Skip to content

Update to Go 1.26.5#172

Merged
patrickod merged 13 commits into
tailscale.go1.26from
patrickod/go1.26.5
Jul 8, 2026
Merged

Update to Go 1.26.5#172
patrickod merged 13 commits into
tailscale.go1.26from
patrickod/go1.26.5

Conversation

@patrickod

Copy link
Copy Markdown

No description provided.

mvdan and others added 13 commits June 16, 2026 13:11
os.Chdir notifies the testlog hook with the new working directory, but
(*File).Chdir does not, so cmd/go's test cache loses track of the cwd
when a test uses (*File).Chdir to restore the previous directory (as
testing.T.Chdir does in its cleanup). Subsequent relative paths from
later tests in the same package are then resolved against the wrong
directory in computeTestInputsID, and the cache fails to invalidate
when those files change.

Fix it by emitting the same testlog Chdir entry from (*File).Chdir
after a successful Fchdir, mirroring os.Chdir.

Fixes golang#79039.
Updates golang#79019.

Change-Id: I7099d3a1d2ce3e5f4882a0e93c4d642f23f7eca8
Reviewed-on: https://go-review.googlesource.com/c/go/+/771960
LUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Michael Pratt <mpratt@google.com>
(cherry picked from commit c7e6da5)
Reviewed-on: https://go-review.googlesource.com/c/go/+/784242
Auto-Submit: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Mark Freeman <markfreeman@google.com>
FIPS140 crypto files will be bound into the virtual filesystem using the
fsys package. So IsStandardPackage needs to use fsys.ReadDir to check
that the fips140 packages are standard packages rather than os.ReadDir
because os.ReadDir doesn't know about the overlay.

It would be nice if we could pass in a io/fs.FS to IsStandardPackage but
the FS paths are slash paths and don't play well with windows paths. So
we pass in ReadDir instead. Maybe in the future we could create an
alternative interface to pass the filesystem through but that's a bigger
project.

For golang#73649
Fixes golang#79721

Change-Id: I576f03cfc52a63cec0598e058e1354676a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/762581
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Michael Matloob <matloob@google.com>
Auto-Submit: Michael Matloob <matloob@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
(cherry picked from commit be193f3)
Reviewed-on: https://go-review.googlesource.com/c/go/+/784861
Auto-Submit: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Mark Freeman <markfreeman@google.com>
…text.Canceled

For golang#77639
Fixes golang#79499

Change-Id: I90e5d6f68c02749ac6e407f1c3565312efafb033
Reviewed-on: https://go-review.googlesource.com/c/go/+/779860
Reviewed-by: David Chase <drchase@google.com>
LUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Florian Lehner <lehner.florian86@gmail.com>
Auto-Submit: Ian Lance Taylor <iant@golang.org>
(cherry picked from commit 8494d25)
Reviewed-on: https://go-review.googlesource.com/c/go/+/784100
Reviewed-by: Junyang Shao <shaojunyang@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
Auto-Submit: Dmitri Shuralyov <dmitshur@google.com>
…entea

The KMOVB instruction (in scan_amd64.s) requires that flag.

Fixes golang#79920

Change-Id: Id03285932589e349c7a2cc214dc7ea5b448c0a39
Reviewed-on: https://go-review.googlesource.com/c/go/+/788600
Reviewed-by: Keith Randall <khr@google.com>
LUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Michael Pratt <mpratt@google.com>
Auto-Submit: Keith Randall <khr@google.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/788860
Auto-Submit: Dmitri Shuralyov <dmitshur@google.com>
…o a whole multiple of element size

The allocator doesn't accept total sizes that are not a multiple
of the element size.

Fixes golang#80007

Change-Id: I177d67c1ecc15ec9d09b160bbcc2bfb7a3a1891f
Reviewed-on: https://go-review.googlesource.com/c/go/+/790600
Reviewed-by: Cuong Manh Le <cuong.manhle.vn@gmail.com>
Reviewed-by: Keith Randall <khr@google.com>
LUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
(cherry picked from commit 1a15699)
Reviewed-on: https://go-review.googlesource.com/c/go/+/791260
Auto-Submit: Dmitri Shuralyov <dmitshur@google.com>
On darwin, rawSyscall, rawSyscall6, and rawSyscall9 are Go
functions (not assembly as on Linux) that get race-detector
instrumentation. When forkAndExecInChild calls rawSyscall in
the forked child process, the TSan ThreadState pointer is
invalid, causing SIGSEGV in TraceSwitchPartImpl.

Add //go:norace to these functions so the race detector does
not instrument them. Also update the stale comment in
exec_libc2.go that referred to rawSyscall as assembly.

For golang#79804.
Fixes golang#79806.

Change-Id: Ia1d5ffea9bc9729ce5392daaf00b45ab1f779d71
GitHub-Last-Rev: 21d5744
GitHub-Pull-Request: golang#79805
Reviewed-on: https://go-review.googlesource.com/c/go/+/786620
Reviewed-by: Cherry Mui <cherryyz@google.com>
LUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Quim Muntal <quimmuntal@gmail.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org>
(cherry picked from commit 0607ffa)
Reviewed-on: https://go-review.googlesource.com/c/go/+/791800
Auto-Submit: Dmitri Shuralyov <dmitshur@google.com>
…CST on PPC64

Updates golang#79186
Fixes golang#79879

Change-Id: If7e298270ac6252b092371725d6a96aa871bf919
Reviewed-on: https://go-review.googlesource.com/c/go/+/774020
LUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
Reviewed-by: Jayanth Krishnamurthy <jayanth.krishnamurthy@ibm.com>
Auto-Submit: Jorropo <jorropo.pgm@gmail.com>
Reviewed-by: Paul Murphy <paumurph@redhat.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/793901
Auto-Submit: Junyang Shao <shaojunyang@google.com>
Reviewed-by: Junyang Shao <shaojunyang@google.com>
Reviewed-by: Keith Randall <khr@google.com>
Reviewed-by: Keith Randall <khr@golang.org>
…rnel release strings

Synology kernels can have a "_" in their uname version. Make the
parsing more tolerant. And also don't throw during init if we fail to
parse the kernel version. Instead, fall back to probing. (We can't
probe all the time, because seccomp filters on some platforms like
Android kill the process if we call a verbotenen system call)

This regressed in CL 758902 (forked from CL 751340) on 2026-03-24,
which started calling parseRelease unconditionally during osinit on
32-bit Linux.

Updates golang#79612
Fixes golang#79893

Change-Id: I98f61b94e54c7b9d08029f3aef664bdda9ec7f69
Reviewed-on: https://go-review.googlesource.com/c/go/+/781800
Reviewed-by: Jorropo <jorropo.pgm@gmail.com>
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Michael Pratt <mpratt@google.com>
LUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/793960
Auto-Submit: Junyang Shao <shaojunyang@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Junyang Shao <shaojunyang@google.com>
The CNAME record for www.iana.org seems to have been changed, causing
test failures.

Change the test to just use www.golang.org, so we have more control and
awareness of such changes in the future.

For golang#80212
Fixes golang#80217

Change-Id: I7b11bb8f90fe366db019dab1f8d9a1cf6a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/795841
LUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Nicholas Husin <husin@google.com>
Reviewed-by: Junyang Shao <shaojunyang@google.com>
Auto-Submit: Junyang Shao <shaojunyang@google.com>
When using ECH, do not include the PSK extension in the outer hello.
Including the PSK extension allows for a degradation in privacy, as an
on-path attacker can harvest outer client hellos, and then construct new
hellos using the PSK extension and arbitrary guessed SNI values,
replaying them to the target server. If the server rejects the PSK, the
handshake will continue, but if the PSK is accepted, the binder check
will fail.

Thanks to Coia Prant (github.com/rbqvq) for
reporting this issue.

Fixes CVE-2026-42505
Updates golang#79282
Fixes golang#80175

Change-Id: Ib3a3c948106a57c1b07b9e61a58cbf757848be18
Reviewed-on: https://go-review.googlesource.com/c/go/+/775960
Auto-Submit: Roland Shoemaker <roland@golang.org>
TryBot-Bypass: Roland Shoemaker <roland@golang.org>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: Carlos Amedee <carlos@golang.org>
(cherry picked from commit 137b806)
Reviewed-on: https://go-review.googlesource.com/c/go/+/794921
TryBot-Bypass: Junyang Shao <shaojunyang@google.com>
Reviewed-by: Junyang Shao <shaojunyang@google.com>
Commit-Queue: Roland Shoemaker <roland@golang.org>
Auto-Submit: Junyang Shao <shaojunyang@google.com>
Commit-Queue: Junyang Shao <shaojunyang@google.com>
… in Root

This change fixes a significant mechanism by which
operations in a Root can escape the root.

The implementation of Root on platforms supporting the openat
family of functions assumed that openat(parent, "f/", O_NOFOLLOW)
would not resolve symlinks in "f". This is not correct; the
trailing slash causes f to be resolved.

This permits Root operations to escape when the target filename
ends in a slash and the target is a symlink to a directory outside the
root. This does not permit directly accessing non-directory files
outside a root, since the trailing slash adds a requirement that the
target be a directory. However, under some circumstances an attacker
might exploit this flaw to access non-directory files outside
a root, for example by first renaming a directory outside the root
to a location within it and then accessing files within that directory.

This change adjusts Root's handling of slash-terminated paths.
Trailing slashes are removed from the path at the start of an
operation, and the presence of slashes is tracked as a boolean.
Slashes are never reattached to a path component.

In addition, the doInRoot helper function now automatically
handles trailing slashes in a POSIX-compatible fashion.
When a path ends in one or more slashes:
  - symlinks in the final component are resolved; and
  - the final path component after symlink resolutions
    must reference a directory.

This change also adds a new sets of tests to exercise Root's
behavior in a wider variety of circumstances. These tests
run through a matrix of file configurations, such as:
  - path "target", a regular file
  - path "dir/../target", a directory
  - path "target/", a symlink to "dir/../target/", which does not exist
  - etc.

These tests execute Root operations and the corresponding unrooted
operation, validate specific expected results for some configurations,
and verify that the rooted and unrooted versions of the operation
produce the same result.

Thanks to Mundur (https://github.com/M0nd0R) for reporting this issue.

Fixes golang#79005
Fixes CVE-2026-39822

Change-Id: I34072ab63f2367baf236592f11143f4e6a6a6964
Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/4740
Reviewed-by: Neal Patel <nealpatel@google.com>
Reviewed-by: Roland Shoemaker <bracewell@google.com>
Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/4840
Reviewed-on: https://go-review.googlesource.com/c/go/+/797661
Reviewed-by: Junyang Shao <shaojunyang@google.com>
Auto-Submit: Gopher Robot <gobot@golang.org>
TryBot-Bypass: Gopher Robot <gobot@golang.org>
Reviewed-by: David Chase <drchase@google.com>
Change-Id: I87dc3d84cde11db83a0d88a60262a38fc429838d
Reviewed-on: https://go-review.googlesource.com/c/go/+/797740
Auto-Submit: Gopher Robot <gobot@golang.org>
Reviewed-by: David Chase <drchase@google.com>
Reviewed-by: Junyang Shao <shaojunyang@google.com>
TryBot-Bypass: Gopher Robot <gobot@golang.org>
@patrickod
patrickod requested a review from bradfitz July 8, 2026 21:56

@bradfitz bradfitz left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Probably not useful except for major rebase work, but if you want: run "/path/to/this/new/go test" in https://github.com/tailscale/tsgotest for more Tailscale-Go-specific test coverage.

@patrickod
patrickod merged commit 63ae404 into tailscale.go1.26 Jul 8, 2026
4 checks passed
@patrickod
patrickod deleted the patrickod/go1.26.5 branch July 8, 2026 22:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.