Update go1.25.6 #148
Merged
Update go1.25.6 #148
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…n using QUIC and ECH I don't think we have good QUIC ECH tests. BoGo has some for this, but I'm not sure how easy it would be to enable those for QUIC. Updates golang#76283 Fixes golang#76409 Change-Id: I0ffa535fd89a624b7f9bfd73441ce2a1683e0549 Reviewed-on: https://go-review.googlesource.com/c/go/+/720920 LUCI-TryBot-Result: Go LUCI <[email protected]> Auto-Submit: Roland Shoemaker <[email protected]> Reviewed-by: Damien Neil <[email protected]> (cherry picked from commit 31aa9f8) Reviewed-on: https://go-review.googlesource.com/c/go/+/726380 Reviewed-by: Dmitri Shuralyov <[email protected]> Auto-Submit: Dmitri Shuralyov <[email protected]>
…onsoles and Stdin windows.IsNonblock can block for synchronous handles that have an outstanding I/O operation. Console handles are always synchronous, so we should not call IsNonblock for them. Stdin is often a pipe, and almost always a synchronous handle, so we should not call IsNonblock for it either. This avoids potential deadlocks during os package initialization, which calls NewFile(syscall.Stdin). Fixes golang#76392 Change-Id: I1603932b0a99823019aa0cad960f94cee9996505 Reviewed-on: https://go-review.googlesource.com/c/go/+/724640 LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: Damien Neil <[email protected]> Auto-Submit: Damien Neil <[email protected]> Reviewed-by: Cherry Mui <[email protected]> (cherry picked from commit CL 724640) Reviewed-on: https://go-review.googlesource.com/c/go/+/725580 Reviewed-by: Dmitri Shuralyov <[email protected]>
…inux Some Linux filesystems have been known to return valid enties with zero inodes. This new behavior also puts Go in agreement with recent glibc. Fixes golang#76620 Change-Id: Ieaf50739a294915a3ea2ef8c5a3bb2a91a186881 GitHub-Last-Rev: 8f83d00 GitHub-Pull-Request: golang#76448 Reviewed-on: https://go-review.googlesource.com/c/go/+/724220 Reviewed-by: Cherry Mui <[email protected]> Reviewed-by: Ian Lance Taylor <[email protected]> Auto-Submit: Ian Lance Taylor <[email protected]> Reviewed-by: Dmitri Shuralyov <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-on: https://go-review.googlesource.com/c/go/+/725340
…ppc64x atomic And/Or wrappers The ppc64x TSAN wrappers for atomic And/Or did not initialize R6 with the Go argument frame before calling racecallatomic. Since racecallatomic expects R6 to point to the argument list and dereferences it unconditionally, this led to a nil-pointer dereference under -race. Other atomic TSAN wrappers (Load/Store/Add/Swap/CAS) already set up R6 in the expected way. This change aligns the And/Or wrappers with the rest by adding the missing R6 initialisation. This keeps the behavior consistent across all atomic operations on ppc64x. Updates golang#76776. Change-Id: Iaf578449a6171a0c6f7c33ec6f64c1251297ae6d Reviewed-on: https://go-review.googlesource.com/c/go/+/718560 Reviewed-by: Mark Freeman <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: Cherry Mui <[email protected]> Reviewed-by: Paul Murphy <[email protected]> (cherry picked from commit 44cb824) Reviewed-on: https://go-review.googlesource.com/c/go/+/728900 Reviewed-by: David Chase <[email protected]>
When compiling with -l, we can't take a stack split here. Fixes golang#76761 Change-Id: Ieab1225c6259c7f16bb5188aa84bff615d9db2e5 Reviewed-on: https://go-review.googlesource.com/c/go/+/728060 LUCI-TryBot-Result: Go LUCI <[email protected]> Auto-Submit: Keith Randall <[email protected]> Reviewed-by: Cherry Mui <[email protected]> Reviewed-by: Keith Randall <[email protected]> (cherry picked from commit d4972f6) Reviewed-on: https://go-review.googlesource.com/c/go/+/728581
…ge jump table index For an out-of-range jump table index, the constant facts should not be propagated to the destinations. Fixes golang#76967 Change-Id: Iff29814cb466c7aaa432cec212e5387665c45afc Reviewed-on: https://go-review.googlesource.com/c/go/+/731860 Auto-Submit: Cuong Manh Le <[email protected]> Reviewed-by: David Chase <[email protected]> Reviewed-by: Cherry Mui <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-on: https://go-review.googlesource.com/c/go/+/732460 Reviewed-by: Junyang Shao <[email protected]> Commit-Queue: Junyang Shao <[email protected]> Auto-Submit: Junyang Shao <[email protected]> Reviewed-by: Michael Knyszek <[email protected]>
…le unwrappable errors" This reverts CL 635115. Reason for revert: The new behavior does not match the function documentation. For golang#76961 Fixes golang#76973 Change-Id: If2450aa4efba28c7a12887a5b306c231a836e740 Reviewed-on: https://go-review.googlesource.com/c/go/+/731981 Reviewed-by: Dmitri Shuralyov <[email protected]> Reviewed-by: Dmitri Shuralyov <[email protected]> Auto-Submit: Damien Neil <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> (cherry picked from commit 1b3db48) Reviewed-on: https://go-review.googlesource.com/c/go/+/734520 Reviewed-by: Junyang Shao <[email protected]>
…ient/server hello For TLS 1.3, after procesesing the server/client hello, if there isn't a CCS message, reject the trailing messages which were appended to the hello messages. This prevents an on-path attacker from injecting plaintext messages into the handshake. Additionally, check that we don't have any buffered messages before we switch the read traffic secret regardless, since any buffered messages would have been under an old key which is no longer appropriate. We also invert the ordering of setting the read/write secrets so that if we fail when changing the read secret we send the alert using the correct write secret. Updates golang#76443 Fixes golang#76855 Fixes CVE-2025-61730 Change-Id: If6ba8ad16f48d5cd5db5574824062ad4244a5b52 Reviewed-on: https://go-review.googlesource.com/c/go/+/724120 LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: Michael Knyszek <[email protected]> Reviewed-by: Daniel McCarney <[email protected]> Reviewed-by: Coia Prant <[email protected]> (cherry picked from commit 5046bdf) Reviewed-on: https://go-review.googlesource.com/c/go/+/731960 Reviewed-by: Damien Neil <[email protected]>
…icket keys in Config.Clone Once a tls.Config is used, it is not safe to mutate. We provide the Clone method in order to allow users to copy and modify a Config that is in use. If Config.SessionTicketKey is not populated, and if Config.SetSessionTicketKeys has not been called, we automatically populate and rotate session ticket keys. Clone was previously copying these keys into the new Config, meaning that two Configs could share the same auto-rotated session ticket keys. This could allow sessions to be resumed across different Configs, which may have completely different configurations. This change updates Clone to not copy the auto-rotated session ticket keys. Additionally, when resuming a session, check that not just that the leaf certificate is unexpired, but that the entire certificate chain is still unexpired. Fixes golang#77113 Fixes CVE-2025-68121 Change-Id: I011df7329de83068d11b3f0c793763692d018a98 Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/3300 Reviewed-by: Damien Neil <[email protected]> Reviewed-by: Nicholas Husin <[email protected]> Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/3321 Reviewed-on: https://go-review.googlesource.com/c/go/+/736720 Auto-Submit: Michael Pratt <[email protected]> TryBot-Bypass: Michael Pratt <[email protected]> Reviewed-by: Junyang Shao <[email protected]>
…/argument syntax In various situations, the toolchain invokes VCS commands. Some of these commands take arbitrary input, either provided by users or fetched from external sources. To prevent potential command injection vulnerabilities or misinterpretation of arguments as flags, this change updates the VCS commands to use various techniques to separate flags from positional arguments, and to directly associate flags with their values. Additionally, we update the environment variable for Mercurial to use `HGPLAIN=+strictflags`, which is the more explicit way to disable user configurations (intended or otherwise) that might interfere with command execution. We also now disallow version strings from being prefixed with '-' or '/', as doing so opens us up to making the same mistake again in the future. As far as we know there are currently ~0 public modules affected by this. While I was working on cmd/go/internal/vcs, I also noticed that a significant portion of the commands being implemented were dead code. In order to reduce the maintenance burden and surface area for potential issues, I removed the dead code for unused commands. We should probably follow up with a more structured change to make it harder to accidentally re-introduce these issues in the future, but for now this addresses the issue at hand. Thanks to splitline (@splitline) from DEVCORE Research Team for reporting this issue. Fixes CVE-2025-68119 Fixes golang#77099 Change-Id: I9d9f4ee05b95be49fe14edf71a1b8e6c0784378e Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/3260 Reviewed-by: Damien Neil <[email protected]> Reviewed-by: Nicholas Husin <[email protected]> Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/3342 Reviewed-by: Michael Matloob <[email protected]> Reviewed-on: https://go-review.googlesource.com/c/go/+/736721 Reviewed-by: Junyang Shao <[email protected]> Auto-Submit: Michael Pratt <[email protected]> TryBot-Bypass: Michael Pratt <[email protected]>
…nvoking 'pkg-config' The addition of CgoPkgConfig allowed execution with flags not matching the safelist. In order to prevent potential arbitrary code execution at build time, ensure that flags are validated prior to invoking the 'pkg-config' binary. Thank you to RyotaK (https://ryotak.net) of GMO Flatt Security Inc. for reporting this issue. Fixes CVE-2025-61731 Fixes golang#77100 Change-Id: Ic51b41f1f7e697ab98c9c32c6fae35f217f7f364 Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/3240 Reviewed-by: Nicholas Husin <[email protected]> Reviewed-by: Damien Neil <[email protected]> Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/3343 Reviewed-by: Neal Patel <[email protected]> Reviewed-on: https://go-review.googlesource.com/c/go/+/736722 TryBot-Bypass: Michael Pratt <[email protected]> Auto-Submit: Michael Pratt <[email protected]> Reviewed-by: Junyang Shao <[email protected]>
…it the number of query parameters net/url does not currently limit the number of query parameters parsed by url.ParseQuery or URL.Query. When parsing a application/x-www-form-urlencoded form, net/http.Request.ParseForm will parse up to 10 MB of query parameters. An input consisting of a large number of small, unique parameters can cause excessive memory consumption. We now limit the number of query parameters parsed to 10000 by default. The limit can be adjusted by setting GODEBUG=urlmaxqueryparams=<n>. Setting urlmaxqueryparams to 0 disables the limit. Thanks to jub0bs for reporting this issue. Fixes golang#77101 Fixes CVE-2025-61726 Change-Id: Iee3374c7ee2d8586dbf158536d3ade424203ff66 Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/3020 Reviewed-by: Nicholas Husin <[email protected]> Reviewed-by: Neal Patel <[email protected]> Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/3325 Reviewed-by: Roland Shoemaker <[email protected]> Reviewed-on: https://go-review.googlesource.com/c/go/+/736723 Reviewed-by: Junyang Shao <[email protected]> TryBot-Bypass: Michael Pratt <[email protected]> Auto-Submit: Michael Pratt <[email protected]>
…uction Constructing the zip index (which is done once when first opening a file in an archive) can consume large amounts of CPU when processing deeply-nested directory paths. Switch to a less inefficient algorithm. Thanks to Jakub Ciolek for reporting this issue. goos: darwin goarch: arm64 pkg: archive/zip cpu: Apple M4 Pro │ /tmp/bench.0 │ /tmp/bench.1 │ │ sec/op │ sec/op vs base │ ReaderOneDeepDir-14 25983.62m ± 2% 46.01m ± 2% -99.82% (p=0.000 n=8) ReaderManyDeepDirs-14 16.221 ± 1% 2.763 ± 6% -82.96% (p=0.000 n=8) ReaderManyShallowFiles-14 130.3m ± 1% 128.8m ± 2% -1.20% (p=0.003 n=8) geomean 3.801 253.9m -93.32% Fixes golang#77102 Fixes CVE-2025-61728 Change-Id: I2c9c864be01b2a2769eb67fbab1b250aeb8f6c42 Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/3060 Reviewed-by: Nicholas Husin <[email protected]> Reviewed-by: Neal Patel <[email protected]> Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/3327 Reviewed-by: Damien Neil <[email protected]> Reviewed-on: https://go-review.googlesource.com/c/go/+/736724 TryBot-Bypass: Michael Pratt <[email protected]> Reviewed-by: Junyang Shao <[email protected]> Auto-Submit: Michael Pratt <[email protected]>
Change-Id: Ib93e4136188fce36867537b30977a03885b8b14f Reviewed-on: https://go-review.googlesource.com/c/go/+/736761 Reviewed-by: Michael Pratt <[email protected]> Auto-Submit: Gopher Robot <[email protected]> Reviewed-by: Junyang Shao <[email protected]> TryBot-Bypass: Gopher Robot <[email protected]>
bradfitz
approved these changes
Jan 24, 2026
Member
|
(usual repetitive reminder to git push by hand, without using the github web UI) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
11 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.