1
0
mirror of https://github.com/golang/go synced 2024-11-17 03:54:48 -07:00
go/doc/go1.19.html
Filippo Valsorda 850d547d2d doc/go1.19: expand crypto release notes
Not included are the following changes that were backported to Go 1.18
minor releases.

bb1f441618 crypto/rand: properly handle large Read on windows
35998c0109 crypto/x509: only disable SHA-1 verification for certificates
0fca8a8f25 crypto/x509: fix Certificate.Verify crash
fe4de36198 crypto/tls: randomly generate ticket_age_add
37065847d8 crypto/elliptic: tolerate zero-padded scalars in generic P-256
9a53b472b5 crypto/x509: properly handle issuerUniqueID and subjectUniqueID

The following are the benchmarks to back up the 3x speedup claim in the
crypto/elliptic notes.

name                    old time/op    new time/op    delta
pkg:crypto/elliptic goos:darwin goarch:arm64
ScalarBaseMult/P256-8   18.3µs ± 0%    18.2µs ± 0%      -0.56%  (p=0.000 n=10+10)
ScalarBaseMult/P224-8    233µs ± 0%      74µs ± 0%     -68.09%  (p=0.000 n=9+10)
ScalarBaseMult/P384-8    805µs ± 0%     236µs ± 0%     -70.73%  (p=0.000 n=8+10)
ScalarBaseMult/P521-8   2.50ms ± 0%    0.68ms ± 0%     -72.63%  (p=0.000 n=10+8)
ScalarMult/P256-8       68.4µs ± 0%    68.6µs ± 0%      +0.26%  (p=0.000 n=10+10)
ScalarMult/P224-8        234µs ± 0%     231µs ± 0%      -1.18%  (p=0.000 n=10+8)
ScalarMult/P384-8        805µs ± 0%     805µs ± 0%        ~     (p=0.211 n=9+10)
ScalarMult/P521-8       2.50ms ± 0%    2.49ms ± 0%      -0.69%  (p=0.000 n=10+10)
pkg:crypto/ecdsa goos:darwin goarch:arm64
Sign/P256-8             31.9µs ± 1%    31.7µs ± 0%      -0.64%  (p=0.001 n=10+10)
Sign/P224-8              264µs ± 0%     106µs ± 0%     -60.09%  (p=0.000 n=10+10)
Sign/P384-8              884µs ± 0%     313µs ± 0%     -64.53%  (p=0.000 n=9+10)
Sign/P521-8             2.64ms ± 0%    0.84ms ± 0%     -68.13%  (p=0.000 n=9+9)
Verify/P256-8           91.6µs ± 0%    91.7µs ± 0%        ~     (p=0.052 n=10+10)
Verify/P224-8            486µs ± 0%     300µs ± 0%     -38.15%  (p=0.000 n=9+9)
Verify/P384-8           1.66ms ± 0%    1.01ms ± 0%     -39.12%  (p=0.000 n=10+9)
Verify/P521-8           5.12ms ± 1%    3.06ms ± 0%     -40.27%  (p=0.000 n=10+10)
GenerateKey/P256-8      19.6µs ± 0%    19.4µs ± 0%      -0.79%  (p=0.000 n=10+10)
GenerateKey/P224-8       235µs ± 0%      76µs ± 1%     -67.45%  (p=0.000 n=8+10)
GenerateKey/P384-8       807µs ± 0%     239µs ± 0%     -70.43%  (p=0.000 n=9+10)
GenerateKey/P521-8      2.49ms ± 0%    0.69ms ± 0%     -72.36%  (p=0.000 n=9+10)

Change-Id: I7fb2db3aea4aac785a48d45fff7a32909f3b578c
Reviewed-on: https://go-review.googlesource.com/c/go/+/419355
Reviewed-by: Roland Shoemaker <roland@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Run-TryBot: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
2022-07-25 15:48:03 +00:00

985 lines
43 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!--{
"Title": "Go 1.19 Release Notes",
"Path": "/doc/go1.19"
}-->
<!--
NOTE: In this document and others in this directory, the convention is to
set fixed-width phrases with non-fixed-width spaces, as in
<code>hello</code> <code>world</code>.
Do not send CLs removing the interior tags from such phrases.
-->
<style>
main ul li { margin: 0.5em 0; }
</style>
<h2 id="introduction">DRAFT RELEASE NOTES — Introduction to Go 1.19</h2>
<p>
<strong>
Go 1.19 is not yet released. These are work-in-progress
release notes. Go 1.19 is expected to be released in August 2022.
</strong>
</p>
<h2 id="language">Changes to the language</h2>
<p><!-- https://go.dev/issue/52038 -->
There is only one small change to the language,
a <a href="https://github.com/golang/go/issues/52038">very small correction</a>
to the <a href="/ref/spec#Declarations_and_scope">scope of type parameters in method declarations</a>.
Existing programs are unaffected.
</p>
<h2 id="mem">Memory Model</h2>
<p><!-- https://go.dev/issue/50859 -->
The <a href="/ref/mem">Go memory model</a> has been revised to align Go with
the memory model used by C, C++, Java, JavaScript, Rust, and Swift.
Go only provides sequentially consistent atomics, not any of the more relaxed forms found in other languages.
Along with the memory model update,
Go 1.19 introduces <a href="#atomic_types">new types in the <code>sync/atomic</code> package</a>
that make it easier to use atomic values, such as
<a href="/pkg/sync/atomic/#Int64">atomic.Int64</a>
and
<a href="/pkg/sync/atomic/#Pointer">atomic.Pointer[T]</a>.
</p>
<h2 id="ports">Ports</h2>
<h3 id="loong64">Loongson 64-bit</h3>
<p><!-- https://go.dev/issue/46229 -->
Go 1.19 adds support for the Loongson 64-bit architecture LoongArch
on Linux (<code>GOOS=linux</code>, <code>GOARCH=loong64</code>).
</p>
<h3 id="riscv64">RISC-V</h3>
<p><!-- CL 402374 -->
The <code>riscv64</code> port now supports passing function arguments
and result using registers. Benchmarking shows typical performance
improvements of 10% or more on <code>riscv64</code>.
</p>
<h2 id="tools">Tools</h2>
<h3 id="go-doc">Doc Comments</h3>
<p><!-- https://go.dev/issue/51082 --><!-- CL 384265, CL 397276, CL 397278, CL 397279, CL 397281, CL 397284 -->
Go 1.19 adds support for links, lists, and clearer headings in doc comments.
As part of this change, <a href="/cmd/gofmt"><code>gofmt</code></a>
now reformats doc comments to make their rendered meaning clearer.
See “<a href="/doc/comment">Go Doc Comments</a>
for syntax details and descriptions of common mistakes now highlighted by <code>gofmt</code>.
As another part of this change, the new package <a href="/pkg/go/doc/comment">go/doc/comment</a>
provides parsing and reformatting of doc comments
as well as support for rendering them to HTML, Markdown, and text.
</p>
<h3 id="go-unix">New <code>unix</code> build constraint</h3>
<p><!-- CL 389934 --><!-- https://go.dev/issue/20322 --><!-- https://go.dev/issue/51572 -->
The build constraint <code>unix</code> is now recognized
in <code>//go:build</code> lines. The constraint is satisfied
if the target operating system, also known as <code>GOOS</code>, is
a Unix or Unix-like system. For the 1.19 release it is satisfied
if <code>GOOS</code> is one of
<code>aix</code>, <code>android</code>, <code>darwin</code>,
<code>dragonfly</code>, <code>freebsd</code>, <code>hurd</code>,
<code>illumos</code>, <code>ios</code>, <code>linux</code>,
<code>netbsd</code>, <code>openbsd</code>, or <code>solaris</code>.
In future releases the <code>unix</code> constraint may match
additional newly supported operating systems.
</p>
<h3 id="go-command">Go command</h3>
<!-- https://go.dev/issue/51461 -->
<p>
The <code>-trimpath</code> flag, if set, is now included in the build settings
stamped into Go binaries by <code>go</code> <code>build</code>, and can be
examined using
<a href="https://pkg.go.dev/cmd/go#hdr-Print_Go_version"><code>go</code> <code>version</code> <code>-m</code></a>
or <a href="https://pkg.go.dev/runtime/debug#ReadBuildInfo"><code>debug.ReadBuildInfo</code></a>.
</p>
<p>
<code>go</code> <code>generate</code> now sets the <code>GOROOT</code>
environment variable explicitly in the generator's environment, so that
generators can locate the correct <code>GOROOT</code> even if built
with <code>-trimpath</code>.
</p>
<p><!-- CL 404134 -->
<code>go</code> <code>test</code> and <code>go</code> <code>generate</code> now place
<code>GOROOT/bin</code> at the beginning of the <code>PATH</code> used for the
subprocess, so tests and generators that execute the <code>go</code> command
will resolve it to same <code>GOROOT</code>.
</p>
<p><!-- CL 398058 -->
<code>go</code> <code>env</code> now quotes entries that contain spaces in
the <code>CGO_CFLAGS</code>, <code>CGO_CPPFLAGS</code>, <code>CGO_CXXFLAGS</code>, <code>CGO_FFLAGS</code>, <code>CGO_LDFLAGS</code>,
and <code>GOGCCFLAGS</code> variables it reports.
</p>
<p><!-- https://go.dev/issue/29666 -->
<code>go</code> <code>list</code> <code>-json</code> now accepts a
comma-separated list of JSON fields to populate. If a list is specified,
the JSON output will include only those fields, and
<code>go</code> <code>list</code> may avoid work to compute fields that are
not included. In some cases, this may suppress errors that would otherwise
be reported.
</p>
<p><!-- CL 410821 -->
The <code>go</code> command now caches information necessary to load some modules,
which should result in a speed-up of some <code>go</code> <code>list</code> invocations.
</p>
<h3 id="vet">Vet</h3>
<p><!-- https://go.dev/issue/47528 -->
The <code>vet</code> checker “errorsas” now reports when
<a href="/pkg/errors/#As"><code>errors.As</code></a> is called
with a second argument of type <code>*error</code>,
a common mistake.
</p>
<h2 id="runtime">Runtime</h2>
<p><!-- https://go.dev/issue/48409 --><!-- CL 397018 -->
The runtime now includes support for a soft memory limit. This memory limit
includes the Go heap and all other memory managed by the runtime, and
excludes external memory sources such as mappings of the binary itself,
memory managed in other languages, and memory held by the operating system on
behalf of the Go program. This limit may be managed via
<a href="/pkg/runtime/debug/#SetMemoryLimit"><code>runtime/debug.SetMemoryLimit</code></a>
or the equivalent
<a href="/pkg/runtime/#hdr-Environment_Variables"><code>GOMEMLIMIT</code></a>
environment variable. The limit works in conjunction with
<a href="/pkg/runtime/debug/#SetGCPercent"><code>runtime/debug.SetGCPercent</code></a>
/ <a href="/pkg/runtime/#hdr-Environment_Variables"><code>GOGC</code></a>,
and will be respected even if <code>GOGC=off</code>, allowing Go programs to
always make maximal use of their memory limit, improving resource efficiency
in some cases. See <a href="/doc/gc-guide">the GC guide</a> for
a detailed guide explaining the soft memory limit in more detail, as well as
a variety of common use-cases and scenarios. Please note that small memory
limits, on the order of tens of megabytes or less, are less likely to be
respected due to external latency factors, such as OS scheduling. See
<a href="https://go.dev/issue/52433">issue 52433</a> for more details. Larger
memory limits, on the order of hundreds of megabytes or more, are stable and
production-ready.
</p>
<p><!-- CL 353989 -->
In order to limit the effects of GC thrashing when the program's live heap
size approaches the soft memory limit, the Go runtime also attempts to limit
total GC CPU utilization to 50%, excluding idle time, choosing to use more
memory over preventing application progress. In practice, we expect this limit
to only play a role in exceptional cases, and the new
<a href="/pkg/runtime/metrics/#hdr-Supported_metrics">runtime metric</a>
<code>/gc/limiter/last-enabled:gc-cycle</code> reports when this last
occurred.
</p>
<p><!-- https://go.dev/issue/44163 -->
The runtime now schedules many fewer GC worker goroutines on idle operating
system threads when the application is idle enough to force a periodic GC
cycle.
</p>
<p><!-- https://go.dev/issue/18138 --><!-- CL 345889 -->
The runtime will now allocate initial goroutine stacks based on the historic
average stack usage of goroutines. This avoids some of the early stack growth
and copying needed in the average case in exchange for at most 2x wasted
space on below-average goroutines.
</p>
<p><!-- https://go.dev/issue/46279 --><!-- CL 393354 --><!-- CL 392415 -->
On Unix operating systems, Go programs that import package
<a href="/pkg/os/">os</a> now automatically increase the open file limit
(<code>RLIMIT_NOFILE</code>) to the maximum allowed value;
that is, they change the soft limit to match the hard limit.
This corrects artificially low limits set on some systems for compatibility with very old C programs using the
<a href="https://en.wikipedia.org/wiki/Select_(Unix)"><i>select</i></a> system call.
Go programs are not helped by that limit, and instead even simple programs like <code>gofmt</code>
often ran out of file descriptors on such systems when processing many files in parallel.
One impact of this change is that Go programs that in turn execute very old C programs in child processes
may run those programs with too high a limit.
This can be corrected by setting the hard limit before invoking the Go program.
</p>
<p><!-- https://go.dev/issue/51485 --><!-- CL 390421 -->
Unrecoverable fatal errors (such as concurrent map writes, or unlock of
unlocked mutexes) now print a simpler traceback excluding runtime metadata
(equivalent to a fatal panic) unless <code>GOTRACEBACK=system</code> or
<code>crash</code>. Runtime-internal fatal error tracebacks always include
full metadata regardless of the value of <code>GOTRACEBACK</code>
</p>
<p><!-- https://go.dev/issue/50614 --><!-- CL 395754 -->
Support for debugger-injected function calls has been added on ARM64,
enabling users to call functions from their binary in an interactive
debugging session when using a debugger that is updated to make use of this
functionality.
</p>
<p><!-- https://go.dev/issue/44853 -->
The <a href="/doc/go1.18#go-build-asan">address sanitizer support added in Go 1.18</a>
now handles function arguments and global variables more precisely.
</p>
<h2 id="compiler">Compiler</h2>
<p><!-- https://go.dev/issue/5496 --><!-- CL 357330, 395714, 403979 -->
The compiler now uses
a <a href="https://en.wikipedia.org/wiki/Branch_table">jump
table</a> to implement large integer and string switch statements.
Performance improvements for the switch statement vary but can be
on the order of 20% faster.
(<code>GOARCH=amd64</code> and <code>GOARCH=arm64</code> only)
</p>
<p><!-- CL 391014 -->
The Go compiler now requires the <code>-p=importpath</code> flag to
build a linkable object file. This is already supplied by
the <code>go</code> command and by Bazel. Any other build systems
that invoke the Go compiler directly will need to make sure they
pass this flag as well.
</p>
<h2 id="assembler">Assembler</h2>
<p><!-- CL 404298 -->
Like the compiler, the assembler now requires the
<code>-p=importpath</code> flag to build a linkable object file.
This is already supplied by the <code>go</code> command. Any other
build systems that invoke the Go assembler directly will need to
make sure they pass this flag as well.
</p>
<h2 id="linker">Linker</h2>
<p><!-- https://go.dev/issue/50796, CL 380755 -->
On ELF platforms, the linker now emits compressed DWARF sections in
the standard gABI format (<code>SHF_COMPRESSED</code>), instead of
the legacy <code>.zdebug</code> format.
</p>
<h2 id="library">Core library</h2>
<h3 id="atomic_types">New atomic types</h3>
<p><!-- https://go.dev/issue/50860 --><!-- CL 381317 -->
The <a href="/pkg/sync/atomic/"><code>sync/atomic</code></a> package defines new atomic types
<a href="/pkg/sync/atomic/#Bool"><code>Bool</code></a>,
<a href="/pkg/sync/atomic/#Int32"><code>Int32</code></a>,
<a href="/pkg/sync/atomic/#Int64"><code>Int64</code></a>,
<a href="/pkg/sync/atomic/#Uint32"><code>Uint32</code></a>,
<a href="/pkg/sync/atomic/#Uint64"><code>Uint64</code></a>,
<a href="/pkg/sync/atomic/#Uintptr"><code>Uintptr</code></a>, and
<a href="/pkg/sync/atomic/#Pointer"><code>Pointer</code></a>.
These types hide the underlying values so that all accesses are forced to use
the atomic APIs.
<a href="/pkg/sync/atomic/#Pointer"><code>Pointer</code></a> also avoids
the need to convert to
<a href="/pkg/unsafe/#Pointer"><code>unsafe.Pointer</code></a> at call sites.
<a href="/pkg/sync/atomic/#Int64"><code>Int64</code></a> and
<a href="/pkg/sync/atomic/#Uint64"><code>Uint64</code></a> are
automatically aligned to 64-bit boundaries in structs and allocated data,
even on 32-bit systems.
</p>
<h3 id="os-exec-path">PATH lookups</h3>
<p><!-- https://go.dev/issue/43724 -->
<!-- CL 381374 --><!-- CL 403274 -->
<a href="/pkg/os/exec/#Command"><code>Command</code></a> and
<a href="/pkg/os/exec/#LookPath"><code>LookPath</code></a> no longer
allow results from a PATH search to be found relative to the current directory.
This removes a <a href="/blog/path-security">common source of security problems</a>
but may also break existing programs that depend on using, say, <code>exec.Command("prog")</code>
to run a binary named <code>prog</code> (or, on Windows, <code>prog.exe</code>) in the current directory.
See the <a href="/pkg/os/exec/"><code>os/exec</code></a> package documentation for
information about how best to update such programs.
</p>
<p><!-- https://go.dev/issue/43947 -->
On Windows, <code>Command</code> and <code>LookPath</code> now respect the
<a href="https://docs.microsoft.com/en-us/windows/win32/api/processenv/nf-processenv-needcurrentdirectoryforexepatha"><code>NoDefaultCurrentDirectoryInExePath</code></a>
environment variable, making it possible to disable
the default implicit search of “<code>.</code>” in PATH lookups on Windows systems.
</p>
<h3 id="minor_library_changes">Minor changes to the library</h3>
<p>
As always, there are various minor changes and updates to the library,
made with the Go 1 <a href="/doc/go1compat">promise of compatibility</a>
in mind.
There are also various performance improvements, not enumerated here.
</p>
<dl id="archive/zip"><dt><a href="/pkg/archive/zip/">archive/zip</a></dt>
<dd>
<p><!-- CL 387976 -->
<a href="/pkg/archive/zip/#Reader"><code>Reader</code></a>
now ignores non-ZIP data at the start of a ZIP file, matching most other implementations.
This is necessary to read some Java JAR files, among other uses.
</p>
</dd>
</dl><!-- archive/zip -->
<dl id="crypto/elliptic"><dt><a href="/pkg/crypto/elliptic/">crypto/elliptic</a></dt>
<dd>
<p><!-- CL 382995 -->
Operating on invalid curve points (those for which the
<code>IsOnCurve</code> method returns false, and which are never returned
by <code>Unmarshal</code> or by a <code>Curve</code> method operating on a
valid point) has always been undefined behavior and can lead to key
recovery attacks. If an invalid point is supplied to
<a href="/pkg/crypto/elliptic/#Marshal"><code>Marshal</code></a>,
<a href="/pkg/crypto/elliptic/#MarshalCompressed"><code>MarshalCompressed</code></a>,
<a href="/pkg/crypto/elliptic/#Curve.Add"><code>Add</code></a>,
<a href="/pkg/crypto/elliptic/#Curve.Double"><code>Double</code></a>, or
<a href="/pkg/crypto/elliptic/#Curve.ScalarMult"><code>ScalarMult</code></a>,
they will now panic.
</p>
<p><!-- golang.org/issue/52182 -->
<code>ScalarBaseMult</code> operations on the <code>P224</code>,
<code>P384</code>, and <code>P521</code> curves are now up to three
times faster, leading to similar speedups in some ECDSA operations. The
generic (not platform optimized) <code>P256</code> implementation was
replaced with one derived from a formally verified model; this might
lead to significant slowdowns on 32-bit platforms.
</p>
</dd>
</dl><!-- crypto/elliptic -->
<dl id="crypto/rand"><dt><a href="/pkg/crypto/rand/">crypto/rand</a></dt>
<dd>
<p><!-- CL 370894 --><!-- CL 390038 -->
<a href="/pkg/crypto/rand/#Read"><code>Read</code></a> no longer buffers
random data obtained from the operating system between calls. Applications
that perform many small reads at high frequency might choose to wrap
<a href="/pkg/crypto/rand/#Reader"><code>Reader</code></a> in a
<a href="/pkg/bufio/#Reader"><code>bufio.Reader</code></a> for performance
reasons, taking care to use
<a href="/pkg/io/#ReadFull"><code>io.ReadFull</code></a>
to ensure no partial reads occur.
</p>
<p><!-- CL 375215 -->
On Plan 9, <code>Read</code> has been reimplemented, replacing the ANSI
X9.31 algorithm with a fast key erasure generator.
</p>
<p><!-- CL 391554 --><!-- CL 387554 -->
The <a href="/pkg/crypto/rand/#Prime"><code>Prime</code></a>
implementation was simplified. This will lead to different outputs for the
same random stream compared to the previous implementation. The internals
of <code>Prime</code> are not stable, should not be relied upon not to
change, and the output is now intentionally non-deterministic with respect
to the input stream.
</p>
</dd>
</dl><!-- crypto/rand -->
<dl id="crypto/tls"><dt><a href="/pkg/crypto/tls/">crypto/tls</a></dt>
<dd>
<p><!-- CL 400974 --><!-- https://go.dev/issue/45428 -->
The <code>tls10default</code> <code>GODEBUG</code> option has been
removed. It is still possible to enable TLS 1.0 client-side by setting
<a href="/pkg/crypto/tls#Config.MinVersion"><code>Config.MinVersion</code></a>.
</p>
<p><!-- CL 384894 -->
The TLS server and client now reject duplicate extensions in TLS
handshakes, as required by RFC 5246, Section 7.4.1.4 and RFC 8446, Section
4.2.
</p>
</dd>
</dl><!-- crypto/tls -->
<dl id="crypto/x509"><dt><a href="/pkg/crypto/x509/">crypto/x509</a></dt>
<dd>
<p><!-- CL 285872 -->
<a href="/pkg/crypto/x509/#CreateCertificate"><code>CreateCertificate</code></a>
no longer supports creating certificates with <code>SignatureAlgorithm</code>
set to <code>MD5WithRSA</code>.
</p>
<p><!-- CL 400494 -->
<code>CreateCertificate</code> no longer accepts negative serial numbers.
</p>
<p><!-- CL 399827 -->
<code>CreateCertificate</code> will not emit an empty SEQUENCE anymore
when the produced certificate has no extensions.
</p>
<p><!-- CL 396774 -->
Removal of the <code>x509sha1=1</code> <code>GODEBUG</code> option,
originally planned for Go 1.19, has been rescheduled to a future release.
Applications using it should work on migrating. Practical attacks against
SHA-1 have been demonstrated since 2017 and publicly trusted Certificate
Authorities have not issued SHA-1 certificates since 2015.
</p>
<p><!-- CL 383215 -->
<a href="/pkg/crypto/x509/#ParseCertificate"><code>ParseCertificate</code></a>
and <a href="/pkg/crypto/x509/#ParseCertificateRequest"><code>ParseCertificateRequest</code></a>
now reject certificates and CSRs which contain duplicate extensions.
</p>
<p><!-- https://go.dev/issue/46057 --><!-- https://go.dev/issue/35044 --><!-- CL 398237 --><!-- CL 400175 --><!-- CL 388915 -->
The new <a href="/pkg/crypto/x509/#CertPool.Clone"><code>CertPool.Clone</code></a>
and <a href="/pkg/crypto/x509/#CertPool.Equal"><code>CertPool.Equal</code></a>
methods allow cloning a <code>CertPool</code> and checking the equivalence of two
<code>CertPool</code>s respectively.
</p>
<p><!-- https://go.dev/issue/50674 --><!-- CL 390834 -->
The new function <a href="/pkg/crypto/x509/#ParseRevocationList"><code>ParseRevocationList</code></a>
provides a faster, safer to use CRL parser which returns a
<a href="/pkg/crypto/x509/#RevocationList"><code>RevocationList</code></a>.
Parsing a CRL also populates the new <code>RevocationList</code> fields
<code>RawIssuer</code>, <code>Signature</code>,
<code>AuthorityKeyId</code>, and <code>Extensions</code>, which are ignored by
<a href="/pkg/crypto/x509/#CreateRevocationList"><code>CreateRevocationList</code></a>.
</p><p>
The new method <a href="/pkg/crypto/x509/#RevocationList.CheckSignatureFrom"><code>RevocationList.CheckSignatureFrom</code></a>
checks that the signature on a CRL is a valid signature from a
<a href="/pkg/crypto/x509/#Certificate"><code>Certificate</code></a>.
</p><p>
The <a href="/pkg/crypto/x509/#ParseCRL"><code>ParseCRL</code></a> and
<a href="/pkg/crypto/x509/#ParseDERCRL"><code>ParseDERCRL</code></a> functions
are now deprecated in favor of <code>ParseRevocationList</code>.
The <a href="/pkg/crypto/x509#Certificate.CheckCRLSignature"><code>Certificate.CheckCRLSignature</code></a>
method is deprecated in favor of <code>RevocationList.CheckSignatureFrom</code>.
</p>
<p><!-- CL 389555, CL 401115, CL 403554 -->
The path builder of <a href="/pkg/crypto/x509/#Certificate.Verify"><code>Certificate.Verify</code></a>
was overhauled and should now produce better chains and/or be more efficient in complicated scenarios.
Name constraints are now also enforced on non-leaf certificates.
</p>
</dd>
</dl><!-- crypto/x509 -->
<dl id="crypto/x509/pkix"><dt><a href="/pkg/crypto/x509/pkix">crypto/x509/pkix</a></dt>
<dd>
<p><!-- CL 390834 -->
The types <a href="/pkg/crypto/x509/pkix#CertificateList"><code>CertificateList</code></a> and
<a href="/pkg/crypto/x509/pkix#TBSCertificateList"><code>TBSCertificateList</code></a>
have been deprecated. The new <a href="#crypto/x509"><code>crypto/x509</code> CRL functionality</a>
should be used instead.
</p>
</dd>
</dl><!-- crypto/x509/pkix -->
<dl id="debug"><dt><a href="/pkg/debug/">debug</a></dt>
<dd>
<p><!-- CL 396735 -->
The new <code>EM_LONGARCH</code> and <code>R_LARCH_*</code> constants
support the loong64 port.
</p>
</dd>
</dl><!-- debug -->
<dl id="debug/pe"><dt><a href="/pkg/debug/pe/">debug/pe</a></dt>
<dd>
<p><!-- https://go.dev/issue/51868 --><!-- CL 394534 -->
The new <a href="/pkg/debug/pe/#File.COFFSymbolReadSectionDefAux"><code>File.COFFSymbolReadSectionDefAux</code></a>
method, which returns a <a href="/pkg/debug/pe/#COFFSymbolAuxFormat5"><code>COFFSymbolAuxFormat5</code></a>,
provides access to COMDAT information in PE file sections.
These are supported by new <code>IMAGE_COMDAT_*</code> and <code>IMAGE_SCN_*</code> constants.
</p>
</dd>
</dl><!-- debug/pe -->
<dl id="encoding/binary"><dt><a href="/pkg/encoding/binary/">encoding/binary</a></dt>
<dd>
<p><!-- https://go.dev/issue/50601 --><!-- CL 386017 --><!-- CL 389636 -->
The new interface
<a href="/pkg/encoding/binary/#AppendByteOrder"><code>AppendByteOrder</code></a>
provides efficient methods for appending a <code>uint16</code>, <code>uint32</code>, or <code>uint64</code>
to a byte slice.
<a href="/pkg/encoding/binary/#BigEndian"><code>BigEndian</code></a> and
<a href="/pkg/encoding/binary/#LittleEndian"><code>LittleEndian</code></a> now implement this interface.
</p>
<p><!-- https://go.dev/issue/51644 --><!-- CL 400176 -->
Similarly, the new functions
<a href="/pkg/encoding/binary/#AppendUvarint"><code>AppendUvarint</code></a> and
<a href="/pkg/encoding/binary/#AppendVarint"><code>AppendVarint</code></a>
are efficient appending versions of
<a href="/pkg/encoding/binary/#PutUvarint"><code>PutUvarint</code></a> and
<a href="/pkg/encoding/binary/#PutVarint"><code>PutVarint</code></a>.
</p>
</dd>
</dl><!-- encoding/binary -->
<dl id="encoding/csv"><dt><a href="/pkg/encoding/csv/">encoding/csv</a></dt>
<dd>
<p><!-- https://go.dev/issue/43401 --><!-- CL 405675 -->
The new method
<a href="/pkg/encoding/csv/#Reader.InputOffset"><code>Reader.InputOffset</code></a>
reports the reader's current input position as a byte offset,
analogous to <code>encoding/json</code>'s
<a href="/pkg/encoding/json/#Decoder.InputOffset"><code>Decoder.InputOffset</code></a>.
</p>
</dd>
</dl><!-- encoding/csv -->
<dl id="encoding/xml"><dt><a href="/pkg/encoding/xml/">encoding/xml</a></dt>
<dd>
<p><!-- https://go.dev/issue/45628 --><!-- CL 311270 -->
The new method
<a href="/pkg/encoding/xml/#Decoder.InputPos"><code>Decoder.InputPos</code></a>
reports the reader's current input position as a line and column,
analogous to <code>encoding/csv</code>'s
<a href="/pkg/encoding/csv/#Decoder.FieldPos"><code>Decoder.FieldPos</code></a>.
</p>
</dd>
</dl><!-- encoding/xml -->
<dl id="flag"><dt><a href="/pkg/flag/">flag</a></dt>
<dd>
<p><!-- https://go.dev/issue/45754 --><!-- CL 313329 -->
The new function
<a href="/pkg/flag/#TextVar"><code>TextVar</code></a>
defines a flag with a value implementing
<a href="/pkg/encoding/#TextUnmarshaler"><code>encoding.TextUnmarshaler</code></a>,
allowing command-line flag variables to have types such as
<a href="/pkg/math/big/#Int"><code>big.Int</code></a>,
<a href="/pkg/net/netip/#Addr"><code>netip.Addr</code></a>, and
<a href="/pkg/time/#Time"><code>time.Time</code></a>.
</p>
</dd>
</dl><!-- flag -->
<dl id="fmt"><dt><a href="/pkg/fmt/">fmt</a></dt>
<dd>
<p><!-- https://go.dev/issue/47579 --><!-- CL 406177 -->
The new functions
<a href="/pkg/fmt/#Append"><code>Append</code></a>,
<a href="/pkg/fmt/#Appendf"><code>Appendf</code></a>, and
<a href="/pkg/fmt/#Appendln"><code>Appendln</code></a>
append formatted data to byte slices.
</p>
</dd>
</dl><!-- fmt -->
<dl id="go/parser"><dt><a href="/pkg/go/parser/">go/parser</a></dt>
<dd>
<p><!-- CL 403696 -->
The parser now recognizes <code>~x</code> as a unary expression with operator
<a href="/pkg/go/token#TILDE">token.TILDE</a>,
allowing better error recovery when a type constraint such as <code>~int</code> is used in an incorrect context.
</p>
</dd>
</dl><!-- go/parser -->
<dl id="go/types"><dt><a href="/pkg/go/types/">go/types</a></dt>
<dd>
<p><!-- https://go.dev/issue/51682 --><!-- CL 395535 -->
The new methods <a href="/pkg/go/types/#Func.Origin"><code>Func.Origin</code></a>
and <a href="/pkg/go/types/#Var.Origin"><code>Var.Origin</code></a> return the
corresponding <a href="/pkg/go/types/#Object"><code>Object</code></a> of the
generic type for synthetic <a href="/pkg/go/types/#Func"><code>Func</code></a>
and <a href="/pkg/go/types/#Var"><code>Var</code></a> objects created during type
instantiation.
</p>
<p><!-- https://go.dev/issue/52728 --><!-- CL 404885 -->
It is no longer possible to produce an infinite number of distinct-but-identical
<a href="/pkg/go/types/#Named"><code>Named</code></a> type instantiations via
recursive calls to
<a href="/pkg/go/types/#Named.Underlying"><code>Named.Underlying</code></a> or
<a href="/pkg/go/types/#Named.Method"><code>Named.Method</code></a>.
</p>
</dd>
</dl><!-- go/types -->
<dl id="hash/maphash"><dt><a href="/pkg/hash/maphash/">hash/maphash</a></dt>
<dd>
<p><!-- https://go.dev/issue/42710 --><!-- CL 392494 -->
The new functions
<a href="/pkg/hash/maphash/#Bytes"><code>Bytes</code></a>
and
<a href="/pkg/hash/maphash/#String"><code>String</code></a>
provide an efficient way hash a single byte slice or string.
They are equivalent to using the more general
<a href="/pkg/hash/maphash/#Hash"><code>Hash</code></a>
with a single write, but they avoid setup overhead for small inputs.
</p>
</dd>
</dl><!-- hash/maphash -->
<dl id="html/template"><dt><a href="/pkg/html/template/">html/template</a></dt>
<dd>
<p><!-- https://go.dev/issue/46121 --><!-- CL 389156 -->
The type <a href="/pkg/html/template/#FuncMap"><code>FuncMap</code></a>
is now an alias for
<code>text/template</code>'s <a href="/pkg/text/template/#FuncMap"><code>FuncMap</code></a>
instead of its own named type.
This allows writing code that operates on a <code>FuncMap</code> from either setting.
</p>
</dd>
</dl><!-- html/template -->
<dl id="image/draw"><dt><a href="/pkg/image/draw/">image/draw</a></dt>
<dd>
<p><!-- CL 396795 -->
<a href="/pkg/image/draw/#Draw"><code>Draw</code></a> with the
<a href="/pkg/image/draw/#Src"><code>Src</code></a> operator preserves
non-premultiplied-alpha colors when destination and source images are
both <a href="/pkg/image/#NRGBA"><code>image.NRGBA</code></a>
or both <a href="/pkg/image/#NRGBA64"><code>image.NRGBA64</code></a>.
This reverts a behavior change accidentally introduced by a Go 1.18
library optimization; the code now matches the behavior in Go 1.17 and earlier.
</p>
</dd>
</dl><!-- image/draw -->
<dl id="io"><dt><a href="/pkg/io/">io</a></dt>
<dd>
<p><!-- https://go.dev/issue/51566 --><!-- CL 400236 -->
<a href="/pkg/io/#NopCloser"><code>NopCloser</code></a>'s result now implements
<a href="/pkg/io/#WriterTo"><code>WriterTo</code></a>
whenever its input does.
</p>
<p><!-- https://go.dev/issue/50842 -->
<a href="/pkg/io/#MultiReader"><code>MultiReader</code></a>'s result now implements
<a href="/pkg/io/#WriterTo"><code>WriterTo</code></a> unconditionally.
If any underlying reader does not implement <code>WriterTo</code>,
it is simulated appropriately.
</p>
</dd>
</dl><!-- io -->
<dl id="mime"><dt><a href="/pkg/mime/">mime</a></dt>
<dd>
<p><!-- CL 406894 -->
On Windows only, the mime package now ignores a registry entry
recording that the extension <code>.js</code> should have MIME
type <code>text/plain</code>. This is a common unintentional
misconfiguration on Windows systems. The effect is
that <code>.js</code> will have the default MIME
type <code>text/javascript; charset=utf-8</code>.
Applications that expect <code>text/plain</code> on Windows must
now explicitly call
<a href="/pkg/mime/#AddExtensionType"><code>AddExtensionType</code></a>.
</p>
</dd>
</dl>
<dl id="net"><dt><a href="/pkg/net/">net</a></dt>
<dd>
<p><!-- CL 386016 -->
The pure Go resolver will now use EDNS(0) to include a suggested
maximum reply packet length, permitting reply packets to contain
up to 1232 bytes (the previous maximum was 512).
In the unlikely event that this causes problems with a local DNS
resolver, setting the environment variable
<code>GODEBUG=netdns=cgo</code> to use the cgo-based resolver
should work.
Please report any such problems on <a href="/issue/new">the
issue tracker</a>.
</p>
<p><!-- https://go.dev/issue/51428 --><!-- CL 396877 -->
When a net package function or method returns an "I/O timeout"
error, the error will now satisfy <code>errors.Is(err,
context.DeadlineExceeded)</code>. When a net package function
returns an "operation was canceled" error, the error will now
satisfy <code>errors.Is(err, context.Canceled)</code>.
These changes are intended to make it easier for code to test
for cases in which a context cancellation or timeout causes a net
package function or method to return an error, while preserving
backward compatibility for error messages.
</p>
<p><!-- https://go.dev/issue/33097 --><!-- CL 400654 -->
<a href="/pkg/net/#Resolver.PreferGo"><code>Resolver.PreferGo</code></a>
is now implemented on Windows and Plan 9. It previously only worked on Unix
platforms. Combined with
<a href="/pkg/net/#Dialer.Resolver"><code>Dialer.Resolver</code></a> and
<a href="/pkg/net/#Resolver.Dial"><code>Resolver.Dial</code></a>, it's now
possible to write portable programs and be in control of all DNS name lookups
when dialing.
</p>
<p>
The <code>net</code> package now has initial support for the <code>netgo</code>
build tag on Windows. When used, the package uses the Go DNS client (as used
by <code>Resolver.PreferGo</code>) instead of asking Windows for
DNS results. The upstream DNS server it discovers from Windows
may not yet be correct with complex system network configurations, however.
</p>
</dd>
</dl><!-- net -->
<dl id="net/http"><dt><a href="/pkg/net/http/">net/http</a></dt>
<dd>
<p><!-- CL 269997 -->
<a href="/pkg/net/http/#ResponseWriter"><code>ResponseWriter.WriteHeader</code></a>
now supports sending user-defined 1xx informational headers.
</p>
<p><!-- CL 361397 -->
The <code>io.ReadCloser</code> returned by
<a href="/pkg/net/http/#MaxBytesReader"><code>MaxBytesReader</code></a>
will now return the defined error type
<a href="/pkg/net/http/#MaxBytesError"><code>MaxBytesError</code></a>
when its read limit is exceeded.
</p>
<p><!-- CL 375354 -->
The HTTP client will handle a 3xx response without a
<code>Location</code> header by returning it to the caller,
rather than treating it as an error.
</p>
</dd>
</dl><!-- net/http -->
<dl id="net/url"><dt><a href="/pkg/net/url/">net/url</a></dt>
<dd>
<p><!-- CL 374654 -->
The new
<a href="/pkg/net/url/#JoinPath"><code>JoinPath</code></a>
function and
<a href="/pkg/net/url/#URL.JoinPath"><code>URL.JoinPath</code></a>
method create a new <code>URL</code> by joining a list of path
elements.
</p>
<p><!-- https://go.dev/issue/46059 -->
The <code>URL</code> type now distinguishes between URLs with no
authority and URLs with an empty authority. For example,
<code>http:///path</code> has an empty authority (host),
while <code>http:/path</code> has none.
</p>
<p>
The new <a href="/pkg/net/url/#URL"><code>URL</code></a> field
<code>OmitHost</code> is set to <code>true</code> when a
<code>URL</code> has an empty authority.
</p>
</dd>
</dl><!-- net/url -->
<dl id="os/exec"><dt><a href="/pkg/os/exec/">os/exec</a></dt>
<dd>
<p><!-- https://go.dev/issue/50599 --><!-- CL 401340 -->
A <a href="/pkg/os/exec/#Cmd"><code>Cmd</code></a> with a non-empty <code>Dir</code> field
and nil <code>Env</code> now implicitly sets the <code>PWD</code> environment
variable for the subprocess to match <code>Dir</code>.
</p>
<p>
The new method <a href="/pkg/os/exec/#Cmd.Environ"><code>Cmd.Environ</code></a> reports the
environment that would be used to run the command, including the
implicitly set <code>PWD</code> variable.
</p>
</dd>
</dl> <!-- os/exec -->
<dl id="reflect"><dt><a href="/pkg/reflect/">reflect</a></dt>
<dd>
<p><!-- https://go.dev/issue/47066 --><!-- CL 357331 -->
The method <a href="/pkg/reflect/#Value.Bytes"><code>Value.Bytes</code></a>
now accepts addressable arrays in addition to slices.
</p>
<p><!-- CL 400954 -->
The methods <a href="/pkg/reflect/#Value.Len"><code>Value.Len</code></a>
and <a href="/pkg/reflect/#Value.Cap"><code>Value.Cap</code></a>
now successfully operate on a pointer to an array and return the length of that array,
to match what the <a href="/ref/spec#Length_and_capacity">builtin
<code>len</code> and <code>cap</code> functions do</a>.
</p>
</dd>
</dl><!-- reflect -->
<dl id="regexp/syntax"><dt><a href="/pkg/regexp/syntax/">regexp/syntax</a></dt>
<dd>
<p><!-- https://go.dev/issue/51684 --><!-- CL 401076 -->
Go 1.18 release candidate 1, Go 1.17.8, and Go 1.16.15 included a security fix
to the regular expression parser, making it reject very deeply nested expressions.
Because Go patch releases do not introduce new API,
the parser returned <a href="/pkg/regexp/syntax/#ErrInternalError"><code>syntax.ErrInternalError</code></a> in this case.
Go 1.19 adds a more specific error, <a href="/pkg/regexp/syntax/#ErrNestingDepth"><code>syntax.ErrNestingDepth</code></a>,
which the parser now returns instead.
</p>
</dd>
</dl><!-- regexp -->
<dl id="pkg-runtime"><dt><a href="/pkg/runtime/">runtime</a></dt>
<dd>
<p><!-- https://go.dev/issue/51461 -->
The <a href="/pkg/runtime/#GOROOT"><code>GOROOT</code></a> function now returns the empty string
(instead of <code>"go"</code>) when the binary was built with
the <code>-trimpath</code> flag set and the <code>GOROOT</code>
variable is not set in the process environment.
</p>
</dd>
</dl><!-- runtime -->
<dl id="runtime/metrics"><dt><a href="/pkg/runtime/metrics/">runtime/metrics</a></dt>
<dd>
<p><!-- https://go.dev/issue/47216 --><!-- CL 404305 -->
The new <code>/sched/gomaxprocs:threads</code>
<a href="/pkg/runtime/metrics/#hdr-Supported_metrics">metric</a> reports
the current
<a href="/pkg/runtime/#GOMAXPROCS"><code>runtime.GOMAXPROCS</code></a>
value.
</p>
<p><!-- https://go.dev/issue/47216 --><!-- CL 404306 -->
The new <code>/cgo/go-to-c-calls:calls</code>
<a href="/pkg/runtime/metrics/#hdr-Supported_metrics">metric</a>
reports the total number of calls made from Go to C. This metric is
identical to the
<a href="/pkg/runtime/#NumCgoCall"><code>runtime.NumCgoCall</code></a>
function.
</p>
<p><!-- https://go.dev/issue/48409 --><!-- CL 403614 -->
The new <code>/gc/limiter/last-enabled:gc-cycle</code>
<a href="/pkg/runtime/metrics/#hdr-Supported_metrics">metric</a>
reports the last GC cycle when the GC CPU limiter was enabled. See the
<a href="#runtime">runtime notes</a> for details about the GC CPU limiter.
</p>
</dd>
</dl><!-- runtime/metrics -->
<dl id="runtime/pprof"><dt><a href="/pkg/runtime/pprof/">runtime/pprof</a></dt>
<dd>
<p><!-- https://go.dev/issue/33250 --><!-- CL 387415 -->
Stop-the-world pause times have been significantly reduced when
collecting goroutine profiles, reducing the overall latency impact to the
application.
</p>
<p><!-- CL 391434 -->
<code>MaxRSS</code> is now reported in heap profiles for all Unix
operating systems (it was previously only reported for
<code>GOOS=android</code>, <code>darwin</code>, <code>ios</code>, and
<code>linux</code>).
</p>
</dd>
</dl><!-- runtime/pprof -->
<dl id="runtime/race"><dt><a href="/pkg/runtime/race/">runtime/race</a></dt>
<dd>
<p><!-- https://go.dev/issue/49761 --><!-- CL 333529 -->
The race detector has been upgraded to use thread sanitizer
version v3 on all supported platforms
except <code>windows/amd64</code>
and <code>openbsd/amd64</code>, which remain on v2.
Compared to v2, it is now typically 1.5x to 2x faster, uses half
as much memory, and it supports an unlimited number of
goroutines.
On Linux, the race detector now requires at least glibc version 2.17.
</p>
<p><!-- CL 336549 -->
The race detector is now supported on <code>GOARCH=s390x</code>.
</p>
<p><!-- https://go.dev/issue/52090 -->
Race detector support for <code>openbsd/amd64</code> has been
removed from thread sanitizer upstream, so it is unlikely to
ever be updated from v2.
</p>
</dd>
</dl><!-- runtime/race -->
<dl id="runtime/trace"><dt><a href="/pkg/runtime/trace/">runtime/trace</a></dt>
<dd>
<p><!-- CL 400795 -->
When tracing and the
<a href="/pkg/runtime/pprof#StartCPUProfile">CPU profiler</a> are
enabled simultaneously, the execution trace includes CPU profile
samples as instantaneous events.
</p>
</dd>
</dl><!-- runtime/trace -->
<dl id="sort"><dt><a href="/pkg/sort/">sort</a></dt>
<dd>
<p><!-- CL 371574 -->
The sorting algorithm has been rewritten to use
<a href="https://arxiv.org/pdf/2106.05123.pdf">pattern-defeating quicksort</a>, which
is faster for several common scenarios.
</p>
<p><!-- https://go.dev/issue/50340 --><!-- CL 396514 -->
The new function
<a href="/pkg/sort/#Find">Find</a>
is like
<a href="/pkg/sort/#Search">Search</a>
but often easier to use: it returns an additional boolean reporting whether an equal value was found.
</p>
</dd>
</dl><!-- sort -->
<dl id="strconv"><dt><a href="/pkg/strconv/">strconv</a></dt>
<dd>
<p><!-- CL 397255 -->
<a href="/pkg/strconv/#Quote"><code>Quote</code></a>
and related functions now quote the rune U+007F as <code>\x7f</code>,
not <code>\u007f</code>,
for consistency with other ASCII values.
</p>
</dd>
</dl><!-- strconv -->
<dl id="syscall"><dt><a href="/pkg/syscall/">syscall</a></dt>
<dd>
<p><!-- https://go.dev/issue/51192 --><!-- CL 385796 -->
On PowerPC (<code>GOARCH=ppc64</code>, <code>ppc64le</code>),
<a href="/pkg/syscall/#Syscall"><code>Syscall</code></a>,
<a href="/pkg/syscall/#Syscall6"><code>Syscall6</code></a>,
<a href="/pkg/syscall/#RawSyscall"><code>RawSyscall</code></a>, and
<a href="/pkg/syscall/#RawSyscall6"><code>RawSyscall6</code></a>
now always return 0 for return value <code>r2</code> instead of an
undefined value.
</p>
<p><!-- CL 391434 -->
On AIX and Solaris, <code>Getrusage</code> is now defined.
</p>
</dd>
</dl><!-- syscall -->
<dl id="time"><dt><a href="/pkg/time/">time</a></dt>
<dd>
<p><!-- https://go.dev/issue/51414 --><!-- CL 393515 -->
The new method
<a href="/pkg/time/#Duration.Abs"><code>Duration.Abs</code></a>
provides a convenient and safe way to take the absolute value of a duration,
converting 2⁶³ to 2⁶³1.
(This boundary case can happen as the result of subtracting a recent time from the zero time.)
</p>
<p><!-- https://go.dev/issue/50062 --><!-- CL 405374 -->
The new method
<a href="/pkg/time/#Time.ZoneBounds"><code>Time.ZoneBounds</code></a>
returns the start and end times of the time zone in effect at a given time.
It can be used in a loop to enumerate all the known time zone transitions at a given location.
</p>
</dd>
</dl><!-- time -->
<!-- Silence these false positives from x/build/cmd/relnote: -->
<!-- CL 382460 -->
<!-- CL 384154 -->
<!-- CL 384554 -->
<!-- CL 392134 -->
<!-- CL 392414 -->
<!-- CL 396215 -->
<!-- CL 403058 -->
<!-- CL 410133 -->
<!-- https://go.dev/issue/27837 -->
<!-- https://go.dev/issue/38340 -->
<!-- https://go.dev/issue/42516 -->
<!-- https://go.dev/issue/45713 -->
<!-- https://go.dev/issue/46654 -->
<!-- https://go.dev/issue/48257 -->
<!-- https://go.dev/issue/50447 -->
<!-- https://go.dev/issue/50720 -->
<!-- https://go.dev/issue/50792 -->
<!-- https://go.dev/issue/51115 -->
<!-- https://go.dev/issue/51447 -->