Permalink
Comparing changes
Choose two branches to see what’s changed or to start a new pull request.
If you need to, you can also or
learn more about diff comparisons.
Open a pull request
Create a new pull request by comparing changes across two branches. If you need to, you can also .
Learn more about diff comparisons here.
...
- 11 commits
- 48 files changed
- 10 contributors
Commits on Feb 25, 2026
-
[release-branch.go1.25] cmd/compile: fix mis-compilation for static a…
…rray initialization The bug was first introduced when the compiler is still written in C, with CL 2254041. The static array was laid out with the wrong context, causing a stack pointer will be stored in global object. Fixes #77253 Change-Id: I22c8393314d251beb53db537043a63714c84f36a Reviewed-on: https://go-review.googlesource.com/c/go/+/737821 Reviewed-by: Dmitri Shuralyov <[email protected]> Reviewed-by: Keith Randall <[email protected]> Reviewed-by: Keith Randall <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> Auto-Submit: Keith Randall <[email protected]> Reviewed-on: https://go-review.googlesource.com/c/go/+/738440 Reviewed-by: Cherry Mui <[email protected]>
-
[release-branch.go1.25] cmd/go: fix pkg-config flag sanitization
Implement a new pkg-config safe flag list (containing everything except for --log-file) and use that when checking flags passed to pkg-config, instead of using checkCompilerFlags. Updates #77387 Fixes #77438 Change-Id: Id6141d0a2934053aa43e3aa8ce402bd499c4c028 Reviewed-on: https://go-review.googlesource.com/c/go/+/741042 LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: Michael Pratt <[email protected]> Auto-Submit: Roland Shoemaker <[email protected]> Reviewed-by: Ian Lance Taylor <[email protected]> (cherry picked from commit 28fbdf7) Reviewed-on: https://go-review.googlesource.com/c/go/+/745481 Reviewed-by: David Chase <[email protected]>
-
[release-branch.go1.25] net/smtp: prevent test failures due to expire…
…d test certificate The current localhostCert used for testing seems to have its expiry date mistakenly set to Mar 18 19:27:54 2026 GMT. To prevent test failures, use fixed time in tests. Also, regenerate the certificate so we can fix the time to UNIX epoch (the current certificate is only valid after Mar 18 2025). Fixes #77531 Change-Id: I3136d29eaa0c8c4361f5627003f08a0059702f0d Reviewed-on: https://go-review.googlesource.com/c/go/+/744260 Reviewed-by: David Chase <[email protected]> Reviewed-by: Roland Shoemaker <[email protected]> Reviewed-by: Nicholas Husin <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> (cherry picked from commit 215a070) Reviewed-on: https://go-review.googlesource.com/c/go/+/748280
-
[release-branch.go1.25] runtime: don't negate eventfd errno
The Linux syscall package does this for us. For #75337. Fixes #77413. Change-Id: I6a6a636c9bb5fe25fdc6f80dc8b538ebed60d00b Reviewed-on: https://go-review.googlesource.com/c/go/+/701796 Reviewed-by: Michael Knyszek <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> Auto-Submit: Michael Pratt <[email protected]> (cherry picked from commit d3be949) Reviewed-on: https://go-review.googlesource.com/c/go/+/741223 Reviewed-by: Michael Pratt <[email protected]> Reviewed-by: David Chase <[email protected]> Reviewed-by: Florian Lehner <[email protected]>
-
[release-branch.go1.25] all: update x/sys
For #77406 Change-Id: Id15681ea136469fa3b53d163363dec0c6b0893ae Reviewed-on: https://go-review.googlesource.com/c/go/+/749162 LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: Dmitri Shuralyov <[email protected]> Reviewed-by: Dmitri Shuralyov <[email protected]> Auto-Submit: Mark Freeman <[email protected]> Reviewed-by: Mark Freeman <[email protected]>
Commits on Feb 26, 2026
-
[release-branch.go1.25] os: support deleting inaccessible files in Re…
…moveAll windows: retry file open with DELETE access after access denied Additional access rights when opening files, including SYNCHRONIZE, break deletion when the caller has FILE_DELETE_CHILD on the parent directory but not the file. Retry with DELETE only restores correct Windows semantics. For #77406 Change-Id: Ie53bc6f1673de1a8af4dcfb7496daf99e71098cb GitHub-Last-Rev: 0ad635c GitHub-Pull-Request: #77403 Reviewed-on: https://go-review.googlesource.com/c/go/+/741040 Reviewed-by: Quim Muntal <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: Michael Pratt <[email protected]> Auto-Submit: Michael Pratt <[email protected]> Reviewed-by: Michael Knyszek <[email protected]> Reviewed-on: https://go-review.googlesource.com/c/go/+/746361 Auto-Submit: Mark Freeman <[email protected]> Reviewed-by: Dmitri Shuralyov <[email protected]>
-
[release-branch.go1.25] internal/syscall/windows: correct some enums …
…and syscall signatures This CL corrects code submitted in CL 741040. Fixes #77406 Change-Id: I1c22c1a9f77028f3c2a8e3905f2ec5b071b5445e GitHub-Last-Rev: 2bfb073 GitHub-Pull-Request: #77525 Reviewed-on: https://go-review.googlesource.com/c/go/+/743780 Reviewed-by: Junyang Shao <[email protected]> Reviewed-by: Alex Brainman <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: Mark Freeman <[email protected]> Reviewed-on: https://go-review.googlesource.com/c/go/+/749440 Reviewed-by: David Chase <[email protected]> Auto-Submit: Mark Freeman <[email protected]>
Commits on Feb 27, 2026
-
[release-branch.go1.25] os: avoid escape from Root via ReadDir or Rea…
…ddir When reading the contents of a directory using File.ReadDir or File.Readdir, the os.FileInfo was populated on Unix platforms using lstat. This lstat call is vulnerable to a TOCTOU race and could escape the root. For example: - Open the directory "dir" within a Root. This directory contains a file named "file". - Use File.ReadDir to list the contents of "dir", receiving a os.DirEntry for "dir/file". - Replace "dir" with a symlink to "/etc". - Use DirEntry.Info to retrieve the FileInfo for "dir/file". This FileInfo contains information on "/etc/file" instead. This escape permits identifying the presence or absence of files outside a Root, as well as retreiving stat metadata (size, mode, modification time, etc.) for files outside a Root. This escape does not permit reading or writing to files outside a Root. For #77827 Fixes #77833 Fixes CVE-2026-27139 Change-Id: I40004f830c588e516aff8ee593d630d36a6a6964 Reviewed-on: https://go-review.googlesource.com/c/go/+/749480 LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: Nicholas Husin <[email protected]> Reviewed-by: Nicholas Husin <[email protected]> Auto-Submit: Damien Neil <[email protected]> (cherry picked from commit 657ed93) Reviewed-on: https://go-review.googlesource.com/c/go/+/749920
Commits on Mar 6, 2026
-
[release-branch.go1.25] net/url: reject IPv6 literal not at start of …
…host This change rejects IPv6 literals that do not appear at the start of the host subcomponent of a URL. For example: http://example.com[::1] -> rejects http://[::1] -> accepts Thanks to Masaki Hara (https://github.com/qnighy) of Wantedly. Updates #77578 Fixes #77969 Fixes CVE-2026-25679 Change-Id: I7109031880758f7c1eb4eca513323328feace33c Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/3400 Reviewed-by: Neal Patel <[email protected]> Reviewed-by: Roland Shoemaker <[email protected]> Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/3642 Reviewed-on: https://go-review.googlesource.com/c/go/+/752100 Reviewed-by: Cherry Mui <[email protected]> Auto-Submit: Gopher Robot <[email protected]> TryBot-Bypass: Gopher Robot <[email protected]> Reviewed-by: Dmitri Shuralyov <[email protected]>
-
[release-branch.go1.25] html/template: properly escape URLs in meta c…
…ontent attributes The meta tag can include a content attribute that contains URLs, which we currently don't escape if they are inserted via a template action. This can plausibly lead to XSS vulnerabilities if untrusted data is inserted there, the http-equiv attribute is set to "refresh", and the content attribute contains an action like `url={{.}}`. Track whether we are inside of a meta element, if we are inside of a content attribute, _and_ if the content attribute contains "url=". If all of those are true, then we will apply the same URL escaping that we use elsewhere. Also add a new GODEBUG, htmlmetacontenturlescape, to allow disabling this escaping for cases where this behavior is considered safe. The behavior can be disabled by setting htmlmetacontenturlescape=0. Updates #77954 Fixes #77971 Fixes CVE-2026-27142 Change-Id: I9bbca263be9894688e6ef1e9a8f8d2f4304f5873 Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/3360 Reviewed-by: Neal Patel <[email protected]> Reviewed-by: Nicholas Husin <[email protected]> Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/3644 Reviewed-by: Damien Neil <[email protected]> Commit-Queue: Roland Shoemaker <[email protected]> Reviewed-on: https://go-review.googlesource.com/c/go/+/752101 Auto-Submit: Gopher Robot <[email protected]> TryBot-Bypass: Gopher Robot <[email protected]> Reviewed-by: Dmitri Shuralyov <[email protected]> Reviewed-by: Cherry Mui <[email protected]> -
[release-branch.go1.25] go1.25.8
Change-Id: Ibbe87e0b8afcff83ecbf8fc441a2fd4823c999fa Reviewed-on: https://go-review.googlesource.com/c/go/+/752122 TryBot-Bypass: Gopher Robot <[email protected]> Reviewed-by: Cherry Mui <[email protected]> Reviewed-by: Dmitri Shuralyov <[email protected]> Reviewed-by: Jakub Ciolek <[email protected]> Auto-Submit: Gopher Robot <[email protected]>
Loading
This comparison is taking too long to generate.
Unfortunately it looks like we can’t render this comparison for you right now. It might be too big, or there might be something weird with your repository.
You can try running this command locally to see the comparison on your machine:
git diff go1.25.7...go1.25.8