Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: golang/go
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: go1.21.9
Choose a base ref
...
head repository: golang/go
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: go1.21.10
Choose a head ref
  • 6 commits
  • 8 files changed
  • 5 contributors

Commits on Apr 3, 2024

  1. [release-branch.go1.21] all: tidy dependency versioning after release 

    Done with:

go get golang.org/x/[email protected]
go mod tidy
go mod vendor
go generate net/http  # zero diff since CL 576075 already did this

For CVE-2023-45288.
For #65051.
For #65387.

Change-Id: I336670bdb3df2496c1e8d322c20794042fbc0d02
Reviewed-on: https://go-review.googlesource.com/c/go/+/576275
TryBot-Bypass: Dmitri Shuralyov <[email protected]>
Reviewed-by: Than McIntosh <[email protected]>
Reviewed-by: Dmitri Shuralyov <[email protected]>
Auto-Submit: Dmitri Shuralyov <[email protected]>
    @dmitshur @gopherbot
    dmitshur authored and gopherbot committed Apr 3, 2024
    Copy the full SHA
    7450117 View commit details

Commits on Apr 12, 2024

  1. [release-branch.go1.21] net/http: update bundled golang.org/x/net/http2 

    Pull in CL 578336:

	ef58d90f http2: send correct LastStreamID in stream-caused GOAWAY

For #66668.
Fixes #66697.

Change-Id: I91fc8a67f21fadcb1801ff29d5e2b0453db89617
Reviewed-on: https://go-review.googlesource.com/c/go/+/578357
Reviewed-by: Carlos Amedee <[email protected]>
Reviewed-by: Dmitri Shuralyov <[email protected]>
LUCI-TryBot-Result: Go LUCI <[email protected]>
    @dmitshur @cagedmantis
    dmitshur authored and cagedmantis committed Apr 12, 2024
    Copy the full SHA
    891ac91 View commit details

Commits on May 6, 2024

  1. [release-branch.go1.21] cmd/compile: don't combine loads in generated… 

    … equality functions

... if the architecture can't do unaligned loads.
We already handle this in a few places, but this particular place
was added in CL 399542 and missed this additional restriction.

Fixes #67164

Change-Id: I45988f11ff3ed45df1c4da3f0931ab1fdb22dbfe
Reviewed-on: https://go-review.googlesource.com/c/go/+/583175
Reviewed-by: Cuong Manh Le <[email protected]>
Auto-Submit: Keith Randall <[email protected]>
Reviewed-by: Keith Randall <[email protected]>
LUCI-TryBot-Result: Go LUCI <[email protected]>
Reviewed-by: Derek Parker <[email protected]>
Reviewed-by: Cherry Mui <[email protected]>
(cherry picked from commit 3c72dd5)
Reviewed-on: https://go-review.googlesource.com/c/go/+/583303
    @randall77
    randall77 committed May 6, 2024

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    58e77ad View commit details

  2. [release-branch.go1.21] Revert "cmd/compile: don't combine loads in g… 

    …enerated equality functions"

This reverts CL 583303.

Reason for revert: release branch is currently frozen.

Change-Id: Icbdb73b5b40690a875497dd0dc57ca84c728ef6f
Reviewed-on: https://go-review.googlesource.com/c/go/+/582961
LUCI-TryBot-Result: Go LUCI <[email protected]>
Reviewed-by: Dmitri Shuralyov <[email protected]>
    @cherrymui
    cherrymui committed May 6, 2024
    Copy the full SHA
    78d89b2 View commit details

Commits on May 7, 2024

  1. [release-branch.go1.21] cmd/go: disallow -lto_library in LDFLAGS 

    The darwin linker allows setting the LTO library with the -lto_library
flag. This wasn't caught by our "safe linker flags" check because it
was covered by the -lx flag used for linking libraries. This change
adds a specific check for excluded flags which otherwise satisfy our
existing checks.

Loading a mallicious LTO library would allow an attacker to cause the
linker to execute abritrary code when "go build" was called.

Thanks to Juho Forsén of Mattermost for reporting this issue.

Fixes #67119
Fixes #67121
Fixes CVE-2024-24787

Change-Id: I77ac8585efbdbdfd5f39c39ed623b9408a0f9eaf
Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/1380
Reviewed-by: Russ Cox <[email protected]>
Reviewed-by: Damien Neil <[email protected]>
(cherry picked from commit 9a79141fbbca1105e5c786f15e38741ca7843290)
Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/1401
Reviewed-by: Tatiana Bradley <[email protected]>
Reviewed-on: https://go-review.googlesource.com/c/go/+/583795
Reviewed-by: David Chase <[email protected]>
LUCI-TryBot-Result: Go LUCI <[email protected]>
    @rolandshoemaker @cherrymui
    rolandshoemaker authored and cherrymui committed May 7, 2024
    Copy the full SHA
    a79ea27 View commit details

  2. [release-branch.go1.21] go1.21.10 

    Change-Id: I655ab537d86a2ec71634a2f4ca5d520834de9fda
Reviewed-on: https://go-review.googlesource.com/c/go/+/583857
Auto-Submit: Gopher Robot <[email protected]>
Reviewed-by: Cherry Mui <[email protected]>
Reviewed-by: David Chase <[email protected]>
LUCI-TryBot-Result: Go LUCI <[email protected]>
    @gopherbot @cherrymui
    gopherbot authored and cherrymui committed May 7, 2024
    Copy the full SHA
    752b009 View commit details
Loading