diff options
-rw-r--r-- | VERSION | 4 | ||||
-rw-r--r-- | src/cmd/go/internal/work/security.go | 19 | ||||
-rw-r--r-- | src/cmd/go/testdata/script/darwin_lto_library_ldflag.txt | 17 | ||||
-rw-r--r-- | src/cmd/internal/moddeps/moddeps_test.go | 2 | ||||
-rw-r--r-- | src/go.mod | 2 | ||||
-rw-r--r-- | src/go.sum | 4 | ||||
-rw-r--r-- | src/net/http/h2_bundle.go | 22 | ||||
-rw-r--r-- | src/vendor/modules.txt | 2 |
8 files changed, 53 insertions, 19 deletions
@@ -1,2 +1,2 @@ -go1.21.9 -time 2024-03-29T15:27:02Z +go1.21.10 +time 2024-05-01T19:49:47Z diff --git a/src/cmd/go/internal/work/security.go b/src/cmd/go/internal/work/security.go index 270a34e..db49eb6 100644 --- a/src/cmd/go/internal/work/security.go +++ b/src/cmd/go/internal/work/security.go @@ -141,6 +141,12 @@ var validCompilerFlagsWithNextArg = []string{ "-x", } +var invalidLinkerFlags = []*lazyregexp.Regexp{ + // On macOS this means the linker loads and executes the next argument. + // Have to exclude separately because -lfoo is allowed in general. + re(`-lto_library`), +} + var validLinkerFlags = []*lazyregexp.Regexp{ re(`-F([^@\-].*)`), re(`-l([^@\-].*)`), @@ -231,12 +237,12 @@ var validLinkerFlagsWithNextArg = []string{ func checkCompilerFlags(name, source string, list []string) error { checkOverrides := true - return checkFlags(name, source, list, validCompilerFlags, validCompilerFlagsWithNextArg, checkOverrides) + return checkFlags(name, source, list, nil, validCompilerFlags, validCompilerFlagsWithNextArg, checkOverrides) } func checkLinkerFlags(name, source string, list []string) error { checkOverrides := true - return checkFlags(name, source, list, validLinkerFlags, validLinkerFlagsWithNextArg, checkOverrides) + return checkFlags(name, source, list, invalidLinkerFlags, validLinkerFlags, validLinkerFlagsWithNextArg, checkOverrides) } // checkCompilerFlagsForInternalLink returns an error if 'list' @@ -245,7 +251,7 @@ func checkLinkerFlags(name, source string, list []string) error { // external linker). func checkCompilerFlagsForInternalLink(name, source string, list []string) error { checkOverrides := false - if err := checkFlags(name, source, list, validCompilerFlags, validCompilerFlagsWithNextArg, checkOverrides); err != nil { + if err := checkFlags(name, source, list, nil, validCompilerFlags, validCompilerFlagsWithNextArg, checkOverrides); err != nil { return err } // Currently the only flag on the allow list that causes problems @@ -258,7 +264,7 @@ func checkCompilerFlagsForInternalLink(name, source string, list []string) error return nil } -func checkFlags(name, source string, list []string, valid []*lazyregexp.Regexp, validNext []string, checkOverrides bool) error { +func checkFlags(name, source string, list []string, invalid, valid []*lazyregexp.Regexp, validNext []string, checkOverrides bool) error { // Let users override rules with $CGO_CFLAGS_ALLOW, $CGO_CFLAGS_DISALLOW, etc. var ( allow *regexp.Regexp @@ -290,6 +296,11 @@ Args: if allow != nil && allow.FindString(arg) == arg { continue Args } + for _, re := range invalid { + if re.FindString(arg) == arg { // must be complete match + goto Bad + } + } for _, re := range valid { if re.FindString(arg) == arg { // must be complete match continue Args diff --git a/src/cmd/go/testdata/script/darwin_lto_library_ldflag.txt b/src/cmd/go/testdata/script/darwin_lto_library_ldflag.txt new file mode 100644 index 0000000..d7acefd --- /dev/null +++ b/src/cmd/go/testdata/script/darwin_lto_library_ldflag.txt @@ -0,0 +1,17 @@ +[!GOOS:darwin] skip +[!cgo] skip + +! go build +stderr 'invalid flag in #cgo LDFLAGS: -lto_library' + +-- go.mod -- +module ldflag + +-- main.go -- +package main + +// #cgo CFLAGS: -flto +// #cgo LDFLAGS: -lto_library bad.dylib +import "C" + +func main() {}
\ No newline at end of file diff --git a/src/cmd/internal/moddeps/moddeps_test.go b/src/cmd/internal/moddeps/moddeps_test.go index 718e120..ae890b6 100644 --- a/src/cmd/internal/moddeps/moddeps_test.go +++ b/src/cmd/internal/moddeps/moddeps_test.go @@ -33,8 +33,6 @@ import ( // See issues 36852, 41409, and 43687. // (Also see golang.org/issue/27348.) func TestAllDependencies(t *testing.T) { - t.Skip("TODO(#65051): 1.21.9 contains unreleased changes from vendored modules") - goBin := testenv.GoToolPath(t) // Ensure that all packages imported within GOROOT @@ -4,7 +4,7 @@ go 1.21 require ( golang.org/x/crypto v0.11.1-0.20230711161743-2e82bdd1719d - golang.org/x/net v0.12.1-0.20240327214420-1a2eef3ba536 + golang.org/x/net v0.12.1-0.20240412193743-ef58d90fdfc5 ) require ( @@ -1,7 +1,7 @@ golang.org/x/crypto v0.11.1-0.20230711161743-2e82bdd1719d h1:LiA25/KWKuXfIq5pMIBq1s5hz3HQxhJJSu/SUGlD+SM= golang.org/x/crypto v0.11.1-0.20230711161743-2e82bdd1719d/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio= -golang.org/x/net v0.12.1-0.20240327214420-1a2eef3ba536 h1:QEPT0Le4+itOUqHbs7yUz5y7FoAOuK1ibDlfTcVguHM= -golang.org/x/net v0.12.1-0.20240327214420-1a2eef3ba536/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA= +golang.org/x/net v0.12.1-0.20240412193743-ef58d90fdfc5 h1:BIx9jz/hjPE1CesqfHzRaf2JsOjDxZrKAVr//XXJh0U= +golang.org/x/net v0.12.1-0.20240412193743-ef58d90fdfc5/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA= golang.org/x/sys v0.10.0 h1:SqMFp9UcQJZa+pmYuAKjd9xq1f0j5rLcDIk0mj4qAsA= golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/text v0.11.0 h1:LAntKIrcmeSKERyiOh0XMV39LXS8IE9UL2yP7+f5ij4= diff --git a/src/net/http/h2_bundle.go b/src/net/http/h2_bundle.go index 80c0c96..6d8170e 100644 --- a/src/net/http/h2_bundle.go +++ b/src/net/http/h2_bundle.go @@ -1891,6 +1891,9 @@ func http2terminalReadFrameError(err error) bool { // returned error is ErrFrameTooLarge. Other errors may be of type // ConnectionError, StreamError, or anything else from the underlying // reader. +// +// If ReadFrame returns an error and a non-nil Frame, the Frame's StreamID +// indicates the stream responsible for the error. func (fr *http2Framer) ReadFrame() (http2Frame, error) { fr.errDetail = nil if fr.lastFrame != nil { @@ -2923,7 +2926,7 @@ func (fr *http2Framer) maxHeaderStringLen() int { // readMetaFrame returns 0 or more CONTINUATION frames from fr and // merge them into the provided hf and returns a MetaHeadersFrame // with the decoded hpack values. -func (fr *http2Framer) readMetaFrame(hf *http2HeadersFrame) (*http2MetaHeadersFrame, error) { +func (fr *http2Framer) readMetaFrame(hf *http2HeadersFrame) (http2Frame, error) { if fr.AllowIllegalReads { return nil, errors.New("illegal use of AllowIllegalReads with ReadMetaHeaders") } @@ -2993,8 +2996,8 @@ func (fr *http2Framer) readMetaFrame(hf *http2HeadersFrame) (*http2MetaHeadersFr log.Printf("http2: header list too large") } // It would be nice to send a RST_STREAM before sending the GOAWAY, - // but the struture of the server's frame writer makes this difficult. - return nil, http2ConnectionError(http2ErrCodeProtocol) + // but the structure of the server's frame writer makes this difficult. + return mh, http2ConnectionError(http2ErrCodeProtocol) } // Also close the connection after any CONTINUATION frame following an @@ -3005,12 +3008,12 @@ func (fr *http2Framer) readMetaFrame(hf *http2HeadersFrame) (*http2MetaHeadersFr log.Printf("http2: invalid header: %v", invalid) } // It would be nice to send a RST_STREAM before sending the GOAWAY, - // but the struture of the server's frame writer makes this difficult. - return nil, http2ConnectionError(http2ErrCodeProtocol) + // but the structure of the server's frame writer makes this difficult. + return mh, http2ConnectionError(http2ErrCodeProtocol) } if _, err := hdec.Write(frag); err != nil { - return nil, http2ConnectionError(http2ErrCodeCompression) + return mh, http2ConnectionError(http2ErrCodeCompression) } if hc.HeadersEnded() { @@ -3027,7 +3030,7 @@ func (fr *http2Framer) readMetaFrame(hf *http2HeadersFrame) (*http2MetaHeadersFr mh.http2HeadersFrame.invalidate() if err := hdec.Close(); err != nil { - return nil, http2ConnectionError(http2ErrCodeCompression) + return mh, http2ConnectionError(http2ErrCodeCompression) } if invalid != nil { fr.errDetail = invalid @@ -5337,6 +5340,11 @@ func (sc *http2serverConn) processFrameFromReader(res http2readFrameResult) bool sc.goAway(http2ErrCodeFlowControl) return true case http2ConnectionError: + if res.f != nil { + if id := res.f.Header().StreamID; id > sc.maxClientStreamID { + sc.maxClientStreamID = id + } + } sc.logf("http2: server connection error from %v: %v", sc.conn.RemoteAddr(), ev) sc.goAway(http2ErrCode(ev)) return true // goAway will handle shutdown diff --git a/src/vendor/modules.txt b/src/vendor/modules.txt index bfb8ca2..53ad662 100644 --- a/src/vendor/modules.txt +++ b/src/vendor/modules.txt @@ -7,7 +7,7 @@ golang.org/x/crypto/cryptobyte/asn1 golang.org/x/crypto/hkdf golang.org/x/crypto/internal/alias golang.org/x/crypto/internal/poly1305 -# golang.org/x/net v0.12.1-0.20240327214420-1a2eef3ba536 +# golang.org/x/net v0.12.1-0.20240412193743-ef58d90fdfc5 ## explicit; go 1.17 golang.org/x/net/dns/dnsmessage golang.org/x/net/http/httpguts |