1. 11 Jun, 2019 2 commits
  2. 10 Jun, 2019 2 commits
  3. 07 Jun, 2019 3 commits
  4. 17 May, 2019 1 commit
    • Jason A. Donenfeld's avatar
      [release-branch.go1.12] os: pass correct environment when creating Windows processes · afcfe0d3
      Jason A. Donenfeld authored
      This is CVE-2019-11888.
      
      Previously, passing a nil environment but a non-nil token would result
      in the new potentially unprivileged process inheriting the parent
      potentially privileged environment, or would result in the new
      potentially privileged process inheriting the parent potentially
      unprivileged environment. Either way, it's bad. In the former case, it's
      an infoleak. In the latter case, it's a possible EoP, since things like
      PATH could be overwritten.
      
      Not specifying an environment currently means, "use the existing
      environment". This commit amends the behavior to be, "use the existing
      environment of the token the process is being created for." The behavior
      therefore stays the same when creating processes without specifying a
      token. And it does the correct thing when creating processes when
      specifying a token.
      
      Updates #32000
      Fixes #32081
      
      Change-Id: Ib4a90cfffb6ba866c855f66f1313372fdd34ce41
      Reviewed-on: https://go-review.googlesource.com/c/go/+/177538
      Run-TryBot: Jason Donenfeld <Jason@zx2c4.com>
      TryBot-Result: Gobot Gobot <gobot@golang.org>
      Reviewed-by: default avatarIan Lance Taylor <iant@golang.org>
      afcfe0d3
  5. 14 May, 2019 1 commit
  6. 08 May, 2019 1 commit
  7. 06 May, 2019 6 commits
  8. 01 May, 2019 2 commits
    • Russ Cox's avatar
      [release-branch.go1.12] cmd/vet: add tests for point-release issues · dc6db5f4
      Russ Cox authored
      Add explicit tests for:
      
       #30465	cmd/vet: Consider reverting tag conflict for embedded fields
       #30399	cmd/vet: possible to get a printf false positive with big.Int
      
      because we have managed not to fix them in the last
      couple point releases, and it will be too embarrassing
      to do that yet again.
      
      Change-Id: Ib1da5df870348b6eb9bfc8a87c507ecc6d44b8dd
      Reviewed-on: https://go-review.googlesource.com/c/go/+/174520
      Run-TryBot: Russ Cox <rsc@golang.org>
      TryBot-Result: Gobot Gobot <gobot@golang.org>
      Reviewed-by: default avatarBrad Fitzpatrick <bradfitz@golang.org>
      dc6db5f4
    • Russ Cox's avatar
      [release-branch.go1.12] cmd/vendor/golang.org/x/tools/go/analysis: update from... · 9ac70939
      Russ Cox authored
      [release-branch.go1.12] cmd/vendor/golang.org/x/tools/go/analysis: update from release-branch.go1.12
      
      $ ./update-xtools.sh
      Copied /Users/rsc/src/golang.org/x/tools@aa829657 to .
      $ cd ~/src/golang.org/x/tools
      $ git log -n1 aa829657
      commit aa82965741a9fecd12b026fbb3d3c6ed3231b8f8 (HEAD -> release-branch.go1.12, origin/release-branch.go1.12)
      Author:     Daniel Martí <mvdan@mvdan.cc>
      AuthorDate: Fri Mar 1 11:00:19 2019 +0000
      Commit:     Brad Fitzpatrick <bradfitz@golang.org>
      CommitDate: Wed Mar 13 21:06:03 2019 +0000
      ...
      $
      
      Picks up cmd/vet fixes that have been inadvertently missed in point releases so far.
      
      Fixes #30399.
      Fixes #30465.
      
      Change-Id: Ibcfaac51d134205b986b32f857d54006b19c896a
      Reviewed-on: https://go-review.googlesource.com/c/go/+/174519
      Run-TryBot: Russ Cox <rsc@golang.org>
      TryBot-Result: Gobot Gobot <gobot@golang.org>
      Reviewed-by: default avatarBrad Fitzpatrick <bradfitz@golang.org>
      9ac70939
  9. 29 Apr, 2019 1 commit
  10. 26 Apr, 2019 2 commits
  11. 23 Apr, 2019 1 commit
  12. 22 Apr, 2019 1 commit
  13. 18 Apr, 2019 1 commit
  14. 16 Apr, 2019 1 commit
  15. 15 Apr, 2019 1 commit
  16. 11 Apr, 2019 2 commits
  17. 08 Apr, 2019 5 commits
  18. 05 Apr, 2019 7 commits