delta/go-git.git/src/net/http/cgi, branch dev.debug github.com: golang/go net/http/cgi: fix plan9 build 2017-04-25T20:34:38+00:00 Brad Fitzpatrick bradfitz@golang.org 2017-04-25T20:08:31+00:00 5d306dcdace2ec5cde7d0008d6126c3cffe25ea1 Cleanup CL https://golang.org/cl/41691 broke the plan9 build by removing a use of a package but not removing the package import. Trybots don't check that. I filed #20119 for that. Change-Id: Ia030e6924665dfb871ca964455b899d51b0200c2 Reviewed-on: https://go-review.googlesource.com/41752 Reviewed-by: David du Colombier <0intro@gmail.com> 
Cleanup CL https://golang.org/cl/41691 broke the plan9 build by removing
a use of a package but not removing the package import.

Trybots don't check that. I filed #20119 for that.

Change-Id: Ia030e6924665dfb871ca964455b899d51b0200c2
Reviewed-on: https://go-review.googlesource.com/41752
Reviewed-by: David du Colombier <0intro@gmail.com>
all: remove some unused parameters in test code 2017-04-25T14:38:10+00:00 Daniel Martí mvdan@mvdan.cc 2017-04-25T09:58:12+00:00 516e6f6d5d83dc3dcee6403fab25d5954bbf3f62 Mostly unnecessary *testing.T arguments. Found with github.com/mvdan/unparam. Change-Id: Ifb955cb88f2ce8784ee4172f4f94d860fa36ae9a Reviewed-on: https://go-review.googlesource.com/41691 Run-TryBot: Daniel Martí <mvdan@mvdan.cc> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Ian Lance Taylor <iant@golang.org> 
Mostly unnecessary *testing.T arguments.

Found with github.com/mvdan/unparam.

Change-Id: Ifb955cb88f2ce8784ee4172f4f94d860fa36ae9a
Reviewed-on: https://go-review.googlesource.com/41691
Run-TryBot: Daniel Martí <mvdan@mvdan.cc>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
[release-branch.go1.7] net/http, net/http/cgi: fix for CGI + HTTP_PROXY security issue 2016-07-18T15:13:06+00:00 Brad Fitzpatrick bradfitz@golang.org 2016-07-18T06:05:24+00:00 cad4e97af8f2e0b9f09b97f67fb3a89ced2e9021 Because, * The CGI spec defines that incoming request header "Foo: Bar" maps to environment variable HTTP_FOO == "Bar". (see RFC 3875 4.1.18) * The HTTP_PROXY environment variable is conventionally used to configure the HTTP proxy for HTTP clients (and is respected by default for Go's net/http.Client and Transport) That means Go programs running in a CGI environment (as a child process under a CGI host) are vulnerable to an incoming request containing "Proxy: attacker.com:1234", setting HTTP_PROXY, and changing where Go by default proxies all outbound HTTP requests. This is CVE-2016-5386, aka https://httpoxy.org/ Fixes #16405 Change-Id: I6f68ade85421b4807785799f6d98a8b077e871f0 Reviewed-on: https://go-review.googlesource.com/25010 Run-TryBot: Chris Broadfoot <cbro@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Chris Broadfoot <cbro@golang.org> Reviewed-on: https://go-review.googlesource.com/25013 
Because,

* The CGI spec defines that incoming request header "Foo: Bar" maps to
  environment variable HTTP_FOO == "Bar". (see RFC 3875 4.1.18)

* The HTTP_PROXY environment variable is conventionally used to configure
  the HTTP proxy for HTTP clients (and is respected by default for
  Go's net/http.Client and Transport)

That means Go programs running in a CGI environment (as a child
process under a CGI host) are vulnerable to an incoming request
containing "Proxy: attacker.com:1234", setting HTTP_PROXY, and
changing where Go by default proxies all outbound HTTP requests.

This is CVE-2016-5386, aka https://httpoxy.org/

Fixes #16405

Change-Id: I6f68ade85421b4807785799f6d98a8b077e871f0
Reviewed-on: https://go-review.googlesource.com/25010
Run-TryBot: Chris Broadfoot <cbro@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Chris Broadfoot <cbro@golang.org>
Reviewed-on: https://go-review.googlesource.com/25013
net/http/cgi: allow CGI host to configure where child's stderr goes 2016-03-29T06:57:05+00:00 Brad Fitzpatrick bradfitz@golang.org 2016-03-29T05:35:33+00:00 45d334ecf1b2bcbf0f8667d4c772ef3db0e03587 Patch originally from Steven Hartland. Tweaked a bit & added a test. Fixes #7197 Change-Id: I09012b4674e7c641dba31a24e9758cedb898d3ee Reviewed-on: https://go-review.googlesource.com/21196 Reviewed-by: Andrew Gerrand <adg@golang.org> Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org> 
Patch originally from Steven Hartland. Tweaked a bit & added a test.

Fixes #7197

Change-Id: I09012b4674e7c641dba31a24e9758cedb898d3ee
Reviewed-on: https://go-review.googlesource.com/21196
Reviewed-by: Andrew Gerrand <adg@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
all: single space after period. 2016-03-02T00:13:47+00:00 Brad Fitzpatrick bradfitz@golang.org 2016-03-01T23:21:55+00:00 5fea2ccc77eb50a9704fa04b7c61755fe34e1d95 The tree's pretty inconsistent about single space vs double space after a period in documentation. Make it consistently a single space, per earlier decisions. This means contributors won't be confused by misleading precedence. This CL doesn't use go/doc to parse. It only addresses // comments. It was generated with: $ perl -i -npe 's,^(\s*// .+[a-z]\.) +([A-Z]),$1 $2,' $(git grep -l -E '^\s*//(.+\.) +([A-Z])') $ go test go/doc -update Change-Id: Iccdb99c37c797ef1f804a94b22ba5ee4b500c4f7 Reviewed-on: https://go-review.googlesource.com/20022 Reviewed-by: Rob Pike <r@golang.org> Reviewed-by: Dave Day <djd@golang.org> Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> 
The tree's pretty inconsistent about single space vs double space
after a period in documentation. Make it consistently a single space,
per earlier decisions. This means contributors won't be confused by
misleading precedence.

This CL doesn't use go/doc to parse. It only addresses // comments.
It was generated with:

$ perl -i -npe 's,^(\s*// .+[a-z]\.)  +([A-Z]),$1 $2,' $(git grep -l -E '^\s*//(.+\.)  +([A-Z])')
$ go test go/doc -update

Change-Id: Iccdb99c37c797ef1f804a94b22ba5ee4b500c4f7
Reviewed-on: https://go-review.googlesource.com/20022
Reviewed-by: Rob Pike <r@golang.org>
Reviewed-by: Dave Day <djd@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
net/http/cgi: optimize internal function removeLeadingDuplicates a bit 2015-10-15T14:42:11+00:00 Brad Fitzpatrick bradfitz@golang.org 2015-10-14T15:12:40+00:00 d3ae2d2749d2e26dcfc84ed1ea6a0cfb513ab863 Change-Id: I0255f24f5c5925ea4daa28a28d23606df35d4373 Reviewed-on: https://go-review.googlesource.com/15824 Reviewed-by: Andrew Gerrand <adg@golang.org> 
Change-Id: I0255f24f5c5925ea4daa28a28d23606df35d4373
Reviewed-on: https://go-review.googlesource.com/15824
Reviewed-by: Andrew Gerrand <adg@golang.org>
net/http/cgi: make provided Env override even system env vars 2015-10-14T15:10:09+00:00 Steven Hartland steven.hartland@multiplay.co.uk 2015-09-25T08:51:50+00:00 61860508add795c86059faa67d90bd556a3d49bf Allow all CGI environment settings from the inherited set and default inherited set to be overridden including PATH by Env. Change-Id: Ief8d33247b879fa87a8bfd6416d4813116db98de Reviewed-on: https://go-review.googlesource.com/14959 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org> Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org> 
Allow all CGI environment settings from the inherited set and default
inherited set to be overridden including PATH by Env.

Change-Id: Ief8d33247b879fa87a8bfd6416d4813116db98de
Reviewed-on: https://go-review.googlesource.com/14959
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
all: extract "can I exec?" check from tests into internal/testenv 2015-06-16T18:07:36+00:00 Russ Cox rsc@golang.org 2015-06-05T15:01:53+00:00 7bc3e5880675ce4aae245f46d193924cff5efdfb Change-Id: I7b54be9d8b50b39e01c6be21f310ae9a10404e9d Reviewed-on: https://go-review.googlesource.com/10753 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org> Reviewed-by: David Crawshaw <crawshaw@golang.org> Reviewed-by: Ian Lance Taylor <iant@golang.org> 
Change-Id: I7b54be9d8b50b39e01c6be21f310ae9a10404e9d
Reviewed-on: https://go-review.googlesource.com/10753
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Reviewed-by: David Crawshaw <crawshaw@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
net/http/cgi: skip fork test on darwin/arm64 2015-04-13T11:51:53+00:00 David Crawshaw crawshaw@golang.org 2015-04-11T23:25:45+00:00 c0d48836eced2571222f49d78a27955da49590fb Just like darwin/arm. Change-Id: Ib9a32bb0aed5f08b27de11a93aaf273cacdf5779 Reviewed-on: https://go-review.googlesource.com/8819 Reviewed-by: Minux Ma <minux@golang.org> 
Just like darwin/arm.

Change-Id: Ib9a32bb0aed5f08b27de11a93aaf273cacdf5779
Reviewed-on: https://go-review.googlesource.com/8819
Reviewed-by: Minux Ma <minux@golang.org>
net/http/cgi: skip exec test on darwin/arm 2015-02-26T22:46:39+00:00 David Crawshaw crawshaw@golang.org 2015-02-26T22:27:52+00:00 be7090498b76ff50ec73858378ccf1670fec912f Change-Id: I2fc3cf94b465bf9d7ff8d7bf935b45e334b401e3 Reviewed-on: https://go-review.googlesource.com/6180 Reviewed-by: Hyang-Ah Hana Kim <hyangah@gmail.com> 
Change-Id: I2fc3cf94b465bf9d7ff8d7bf935b45e334b401e3
Reviewed-on: https://go-review.googlesource.com/6180
Reviewed-by: Hyang-Ah Hana Kim <hyangah@gmail.com>