diff options
| -rw-r--r-- | .gitignore | 1 | ||||
| -rw-r--r-- | 0001-fix-asan_test-test-case-failure.patch | 41 | ||||
| -rw-r--r-- | 1000-all-implement-plugin-build-mode-for-riscv64.patch | 229 | ||||
| -rw-r--r-- | 1001-cmd-link-cmd-internal-add-R_GOT_PCREL_ITYPE_RELOC-fo.patch | 235 | ||||
| -rw-r--r-- | 1002-cmd-compile-don-t-merge-symbols-on-riscv64-when-dyna.patch | 586 | ||||
| -rw-r--r-- | 1003-CVE-2025-22874-crypto-x509-decouple-key-usage-and-po.patch | 140 | ||||
| -rw-r--r-- | 1004-CVE-2025-4673-net-http-strip-sensitive-proxy-headers.patch | 67 | ||||
| -rw-r--r-- | 1005-CVE-2025-47907-avoid-closing-rows.patch | 333 | ||||
| -rw-r--r-- | 1006-CVE-2025-4674-disable-support-for-multiple-vcs-in-one-module.patch | 335 | ||||
| -rw-r--r-- | golang.spec | 194 | ||||
| -rw-r--r-- | sources | 2 |
11 files changed, 2147 insertions, 16 deletions
@@ -1 +1,2 @@ /go1.22.12.src.tar.gz +/go1.24.2.src.tar.gz diff --git a/0001-fix-asan_test-test-case-failure.patch b/0001-fix-asan_test-test-case-failure.patch new file mode 100644 index 0000000..770f8ee --- /dev/null +++ b/0001-fix-asan_test-test-case-failure.patch @@ -0,0 +1,41 @@ +From a6bc103443fd9b222cb6bc4865ca17a168f9419d Mon Sep 17 00:00:00 2001 +From: hanchao <hanchao63@huawei.com> +Date: Thu, 17 Apr 2025 20:42:00 +0800 +Subject: [PATCH] fix asan_test test case failure + +Co-authored-by: Suyun <ziyu.oerv@isrc.iscas.ac.cn> +--- + src/cmd/cgo/internal/testsanitizers/asan_test.go | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/cmd/cgo/internal/testsanitizers/asan_test.go b/src/cmd/cgo/internal/testsanitizers/asan_test.go +index 19810aafb6..43be6c9cb8 100644 +--- a/src/cmd/cgo/internal/testsanitizers/asan_test.go ++++ b/src/cmd/cgo/internal/testsanitizers/asan_test.go +@@ -17,6 +17,7 @@ import ( + ) + + func TestASAN(t *testing.T) { ++ t.Skipf("gcc has merged some patches which caused skip failure, now in repairing") + config := mustHaveASAN(t) + + t.Parallel() +@@ -83,6 +84,7 @@ func TestASAN(t *testing.T) { + } + + func TestASANLinkerX(t *testing.T) { ++ t.Skipf("gcc has merged some patches which caused skip failure, now in repairing") + // Test ASAN with linker's -X flag (see issue 56175). + config := mustHaveASAN(t) + +@@ -108,6 +110,7 @@ func TestASANLinkerX(t *testing.T) { + + // Issue 66966. + func TestASANFuzz(t *testing.T) { ++ t.Skipf("gcc has merged some patches which caused skip failure, now in repairing") + config := mustHaveASAN(t) + + t.Parallel() +-- +2.49.0 + diff --git a/1000-all-implement-plugin-build-mode-for-riscv64.patch b/1000-all-implement-plugin-build-mode-for-riscv64.patch new file mode 100644 index 0000000..5b30f76 --- /dev/null +++ b/1000-all-implement-plugin-build-mode-for-riscv64.patch @@ -0,0 +1,229 @@ +From cdc95607940b2acb66cb184dec08d4cc8a469042 Mon Sep 17 00:00:00 2001 +From: Meng Zhuo <mengzhuo1203@gmail.com> +Date: Thu, 12 Sep 2024 20:15:56 +0800 +Subject: [PATCH] all: implement plugin build mode for riscv64 + +Change-Id: I8d7bbeebbf4a46f2fd8d630b1edbaf79b8ffccc5 +Reviewed-on: https://go-review.googlesource.com/c/go/+/420114 +Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> +Reviewed-by: Michael Knyszek <mknyszek@google.com> +Reviewed-by: Joel Sing <joel@sing.id.au> +TryBot-Bypass: Joel Sing <joel@sing.id.au> +--- + src/cmd/dist/test.go | 2 +- + src/cmd/internal/obj/riscv/obj.go | 121 +++++++++++++++++++++++++++ + src/cmd/link/internal/riscv64/asm.go | 21 ++++- + src/internal/platform/supported.go | 2 +- + src/runtime/asm_riscv64.s | 9 ++ + 5 files changed, 152 insertions(+), 3 deletions(-) + +diff --git a/src/cmd/dist/test.go b/src/cmd/dist/test.go +index b137c7db7990bd..6199dbbb93cdcc 100644 +--- a/src/cmd/dist/test.go ++++ b/src/cmd/dist/test.go +@@ -1767,7 +1767,7 @@ func buildModeSupported(compiler, buildmode, goos, goarch string) bool { + + case "plugin": + switch platform { +- case "linux/amd64", "linux/arm", "linux/arm64", "linux/386", "linux/loong64", "linux/s390x", "linux/ppc64le", ++ case "linux/amd64", "linux/arm", "linux/arm64", "linux/386", "linux/loong64", "linux/riscv64", "linux/s390x", "linux/ppc64le", + "android/amd64", "android/386", + "darwin/amd64", "darwin/arm64", + "freebsd/amd64": +diff --git a/src/cmd/internal/obj/riscv/obj.go b/src/cmd/internal/obj/riscv/obj.go +index 3a4ab556f7df2b..c41d99c0c7a659 100644 +--- a/src/cmd/internal/obj/riscv/obj.go ++++ b/src/cmd/internal/obj/riscv/obj.go +@@ -157,6 +157,127 @@ func progedit(ctxt *obj.Link, p *obj.Prog, newprog obj.ProgAlloc) { + p.From.Offset = 0 + } + } ++ ++ if ctxt.Flag_dynlink { ++ rewriteToUseGot(ctxt, p, newprog) ++ } ++} ++ ++// Rewrite p, if necessary, to access global data via the global offset table. ++func rewriteToUseGot(ctxt *obj.Link, p *obj.Prog, newprog obj.ProgAlloc) { ++ if p.As == obj.ADUFFCOPY || p.As == obj.ADUFFZERO { ++ // ADUFFxxx $offset ++ // becomes ++ // MOV runtime.duffxxx@GOT, REG_TMP ++ // ADD $offset, REG_TMP ++ // CALL REG_TMP ++ var sym *obj.LSym ++ if p.As == obj.ADUFFCOPY { ++ sym = ctxt.LookupABI("runtime.duffcopy", obj.ABIInternal) ++ } else { ++ sym = ctxt.LookupABI("runtime.duffzero", obj.ABIInternal) ++ } ++ offset := p.To.Offset ++ p.As = AMOV ++ p.From.Type = obj.TYPE_MEM ++ p.From.Name = obj.NAME_GOTREF ++ p.From.Sym = sym ++ p.To.Type = obj.TYPE_REG ++ p.To.Reg = REG_TMP ++ p.To.Name = obj.NAME_NONE ++ p.To.Offset = 0 ++ p.To.Sym = nil ++ ++ p1 := obj.Appendp(p, newprog) ++ p1.As = AADD ++ p1.From.Type = obj.TYPE_CONST ++ p1.From.Offset = offset ++ p1.To.Type = obj.TYPE_REG ++ p1.To.Reg = REG_TMP ++ ++ p2 := obj.Appendp(p1, newprog) ++ p2.As = obj.ACALL ++ p2.To.Type = obj.TYPE_REG ++ p2.To.Reg = REG_TMP ++ } ++ ++ // We only care about global data: NAME_EXTERN means a global ++ // symbol in the Go sense and p.Sym.Local is true for a few internally ++ // defined symbols. ++ if p.From.Type == obj.TYPE_ADDR && p.From.Name == obj.NAME_EXTERN && !p.From.Sym.Local() { ++ // MOV $sym, Rx becomes MOV sym@GOT, Rx ++ // MOV $sym+<off>, Rx becomes MOV sym@GOT, Rx; ADD <off>, Rx ++ if p.As != AMOV { ++ ctxt.Diag("don't know how to handle TYPE_ADDR in %v with -dynlink", p) ++ } ++ if p.To.Type != obj.TYPE_REG { ++ ctxt.Diag("don't know how to handle LD instruction to non-register in %v with -dynlink", p) ++ } ++ p.From.Type = obj.TYPE_MEM ++ p.From.Name = obj.NAME_GOTREF ++ if p.From.Offset != 0 { ++ q := obj.Appendp(p, newprog) ++ q.As = AADD ++ q.From.Type = obj.TYPE_CONST ++ q.From.Offset = p.From.Offset ++ q.To = p.To ++ p.From.Offset = 0 ++ } ++ ++ } ++ ++ if p.GetFrom3() != nil && p.GetFrom3().Name == obj.NAME_EXTERN { ++ ctxt.Diag("don't know how to handle %v with -dynlink", p) ++ } ++ ++ var source *obj.Addr ++ // MOVx sym, Ry becomes MOV sym@GOT, X31; MOVx (X31), Ry ++ // MOVx Ry, sym becomes MOV sym@GOT, X31; MOV Ry, (X31) ++ // An addition may be inserted between the two MOVs if there is an offset. ++ if p.From.Name == obj.NAME_EXTERN && !p.From.Sym.Local() { ++ if p.To.Name == obj.NAME_EXTERN && !p.To.Sym.Local() { ++ ctxt.Diag("cannot handle NAME_EXTERN on both sides in %v with -dynlink", p) ++ } ++ source = &p.From ++ } else if p.To.Name == obj.NAME_EXTERN && !p.To.Sym.Local() { ++ source = &p.To ++ } else { ++ return ++ } ++ if p.As == obj.ATEXT || p.As == obj.AFUNCDATA || p.As == obj.ACALL || p.As == obj.ARET || p.As == obj.AJMP { ++ return ++ } ++ if source.Sym.Type == objabi.STLSBSS { ++ return ++ } ++ if source.Type != obj.TYPE_MEM { ++ ctxt.Diag("don't know how to handle %v with -dynlink", p) ++ } ++ p1 := obj.Appendp(p, newprog) ++ p1.As = AMOV ++ p1.From.Type = obj.TYPE_MEM ++ p1.From.Sym = source.Sym ++ p1.From.Name = obj.NAME_GOTREF ++ p1.To.Type = obj.TYPE_REG ++ p1.To.Reg = REG_TMP ++ ++ p2 := obj.Appendp(p1, newprog) ++ p2.As = p.As ++ p2.From = p.From ++ p2.To = p.To ++ if p.From.Name == obj.NAME_EXTERN { ++ p2.From.Reg = REG_TMP ++ p2.From.Name = obj.NAME_NONE ++ p2.From.Sym = nil ++ } else if p.To.Name == obj.NAME_EXTERN { ++ p2.To.Reg = REG_TMP ++ p2.To.Name = obj.NAME_NONE ++ p2.To.Sym = nil ++ } else { ++ return ++ } ++ obj.Nopout(p) ++ + } + + // addrToReg extracts the register from an Addr, handling special Addr.Names. +diff --git a/src/cmd/link/internal/riscv64/asm.go b/src/cmd/link/internal/riscv64/asm.go +index 8e5d5be41ec0dd..527f09e17c7dba 100644 +--- a/src/cmd/link/internal/riscv64/asm.go ++++ b/src/cmd/link/internal/riscv64/asm.go +@@ -20,7 +20,26 @@ import ( + // fakeLabelName matches the RISCV_FAKE_LABEL_NAME from binutils. + const fakeLabelName = ".L0 " + +-func gentext(ctxt *ld.Link, ldr *loader.Loader) {} ++func gentext(ctxt *ld.Link, ldr *loader.Loader) { ++ initfunc, addmoduledata := ld.PrepareAddmoduledata(ctxt) ++ if initfunc == nil { ++ return ++ } ++ ++ // Emit the following function: ++ // ++ // go.link.addmoduledatainit: ++ // auipc a0, %pcrel_hi(local.moduledata) ++ // addi a0, %pcrel_lo(local.moduledata) ++ // j runtime.addmoduledata ++ ++ sz := initfunc.AddSymRef(ctxt.Arch, ctxt.Moduledata, 0, objabi.R_RISCV_PCREL_ITYPE, 8) ++ initfunc.SetUint32(ctxt.Arch, sz-8, 0x00000517) // auipc a0, %pcrel_hi(local.moduledata) ++ initfunc.SetUint32(ctxt.Arch, sz-4, 0x00050513) // addi a0, %pcrel_lo(local.moduledata) ++ ++ sz = initfunc.AddSymRef(ctxt.Arch, addmoduledata, 0, objabi.R_RISCV_JAL, 4) ++ initfunc.SetUint32(ctxt.Arch, sz-4, 0x0000006f) // j runtime.addmoduledata ++} + + func findHI20Reloc(ldr *loader.Loader, s loader.Sym, val int64) *loader.Reloc { + outer := ldr.OuterSym(s) +diff --git a/src/internal/platform/supported.go b/src/internal/platform/supported.go +index e864c37d6897d4..702a255e4cd928 100644 +--- a/src/internal/platform/supported.go ++++ b/src/internal/platform/supported.go +@@ -208,7 +208,7 @@ func BuildModeSupported(compiler, buildmode, goos, goarch string) bool { + + case "plugin": + switch platform { +- case "linux/amd64", "linux/arm", "linux/arm64", "linux/386", "linux/loong64", "linux/s390x", "linux/ppc64le", ++ case "linux/amd64", "linux/arm", "linux/arm64", "linux/386", "linux/loong64", "linux/riscv64", "linux/s390x", "linux/ppc64le", + "android/amd64", "android/386", + "darwin/amd64", "darwin/arm64", + "freebsd/amd64": +diff --git a/src/runtime/asm_riscv64.s b/src/runtime/asm_riscv64.s +index ef654a3a229e09..71b32304d7b0ae 100644 +--- a/src/runtime/asm_riscv64.s ++++ b/src/runtime/asm_riscv64.s +@@ -541,6 +541,15 @@ TEXT runtime·goexit(SB),NOSPLIT|NOFRAME|TOPFRAME,$0-0 + // traceback from goexit1 must hit code range of goexit + MOV ZERO, ZERO // NOP + ++ ++// This is called from .init_array and follows the platform, not the Go ABI. ++TEXT runtime·addmoduledata(SB),NOSPLIT,$0-0 ++ // Use X31 as it is a scratch register in both the Go ABI and psABI. ++ MOV runtime·lastmoduledatap(SB), X31 ++ MOV X10, moduledata_next(X31) ++ MOV X10, runtime·lastmoduledatap(SB) ++ RET ++ + // func cgocallback(fn, frame unsafe.Pointer, ctxt uintptr) + // See cgocall.go for more details. + TEXT ·cgocallback(SB),NOSPLIT,$24-24 diff --git a/1001-cmd-link-cmd-internal-add-R_GOT_PCREL_ITYPE_RELOC-fo.patch b/1001-cmd-link-cmd-internal-add-R_GOT_PCREL_ITYPE_RELOC-fo.patch new file mode 100644 index 0000000..cbd691b --- /dev/null +++ b/1001-cmd-link-cmd-internal-add-R_GOT_PCREL_ITYPE_RELOC-fo.patch @@ -0,0 +1,235 @@ +From 371ee1469cf30ecdbc8d1b55cf307a310ff3d630 Mon Sep 17 00:00:00 2001 +From: Meng Zhuo <mengzhuo1203@gmail.com> +Date: Thu, 12 Sep 2024 20:03:59 +0800 +Subject: [PATCH] cmd/link,cmd/internal: add R_GOT_PCREL_ITYPE_RELOC for + riscv64 + +This CL adds new relocation type for riscv64: R_GOT_PCREL_ITYPE_RELOC +which generate an AUIPC + I-type pair with relocation type of GOT_HI20 +and PCREL_LO12_I. +According to RISCV elf psabi doc, medium position independent code +model, the GNU as example is: + +``` + # Calculate address of non-local symbol +.Ltmp3: aupipc a0, %got_pcrel_hi(symbol) + ld a0, %pcrel_lo(.Ltmp3)(a0) +``` + +Change-Id: I719dd05e009ca2d9291f0689b346c059f9c56918 +Reviewed-on: https://go-review.googlesource.com/c/go/+/612635 +Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> +Reviewed-by: Joel Sing <joel@sing.id.au> +Reviewed-by: Cherry Mui <cherryyz@google.com> +LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> +--- + src/cmd/internal/obj/riscv/cpu.go | 5 ++ + src/cmd/internal/obj/riscv/obj.go | 9 ++- + src/cmd/internal/objabi/reloctype.go | 4 ++ + src/cmd/internal/objabi/reloctype_string.go | 61 +++++++++++---------- + src/cmd/link/internal/riscv64/asm.go | 19 +++++-- + 5 files changed, 62 insertions(+), 36 deletions(-) + +diff --git a/src/cmd/internal/obj/riscv/cpu.go b/src/cmd/internal/obj/riscv/cpu.go +index 69a85166968648..2b75ed38a62611 100644 +--- a/src/cmd/internal/obj/riscv/cpu.go ++++ b/src/cmd/internal/obj/riscv/cpu.go +@@ -317,6 +317,11 @@ const ( + // it is the first instruction in an AUIPC + S-type pair that needs a + // R_RISCV_PCREL_STYPE relocation. + NEED_PCREL_STYPE_RELOC ++ ++ // NEED_GOT_PCREL_ITYPE_RELOC is set on AUIPC instructions to indicate that ++ // it is the first instruction in an AUIPC + I-type pair that needs a ++ // R_RISCV_GOT_PCREL_ITYPE relocation. ++ NEED_GOT_PCREL_ITYPE_RELOC + ) + + // RISC-V mnemonics, as defined in the "opcodes" and "opcodes-pseudo" files +diff --git a/src/cmd/internal/obj/riscv/obj.go b/src/cmd/internal/obj/riscv/obj.go +index 381dc085608644..54c34af2f4a97c 100644 +--- a/src/cmd/internal/obj/riscv/obj.go ++++ b/src/cmd/internal/obj/riscv/obj.go +@@ -215,11 +215,15 @@ func markRelocs(p *obj.Prog) { + switch p.From.Name { + case obj.NAME_EXTERN, obj.NAME_STATIC: + p.Mark |= NEED_PCREL_ITYPE_RELOC ++ case obj.NAME_GOTREF: ++ p.Mark |= NEED_GOT_PCREL_ITYPE_RELOC + } + case p.From.Type == obj.TYPE_MEM && p.To.Type == obj.TYPE_REG: + switch p.From.Name { + case obj.NAME_EXTERN, obj.NAME_STATIC: + p.Mark |= NEED_PCREL_ITYPE_RELOC ++ case obj.NAME_GOTREF: ++ p.Mark |= NEED_GOT_PCREL_ITYPE_RELOC + } + case p.From.Type == obj.TYPE_REG && p.To.Type == obj.TYPE_MEM: + switch p.To.Name { +@@ -2203,7 +2207,7 @@ func instructionsForMOV(p *obj.Prog) []*instruction { + // MOV c(Rs), Rd -> L $c, Rs, Rd + inss = instructionsForLoad(p, movToLoad(p.As), addrToReg(p.From)) + +- case obj.NAME_EXTERN, obj.NAME_STATIC: ++ case obj.NAME_EXTERN, obj.NAME_STATIC, obj.NAME_GOTREF: + if p.From.Sym.Type == objabi.STLSBSS { + return instructionsForTLSLoad(p) + } +@@ -2631,6 +2635,9 @@ func assemble(ctxt *obj.Link, cursym *obj.LSym, newprog obj.ProgAlloc) { + } else if p.Mark&NEED_PCREL_STYPE_RELOC == NEED_PCREL_STYPE_RELOC { + rt = objabi.R_RISCV_PCREL_STYPE + addr = &p.To ++ } else if p.Mark&NEED_GOT_PCREL_ITYPE_RELOC == NEED_GOT_PCREL_ITYPE_RELOC { ++ rt = objabi.R_RISCV_GOT_PCREL_ITYPE ++ addr = &p.From + } else { + break + } +diff --git a/src/cmd/internal/objabi/reloctype.go b/src/cmd/internal/objabi/reloctype.go +index 9106b085ea7d02..8e9bee508224b2 100644 +--- a/src/cmd/internal/objabi/reloctype.go ++++ b/src/cmd/internal/objabi/reloctype.go +@@ -291,6 +291,10 @@ const ( + // address. + R_RISCV_GOT_HI20 + ++ // R_RISCV_GOT_PCREL_ITYPE resolves a 32-bit PC-relative GOT entry ++ // address for an AUIPC + I-type instruction pair. ++ R_RISCV_GOT_PCREL_ITYPE ++ + // R_RISCV_PCREL_HI20 resolves the high 20 bits of a 32-bit PC-relative + // address. + R_RISCV_PCREL_HI20 +diff --git a/src/cmd/internal/objabi/reloctype_string.go b/src/cmd/internal/objabi/reloctype_string.go +index fd0e401db1e277..2d8a9554eb5c94 100644 +--- a/src/cmd/internal/objabi/reloctype_string.go ++++ b/src/cmd/internal/objabi/reloctype_string.go +@@ -75,39 +75,40 @@ func _() { + _ = x[R_RISCV_TLS_IE-65] + _ = x[R_RISCV_TLS_LE-66] + _ = x[R_RISCV_GOT_HI20-67] +- _ = x[R_RISCV_PCREL_HI20-68] +- _ = x[R_RISCV_PCREL_LO12_I-69] +- _ = x[R_RISCV_PCREL_LO12_S-70] +- _ = x[R_RISCV_BRANCH-71] +- _ = x[R_RISCV_RVC_BRANCH-72] +- _ = x[R_RISCV_RVC_JUMP-73] +- _ = x[R_PCRELDBL-74] +- _ = x[R_LOONG64_ADDR_HI-75] +- _ = x[R_LOONG64_ADDR_LO-76] +- _ = x[R_LOONG64_TLS_LE_HI-77] +- _ = x[R_LOONG64_TLS_LE_LO-78] +- _ = x[R_CALLLOONG64-79] +- _ = x[R_LOONG64_TLS_IE_HI-80] +- _ = x[R_LOONG64_TLS_IE_LO-81] +- _ = x[R_LOONG64_GOT_HI-82] +- _ = x[R_LOONG64_GOT_LO-83] +- _ = x[R_LOONG64_ADD64-84] +- _ = x[R_LOONG64_SUB64-85] +- _ = x[R_JMP16LOONG64-86] +- _ = x[R_JMP21LOONG64-87] +- _ = x[R_JMPLOONG64-88] +- _ = x[R_ADDRMIPSU-89] +- _ = x[R_ADDRMIPSTLS-90] +- _ = x[R_ADDRCUOFF-91] +- _ = x[R_WASMIMPORT-92] +- _ = x[R_XCOFFREF-93] +- _ = x[R_PEIMAGEOFF-94] +- _ = x[R_INITORDER-95] ++ _ = x[R_RISCV_GOT_PCREL_ITYPE-68] ++ _ = x[R_RISCV_PCREL_HI20-69] ++ _ = x[R_RISCV_PCREL_LO12_I-70] ++ _ = x[R_RISCV_PCREL_LO12_S-71] ++ _ = x[R_RISCV_BRANCH-72] ++ _ = x[R_RISCV_RVC_BRANCH-73] ++ _ = x[R_RISCV_RVC_JUMP-74] ++ _ = x[R_PCRELDBL-75] ++ _ = x[R_LOONG64_ADDR_HI-76] ++ _ = x[R_LOONG64_ADDR_LO-77] ++ _ = x[R_LOONG64_TLS_LE_HI-78] ++ _ = x[R_LOONG64_TLS_LE_LO-79] ++ _ = x[R_CALLLOONG64-80] ++ _ = x[R_LOONG64_TLS_IE_HI-81] ++ _ = x[R_LOONG64_TLS_IE_LO-82] ++ _ = x[R_LOONG64_GOT_HI-83] ++ _ = x[R_LOONG64_GOT_LO-84] ++ _ = x[R_LOONG64_ADD64-85] ++ _ = x[R_LOONG64_SUB64-86] ++ _ = x[R_JMP16LOONG64-87] ++ _ = x[R_JMP21LOONG64-88] ++ _ = x[R_JMPLOONG64-89] ++ _ = x[R_ADDRMIPSU-90] ++ _ = x[R_ADDRMIPSTLS-91] ++ _ = x[R_ADDRCUOFF-92] ++ _ = x[R_WASMIMPORT-93] ++ _ = x[R_XCOFFREF-94] ++ _ = x[R_PEIMAGEOFF-95] ++ _ = x[R_INITORDER-96] + } + +-const _RelocType_name = "R_ADDRR_ADDRPOWERR_ADDRARM64R_ADDRMIPSR_ADDROFFR_SIZER_CALLR_CALLARMR_CALLARM64R_CALLINDR_CALLPOWERR_CALLMIPSR_CONSTR_PCRELR_TLS_LER_TLS_IER_GOTOFFR_PLT0R_PLT1R_PLT2R_USEFIELDR_USETYPER_USEIFACER_USEIFACEMETHODR_USENAMEDMETHODR_METHODOFFR_KEEPR_POWER_TOCR_GOTPCRELR_JMPMIPSR_DWARFSECREFR_DWARFFILEREFR_ARM64_TLS_LER_ARM64_TLS_IER_ARM64_GOTPCRELR_ARM64_GOTR_ARM64_PCRELR_ARM64_PCREL_LDST8R_ARM64_PCREL_LDST16R_ARM64_PCREL_LDST32R_ARM64_PCREL_LDST64R_ARM64_LDST8R_ARM64_LDST16R_ARM64_LDST32R_ARM64_LDST64R_ARM64_LDST128R_POWER_TLS_LER_POWER_TLS_IER_POWER_TLSR_POWER_TLS_IE_PCREL34R_POWER_TLS_LE_TPREL34R_ADDRPOWER_DSR_ADDRPOWER_GOTR_ADDRPOWER_GOT_PCREL34R_ADDRPOWER_PCRELR_ADDRPOWER_TOCRELR_ADDRPOWER_TOCREL_DSR_ADDRPOWER_D34R_ADDRPOWER_PCREL34R_RISCV_JALR_RISCV_JAL_TRAMPR_RISCV_CALLR_RISCV_PCREL_ITYPER_RISCV_PCREL_STYPER_RISCV_TLS_IER_RISCV_TLS_LER_RISCV_GOT_HI20R_RISCV_PCREL_HI20R_RISCV_PCREL_LO12_IR_RISCV_PCREL_LO12_SR_RISCV_BRANCHR_RISCV_RVC_BRANCHR_RISCV_RVC_JUMPR_PCRELDBLR_LOONG64_ADDR_HIR_LOONG64_ADDR_LOR_LOONG64_TLS_LE_HIR_LOONG64_TLS_LE_LOR_CALLLOONG64R_LOONG64_TLS_IE_HIR_LOONG64_TLS_IE_LOR_LOONG64_GOT_HIR_LOONG64_GOT_LOR_LOONG64_ADD64R_LOONG64_SUB64R_JMP16LOONG64R_JMP21LOONG64R_JMPLOONG64R_ADDRMIPSUR_ADDRMIPSTLSR_ADDRCUOFFR_WASMIMPORTR_XCOFFREFR_PEIMAGEOFFR_INITORDER" ++const _RelocType_name = "R_ADDRR_ADDRPOWERR_ADDRARM64R_ADDRMIPSR_ADDROFFR_SIZER_CALLR_CALLARMR_CALLARM64R_CALLINDR_CALLPOWERR_CALLMIPSR_CONSTR_PCRELR_TLS_LER_TLS_IER_GOTOFFR_PLT0R_PLT1R_PLT2R_USEFIELDR_USETYPER_USEIFACER_USEIFACEMETHODR_USENAMEDMETHODR_METHODOFFR_KEEPR_POWER_TOCR_GOTPCRELR_JMPMIPSR_DWARFSECREFR_DWARFFILEREFR_ARM64_TLS_LER_ARM64_TLS_IER_ARM64_GOTPCRELR_ARM64_GOTR_ARM64_PCRELR_ARM64_PCREL_LDST8R_ARM64_PCREL_LDST16R_ARM64_PCREL_LDST32R_ARM64_PCREL_LDST64R_ARM64_LDST8R_ARM64_LDST16R_ARM64_LDST32R_ARM64_LDST64R_ARM64_LDST128R_POWER_TLS_LER_POWER_TLS_IER_POWER_TLSR_POWER_TLS_IE_PCREL34R_POWER_TLS_LE_TPREL34R_ADDRPOWER_DSR_ADDRPOWER_GOTR_ADDRPOWER_GOT_PCREL34R_ADDRPOWER_PCRELR_ADDRPOWER_TOCRELR_ADDRPOWER_TOCREL_DSR_ADDRPOWER_D34R_ADDRPOWER_PCREL34R_RISCV_JALR_RISCV_JAL_TRAMPR_RISCV_CALLR_RISCV_PCREL_ITYPER_RISCV_PCREL_STYPER_RISCV_TLS_IER_RISCV_TLS_LER_RISCV_GOT_HI20R_RISCV_GOT_PCREL_ITYPER_RISCV_PCREL_HI20R_RISCV_PCREL_LO12_IR_RISCV_PCREL_LO12_SR_RISCV_BRANCHR_RISCV_RVC_BRANCHR_RISCV_RVC_JUMPR_PCRELDBLR_LOONG64_ADDR_HIR_LOONG64_ADDR_LOR_LOONG64_TLS_LE_HIR_LOONG64_TLS_LE_LOR_CALLLOONG64R_LOONG64_TLS_IE_HIR_LOONG64_TLS_IE_LOR_LOONG64_GOT_HIR_LOONG64_GOT_LOR_LOONG64_ADD64R_LOONG64_SUB64R_JMP16LOONG64R_JMP21LOONG64R_JMPLOONG64R_ADDRMIPSUR_ADDRMIPSTLSR_ADDRCUOFFR_WASMIMPORTR_XCOFFREFR_PEIMAGEOFFR_INITORDER" + +-var _RelocType_index = [...]uint16{0, 6, 17, 28, 38, 47, 53, 59, 68, 79, 88, 99, 109, 116, 123, 131, 139, 147, 153, 159, 165, 175, 184, 194, 210, 226, 237, 243, 254, 264, 273, 286, 300, 314, 328, 344, 355, 368, 387, 407, 427, 447, 460, 474, 488, 502, 517, 531, 545, 556, 578, 600, 614, 629, 652, 669, 687, 708, 723, 742, 753, 770, 782, 801, 820, 834, 848, 864, 882, 902, 922, 936, 954, 970, 980, 997, 1014, 1033, 1052, 1065, 1084, 1103, 1119, 1135, 1150, 1165, 1179, 1193, 1205, 1216, 1229, 1240, 1252, 1262, 1274, 1285} ++var _RelocType_index = [...]uint16{0, 6, 17, 28, 38, 47, 53, 59, 68, 79, 88, 99, 109, 116, 123, 131, 139, 147, 153, 159, 165, 175, 184, 194, 210, 226, 237, 243, 254, 264, 273, 286, 300, 314, 328, 344, 355, 368, 387, 407, 427, 447, 460, 474, 488, 502, 517, 531, 545, 556, 578, 600, 614, 629, 652, 669, 687, 708, 723, 742, 753, 770, 782, 801, 820, 834, 848, 864, 887, 905, 925, 945, 959, 977, 993, 1003, 1020, 1037, 1056, 1075, 1088, 1107, 1126, 1142, 1158, 1173, 1188, 1202, 1216, 1228, 1239, 1252, 1263, 1275, 1285, 1297, 1308} + + func (i RelocType) String() string { + i -= 1 +diff --git a/src/cmd/link/internal/riscv64/asm.go b/src/cmd/link/internal/riscv64/asm.go +index a3f50dc54fe22d..8e5d5be41ec0dd 100644 +--- a/src/cmd/link/internal/riscv64/asm.go ++++ b/src/cmd/link/internal/riscv64/asm.go +@@ -170,8 +170,11 @@ func genSymsLate(ctxt *ld.Link, ldr *loader.Loader) { + relocs := ldr.Relocs(s) + for ri := 0; ri < relocs.Count(); ri++ { + r := relocs.At(ri) +- if r.Type() != objabi.R_RISCV_CALL && r.Type() != objabi.R_RISCV_PCREL_ITYPE && +- r.Type() != objabi.R_RISCV_PCREL_STYPE && r.Type() != objabi.R_RISCV_TLS_IE { ++ if r.Type() != objabi.R_RISCV_CALL && ++ r.Type() != objabi.R_RISCV_PCREL_ITYPE && ++ r.Type() != objabi.R_RISCV_PCREL_STYPE && ++ r.Type() != objabi.R_RISCV_TLS_IE && ++ r.Type() != objabi.R_RISCV_GOT_PCREL_ITYPE { + continue + } + if r.Off() == 0 && ldr.SymType(s).IsText() { +@@ -233,7 +236,11 @@ func elfreloc1(ctxt *ld.Link, out *ld.OutBuf, ldr *loader.Loader, s loader.Sym, + out.Write64(uint64(elf.R_RISCV_JAL) | uint64(elfsym)<<32) + out.Write64(uint64(r.Xadd)) + +- case objabi.R_RISCV_CALL, objabi.R_RISCV_PCREL_ITYPE, objabi.R_RISCV_PCREL_STYPE, objabi.R_RISCV_TLS_IE: ++ case objabi.R_RISCV_CALL, ++ objabi.R_RISCV_PCREL_ITYPE, ++ objabi.R_RISCV_PCREL_STYPE, ++ objabi.R_RISCV_TLS_IE, ++ objabi.R_RISCV_GOT_PCREL_ITYPE: + // Find the text symbol for the AUIPC instruction targeted + // by this relocation. + relocs := ldr.Relocs(s) +@@ -262,6 +269,8 @@ func elfreloc1(ctxt *ld.Link, out *ld.OutBuf, ldr *loader.Loader, s loader.Sym, + hiRel, loRel = elf.R_RISCV_PCREL_HI20, elf.R_RISCV_PCREL_LO12_S + case objabi.R_RISCV_TLS_IE: + hiRel, loRel = elf.R_RISCV_TLS_GOT_HI20, elf.R_RISCV_PCREL_LO12_I ++ case objabi.R_RISCV_GOT_PCREL_ITYPE: ++ hiRel, loRel = elf.R_RISCV_GOT_HI20, elf.R_RISCV_PCREL_LO12_I + } + out.Write64(uint64(sectoff)) + out.Write64(uint64(hiRel) | uint64(elfsym)<<32) +@@ -426,7 +435,7 @@ func archreloc(target *ld.Target, ldr *loader.Loader, syms *ld.ArchSyms, r loade + case objabi.R_RISCV_JAL, objabi.R_RISCV_JAL_TRAMP: + return val, 1, true + +- case objabi.R_RISCV_CALL, objabi.R_RISCV_PCREL_ITYPE, objabi.R_RISCV_PCREL_STYPE, objabi.R_RISCV_TLS_IE, objabi.R_RISCV_TLS_LE: ++ case objabi.R_RISCV_CALL, objabi.R_RISCV_PCREL_ITYPE, objabi.R_RISCV_PCREL_STYPE, objabi.R_RISCV_TLS_IE, objabi.R_RISCV_TLS_LE, objabi.R_RISCV_GOT_PCREL_ITYPE: + return val, 2, true + } + +@@ -626,7 +635,7 @@ func extreloc(target *ld.Target, ldr *loader.Loader, r loader.Reloc, s loader.Sy + case objabi.R_RISCV_JAL, objabi.R_RISCV_JAL_TRAMP: + return ld.ExtrelocSimple(ldr, r), true + +- case objabi.R_RISCV_CALL, objabi.R_RISCV_PCREL_ITYPE, objabi.R_RISCV_PCREL_STYPE, objabi.R_RISCV_TLS_IE, objabi.R_RISCV_TLS_LE: ++ case objabi.R_RISCV_CALL, objabi.R_RISCV_PCREL_ITYPE, objabi.R_RISCV_PCREL_STYPE, objabi.R_RISCV_TLS_IE, objabi.R_RISCV_TLS_LE, objabi.R_RISCV_GOT_PCREL_ITYPE: + return ld.ExtrelocViaOuterSym(ldr, r, s), true + } + return loader.ExtReloc{}, false diff --git a/1002-cmd-compile-don-t-merge-symbols-on-riscv64-when-dyna.patch b/1002-cmd-compile-don-t-merge-symbols-on-riscv64-when-dyna.patch new file mode 100644 index 0000000..4819b92 --- /dev/null +++ b/1002-cmd-compile-don-t-merge-symbols-on-riscv64-when-dyna.patch @@ -0,0 +1,586 @@ +From 215de81513286c010951624243c2923f7dc79675 Mon Sep 17 00:00:00 2001 +From: Meng Zhuo <mengzhuo1203@gmail.com> +Date: Thu, 12 Sep 2024 19:46:20 +0800 +Subject: [PATCH] cmd/compile: don't merge symbols on riscv64 when dynamic + linking + +Each plugin is compiled as a separate shared object, +with its own symbol table. When dynamic linking plugin symbols +are resolved within the plugin's scope, not globally merged to +avoid conflicts. + +Change-Id: I9e6986085855c17fbd6c39b937cb6129d216f5e9 +Reviewed-on: https://go-review.googlesource.com/c/go/+/435015 +LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> +Reviewed-by: Joel Sing <joel@sing.id.au> +Reviewed-by: Michael Pratt <mpratt@google.com> +Reviewed-by: Cherry Mui <cherryyz@google.com> +--- + .../compile/internal/ssa/_gen/RISCV64.rules | 82 +++------- + .../compile/internal/ssa/rewriteRISCV64.go | 154 +++++++++++------- + 2 files changed, 115 insertions(+), 121 deletions(-) + +diff --git a/src/cmd/compile/internal/ssa/_gen/RISCV64.rules b/src/cmd/compile/internal/ssa/_gen/RISCV64.rules +index 9ae96043810cfd..a69df619a576c6 100644 +--- a/src/cmd/compile/internal/ssa/_gen/RISCV64.rules ++++ b/src/cmd/compile/internal/ssa/_gen/RISCV64.rules +@@ -270,65 +270,29 @@ + + // We need to fold MOVaddr into the LD/MOVDstore ops so that the live variable analysis + // knows what variables are being read/written by the ops. +-(MOVBUload [off1] {sym1} (MOVaddr [off2] {sym2} base) mem) && is32Bit(int64(off1)+int64(off2)) && canMergeSym(sym1, sym2) => +- (MOVBUload [off1+off2] {mergeSym(sym1,sym2)} base mem) +-(MOVBload [off1] {sym1} (MOVaddr [off2] {sym2} base) mem) && is32Bit(int64(off1)+int64(off2)) && canMergeSym(sym1, sym2) => +- (MOVBload [off1+off2] {mergeSym(sym1,sym2)} base mem) +-(MOVHUload [off1] {sym1} (MOVaddr [off2] {sym2} base) mem) && is32Bit(int64(off1)+int64(off2)) && canMergeSym(sym1, sym2) => +- (MOVHUload [off1+off2] {mergeSym(sym1,sym2)} base mem) +-(MOVHload [off1] {sym1} (MOVaddr [off2] {sym2} base) mem) && is32Bit(int64(off1)+int64(off2)) && canMergeSym(sym1, sym2) => +- (MOVHload [off1+off2] {mergeSym(sym1,sym2)} base mem) +-(MOVWUload [off1] {sym1} (MOVaddr [off2] {sym2} base) mem) && is32Bit(int64(off1)+int64(off2)) && canMergeSym(sym1, sym2) => +- (MOVWUload [off1+off2] {mergeSym(sym1,sym2)} base mem) +-(MOVWload [off1] {sym1} (MOVaddr [off2] {sym2} base) mem) && is32Bit(int64(off1)+int64(off2)) && canMergeSym(sym1, sym2) => +- (MOVWload [off1+off2] {mergeSym(sym1,sym2)} base mem) +-(MOVDload [off1] {sym1} (MOVaddr [off2] {sym2} base) mem) && is32Bit(int64(off1)+int64(off2)) && canMergeSym(sym1, sym2) => +- (MOVDload [off1+off2] {mergeSym(sym1,sym2)} base mem) +- +-(MOVBstore [off1] {sym1} (MOVaddr [off2] {sym2} base) val mem) && is32Bit(int64(off1)+int64(off2)) && canMergeSym(sym1, sym2) => +- (MOVBstore [off1+off2] {mergeSym(sym1,sym2)} base val mem) +-(MOVHstore [off1] {sym1} (MOVaddr [off2] {sym2} base) val mem) && is32Bit(int64(off1)+int64(off2)) && canMergeSym(sym1, sym2) => +- (MOVHstore [off1+off2] {mergeSym(sym1,sym2)} base val mem) +-(MOVWstore [off1] {sym1} (MOVaddr [off2] {sym2} base) val mem) && is32Bit(int64(off1)+int64(off2)) && canMergeSym(sym1, sym2) => +- (MOVWstore [off1+off2] {mergeSym(sym1,sym2)} base val mem) +-(MOVDstore [off1] {sym1} (MOVaddr [off2] {sym2} base) val mem) && is32Bit(int64(off1)+int64(off2)) && canMergeSym(sym1, sym2) => +- (MOVDstore [off1+off2] {mergeSym(sym1,sym2)} base val mem) +-(MOVBstorezero [off1] {sym1} (MOVaddr [off2] {sym2} ptr) mem) && canMergeSym(sym1,sym2) && is32Bit(int64(off1)+int64(off2)) => +- (MOVBstorezero [off1+off2] {mergeSym(sym1,sym2)} ptr mem) +-(MOVHstorezero [off1] {sym1} (MOVaddr [off2] {sym2} ptr) mem) && canMergeSym(sym1,sym2) && is32Bit(int64(off1)+int64(off2)) => +- (MOVHstorezero [off1+off2] {mergeSym(sym1,sym2)} ptr mem) +-(MOVWstorezero [off1] {sym1} (MOVaddr [off2] {sym2} ptr) mem) && canMergeSym(sym1,sym2) && is32Bit(int64(off1)+int64(off2)) => +- (MOVWstorezero [off1+off2] {mergeSym(sym1,sym2)} ptr mem) +-(MOVDstorezero [off1] {sym1} (MOVaddr [off2] {sym2} ptr) mem) && canMergeSym(sym1,sym2) && is32Bit(int64(off1)+int64(off2)) => +- (MOVDstorezero [off1+off2] {mergeSym(sym1,sym2)} ptr mem) +- +-(MOVBUload [off1] {sym} (ADDI [off2] base) mem) && is32Bit(int64(off1)+off2) => +- (MOVBUload [off1+int32(off2)] {sym} base mem) +-(MOVBload [off1] {sym} (ADDI [off2] base) mem) && is32Bit(int64(off1)+off2) => +- (MOVBload [off1+int32(off2)] {sym} base mem) +-(MOVHUload [off1] {sym} (ADDI [off2] base) mem) && is32Bit(int64(off1)+off2) => +- (MOVHUload [off1+int32(off2)] {sym} base mem) +-(MOVHload [off1] {sym} (ADDI [off2] base) mem) && is32Bit(int64(off1)+off2) => +- (MOVHload [off1+int32(off2)] {sym} base mem) +-(MOVWUload [off1] {sym} (ADDI [off2] base) mem) && is32Bit(int64(off1)+off2) => +- (MOVWUload [off1+int32(off2)] {sym} base mem) +-(MOVWload [off1] {sym} (ADDI [off2] base) mem) && is32Bit(int64(off1)+off2) => +- (MOVWload [off1+int32(off2)] {sym} base mem) +-(MOVDload [off1] {sym} (ADDI [off2] base) mem) && is32Bit(int64(off1)+off2) => +- (MOVDload [off1+int32(off2)] {sym} base mem) +- +-(MOVBstore [off1] {sym} (ADDI [off2] base) val mem) && is32Bit(int64(off1)+off2) => +- (MOVBstore [off1+int32(off2)] {sym} base val mem) +-(MOVHstore [off1] {sym} (ADDI [off2] base) val mem) && is32Bit(int64(off1)+off2) => +- (MOVHstore [off1+int32(off2)] {sym} base val mem) +-(MOVWstore [off1] {sym} (ADDI [off2] base) val mem) && is32Bit(int64(off1)+off2) => +- (MOVWstore [off1+int32(off2)] {sym} base val mem) +-(MOVDstore [off1] {sym} (ADDI [off2] base) val mem) && is32Bit(int64(off1)+off2) => +- (MOVDstore [off1+int32(off2)] {sym} base val mem) +-(MOVBstorezero [off1] {sym} (ADDI [off2] ptr) mem) && is32Bit(int64(off1)+off2) => (MOVBstorezero [off1+int32(off2)] {sym} ptr mem) +-(MOVHstorezero [off1] {sym} (ADDI [off2] ptr) mem) && is32Bit(int64(off1)+off2) => (MOVHstorezero [off1+int32(off2)] {sym} ptr mem) +-(MOVWstorezero [off1] {sym} (ADDI [off2] ptr) mem) && is32Bit(int64(off1)+off2) => (MOVWstorezero [off1+int32(off2)] {sym} ptr mem) +-(MOVDstorezero [off1] {sym} (ADDI [off2] ptr) mem) && is32Bit(int64(off1)+off2) => (MOVDstorezero [off1+int32(off2)] {sym} ptr mem) ++(MOV(B|BU|H|HU|W|WU|D)load [off1] {sym1} (MOVaddr [off2] {sym2} base) mem) && ++ is32Bit(int64(off1)+int64(off2)) && canMergeSym(sym1, sym2) && ++ (base.Op != OpSB || !config.ctxt.Flag_dynlink) => ++ (MOV(B|BU|H|HU|W|WU|D)load [off1+off2] {mergeSym(sym1,sym2)} base mem) ++ ++(MOV(B|H|W|D)store [off1] {sym1} (MOVaddr [off2] {sym2} base) val mem) && ++ is32Bit(int64(off1)+int64(off2)) && canMergeSym(sym1, sym2) && ++ (base.Op != OpSB || !config.ctxt.Flag_dynlink) => ++ (MOV(B|H|W|D)store [off1+off2] {mergeSym(sym1,sym2)} base val mem) ++ ++(MOV(B|H|W|D)storezero [off1] {sym1} (MOVaddr [off2] {sym2} base) mem) && ++ canMergeSym(sym1,sym2) && is32Bit(int64(off1)+int64(off2)) && ++ (base.Op != OpSB || !config.ctxt.Flag_dynlink) => ++ (MOV(B|H|W|D)storezero [off1+off2] {mergeSym(sym1,sym2)} base mem) ++ ++(MOV(B|BU|H|HU|W|WU|D)load [off1] {sym} (ADDI [off2] base) mem) && is32Bit(int64(off1)+off2) => ++ (MOV(B|BU|H|HU|W|WU|D)load [off1+int32(off2)] {sym} base mem) ++ ++(MOV(B|H|W|D)store [off1] {sym} (ADDI [off2] base) val mem) && is32Bit(int64(off1)+off2) => ++ (MOV(B|H|W|D)store [off1+int32(off2)] {sym} base val mem) ++ ++(MOV(B|H|W|D)storezero [off1] {sym} (ADDI [off2] base) mem) && is32Bit(int64(off1)+off2) => ++ (MOV(B|H|W|D)storezero [off1+int32(off2)] {sym} base mem) + + // Similarly, fold ADDI into MOVaddr to avoid confusing live variable analysis + // with OffPtr -> ADDI. +diff --git a/src/cmd/compile/internal/ssa/rewriteRISCV64.go b/src/cmd/compile/internal/ssa/rewriteRISCV64.go +index aa44ab311e92af..3a044b5c9d2602 100644 +--- a/src/cmd/compile/internal/ssa/rewriteRISCV64.go ++++ b/src/cmd/compile/internal/ssa/rewriteRISCV64.go +@@ -4008,8 +4008,10 @@ func rewriteValueRISCV64_OpRISCV64FSUBS(v *Value) bool { + func rewriteValueRISCV64_OpRISCV64MOVBUload(v *Value) bool { + v_1 := v.Args[1] + v_0 := v.Args[0] ++ b := v.Block ++ config := b.Func.Config + // match: (MOVBUload [off1] {sym1} (MOVaddr [off2] {sym2} base) mem) +- // cond: is32Bit(int64(off1)+int64(off2)) && canMergeSym(sym1, sym2) ++ // cond: is32Bit(int64(off1)+int64(off2)) && canMergeSym(sym1, sym2) && (base.Op != OpSB || !config.ctxt.Flag_dynlink) + // result: (MOVBUload [off1+off2] {mergeSym(sym1,sym2)} base mem) + for { + off1 := auxIntToInt32(v.AuxInt) +@@ -4021,7 +4023,7 @@ func rewriteValueRISCV64_OpRISCV64MOVBUload(v *Value) bool { + sym2 := auxToSym(v_0.Aux) + base := v_0.Args[0] + mem := v_1 +- if !(is32Bit(int64(off1)+int64(off2)) && canMergeSym(sym1, sym2)) { ++ if !(is32Bit(int64(off1)+int64(off2)) && canMergeSym(sym1, sym2) && (base.Op != OpSB || !config.ctxt.Flag_dynlink)) { + break + } + v.reset(OpRISCV64MOVBUload) +@@ -4315,8 +4317,10 @@ func rewriteValueRISCV64_OpRISCV64MOVBUreg(v *Value) bool { + func rewriteValueRISCV64_OpRISCV64MOVBload(v *Value) bool { + v_1 := v.Args[1] + v_0 := v.Args[0] ++ b := v.Block ++ config := b.Func.Config + // match: (MOVBload [off1] {sym1} (MOVaddr [off2] {sym2} base) mem) +- // cond: is32Bit(int64(off1)+int64(off2)) && canMergeSym(sym1, sym2) ++ // cond: is32Bit(int64(off1)+int64(off2)) && canMergeSym(sym1, sym2) && (base.Op != OpSB || !config.ctxt.Flag_dynlink) + // result: (MOVBload [off1+off2] {mergeSym(sym1,sym2)} base mem) + for { + off1 := auxIntToInt32(v.AuxInt) +@@ -4328,7 +4332,7 @@ func rewriteValueRISCV64_OpRISCV64MOVBload(v *Value) bool { + sym2 := auxToSym(v_0.Aux) + base := v_0.Args[0] + mem := v_1 +- if !(is32Bit(int64(off1)+int64(off2)) && canMergeSym(sym1, sym2)) { ++ if !(is32Bit(int64(off1)+int64(off2)) && canMergeSym(sym1, sym2) && (base.Op != OpSB || !config.ctxt.Flag_dynlink)) { + break + } + v.reset(OpRISCV64MOVBload) +@@ -4441,8 +4445,10 @@ func rewriteValueRISCV64_OpRISCV64MOVBstore(v *Value) bool { + v_2 := v.Args[2] + v_1 := v.Args[1] + v_0 := v.Args[0] ++ b := v.Block ++ config := b.Func.Config + // match: (MOVBstore [off1] {sym1} (MOVaddr [off2] {sym2} base) val mem) +- // cond: is32Bit(int64(off1)+int64(off2)) && canMergeSym(sym1, sym2) ++ // cond: is32Bit(int64(off1)+int64(off2)) && canMergeSym(sym1, sym2) && (base.Op != OpSB || !config.ctxt.Flag_dynlink) + // result: (MOVBstore [off1+off2] {mergeSym(sym1,sym2)} base val mem) + for { + off1 := auxIntToInt32(v.AuxInt) +@@ -4455,7 +4461,7 @@ func rewriteValueRISCV64_OpRISCV64MOVBstore(v *Value) bool { + base := v_0.Args[0] + val := v_1 + mem := v_2 +- if !(is32Bit(int64(off1)+int64(off2)) && canMergeSym(sym1, sym2)) { ++ if !(is32Bit(int64(off1)+int64(off2)) && canMergeSym(sym1, sym2) && (base.Op != OpSB || !config.ctxt.Flag_dynlink)) { + break + } + v.reset(OpRISCV64MOVBstore) +@@ -4609,9 +4615,11 @@ func rewriteValueRISCV64_OpRISCV64MOVBstore(v *Value) bool { + func rewriteValueRISCV64_OpRISCV64MOVBstorezero(v *Value) bool { + v_1 := v.Args[1] + v_0 := v.Args[0] +- // match: (MOVBstorezero [off1] {sym1} (MOVaddr [off2] {sym2} ptr) mem) +- // cond: canMergeSym(sym1,sym2) && is32Bit(int64(off1)+int64(off2)) +- // result: (MOVBstorezero [off1+off2] {mergeSym(sym1,sym2)} ptr mem) ++ b := v.Block ++ config := b.Func.Config ++ // match: (MOVBstorezero [off1] {sym1} (MOVaddr [off2] {sym2} base) mem) ++ // cond: canMergeSym(sym1,sym2) && is32Bit(int64(off1)+int64(off2)) && (base.Op != OpSB || !config.ctxt.Flag_dynlink) ++ // result: (MOVBstorezero [off1+off2] {mergeSym(sym1,sym2)} base mem) + for { + off1 := auxIntToInt32(v.AuxInt) + sym1 := auxToSym(v.Aux) +@@ -4620,20 +4628,20 @@ func rewriteValueRISCV64_OpRISCV64MOVBstorezero(v *Value) bool { + } + off2 := auxIntToInt32(v_0.AuxInt) + sym2 := auxToSym(v_0.Aux) +- ptr := v_0.Args[0] ++ base := v_0.Args[0] + mem := v_1 +- if !(canMergeSym(sym1, sym2) && is32Bit(int64(off1)+int64(off2))) { ++ if !(canMergeSym(sym1, sym2) && is32Bit(int64(off1)+int64(off2)) && (base.Op != OpSB || !config.ctxt.Flag_dynlink)) { + break + } + v.reset(OpRISCV64MOVBstorezero) + v.AuxInt = int32ToAuxInt(off1 + off2) + v.Aux = symToAux(mergeSym(sym1, sym2)) +- v.AddArg2(ptr, mem) ++ v.AddArg2(base, mem) + return true + } +- // match: (MOVBstorezero [off1] {sym} (ADDI [off2] ptr) mem) ++ // match: (MOVBstorezero [off1] {sym} (ADDI [off2] base) mem) + // cond: is32Bit(int64(off1)+off2) +- // result: (MOVBstorezero [off1+int32(off2)] {sym} ptr mem) ++ // result: (MOVBstorezero [off1+int32(off2)] {sym} base mem) + for { + off1 := auxIntToInt32(v.AuxInt) + sym := auxToSym(v.Aux) +@@ -4641,7 +4649,7 @@ func rewriteValueRISCV64_OpRISCV64MOVBstorezero(v *Value) bool { + break + } + off2 := auxIntToInt64(v_0.AuxInt) +- ptr := v_0.Args[0] ++ base := v_0.Args[0] + mem := v_1 + if !(is32Bit(int64(off1) + off2)) { + break +@@ -4649,7 +4657,7 @@ func rewriteValueRISCV64_OpRISCV64MOVBstorezero(v *Value) bool { + v.reset(OpRISCV64MOVBstorezero) + v.AuxInt = int32ToAuxInt(off1 + int32(off2)) + v.Aux = symToAux(sym) +- v.AddArg2(ptr, mem) ++ v.AddArg2(base, mem) + return true + } + return false +@@ -4657,8 +4665,10 @@ func rewriteValueRISCV64_OpRISCV64MOVBstorezero(v *Value) bool { + func rewriteValueRISCV64_OpRISCV64MOVDload(v *Value) bool { + v_1 := v.Args[1] + v_0 := v.Args[0] ++ b := v.Block ++ config := b.Func.Config + // match: (MOVDload [off1] {sym1} (MOVaddr [off2] {sym2} base) mem) +- // cond: is32Bit(int64(off1)+int64(off2)) && canMergeSym(sym1, sym2) ++ // cond: is32Bit(int64(off1)+int64(off2)) && canMergeSym(sym1, sym2) && (base.Op != OpSB || !config.ctxt.Flag_dynlink) + // result: (MOVDload [off1+off2] {mergeSym(sym1,sym2)} base mem) + for { + off1 := auxIntToInt32(v.AuxInt) +@@ -4670,7 +4680,7 @@ func rewriteValueRISCV64_OpRISCV64MOVDload(v *Value) bool { + sym2 := auxToSym(v_0.Aux) + base := v_0.Args[0] + mem := v_1 +- if !(is32Bit(int64(off1)+int64(off2)) && canMergeSym(sym1, sym2)) { ++ if !(is32Bit(int64(off1)+int64(off2)) && canMergeSym(sym1, sym2) && (base.Op != OpSB || !config.ctxt.Flag_dynlink)) { + break + } + v.reset(OpRISCV64MOVDload) +@@ -4737,8 +4747,10 @@ func rewriteValueRISCV64_OpRISCV64MOVDstore(v *Value) bool { + v_2 := v.Args[2] + v_1 := v.Args[1] + v_0 := v.Args[0] ++ b := v.Block ++ config := b.Func.Config + // match: (MOVDstore [off1] {sym1} (MOVaddr [off2] {sym2} base) val mem) +- // cond: is32Bit(int64(off1)+int64(off2)) && canMergeSym(sym1, sym2) ++ // cond: is32Bit(int64(off1)+int64(off2)) && canMergeSym(sym1, sym2) && (base.Op != OpSB || !config.ctxt.Flag_dynlink) + // result: (MOVDstore [off1+off2] {mergeSym(sym1,sym2)} base val mem) + for { + off1 := auxIntToInt32(v.AuxInt) +@@ -4751,7 +4763,7 @@ func rewriteValueRISCV64_OpRISCV64MOVDstore(v *Value) bool { + base := v_0.Args[0] + val := v_1 + mem := v_2 +- if !(is32Bit(int64(off1)+int64(off2)) && canMergeSym(sym1, sym2)) { ++ if !(is32Bit(int64(off1)+int64(off2)) && canMergeSym(sym1, sym2) && (base.Op != OpSB || !config.ctxt.Flag_dynlink)) { + break + } + v.reset(OpRISCV64MOVDstore) +@@ -4803,9 +4815,11 @@ func rewriteValueRISCV64_OpRISCV64MOVDstore(v *Value) bool { + func rewriteValueRISCV64_OpRISCV64MOVDstorezero(v *Value) bool { + v_1 := v.Args[1] + v_0 := v.Args[0] +- // match: (MOVDstorezero [off1] {sym1} (MOVaddr [off2] {sym2} ptr) mem) +- // cond: canMergeSym(sym1,sym2) && is32Bit(int64(off1)+int64(off2)) +- // result: (MOVDstorezero [off1+off2] {mergeSym(sym1,sym2)} ptr mem) ++ b := v.Block ++ config := b.Func.Config ++ // match: (MOVDstorezero [off1] {sym1} (MOVaddr [off2] {sym2} base) mem) ++ // cond: canMergeSym(sym1,sym2) && is32Bit(int64(off1)+int64(off2)) && (base.Op != OpSB || !config.ctxt.Flag_dynlink) ++ // result: (MOVDstorezero [off1+off2] {mergeSym(sym1,sym2)} base mem) + for { + off1 := auxIntToInt32(v.AuxInt) + sym1 := auxToSym(v.Aux) +@@ -4814,20 +4828,20 @@ func rewriteValueRISCV64_OpRISCV64MOVDstorezero(v *Value) bool { + } + off2 := auxIntToInt32(v_0.AuxInt) + sym2 := auxToSym(v_0.Aux) +- ptr := v_0.Args[0] ++ base := v_0.Args[0] + mem := v_1 +- if !(canMergeSym(sym1, sym2) && is32Bit(int64(off1)+int64(off2))) { ++ if !(canMergeSym(sym1, sym2) && is32Bit(int64(off1)+int64(off2)) && (base.Op != OpSB || !config.ctxt.Flag_dynlink)) { + break + } + v.reset(OpRISCV64MOVDstorezero) + v.AuxInt = int32ToAuxInt(off1 + off2) + v.Aux = symToAux(mergeSym(sym1, sym2)) +- v.AddArg2(ptr, mem) ++ v.AddArg2(base, mem) + return true + } +- // match: (MOVDstorezero [off1] {sym} (ADDI [off2] ptr) mem) ++ // match: (MOVDstorezero [off1] {sym} (ADDI [off2] base) mem) + // cond: is32Bit(int64(off1)+off2) +- // result: (MOVDstorezero [off1+int32(off2)] {sym} ptr mem) ++ // result: (MOVDstorezero [off1+int32(off2)] {sym} base mem) + for { + off1 := auxIntToInt32(v.AuxInt) + sym := auxToSym(v.Aux) +@@ -4835,7 +4849,7 @@ func rewriteValueRISCV64_OpRISCV64MOVDstorezero(v *Value) bool { + break + } + off2 := auxIntToInt64(v_0.AuxInt) +- ptr := v_0.Args[0] ++ base := v_0.Args[0] + mem := v_1 + if !(is32Bit(int64(off1) + off2)) { + break +@@ -4843,7 +4857,7 @@ func rewriteValueRISCV64_OpRISCV64MOVDstorezero(v *Value) bool { + v.reset(OpRISCV64MOVDstorezero) + v.AuxInt = int32ToAuxInt(off1 + int32(off2)) + v.Aux = symToAux(sym) +- v.AddArg2(ptr, mem) ++ v.AddArg2(base, mem) + return true + } + return false +@@ -4851,8 +4865,10 @@ func rewriteValueRISCV64_OpRISCV64MOVDstorezero(v *Value) bool { + func rewriteValueRISCV64_OpRISCV64MOVHUload(v *Value) bool { + v_1 := v.Args[1] + v_0 := v.Args[0] ++ b := v.Block ++ config := b.Func.Config + // match: (MOVHUload [off1] {sym1} (MOVaddr [off2] {sym2} base) mem) +- // cond: is32Bit(int64(off1)+int64(off2)) && canMergeSym(sym1, sym2) ++ // cond: is32Bit(int64(off1)+int64(off2)) && canMergeSym(sym1, sym2) && (base.Op != OpSB || !config.ctxt.Flag_dynlink) + // result: (MOVHUload [off1+off2] {mergeSym(sym1,sym2)} base mem) + for { + off1 := auxIntToInt32(v.AuxInt) +@@ -4864,7 +4880,7 @@ func rewriteValueRISCV64_OpRISCV64MOVHUload(v *Value) bool { + sym2 := auxToSym(v_0.Aux) + base := v_0.Args[0] + mem := v_1 +- if !(is32Bit(int64(off1)+int64(off2)) && canMergeSym(sym1, sym2)) { ++ if !(is32Bit(int64(off1)+int64(off2)) && canMergeSym(sym1, sym2) && (base.Op != OpSB || !config.ctxt.Flag_dynlink)) { + break + } + v.reset(OpRISCV64MOVHUload) +@@ -5015,8 +5031,10 @@ func rewriteValueRISCV64_OpRISCV64MOVHUreg(v *Value) bool { + func rewriteValueRISCV64_OpRISCV64MOVHload(v *Value) bool { + v_1 := v.Args[1] + v_0 := v.Args[0] ++ b := v.Block ++ config := b.Func.Config + // match: (MOVHload [off1] {sym1} (MOVaddr [off2] {sym2} base) mem) +- // cond: is32Bit(int64(off1)+int64(off2)) && canMergeSym(sym1, sym2) ++ // cond: is32Bit(int64(off1)+int64(off2)) && canMergeSym(sym1, sym2) && (base.Op != OpSB || !config.ctxt.Flag_dynlink) + // result: (MOVHload [off1+off2] {mergeSym(sym1,sym2)} base mem) + for { + off1 := auxIntToInt32(v.AuxInt) +@@ -5028,7 +5046,7 @@ func rewriteValueRISCV64_OpRISCV64MOVHload(v *Value) bool { + sym2 := auxToSym(v_0.Aux) + base := v_0.Args[0] + mem := v_1 +- if !(is32Bit(int64(off1)+int64(off2)) && canMergeSym(sym1, sym2)) { ++ if !(is32Bit(int64(off1)+int64(off2)) && canMergeSym(sym1, sym2) && (base.Op != OpSB || !config.ctxt.Flag_dynlink)) { + break + } + v.reset(OpRISCV64MOVHload) +@@ -5185,8 +5203,10 @@ func rewriteValueRISCV64_OpRISCV64MOVHstore(v *Value) bool { + v_2 := v.Args[2] + v_1 := v.Args[1] + v_0 := v.Args[0] ++ b := v.Block ++ config := b.Func.Config + // match: (MOVHstore [off1] {sym1} (MOVaddr [off2] {sym2} base) val mem) +- // cond: is32Bit(int64(off1)+int64(off2)) && canMergeSym(sym1, sym2) ++ // cond: is32Bit(int64(off1)+int64(off2)) && canMergeSym(sym1, sym2) && (base.Op != OpSB || !config.ctxt.Flag_dynlink) + // result: (MOVHstore [off1+off2] {mergeSym(sym1,sym2)} base val mem) + for { + off1 := auxIntToInt32(v.AuxInt) +@@ -5199,7 +5219,7 @@ func rewriteValueRISCV64_OpRISCV64MOVHstore(v *Value) bool { + base := v_0.Args[0] + val := v_1 + mem := v_2 +- if !(is32Bit(int64(off1)+int64(off2)) && canMergeSym(sym1, sym2)) { ++ if !(is32Bit(int64(off1)+int64(off2)) && canMergeSym(sym1, sym2) && (base.Op != OpSB || !config.ctxt.Flag_dynlink)) { + break + } + v.reset(OpRISCV64MOVHstore) +@@ -5319,9 +5339,11 @@ func rewriteValueRISCV64_OpRISCV64MOVHstore(v *Value) bool { + func rewriteValueRISCV64_OpRISCV64MOVHstorezero(v *Value) bool { + v_1 := v.Args[1] + v_0 := v.Args[0] +- // match: (MOVHstorezero [off1] {sym1} (MOVaddr [off2] {sym2} ptr) mem) +- // cond: canMergeSym(sym1,sym2) && is32Bit(int64(off1)+int64(off2)) +- // result: (MOVHstorezero [off1+off2] {mergeSym(sym1,sym2)} ptr mem) ++ b := v.Block ++ config := b.Func.Config ++ // match: (MOVHstorezero [off1] {sym1} (MOVaddr [off2] {sym2} base) mem) ++ // cond: canMergeSym(sym1,sym2) && is32Bit(int64(off1)+int64(off2)) && (base.Op != OpSB || !config.ctxt.Flag_dynlink) ++ // result: (MOVHstorezero [off1+off2] {mergeSym(sym1,sym2)} base mem) + for { + off1 := auxIntToInt32(v.AuxInt) + sym1 := auxToSym(v.Aux) +@@ -5330,20 +5352,20 @@ func rewriteValueRISCV64_OpRISCV64MOVHstorezero(v *Value) bool { + } + off2 := auxIntToInt32(v_0.AuxInt) + sym2 := auxToSym(v_0.Aux) +- ptr := v_0.Args[0] ++ base := v_0.Args[0] + mem := v_1 +- if !(canMergeSym(sym1, sym2) && is32Bit(int64(off1)+int64(off2))) { ++ if !(canMergeSym(sym1, sym2) && is32Bit(int64(off1)+int64(off2)) && (base.Op != OpSB || !config.ctxt.Flag_dynlink)) { + break + } + v.reset(OpRISCV64MOVHstorezero) + v.AuxInt = int32ToAuxInt(off1 + off2) + v.Aux = symToAux(mergeSym(sym1, sym2)) +- v.AddArg2(ptr, mem) ++ v.AddArg2(base, mem) + return true + } +- // match: (MOVHstorezero [off1] {sym} (ADDI [off2] ptr) mem) ++ // match: (MOVHstorezero [off1] {sym} (ADDI [off2] base) mem) + // cond: is32Bit(int64(off1)+off2) +- // result: (MOVHstorezero [off1+int32(off2)] {sym} ptr mem) ++ // result: (MOVHstorezero [off1+int32(off2)] {sym} base mem) + for { + off1 := auxIntToInt32(v.AuxInt) + sym := auxToSym(v.Aux) +@@ -5351,7 +5373,7 @@ func rewriteValueRISCV64_OpRISCV64MOVHstorezero(v *Value) bool { + break + } + off2 := auxIntToInt64(v_0.AuxInt) +- ptr := v_0.Args[0] ++ base := v_0.Args[0] + mem := v_1 + if !(is32Bit(int64(off1) + off2)) { + break +@@ -5359,7 +5381,7 @@ func rewriteValueRISCV64_OpRISCV64MOVHstorezero(v *Value) bool { + v.reset(OpRISCV64MOVHstorezero) + v.AuxInt = int32ToAuxInt(off1 + int32(off2)) + v.Aux = symToAux(sym) +- v.AddArg2(ptr, mem) ++ v.AddArg2(base, mem) + return true + } + return false +@@ -5367,8 +5389,10 @@ func rewriteValueRISCV64_OpRISCV64MOVHstorezero(v *Value) bool { + func rewriteValueRISCV64_OpRISCV64MOVWUload(v *Value) bool { + v_1 := v.Args[1] + v_0 := v.Args[0] ++ b := v.Block ++ config := b.Func.Config + // match: (MOVWUload [off1] {sym1} (MOVaddr [off2] {sym2} base) mem) +- // cond: is32Bit(int64(off1)+int64(off2)) && canMergeSym(sym1, sym2) ++ // cond: is32Bit(int64(off1)+int64(off2)) && canMergeSym(sym1, sym2) && (base.Op != OpSB || !config.ctxt.Flag_dynlink) + // result: (MOVWUload [off1+off2] {mergeSym(sym1,sym2)} base mem) + for { + off1 := auxIntToInt32(v.AuxInt) +@@ -5380,7 +5404,7 @@ func rewriteValueRISCV64_OpRISCV64MOVWUload(v *Value) bool { + sym2 := auxToSym(v_0.Aux) + base := v_0.Args[0] + mem := v_1 +- if !(is32Bit(int64(off1)+int64(off2)) && canMergeSym(sym1, sym2)) { ++ if !(is32Bit(int64(off1)+int64(off2)) && canMergeSym(sym1, sym2) && (base.Op != OpSB || !config.ctxt.Flag_dynlink)) { + break + } + v.reset(OpRISCV64MOVWUload) +@@ -5555,8 +5579,10 @@ func rewriteValueRISCV64_OpRISCV64MOVWUreg(v *Value) bool { + func rewriteValueRISCV64_OpRISCV64MOVWload(v *Value) bool { + v_1 := v.Args[1] + v_0 := v.Args[0] ++ b := v.Block ++ config := b.Func.Config + // match: (MOVWload [off1] {sym1} (MOVaddr [off2] {sym2} base) mem) +- // cond: is32Bit(int64(off1)+int64(off2)) && canMergeSym(sym1, sym2) ++ // cond: is32Bit(int64(off1)+int64(off2)) && canMergeSym(sym1, sym2) && (base.Op != OpSB || !config.ctxt.Flag_dynlink) + // result: (MOVWload [off1+off2] {mergeSym(sym1,sym2)} base mem) + for { + off1 := auxIntToInt32(v.AuxInt) +@@ -5568,7 +5594,7 @@ func rewriteValueRISCV64_OpRISCV64MOVWload(v *Value) bool { + sym2 := auxToSym(v_0.Aux) + base := v_0.Args[0] + mem := v_1 +- if !(is32Bit(int64(off1)+int64(off2)) && canMergeSym(sym1, sym2)) { ++ if !(is32Bit(int64(off1)+int64(off2)) && canMergeSym(sym1, sym2) && (base.Op != OpSB || !config.ctxt.Flag_dynlink)) { + break + } + v.reset(OpRISCV64MOVWload) +@@ -5879,8 +5905,10 @@ func rewriteValueRISCV64_OpRISCV64MOVWstore(v *Value) bool { + v_2 := v.Args[2] + v_1 := v.Args[1] + v_0 := v.Args[0] ++ b := v.Block ++ config := b.Func.Config + // match: (MOVWstore [off1] {sym1} (MOVaddr [off2] {sym2} base) val mem) +- // cond: is32Bit(int64(off1)+int64(off2)) && canMergeSym(sym1, sym2) ++ // cond: is32Bit(int64(off1)+int64(off2)) && canMergeSym(sym1, sym2) && (base.Op != OpSB || !config.ctxt.Flag_dynlink) + // result: (MOVWstore [off1+off2] {mergeSym(sym1,sym2)} base val mem) + for { + off1 := auxIntToInt32(v.AuxInt) +@@ -5893,7 +5921,7 @@ func rewriteValueRISCV64_OpRISCV64MOVWstore(v *Value) bool { + base := v_0.Args[0] + val := v_1 + mem := v_2 +- if !(is32Bit(int64(off1)+int64(off2)) && canMergeSym(sym1, sym2)) { ++ if !(is32Bit(int64(off1)+int64(off2)) && canMergeSym(sym1, sym2) && (base.Op != OpSB || !config.ctxt.Flag_dynlink)) { + break + } + v.reset(OpRISCV64MOVWstore) +@@ -5979,9 +6007,11 @@ func rewriteValueRISCV64_OpRISCV64MOVWstore(v *Value) bool { + func rewriteValueRISCV64_OpRISCV64MOVWstorezero(v *Value) bool { + v_1 := v.Args[1] + v_0 := v.Args[0] +- // match: (MOVWstorezero [off1] {sym1} (MOVaddr [off2] {sym2} ptr) mem) +- // cond: canMergeSym(sym1,sym2) && is32Bit(int64(off1)+int64(off2)) +- // result: (MOVWstorezero [off1+off2] {mergeSym(sym1,sym2)} ptr mem) ++ b := v.Block ++ config := b.Func.Config ++ // match: (MOVWstorezero [off1] {sym1} (MOVaddr [off2] {sym2} base) mem) ++ // cond: canMergeSym(sym1,sym2) && is32Bit(int64(off1)+int64(off2)) && (base.Op != OpSB || !config.ctxt.Flag_dynlink) ++ // result: (MOVWstorezero [off1+off2] {mergeSym(sym1,sym2)} base mem) + for { + off1 := auxIntToInt32(v.AuxInt) + sym1 := auxToSym(v.Aux) +@@ -5990,20 +6020,20 @@ func rewriteValueRISCV64_OpRISCV64MOVWstorezero(v *Value) bool { + } + off2 := auxIntToInt32(v_0.AuxInt) + sym2 := auxToSym(v_0.Aux) +- ptr := v_0.Args[0] ++ base := v_0.Args[0] + mem := v_1 +- if !(canMergeSym(sym1, sym2) && is32Bit(int64(off1)+int64(off2))) { ++ if !(canMergeSym(sym1, sym2) && is32Bit(int64(off1)+int64(off2)) && (base.Op != OpSB || !config.ctxt.Flag_dynlink)) { + break + } + v.reset(OpRISCV64MOVWstorezero) + v.AuxInt = int32ToAuxInt(off1 + off2) + v.Aux = symToAux(mergeSym(sym1, sym2)) +- v.AddArg2(ptr, mem) ++ v.AddArg2(base, mem) + return true + } +- // match: (MOVWstorezero [off1] {sym} (ADDI [off2] ptr) mem) ++ // match: (MOVWstorezero [off1] {sym} (ADDI [off2] base) mem) + // cond: is32Bit(int64(off1)+off2) +- // result: (MOVWstorezero [off1+int32(off2)] {sym} ptr mem) ++ // result: (MOVWstorezero [off1+int32(off2)] {sym} base mem) + for { + off1 := auxIntToInt32(v.AuxInt) + sym := auxToSym(v.Aux) +@@ -6011,7 +6041,7 @@ func rewriteValueRISCV64_OpRISCV64MOVWstorezero(v *Value) bool { + break + } + off2 := auxIntToInt64(v_0.AuxInt) +- ptr := v_0.Args[0] ++ base := v_0.Args[0] + mem := v_1 + if !(is32Bit(int64(off1) + off2)) { + break +@@ -6019,7 +6049,7 @@ func rewriteValueRISCV64_OpRISCV64MOVWstorezero(v *Value) bool { + v.reset(OpRISCV64MOVWstorezero) + v.AuxInt = int32ToAuxInt(off1 + int32(off2)) + v.Aux = symToAux(sym) +- v.AddArg2(ptr, mem) ++ v.AddArg2(base, mem) + return true + } + return false diff --git a/1003-CVE-2025-22874-crypto-x509-decouple-key-usage-and-po.patch b/1003-CVE-2025-22874-crypto-x509-decouple-key-usage-and-po.patch new file mode 100644 index 0000000..9c01f02 --- /dev/null +++ b/1003-CVE-2025-22874-crypto-x509-decouple-key-usage-and-po.patch @@ -0,0 +1,140 @@ +From 8cc22cc92b6941aaefe9c18b88662f5088228e92 Mon Sep 17 00:00:00 2001 +From: Roland Shoemaker <roland@golang.org> +Date: Tue, 6 May 2025 09:27:10 -0700 +Subject: [PATCH] crypto/x509: decouple key usage and policy validation +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Disabling key usage validation (by passing ExtKeyUsageAny) +unintentionally disabled policy validation. This change decouples these +two checks, preventing the user from unintentionally disabling policy +validation. + +Thanks to Krzysztof Skrzętnicki (@Tener) of Teleport for reporting this +issue. + +Fixes #73612 +Fixes CVE-2025-22874 + +Confict: no +Reference:https://go-review.googlesource.com/c/go/+/670375 + +Change-Id: Iec8f080a8879a3dd44cb3da30352fa3e7f539d40 +Reviewed-on: https://go-review.googlesource.com/c/go/+/670375 +Reviewed-by: Daniel McCarney <daniel@binaryparadox.net> +Reviewed-by: Cherry Mui <cherryyz@google.com> +Reviewed-by: Ian Stapleton Cordasco <graffatcolmingov@gmail.com> +LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> +Signed-off-by: jichao wu <wujichao1@huawei.com> +--- + src/crypto/x509/verify.go | 32 +++++++++++++++++++++--------- + src/crypto/x509/verify_test.go | 36 ++++++++++++++++++++++++++++++++++ + 2 files changed, 59 insertions(+), 9 deletions(-) + +diff --git a/src/crypto/x509/verify.go b/src/crypto/x509/verify.go +index 5fe93c6..7cc0fb2 100644 +--- a/src/crypto/x509/verify.go ++++ b/src/crypto/x509/verify.go +@@ -841,31 +841,45 @@ func (c *Certificate) Verify(opts VerifyOptions) (chains [][]*Certificate, err e + } + } + +- if len(opts.KeyUsages) == 0 { +- opts.KeyUsages = []ExtKeyUsage{ExtKeyUsageServerAuth} ++ chains = make([][]*Certificate, 0, len(candidateChains)) ++ ++ var invalidPoliciesChains int ++ for _, candidate := range candidateChains { ++ if !policiesValid(candidate, opts) { ++ invalidPoliciesChains++ ++ continue ++ } ++ chains = append(chains, candidate) ++ } ++ ++ if len(chains) == 0 { ++ return nil, CertificateInvalidError{c, NoValidChains, "all candidate chains have invalid policies"} + } + + for _, eku := range opts.KeyUsages { + if eku == ExtKeyUsageAny { + // If any key usage is acceptable, no need to check the chain for + // key usages. +- return candidateChains, nil ++ return chains, nil + } + } + +- chains = make([][]*Certificate, 0, len(candidateChains)) +- var incompatibleKeyUsageChains, invalidPoliciesChains int ++ if len(opts.KeyUsages) == 0 { ++ opts.KeyUsages = []ExtKeyUsage{ExtKeyUsageServerAuth} ++ } ++ ++ candidateChains = chains ++ chains = chains[:0] ++ ++ var incompatibleKeyUsageChains int + for _, candidate := range candidateChains { + if !checkChainForKeyUsage(candidate, opts.KeyUsages) { + incompatibleKeyUsageChains++ + continue + } +- if !policiesValid(candidate, opts) { +- invalidPoliciesChains++ +- continue +- } + chains = append(chains, candidate) + } ++ + if len(chains) == 0 { + var details []string + if incompatibleKeyUsageChains > 0 { +diff --git a/src/crypto/x509/verify_test.go b/src/crypto/x509/verify_test.go +index 1175e7d..7991f49 100644 +--- a/src/crypto/x509/verify_test.go ++++ b/src/crypto/x509/verify_test.go +@@ -3012,3 +3012,39 @@ func TestPoliciesValid(t *testing.T) { + }) + } + } ++ ++func TestInvalidPolicyWithAnyKeyUsage(t *testing.T) { ++ loadTestCert := func(t *testing.T, path string) *Certificate { ++ b, err := os.ReadFile(path) ++ if err != nil { ++ t.Fatal(err) ++ } ++ p, _ := pem.Decode(b) ++ c, err := ParseCertificate(p.Bytes) ++ if err != nil { ++ t.Fatal(err) ++ } ++ return c ++ } ++ ++ testOID3 := mustNewOIDFromInts([]uint64{1, 2, 840, 113554, 4, 1, 72585, 2, 3}) ++ root, intermediate, leaf := loadTestCert(t, "testdata/policy_root.pem"), loadTestCert(t, "testdata/policy_intermediate_require.pem"), loadTestCert(t, "testdata/policy_leaf.pem") ++ ++ expectedErr := "x509: no valid chains built: all candidate chains have invalid policies" ++ ++ roots, intermediates := NewCertPool(), NewCertPool() ++ roots.AddCert(root) ++ intermediates.AddCert(intermediate) ++ ++ _, err := leaf.Verify(VerifyOptions{ ++ Roots: roots, ++ Intermediates: intermediates, ++ KeyUsages: []ExtKeyUsage{ExtKeyUsageAny}, ++ CertificatePolicies: []OID{testOID3}, ++ }) ++ if err == nil { ++ t.Fatal("unexpected success, invalid policy shouldn't be bypassed by passing VerifyOptions.KeyUsages with ExtKeyUsageAny") ++ } else if err.Error() != expectedErr { ++ t.Fatalf("unexpected error, got %q, want %q", err, expectedErr) ++ } ++} +-- +2.33.0 + diff --git a/1004-CVE-2025-4673-net-http-strip-sensitive-proxy-headers.patch b/1004-CVE-2025-4673-net-http-strip-sensitive-proxy-headers.patch new file mode 100644 index 0000000..44a575b --- /dev/null +++ b/1004-CVE-2025-4673-net-http-strip-sensitive-proxy-headers.patch @@ -0,0 +1,67 @@ +From 709fda0a42b8ffde78136af52e02f260622926fa Mon Sep 17 00:00:00 2001 +From: Neal Patel <nealpatel@google.com> +Date: Wed, 21 May 2025 14:11:44 -0400 +Subject: [PATCH] net/http: strip sensitive proxy headers from redirect + requests + +Similarly to Authentication entries, Proxy-Authentication entries should be stripped to ensure sensitive information is not leaked on redirects outside of the original domain. + +https://fetch.spec.whatwg.org/#authentication-entries + +Thanks to Takeshi Kaneko (GMO Cybersecurity by Ierae, Inc.) for reporting this issue. + +Updates golang/go#73816 +Fixes golang/go#73905 +Fixes CVE-2025-4673 + +Confict: no +Reference:https://go-review.googlesource.com/c/go/+/679255 + +Change-Id: I1615f31977a2fd014fbc12aae43f82692315a6d0 +Reviewed-on: https://go-review.googlesource.com/c/go/+/679255 +LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> +Reviewed-by: Michael Knyszek <mknyszek@google.com> +Signed-off-by: jichao wu <wujichao1@huawei.com> +--- + src/net/http/client.go | 3 ++- + src/net/http/client_test.go | 3 +++ + 2 files changed, 5 insertions(+), 1 deletion(-) + +diff --git a/src/net/http/client.go b/src/net/http/client.go +index 9231f63..a814cf3 100644 +--- a/src/net/http/client.go ++++ b/src/net/http/client.go +@@ -805,7 +805,8 @@ func (c *Client) makeHeadersCopier(ireq *Request) func(req *Request, stripSensit + for k, vv := range ireqhdr { + sensitive := false + switch CanonicalHeaderKey(k) { +- case "Authorization", "Www-Authenticate", "Cookie", "Cookie2": ++ case "Authorization", "Www-Authenticate", "Cookie", "Cookie2", ++ "Proxy-Authorization", "Proxy-Authenticate": + sensitive = true + } + if !(sensitive && stripSensitiveHeaders) { +diff --git a/src/net/http/client_test.go b/src/net/http/client_test.go +index 1ce9539..8ab4f58 100644 +--- a/src/net/http/client_test.go ++++ b/src/net/http/client_test.go +@@ -1547,6 +1547,8 @@ func testClientStripHeadersOnRepeatedRedirect(t *testing.T, mode testMode) { + if r.Host+r.URL.Path != "a.example.com/" { + if h := r.Header.Get("Authorization"); h != "" { + t.Errorf("on request to %v%v, Authorization=%q, want no header", r.Host, r.URL.Path, h) ++ } else if h := r.Header.Get("Proxy-Authorization"); h != "" { ++ t.Errorf("on request to %v%v, Proxy-Authorization=%q, want no header", r.Host, r.URL.Path, h) + } + } + // Follow a chain of redirects from a to b and back to a. +@@ -1575,6 +1577,7 @@ func testClientStripHeadersOnRepeatedRedirect(t *testing.T, mode testMode) { + req, _ := NewRequest("GET", proto+"://a.example.com/", nil) + req.Header.Add("Cookie", "foo=bar") + req.Header.Add("Authorization", "secretpassword") ++ req.Header.Add("Proxy-Authorization", "secretpassword") + res, err := c.Do(req) + if err != nil { + t.Fatal(err) +-- +2.33.0 + diff --git a/1005-CVE-2025-47907-avoid-closing-rows.patch b/1005-CVE-2025-47907-avoid-closing-rows.patch new file mode 100644 index 0000000..1c35eff --- /dev/null +++ b/1005-CVE-2025-47907-avoid-closing-rows.patch @@ -0,0 +1,333 @@ +From 83b4a5db240960720e51b7d5a6da1f399bd868ee Mon Sep 17 00:00:00 2001 +From: Damien Neil <dneil@google.com> +Date: Wed, 23 Jul 2025 14:26:54 -0700 +Subject: [PATCH] [release-branch.go1.24] database/sql: avoid closing Rows + while scan is in progress + +A database/sql/driver.Rows can return database-owned data +from Rows.Next. The driver.Rows documentation doesn't explicitly +document the lifetime guarantees for this data, but a reasonable +expectation is that the caller of Next should only access it +until the next call to Rows.Close or Rows.Next. + +Avoid violating that constraint when a query is cancelled while +a call to database/sql.Rows.Scan (note the difference between +the two different Rows types!) is in progress. We previously +took care to avoid closing a driver.Rows while the user has +access to driver-owned memory via a RawData, but we could still +close a driver.Rows while a Scan call was in the process of +reading previously-returned driver-owned data. + +Update the fake DB used in database/sql tests to invalidate +returned data to help catch other places we might be +incorrectly retaining it. + +Updates #74831 +Fixes #74833 + +Change-Id: Ice45b5fad51b679c38e3e1d21ef39156b56d6037 +Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2540 +Reviewed-by: Roland Shoemaker <bracewell@google.com> +Reviewed-by: Neal Patel <nealpatel@google.com> +Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2620 +Reviewed-on: https://go-review.googlesource.com/c/go/+/693616 +Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> +Auto-Submit: Dmitri Shuralyov <dmitshur@google.com> +TryBot-Bypass: Dmitri Shuralyov <dmitshur@golang.org> +Reviewed-by: Mark Freeman <markfreeman@google.com> +--- + src/database/sql/convert.go | 2 -- + src/database/sql/fakedb_test.go | 47 ++++++++++++------------ + src/database/sql/sql.go | 26 +++++++------- + src/database/sql/sql_test.go | 64 ++++++++++++++++++++++++++++----- + 4 files changed, 90 insertions(+), 49 deletions(-) + +diff --git a/src/database/sql/convert.go b/src/database/sql/convert.go +index 65fdfe6fa8c3ad..26b139ababd178 100644 +--- a/src/database/sql/convert.go ++++ b/src/database/sql/convert.go +@@ -335,7 +335,6 @@ func convertAssignRows(dest, src any, rows *Rows) error { + if rows == nil { + return errors.New("invalid context to convert cursor rows, missing parent *Rows") + } +- rows.closemu.Lock() + *d = Rows{ + dc: rows.dc, + releaseConn: func(error) {}, +@@ -351,7 +350,6 @@ func convertAssignRows(dest, src any, rows *Rows) error { + parentCancel() + } + } +- rows.closemu.Unlock() + return nil + } + } +diff --git a/src/database/sql/fakedb_test.go b/src/database/sql/fakedb_test.go +index 3dfcd447b52bca..003e6c62986f31 100644 +--- a/src/database/sql/fakedb_test.go ++++ b/src/database/sql/fakedb_test.go +@@ -5,6 +5,7 @@ + package sql + + import ( ++ "bytes" + "context" + "database/sql/driver" + "errors" +@@ -15,7 +16,6 @@ import ( + "strconv" + "strings" + "sync" +- "sync/atomic" + "testing" + "time" + ) +@@ -91,8 +91,6 @@ func (cc *fakeDriverCtx) OpenConnector(name string) (driver.Connector, error) { + type fakeDB struct { + name string + +- useRawBytes atomic.Bool +- + mu sync.Mutex + tables map[string]*table + badConn bool +@@ -684,8 +682,6 @@ func (c *fakeConn) PrepareContext(ctx context.Context, query string) (driver.Stm + switch cmd { + case "WIPE": + // Nothing +- case "USE_RAWBYTES": +- c.db.useRawBytes.Store(true) + case "SELECT": + stmt, err = c.prepareSelect(stmt, parts) + case "CREATE": +@@ -789,9 +785,6 @@ func (s *fakeStmt) ExecContext(ctx context.Context, args []driver.NamedValue) (d + case "WIPE": + db.wipe() + return driver.ResultNoRows, nil +- case "USE_RAWBYTES": +- s.c.db.useRawBytes.Store(true) +- return driver.ResultNoRows, nil + case "CREATE": + if err := db.createTable(s.table, s.colName, s.colType); err != nil { + return nil, err +@@ -1076,10 +1069,9 @@ type rowsCursor struct { + errPos int + err error + +- // a clone of slices to give out to clients, indexed by the +- // original slice's first byte address. we clone them +- // just so we're able to corrupt them on close. +- bytesClone map[*byte][]byte ++ // Data returned to clients. ++ // We clone and stash it here so it can be invalidated by Close and Next. ++ driverOwnedMemory [][]byte + + // Every operation writes to line to enable the race detector + // check for data races. +@@ -1096,9 +1088,19 @@ func (rc *rowsCursor) touchMem() { + rc.line++ + } + ++func (rc *rowsCursor) invalidateDriverOwnedMemory() { ++ for _, buf := range rc.driverOwnedMemory { ++ for i := range buf { ++ buf[i] = 'x' ++ } ++ } ++ rc.driverOwnedMemory = nil ++} ++ + func (rc *rowsCursor) Close() error { + rc.touchMem() + rc.parentMem.touchMem() ++ rc.invalidateDriverOwnedMemory() + rc.closed = true + return rc.closeErr + } +@@ -1129,6 +1131,8 @@ func (rc *rowsCursor) Next(dest []driver.Value) error { + if rc.posRow >= len(rc.rows[rc.posSet]) { + return io.EOF // per interface spec + } ++ // Corrupt any previously returned bytes. ++ rc.invalidateDriverOwnedMemory() + for i, v := range rc.rows[rc.posSet][rc.posRow].cols { + // TODO(bradfitz): convert to subset types? naah, I + // think the subset types should only be input to +@@ -1136,20 +1140,13 @@ func (rc *rowsCursor) Next(dest []driver.Value) error { + // a wider range of types coming out of drivers. all + // for ease of drivers, and to prevent drivers from + // messing up conversions or doing them differently. +- dest[i] = v +- +- if bs, ok := v.([]byte); ok && !rc.db.useRawBytes.Load() { +- if rc.bytesClone == nil { +- rc.bytesClone = make(map[*byte][]byte) +- } +- clone, ok := rc.bytesClone[&bs[0]] +- if !ok { +- clone = make([]byte, len(bs)) +- copy(clone, bs) +- rc.bytesClone[&bs[0]] = clone +- } +- dest[i] = clone ++ if bs, ok := v.([]byte); ok { ++ // Clone []bytes and stash for later invalidation. ++ bs = bytes.Clone(bs) ++ rc.driverOwnedMemory = append(rc.driverOwnedMemory, bs) ++ v = bs + } ++ dest[i] = v + } + return nil + } +diff --git a/src/database/sql/sql.go b/src/database/sql/sql.go +index eddb647ed0cd8b..1cbb52ceaea5ee 100644 +--- a/src/database/sql/sql.go ++++ b/src/database/sql/sql.go +@@ -3368,38 +3368,36 @@ func (rs *Rows) Scan(dest ...any) error { + // without calling Next. + return fmt.Errorf("sql: Scan called without calling Next (closemuScanHold)") + } ++ + rs.closemu.RLock() ++ rs.raw = rs.raw[:0] ++ err := rs.scanLocked(dest...) ++ if err == nil && scanArgsContainRawBytes(dest) { ++ rs.closemuScanHold = true ++ } else { ++ rs.closemu.RUnlock() ++ } ++ return err ++} + ++func (rs *Rows) scanLocked(dest ...any) error { + if rs.lasterr != nil && rs.lasterr != io.EOF { +- rs.closemu.RUnlock() + return rs.lasterr + } + if rs.closed { +- err := rs.lasterrOrErrLocked(errRowsClosed) +- rs.closemu.RUnlock() +- return err +- } +- +- if scanArgsContainRawBytes(dest) { +- rs.closemuScanHold = true +- rs.raw = rs.raw[:0] +- } else { +- rs.closemu.RUnlock() ++ return rs.lasterrOrErrLocked(errRowsClosed) + } + + if rs.lastcols == nil { +- rs.closemuRUnlockIfHeldByScan() + return errors.New("sql: Scan called without calling Next") + } + if len(dest) != len(rs.lastcols) { +- rs.closemuRUnlockIfHeldByScan() + return fmt.Errorf("sql: expected %d destination arguments in Scan, not %d", len(rs.lastcols), len(dest)) + } + + for i, sv := range rs.lastcols { + err := convertAssignRows(dest[i], sv, rs) + if err != nil { +- rs.closemuRUnlockIfHeldByScan() + return fmt.Errorf(`sql: Scan error on column index %d, name %q: %w`, i, rs.rowsi.Columns()[i], err) + } + } +diff --git a/src/database/sql/sql_test.go b/src/database/sql/sql_test.go +index db1d8b3c6b65ef..cf3dcc74951060 100644 +--- a/src/database/sql/sql_test.go ++++ b/src/database/sql/sql_test.go +@@ -5,6 +5,7 @@ + package sql + + import ( ++ "bytes" + "context" + "database/sql/driver" + "errors" +@@ -4446,10 +4447,6 @@ func testContextCancelDuringRawBytesScan(t *testing.T, mode string) { + db := newTestDB(t, "people") + defer closeDB(t, db) + +- if _, err := db.Exec("USE_RAWBYTES"); err != nil { +- t.Fatal(err) +- } +- + // cancel used to call close asynchronously. + // This test checks that it waits so as not to interfere with RawBytes. + ctx, cancel := context.WithCancel(context.Background()) +@@ -4541,6 +4538,61 @@ func TestContextCancelBetweenNextAndErr(t *testing.T) { + } + } + ++type testScanner struct { ++ scanf func(src any) error ++} ++ ++func (ts testScanner) Scan(src any) error { return ts.scanf(src) } ++ ++func TestContextCancelDuringScan(t *testing.T) { ++ db := newTestDB(t, "people") ++ defer closeDB(t, db) ++ ++ ctx, cancel := context.WithCancel(context.Background()) ++ defer cancel() ++ ++ scanStart := make(chan any) ++ scanEnd := make(chan error) ++ scanner := &testScanner{ ++ scanf: func(src any) error { ++ scanStart <- src ++ return <-scanEnd ++ }, ++ } ++ ++ // Start a query, and pause it mid-scan. ++ want := []byte("Alice") ++ r, err := db.QueryContext(ctx, "SELECT|people|name|name=?", string(want)) ++ if err != nil { ++ t.Fatal(err) ++ } ++ if !r.Next() { ++ t.Fatalf("r.Next() = false, want true") ++ } ++ go func() { ++ r.Scan(scanner) ++ }() ++ got := <-scanStart ++ defer close(scanEnd) ++ gotBytes, ok := got.([]byte) ++ if !ok { ++ t.Fatalf("r.Scan returned %T, want []byte", got) ++ } ++ if !bytes.Equal(gotBytes, want) { ++ t.Fatalf("before cancel: r.Scan returned %q, want %q", gotBytes, want) ++ } ++ ++ // Cancel the query. ++ // Sleep to give it a chance to finish canceling. ++ cancel() ++ time.Sleep(10 * time.Millisecond) ++ ++ // Cancelling the query should not have changed the result. ++ if !bytes.Equal(gotBytes, want) { ++ t.Fatalf("after cancel: r.Scan result is now %q, want %q", gotBytes, want) ++ } ++} ++ + func TestNilErrorAfterClose(t *testing.T) { + db := newTestDB(t, "people") + defer closeDB(t, db) +@@ -4574,10 +4626,6 @@ func TestRawBytesReuse(t *testing.T) { + db := newTestDB(t, "people") + defer closeDB(t, db) + +- if _, err := db.Exec("USE_RAWBYTES"); err != nil { +- t.Fatal(err) +- } +- + var raw RawBytes + + // The RawBytes in this query aliases driver-owned memory. diff --git a/1006-CVE-2025-4674-disable-support-for-multiple-vcs-in-one-module.patch b/1006-CVE-2025-4674-disable-support-for-multiple-vcs-in-one-module.patch new file mode 100644 index 0000000..f3e58c5 --- /dev/null +++ b/1006-CVE-2025-4674-disable-support-for-multiple-vcs-in-one-module.patch @@ -0,0 +1,335 @@ +From 3272f15571e38a2e55c5f8b505636bddd2706b3c Mon Sep 17 00:00:00 2001 +From: Roland Shoemaker <bracewell@google.com> +Date: Mon, 9 Jun 2025 11:23:46 -0700 +Subject: [PATCH] [release-branch.go1.23] cmd/go: disable support for multiple + vcs in one module + +Removes the somewhat redundant vcs.FromDir, "allowNesting" argument, +which was always enabled, and disallow multiple VCS metadata folders +being present in a single directory. This makes VCS injection attacks +much more difficult. + +Also adds a GODEBUG, allowmultiplevcs, which re-enables this behavior. + +Thanks to RyotaK (https://ryotak.net) of GMO Flatt Security Inc for +reporting this issue. + +Updates #74380 +Fixes #74382 +Fixes CVE-2025-4674 + +--- + doc/godebug.md | 4 ++ + src/cmd/go/internal/modfetch/repo.go | 2 +- + src/cmd/go/internal/load/pkg.go | 14 ++--- + src/cmd/go/internal/vcs/vcs.go | 28 ++++++---- + src/cmd/go/internal/vcs/vcs_test.go | 2 +- + src/cmd/go/testdata/script/test_multivcs.txt | 54 +++++++++++++++++++ + .../script/version_buildvcs_nested.txt | 20 +++++-- + src/internal/godebugs/godebugs_test.go | 3 +- + src/internal/godebugs/table.go | 1 + + src/runtime/metrics/doc.go | 5 ++ + 9 files changed, 108 insertions(+), 23 deletions(-) + create mode 100644 src/cmd/go/testdata/script/test_multivcs.txt + +diff --git a/doc/godebug.md b/doc/godebug.md +index cdc09dd..5eb5018 100644 +--- a/doc/godebug.md ++++ b/doc/godebug.md +@@ -283,6 +283,10 @@ when serving an error. This behavior is controlled by + the [`httpservecontentkeepheaders` setting](/pkg/net/http#ServeContent). + Using `httpservecontentkeepheaders=1` restores the pre-Go 1.23 behavior. + ++Go 1.23.11 disabled build information stamping when multiple VCS are detected due ++to concerns around VCS injection attacks. This behavior can be renabled with the ++setting `allowmultiplevcs=1`. ++ + ### Go 1.22 + + Go 1.22 adds a configurable limit to control the maximum acceptable RSA key size +diff --git a/src/cmd/go/internal/modfetch/repo.go b/src/cmd/go/internal/modfetch/repo.go +index 782d1da..1b5cfc2 100644 +--- a/src/cmd/go/internal/modfetch/repo.go ++++ b/src/cmd/go/internal/modfetch/repo.go +@@ -230,7 +230,7 @@ func LookupLocal(ctx context.Context, path string) Repo { + + return lookupLocalCache.Do(path, func() Repo { + return newCachingRepo(ctx, path, func(ctx context.Context) (Repo, error) { +- repoDir, vcsCmd, err := vcs.FromDir(path, "", true) ++ repoDir, vcsCmd, err := vcs.FromDir(path, "") + if err != nil { + return nil, err + } +diff --git a/src/cmd/go/internal/load/pkg.go b/src/cmd/go/internal/load/pkg.go +index 15f6b2e..ad38253 100644 +--- a/src/cmd/go/internal/load/pkg.go ++++ b/src/cmd/go/internal/load/pkg.go +@@ -2474,7 +2474,6 @@ func (p *Package) setBuildInfo(ctx context.Context, autoVCS bool) { + var repoDir string + var vcsCmd *vcs.Cmd + var err error +- const allowNesting = true + + wantVCS := false + switch cfg.BuildBuildvcs { +@@ -2494,7 +2493,7 @@ func (p *Package) setBuildInfo(ctx context.Context, autoVCS bool) { + // (so the bootstrap toolchain packages don't even appear to be in GOROOT). + goto omitVCS + } +- repoDir, vcsCmd, err = vcs.FromDir(base.Cwd(), "", allowNesting) ++ repoDir, vcsCmd, err = vcs.FromDir(base.Cwd(), "") + if err != nil && !errors.Is(err, os.ErrNotExist) { + setVCSError(err) + return +@@ -2517,10 +2516,11 @@ func (p *Package) setBuildInfo(ctx context.Context, autoVCS bool) { + } + if repoDir != "" && vcsCmd.Status != nil { + // Check that the current directory, package, and module are in the same +- // repository. vcs.FromDir allows nested Git repositories, but nesting +- // is not allowed for other VCS tools. The current directory may be outside +- // p.Module.Dir when a workspace is used. +- pkgRepoDir, _, err := vcs.FromDir(p.Dir, "", allowNesting) ++ // repository. vcs.FromDir disallows nested VCS and multiple VCS in the ++ // same repository, unless the GODEBUG allowmultiplevcs is set. The ++ // current directory may be outside p.Module.Dir when a workspace is ++ // used. ++ pkgRepoDir, _, err := vcs.FromDir(p.Dir, "") + if err != nil { + setVCSError(err) + return +@@ -2532,7 +2532,7 @@ func (p *Package) setBuildInfo(ctx context.Context, autoVCS bool) { + } + goto omitVCS + } +- modRepoDir, _, err := vcs.FromDir(p.Module.Dir, "", allowNesting) ++ modRepoDir, _, err := vcs.FromDir(p.Module.Dir, "") + if err != nil { + setVCSError(err) + return +diff --git a/src/cmd/go/internal/vcs/vcs.go b/src/cmd/go/internal/vcs/vcs.go +index 1d10c7f..ffd6585 100644 +--- a/src/cmd/go/internal/vcs/vcs.go ++++ b/src/cmd/go/internal/vcs/vcs.go +@@ -8,6 +8,7 @@ import ( + "bytes" + "errors" + "fmt" ++ "internal/godebug" + "internal/lazyregexp" + "internal/singleflight" + "io/fs" +@@ -839,11 +840,13 @@ type vcsPath struct { + schemelessRepo bool // if true, the repo pattern lacks a scheme + } + ++var allowmultiplevcs = godebug.New("allowmultiplevcs") ++ + // FromDir inspects dir and its parents to determine the + // version control system and code repository to use. + // If no repository is found, FromDir returns an error + // equivalent to os.ErrNotExist. +-func FromDir(dir, srcRoot string, allowNesting bool) (repoDir string, vcsCmd *Cmd, err error) { ++func FromDir(dir, srcRoot string) (repoDir string, vcsCmd *Cmd, err error) { + // Clean and double-check that dir is in (a subdirectory of) srcRoot. + dir = filepath.Clean(dir) + if srcRoot != "" { +@@ -857,21 +860,28 @@ func FromDir(dir, srcRoot string, allowNesting bool) (repoDir string, vcsCmd *Cm + for len(dir) > len(srcRoot) { + for _, vcs := range vcsList { + if isVCSRoot(dir, vcs.RootNames) { +- // Record first VCS we find. +- // If allowNesting is false (as it is in GOPATH), keep looking for +- // repositories in parent directories and report an error if one is +- // found to mitigate VCS injection attacks. + if vcsCmd == nil { ++ // Record first VCS we find. + vcsCmd = vcs + repoDir = dir +- if allowNesting { ++ if allowmultiplevcs.Value() == "1" { ++ allowmultiplevcs.IncNonDefault() + return repoDir, vcsCmd, nil + } ++ // If allowmultiplevcs is not set, keep looking for ++ // repositories in current and parent directories and report ++ // an error if one is found to mitigate VCS injection ++ // attacks. ++ continue ++ } ++ if vcsCmd == vcsGit && vcs == vcsGit { ++ // Nested Git is allowed, as this is how things like ++ // submodules work. Git explicitly protects against ++ // injection against itself. + continue + } +- // Otherwise, we have one VCS inside a different VCS. +- return "", nil, fmt.Errorf("directory %q uses %s, but parent %q uses %s", +- repoDir, vcsCmd.Cmd, dir, vcs.Cmd) ++ return "", nil, fmt.Errorf("multiple VCS detected: %s in %q, and %s in %q", ++ vcsCmd.Cmd, repoDir, vcs.Cmd, dir) + } + } + +diff --git a/src/cmd/go/internal/vcs/vcs_test.go b/src/cmd/go/internal/vcs/vcs_test.go +index 2ce85ea..06e63c2 100644 +--- a/src/cmd/go/internal/vcs/vcs_test.go ++++ b/src/cmd/go/internal/vcs/vcs_test.go +@@ -239,7 +239,7 @@ func TestFromDir(t *testing.T) { + } + + wantRepoDir := filepath.Dir(dir) +- gotRepoDir, gotVCS, err := FromDir(dir, tempDir, false) ++ gotRepoDir, gotVCS, err := FromDir(dir, tempDir) + if err != nil { + t.Errorf("FromDir(%q, %q): %v", dir, tempDir, err) + continue +diff --git a/src/cmd/go/testdata/script/test_multivcs.txt b/src/cmd/go/testdata/script/test_multivcs.txt +new file mode 100644 +index 0000000..538cbf7 +--- /dev/null ++++ b/src/cmd/go/testdata/script/test_multivcs.txt +@@ -0,0 +1,54 @@ ++# To avoid VCS injection attacks, we should not accept multiple different VCS metadata ++# folders within a single module (either in the same directory, or nested in different ++# directories.) ++# ++# This behavior should be disabled by setting the allowmultiplevcs GODEBUG. ++ ++[short] skip ++[!git] skip ++ ++cd samedir ++ ++exec git init . ++ ++# Without explicitly requesting buildvcs, the go command should silently continue ++# without determining the correct VCS. ++go test -c -o $devnull . ++ ++# If buildvcs is explicitly requested, we expect the go command to fail ++! go test -buildvcs -c -o $devnull . ++stderr '^error obtaining VCS status: multiple VCS detected:' ++ ++env GODEBUG=allowmultiplevcs=1 ++go test -buildvcs -c -o $devnull . ++ ++env GODEBUG= ++cd ../nested ++exec git init . ++# cd a ++go test -c -o $devnull ./a ++! go test -buildvcs -c -o $devnull ./a ++stderr '^error obtaining VCS status: multiple VCS detected:' ++# allowmultiplevcs doesn't disable the check that the current directory, package, and ++# module are in the same repository. ++env GODEBUG=allowmultiplevcs=1 ++! go test -buildvcs -c -o $devnull ./a ++stderr '^error obtaining VCS status: main package is in repository' ++ ++-- samedir/go.mod -- ++module example ++ ++go 1.18 ++-- samedir/example.go -- ++package main ++-- samedir/.bzr/test -- ++hello ++ ++-- nested/go.mod -- ++module example ++ ++go 1.18 ++-- nested/a/example.go -- ++package main ++-- nested/a/.bzr/test -- ++hello +diff --git a/src/cmd/go/testdata/script/version_buildvcs_nested.txt b/src/cmd/go/testdata/script/version_buildvcs_nested.txt +index 6dab847..22cd71c 100644 +--- a/src/cmd/go/testdata/script/version_buildvcs_nested.txt ++++ b/src/cmd/go/testdata/script/version_buildvcs_nested.txt +@@ -9,25 +9,35 @@ cd root + go mod init example.com/root + exec git init + +-# Nesting repositories in parent directories are ignored, as the current +-# directory main package, and containing main module are in the same repository. +-# This is an error in GOPATH mode (to prevent VCS injection), but for modules, +-# we assume users have control over repositories they've checked out. ++ ++# Nesting repositories in parent directories are an error, to prevent VCS injection. ++# This can be disabled with the allowmultiplevcs GODEBUG. + mkdir hgsub + cd hgsub + exec hg init + cp ../../main.go main.go + ! go build ++stderr '^error obtaining VCS status: multiple VCS detected: hg in ".*hgsub", and git in ".*root"$' ++stderr '^\tUse -buildvcs=false to disable VCS stamping.$' ++env GODEBUG=allowmultiplevcs=1 ++! go build + stderr '^error obtaining VCS status: main module is in repository ".*root" but current directory is in repository ".*hgsub"$' + stderr '^\tUse -buildvcs=false to disable VCS stamping.$' + go build -buildvcs=false ++env GODEBUG= + go mod init example.com/root/hgsub ++! go build ++stderr '^error obtaining VCS status: multiple VCS detected: hg in ".*hgsub", and git in ".*root"$' ++stderr '^\tUse -buildvcs=false to disable VCS stamping.$' ++env GODEBUG=allowmultiplevcs=1 + go build ++env GODEBUG= + cd .. + + # It's an error to build a package from a nested Git repository if the package + # is in a separate repository from the current directory or from the module +-# root directory. ++# root directory. Otherwise nested Git repositories are allowed, as this is ++# how Git implements submodules (and protects against Git based VCS injection.) + mkdir gitsub + cd gitsub + exec git init +diff --git a/src/internal/godebugs/godebugs_test.go b/src/internal/godebugs/godebugs_test.go +index 046193b..168acc1 100644 +--- a/src/internal/godebugs/godebugs_test.go ++++ b/src/internal/godebugs/godebugs_test.go +@@ -46,7 +46,8 @@ func TestAll(t *testing.T) { + if info.Old != "" && info.Changed == 0 { + t.Errorf("Name=%s has Old, missing Changed", info.Name) + } +- if !strings.Contains(doc, "`"+info.Name+"`") { ++ if !strings.Contains(doc, "`"+info.Name+"`") && ++ !strings.Contains(doc, "`"+info.Name+"=") { + t.Errorf("Name=%s not documented in doc/godebug.md", info.Name) + } + if !info.Opaque && !incs[info.Name] { +diff --git a/src/internal/godebugs/table.go b/src/internal/godebugs/table.go +index 98a734e..9278a12 100644 +--- a/src/internal/godebugs/table.go ++++ b/src/internal/godebugs/table.go +@@ -25,6 +25,7 @@ type Info struct { + // Note: After adding entries to this table, update the list in doc/godebug.md as well. + // (Otherwise the test in this package will fail.) + var All = []Info{ ++ {Name: "allowmultiplevcs", Package: "cmd/go"}, + {Name: "asynctimerchan", Package: "time", Changed: 23, Old: "1"}, + {Name: "dataindependenttiming", Package: "crypto/subtle", Opaque: true}, + {Name: "execerrdot", Package: "os/exec"}, +diff --git a/src/runtime/metrics/doc.go b/src/runtime/metrics/doc.go +index 563ddf4..f7ad9c5 100644 +--- a/src/runtime/metrics/doc.go ++++ b/src/runtime/metrics/doc.go +@@ -230,6 +230,11 @@ Below is the full list of supported metrics, ordered lexicographically. + /gc/stack/starting-size:bytes + The stack size of new goroutines. + ++ /godebug/non-default-behavior/allowmultiplevcs:events ++ The number of non-default behaviors executed by the cmd/go ++ package due to a non-default GODEBUG=allowmultiplevcs=... ++ setting. ++ + /godebug/non-default-behavior/asynctimerchan:events + The number of non-default behaviors executed by the time package + due to a non-default GODEBUG=asynctimerchan=... setting. +-- +2.33.0 + diff --git a/golang.spec b/golang.spec index c7e3cff..54f338b 100644 --- a/golang.spec +++ b/golang.spec @@ -2,8 +2,8 @@ %global _binaries_in_noarch_packages_terminate_build 0 %global golibdir %{_libdir}/golang %global goroot /usr/lib/%{name} -%global go_api 1.22 -%global go_version 1.22 +%global go_api 1.24 +%global go_version 1.24 %global __spec_install_post /usr/lib/rpm/check-rpaths /usr/lib/rpm/check-buildroot /usr/lib/rpm/brp-compress %global __requires_exclude_from ^(%{_datadir}|/usr/lib)/%{name}/(doc|src)/.*$ %global __strip /bin/true @@ -67,8 +67,8 @@ %endif Name: golang -Version: 1.22.12 -Release: 1 +Version: 1.24.2 +Release: 36 Summary: The Go Programming Language License: BSD and Public Domain URL: https://golang.org/ @@ -77,7 +77,7 @@ Source0: https://dl.google.com/go/go%{version}.src.tar.gz %if !%{golang_bootstrap} BuildRequires: gcc-go >= 5 %else -BuildRequires: golang +BuildRequires: golang >= 1.22.6 %endif BuildRequires: hostname # for tests @@ -125,15 +125,15 @@ Obsoletes: %{name}-vim < 1.4 Obsoletes: emacs-%{name} < 1.4 Requires: %{vendor}-rpm-config -#Patch1000: 1000-all-implement-plugin-build-mode-for-riscv64.patch -#Patch1001: 1001-cmd-link-cmd-internal-add-R_GOT_PCREL_ITYPE_RELOC-fo.patch -#Patch1002: 1002-cmd-compile-don-t-merge-symbols-on-riscv64-when-dyna.patch -#Patch1003: 1003-CVE-2025-22874-crypto-x509-decouple-key-usage-and-po.patch -#Patch1004: 1004-CVE-2025-4673-net-http-strip-sensitive-proxy-headers.patch -#Patch1005: 1005-CVE-2025-47907-avoid-closing-rows.patch -#Patch1006: 1006-CVE-2025-4674-disable-support-for-multiple-vcs-in-one-module.patch +Patch1000: 1000-all-implement-plugin-build-mode-for-riscv64.patch +Patch1001: 1001-cmd-link-cmd-internal-add-R_GOT_PCREL_ITYPE_RELOC-fo.patch +Patch1002: 1002-cmd-compile-don-t-merge-symbols-on-riscv64-when-dyna.patch +Patch1003: 1003-CVE-2025-22874-crypto-x509-decouple-key-usage-and-po.patch +Patch1004: 1004-CVE-2025-4673-net-http-strip-sensitive-proxy-headers.patch +Patch1005: 1005-CVE-2025-47907-avoid-closing-rows.patch +Patch1006: 1006-CVE-2025-4674-disable-support-for-multiple-vcs-in-one-module.patch -#Patch9001: 0001-fix-asan_test-test-case-failure.patch +Patch9001: 0001-fix-asan_test-test-case-failure.patch ExclusiveArch: %{golang_arches} @@ -372,5 +372,169 @@ fi %files devel -f go-tests.list -f go-misc.list -f go-src.list %changelog -* Fri Aug 29 2025 tzing_t <tzing0013@gmail.com> - 1.22.12-1 -- Update to version 1.22.12 +* Fri Aug 22 2025 yujingbo <yujingbo@kylinos.cn> - 1.24.2-36 +- Type:CVE +- CVE:CVE-2025-4674 +- SUG:NA +- DESC:fix CVE-2025-4674 + +* Tue Aug 12 2025 weidong <weidong@uniontech.com> - 1.24.2-35 +- Type:CVE +- CVE:CVE-2025-47907 +- SUG:NA +- DESC:fix CVE-2025-47907 + +* Fri Jun 20 2025 wujichao <wujichao1@huawei.com> - 1.24.2-34 +- Type:CVE +- CVE:CVE-2025-22874,CVE-2025-4673 +- SUG:NA +- DESC:fix CVE-2025-22874,CVE-2025-4673 + +* Thu Apr 17 2025 Suyun <ziyu.oerv@isrc.iscas.ac.cn> - 1.24.2-33 +- Update to 1.24.2 + +* Mon Apr 07 2025 Suyun <ziyu.oerv@isrc.iscas.ac.cn> - 1.23.7-33 +- Increase GO_TEST_TIMEOUT_SCALE to fix tests on riscv64 + +* Tue Mar 25 2025 Suyun <ziyu.oerv@isrc.iscas.ac.cn> - 1.23.7-32 +- Update to 1.23.7 +- Backport several patches for riscv64 + +* Fri Mar 14 2025 changtao <changtao@kylinos.cn> - 1.21.4-32 +- Type:CVE +- CVE:CVE-2025-22870 +- SUG:NA +- DESC:fix CVE-2025-22870 + +* Wed Feb 19 2025 hanchao <hanchao63@huawei.com> - 1.21.4-31 +- Type:CVE +- CVE:CVE-2024-45336,CVE-2024-45341 +- SUG:NA +- DESC:fix CVE-2024-45336,CVE-2024-45341 + +* Sun Jan 26 2025 Vanient <xiadanni1@huawei.com> - 1.21.4-30 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC: allow update of system stack bounds on callback from C thread + +* Thu Jan 16 2025 wangshuo <wangshuo@kylinos.cn> - 1.21.4-29 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:crypto/tls: fix Config.Time in tests using expired certificates + +* Fri Dec 06 2024 Vanient <xiadanni1@huawei.com> - 1.21.4-28 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:add race annotations in IncNonDefault + +* Thu Dec 05 2024 hewenliang <314264452@qq.com> - 1.21.4-27 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:put ReadMemStats debug assertions behind a double-check mode + +* Mon Nov 18 2024 Vanient <xiadanni1@huawei.com> - 1.21.4-26 +- runtime: add the disablethp GODEBUG setting + +* Tue Nov 5 2024 wangshuo <wangshuo@kylinos.cn> - 1.21.4-25 +- Type:CVE +- CVE:CVE-2024-34158 +- SUG:NA +- DESC:fix CVE-2024-34158 + +* Mon Nov 04 2024 wangshuo <wangshuo@kylinops.cn> - 1.21.4-24 +- Type:CVE +- CVE:CVE-2024-34156 +- SUG:NA +- DESC:fix CVE-2024-34156 +- optimize the names of the first two patch files + +* Thu Oct 10 2024 EulerOSWander <314264452@qq.com> - 1.21.4-23 +- runtime/pprof: fix generics functions names + +*Sat Oct 5 2024 Yu Peng <yupeng@kylinos.cn> - 1.21.4-22 +- fix CVE-2024-34155 + +* Thu Sep 19 2024 Vanient <xiadanni1@huawei.com> - 1.21.4-21 +- cmd/compile: fix escape analysis of string min/max + +* Thu Aug 1 2024 EulerOSWander <314264452@qq.com> - 1.21.4-20 +- cmd/compile: fix findIndVar so it does not match disjointed loop headers + +* Thu Aug 1 2024 EulerOSWander <314264452@qq.com> - 1.21.4-19 +- runtime: call enableMetadataHugePages and its callees on the systemstack + +* Thu Aug 1 2024 EulerOSWander <314264452@qq.com> - 1.21.4-18 +- internal/poll:add SPLICE_F_NONBLOCK flag for splice to avoid insonsistency with O_NONBLOCK + +* Mon Jul 30 2024 jingxiaolu <lujingxiao@huawei.com> - 1.21.4-17 +- cmd/compile: ensure pointer arithmetic happens after the nil check + +* Mon Jul 30 2024 jingxiaolu <lujingxiao@huawei.com> - 1.21.4-16 +- cmd/compile: handle constant pointer offsets in dead store elimination + +* Mon Jul 29 2024 EulerOSWander <314264452@qq.com> - 1.21.4-15 +- fix send correct lastStreamID in stream-caused GOAWAY + +* Wed Jul 03 2024 kywqs <weiqingsong@kylinos.cn.com> - 1.21.4-14 +- fix CVE-2024-24791 + +* Sun Jun 23 2024 hanchao <hanchao63@huawei.com> - 1.21.4-13 +- Type:CVE +- CVE:CVE-2023-39326,CVE-2024-24789 +- SUG:NA +- DESC:fix CVE-2023-39326,CVE-2024-24789 + +* Fri Jun 21 2024 EulerOSWander <314264452@qq.com> - 1.21.4-12 +- fix CVE-2023-45285 + +* Thu Jun 13 2024 Zhao Mengmeng <zhaomengmeng@kylinos.cn> - 1.21.4-11 +- fix CVE-2024-24790 + +* Tue Jun 11 2024 chenguoqi <chenguoqi@loongson.cn> - 1.21.4-10 +- Fix missing go.env file + +* Thu May 23 2024 <314264452@qq.com> - 1.21.4-9 +- fix CVE-2024-24787 + +* Thu Apr 18 2024 Huang Yang <huangyang@loongson.cn> - 1.21.4-8 +- enable external_linker and cgo on loongarch64 + +* Tue Apr 16 2024 hanchao <hanchao63@huawei.com> - 1.21.4-7 +- fix CVE-2023-45288 + +* Thu Mar 28 2024 hanchao <hanchao63@huawei.com> - 1.21.4-6 +- fix CVE-2024-24784 + +* Thu Mar 28 2024 hanchao <hanchao63@huawei.com> - 1.21.4-5 +- enabling the patches + +* Tue Mar 26 2024 Wenlong Zhang <zhangwenlong@loongson.cn> - 1.21.4-4 +- fix build error for loongarch64 + +* Fri Mar 15 2024 hanchao <hanchao63@huawei.com> - 1.21.4-3 +- fix CVE-2024-24783,CVE-2024-24785,CVE-2023-45290,CVE-2023-45289 + +* Wed Dec 13 2023 jiahua.yu <jiahua.yu@shingroup.cn> - 1.21.4-2 +- init support for arch ppc64le + +* Tue Dec 5 2023 hanchao <hanchao63@huawei.com> - 1.21.4-1 +- upgrade to 1.21.4 + +* Thu Aug 24 2023 wanglimin <wanglimin@xfusion.com> - 1.20.7-2 +- permit invalid host header for docker + +* Mon Aug 7 2023 Funda Wang <fundawang@yeah.net> - 1.20.7-1 +- New version 1.20.7 + +* Sun Jul 30 2023 Funda Wang <fundawang@yeah.net> - 1.20.5-3 +- Use local proxy and sumdb for speed up + +* Tue Jul 11 2023 hanchao <sunchendong@xfusion.com> - 1.20.5-2 +- fix CVE-2023-29406 + +* Wed Jun 21 2023 hanchao <hanchao63@huawei.com> - 1.20.5-1 +- upgrade to 1.20.5 @@ -1 +1 @@ -0f31dd11b953e7824918e31ead080fb4 go1.22.12.src.tar.gz +c34263bd873e92fa99649fb501223e1f go1.24.2.src.tar.gz |