[release-branch.go1.10] doc: add note about invalid flag errors to 1.10 release notes

Updates #23672
Updates #23749

Change-Id: I85b6493bd1e4095398508b7ef395c35463dfbde1
Reviewed-on: https://go-review.googlesource.com/94158
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Reviewed-by: Andrew Bonventre <andybons@golang.org>
(cherry picked from commit f2354d0aacdd5ce1952c5441c6a489378ccb7656)
Reviewed-on: https://go-review.googlesource.com/94655

diff --git a/doc/go1.10.html b/doc/go1.10.html
index a6e186fb73d49a2197a57ac21841f1ba36b95c9b..4c0e847c050ec5fe56c5697805457239efeb1877 100644 (file)
--- a/doc/go1.10.html
+++ b/doc/go1.10.html
@@ -30,6 +30,10 @@ adds <a href="#test">caching of successful test results</a>,
 runs <a href="#test-vet">vet automatically during tests</a>,
 and
 permits <a href="#cgo">passing string values directly between Go and C using cgo</a>.
+A new <a href="#cgo">compiler option whitelist</a> may cause
+unexpected <a href="https://golang.org/s/invalidflag"><code>invalid
+flag</code></a> errors in code that built successfully with older
+releases.
 </p>
 
 <h2 id="language">Changes to the language</h2>
@@ -261,6 +265,18 @@ and the <a href="/cmd/test2json/">test2json documentation</a>.
 
 <h3 id="cgo">Cgo</h3>
 
+<p>
+Options specified by cgo using <code>#cgo CFLAGS</code> and the like
+are now checked against a whitelist of permitted options.
+This closes a security hole in which a downloaded package uses
+compiler options like
+<span style="white-space: nowrap"><code>-fplugin</code></span>
+to run arbitrary code on the machine where it is being built.
+This can cause a build error such as <code>invalid flag in #cgo CFLAGS</code>.
+For more background, and how to handle this error, see
+<a href="https://golang.org/s/invalidflag">https://golang.org/s/invalidflag</a>.
+</p>
+
 <p>
 Cgo now implements a C typedef like “<code>typedef</code> <code>X</code> <code>Y</code>” using a Go type alias,
 so that Go code may use the types <code>C.X</code> and <code>C.Y</code> interchangeably.