit ARM architecture on NetBSD (the
|
|
<code>netbsd/arm64</code> port).
|
|
</p>
|
|
|
|
<h3 id="386">386</h3>
|
|
|
|
<p><!-- golang.org/issue/40255, golang.org/issue/41848, CL 258957, and CL 260017 -->
|
|
As <a href="go1.15#386">announced</a> in the Go 1.15 release notes,
|
|
Go 1.16 drops support for x87 mode compilation (<code>GO386=387</code>).
|
|
Support for non-SSE2 processors is now available using soft float
|
|
mode (<code>GO386=softfloat</code>).
|
|
Users running on non-SSE2 processors should replace <code>GO386=387</code>
|
|
with <code>GO386=softfloat</code>.
|
|
</p>
|
|
|
|
<h2 id="tools">Tools</h2>
|
|
|
|
<p>
|
|
TODO
|
|
</p>
|
|
|
|
<h3 id="go-command">Go command</h3>
|
|
|
|
<h4 id="modules">Modules</h4>
|
|
|
|
<p><!-- golang.org/issue/40276 -->
|
|
<code>go</code> <code>install</code> now accepts arguments with
|
|
version suffixes (for example, <code>go</code> <code>install</code>
|
|
<code>example.com/cmd@v1.0.0</code>). This causes <code>go</code>
|
|
<code>install</code> to build and install packages in module-aware mode,
|
|
ignoring the <code>go.mod</code> file in the current directory or any parent
|
|
directory, if there is one. This is useful for installing executables without
|
|
affecting the dependencies of the main module.<br>
|
|
TODO: write and link to section in golang.org/ref/mod<br>
|
|
TODO: write and link to blog post
|
|
</p>
|
|
|
|
<p><!-- golang.org/issue/24031 -->
|
|
<code>retract</code> directives may now be used in a <code>go.mod</code> file
|
|
to indicate that certain published versions of the module should not be used
|
|
by other modules. A module author may retract a version after a severe problem
|
|
is discovered or if the version was published unintentionally.<br>
|
|
TODO: write and link to section in golang.org/ref/mod<br>
|
|
TODO: write and link to tutorial or blog post
|
|
</p>
|
|
|
|
<p><!-- golang.org/issue/26603 -->
|
|
The <code>go</code> <code>mod</code> <code>vendor</code>
|
|
and <code>go</code> <code>mod</code> <code>tidy</code> subcommands now accept
|
|
the <code>-e</code> flag, which instructs them to proceed despite errors in
|
|
resolving missing packages.
|
|
</p>
|
|
|
|
<h4 id="go-test"><code>go</code> <code>test</code></h4>
|
|
|
|
<p><!-- golang.org/issue/29062 -->
|
|
When using <code>go</code> <code>test</code>, a test that
|
|
calls <code>os.Exit(0)</code> during execution of a test function
|
|
will now be considered to fail.
|
|
This will help catch cases in which a test calls code that calls
|
|
<code>os.Exit(0)</code> and thereby stops running all future tests.
|
|
If a <code>TestMain</code> function calls <code>os.Exit(0)</code>
|
|
that is still considered to be a passing test.
|
|
</p>
|
|
|
|
<p><!-- golang.org/issue/37519 -->
|
|
The <code>go</code> <code>get</code> <code>-insecure</code> flag is
|
|
deprecated and will be removed in a future version. This flag permits
|
|
fetching from repositories and resolving custom domains using insecure
|
|
schemes such as HTTP, and also bypassess module sum validation using the
|
|
checksum database. To permit the use of insecure schemes, use the
|
|
<code>GOINSECURE</code> environment variable instead. To bypass module
|
|
sum validation, use <code>GOPRIVATE</code> or <code>GONOSUMDB</code>.
|
|
See <code>go</code> <code>help</code> <code>environment</code> for details.
|
|
</p>
|
|
|
|
<h4 id="all-pattern">The <code>all</code> pattern</h4>
|
|
|
|
<p><!-- golang.org/cl/240623 -->
|
|
When the main module's <code>go.mod</code> file
|
|
declares <code>go</code> <code>1.16</code> or higher, the <code>all</code>
|
|
package pattern now matches only those packages that are transitively imported
|
|
by a package or test found in the main module. (Packages imported by <em>tests
|
|
of</em> packages imported by the main module are no longer included.) This is
|
|
the same set of packages retained
|
|
by <code>go</code> <code>mod</code> <code>vendor</code> since Go 1.11.
|
|
</p>
|
|
|
|
<h3 id="cgo">Cgo</h3>
|
|
|
|
<p> <!-- CL 252378 -->
|
|
The <a href="/cmd/cgo">cgo</a> tool will no longer try to translate
|
|
C struct bitfields into Go struct fields, even if their size can be
|
|
represented in Go. The order in which C bitfields appear in memory
|
|
is implementation dependent, so in some cases the cgo tool produced
|
|
results that were silently incorrect.
|
|
</p>
|
|
|
|
<p>
|
|
TODO
|
|
</p>
|
|
|
|
<h2 id="runtime">Runtime</h2>
|
|
|
|
<p>
|
|
TODO
|
|
</p>
|
|
|
|
<h2 id="compiler">Compiler</h2>
|
|
|
|
<p>
|
|
TODO
|
|
</p>
|
|
|
|
<h2 id="linker">Linker</h2>
|
|
|
|
<p>
|
|
This release includes additional improvements to the Go linker,
|
|
reducing linker resource usage (both time and memory) and improving
|
|
code robustness/maintainability. These changes form the second half
|
|
of a two-release project to
|
|
<a href="https://golang.org/s/better-linker">modernize the Go
|
|
linker</a>.
|
|
</p>
|
|
|
|
<p>
|
|
The linker changes in 1.16 extend the 1.15 improvements to all
|
|
supported architecture/OS combinations (the 1.15 performance improvements
|
|
were primarily focused on <code>ELF</code>-based OSes and
|
|
<code>amd64</code> architectures). For a representative set of
|
|
large Go programs, linking is 20-35% faster than 1.15 and requires
|
|
5-15% less memory on average for <code>linux/amd64</code>, with larger
|
|
improvements for other architectures and OSes.
|
|
</p>
|
|
|
|
<p>
|
|
TODO: update with final numbers later in the release.
|
|
</p>
|
|
|
|
<!-- CL 255259: https://golang.org/cl/255259: cmd/link: enable ASLR on windows binaries built with -buildmode=c-shared -->
|
|
|
|
<h2 id="library">Core library</h2>
|
|
|
|
<p>
|
|
TODO
|
|
</p>
|
|
|
|
<h3 id="crypto/tls"><a href="/pkg/crypto/tls">crypto/tls</a></h3>
|
|
|
|
<p><!-- CL 256897 -->
|
|
I/O operations on closing or closed TLS connections can now be detected using
|
|
the new <a href="/pkg/net/#ErrClosed">ErrClosed</a> error. A typical use
|
|
would be <code>errors.Is(err, net.ErrClosed)</code>. In earlier releases
|
|
the only way to reliably detect this case was to match the string returned
|
|
by the <code>Error</code> method with <code>"tls: use of closed connection"</code>.
|
|
</p>
|
|
|
|
<h3 id="crypto/x509"><a href="/pkg/crypto/x509">crypto/x509</a></h3>
|
|
|
|
<p><!-- CL 235078 -->
|
|
<a href="/pkg/crypto/x509/#ParseCertificate">ParseCertificate</a> and
|
|
<a href="/pkg/crypto/x509/#CreateCertificate">CreateCertificate</a> both
|
|
now enforce string encoding restrictions for the fields <code>DNSNames</code>,
|
|
<code>EmailAddresses</code>, and <code>URIs</code>. These fields can only
|
|
contain strings with characters within the ASCII range.
|
|
</p>
|
|
|
|
<p><!-- CL 259697 -->
|
|
<a href="/pkg/crypto/x509/#CreateCertificate">CreateCertificate</a> now
|
|
verifies the generated certificate's signature using the signer's
|
|
public key. If the signature is invalid, an error is returned, instead
|
|
of a malformed certificate.
|
|
</p>
|
|
|
|
<h3 id="net"><a href="/pkg/net/">net</a></h3>
|
|
|
|
<p><!-- CL 250357 -->
|
|
The case of I/O on a closed network connection, or I/O on a network
|
|
connection that is closed before any of the I/O completes, can now
|
|
be detected using the new <a href="/pkg/net/#ErrClosed">ErrClosed</a> error.
|
|
A typical use would be <code>errors.Is(err, net.ErrClosed)</code>.
|
|
In earlier releases the only way to reliably detect this case was to
|
|
match the string returned by the <code>Error</code> method
|
|
with <code>"use of closed network connection"</code>.
|
|
</p>
|
|
|
|
<h3 id="reflect"><a href="/pkg/reflect/">reflect</a></h3>
|
|
|
|
<p><!-- CL 259237, golang.org/issue/22075 -->
|
|
For interface types and values, <a href="/pkg/reflect/#Value.Method">Method</a>,
|
|
<a href="/pkg/reflect/#Value.MethodByName">MethodByName</a>, and
|
|
<a href="/pkg/reflect/#Value.NumMethod">NumMethod</a> now
|
|
operate on the interface's exported method set, rather than its full method set.
|
|
</p>
|
|
|
|
<h3 id="text/template/parse"><a href="/pkg/text/template/parse/">text/template/parse</a></h3>
|
|
|
|
<p><!-- CL 229398, golang.org/issue/34652 -->
|
|
A new <a href="/pkg/text/template/parse/#CommentNode"><code>CommentNode</code></a>
|
|
was added to the parse tree. The <a href="/pkg/text/template/parse/#Mode"><code>Mode</code></a>
|
|
field in the <code>parse.Tree</code> enables access to it.
|
|
</p>
|
|
<!-- text/template/parse -->
|
|
|
|
<h3 id="unicode"><a href="/pkg/unicode/">unicode</a></h3>
|
|
|
|
<p><!-- CL 248765 -->
|
|
The <a href="/pkg/unicode/"><code>unicode</code></a> package and associated
|
|
support throughout the system has been upgraded from Unicode 12.0.0 to
|
|
<a href="https://www.unicode.org/versions/Unicode13.0.0/">Unicode 13.0.0</a>,
|
|
which adds 5,930 new characters, including four new scripts, and 55 new emoji.
|
|
Unicode 13.0.0 also designates plane 3 (U+30000-U+3FFFF) as the tertiary
|
|
ideographic plane.
|
|
</p>
|
|
|
|
<h3 id="minor_library_changes">Minor changes to the library</h3>
|
|
|
|
<p>
|
|
As always, there are various minor changes and updates to the library,
|
|
made with the Go 1 <a href="/doc/go1compat">promise of compatibility</a>
|
|
in mind.
|
|
</p>
|
|
|
|
<p>
|
|
TODO
|
|
</p>
|
|
|
|
<dl id="crypto/dsa"><dt><a href="/pkg/crypto/dsa/">crypto/dsa</a></dt>
|
|
<dd>
|
|
<p><!-- CL 257939 -->
|
|
The <a href="/pkg/crypto/dsa/"><code>crypto/dsa</code></a> package is now deprecated.
|
|
See <a href="https://golang.org/issue/40337">issue #40337</a>.
|
|
</p>
|
|
</dd>
|
|
</dl><!-- crypto/dsa -->
|
|
|
|
<dl id="crypto/x509"><dt><a href="/pkg/crypto/x509/">crypto/x509</a></dt>
|
|
<dd>
|
|
<p><!-- CL 257939 -->
|
|
DSA signature verification is no longer supported. Note that DSA signature
|
|
generation was never supported.
|
|
See <a href="https://golang.org/issue/40337">issue #40337</a>.
|
|
</p>
|
|
</dd>
|
|
</dl><!-- crypto/x509 -->
|
|
|
|
<dl id="net/http"><dt><a href="/pkg/net/http/">net/http</a></dt>
|
|
<dd>
|
|
<p><!-- CL 233637 -->
|
|
In the <a href="/pkg/net/http/"><code>net/http</code></a> package, the
|
|
behavior of <a href="/pkg/net/http/#StripPrefix"><code>StripPrefix</code></a>
|
|
has been changed to strip the prefix from the request URL's
|
|
<code>RawPath</code> field in addition to its <code>Path</code> field.
|
|
In past releases, only the <code>Path</code> field was trimmed, and so if the
|
|
request URL contained any escaped characters the URL would be modified to
|
|
have mismatched <code>Path</code> and <code>RawPath</code> fields.
|
|
In Go 1.16, <code>StripPrefix</code> trims both fields.
|
|
If there are escaped characters in the prefix part of the request URL the
|
|
handler serves a 404 instead of its previous behavior of invoking the
|
|
underlying handler with a mismatched <code>Path</code>/<code>RawPath</code> pair.
|
|
</p>
|
|
|
|
<p><!-- CL 252497 -->
|
|
The <a href="/pkg/net/http/"><code>net/http</code></a> package now rejects HTTP range requests
|
|
of the form <code>"Range": "bytes=--N"</code> where <code>"-N"</code> is a negative suffix length, for
|
|
example <code>"Range": "bytes=--2"</code>. It now replies with a <code>416 "Range Not Satisfiable"</code> response.
|
|
</p>
|
|
|
|
<p><!-- CL 256498, golang.org/issue/36990 -->
|
|
Cookies set with <code>SameSiteDefaultMode</code> now behave according to the current
|
|
spec (no attribute is set) instead of generating a SameSite key without a value.
|
|
</p>
|
|
</dd>
|
|
</dl><!-- net/http -->
|
|
|
|
<dl id="runtime/debug"><dt><a href="/pkg/runtime/debug/">runtime/debug</a></dt>
|
|
<dd>
|
|
<p><!-- CL 249677 -->
|
|
TODO: <a href="https://golang.org/cl/249677">https://golang.org/cl/249677</a>: provide Addr method for errors from SetPanicOnFault
|
|
</p>
|
|
</dd>
|
|
</dl><!-- runtime/debug -->
|