@ttsc/linux-x64 0.14.0-dev.20260529.2 → 0.14.1

package/bin/go/LICENSE

@@ -0,0 +1,27 @@
+Copyright 2009 The Go Authors.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+   * Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+   * Redistributions in binary form must reproduce the above
+copyright notice, this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
+distribution.
+   * Neither the name of Google LLC nor the names of its
+contributors may be used to endorse or promote products derived from
+this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

package/bin/go/PATENTS

@@ -0,0 +1,22 @@
+Additional IP Rights Grant (Patents)
+
+"This implementation" means the copyrightable works distributed by
+Google as part of the Go project.
+
+Google hereby grants to You a perpetual, worldwide, non-exclusive,
+no-charge, royalty-free, irrevocable (except as stated in this section)
+patent license to make, have made, use, offer to sell, sell, import,
+transfer and otherwise run, modify and propagate the contents of this
+implementation of Go, where such license applies only to those patent
+claims, both currently owned or controlled by Google and acquired in
+the future, licensable by Google that are necessarily infringed by this
+implementation of Go.  This grant does not include claims that would be
+infringed only as a consequence of further modification of this
+implementation.  If you or your agent or exclusive licensee institute or
+order or agree to the institution of patent litigation against any
+entity (including a cross-claim or counterclaim in a lawsuit) alleging
+that this implementation of Go or any code incorporated within this
+implementation of Go constitutes direct or contributory patent
+infringement, or inducement of patent infringement, then any patent
+rights granted to you under this License for this implementation of Go
+shall terminate as of the date such litigation is filed.

package/bin/go/VERSION

@@ -1,2 +1,2 @@
-go1.26.0
-time 2026-02-10T01:22:00Z
+go1.26.3
+time 2026-05-04T20:36:18Z

package/bin/go/src/archive/tar/format.go

@@ -147,6 +147,12 @@ const (
 	// Max length of a special file (PAX header, GNU long name or link).
 	// This matches the limit used by libarchive.
 	maxSpecialFileSize = 1 << 20
+
+	// Maximum number of sparse file entries.
+	// We should never actually hit this limit
+	// (every sparse encoding will first be limited by maxSpecialFileSize),
+	// but this adds an additional layer of defense.
+	maxSparseFileEntries = 1 << 20
 )
 
 // blockPadding computes the number of bytes needed to pad offset up to the

package/bin/go/src/archive/tar/reader.go

@@ -490,7 +490,8 @@ func (tr *Reader) readOldGNUSparseMap(hdr *Header, blk *block) (sparseDatas, err
 	}
 	s := blk.toGNU().sparse()
 	spd := make(sparseDatas, 0, s.maxEntries())
-	for {
+	totalSize := len(s)
+	for totalSize < maxSpecialFileSize {
 		for i := 0; i < s.maxEntries(); i++ {
 			// This termination condition is identical to GNU and BSD tar.
 			if s.entry(i).offset()[0] == 0x00 {
@@ -501,7 +502,11 @@ func (tr *Reader) readOldGNUSparseMap(hdr *Header, blk *block) (sparseDatas, err
 			if p.err != nil {
 				return nil, p.err
 			}
-			spd = append(spd, sparseEntry{Offset: offset, Length: length})
+			var err error
+			spd, err = appendSparseEntry(spd, sparseEntry{Offset: offset, Length: length})
+			if err != nil {
+				return nil, err
+			}
 		}
 
 		if s.isExtended()[0] > 0 {
@@ -510,10 +515,12 @@ func (tr *Reader) readOldGNUSparseMap(hdr *Header, blk *block) (sparseDatas, err
 				return nil, err
 			}
 			s = blk.toSparse()
+			totalSize += len(s)
 			continue
 		}
 		return spd, nil // Done
 	}
+	return nil, errSparseTooLong
 }
 
 // readGNUSparseMap1x0 reads the sparse map as stored in GNU's PAX sparse format
@@ -586,7 +593,10 @@ func readGNUSparseMap1x0(r io.Reader) (sparseDatas, error) {
 		if err1 != nil || err2 != nil {
 			return nil, ErrHeader
 		}
-		spd = append(spd, sparseEntry{Offset: offset, Length: length})
+		spd, err = appendSparseEntry(spd, sparseEntry{Offset: offset, Length: length})
+		if err != nil {
+			return nil, err
+		}
 	}
 	return spd, nil
 }
@@ -620,12 +630,22 @@ func readGNUSparseMap0x1(paxHdrs map[string]string) (sparseDatas, error) {
 		if err1 != nil || err2 != nil {
 			return nil, ErrHeader
 		}
-		spd = append(spd, sparseEntry{Offset: offset, Length: length})
+		spd, err = appendSparseEntry(spd, sparseEntry{Offset: offset, Length: length})
+		if err != nil {
+			return nil, err
+		}
 		sparseMap = sparseMap[2:]
 	}
 	return spd, nil
 }
 
+func appendSparseEntry(spd sparseDatas, ent sparseEntry) (sparseDatas, error) {
+	if len(spd) >= maxSparseFileEntries {
+		return nil, errSparseTooLong
+	}
+	return append(spd, ent), nil
+}
+
 // Read reads from the current file in the tar archive.
 // It returns (0, io.EOF) when it reaches the end of that file,
 // until [Next] is called to advance to the next file.

package/bin/go/src/builtin/builtin.go

@@ -122,6 +122,10 @@ type Type int
 // invocation.
 type Type1 int
 
+// TypeOrExpr is here for the purposes of documentation only. It is a stand-in
+// for either a Go type or an expression.
+type TypeOrExpr int
+
 // IntegerType is here for the purposes of documentation only. It is a stand-in
 // for any integer type: int, uint, int8 etc.
 type IntegerType int
@@ -220,10 +224,15 @@ func max[T cmp.Ordered](x T, y ...T) T
 // min will return NaN.
 func min[T cmp.Ordered](x T, y ...T) T
 
-// The new built-in function allocates memory. The first argument is a type,
-// not a value, and the value returned is a pointer to a newly
-// allocated zero value of that type.
-func new(Type) *Type
+// The built-in function new allocates a new, initialized variable and returns
+// a pointer to it. It accepts a single argument, which may be either a type
+// or an expression.
+// If the argument is a type T, then new(T) allocates a variable of type T
+// initialized to its zero value.
+// Otherwise, the argument is an expression x and new(x) allocates a variable
+// of the type of x initialized to the value of x. If that value is an untyped
+// constant, it is first implicitly converted to its default type.
+func new(TypeOrExpr) *Type
 
 // The complex built-in function constructs a complex value from two
 // floating-point values. The real and imaginary parts must be of the same

package/bin/go/src/crypto/fips140/fips140.go

@@ -2,6 +2,12 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+// Package fips140 provides information about the FIPS 140-3 Go Cryptographic
+// Module and FIPS 140-3 mode.
+//
+// For more details, see the [FIPS 140-3 documentation].
+//
+// [FIPS 140-3 documentation]: https://go.dev/doc/security/fips140
 package fips140
 
 import (

package/bin/go/src/crypto/internal/fips140/drbg/entropy_fips140.go

@@ -0,0 +1,97 @@
+// Copyright 2026 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !wasm
+
+// This file contains reading from from entropy sources in FIPS-140
+// mode. It uses a scratch buffer in the BSS section (see below),
+// which usually doesn't cost much, except on Wasm, due to the way
+// the linear memory works. FIPS-140 mode is not supported on Wasm,
+// so we just use a build tag to exclude it. (Could also exclude other
+// platforms that does not support FIPS-140 mode, but as the BSS
+// variable doesn't cost much, don't bother.)
+
+package drbg
+
+import (
+	entropy "crypto/internal/entropy/v1.0.0"
+	"crypto/internal/sysrand"
+	"sync"
+	"sync/atomic"
+)
+
+// memory is a scratch buffer that is accessed between samples by the entropy
+// source to expose it to memory access timings.
+//
+// We reuse it and share it between Seed calls to avoid the significant (~500µs)
+// cost of zeroing a new allocation every time. The entropy source accesses it
+// using atomics (and doesn't care about its contents).
+//
+// It should end up in the .noptrbss section, and become backed by physical pages
+// at first use. This ensures that programs that do not use the FIPS 140-3 module
+// do not incur any memory use or initialization penalties.
+var memory entropy.ScratchBuffer
+
+func getEntropy() *[SeedSize]byte {
+	var retries int
+	seed, err := entropy.Seed(&memory)
+	for err != nil {
+		// The CPU jitter-based SP 800-90B entropy source has a non-negligible
+		// chance of failing the startup health tests.
+		//
+		// Each time it does, it enters a permanent failure state, and we
+		// restart it anew. This is not expected to happen more than a few times
+		// in a row.
+		if retries++; retries > 100 {
+			panic("fips140/drbg: failed to obtain initial entropy")
+		}
+		seed, err = entropy.Seed(&memory)
+	}
+	return &seed
+}
+
+// getEntropy is very slow (~500µs), so we don't want it on the hot path.
+// We keep both a persistent DRBG instance and a pool of additional instances.
+// Occasional uses will use drbgInstance, even if the pool was emptied since the
+// last use. Frequent concurrent uses will fill the pool and use it.
+var drbgInstance atomic.Pointer[Counter]
+var drbgPool = sync.Pool{
+	New: func() any {
+		return NewCounter(getEntropy())
+	},
+}
+
+func readFromEntropy(b []byte) {
+	// At every read, 128 random bits from the operating system are mixed as
+	// additional input, to make the output as strong as non-FIPS randomness.
+	// This is not credited as entropy for FIPS purposes, as allowed by Section
+	// 8.7.2: "Note that a DRBG does not rely on additional input to provide
+	// entropy, even though entropy could be provided in the additional input".
+	additionalInput := new([SeedSize]byte)
+	sysrand.Read(additionalInput[:16])
+
+	drbg := drbgInstance.Swap(nil)
+	if drbg == nil {
+		drbg = drbgPool.Get().(*Counter)
+	}
+	defer func() {
+		if !drbgInstance.CompareAndSwap(nil, drbg) {
+			drbgPool.Put(drbg)
+		}
+	}()
+
+	for len(b) > 0 {
+		size := min(len(b), maxRequestSize)
+		if reseedRequired := drbg.Generate(b[:size], additionalInput); reseedRequired {
+			// See SP 800-90A Rev. 1, Section 9.3.1, Steps 6-8, as explained in
+			// Section 9.3.2: if Generate reports a reseed is required, the
+			// additional input is passed to Reseed along with the entropy and
+			// then nulled before the next Generate call.
+			drbg.Reseed(getEntropy(), additionalInput)
+			additionalInput = nil
+			continue
+		}
+		b = b[size:]
+	}
+}

package/bin/go/src/crypto/internal/fips140/drbg/entropy_wasm.go

@@ -0,0 +1,11 @@
+// Copyright 2026 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build wasm
+
+package drbg
+
+func readFromEntropy(b []byte) {
+	panic("FIPS-140 entropy generation is not supported on Wasm")
+}

package/bin/go/src/crypto/internal/fips140/drbg/rand.go

@@ -9,55 +9,11 @@
 package drbg
 
 import (
-	entropy "crypto/internal/entropy/v1.0.0"
 	"crypto/internal/fips140"
 	"crypto/internal/sysrand"
 	"io"
-	"sync"
-	"sync/atomic"
 )
 
-// memory is a scratch buffer that is accessed between samples by the entropy
-// source to expose it to memory access timings.
-//
-// We reuse it and share it between Seed calls to avoid the significant (~500µs)
-// cost of zeroing a new allocation every time. The entropy source accesses it
-// using atomics (and doesn't care about its contents).
-//
-// It should end up in the .noptrbss section, and become backed by physical pages
-// at first use. This ensures that programs that do not use the FIPS 140-3 module
-// do not incur any memory use or initialization penalties.
-var memory entropy.ScratchBuffer
-
-func getEntropy() *[SeedSize]byte {
-	var retries int
-	seed, err := entropy.Seed(&memory)
-	for err != nil {
-		// The CPU jitter-based SP 800-90B entropy source has a non-negligible
-		// chance of failing the startup health tests.
-		//
-		// Each time it does, it enters a permanent failure state, and we
-		// restart it anew. This is not expected to happen more than a few times
-		// in a row.
-		if retries++; retries > 100 {
-			panic("fips140/drbg: failed to obtain initial entropy")
-		}
-		seed, err = entropy.Seed(&memory)
-	}
-	return &seed
-}
-
-// getEntropy is very slow (~500µs), so we don't want it on the hot path.
-// We keep both a persistent DRBG instance and a pool of additional instances.
-// Occasional uses will use drbgInstance, even if the pool was emptied since the
-// last use. Frequent concurrent uses will fill the pool and use it.
-var drbgInstance atomic.Pointer[Counter]
-var drbgPool = sync.Pool{
-	New: func() any {
-		return NewCounter(getEntropy())
-	},
-}
-
 // Read fills b with cryptographically secure random bytes. In FIPS mode, it
 // uses an SP 800-90A Rev. 1 Deterministic Random Bit Generator (DRBG).
 // Otherwise, it uses the operating system's random number generator.
@@ -76,37 +32,7 @@ func Read(b []byte) {
 		return
 	}
 
-	// At every read, 128 random bits from the operating system are mixed as
-	// additional input, to make the output as strong as non-FIPS randomness.
-	// This is not credited as entropy for FIPS purposes, as allowed by Section
-	// 8.7.2: "Note that a DRBG does not rely on additional input to provide
-	// entropy, even though entropy could be provided in the additional input".
-	additionalInput := new([SeedSize]byte)
-	sysrand.Read(additionalInput[:16])
-
-	drbg := drbgInstance.Swap(nil)
-	if drbg == nil {
-		drbg = drbgPool.Get().(*Counter)
-	}
-	defer func() {
-		if !drbgInstance.CompareAndSwap(nil, drbg) {
-			drbgPool.Put(drbg)
-		}
-	}()
-
-	for len(b) > 0 {
-		size := min(len(b), maxRequestSize)
-		if reseedRequired := drbg.Generate(b[:size], additionalInput); reseedRequired {
-			// See SP 800-90A Rev. 1, Section 9.3.1, Steps 6-8, as explained in
-			// Section 9.3.2: if Generate reports a reseed is required, the
-			// additional input is passed to Reseed along with the entropy and
-			// then nulled before the next Generate call.
-			drbg.Reseed(getEntropy(), additionalInput)
-			additionalInput = nil
-			continue
-		}
-		b = b[size:]
-	}
+	readFromEntropy(b)
 }
 
 var testingReader io.Reader

package/bin/go/src/crypto/tls/conn.go

@@ -1363,7 +1363,7 @@ func (c *Conn) handleKeyUpdate(keyUpdate *keyUpdateMsg) error {
 	}
 
 	newSecret := cipherSuite.nextTrafficSecret(c.in.trafficSecret)
-	if err := c.setReadTrafficSecret(cipherSuite, QUICEncryptionLevelInitial, newSecret); err != nil {
+	if err := c.setReadTrafficSecret(cipherSuite, QUICEncryptionLevelInitial, newSecret, keyUpdate.updateRequested); err != nil {
 		return err
 	}
 
@@ -1683,12 +1683,16 @@ func (c *Conn) VerifyHostname(host string) error {
 // setReadTrafficSecret sets the read traffic secret for the given encryption level. If
 // being called at the same time as setWriteTrafficSecret, the caller must ensure the call
 // to setWriteTrafficSecret happens first so any alerts are sent at the write level.
-func (c *Conn) setReadTrafficSecret(suite *cipherSuiteTLS13, level QUICEncryptionLevel, secret []byte) error {
+func (c *Conn) setReadTrafficSecret(suite *cipherSuiteTLS13, level QUICEncryptionLevel, secret []byte, locked bool) error {
 	// Ensure that there are no buffered handshake messages before changing the
 	// read keys, since that can cause messages to be parsed that were encrypted
 	// using old keys which are no longer appropriate.
 	if c.hand.Len() != 0 {
-		c.sendAlert(alertUnexpectedMessage)
+		if locked {
+			c.sendAlertLocked(alertUnexpectedMessage)
+		} else {
+			c.sendAlert(alertUnexpectedMessage)
+		}
 		return errors.New("tls: handshake buffer not empty before setting read traffic secret")
 	}
 	c.in.setTrafficSecret(suite, level, secret)

package/bin/go/src/crypto/tls/handshake_client_tls13.go

@@ -492,7 +492,7 @@ func (hs *clientHandshakeStateTLS13) establishHandshakeKeys() error {
 	clientSecret := handshakeSecret.ClientHandshakeTrafficSecret(hs.transcript)
 	c.setWriteTrafficSecret(hs.suite, QUICEncryptionLevelHandshake, clientSecret)
 	serverSecret := handshakeSecret.ServerHandshakeTrafficSecret(hs.transcript)
-	if err := c.setReadTrafficSecret(hs.suite, QUICEncryptionLevelHandshake, serverSecret); err != nil {
+	if err := c.setReadTrafficSecret(hs.suite, QUICEncryptionLevelHandshake, serverSecret, false); err != nil {
 		return err
 	}
 
@@ -711,7 +711,7 @@ func (hs *clientHandshakeStateTLS13) readServerFinished() error {
 
 	hs.trafficSecret = hs.masterSecret.ClientApplicationTrafficSecret(hs.transcript)
 	serverSecret := hs.masterSecret.ServerApplicationTrafficSecret(hs.transcript)
-	if err := c.setReadTrafficSecret(hs.suite, QUICEncryptionLevelApplication, serverSecret); err != nil {
+	if err := c.setReadTrafficSecret(hs.suite, QUICEncryptionLevelApplication, serverSecret, false); err != nil {
 		return err
 	}
 

package/bin/go/src/crypto/tls/handshake_server_tls13.go

@@ -752,7 +752,7 @@ func (hs *serverHandshakeStateTLS13) sendServerParameters() error {
 	serverSecret := hs.handshakeSecret.ServerHandshakeTrafficSecret(hs.transcript)
 	c.setWriteTrafficSecret(hs.suite, QUICEncryptionLevelHandshake, serverSecret)
 	clientSecret := hs.handshakeSecret.ClientHandshakeTrafficSecret(hs.transcript)
-	if err := c.setReadTrafficSecret(hs.suite, QUICEncryptionLevelHandshake, clientSecret); err != nil {
+	if err := c.setReadTrafficSecret(hs.suite, QUICEncryptionLevelHandshake, clientSecret, false); err != nil {
 		return err
 	}
 
@@ -1136,7 +1136,7 @@ func (hs *serverHandshakeStateTLS13) readClientFinished() error {
 		return errors.New("tls: invalid client finished hash")
 	}
 
-	if err := c.setReadTrafficSecret(hs.suite, QUICEncryptionLevelApplication, hs.trafficSecret); err != nil {
+	if err := c.setReadTrafficSecret(hs.suite, QUICEncryptionLevelApplication, hs.trafficSecret, false); err != nil {
 		return err
 	}
 

package/bin/go/src/crypto/tls/key_schedule.go

@@ -7,6 +7,7 @@ package tls
 import (
 	"crypto"
 	"crypto/ecdh"
+	"crypto/fips140"
 	"crypto/hmac"
 	"crypto/internal/fips140/tls13"
 	"crypto/mlkem"
@@ -165,7 +166,14 @@ type hybridKeyExchange struct {
 }
 
 func (ke *hybridKeyExchange) keyShares(rand io.Reader) (*keySharePrivateKeys, []keyShare, error) {
-	priv, ecdhShares, err := ke.ecdh.keyShares(rand)
+	var (
+		priv       *keySharePrivateKeys
+		ecdhShares []keyShare
+		err        error
+	)
+	fips140.WithoutEnforcement(func() { // Hybrid of ML-KEM, which is Approved.
+		priv, ecdhShares, err = ke.ecdh.keyShares(rand)
+	})
 	if err != nil {
 		return nil, nil, err
 	}
@@ -201,7 +209,14 @@ func (ke *hybridKeyExchange) serverSharedSecret(rand io.Reader, clientKeyShare [
 		ecdhShareData = clientKeyShare[:ke.ecdhElementSize]
 		mlkemShareData = clientKeyShare[ke.ecdhElementSize:]
 	}
-	ecdhSharedSecret, ks, err := ke.ecdh.serverSharedSecret(rand, ecdhShareData)
+	var (
+		ecdhSharedSecret []byte
+		ks               keyShare
+		err              error
+	)
+	fips140.WithoutEnforcement(func() { // Hybrid of ML-KEM, which is Approved.
+		ecdhSharedSecret, ks, err = ke.ecdh.serverSharedSecret(rand, ecdhShareData)
+	})
 	if err != nil {
 		return nil, keyShare{}, err
 	}
@@ -234,7 +249,13 @@ func (ke *hybridKeyExchange) clientSharedSecret(priv *keySharePrivateKeys, serve
 		ecdhShareData = serverKeyShare[:ke.ecdhElementSize]
 		mlkemShareData = serverKeyShare[ke.ecdhElementSize:]
 	}
-	ecdhSharedSecret, err := ke.ecdh.clientSharedSecret(priv, ecdhShareData)
+	var (
+		ecdhSharedSecret []byte
+		err              error
+	)
+	fips140.WithoutEnforcement(func() { // Hybrid of ML-KEM, which is Approved.
+		ecdhSharedSecret, err = ke.ecdh.clientSharedSecret(priv, ecdhShareData)
+	})
 	if err != nil {
 		return nil, err
 	}