summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--VERSION4
-rw-r--r--src/cmd/go/internal/work/security.go19
-rw-r--r--src/cmd/go/testdata/script/darwin_lto_library_ldflag.txt17
-rw-r--r--src/cmd/internal/moddeps/moddeps_test.go2
-rw-r--r--src/go.mod2
-rw-r--r--src/go.sum4
-rw-r--r--src/net/http/h2_bundle.go22
-rw-r--r--src/vendor/modules.txt2
8 files changed, 53 insertions, 19 deletions
diff --git a/VERSION b/VERSION
index 88ae476..e8ac3fb 100644
--- a/VERSION
+++ b/VERSION
@@ -1,2 +1,2 @@
-go1.21.9
-time 2024-03-29T15:27:02Z
+go1.21.10
+time 2024-05-01T19:49:47Z
diff --git a/src/cmd/go/internal/work/security.go b/src/cmd/go/internal/work/security.go
index 270a34e..db49eb6 100644
--- a/src/cmd/go/internal/work/security.go
+++ b/src/cmd/go/internal/work/security.go
@@ -141,6 +141,12 @@ var validCompilerFlagsWithNextArg = []string{
"-x",
}
+var invalidLinkerFlags = []*lazyregexp.Regexp{
+ // On macOS this means the linker loads and executes the next argument.
+ // Have to exclude separately because -lfoo is allowed in general.
+ re(`-lto_library`),
+}
+
var validLinkerFlags = []*lazyregexp.Regexp{
re(`-F([^@\-].*)`),
re(`-l([^@\-].*)`),
@@ -231,12 +237,12 @@ var validLinkerFlagsWithNextArg = []string{
func checkCompilerFlags(name, source string, list []string) error {
checkOverrides := true
- return checkFlags(name, source, list, validCompilerFlags, validCompilerFlagsWithNextArg, checkOverrides)
+ return checkFlags(name, source, list, nil, validCompilerFlags, validCompilerFlagsWithNextArg, checkOverrides)
}
func checkLinkerFlags(name, source string, list []string) error {
checkOverrides := true
- return checkFlags(name, source, list, validLinkerFlags, validLinkerFlagsWithNextArg, checkOverrides)
+ return checkFlags(name, source, list, invalidLinkerFlags, validLinkerFlags, validLinkerFlagsWithNextArg, checkOverrides)
}
// checkCompilerFlagsForInternalLink returns an error if 'list'
@@ -245,7 +251,7 @@ func checkLinkerFlags(name, source string, list []string) error {
// external linker).
func checkCompilerFlagsForInternalLink(name, source string, list []string) error {
checkOverrides := false
- if err := checkFlags(name, source, list, validCompilerFlags, validCompilerFlagsWithNextArg, checkOverrides); err != nil {
+ if err := checkFlags(name, source, list, nil, validCompilerFlags, validCompilerFlagsWithNextArg, checkOverrides); err != nil {
return err
}
// Currently the only flag on the allow list that causes problems
@@ -258,7 +264,7 @@ func checkCompilerFlagsForInternalLink(name, source string, list []string) error
return nil
}
-func checkFlags(name, source string, list []string, valid []*lazyregexp.Regexp, validNext []string, checkOverrides bool) error {
+func checkFlags(name, source string, list []string, invalid, valid []*lazyregexp.Regexp, validNext []string, checkOverrides bool) error {
// Let users override rules with $CGO_CFLAGS_ALLOW, $CGO_CFLAGS_DISALLOW, etc.
var (
allow *regexp.Regexp
@@ -290,6 +296,11 @@ Args:
if allow != nil && allow.FindString(arg) == arg {
continue Args
}
+ for _, re := range invalid {
+ if re.FindString(arg) == arg { // must be complete match
+ goto Bad
+ }
+ }
for _, re := range valid {
if re.FindString(arg) == arg { // must be complete match
continue Args
diff --git a/src/cmd/go/testdata/script/darwin_lto_library_ldflag.txt b/src/cmd/go/testdata/script/darwin_lto_library_ldflag.txt
new file mode 100644
index 0000000..d7acefd
--- /dev/null
+++ b/src/cmd/go/testdata/script/darwin_lto_library_ldflag.txt
@@ -0,0 +1,17 @@
+[!GOOS:darwin] skip
+[!cgo] skip
+
+! go build
+stderr 'invalid flag in #cgo LDFLAGS: -lto_library'
+
+-- go.mod --
+module ldflag
+
+-- main.go --
+package main
+
+// #cgo CFLAGS: -flto
+// #cgo LDFLAGS: -lto_library bad.dylib
+import "C"
+
+func main() {} \ No newline at end of file
diff --git a/src/cmd/internal/moddeps/moddeps_test.go b/src/cmd/internal/moddeps/moddeps_test.go
index 718e120..ae890b6 100644
--- a/src/cmd/internal/moddeps/moddeps_test.go
+++ b/src/cmd/internal/moddeps/moddeps_test.go
@@ -33,8 +33,6 @@ import (
// See issues 36852, 41409, and 43687.
// (Also see golang.org/issue/27348.)
func TestAllDependencies(t *testing.T) {
- t.Skip("TODO(#65051): 1.21.9 contains unreleased changes from vendored modules")
-
goBin := testenv.GoToolPath(t)
// Ensure that all packages imported within GOROOT
diff --git a/src/go.mod b/src/go.mod
index b647051..01d759c 100644
--- a/src/go.mod
+++ b/src/go.mod
@@ -4,7 +4,7 @@ go 1.21
require (
golang.org/x/crypto v0.11.1-0.20230711161743-2e82bdd1719d
- golang.org/x/net v0.12.1-0.20240327214420-1a2eef3ba536
+ golang.org/x/net v0.12.1-0.20240412193743-ef58d90fdfc5
)
require (
diff --git a/src/go.sum b/src/go.sum
index 670b76c..f83343a 100644
--- a/src/go.sum
+++ b/src/go.sum
@@ -1,7 +1,7 @@
golang.org/x/crypto v0.11.1-0.20230711161743-2e82bdd1719d h1:LiA25/KWKuXfIq5pMIBq1s5hz3HQxhJJSu/SUGlD+SM=
golang.org/x/crypto v0.11.1-0.20230711161743-2e82bdd1719d/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio=
-golang.org/x/net v0.12.1-0.20240327214420-1a2eef3ba536 h1:QEPT0Le4+itOUqHbs7yUz5y7FoAOuK1ibDlfTcVguHM=
-golang.org/x/net v0.12.1-0.20240327214420-1a2eef3ba536/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA=
+golang.org/x/net v0.12.1-0.20240412193743-ef58d90fdfc5 h1:BIx9jz/hjPE1CesqfHzRaf2JsOjDxZrKAVr//XXJh0U=
+golang.org/x/net v0.12.1-0.20240412193743-ef58d90fdfc5/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA=
golang.org/x/sys v0.10.0 h1:SqMFp9UcQJZa+pmYuAKjd9xq1f0j5rLcDIk0mj4qAsA=
golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/text v0.11.0 h1:LAntKIrcmeSKERyiOh0XMV39LXS8IE9UL2yP7+f5ij4=
diff --git a/src/net/http/h2_bundle.go b/src/net/http/h2_bundle.go
index 80c0c96..6d8170e 100644
--- a/src/net/http/h2_bundle.go
+++ b/src/net/http/h2_bundle.go
@@ -1891,6 +1891,9 @@ func http2terminalReadFrameError(err error) bool {
// returned error is ErrFrameTooLarge. Other errors may be of type
// ConnectionError, StreamError, or anything else from the underlying
// reader.
+//
+// If ReadFrame returns an error and a non-nil Frame, the Frame's StreamID
+// indicates the stream responsible for the error.
func (fr *http2Framer) ReadFrame() (http2Frame, error) {
fr.errDetail = nil
if fr.lastFrame != nil {
@@ -2923,7 +2926,7 @@ func (fr *http2Framer) maxHeaderStringLen() int {
// readMetaFrame returns 0 or more CONTINUATION frames from fr and
// merge them into the provided hf and returns a MetaHeadersFrame
// with the decoded hpack values.
-func (fr *http2Framer) readMetaFrame(hf *http2HeadersFrame) (*http2MetaHeadersFrame, error) {
+func (fr *http2Framer) readMetaFrame(hf *http2HeadersFrame) (http2Frame, error) {
if fr.AllowIllegalReads {
return nil, errors.New("illegal use of AllowIllegalReads with ReadMetaHeaders")
}
@@ -2993,8 +2996,8 @@ func (fr *http2Framer) readMetaFrame(hf *http2HeadersFrame) (*http2MetaHeadersFr
log.Printf("http2: header list too large")
}
// It would be nice to send a RST_STREAM before sending the GOAWAY,
- // but the struture of the server's frame writer makes this difficult.
- return nil, http2ConnectionError(http2ErrCodeProtocol)
+ // but the structure of the server's frame writer makes this difficult.
+ return mh, http2ConnectionError(http2ErrCodeProtocol)
}
// Also close the connection after any CONTINUATION frame following an
@@ -3005,12 +3008,12 @@ func (fr *http2Framer) readMetaFrame(hf *http2HeadersFrame) (*http2MetaHeadersFr
log.Printf("http2: invalid header: %v", invalid)
}
// It would be nice to send a RST_STREAM before sending the GOAWAY,
- // but the struture of the server's frame writer makes this difficult.
- return nil, http2ConnectionError(http2ErrCodeProtocol)
+ // but the structure of the server's frame writer makes this difficult.
+ return mh, http2ConnectionError(http2ErrCodeProtocol)
}
if _, err := hdec.Write(frag); err != nil {
- return nil, http2ConnectionError(http2ErrCodeCompression)
+ return mh, http2ConnectionError(http2ErrCodeCompression)
}
if hc.HeadersEnded() {
@@ -3027,7 +3030,7 @@ func (fr *http2Framer) readMetaFrame(hf *http2HeadersFrame) (*http2MetaHeadersFr
mh.http2HeadersFrame.invalidate()
if err := hdec.Close(); err != nil {
- return nil, http2ConnectionError(http2ErrCodeCompression)
+ return mh, http2ConnectionError(http2ErrCodeCompression)
}
if invalid != nil {
fr.errDetail = invalid
@@ -5337,6 +5340,11 @@ func (sc *http2serverConn) processFrameFromReader(res http2readFrameResult) bool
sc.goAway(http2ErrCodeFlowControl)
return true
case http2ConnectionError:
+ if res.f != nil {
+ if id := res.f.Header().StreamID; id > sc.maxClientStreamID {
+ sc.maxClientStreamID = id
+ }
+ }
sc.logf("http2: server connection error from %v: %v", sc.conn.RemoteAddr(), ev)
sc.goAway(http2ErrCode(ev))
return true // goAway will handle shutdown
diff --git a/src/vendor/modules.txt b/src/vendor/modules.txt
index bfb8ca2..53ad662 100644
--- a/src/vendor/modules.txt
+++ b/src/vendor/modules.txt
@@ -7,7 +7,7 @@ golang.org/x/crypto/cryptobyte/asn1
golang.org/x/crypto/hkdf
golang.org/x/crypto/internal/alias
golang.org/x/crypto/internal/poly1305
-# golang.org/x/net v0.12.1-0.20240327214420-1a2eef3ba536
+# golang.org/x/net v0.12.1-0.20240412193743-ef58d90fdfc5
## explicit; go 1.17
golang.org/x/net/dns/dnsmessage
golang.org/x/net/http/httpguts