From 9a9a5cbfee0918010aa1ebc51edfc553a6b70cdb Mon Sep 17 00:00:00 2001 From: Flatcar Buildbot Date: Mon, 2 Feb 2026 07:25:30 +0000 Subject: [PATCH] dev-lang/go: Sync with Gentoo It's from Gentoo commit 9671e6a50b5ceb989c77e6960ef209ec571e3e3f. Signed-off-by: Flatcar Buildbot --- .../portage-stable/dev-lang/go/Manifest | 6 +- .../go/files/go-1.24-vgetrandom.patch | 234 ------------------ .../go/files/go-1.24.9-ipv6-validation.patch | 86 ------- .../files/go-1.25-strip-top-level-const.patch | 94 +++++++ .../go/files/go-1.25.3-ipv6-validation.patch | 86 ------- .../dev-lang/go/files/go-sets.conf | 7 - .../{go-1.24.10.ebuild => go-1.24.11.ebuild} | 2 +- .../dev-lang/go/go-1.24.9.ebuild | 130 ---------- .../dev-lang/go/go-1.25.3.ebuild | 131 ---------- .../go/{go-1.25.4.ebuild => go-1.25.5.ebuild} | 3 +- .../portage-stable/dev-lang/go/go-9999.ebuild | 2 +- 11 files changed, 100 insertions(+), 681 deletions(-) delete mode 100644 sdk_container/src/third_party/portage-stable/dev-lang/go/files/go-1.24-vgetrandom.patch delete mode 100644 sdk_container/src/third_party/portage-stable/dev-lang/go/files/go-1.24.9-ipv6-validation.patch create mode 100644 sdk_container/src/third_party/portage-stable/dev-lang/go/files/go-1.25-strip-top-level-const.patch delete mode 100644 sdk_container/src/third_party/portage-stable/dev-lang/go/files/go-1.25.3-ipv6-validation.patch delete mode 100644 sdk_container/src/third_party/portage-stable/dev-lang/go/files/go-sets.conf rename sdk_container/src/third_party/portage-stable/dev-lang/go/{go-1.24.10.ebuild => go-1.24.11.ebuild} (96%) delete mode 100644 sdk_container/src/third_party/portage-stable/dev-lang/go/go-1.24.9.ebuild delete mode 100644 sdk_container/src/third_party/portage-stable/dev-lang/go/go-1.25.3.ebuild rename sdk_container/src/third_party/portage-stable/dev-lang/go/{go-1.25.4.ebuild => go-1.25.5.ebuild} (95%) diff --git a/sdk_container/src/third_party/portage-stable/dev-lang/go/Manifest b/sdk_container/src/third_party/portage-stable/dev-lang/go/Manifest index 786895d252..d9f56e3f46 100644 --- a/sdk_container/src/third_party/portage-stable/dev-lang/go/Manifest +++ b/sdk_container/src/third_party/portage-stable/dev-lang/go/Manifest @@ -1,4 +1,2 @@ -DIST go1.24.10.src.tar.gz 30800718 BLAKE2B 0e5ca52c3f4e4f6dae1fc24363636ae93aea61cdd2ea750d287717cb79bc10e4554431b44348d1231e0a4e31205922d8f7a08cf609faee12a629263ae63e1e07 SHA512 4fa49b8948ecc9dfe8b18e098f0fef4226eeb59ea0bfd266e0bf207bfd06a51e2c4bbf8aa98482e1cdc4c892defa4de2afcbcd289cb5872dc9c62cd355fbcfbe -DIST go1.24.9.src.tar.gz 30800154 BLAKE2B 30e5ea7dac441a94bd023e152075651583b697c555da73e1581b6eef3dfdee0f7c30a774b8e9704940af60c43e97c8e8ba89b9e84d672a4805b5c969a4140ee8 SHA512 f553a6bdafa9e59d33756c99f6180dcb7e51762733f300488cdab1d42b918e0fff87fa42d714a6b667e039dd22e1ea14ef5f6e3eb1c9c215ff620d559a5c091a -DIST go1.25.3.src.tar.gz 31980799 BLAKE2B 4119c93544545b3e30b93ce4e1e9420447f7c9f8c68f9ef9debc8359028225e875e976aad91e390e3f0c7e5747d68d1e070280bd8376a56bd83c1894d68e6427 SHA512 91d32bbff864c06b5ee7b914d3d95c59462352a4c395adba85eaab72704a8aa4d19ac2a361ed64774dce3c8e01a8d4feadf1a788814f6d7b4072a3bdfefbb3b4 -DIST go1.25.4.src.tar.gz 31981767 BLAKE2B ca27795645be748010bd7ef559166b48464e57245e9d65d34e4b540c7063a0ae726582c6490c1d764dcaf8786bbb6ccc35abc8226105706685a87a150a63942e SHA512 6892c2cadc22bce82250f52c754053a70e9e594ec53754a1bed6b9594e8faffda1a6b052d6e298692948740ac0079697294430a4138a842ea298877449cf01cd +DIST go1.24.11.src.tar.gz 30801851 BLAKE2B 04463c4a238b0303df88ad2d7670bdb208deced4f38c9bfc2b98ec04cc2e182a03fcf029334481507efa766b17e81c92bac9d63fc93948f94ee2b2c8adff40b4 SHA512 9344039d231e50b63f52acbdd6cf2f483a4052d95b5fcc3e8a6d8fde80f0195f66ac5588302809ff0425de4d7c6b428ae842ec33b468c7020873acedbdea16ef +DIST go1.25.5.src.tar.gz 31983405 BLAKE2B b6349931e6174b1b11c00360fb7a3040a80f3d3d463894b29393a464548398bad37be685923c725eb8a3fb71d42849254319102c833418f81eca477f52579222 SHA512 97ec368521253bce610e1e3a6f10460f4a38eba440289553a40ab27afcdf2bb9b426d150ffaa3be8db50e84a00a4eb723a631ebc4f39168bc133bf7b2f1ccf66 diff --git a/sdk_container/src/third_party/portage-stable/dev-lang/go/files/go-1.24-vgetrandom.patch b/sdk_container/src/third_party/portage-stable/dev-lang/go/files/go-1.24-vgetrandom.patch deleted file mode 100644 index 5baed139a0..0000000000 --- a/sdk_container/src/third_party/portage-stable/dev-lang/go/files/go-1.24-vgetrandom.patch +++ /dev/null @@ -1,234 +0,0 @@ -From ff2636f45e0087a1c6d8e895257d9c4729710811 Mon Sep 17 00:00:00 2001 -From: Michael Pratt -Date: Thu, 03 Apr 2025 03:26:25 +0000 -Subject: [PATCH] [release-branch.go1.24] runtime: cleanup M vgetrandom state before dropping P - -When an M is destroyed, we put its vgetrandom state back on the shared -list for another M to reuse. This list is simply a slice, so appending -to the slice may allocate. Currently this operation is performed in -mdestroy, after the P is released, meaning allocation is not allowed. - -More the cleanup earlier in mdestroy when allocation is still OK. - -Also add //go:nowritebarrierrec to mdestroy since it runs without a P, -which would have caught this bug. - -Fixes #73144. -For #73141. - -Change-Id: I6a6a636c3fbf5c6eec09d07a260e39dbb4d2db12 -Reviewed-on: https://go-review.googlesource.com/c/go/+/662455 -Reviewed-by: Jason Donenfeld -LUCI-TryBot-Result: Go LUCI -Reviewed-by: Keith Randall -Reviewed-by: Keith Randall -(cherry picked from commit 0b31e6d4cc804ab76ae8ced151ee2f50657aec14) ---- - -diff --git a/src/runtime/os3_solaris.go b/src/runtime/os3_solaris.go -index cf163a6..ded821b 100644 ---- a/src/runtime/os3_solaris.go -+++ b/src/runtime/os3_solaris.go -@@ -234,8 +234,11 @@ - getg().m.procid = 0 - } - --// Called from exitm, but not from drop, to undo the effect of thread-owned -+// Called from mexit, but not from dropm, to undo the effect of thread-owned - // resources in minit, semacreate, or elsewhere. Do not take locks after calling this. -+// -+// This always runs without a P, so //go:nowritebarrierrec is required. -+//go:nowritebarrierrec - func mdestroy(mp *m) { - } - -diff --git a/src/runtime/os_aix.go b/src/runtime/os_aix.go -index 93464cb..1b483c2 100644 ---- a/src/runtime/os_aix.go -+++ b/src/runtime/os_aix.go -@@ -186,8 +186,11 @@ - getg().m.procid = 0 - } - --// Called from exitm, but not from drop, to undo the effect of thread-owned -+// Called from mexit, but not from dropm, to undo the effect of thread-owned - // resources in minit, semacreate, or elsewhere. Do not take locks after calling this. -+// -+// This always runs without a P, so //go:nowritebarrierrec is required. -+//go:nowritebarrierrec - func mdestroy(mp *m) { - } - -diff --git a/src/runtime/os_darwin.go b/src/runtime/os_darwin.go -index 0ecbea7..6eab3b5 100644 ---- a/src/runtime/os_darwin.go -+++ b/src/runtime/os_darwin.go -@@ -344,8 +344,11 @@ - getg().m.procid = 0 - } - --// Called from exitm, but not from drop, to undo the effect of thread-owned -+// Called from mexit, but not from dropm, to undo the effect of thread-owned - // resources in minit, semacreate, or elsewhere. Do not take locks after calling this. -+// -+// This always runs without a P, so //go:nowritebarrierrec is required. -+//go:nowritebarrierrec - func mdestroy(mp *m) { - } - -diff --git a/src/runtime/os_dragonfly.go b/src/runtime/os_dragonfly.go -index a02696e..9b32350 100644 ---- a/src/runtime/os_dragonfly.go -+++ b/src/runtime/os_dragonfly.go -@@ -216,8 +216,11 @@ - getg().m.procid = 0 - } - --// Called from exitm, but not from drop, to undo the effect of thread-owned -+// Called from mexit, but not from dropm, to undo the effect of thread-owned - // resources in minit, semacreate, or elsewhere. Do not take locks after calling this. -+// -+// This always runs without a P, so //go:nowritebarrierrec is required. -+//go:nowritebarrierrec - func mdestroy(mp *m) { - } - -diff --git a/src/runtime/os_linux.go b/src/runtime/os_linux.go -index 8b3c4d0..fb46b81 100644 ---- a/src/runtime/os_linux.go -+++ b/src/runtime/os_linux.go -@@ -412,13 +412,12 @@ - getg().m.procid = 0 - } - --// Called from exitm, but not from drop, to undo the effect of thread-owned -+// Called from mexit, but not from dropm, to undo the effect of thread-owned - // resources in minit, semacreate, or elsewhere. Do not take locks after calling this. -+// -+// This always runs without a P, so //go:nowritebarrierrec is required. -+//go:nowritebarrierrec - func mdestroy(mp *m) { -- if mp.vgetrandomState != 0 { -- vgetrandomPutState(mp.vgetrandomState) -- mp.vgetrandomState = 0 -- } - } - - // #ifdef GOARCH_386 -diff --git a/src/runtime/os_netbsd.go b/src/runtime/os_netbsd.go -index 735ace2..a06e5fe 100644 ---- a/src/runtime/os_netbsd.go -+++ b/src/runtime/os_netbsd.go -@@ -320,8 +320,11 @@ - // must continue working after unminit. - } - --// Called from exitm, but not from drop, to undo the effect of thread-owned -+// Called from mexit, but not from dropm, to undo the effect of thread-owned - // resources in minit, semacreate, or elsewhere. Do not take locks after calling this. -+// -+// This always runs without a P, so //go:nowritebarrierrec is required. -+//go:nowritebarrierrec - func mdestroy(mp *m) { - } - -diff --git a/src/runtime/os_openbsd.go b/src/runtime/os_openbsd.go -index 574bfa8..4ce4c3c 100644 ---- a/src/runtime/os_openbsd.go -+++ b/src/runtime/os_openbsd.go -@@ -182,8 +182,11 @@ - getg().m.procid = 0 - } - --// Called from exitm, but not from drop, to undo the effect of thread-owned -+// Called from mexit, but not from dropm, to undo the effect of thread-owned - // resources in minit, semacreate, or elsewhere. Do not take locks after calling this. -+// -+// This always runs without a P, so //go:nowritebarrierrec is required. -+//go:nowritebarrierrec - func mdestroy(mp *m) { - } - -diff --git a/src/runtime/os_plan9.go b/src/runtime/os_plan9.go -index 2dbb42a..3b5965a 100644 ---- a/src/runtime/os_plan9.go -+++ b/src/runtime/os_plan9.go -@@ -217,8 +217,11 @@ - func unminit() { - } - --// Called from exitm, but not from drop, to undo the effect of thread-owned -+// Called from mexit, but not from dropm, to undo the effect of thread-owned - // resources in minit, semacreate, or elsewhere. Do not take locks after calling this. -+// -+// This always runs without a P, so //go:nowritebarrierrec is required. -+//go:nowritebarrierrec - func mdestroy(mp *m) { - } - -diff --git a/src/runtime/os_windows.go b/src/runtime/os_windows.go -index 7183e79..54407a3 100644 ---- a/src/runtime/os_windows.go -+++ b/src/runtime/os_windows.go -@@ -906,9 +906,11 @@ - mp.procid = 0 - } - --// Called from exitm, but not from drop, to undo the effect of thread-owned -+// Called from mexit, but not from dropm, to undo the effect of thread-owned - // resources in minit, semacreate, or elsewhere. Do not take locks after calling this. - // -+// This always runs without a P, so //go:nowritebarrierrec is required. -+//go:nowritebarrierrec - //go:nosplit - func mdestroy(mp *m) { - if mp.highResTimer != 0 { -diff --git a/src/runtime/proc.go b/src/runtime/proc.go -index e9873e5..21bee4d 100644 ---- a/src/runtime/proc.go -+++ b/src/runtime/proc.go -@@ -1935,6 +1935,9 @@ - mp.gsignal = nil - } - -+ // Free vgetrandom state. -+ vgetrandomDestroy(mp) -+ - // Remove m from allm. - lock(&sched.lock) - for pprev := &allm; *pprev != nil; pprev = &(*pprev).alllink { -diff --git a/src/runtime/vgetrandom_linux.go b/src/runtime/vgetrandom_linux.go -index a6ec4b7..40be022 100644 ---- a/src/runtime/vgetrandom_linux.go -+++ b/src/runtime/vgetrandom_linux.go -@@ -73,9 +73,16 @@ - return state - } - --func vgetrandomPutState(state uintptr) { -+// Free vgetrandom state from the M (if any) prior to destroying the M. -+// -+// This may allocate, so it must have a P. -+func vgetrandomDestroy(mp *m) { -+ if mp.vgetrandomState == 0 { -+ return -+ } -+ - lock(&vgetrandomAlloc.statesLock) -- vgetrandomAlloc.states = append(vgetrandomAlloc.states, state) -+ vgetrandomAlloc.states = append(vgetrandomAlloc.states, mp.vgetrandomState) - unlock(&vgetrandomAlloc.statesLock) - } - -diff --git a/src/runtime/vgetrandom_unsupported.go b/src/runtime/vgetrandom_unsupported.go -index 070392c..43c53e1 100644 ---- a/src/runtime/vgetrandom_unsupported.go -+++ b/src/runtime/vgetrandom_unsupported.go -@@ -13,6 +13,6 @@ - return -1, false - } - --func vgetrandomPutState(state uintptr) {} -+func vgetrandomDestroy(mp *m) {} - - func vgetrandomInit() {} diff --git a/sdk_container/src/third_party/portage-stable/dev-lang/go/files/go-1.24.9-ipv6-validation.patch b/sdk_container/src/third_party/portage-stable/dev-lang/go/files/go-1.24.9-ipv6-validation.patch deleted file mode 100644 index f9db3f7ee8..0000000000 --- a/sdk_container/src/third_party/portage-stable/dev-lang/go/files/go-1.24.9-ipv6-validation.patch +++ /dev/null @@ -1,86 +0,0 @@ -From e02a9d02d0181394e243cbc3b356e86896a78e2c Mon Sep 17 00:00:00 2001 -From: Roland Shoemaker -Date: Wed, 08 Oct 2025 17:13:12 -0700 -Subject: [PATCH] [release-branch.go1.24] net/url: allow IP-literals with IPv4-mapped IPv6 addresses - -The security fix we applied in CL709857 was overly broad. It applied -rules from RFC 2732, which disallowed IPv4-mapped IPv6 addresses, but -these were later allowed in RFC 3986, which is the canonical URI syntax -RFC. - -Revert the portion of CL709857 which restricted IPv4-mapped addresses, -and update the related tests. - -Updates #75815 -Fixes #75831 - -Change-Id: I3192f2275ad5c386f5c15006a6716bdb5282919d -Reviewed-on: https://go-review.googlesource.com/c/go/+/710375 -LUCI-TryBot-Result: Go LUCI -Reviewed-by: Ethan Lee -Auto-Submit: Roland Shoemaker -(cherry picked from commit 9db7e30bb42eed9912f5e7e9e3959f3b38879d5b) ---- - -diff --git a/src/net/url/url.go b/src/net/url/url.go -index c686239..1d9c1cd 100644 ---- a/src/net/url/url.go -+++ b/src/net/url/url.go -@@ -670,13 +670,13 @@ - - // Per RFC 3986, only a host identified by a valid - // IPv6 address can be enclosed by square brackets. -- // This excludes any IPv4 or IPv4-mapped addresses. -+ // This excludes any IPv4, but notably not IPv4-mapped addresses. - addr, err := netip.ParseAddr(unescapedHostname) - if err != nil { - return "", fmt.Errorf("invalid host: %w", err) - } -- if addr.Is4() || addr.Is4In6() { -- return "", errors.New("invalid IPv6 host") -+ if addr.Is4() { -+ return "", errors.New("invalid IP-literal") - } - return "[" + unescapedHostname + "]" + unescapedColonPort, nil - } else if i := strings.LastIndex(host, ":"); i != -1 { -diff --git a/src/net/url/url_test.go b/src/net/url/url_test.go -index 3206558..6084fac 100644 ---- a/src/net/url/url_test.go -+++ b/src/net/url/url_test.go -@@ -726,7 +726,7 @@ - {"https://[2001:db8::1]/path", true}, // compressed IPv6 address with path - {"https://[fe80::1%25eth0]/path?query=1", true}, // link-local with zone, path, and query - -- {"https://[::ffff:192.0.2.1]", false}, -+ {"https://[::ffff:192.0.2.1]", true}, - {"https://[:1] ", false}, - {"https://[1:2:3:4:5:6:7:8:9]", false}, - {"https://[1::1::1]", false}, -@@ -1672,16 +1672,17 @@ - {"cache_object:foo/bar", true}, - {"cache_object/:foo/bar", false}, - -- {"http://[192.168.0.1]/", true}, // IPv4 in brackets -- {"http://[192.168.0.1]:8080/", true}, // IPv4 in brackets with port -- {"http://[::ffff:192.168.0.1]/", true}, // IPv4-mapped IPv6 in brackets -- {"http://[::ffff:192.168.0.1]:8080/", true}, // IPv4-mapped IPv6 in brackets with port -- {"http://[::ffff:c0a8:1]/", true}, // IPv4-mapped IPv6 in brackets (hex) -- {"http://[not-an-ip]/", true}, // invalid IP string in brackets -- {"http://[fe80::1%foo]/", true}, // invalid zone format in brackets -- {"http://[fe80::1", true}, // missing closing bracket -- {"http://fe80::1]/", true}, // missing opening bracket -- {"http://[test.com]/", true}, // domain name in brackets -+ {"http://[192.168.0.1]/", true}, // IPv4 in brackets -+ {"http://[192.168.0.1]:8080/", true}, // IPv4 in brackets with port -+ {"http://[::ffff:192.168.0.1]/", false}, // IPv4-mapped IPv6 in brackets -+ {"http://[::ffff:192.168.0.1000]/", true}, // Out of range IPv4-mapped IPv6 in brackets -+ {"http://[::ffff:192.168.0.1]:8080/", false}, // IPv4-mapped IPv6 in brackets with port -+ {"http://[::ffff:c0a8:1]/", false}, // IPv4-mapped IPv6 in brackets (hex) -+ {"http://[not-an-ip]/", true}, // invalid IP string in brackets -+ {"http://[fe80::1%foo]/", true}, // invalid zone format in brackets -+ {"http://[fe80::1", true}, // missing closing bracket -+ {"http://fe80::1]/", true}, // missing opening bracket -+ {"http://[test.com]/", true}, // domain name in brackets - } - for _, tt := range tests { - u, err := Parse(tt.in) diff --git a/sdk_container/src/third_party/portage-stable/dev-lang/go/files/go-1.25-strip-top-level-const.patch b/sdk_container/src/third_party/portage-stable/dev-lang/go/files/go-1.25-strip-top-level-const.patch new file mode 100644 index 0000000000..1531263e3e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/dev-lang/go/files/go-1.25-strip-top-level-const.patch @@ -0,0 +1,94 @@ +From 7a6e3f07acfd822aa1d62f1c715125e30d67d089 Mon Sep 17 00:00:00 2001 +From: Ian Lance Taylor +Date: Mon, 03 Nov 2025 15:54:39 -0800 +Subject: [PATCH] cmd/cgo: strip top-level const qualifier from argument frame struct + +Otherwise we can't assign to it. + +Fixes #75751 + +Change-Id: Iba680db672297bca1a1d1a33912b80863da66a08 +--- + +diff --git a/src/cmd/cgo/internal/test/test.go b/src/cmd/cgo/internal/test/test.go +index 9626407..e83e367 100644 +--- a/src/cmd/cgo/internal/test/test.go ++++ b/src/cmd/cgo/internal/test/test.go +@@ -953,6 +953,12 @@ + } issue69086struct; + static int issue690861(issue69086struct* p) { p->b = 1234; return p->c; } + static int issue690862(unsigned long ul1, unsigned long ul2, unsigned int u, issue69086struct s) { return (int)(s.b); } ++ ++char issue75751v = 1; ++char * const issue75751p = &issue75751v; ++#define issue75751m issue75751p ++char * const volatile issue75751p2 = &issue75751v; ++#define issue75751m2 issue75751p2 + */ + import "C" + +@@ -2396,3 +2402,8 @@ + t.Errorf("call: got %d, want 1234", got) + } + } ++ ++// Issue 75751: no runtime test, just make sure it compiles. ++func test75751() int { ++ return int(*C.issue75751m) + int(*C.issue75751m2) ++} +diff --git a/src/cmd/cgo/out.go b/src/cmd/cgo/out.go +index 394e766..05d9dcf 100644 +--- a/src/cmd/cgo/out.go ++++ b/src/cmd/cgo/out.go +@@ -457,6 +457,33 @@ + // Also assumes that gc convention is to word-align the + // input and output parameters. + func (p *Package) structType(n *Name) (string, int64) { ++ // It's possible for us to see a type with a top-level const here, ++ // which will give us an unusable struct type. See #75751. ++ // The top-level const will always appear as a final qualifier, ++ // constructed by typeConv.loadType in the dwarf.QualType case. ++ // The top-level const is meaningless here and can simply be removed. ++ stripConst := func(s string) string { ++ i := strings.LastIndex(s, "const") ++ if i == -1 { ++ return s ++ } ++ ++ // A top-level const can only be followed by other qualifiers. ++ if r, ok := strings.CutSuffix(s, "const"); ok { ++ return r ++ } ++ ++ for _, f := range strings.Fields(s[i:]) { ++ switch f { ++ case "const", "restrict", "volatile": ++ default: ++ return s ++ } ++ } ++ ++ return strings.TrimSpace(s[:i]) + strings.TrimSpace(s[i+len("const"):]) ++ } ++ + var buf strings.Builder + fmt.Fprint(&buf, "struct {\n") + off := int64(0) +@@ -468,7 +495,7 @@ + } + c := t.Typedef + if c == "" { +- c = t.C.String() ++ c = stripConst(t.C.String()) + } + fmt.Fprintf(&buf, "\t\t%s p%d;\n", c, i) + off += t.Size +@@ -484,7 +511,7 @@ + fmt.Fprintf(&buf, "\t\tchar __pad%d[%d];\n", off, pad) + off += pad + } +- fmt.Fprintf(&buf, "\t\t%s r;\n", t.C) ++ fmt.Fprintf(&buf, "\t\t%s r;\n", stripConst(t.C.String())) + off += t.Size + } + if off%p.PtrSize != 0 { diff --git a/sdk_container/src/third_party/portage-stable/dev-lang/go/files/go-1.25.3-ipv6-validation.patch b/sdk_container/src/third_party/portage-stable/dev-lang/go/files/go-1.25.3-ipv6-validation.patch deleted file mode 100644 index 4f162b2b09..0000000000 --- a/sdk_container/src/third_party/portage-stable/dev-lang/go/files/go-1.25.3-ipv6-validation.patch +++ /dev/null @@ -1,86 +0,0 @@ -From 83449b7e2f261c94ea46842012c0992a3a714ce5 Mon Sep 17 00:00:00 2001 -From: Roland Shoemaker -Date: Wed, 08 Oct 2025 17:13:12 -0700 -Subject: [PATCH] [release-branch.go1.25] net/url: allow IP-literals with IPv4-mapped IPv6 addresses - -The security fix we applied in CL709857 was overly broad. It applied -rules from RFC 2732, which disallowed IPv4-mapped IPv6 addresses, but -these were later allowed in RFC 3986, which is the canonical URI syntax -RFC. - -Revert the portion of CL709857 which restricted IPv4-mapped addresses, -and update the related tests. - -Updates #75815 -Fixes #75832 - -Change-Id: I3192f2275ad5c386f5c15006a6716bdb5282919d -Reviewed-on: https://go-review.googlesource.com/c/go/+/710375 -LUCI-TryBot-Result: Go LUCI -Reviewed-by: Ethan Lee -Auto-Submit: Roland Shoemaker -(cherry picked from commit 9db7e30bb42eed9912f5e7e9e3959f3b38879d5b) ---- - -diff --git a/src/net/url/url.go b/src/net/url/url.go -index 40faa7c..1c50e06 100644 ---- a/src/net/url/url.go -+++ b/src/net/url/url.go -@@ -673,13 +673,13 @@ - - // Per RFC 3986, only a host identified by a valid - // IPv6 address can be enclosed by square brackets. -- // This excludes any IPv4 or IPv4-mapped addresses. -+ // This excludes any IPv4, but notably not IPv4-mapped addresses. - addr, err := netip.ParseAddr(unescapedHostname) - if err != nil { - return "", fmt.Errorf("invalid host: %w", err) - } -- if addr.Is4() || addr.Is4In6() { -- return "", errors.New("invalid IPv6 host") -+ if addr.Is4() { -+ return "", errors.New("invalid IP-literal") - } - return "[" + unescapedHostname + "]" + unescapedColonPort, nil - } else if i := strings.LastIndex(host, ":"); i != -1 { -diff --git a/src/net/url/url_test.go b/src/net/url/url_test.go -index 3206558..6084fac 100644 ---- a/src/net/url/url_test.go -+++ b/src/net/url/url_test.go -@@ -726,7 +726,7 @@ - {"https://[2001:db8::1]/path", true}, // compressed IPv6 address with path - {"https://[fe80::1%25eth0]/path?query=1", true}, // link-local with zone, path, and query - -- {"https://[::ffff:192.0.2.1]", false}, -+ {"https://[::ffff:192.0.2.1]", true}, - {"https://[:1] ", false}, - {"https://[1:2:3:4:5:6:7:8:9]", false}, - {"https://[1::1::1]", false}, -@@ -1672,16 +1672,17 @@ - {"cache_object:foo/bar", true}, - {"cache_object/:foo/bar", false}, - -- {"http://[192.168.0.1]/", true}, // IPv4 in brackets -- {"http://[192.168.0.1]:8080/", true}, // IPv4 in brackets with port -- {"http://[::ffff:192.168.0.1]/", true}, // IPv4-mapped IPv6 in brackets -- {"http://[::ffff:192.168.0.1]:8080/", true}, // IPv4-mapped IPv6 in brackets with port -- {"http://[::ffff:c0a8:1]/", true}, // IPv4-mapped IPv6 in brackets (hex) -- {"http://[not-an-ip]/", true}, // invalid IP string in brackets -- {"http://[fe80::1%foo]/", true}, // invalid zone format in brackets -- {"http://[fe80::1", true}, // missing closing bracket -- {"http://fe80::1]/", true}, // missing opening bracket -- {"http://[test.com]/", true}, // domain name in brackets -+ {"http://[192.168.0.1]/", true}, // IPv4 in brackets -+ {"http://[192.168.0.1]:8080/", true}, // IPv4 in brackets with port -+ {"http://[::ffff:192.168.0.1]/", false}, // IPv4-mapped IPv6 in brackets -+ {"http://[::ffff:192.168.0.1000]/", true}, // Out of range IPv4-mapped IPv6 in brackets -+ {"http://[::ffff:192.168.0.1]:8080/", false}, // IPv4-mapped IPv6 in brackets with port -+ {"http://[::ffff:c0a8:1]/", false}, // IPv4-mapped IPv6 in brackets (hex) -+ {"http://[not-an-ip]/", true}, // invalid IP string in brackets -+ {"http://[fe80::1%foo]/", true}, // invalid zone format in brackets -+ {"http://[fe80::1", true}, // missing closing bracket -+ {"http://fe80::1]/", true}, // missing opening bracket -+ {"http://[test.com]/", true}, // domain name in brackets - } - for _, tt := range tests { - u, err := Parse(tt.in) diff --git a/sdk_container/src/third_party/portage-stable/dev-lang/go/files/go-sets.conf b/sdk_container/src/third_party/portage-stable/dev-lang/go/files/go-sets.conf deleted file mode 100644 index f38edb71a6..0000000000 --- a/sdk_container/src/third_party/portage-stable/dev-lang/go/files/go-sets.conf +++ /dev/null @@ -1,7 +0,0 @@ -# Installed packages for which vdb *DEPEND includes dev-lang/go. -# This is useful after a dev-lang/go version change to rebuild all -# software written in Go. -[golang-rebuild] -class = portage.sets.dbapi.VariableSet -variable = BDEPEND -includes = dev-lang/go diff --git a/sdk_container/src/third_party/portage-stable/dev-lang/go/go-1.24.10.ebuild b/sdk_container/src/third_party/portage-stable/dev-lang/go/go-1.24.11.ebuild similarity index 96% rename from sdk_container/src/third_party/portage-stable/dev-lang/go/go-1.24.10.ebuild rename to sdk_container/src/third_party/portage-stable/dev-lang/go/go-1.24.11.ebuild index a83581377f..8e2a906df1 100644 --- a/sdk_container/src/third_party/portage-stable/dev-lang/go/go-1.24.10.ebuild +++ b/sdk_container/src/third_party/portage-stable/dev-lang/go/go-1.24.11.ebuild @@ -20,7 +20,7 @@ case ${PV} in *) SRC_URI="https://go.dev/dl/go${MY_PV}.src.tar.gz " S="${WORKDIR}"/go - KEYWORDS="-* ~amd64 ~arm ~arm64 ~loong ~mips ~ppc64 ~riscv ~s390 ~x86 ~amd64-linux ~x86-linux ~x64-macos ~x64-solaris" + KEYWORDS="-* amd64 arm arm64 ~loong ~mips ppc64 ~riscv ~s390 x86 ~x64-macos ~x64-solaris" ;; esac diff --git a/sdk_container/src/third_party/portage-stable/dev-lang/go/go-1.24.9.ebuild b/sdk_container/src/third_party/portage-stable/dev-lang/go/go-1.24.9.ebuild deleted file mode 100644 index 3d6ed30afa..0000000000 --- a/sdk_container/src/third_party/portage-stable/dev-lang/go/go-1.24.9.ebuild +++ /dev/null @@ -1,130 +0,0 @@ -# Copyright 1999-2025 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -export CBUILD=${CBUILD:-${CHOST}} -export CTARGET=${CTARGET:-${CHOST}} - -# See "Bootstrap" in release notes -GO_BOOTSTRAP_MIN=1.22.12 -MY_PV=${PV/_/} - -inherit go-env toolchain-funcs - -case ${PV} in -*9999*) - EGIT_REPO_URI="https://github.com/golang/go.git" - inherit git-r3 - ;; -*) - SRC_URI="https://go.dev/dl/go${MY_PV}.src.tar.gz " - S="${WORKDIR}"/go - KEYWORDS="-* amd64 arm arm64 ~loong ~mips ppc64 ~riscv ~s390 x86 ~amd64-linux ~x86-linux ~x64-macos ~x64-solaris" - ;; -esac - -DESCRIPTION="A concurrent garbage collected and typesafe programming language" -HOMEPAGE="https://go.dev" - -LICENSE="BSD" -SLOT="0/${PV}" -IUSE="cpu_flags_x86_sse2" - -BDEPEND="|| ( - >=dev-lang/go-${GO_BOOTSTRAP_MIN} - >=dev-lang/go-bootstrap-${GO_BOOTSTRAP_MIN} )" - -# the *.syso files have writable/executable stacks -QA_EXECSTACK='*.syso' - -# Do not complain about CFLAGS, etc, since Go doesn't use them. -QA_FLAGS_IGNORED='.*' - -# The tools in /usr/lib/go should not cause the multilib-strict check to fail. -QA_MULTILIB_PATHS="usr/lib/go/pkg/tool/.*/.*" - -# This package triggers "unrecognized elf file(s)" notices on riscv. -# https://bugs.gentoo.org/794046 -QA_PREBUILT="*" -QA_PRESTRIPPED="*.syso" - -DOCS=( - CONTRIBUTING.md - PATENTS - README.md - SECURITY.md -) - -go_tuple() { - echo "$(go-env_goos $@)_$(go-env_goarch $@)" -} - -go_cross_compile() { - [[ $(go_tuple ${CBUILD}) != $(go_tuple) ]] -} - -PATCHES=( - "${FILESDIR}"/go-1.24-skip-gdb-tests.patch - "${FILESDIR}"/go-1.24-dont-force-gold-arm.patch - "${FILESDIR}"/go-1.24.9-ipv6-validation.patch # https://go-review.googlesource.com/c/go/+/712142 - "${FILESDIR}"/go-never-download-newer-toolchains.patch -) - -src_compile() { - if has_version -b ">=dev-lang/go-${GO_BOOTSTRAP_MIN}"; then - export GOROOT_BOOTSTRAP="${BROOT}/usr/lib/go" - elif has_version -b ">=dev-lang/go-bootstrap-${GO_BOOTSTRAP_MIN}"; then - export GOROOT_BOOTSTRAP="${BROOT}/usr/lib/go-bootstrap" - else - eerror "Go cannot be built without go or go-bootstrap installed" - die "Should not be here, please report a bug" - fi - - # Go's build script does not use BUILD/HOST/TARGET consistently. :( - export GOHOSTARCH=$(go-env_goarch ${CBUILD}) - export GOHOSTOS=$(go-env_goos ${CBUILD}) - export CC=$(tc-getBUILD_CC) - - export GOARCH=$(go-env_goarch) - export GOOS=$(go-env_goos) - export CC_FOR_TARGET=$(tc-getCC) - export CXX_FOR_TARGET=$(tc-getCXX) - use arm && export GOARM=$(go-env_goarm) - use x86 && export GO386=$(go-env_go386) - - cd src - bash -x ./make.bash || die "build failed" -} - -src_test() { - go_cross_compile && return 0 - cd src - PATH="${GOBIN}:${PATH}" \ - ./run.bash -no-rebuild -k || die "tests failed" -} - -src_install() { - dodir /usr/lib/go - # The use of cp is deliberate in order to retain permissions - cp -R . "${ED}"/usr/lib/go - einstalldocs - - # testdata directories are not needed on the installed system - # The other files we remove are installed by einstalldocs - rm -r $(find "${ED}"/usr/lib/go -iname testdata -type d -print) || die - rm "${ED}"/usr/lib/go/{CONTRIBUTING.md,PATENTS,README.md} || die - rm "${ED}"/usr/lib/go/{SECURITY.md,codereview.cfg,LICENSE} || die - - local bin_path - if go_cross_compile; then - bin_path="bin/$(go_tuple)" - else - bin_path=bin - fi - local f x - for x in ${bin_path}/*; do - f=${x##*/} - dosym ../lib/go/${bin_path}/${f} /usr/bin/${f} - done -} diff --git a/sdk_container/src/third_party/portage-stable/dev-lang/go/go-1.25.3.ebuild b/sdk_container/src/third_party/portage-stable/dev-lang/go/go-1.25.3.ebuild deleted file mode 100644 index 4f6f1729fb..0000000000 --- a/sdk_container/src/third_party/portage-stable/dev-lang/go/go-1.25.3.ebuild +++ /dev/null @@ -1,131 +0,0 @@ -# Copyright 1999-2025 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -export CBUILD=${CBUILD:-${CHOST}} -export CTARGET=${CTARGET:-${CHOST}} - -# See "Bootstrap" in release notes -GO_BOOTSTRAP_MIN=1.22.12 -MY_PV=${PV/_/} - -inherit go-env toolchain-funcs - -case ${PV} in -*9999*) - EGIT_REPO_URI="https://github.com/golang/go.git" - inherit git-r3 - ;; -*) - SRC_URI="https://go.dev/dl/go${MY_PV}.src.tar.gz " - S="${WORKDIR}"/go - KEYWORDS="-* amd64 arm arm64 ~loong ~mips ppc64 ~riscv ~s390 x86 ~amd64-linux ~x86-linux ~x64-macos ~x64-solaris" - ;; -esac - -DESCRIPTION="A concurrent garbage collected and typesafe programming language" -HOMEPAGE="https://go.dev" - -LICENSE="BSD" -SLOT="0/${PV}" -IUSE="cpu_flags_x86_sse2" - -BDEPEND="|| ( - >=dev-lang/go-${GO_BOOTSTRAP_MIN} - >=dev-lang/go-bootstrap-${GO_BOOTSTRAP_MIN} )" - -# the *.syso files have writable/executable stacks -QA_EXECSTACK='*.syso' - -# Do not complain about CFLAGS, etc, since Go doesn't use them. -QA_FLAGS_IGNORED='.*' - -# The tools in /usr/lib/go should not cause the multilib-strict check to fail. -QA_MULTILIB_PATHS="usr/lib/go/pkg/tool/.*/.*" - -# This package triggers "unrecognized elf file(s)" notices on riscv. -# https://bugs.gentoo.org/794046 -QA_PREBUILT="*" -QA_PRESTRIPPED="*.syso" - -DOCS=( - CONTRIBUTING.md - PATENTS - README.md - SECURITY.md -) - -go_tuple() { - echo "$(go-env_goos $@)_$(go-env_goarch $@)" -} - -go_cross_compile() { - [[ $(go_tuple ${CBUILD}) != $(go_tuple) ]] -} - -PATCHES=( - "${FILESDIR}"/go-1.24-skip-gdb-tests.patch - "${FILESDIR}"/go-1.24-dont-force-gold-arm.patch - "${FILESDIR}"/go-1.25-no-dwarf5.patch - "${FILESDIR}"/go-1.25.3-ipv6-validation.patch # https://go-review.googlesource.com/c/go/+/712240 - "${FILESDIR}"/go-never-download-newer-toolchains.patch -) - -src_compile() { - if has_version -b ">=dev-lang/go-${GO_BOOTSTRAP_MIN}"; then - export GOROOT_BOOTSTRAP="${BROOT}/usr/lib/go" - elif has_version -b ">=dev-lang/go-bootstrap-${GO_BOOTSTRAP_MIN}"; then - export GOROOT_BOOTSTRAP="${BROOT}/usr/lib/go-bootstrap" - else - eerror "Go cannot be built without go or go-bootstrap installed" - die "Should not be here, please report a bug" - fi - - # Go's build script does not use BUILD/HOST/TARGET consistently. :( - export GOHOSTARCH=$(go-env_goarch ${CBUILD}) - export GOHOSTOS=$(go-env_goos ${CBUILD}) - export CC=$(tc-getBUILD_CC) - - export GOARCH=$(go-env_goarch) - export GOOS=$(go-env_goos) - export CC_FOR_TARGET=$(tc-getCC) - export CXX_FOR_TARGET=$(tc-getCXX) - use arm && export GOARM=$(go-env_goarm) - use x86 && export GO386=$(go-env_go386) - - cd src - bash -x ./make.bash || die "build failed" -} - -src_test() { - go_cross_compile && return 0 - cd src - PATH="${GOBIN}:${PATH}" \ - ./run.bash -no-rebuild -k || die "tests failed" -} - -src_install() { - dodir /usr/lib/go - # The use of cp is deliberate in order to retain permissions - cp -R . "${ED}"/usr/lib/go - einstalldocs - - # testdata directories are not needed on the installed system - # The other files we remove are installed by einstalldocs - rm -r $(find "${ED}"/usr/lib/go -iname testdata -type d -print) || die - rm "${ED}"/usr/lib/go/{CONTRIBUTING.md,PATENTS,README.md} || die - rm "${ED}"/usr/lib/go/{SECURITY.md,codereview.cfg,LICENSE} || die - - local bin_path - if go_cross_compile; then - bin_path="bin/$(go_tuple)" - else - bin_path=bin - fi - local f x - for x in ${bin_path}/*; do - f=${x##*/} - dosym ../lib/go/${bin_path}/${f} /usr/bin/${f} - done -} diff --git a/sdk_container/src/third_party/portage-stable/dev-lang/go/go-1.25.4.ebuild b/sdk_container/src/third_party/portage-stable/dev-lang/go/go-1.25.5.ebuild similarity index 95% rename from sdk_container/src/third_party/portage-stable/dev-lang/go/go-1.25.4.ebuild rename to sdk_container/src/third_party/portage-stable/dev-lang/go/go-1.25.5.ebuild index db79fcb905..21b21ffb02 100644 --- a/sdk_container/src/third_party/portage-stable/dev-lang/go/go-1.25.4.ebuild +++ b/sdk_container/src/third_party/portage-stable/dev-lang/go/go-1.25.5.ebuild @@ -20,7 +20,7 @@ case ${PV} in *) SRC_URI="https://go.dev/dl/go${MY_PV}.src.tar.gz " S="${WORKDIR}"/go - KEYWORDS="-* ~amd64 ~arm ~arm64 ~loong ~mips ~ppc64 ~riscv ~s390 ~x86 ~amd64-linux ~x86-linux ~x64-macos ~x64-solaris" + KEYWORDS="-* amd64 arm arm64 ~loong ~mips ppc64 ~riscv ~s390 x86 ~x64-macos ~x64-solaris" ;; esac @@ -68,6 +68,7 @@ PATCHES=( "${FILESDIR}"/go-1.24-skip-gdb-tests.patch "${FILESDIR}"/go-1.24-dont-force-gold-arm.patch "${FILESDIR}"/go-1.25-no-dwarf5.patch + "${FILESDIR}"/go-1.25-strip-top-level-const.patch "${FILESDIR}"/go-never-download-newer-toolchains.patch ) diff --git a/sdk_container/src/third_party/portage-stable/dev-lang/go/go-9999.ebuild b/sdk_container/src/third_party/portage-stable/dev-lang/go/go-9999.ebuild index 16a403f5dc..8931e941a3 100644 --- a/sdk_container/src/third_party/portage-stable/dev-lang/go/go-9999.ebuild +++ b/sdk_container/src/third_party/portage-stable/dev-lang/go/go-9999.ebuild @@ -20,7 +20,7 @@ case ${PV} in *) SRC_URI="https://go.dev/dl/go${MY_PV}.src.tar.gz " S="${WORKDIR}"/go -# KEYWORDS="-* ~amd64 ~arm ~arm64 ~loong ~mips ~ppc64 ~riscv ~s390 ~x86 ~amd64-linux ~x86-linux ~x64-macos ~x64-solaris" +# KEYWORDS="-* ~amd64 ~arm ~arm64 ~loong ~mips ~ppc64 ~riscv ~s390 ~x86 ~x64-macos ~x64-solaris" ;; esac