Cypherpunks repositories - gostls13.git/commit

author	Roland Shoemaker <bracewell@google.com>
	Wed, 29 Jan 2025 16:03:59 +0000 (08:03 -0800)
committer	Cherry Mui <cherryyz@google.com>
	Wed, 5 Feb 2025 19:57:13 +0000 (11:57 -0800)
commit	c43ac38b3b9fe861186af2e60b6f6b16486d8640
tree	5be24d0ce5c77eed7e0583e98f3165f2f1b54613	tree
parent	4241f582fc325e65b1badc6423a83a3973bcdc08	commit \| diff

[release-branch.go1.24] Revert "cmd/go/internal/work: allow @ character in some -Wl, linker flags on darwin"

This reverts commit e3cd55e9d293d519e622e788e902f372dc30338a.

This change introduced a security issue as @ flags are first resolved as
files by the darwin linker, before their meaning as flags, allowing the
flag filtering logic to be entirely bypassed.

Thanks to Juho Forsén for reporting this issue.

Fixes #71476
Fixes CVE-2025-22867

Change-Id: I3a4b4a6fc534de105d930b8ed5b9900bc94b0c4e
Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/1900
Reviewed-by: Russ Cox <rsc@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
(cherry picked from commit cc0d725a4168f234ef38859b2d951a50a8fd94b5)
Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/1940
Reviewed-by: Neal Patel <nealpatel@google.com>
Commit-Queue: Roland Shoemaker <bracewell@google.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/646995
Reviewed-by: Carlos Amedee <carlos@golang.org>
TryBot-Bypass: Cherry Mui <cherryyz@google.com>

src/cmd/go/internal/work/security.go		diff \| blob \| history
src/cmd/go/internal/work/security_test.go		diff \| blob \| history