diff options
-rw-r--r-- | VERSION | 4 | ||||
-rw-r--r-- | src/cmd/compile/internal/compare/compare.go | 7 | ||||
-rw-r--r-- | src/cmd/go/internal/modfetch/codehost/git.go | 24 | ||||
-rw-r--r-- | src/cmd/go/internal/toolchain/select.go | 11 | ||||
-rw-r--r-- | src/cmd/go/internal/work/security.go | 19 | ||||
-rw-r--r-- | src/cmd/go/testdata/script/darwin_lto_library_ldflag.txt | 17 | ||||
-rw-r--r-- | src/cmd/go/testdata/script/get_issue53955.txt | 79 | ||||
-rw-r--r-- | src/cmd/go/testdata/script/gotoolchain_issue66175.txt | 109 | ||||
-rw-r--r-- | src/cmd/go/testdata/script/mod_download_git_bareRepository.txt | 17 | ||||
-rw-r--r-- | src/cmd/go/testdata/script/mod_download_git_decorate_full.txt | 16 | ||||
-rw-r--r-- | src/cmd/go/testdata/script/mod_download_issue51114.txt | 15 | ||||
-rw-r--r-- | src/cmd/go/testdata/script/mod_download_private_vcs.txt | 15 | ||||
-rw-r--r-- | src/crypto/x509/root_darwin_test.go | 131 | ||||
-rw-r--r-- | src/crypto/x509/root_windows_test.go | 127 | ||||
-rw-r--r-- | src/go.mod | 2 | ||||
-rw-r--r-- | src/go.sum | 4 | ||||
-rw-r--r-- | src/net/http/h2_bundle.go | 22 | ||||
-rw-r--r-- | src/vendor/modules.txt | 2 | ||||
-rw-r--r-- | test/fixedbugs/issue67160.go | 32 |
19 files changed, 353 insertions, 300 deletions
@@ -1,2 +1,2 @@ -go1.21.9 -time 2024-03-29T15:27:02Z +go1.21.10 +time 2024-05-01T19:49:47Z diff --git a/src/cmd/compile/internal/compare/compare.go b/src/cmd/compile/internal/compare/compare.go index 16740655564..e848e1c8584 100644 --- a/src/cmd/compile/internal/compare/compare.go +++ b/src/cmd/compile/internal/compare/compare.go @@ -148,7 +148,7 @@ func calculateCostForType(t *types.Type) int64 { return EqStructCost(t) case types.TSLICE: // Slices are not comparable. - base.Fatalf("eqStructFieldCost: unexpected slice type") + base.Fatalf("calculateCostForType: unexpected slice type") case types.TARRAY: elemCost := calculateCostForType(t.Elem()) cost = t.NumElem() * elemCost @@ -374,6 +374,11 @@ func eqmem(p ir.Node, q ir.Node, field *types.Sym, size int64) ir.Node { } func eqmemfunc(size int64, t *types.Type) (fn *ir.Name, needsize bool) { + if !base.Ctxt.Arch.CanMergeLoads && t.Alignment() < int64(base.Ctxt.Arch.Alignment) && t.Alignment() < t.Size() { + // We can't use larger comparisons if the value might not be aligned + // enough for the larger comparison. See issues 46283 and 67160. + size = 0 + } switch size { default: fn = typecheck.LookupRuntime("memequal") diff --git a/src/cmd/go/internal/modfetch/codehost/git.go b/src/cmd/go/internal/modfetch/codehost/git.go index d1a18a8d589..294e50ff123 100644 --- a/src/cmd/go/internal/modfetch/codehost/git.go +++ b/src/cmd/go/internal/modfetch/codehost/git.go @@ -18,6 +18,7 @@ import ( "os/exec" "path/filepath" "runtime" + "slices" "sort" "strconv" "strings" @@ -154,7 +155,7 @@ type gitRepo struct { refsErr error localTagsOnce sync.Once - localTags map[string]bool + localTags sync.Map // map[string]bool } const ( @@ -166,7 +167,6 @@ const ( // loadLocalTags loads tag references from the local git cache // into the map r.localTags. -// Should only be called as r.localTagsOnce.Do(r.loadLocalTags). func (r *gitRepo) loadLocalTags(ctx context.Context) { // The git protocol sends all known refs and ls-remote filters them on the client side, // so we might as well record both heads and tags in one shot. @@ -176,10 +176,9 @@ func (r *gitRepo) loadLocalTags(ctx context.Context) { return } - r.localTags = make(map[string]bool) for _, line := range strings.Split(string(out), "\n") { if line != "" { - r.localTags[line] = true + r.localTags.Store(line, true) } } } @@ -430,7 +429,7 @@ func (r *gitRepo) stat(ctx context.Context, rev string) (info *RevInfo, err erro // Maybe rev is a tag we already have locally. // (Note that we're excluding branches, which can be stale.) r.localTagsOnce.Do(func() { r.loadLocalTags(ctx) }) - if r.localTags[rev] { + if _, ok := r.localTags.Load(rev); ok { return r.statLocal(ctx, rev, "refs/tags/"+rev) } @@ -506,11 +505,18 @@ func (r *gitRepo) stat(ctx context.Context, rev string) (info *RevInfo, err erro // Either way, try a local stat before falling back to network I/O. if !didStatLocal { if info, err := r.statLocal(ctx, rev, hash); err == nil { - if after, found := strings.CutPrefix(ref, "refs/tags/"); found { - // Make sure tag exists, so it will be in localTags next time the go command is run. - Run(ctx, r.dir, "git", "tag", after, hash) + tag, fromTag := strings.CutPrefix(ref, "refs/tags/") + if fromTag && !slices.Contains(info.Tags, tag) { + // The local repo includes the commit hash we want, but it is missing + // the corresponding tag. Add that tag and try again. + _, err := Run(ctx, r.dir, "git", "tag", tag, hash) + if err != nil { + return nil, err + } + r.localTags.Store(tag, true) + return r.statLocal(ctx, rev, ref) } - return info, nil + return info, err } } diff --git a/src/cmd/go/internal/toolchain/select.go b/src/cmd/go/internal/toolchain/select.go index 3446a48d2df..b1b88647e46 100644 --- a/src/cmd/go/internal/toolchain/select.go +++ b/src/cmd/go/internal/toolchain/select.go @@ -183,6 +183,13 @@ func Select() { } if gover.Compare(goVers, minVers) > 0 { gotoolchain = "go" + goVers + // Starting with Go 1.21, the first released version has a .0 patch version suffix. + // Don't try to download a language version (sans patch component), such as go1.22. + // Instead, use the first toolchain of that language version, such as 1.22.0. + // See golang.org/issue/62278. + if gover.IsLang(goVers) && gover.Compare(goVers, "1.21") >= 0 { + gotoolchain += ".0" + } gover.Startup.AutoGoVersion = goVers gover.Startup.AutoToolchain = "" // in case we are overriding it for being too old } @@ -311,6 +318,10 @@ func Exec(gotoolchain string) { dir, err := modfetch.Download(context.Background(), m) if err != nil { if errors.Is(err, fs.ErrNotExist) { + toolVers := gover.FromToolchain(gotoolchain) + if gover.IsLang(toolVers) && gover.Compare(toolVers, "1.21") >= 0 { + base.Fatalf("invalid toolchain: %s is a language version but not a toolchain version (%s.x)", gotoolchain, gotoolchain) + } base.Fatalf("download %s for %s/%s: toolchain not available", gotoolchain, runtime.GOOS, runtime.GOARCH) } base.Fatalf("download %s: %v", gotoolchain, err) diff --git a/src/cmd/go/internal/work/security.go b/src/cmd/go/internal/work/security.go index 270a34e9c7c..db49eb6488c 100644 --- a/src/cmd/go/internal/work/security.go +++ b/src/cmd/go/internal/work/security.go @@ -141,6 +141,12 @@ var validCompilerFlagsWithNextArg = []string{ "-x", } +var invalidLinkerFlags = []*lazyregexp.Regexp{ + // On macOS this means the linker loads and executes the next argument. + // Have to exclude separately because -lfoo is allowed in general. + re(`-lto_library`), +} + var validLinkerFlags = []*lazyregexp.Regexp{ re(`-F([^@\-].*)`), re(`-l([^@\-].*)`), @@ -231,12 +237,12 @@ var validLinkerFlagsWithNextArg = []string{ func checkCompilerFlags(name, source string, list []string) error { checkOverrides := true - return checkFlags(name, source, list, validCompilerFlags, validCompilerFlagsWithNextArg, checkOverrides) + return checkFlags(name, source, list, nil, validCompilerFlags, validCompilerFlagsWithNextArg, checkOverrides) } func checkLinkerFlags(name, source string, list []string) error { checkOverrides := true - return checkFlags(name, source, list, validLinkerFlags, validLinkerFlagsWithNextArg, checkOverrides) + return checkFlags(name, source, list, invalidLinkerFlags, validLinkerFlags, validLinkerFlagsWithNextArg, checkOverrides) } // checkCompilerFlagsForInternalLink returns an error if 'list' @@ -245,7 +251,7 @@ func checkLinkerFlags(name, source string, list []string) error { // external linker). func checkCompilerFlagsForInternalLink(name, source string, list []string) error { checkOverrides := false - if err := checkFlags(name, source, list, validCompilerFlags, validCompilerFlagsWithNextArg, checkOverrides); err != nil { + if err := checkFlags(name, source, list, nil, validCompilerFlags, validCompilerFlagsWithNextArg, checkOverrides); err != nil { return err } // Currently the only flag on the allow list that causes problems @@ -258,7 +264,7 @@ func checkCompilerFlagsForInternalLink(name, source string, list []string) error return nil } -func checkFlags(name, source string, list []string, valid []*lazyregexp.Regexp, validNext []string, checkOverrides bool) error { +func checkFlags(name, source string, list []string, invalid, valid []*lazyregexp.Regexp, validNext []string, checkOverrides bool) error { // Let users override rules with $CGO_CFLAGS_ALLOW, $CGO_CFLAGS_DISALLOW, etc. var ( allow *regexp.Regexp @@ -290,6 +296,11 @@ Args: if allow != nil && allow.FindString(arg) == arg { continue Args } + for _, re := range invalid { + if re.FindString(arg) == arg { // must be complete match + goto Bad + } + } for _, re := range valid { if re.FindString(arg) == arg { // must be complete match continue Args diff --git a/src/cmd/go/testdata/script/darwin_lto_library_ldflag.txt b/src/cmd/go/testdata/script/darwin_lto_library_ldflag.txt new file mode 100644 index 00000000000..d7acefdbad6 --- /dev/null +++ b/src/cmd/go/testdata/script/darwin_lto_library_ldflag.txt @@ -0,0 +1,17 @@ +[!GOOS:darwin] skip +[!cgo] skip + +! go build +stderr 'invalid flag in #cgo LDFLAGS: -lto_library' + +-- go.mod -- +module ldflag + +-- main.go -- +package main + +// #cgo CFLAGS: -flto +// #cgo LDFLAGS: -lto_library bad.dylib +import "C" + +func main() {}
\ No newline at end of file diff --git a/src/cmd/go/testdata/script/get_issue53955.txt b/src/cmd/go/testdata/script/get_issue53955.txt new file mode 100644 index 00000000000..685c6facaa9 --- /dev/null +++ b/src/cmd/go/testdata/script/get_issue53955.txt @@ -0,0 +1,79 @@ +# Regression test for https://go.dev/issue/53955. +# New remote tags were erroneously added to the local clone of a repo +# only *after* extracting version information for a locally-cached commit, +# causing the version information to have incomplete Tags and Version fields. + +[short] skip 'constructs a local git repo' +[!git] skip +[!net:github.com] skip 'does not actually use github.com because of insteadOf, but silence network check just in case' + +# Redirect git to a test-specific .gitconfig. +# GIT_CONFIG_GLOBAL suffices for git 2.32.0 and newer. +# For older git versions we also set $HOME. +env GIT_CONFIG_GLOBAL=$WORK${/}home${/}gopher${/}.gitconfig +env HOME=$WORK${/}home${/}gopher +exec git config --global --show-origin user.name +stdout 'Go Gopher' + +# Inject a local repo in place of a remote one, so that we can +# add commits to the repo partway through the test. +env GIT_ALLOW_PROTOCOL=file +env GOPRIVATE=github.com/golang/issue53955 + +[!GOOS:windows] exec git config --global 'url.file://'$WORK'/repo.insteadOf' 'https://github.com/golang/issue53955' +[GOOS:windows] exec git config --global 'url.file:///'$WORK'/repo.insteadOf' 'https://github.com/golang/issue53955' + +cd $WORK/repo + +env GIT_AUTHOR_NAME='Go Gopher' +env GIT_AUTHOR_EMAIL='gopher@golang.org' +env GIT_COMMITTER_NAME=$GIT_AUTHOR_NAME +env GIT_COMMITTER_EMAIL=$GIT_AUTHOR_EMAIL + +exec git init + +env GIT_COMMITTER_DATE=2022-07-19T11:07:00-04:00 +env GIT_AUTHOR_DATE=2022-07-19T11:07:00-04:00 +exec git add go.mod issue53955.go +exec git commit -m 'initial commit' +exec git branch -m main +exec git tag v1.0.9 + +env GIT_COMMITTER_DATE=2022-07-19T11:07:01-04:00 +env GIT_AUTHOR_DATE=2022-07-19T11:07:01-04:00 +exec git add extra.go +exec git commit -m 'next commit' +exec git show-ref --tags --heads +cmp stdout $WORK/.git-refs-1 + +cd $WORK/m +go get -x github.com/golang/issue53955@2cb3d49f +stderr '^go: added github.com/golang/issue53955 v1.0.10-0.20220719150701-2cb3d49f8874$' + +cd $WORK/repo +exec git tag v1.0.10 + +cd $WORK/m +go get -x github.com/golang/issue53955@v1.0.10 +! stderr 'v1\.0\.10 is not a tag' +stderr '^go: upgraded github.com/golang/issue53955 v.* => v1\.0\.10$' + +-- $WORK/repo/go.mod -- +module github.com/golang/issue53955 + +go 1.18 +-- $WORK/repo/issue53955.go -- +package issue53955 +-- $WORK/repo/extra.go -- +package issue53955 +-- $WORK/.git-refs-1 -- +2cb3d49f8874b9362ed0ddd2a6512e4108bbf6b1 refs/heads/main +050526ebf5883191e990529eb3cc9345abaf838c refs/tags/v1.0.9 +-- $WORK/m/go.mod -- +module m + +go 1.18 +-- $WORK/home/gopher/.gitconfig -- +[user] + name = Go Gopher + email = gopher@golang.org diff --git a/src/cmd/go/testdata/script/gotoolchain_issue66175.txt b/src/cmd/go/testdata/script/gotoolchain_issue66175.txt new file mode 100644 index 00000000000..5db4dbf3810 --- /dev/null +++ b/src/cmd/go/testdata/script/gotoolchain_issue66175.txt @@ -0,0 +1,109 @@ +env TESTGO_VERSION=go1.14 + +# Clear the path so this test doesn't fail if the system running it\ +# has a binary named go1.21 or go1.22 on its path. +[GOOS:plan9] env path= +[!GOOS:plan9] env PATH= + +# check for invalid toolchain in go.mod +go mod init m +go mod edit -go=1.14 -toolchain=go1.22 +! go version +stderr 'go: invalid toolchain: go1.22 is a language version but not a toolchain version \(go1.22.x\)' + +rm go.mod +go mod init m +go mod edit -go=1.14 -toolchain=go1.21 +! go version +stderr 'go: invalid toolchain: go1.21 is a language version but not a toolchain version \(go1.21.x\)' + +rm go.mod +go mod init m +go mod edit -go=1.14 -toolchain=go1.20 +! go version +stderr 'go: downloading go1.20 ' + + +# check for invalid GOTOOLCHAIN +env GOTOOLCHAIN=go1.14 +go version +stdout 'go1.14' + +env GOTOOLCHAIN=go1.20 +! go version +stderr 'go: downloading go1.20 ' + +env GOTOOLCHAIN=go1.21 +! go version +stderr 'go: invalid toolchain: go1.21 is a language version but not a toolchain version \(go1.21.x\)' + +env GOTOOLCHAIN=go1.22 +! go version +stderr 'go: invalid toolchain: go1.22 is a language version but not a toolchain version \(go1.22.x\)' + +env GOTOOLCHAIN=go1.20+auto +! go version +stderr 'go: downloading go1.20 ' + +env GOTOOLCHAIN=go1.21+auto +! go version +stderr 'go: invalid toolchain: go1.21 is a language version but not a toolchain version \(go1.21.x\)' + +env GOTOOLCHAIN=go1.22+auto +! go version +stderr 'go: invalid toolchain: go1.22 is a language version but not a toolchain version \(go1.22.x\)' + +env GOTOOLCHAIN=go1.21rc3 +! go version +stderr 'go: downloading go1.21rc3 ' + +env GOTOOLCHAIN=go1.22rc2 +! go version +stderr 'go: downloading go1.22rc2 ' + +env GOTOOLCHAIN=go1.66 +! go version +stderr 'go: invalid toolchain: go1.66 is a language version but not a toolchain version \(go1.66.x\)' + +env GOTOOLCHAIN=go1.18beta2 +! go version +stderr 'go: downloading go1.18beta2 ' + +# go1.X is okay for path lookups +env GOTOOLCHAIN=go1.20+path +! go version +stderr 'go: cannot find "go1.20" in PATH' + +env GOTOOLCHAIN=go1.21+path +! go version +stderr 'go: cannot find "go1.21" in PATH' + +env GOTOOLCHAIN=go1.22+path +! go version +stderr 'go: cannot find "go1.22" in PATH' + +# When a toolchain download takes place, download 1.X.0 +env GOTOOLCHAIN=auto +rm go.mod +go mod init m +go mod edit -go=1.300 -toolchain=none +! go version +stderr 'go: downloading go1.300.0 ' + +rm go.mod +go mod init m +go mod edit -go=1.21 -toolchain=none +! go version +stderr 'go: downloading go1.21.0 ' + +rm go.mod +go mod init m +go mod edit -go=1.22 -toolchain=none +! go version +stderr 'go: downloading go1.22.0 ' + +rm go.mod +go mod init m +go mod edit -go=1.15 -toolchain=none +! go version +stderr 'go: downloading go1.15 ' diff --git a/src/cmd/go/testdata/script/mod_download_git_bareRepository.txt b/src/cmd/go/testdata/script/mod_download_git_bareRepository.txt index 8050461c658..a61283ca49b 100644 --- a/src/cmd/go/testdata/script/mod_download_git_bareRepository.txt +++ b/src/cmd/go/testdata/script/mod_download_git_bareRepository.txt @@ -1,8 +1,14 @@ [short] skip [!git] skip -[!GOOS:linux] skip # Uses XDG_CONFIG_HOME -env GIT_CONFIG_GLOBAL=$WORK/.gitconfig +# Redirect git to a test-specific .gitconfig. +# GIT_CONFIG_GLOBAL suffices for git 2.32.0 and newer. +# For older git versions we also set $HOME. +env GIT_CONFIG_GLOBAL=$WORK${/}home${/}gopher${/}.gitconfig +env HOME=$WORK${/}home${/}gopher +exec git config --global --show-origin user.name +stdout 'Go Gopher' + env GOPRIVATE=vcs-test.golang.org go mod download -x @@ -14,6 +20,9 @@ go 1.18 require vcs-test.golang.org/git/gitrepo1.git v1.2.3 --- $WORK/.gitconfig -- +-- $WORK/home/gopher/.gitconfig -- +[user] + name = Go Gopher + email = gopher@golang.org [safe] -bareRepository = explicit + bareRepository = explicit diff --git a/src/cmd/go/testdata/script/mod_download_git_decorate_full.txt b/src/cmd/go/testdata/script/mod_download_git_decorate_full.txt index 080ccf072e0..9afd3477466 100644 --- a/src/cmd/go/testdata/script/mod_download_git_decorate_full.txt +++ b/src/cmd/go/testdata/script/mod_download_git_decorate_full.txt @@ -3,12 +3,15 @@ env GO111MODULE=on [short] skip [!git] skip -env GOPROXY=direct -env HOME=$WORK/home/gopher - +# Redirect git to a test-specific .gitconfig. +# GIT_CONFIG_GLOBAL suffices for git 2.32.0 and newer. +# For older git versions we also set $HOME. +env GIT_CONFIG_GLOBAL=$WORK${/}home${/}gopher${/}.gitconfig +env HOME=$WORK${/}home${/}gopher +exec git config --global --show-origin user.name +stdout 'Go Gopher' -go env GOPROXY -stdout 'direct' +env GOPROXY=direct exec git config --get log.decorate stdout 'full' @@ -24,5 +27,8 @@ go list -m vcs-test.golang.org/git/gitrepo1.git@v1.2.3 stdout 'vcs-test.golang.org/git/gitrepo1.git v1.2.3' -- $WORK/home/gopher/.gitconfig -- +[user] + name = Go Gopher + email = gopher@golang.org [log] decorate = full diff --git a/src/cmd/go/testdata/script/mod_download_issue51114.txt b/src/cmd/go/testdata/script/mod_download_issue51114.txt index 4d274d61a97..a28d467bb8b 100644 --- a/src/cmd/go/testdata/script/mod_download_issue51114.txt +++ b/src/cmd/go/testdata/script/mod_download_issue51114.txt @@ -1,8 +1,14 @@ [!net:github.com] skip [!git] skip -[!GOOS:linux] skip # Uses XDG_CONFIG_HOME -env GIT_CONFIG_GLOBAL=$WORK/.gitconfig +# Redirect git to a test-specific .gitconfig. +# GIT_CONFIG_GLOBAL suffices for git 2.32.0 and newer. +# For older git versions we also set $HOME. +env GIT_CONFIG_GLOBAL=$WORK${/}home${/}gopher${/}.gitconfig +env HOME=$WORK${/}home${/}gopher +exec git config --global --show-origin user.name +stdout 'Go Gopher' + env GOPROXY=direct ! go mod download @@ -15,6 +21,9 @@ go 1.18 require github.com/golang/notexist/subdir v0.1.0 --- $WORK/.gitconfig -- +-- $WORK/home/gopher/.gitconfig -- +[user] + name = Go Gopher + email = gopher@golang.org [url "git@github.com:"] insteadOf = https://github.com/ diff --git a/src/cmd/go/testdata/script/mod_download_private_vcs.txt b/src/cmd/go/testdata/script/mod_download_private_vcs.txt index 2f72a4213a3..5c8d93a978d 100644 --- a/src/cmd/go/testdata/script/mod_download_private_vcs.txt +++ b/src/cmd/go/testdata/script/mod_download_private_vcs.txt @@ -5,6 +5,14 @@ env GO111MODULE=on [!git] skip env GOPROXY=direct +# Redirect git to a test-specific .gitconfig. +# GIT_CONFIG_GLOBAL suffices for git 2.32.0 and newer. +# For older git versions we also set $HOME. +env GIT_CONFIG_GLOBAL=$WORK${/}home${/}gopher${/}.gitconfig +env HOME=$WORK${/}home${/}gopher +exec git config --global --show-origin user.name +stdout 'Go Gopher' + ! go mod download github.com/golang/nonexist@latest stderr 'Confirm the import path was entered correctly.' stderr 'If this is a private repository, see https://golang.org/doc/faq#git_https for additional information.' @@ -27,7 +35,7 @@ stderr '^If this is a private repository, see https://golang.org/doc/faq#git_htt # Test that Git clone errors will be shown to the user instead of a generic # "unknown revision" error. To do this we want to force git ls-remote to return # an error we don't already have special handling for. See golang/go#42751. -env HOME=$WORK${/}home${/}gopher +exec git config --global url.git@github.com.insteadOf https://github.com/ env GIT_SSH_COMMAND=false ! go install github.com/golang/nonexist@master stderr 'fatal: Could not read from remote repository.' @@ -35,5 +43,6 @@ stderr 'fatal: Could not read from remote repository.' ! stdout . -- $WORK/home/gopher/.gitconfig -- -[url "git@github.com:"] - insteadOf = https://github.com/ +[user] + name = Go Gopher + email = gopher@golang.org diff --git a/src/crypto/x509/root_darwin_test.go b/src/crypto/x509/root_darwin_test.go deleted file mode 100644 index e6b52e9f917..00000000000 --- a/src/crypto/x509/root_darwin_test.go +++ /dev/null @@ -1,131 +0,0 @@ -// Copyright 2013 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package x509_test - -import ( - "crypto/tls" - "crypto/x509" - "internal/testenv" - "testing" - "time" -) - -func TestPlatformVerifierLegacy(t *testing.T) { - // TODO(#52108): This can be removed once the synthetic test root is deployed on - // builders. - if !testenv.HasExternalNetwork() { - t.Skip() - } - - getChain := func(host string) []*x509.Certificate { - t.Helper() - c, err := tls.Dial("tcp", host+":443", &tls.Config{InsecureSkipVerify: true}) - if err != nil { - t.Fatalf("tls connection failed: %s", err) - } - return c.ConnectionState().PeerCertificates - } - - tests := []struct { - name string - host string - verifyName string - verifyTime time.Time - verifyEKU []x509.ExtKeyUsage - expectedErr string - skip string - }{ - { - // whatever google.com serves should, hopefully, be trusted - name: "valid chain", - host: "google.com", - }, - { - name: "expired leaf", - host: "expired.badssl.com", - expectedErr: "x509: certificate has expired or is not yet valid: “*.badssl.com” certificate is expired", - }, - { - name: "wrong host for leaf", - host: "wrong.host.badssl.com", - verifyName: "wrong.host.badssl.com", - expectedErr: "x509: certificate is valid for *.badssl.com, badssl.com, not wrong.host.badssl.com", - }, - { - name: "self-signed leaf", - host: "self-signed.badssl.com", - expectedErr: "x509: certificate signed by unknown authority", - }, - { - name: "untrusted root", - host: "untrusted-root.badssl.com", - expectedErr: "x509: certificate signed by unknown authority", - }, - { - name: "revoked leaf", - host: "revoked.badssl.com", - expectedErr: "x509: “revoked.badssl.com” certificate is revoked", - skip: "skipping; broken on recent versions of macOS. See issue 57428.", - }, - { - name: "leaf missing SCTs", - host: "no-sct.badssl.com", - expectedErr: "x509: “no-sct.badssl.com” certificate is not standards compliant", - skip: "skipping; broken on recent versions of macOS. See issue 57428.", - }, - { - name: "expired leaf (custom time)", - host: "google.com", - verifyTime: time.Time{}.Add(time.Hour), - expectedErr: "x509: certificate has expired or is not yet valid: “*.google.com” certificate is expired", - }, - { - name: "valid chain (custom time)", - host: "google.com", - verifyTime: time.Now(), - }, - { - name: "leaf doesn't have acceptable ExtKeyUsage", - host: "google.com", - expectedErr: "x509: certificate specifies an incompatible key usage", - verifyEKU: []x509.ExtKeyUsage{x509.ExtKeyUsageEmailProtection}, - }, - } - - for _, tc := range tests { - t.Run(tc.name, func(t *testing.T) { - if tc.skip != "" { - t.Skip(tc.skip) - } - - chain := getChain(tc.host) - var opts x509.VerifyOptions - if len(chain) > 1 { - opts.Intermediates = x509.NewCertPool() - for _, c := range chain[1:] { - opts.Intermediates.AddCert(c) - } - } - if tc.verifyName != "" { - opts.DNSName = tc.verifyName - } - if !tc.verifyTime.IsZero() { - opts.CurrentTime = tc.verifyTime - } - if len(tc.verifyEKU) > 0 { - opts.KeyUsages = tc.verifyEKU - } - - _, err := chain[0].Verify(opts) - if err != nil && tc.expectedErr == "" { - t.Errorf("unexpected verification error: %s", err) - } else if err != nil && err.Error() != tc.expectedErr { - t.Errorf("unexpected verification error: got %q, want %q", err.Error(), tc.expectedErr) - } else if err == nil && tc.expectedErr != "" { - t.Errorf("unexpected verification success: want %q", tc.expectedErr) - } - }) - } -} diff --git a/src/crypto/x509/root_windows_test.go b/src/crypto/x509/root_windows_test.go deleted file mode 100644 index 1372c043b20..00000000000 --- a/src/crypto/x509/root_windows_test.go +++ /dev/null @@ -1,127 +0,0 @@ -// Copyright 2021 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package x509_test - -import ( - "crypto/tls" - "crypto/x509" - "errors" - "internal/testenv" - "net" - "strings" - "syscall" - "testing" - "time" -) - -func TestPlatformVerifierLegacy(t *testing.T) { - // TODO(#52108): This can be removed once the synthetic test root is deployed on - // builders. - if !testenv.HasExternalNetwork() { - t.Skip() - } - - getChain := func(t *testing.T, host string) []*x509.Certificate { - t.Helper() - c, err := tls.Dial("tcp", host+":443", &tls.Config{InsecureSkipVerify: true}) - if err != nil { - // From https://docs.microsoft.com/en-us/windows/win32/winsock/windows-sockets-error-codes-2, - // matching the error string observed in https://go.dev/issue/52094. - const WSATRY_AGAIN syscall.Errno = 11002 - var errDNS *net.DNSError - if strings.HasSuffix(host, ".badssl.com") && errors.As(err, &errDNS) && strings.HasSuffix(errDNS.Err, WSATRY_AGAIN.Error()) { - t.Log(err) - testenv.SkipFlaky(t, 52094) - } - - t.Fatalf("tls connection failed: %s", err) - } - return c.ConnectionState().PeerCertificates - } - - tests := []struct { - name string - host string - verifyName string - verifyTime time.Time - expectedErr string - }{ - { - // whatever google.com serves should, hopefully, be trusted - name: "valid chain", - host: "google.com", - }, - { - name: "valid chain (dns check)", - host: "google.com", - verifyName: "google.com", - }, - { - name: "valid chain (fqdn dns check)", - host: "google.com.", - verifyName: "google.com.", - }, - { - name: "expired leaf", - host: "expired.badssl.com", - expectedErr: "x509: certificate has expired or is not yet valid: ", - }, - { - name: "wrong host for leaf", - host: "wrong.host.badssl.com", - verifyName: "wrong.host.badssl.com", - expectedErr: "x509: certificate is valid for *.badssl.com, badssl.com, not wrong.host.badssl.com", - }, - { - name: "self-signed leaf", - host: "self-signed.badssl.com", - expectedErr: "x509: certificate signed by unknown authority", - }, - { - name: "untrusted root", - host: "untrusted-root.badssl.com", - expectedErr: "x509: certificate signed by unknown authority", - }, - { - name: "expired leaf (custom time)", - host: "google.com", - verifyTime: time.Time{}.Add(time.Hour), - expectedErr: "x509: certificate has expired or is not yet valid: ", - }, - { - name: "valid chain (custom time)", - host: "google.com", - verifyTime: time.Now(), - }, - } - - for _, tc := range tests { - t.Run(tc.name, func(t *testing.T) { - chain := getChain(t, tc.host) - var opts x509.VerifyOptions - if len(chain) > 1 { - opts.Intermediates = x509.NewCertPool() - for _, c := range chain[1:] { - opts.Intermediates.AddCert(c) - } - } - if tc.verifyName != "" { - opts.DNSName = tc.verifyName - } - if !tc.verifyTime.IsZero() { - opts.CurrentTime = tc.verifyTime - } - - _, err := chain[0].Verify(opts) - if err != nil && tc.expectedErr == "" { - t.Errorf("unexpected verification error: %s", err) - } else if err != nil && err.Error() != tc.expectedErr { - t.Errorf("unexpected verification error: got %q, want %q", err.Error(), tc.expectedErr) - } else if err == nil && tc.expectedErr != "" { - t.Errorf("unexpected verification success: want %q", tc.expectedErr) - } - }) - } -} diff --git a/src/go.mod b/src/go.mod index debc972fa2f..01d759c800d 100644 --- a/src/go.mod +++ b/src/go.mod @@ -4,7 +4,7 @@ go 1.21 require ( golang.org/x/crypto v0.11.1-0.20230711161743-2e82bdd1719d - golang.org/x/net v0.12.1-0.20240403170600-947e999f3fbf + golang.org/x/net v0.12.1-0.20240412193743-ef58d90fdfc5 ) require ( diff --git a/src/go.sum b/src/go.sum index 6de02d75311..f83343a0a1a 100644 --- a/src/go.sum +++ b/src/go.sum @@ -1,7 +1,7 @@ golang.org/x/crypto v0.11.1-0.20230711161743-2e82bdd1719d h1:LiA25/KWKuXfIq5pMIBq1s5hz3HQxhJJSu/SUGlD+SM= golang.org/x/crypto v0.11.1-0.20230711161743-2e82bdd1719d/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio= -golang.org/x/net v0.12.1-0.20240403170600-947e999f3fbf h1:Sx7GT2w2lBn0wLFc+UkRDPosNMb3d+SHWF2Hg5T4+TQ= -golang.org/x/net v0.12.1-0.20240403170600-947e999f3fbf/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA= +golang.org/x/net v0.12.1-0.20240412193743-ef58d90fdfc5 h1:BIx9jz/hjPE1CesqfHzRaf2JsOjDxZrKAVr//XXJh0U= +golang.org/x/net v0.12.1-0.20240412193743-ef58d90fdfc5/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA= golang.org/x/sys v0.10.0 h1:SqMFp9UcQJZa+pmYuAKjd9xq1f0j5rLcDIk0mj4qAsA= golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/text v0.11.0 h1:LAntKIrcmeSKERyiOh0XMV39LXS8IE9UL2yP7+f5ij4= diff --git a/src/net/http/h2_bundle.go b/src/net/http/h2_bundle.go index 80c0c962cfc..6d8170e96ad 100644 --- a/src/net/http/h2_bundle.go +++ b/src/net/http/h2_bundle.go @@ -1891,6 +1891,9 @@ func http2terminalReadFrameError(err error) bool { // returned error is ErrFrameTooLarge. Other errors may be of type // ConnectionError, StreamError, or anything else from the underlying // reader. +// +// If ReadFrame returns an error and a non-nil Frame, the Frame's StreamID +// indicates the stream responsible for the error. func (fr *http2Framer) ReadFrame() (http2Frame, error) { fr.errDetail = nil if fr.lastFrame != nil { @@ -2923,7 +2926,7 @@ func (fr *http2Framer) maxHeaderStringLen() int { // readMetaFrame returns 0 or more CONTINUATION frames from fr and // merge them into the provided hf and returns a MetaHeadersFrame // with the decoded hpack values. -func (fr *http2Framer) readMetaFrame(hf *http2HeadersFrame) (*http2MetaHeadersFrame, error) { +func (fr *http2Framer) readMetaFrame(hf *http2HeadersFrame) (http2Frame, error) { if fr.AllowIllegalReads { return nil, errors.New("illegal use of AllowIllegalReads with ReadMetaHeaders") } @@ -2993,8 +2996,8 @@ func (fr *http2Framer) readMetaFrame(hf *http2HeadersFrame) (*http2MetaHeadersFr log.Printf("http2: header list too large") } // It would be nice to send a RST_STREAM before sending the GOAWAY, - // but the struture of the server's frame writer makes this difficult. - return nil, http2ConnectionError(http2ErrCodeProtocol) + // but the structure of the server's frame writer makes this difficult. + return mh, http2ConnectionError(http2ErrCodeProtocol) } // Also close the connection after any CONTINUATION frame following an @@ -3005,12 +3008,12 @@ func (fr *http2Framer) readMetaFrame(hf *http2HeadersFrame) (*http2MetaHeadersFr log.Printf("http2: invalid header: %v", invalid) } // It would be nice to send a RST_STREAM before sending the GOAWAY, - // but the struture of the server's frame writer makes this difficult. - return nil, http2ConnectionError(http2ErrCodeProtocol) + // but the structure of the server's frame writer makes this difficult. + return mh, http2ConnectionError(http2ErrCodeProtocol) } if _, err := hdec.Write(frag); err != nil { - return nil, http2ConnectionError(http2ErrCodeCompression) + return mh, http2ConnectionError(http2ErrCodeCompression) } if hc.HeadersEnded() { @@ -3027,7 +3030,7 @@ func (fr *http2Framer) readMetaFrame(hf *http2HeadersFrame) (*http2MetaHeadersFr mh.http2HeadersFrame.invalidate() if err := hdec.Close(); err != nil { - return nil, http2ConnectionError(http2ErrCodeCompression) + return mh, http2ConnectionError(http2ErrCodeCompression) } if invalid != nil { fr.errDetail = invalid @@ -5337,6 +5340,11 @@ func (sc *http2serverConn) processFrameFromReader(res http2readFrameResult) bool sc.goAway(http2ErrCodeFlowControl) return true case http2ConnectionError: + if res.f != nil { + if id := res.f.Header().StreamID; id > sc.maxClientStreamID { + sc.maxClientStreamID = id + } + } sc.logf("http2: server connection error from %v: %v", sc.conn.RemoteAddr(), ev) sc.goAway(http2ErrCode(ev)) return true // goAway will handle shutdown diff --git a/src/vendor/modules.txt b/src/vendor/modules.txt index ea24edf3c3d..53ad662c63d 100644 --- a/src/vendor/modules.txt +++ b/src/vendor/modules.txt @@ -7,7 +7,7 @@ golang.org/x/crypto/cryptobyte/asn1 golang.org/x/crypto/hkdf golang.org/x/crypto/internal/alias golang.org/x/crypto/internal/poly1305 -# golang.org/x/net v0.12.1-0.20240403170600-947e999f3fbf +# golang.org/x/net v0.12.1-0.20240412193743-ef58d90fdfc5 ## explicit; go 1.17 golang.org/x/net/dns/dnsmessage golang.org/x/net/http/httpguts diff --git a/test/fixedbugs/issue67160.go b/test/fixedbugs/issue67160.go new file mode 100644 index 00000000000..be45a61420b --- /dev/null +++ b/test/fixedbugs/issue67160.go @@ -0,0 +1,32 @@ +// run + +// Copyright 2024 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// Test to make sure that we don't try using larger loads for +// generated equality functions on architectures that can't do +// unaligned loads. + +package main + +// T has a big field that wants to be compared with larger loads/stores. +// T is "special" because of the unnamed field, so it needs a generated equality function. +// T is an odd number of bytes in size and has alignment 1. +type T struct { + src [8]byte + _ byte +} + +// U contains 8 copies of T, each at a different %8 alignment. +type U [8]T + +//go:noinline +func f(x, y *U) bool { + return *x == *y +} + +func main() { + var a U + _ = f(&a, &a) +} |