From 0b4d5f85e68ea79b61de9989f9f37a984eb11289 Mon Sep 17 00:00:00 2001
From: Dimitri John Ledkov <dimitri.ledkov@surgut.co.uk>
Date: Thu, 29 Jan 2026 05:30:42 +0100
Subject: [PATCH 01/31] [release-branch.go1.26] cmd/link: use bfd ld 2.36+ on
 linux/arm64 instead of gold

The bfd linker has been fixed for a while. In the mean time gold got
deprecated and has stopped receiving new features. Add runtime version
checking and only use gold, if bfd ld 2.35 and lower is detected.

This enables using `-buildmode=shared` on arm64 without installing
binutils-gold (on distributions that split package this), as well as
to use external ldflags that ld.bfd supports, and ld.gold does
not. For example, this enables to specify gcs-report-dynamic=none when
building with GCC-15.

For #22040.
Fixes #78406.

Change-Id: I4eb8b3dabb78844ff662332ad63a4625278271b1
Cq-Include-Trybots: luci.golang.try:go1.26-linux-arm64_debian13
Reviewed-on: https://go-review.googlesource.com/c/go/+/740480
Reviewed-by: Cherry Mui <cherryyz@google.com>
Reviewed-by: Mark Freeman <markfreeman@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Cherry Mui <cherryyz@google.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/760302
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Auto-Submit: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
---
 src/cmd/link/internal/ld/lib.go | 46 ++++++++++++++++++++++++++-------
 1 file changed, 36 insertions(+), 10 deletions(-)

diff --git a/src/cmd/link/internal/ld/lib.go b/src/cmd/link/internal/ld/lib.go
index bcad5add4abe19..1427f9c7bc62dc 100644
--- a/src/cmd/link/internal/ld/lib.go
+++ b/src/cmd/link/internal/ld/lib.go
@@ -1700,22 +1700,48 @@ func (ctxt *Link) hostlink() {
 		}
 
 		if ctxt.Arch.InFamily(sys.ARM64) && buildcfg.GOOS == "linux" {
-			// On ARM64, the GNU linker will fail with
-			// -znocopyreloc if it thinks a COPY relocation is
-			// required. Switch to gold.
+			// On ARM64, the GNU linker had issues with -znocopyreloc
+			// and COPY relocations. This was fixed in GNU ld 2.36+.
 			// https://sourceware.org/bugzilla/show_bug.cgi?id=19962
 			// https://go.dev/issue/22040
-			altLinker = "gold"
+			// And newer gold is deprecated, may lack new features/flags, or even missing
 
-			// If gold is not installed, gcc will silently switch
-			// back to ld.bfd. So we parse the version information
-			// and provide a useful error if gold is missing.
+			// If the default linker is GNU ld 2.35 or older, use gold
+			useGold := false
 			name, args := flagExtld[0], flagExtld[1:]
-			args = append(args, "-fuse-ld=gold", "-Wl,--version")
+			args = append(args, "-Wl,--version")
 			cmd := exec.Command(name, args...)
 			if out, err := cmd.CombinedOutput(); err == nil {
-				if !bytes.Contains(out, []byte("GNU gold")) {
-					log.Fatalf("ARM64 external linker must be gold (issue #15696, 22040), but is not: %s", out)
+				// Parse version from output like "GNU ld (GNU Binutils for Distro) 2.36.1"
+				for line := range strings.Lines(string(out)) {
+					if !strings.HasPrefix(line, "GNU ld ") {
+						continue
+					}
+					fields := strings.Fields(line[len("GNU ld "):])
+					var major, minor int
+					if ret, err := fmt.Sscanf(fields[len(fields)-1], "%d.%d", &major, &minor); ret == 2 && err == nil {
+						if major == 2 && minor <= 35 {
+							useGold = true
+						}
+						break
+					}
+				}
+			}
+
+			if useGold {
+				// Use gold for older linkers
+				altLinker = "gold"
+
+				// If gold is not installed, gcc will silently switch
+				// back to ld.bfd. So we parse the version information
+				// and provide a useful error if gold is missing.
+				args = flagExtld[1:]
+				args = append(args, "-fuse-ld=gold", "-Wl,--version")
+				cmd = exec.Command(name, args...)
+				if out, err := cmd.CombinedOutput(); err == nil {
+					if !bytes.Contains(out, []byte("GNU gold")) {
+						log.Fatalf("ARM64 external linker must be ld>=2.36 or gold (issue #15696, 22040), but is not: %s", out)
+					}
 				}
 			}
 		}

From f4e425d342728ee354a01a19af870c81d63a5ac2 Mon Sep 17 00:00:00 2001
From: Mark Freeman <mark@golang.org>
Date: Tue, 14 Apr 2026 16:13:06 -0400
Subject: [PATCH 02/31] [release-branch.go1.26] fix incorrect loop trip counts

While CL 758801 addresses this fix on tip, it does not apply
cleanly on go1.25 or go1.26. In the interest of safety, this
disables loop inversion; it's the least invasive path.

Fixes #78375

Change-Id: Iac399ca47b811042dc5f38272d201d3dc61390b8
Reviewed-on: https://go-review.googlesource.com/c/go/+/766982
Reviewed-by: Jorropo <jorropo.pgm@gmail.com>
TryBot-Bypass: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Keith Randall <khr@google.com>
---
 src/cmd/compile/internal/ssa/prove.go | 118 --------------------------
 1 file changed, 118 deletions(-)

diff --git a/src/cmd/compile/internal/ssa/prove.go b/src/cmd/compile/internal/ssa/prove.go
index de16dfb3406eec..27afa8e33a628f 100644
--- a/src/cmd/compile/internal/ssa/prove.go
+++ b/src/cmd/compile/internal/ssa/prove.go
@@ -1517,124 +1517,6 @@ func prove(f *Func) {
 			// Since this induction variable is not used for anything but counting the iterations,
 			// no point in putting it into the facts table.
 		}
-
-		// try to rewrite to a downward counting loop checking against start if the
-		// loop body does not depend on ind or nxt and end is known before the loop.
-		// This reduces pressure on the register allocator because this does not need
-		// to use end on each iteration anymore. We compare against the start constant instead.
-		// That means this code:
-		//
-		//	loop:
-		//		ind = (Phi (Const [x]) nxt),
-		//		if ind < end
-		//		then goto enter_loop
-		//		else goto exit_loop
-		//
-		//	enter_loop:
-		//		do something without using ind nor nxt
-		//		nxt = inc + ind
-		//		goto loop
-		//
-		//	exit_loop:
-		//
-		// is rewritten to:
-		//
-		//	loop:
-		//		ind = (Phi end nxt)
-		//		if (Const [x]) < ind
-		//		then goto enter_loop
-		//		else goto exit_loop
-		//
-		//	enter_loop:
-		//		do something without using ind nor nxt
-		//		nxt = ind - inc
-		//		goto loop
-		//
-		//	exit_loop:
-		//
-		// this is better because it only requires to keep ind then nxt alive while looping,
-		// while the original form keeps ind then nxt and end alive
-		start, end := v.min, v.max
-		if v.flags&indVarCountDown != 0 {
-			start, end = end, start
-		}
-
-		if !start.isGenericIntConst() {
-			// if start is not a constant we would be winning nothing from inverting the loop
-			continue
-		}
-		if end.isGenericIntConst() {
-			// TODO: if both start and end are constants we should rewrite such that the comparison
-			// is against zero and nxt is ++ or -- operation
-			// That means:
-			//	for i := 2; i < 11; i += 2 {
-			// should be rewritten to:
-			//	for i := 5; 0 < i; i-- {
-			continue
-		}
-
-		if end.Block == ind.Block {
-			// we can't rewrite loops where the condition depends on the loop body
-			// this simple check is forced to work because if this is true a Phi in ind.Block must exist
-			continue
-		}
-
-		check := ind.Block.Controls[0]
-		// invert the check
-		check.Args[0], check.Args[1] = check.Args[1], check.Args[0]
-
-		// swap start and end in the loop
-		for i, v := range check.Args {
-			if v != end {
-				continue
-			}
-
-			check.SetArg(i, start)
-			goto replacedEnd
-		}
-		panic(fmt.Sprintf("unreachable, ind: %v, start: %v, end: %v", ind, start, end))
-	replacedEnd:
-
-		for i, v := range ind.Args {
-			if v != start {
-				continue
-			}
-
-			ind.SetArg(i, end)
-			goto replacedStart
-		}
-		panic(fmt.Sprintf("unreachable, ind: %v, start: %v, end: %v", ind, start, end))
-	replacedStart:
-
-		if nxt.Args[0] != ind {
-			// unlike additions subtractions are not commutative so be sure we get it right
-			nxt.Args[0], nxt.Args[1] = nxt.Args[1], nxt.Args[0]
-		}
-
-		switch nxt.Op {
-		case OpAdd8:
-			nxt.Op = OpSub8
-		case OpAdd16:
-			nxt.Op = OpSub16
-		case OpAdd32:
-			nxt.Op = OpSub32
-		case OpAdd64:
-			nxt.Op = OpSub64
-		case OpSub8:
-			nxt.Op = OpAdd8
-		case OpSub16:
-			nxt.Op = OpAdd16
-		case OpSub32:
-			nxt.Op = OpAdd32
-		case OpSub64:
-			nxt.Op = OpAdd64
-		default:
-			panic("unreachable")
-		}
-
-		if f.pass.debug > 0 {
-			f.Warnl(ind.Pos, "Inverted loop iteration")
-		}
 	}
 
 	ft := newFactsTable(f)

From ba4554f03b0dbd0c6fa389be6edc2ae399bd5f9c Mon Sep 17 00:00:00 2001
From: Michael Matloob <matloob@golang.org>
Date: Tue, 17 Mar 2026 17:07:02 -0400
Subject: [PATCH 03/31] [release-branch.go1.26] cmd/go: specify full path to go
 command when running go tool covdata

Otherwise the GOROOT will be a post-1.25 GOROOT, while we try to run
"go tool covdata" with a go command that's 1.24 or earlier from the post
1.25 toolchain. The 1.24 go command won't be able to find covdata in the
1.25 goroot because go 1.25 and later don't ship with a prebuilt covdata
tool.

For #71867
For #75031
Fixes #78412

Change-Id: I770f10a288347ac33cf721d34a2adb1a6a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/756220
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Michael Matloob <matloob@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
(cherry picked from commit 90adad7b2565d456bf5e120a59a07ff31f3ada45)
Reviewed-on: https://go-review.googlesource.com/c/go/+/760500
TryBot-Bypass: Dmitri Shuralyov <dmitshur@google.com>
---
 src/cmd/go/internal/work/cover.go                    |  2 +-
 .../go/testdata/script/cover_switch_toolchain.txt    | 12 ++++++++++++
 2 files changed, 13 insertions(+), 1 deletion(-)
 create mode 100644 src/cmd/go/testdata/script/cover_switch_toolchain.txt

diff --git a/src/cmd/go/internal/work/cover.go b/src/cmd/go/internal/work/cover.go
index fc96f67d6e8a0b..be090ce4c3b50b 100644
--- a/src/cmd/go/internal/work/cover.go
+++ b/src/cmd/go/internal/work/cover.go
@@ -24,7 +24,7 @@ import (
 func (b *Builder) CovData(a *Action, cmdargs ...any) ([]byte, error) {
 	cmdline := str.StringList(cmdargs...)
 	args := append([]string{}, cfg.BuildToolexec...)
-	args = append(args, "go", "tool", "covdata")
+	args = append(args, filepath.Join(cfg.GOROOTbin, "go"), "tool", "covdata")
 	args = append(args, cmdline...)
 	return b.Shell(a).runOut(a.Objdir, nil, args)
 }
diff --git a/src/cmd/go/testdata/script/cover_switch_toolchain.txt b/src/cmd/go/testdata/script/cover_switch_toolchain.txt
new file mode 100644
index 00000000000000..dace804fb6cb27
--- /dev/null
+++ b/src/cmd/go/testdata/script/cover_switch_toolchain.txt
@@ -0,0 +1,12 @@
+go test -cover -n ./...
+[!GOOS:windows] stderr $GOROOT'/bin/go tool covdata'
+[GOOS:windows] stderr '\\\\bin\\\\go" tool covdata'
+
+-- go.mod --
+module example.com/m
+
+go 1.25.0
+-- m.go --
+package main
+
+func main() {}

From efdc0fb3545f7f98c6e8f391a6e96c53b0aeb7c5 Mon Sep 17 00:00:00 2001
From: Cuong Manh Le <cuong.manhle.vn@gmail.com>
Date: Mon, 13 Apr 2026 15:53:10 +0700
Subject: [PATCH 04/31] [release-branch.go1.26] cmd/compile: handle min integer
 step in loop

Since negating min int will overflows back to itself, causing a panic
inside subWillUnderflow check.

Fixes #78676

Change-Id: Ibbf2fa3228b9890a1a76ac6f4ff504b7e125b29f
Reviewed-on: https://go-review.googlesource.com/c/go/+/766260
Auto-Submit: Cuong Manh Le <cuong.manhle.vn@gmail.com>
LUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: David Chase <drchase@google.com>
Reviewed-by: Jorropo <jorropo.pgm@gmail.com>
Reviewed-by: Keith Randall <khr@google.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/766840
TryBot-Bypass: Cuong Manh Le <cuong.manhle.vn@gmail.com>
---
 src/cmd/compile/internal/ssa/loopbce.go |  6 ++++++
 test/fixedbugs/issue78641.go            | 25 +++++++++++++++++++++++++
 2 files changed, 31 insertions(+)
 create mode 100644 test/fixedbugs/issue78641.go

diff --git a/src/cmd/compile/internal/ssa/loopbce.go b/src/cmd/compile/internal/ssa/loopbce.go
index a63a314043fe89..84811647cedcd1 100644
--- a/src/cmd/compile/internal/ssa/loopbce.go
+++ b/src/cmd/compile/internal/ssa/loopbce.go
@@ -145,6 +145,12 @@ func findIndVar(f *Func) []indVar {
 		if step == 0 {
 			continue
 		}
+		// step == minInt64 cannot be safely negated below, because -step
+		// overflows back to minInt64. The later underflow checks need a
+		// positive magnitude, so reject this case here.
+		if step == minSignedValue(ind.Type) {
+			continue
+		}
 
 		// startBody is the edge that eventually returns to the loop header.
 		var startBody Edge
diff --git a/test/fixedbugs/issue78641.go b/test/fixedbugs/issue78641.go
new file mode 100644
index 00000000000000..be964354af1ee5
--- /dev/null
+++ b/test/fixedbugs/issue78641.go
@@ -0,0 +1,25 @@
+// run
+
+// Copyright 2026 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package main
+
+const (
+	intSize = 32 << (^uint(0) >> 63)
+	minInt  = -1 << (intSize - 1)
+)
+
+func main() {
+	f()
+}
+
+func f() {
+	for i := 0; true; i += minInt {
+		if i < 0 {
+			return
+		}
+	}
+	panic("unreachable")
+}

From 710f29a7582165978a39fd730d711e6de8702ff9 Mon Sep 17 00:00:00 2001
From: Michael Pratt <mpratt@google.com>
Date: Thu, 2 Apr 2026 13:17:23 -0400
Subject: [PATCH 05/31] [release-branch.go1.26] runtime: add sysUnreserve to
 undo sysReserve

This is inspired by CL 724560 by Bobby Powers, particularly their great
commit message.

When using address sanitizer with leak detection, sysReserve registers
memory regions with LSAN via lsanregisterrootregion. However, several
code paths release this memory using sysFreeOS without first
unregistering from LSAN. This leaves LSAN with stale root region entries
pointing to memory that has been unmapped and may be reallocated for
other purposes.

This bug was latent until glibc 2.42, which changed pthread stack guard
pages from mprotect(PROT_NONE) to madvise(MADV_GUARD_INSTALL). The
difference matters because LSAN filters root region scanning by
intersecting registered regions with readable mappings from
/proc/self/maps:

- mprotect(PROT_NONE) splits the VMA, creating a separate entry with
  ---p permissions. LSAN's IsReadable() check excludes it from scanning.

- MADV_GUARD_INSTALL operates at the page table level without modifying
  the VMA. The region still appears as rw-p in /proc/self/maps, so LSAN
  includes it in the scan and crashes with SIGSEGV when accessing the
  guard pages.

Address this by adding sysUnreserve to undo sysReserve. sysUnreserve
unregisters the region from LSAN and frees the mapping.

With the addition of sysUnreserve, we have complete coverage of LSAN
unregister in the mem.go abstract: sysFree unregisters Ready memory.
sysUnreserve unregisters Reserved memory. And there is no way to free
Prepared memory at all (it must transition to Ready or Reserved first).

The implementation of lsanunregisterrootregion [1] finds the region by
exact match of start and end address. It therefore does not support
splitting a region, and we must extend this requirement to sysUnreserve
and sysFree. I am not completely confident that we always pass the full
region to sysFree, but LSAN aborts if it can't find the region, so we
must not be blatantly violating this.

sysReserveAligned does need to unreserve a subset of a region, so it
cannot use sysUnreserve directly. Rather than breaking the mem.go
abstract, move sysReserveAligned into mem.go, adding it to the
abstraction.

We should not have any calls to sysFreeOS outside of the mem.go
abstraction. That is now true with this CL.

Fixes #78511.

[1] https://github.com/llvm/llvm-project/blob/3e3e362648fa062038b90ccc21f46a09d6902288/compiler-rt/lib/lsan/lsan_common.cpp#L1157

Change-Id: I8c46a62154b2f23456ffd5086a7b91156a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/762381
Reviewed-by: Michael Knyszek <mknyszek@google.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
(cherry picked from commit 40ec033c33802cf6e1236ea8030d882338a457d5)
Reviewed-on: https://go-review.googlesource.com/c/go/+/767022
TryBot-Bypass: Carlos Amedee <carlos@golang.org>
Reviewed-by: Carlos Amedee <carlos@golang.org>
---
 src/runtime/export_test.go |  20 +++++--
 src/runtime/malloc.go      |  54 +-----------------
 src/runtime/mem.go         | 113 ++++++++++++++++++++++++++++++++++---
 3 files changed, 119 insertions(+), 68 deletions(-)

diff --git a/src/runtime/export_test.go b/src/runtime/export_test.go
index 95e2cbb95929d1..15365bff38f326 100644
--- a/src/runtime/export_test.go
+++ b/src/runtime/export_test.go
@@ -546,7 +546,7 @@ func MapNextArenaHint() (start, end uintptr, ok bool) {
 	if !ok {
 		// We were unable to get the requested reservation.
 		// Release what we did get and fail.
-		sysFreeOS(got, physPageSize)
+		sysUnreserve(got, physPageSize)
 	}
 	return
 }
@@ -1087,19 +1087,21 @@ func FreePageAlloc(pp *PageAlloc) {
 	// Free all the mapped space for the summary levels.
 	if pageAlloc64Bit != 0 {
 		for l := 0; l < summaryLevels; l++ {
-			sysFreeOS(unsafe.Pointer(&p.summary[l][0]), uintptr(cap(p.summary[l]))*pallocSumBytes)
+			// This isn't quite right, as some of this memory may
+			// be Ready instead of Reserved. The mappedReady and
+			// testSysStat adjustments below correct for the
+			// difference.
+			sysUnreserve(unsafe.Pointer(&p.summary[l][0]), uintptr(cap(p.summary[l]))*pallocSumBytes)
 		}
 	} else {
 		resSize := uintptr(0)
 		for _, s := range p.summary {
 			resSize += uintptr(cap(s)) * pallocSumBytes
 		}
-		sysFreeOS(unsafe.Pointer(&p.summary[0][0]), alignUp(resSize, physPageSize))
+		// See sysUnreserve comment above.
+		sysUnreserve(unsafe.Pointer(&p.summary[0][0]), alignUp(resSize, physPageSize))
 	}
 
-	// Free extra data structures.
-	sysFreeOS(unsafe.Pointer(&p.scav.index.chunks[0]), uintptr(cap(p.scav.index.chunks))*unsafe.Sizeof(atomicScavChunkData{}))
-
 	// Subtract back out whatever we mapped for the summaries.
 	// sysUsed adds to p.sysStat and memstats.mappedReady no matter what
 	// (and in anger should actually be accounted for), and there's no other
@@ -1107,6 +1109,12 @@ func FreePageAlloc(pp *PageAlloc) {
 	gcController.mappedReady.Add(-int64(p.summaryMappedReady))
 	testSysStat.add(-int64(p.summaryMappedReady))
 
+	// Free extra data structures.
+	//
+	// TODO(prattmic): As above, some of this may be Ready, so we should
+	// manually adjust mappedReady and testSysStat?
+	sysUnreserve(unsafe.Pointer(&p.scav.index.chunks[0]), uintptr(cap(p.scav.index.chunks))*unsafe.Sizeof(atomicScavChunkData{}))
+
 	// Free the mapped space for chunks.
 	for i := range p.chunks {
 		if x := p.chunks[i]; x != nil {
diff --git a/src/runtime/malloc.go b/src/runtime/malloc.go
index c08bc7574ba411..6a4ee5bd42007c 100644
--- a/src/runtime/malloc.go
+++ b/src/runtime/malloc.go
@@ -788,7 +788,7 @@ func (h *mheap) sysAlloc(n uintptr, hintList **arenaHint, arenaList *[]arenaIdx)
 		// particular, this is already how Windows behaves, so
 		// it would simplify things there.
 		if v != nil {
-			sysFreeOS(v, n)
+			sysUnreserve(v, n)
 		}
 		*hintList = hint.next
 		h.arenaHintAlloc.free(unsafe.Pointer(hint))
@@ -921,58 +921,6 @@ mapped:
 	return
 }
 
-// sysReserveAligned is like sysReserve, but the returned pointer is
-// aligned to align bytes. It may reserve either n or n+align bytes,
-// so it returns the size that was reserved.
-func sysReserveAligned(v unsafe.Pointer, size, align uintptr, vmaName string) (unsafe.Pointer, uintptr) {
-	if isSbrkPlatform {
-		if v != nil {
-			throw("unexpected heap arena hint on sbrk platform")
-		}
-		return sysReserveAlignedSbrk(size, align)
-	}
-	// Since the alignment is rather large in uses of this
-	// function, we're not likely to get it by chance, so we ask
-	// for a larger region and remove the parts we don't need.
-	retries := 0
-retry:
-	p := uintptr(sysReserve(v, size+align, vmaName))
-	switch {
-	case p == 0:
-		return nil, 0
-	case p&(align-1) == 0:
-		return unsafe.Pointer(p), size + align
-	case GOOS == "windows":
-		// On Windows we can't release pieces of a
-		// reservation, so we release the whole thing and
-		// re-reserve the aligned sub-region. This may race,
-		// so we may have to try again.
-		sysFreeOS(unsafe.Pointer(p), size+align)
-		p = alignUp(p, align)
-		p2 := sysReserve(unsafe.Pointer(p), size, vmaName)
-		if p != uintptr(p2) {
-			// Must have raced. Try again.
-			sysFreeOS(p2, size)
-			if retries++; retries == 100 {
-				throw("failed to allocate aligned heap memory; too many retries")
-			}
-			goto retry
-		}
-		// Success.
-		return p2, size
-	default:
-		// Trim off the unaligned parts.
-		pAligned := alignUp(p, align)
-		sysFreeOS(unsafe.Pointer(p), pAligned-p)
-		end := pAligned + size
-		endLen := (p + size + align) - end
-		if endLen > 0 {
-			sysFreeOS(unsafe.Pointer(end), endLen)
-		}
-		return unsafe.Pointer(pAligned), size
-	}
-}
-
 // enableMetadataHugePages enables huge pages for various sources of heap metadata.
 //
 // A note on latency: for sufficiently small heaps (<10s of GiB) this function will take constant
diff --git a/src/runtime/mem.go b/src/runtime/mem.go
index f373173eb36fc1..1a12309ca59dfc 100644
--- a/src/runtime/mem.go
+++ b/src/runtime/mem.go
@@ -120,14 +120,21 @@ func sysHugePageCollapse(v unsafe.Pointer, n uintptr) {
 //
 // sysStat must be non-nil.
 //
+// The size and start address must exactly match the size and returned address
+// from the original sysAlloc/sysReserve/sysReserveAligned call. That is,
+// sysFree cannot be used to free a subset of a memory region.
+//
 // Don't split the stack as this function may be invoked without a valid G,
 // which prevents us from allocating more stack.
 //
 //go:nosplit
 func sysFree(v unsafe.Pointer, n uintptr, sysStat *sysMemStat) {
-	// When using ASAN leak detection, the memory being freed is
-	// known by the sanitizer. We need to unregister it so it's
-	// not accessed by it.
+	// When using ASAN leak detection, the memory being freed is known by
+	// the sanitizer. We need to unregister it so it's not accessed by it.
+	//
+	// lsanunregisterrootregion matches regions by start address and size,
+	// so it is not possible to unregister a subset of the region. This is
+	// why sysFree requires the full region from the initial allocation.
 	if asanenabled {
 		lsanunregisterrootregion(v, n)
 	}
@@ -156,13 +163,12 @@ func sysFault(v unsafe.Pointer, n uintptr) {
 // (either via permissions or not committing the memory). Such a reservation is
 // thus never backed by physical memory.
 //
-// If the pointer passed to it is non-nil, the caller wants the
-// reservation there, but sysReserve can still choose another
-// location if that one is unavailable.
+// If the pointer passed to it is non-nil, the caller wants the reservation
+// there, but sysReserve can still choose another location if that one is
+// unavailable.
 //
-// NOTE: sysReserve returns OS-aligned memory, but the heap allocator
-// may use larger alignment, so the caller must be careful to realign the
-// memory obtained by sysReserve.
+// sysReserve returns OS-aligned memory. If a larger alignment is required, use
+// sysReservedAligned.
 func sysReserve(v unsafe.Pointer, n uintptr, vmaName string) unsafe.Pointer {
 	p := sysReserveOS(v, n, vmaName)
 
@@ -175,6 +181,95 @@ func sysReserve(v unsafe.Pointer, n uintptr, vmaName string) unsafe.Pointer {
 	return p
 }
 
+// sysReserveAligned transitions a memory region from None to Reserved.
+//
+// Semantics are equivlent to sysReserve, but the returned pointer is aligned
+// to align bytes. It may reserve either n or n+align bytes, so it returns the
+// size that was reserved.
+func sysReserveAligned(v unsafe.Pointer, size, align uintptr, vmaName string) (unsafe.Pointer, uintptr) {
+	if isSbrkPlatform {
+		if v != nil {
+			throw("unexpected heap arena hint on sbrk platform")
+		}
+		return sysReserveAlignedSbrk(size, align)
+	}
+	// Since the alignment is rather large in uses of this
+	// function, we're not likely to get it by chance, so we ask
+	// for a larger region and remove the parts we don't need.
+	retries := 0
+retry:
+	p := uintptr(sysReserve(v, size+align, vmaName))
+	switch {
+	case p == 0:
+		return nil, 0
+	case p&(align-1) == 0:
+		return unsafe.Pointer(p), size + align
+	case GOOS == "windows":
+		// On Windows we can't release pieces of a
+		// reservation, so we release the whole thing and
+		// re-reserve the aligned sub-region. This may race,
+		// so we may have to try again.
+		sysUnreserve(unsafe.Pointer(p), size+align)
+		p = alignUp(p, align)
+		p2 := sysReserve(unsafe.Pointer(p), size, vmaName)
+		if p != uintptr(p2) {
+			// Must have raced. Try again.
+			sysUnreserve(p2, size)
+			if retries++; retries == 100 {
+				throw("failed to allocate aligned heap memory; too many retries")
+			}
+			goto retry
+		}
+		// Success.
+		return p2, size
+	default:
+		// Trim off the unaligned parts.
+		pAligned := alignUp(p, align)
+		end := pAligned + size
+		endLen := (p + size + align) - end
+
+		// sysUnreserve does not allow unreserving a subset of the
+		// region because LSAN does not allow unregistering a subset.
+		// So we can't call sysUnreserve. Instead we simply unregister
+		// the entire region from LSAN and re-register with the smaller
+		// region before freeing the unecessary portions, which does
+		// allow subsets of the region.
+		if asanenabled {
+			lsanunregisterrootregion(unsafe.Pointer(p), size+align)
+			lsanregisterrootregion(unsafe.Pointer(pAligned), size)
+		}
+		sysFreeOS(unsafe.Pointer(p), pAligned-p)
+		if endLen > 0 {
+			sysFreeOS(unsafe.Pointer(end), endLen)
+		}
+		return unsafe.Pointer(pAligned), size
+	}
+}
+
+// sysUnreserve transitions a memory region from Reserved to None.
+//
+// The size and start address must exactly match the size and returned address
+// from sysReserve/sysReserveAligned. That is, sysUnreserve cannot be used to
+// unreserve a subset of a memory region.
+//
+// Don't split the stack as this function may be invoked without a valid G,
+// which prevents us from allocating more stack.
+//
+//go:nosplit
+func sysUnreserve(v unsafe.Pointer, n uintptr) {
+	// When using ASAN leak detection, the memory being freed is known by
+	// the sanitizer. We need to unregister it so it's not accessed by it.
+	//
+	// lsanunregisterrootregion matches regions by start address and size,
+	// so it is not possible to unregister a subset of the region. This is
+	// why sysUnreserve requires the full region from sysReserve.
+	if asanenabled {
+		lsanunregisterrootregion(v, n)
+	}
+
+	sysFreeOS(v, n)
+}
+
 // sysMap transitions a memory region from Reserved to Prepared. It ensures the
 // memory region can be efficiently transitioned to Ready.
 //

From ec5ebece414661dd9341d8b06afda3fa71545c2f Mon Sep 17 00:00:00 2001
From: Mark Freeman <mark@golang.org>
Date: Fri, 17 Apr 2026 15:59:51 -0400
Subject: [PATCH 06/31] [release-branch.go1.26] all: update x/net to 705de46f

Fixes #78478

Change-Id: Ic950951a8149a9db0c43e7f6846926b2806a8889
Reviewed-on: https://go-review.googlesource.com/c/go/+/768500
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
---
 src/go.mod                | 2 +-
 src/go.sum                | 4 ++--
 src/net/http/h2_bundle.go | 6 +++---
 src/vendor/modules.txt    | 2 +-
 4 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/go.mod b/src/go.mod
index efc07451b53448..b329ba18def47c 100644
--- a/src/go.mod
+++ b/src/go.mod
@@ -4,7 +4,7 @@ go 1.26
 
 require (
 	golang.org/x/crypto v0.46.1-0.20251210140736-7dacc380ba00
-	golang.org/x/net v0.47.1-0.20251128220604-7c360367ab7e
+	golang.org/x/net v0.47.1-0.20260417193450-705de46f8788
 )
 
 require (
diff --git a/src/go.sum b/src/go.sum
index b6b841b44d8e38..37f908522c1926 100644
--- a/src/go.sum
+++ b/src/go.sum
@@ -1,7 +1,7 @@
 golang.org/x/crypto v0.46.1-0.20251210140736-7dacc380ba00 h1:JgcPM1rzpSOZS8y69FQvnY0xN0ciHlpQqwTXJcuZIA4=
 golang.org/x/crypto v0.46.1-0.20251210140736-7dacc380ba00/go.mod h1:Evb/oLKmMraqjZ2iQTwDwvCtJkczlDuTmdJXoZVzqU0=
-golang.org/x/net v0.47.1-0.20251128220604-7c360367ab7e h1:PAAT9cIDvIAIRQVz2txQvUFRt3jOlhiO84ihd8XMGlg=
-golang.org/x/net v0.47.1-0.20251128220604-7c360367ab7e/go.mod h1:/jNxtkgq5yWUGYkaZGqo27cfGZ1c5Nen03aYrrKpVRU=
+golang.org/x/net v0.47.1-0.20260417193450-705de46f8788 h1:fVWwoa/P68Bsajqy2FO4dha7TRBfgf09o932L4USeXI=
+golang.org/x/net v0.47.1-0.20260417193450-705de46f8788/go.mod h1:/jNxtkgq5yWUGYkaZGqo27cfGZ1c5Nen03aYrrKpVRU=
 golang.org/x/sys v0.39.0 h1:CvCKL8MeisomCi6qNZ+wbb0DN9E5AATixKsvNtMoMFk=
 golang.org/x/sys v0.39.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
 golang.org/x/text v0.32.0 h1:ZD01bjUt1FQ9WJ0ClOL5vxgxOI/sVCNgX1YtKwcY0mU=
diff --git a/src/net/http/h2_bundle.go b/src/net/http/h2_bundle.go
index 5a7420bc7e12ba..c440e76acee6d1 100644
--- a/src/net/http/h2_bundle.go
+++ b/src/net/http/h2_bundle.go
@@ -10152,6 +10152,9 @@ func (rl *http2clientConnReadLoop) processSettingsNoWrite(f *http2SettingsFrame)
 
 	var seenMaxConcurrentStreams bool
 	err := f.ForeachSetting(func(s http2Setting) error {
+		if err := s.Valid(); err != nil {
+			return err
+		}
 		switch s.ID {
 		case http2SettingMaxFrameSize:
 			cc.maxFrameSize = s.Val
@@ -10183,9 +10186,6 @@ func (rl *http2clientConnReadLoop) processSettingsNoWrite(f *http2SettingsFrame)
 			cc.henc.SetMaxDynamicTableSize(s.Val)
 			cc.peerMaxHeaderTableSize = s.Val
 		case http2SettingEnableConnectProtocol:
-			if err := s.Valid(); err != nil {
-				return err
-			}
 			// If the peer wants to send us SETTINGS_ENABLE_CONNECT_PROTOCOL,
 			// we require that it do so in the first SETTINGS frame.
 			//
diff --git a/src/vendor/modules.txt b/src/vendor/modules.txt
index b6f6376eac041a..ceaebeb8a55620 100644
--- a/src/vendor/modules.txt
+++ b/src/vendor/modules.txt
@@ -6,7 +6,7 @@ golang.org/x/crypto/cryptobyte
 golang.org/x/crypto/cryptobyte/asn1
 golang.org/x/crypto/internal/alias
 golang.org/x/crypto/internal/poly1305
-# golang.org/x/net v0.47.1-0.20251128220604-7c360367ab7e
+# golang.org/x/net v0.47.1-0.20260417193450-705de46f8788
 ## explicit; go 1.24.0
 golang.org/x/net/dns/dnsmessage
 golang.org/x/net/http/httpguts

From be12fe151cf3866fd61a55a631e30c8f312f48b7 Mon Sep 17 00:00:00 2001
From: Brad Fitzpatrick <bradfitz@golang.org>
Date: Tue, 24 Mar 2026 23:02:09 +0000
Subject: [PATCH 07/31] [release-branch.go1.26] runtime: use uname version
 check for 64-bit time on 32-bit arch codepaths

The previous fallback-on-ENOSYS logic causes issues on forks of Linux.

Android: #77621 (CL 750040 added a workaround with a TODO,
this fixes that TODO)
Causes the OS to terminate the program when running on Android
versions <=10 since the seccomp jail does not know about the 64-bit
time syscall and is configured to terminate the program on any
unknown syscall.

Synology's Linux: #77930
On old versions of Synology's Linux they added custom vendor syscalls
without adding a gap in the syscall numbers, that means when we call
the newer Linux syscall which was added later, Synology's Linux
interprets it as a completely different vendor syscall.

Originally by Jorropo in CL 751340.

Updates #77930
Fixes #77931

Co-authored-by: Jorropo <jorropo.pgm@gmail.com>
Change-Id: I90e15495d9249fd7f6e112f9e3ae8ad1322f56e0
Reviewed-on: https://go-review.googlesource.com/c/go/+/758902
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Michael Pratt <mpratt@google.com>
Reviewed-by: Jorropo <jorropo.pgm@gmail.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
(cherry picked from commit 04dc12c1a17d3fa4ff49af84de5641099716e234)
Reviewed-on: https://go-review.googlesource.com/c/go/+/770220
LUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
---
 .../runtime/syscall/linux/defs_linux_386.go   |  1 +
 .../runtime/syscall/linux/defs_linux_amd64.go |  1 +
 .../runtime/syscall/linux/defs_linux_arm.go   |  1 +
 .../runtime/syscall/linux/defs_linux_arm64.go |  1 +
 .../syscall/linux/defs_linux_loong64.go       |  1 +
 .../syscall/linux/defs_linux_mips64x.go       |  1 +
 .../runtime/syscall/linux/defs_linux_mipsx.go |  1 +
 .../syscall/linux/defs_linux_ppc64x.go        |  1 +
 .../syscall/linux/defs_linux_riscv64.go       |  1 +
 .../runtime/syscall/linux/defs_linux_s390x.go |  1 +
 .../runtime/syscall/linux/syscall_linux.go    | 14 +++++
 src/runtime/os_linux.go                       | 62 +++++++++++++++++++
 src/runtime/os_linux32.go                     | 28 +++------
 src/runtime/os_linux64.go                     |  2 +
 14 files changed, 97 insertions(+), 19 deletions(-)

diff --git a/src/internal/runtime/syscall/linux/defs_linux_386.go b/src/internal/runtime/syscall/linux/defs_linux_386.go
index 7fdf5d3f8062fa..4e8e645dc49a66 100644
--- a/src/internal/runtime/syscall/linux/defs_linux_386.go
+++ b/src/internal/runtime/syscall/linux/defs_linux_386.go
@@ -17,6 +17,7 @@ const (
 	SYS_OPENAT        = 295
 	SYS_PREAD64       = 180
 	SYS_READ          = 3
+	SYS_UNAME         = 122
 
 	EFD_NONBLOCK = 0x800
 
diff --git a/src/internal/runtime/syscall/linux/defs_linux_amd64.go b/src/internal/runtime/syscall/linux/defs_linux_amd64.go
index 2c8676e6e9b4d9..fa764d9ccd9b8e 100644
--- a/src/internal/runtime/syscall/linux/defs_linux_amd64.go
+++ b/src/internal/runtime/syscall/linux/defs_linux_amd64.go
@@ -17,6 +17,7 @@ const (
 	SYS_OPENAT        = 257
 	SYS_PREAD64       = 17
 	SYS_READ          = 0
+	SYS_UNAME         = 63
 
 	EFD_NONBLOCK = 0x800
 
diff --git a/src/internal/runtime/syscall/linux/defs_linux_arm.go b/src/internal/runtime/syscall/linux/defs_linux_arm.go
index a0b395d6762734..cef556d5f6f986 100644
--- a/src/internal/runtime/syscall/linux/defs_linux_arm.go
+++ b/src/internal/runtime/syscall/linux/defs_linux_arm.go
@@ -17,6 +17,7 @@ const (
 	SYS_OPENAT        = 322
 	SYS_PREAD64       = 180
 	SYS_READ          = 3
+	SYS_UNAME         = 122
 
 	EFD_NONBLOCK = 0x800
 
diff --git a/src/internal/runtime/syscall/linux/defs_linux_arm64.go b/src/internal/runtime/syscall/linux/defs_linux_arm64.go
index 223dce0c5b4281..eabddbac1bc063 100644
--- a/src/internal/runtime/syscall/linux/defs_linux_arm64.go
+++ b/src/internal/runtime/syscall/linux/defs_linux_arm64.go
@@ -17,6 +17,7 @@ const (
 	SYS_OPENAT        = 56
 	SYS_PREAD64       = 67
 	SYS_READ          = 63
+	SYS_UNAME         = 160
 
 	EFD_NONBLOCK = 0x800
 
diff --git a/src/internal/runtime/syscall/linux/defs_linux_loong64.go b/src/internal/runtime/syscall/linux/defs_linux_loong64.go
index 8aa61c391dcdcb..08e5d49b83c9bd 100644
--- a/src/internal/runtime/syscall/linux/defs_linux_loong64.go
+++ b/src/internal/runtime/syscall/linux/defs_linux_loong64.go
@@ -17,6 +17,7 @@ const (
 	SYS_OPENAT        = 56
 	SYS_PREAD64       = 67
 	SYS_READ          = 63
+	SYS_UNAME         = 160
 
 	EFD_NONBLOCK = 0x800
 
diff --git a/src/internal/runtime/syscall/linux/defs_linux_mips64x.go b/src/internal/runtime/syscall/linux/defs_linux_mips64x.go
index 84b760dc1b5545..b5794e5002af5e 100644
--- a/src/internal/runtime/syscall/linux/defs_linux_mips64x.go
+++ b/src/internal/runtime/syscall/linux/defs_linux_mips64x.go
@@ -19,6 +19,7 @@ const (
 	SYS_OPENAT        = 5247
 	SYS_PREAD64       = 5016
 	SYS_READ          = 5000
+	SYS_UNAME         = 5061
 
 	EFD_NONBLOCK = 0x80
 
diff --git a/src/internal/runtime/syscall/linux/defs_linux_mipsx.go b/src/internal/runtime/syscall/linux/defs_linux_mipsx.go
index a9be21414c26f9..1fb4d919d1a318 100644
--- a/src/internal/runtime/syscall/linux/defs_linux_mipsx.go
+++ b/src/internal/runtime/syscall/linux/defs_linux_mipsx.go
@@ -19,6 +19,7 @@ const (
 	SYS_OPENAT        = 4288
 	SYS_PREAD64       = 4200
 	SYS_READ          = 4003
+	SYS_UNAME         = 4122
 
 	EFD_NONBLOCK = 0x80
 
diff --git a/src/internal/runtime/syscall/linux/defs_linux_ppc64x.go b/src/internal/runtime/syscall/linux/defs_linux_ppc64x.go
index 63f4e5d7864de4..ee93ad345b810f 100644
--- a/src/internal/runtime/syscall/linux/defs_linux_ppc64x.go
+++ b/src/internal/runtime/syscall/linux/defs_linux_ppc64x.go
@@ -19,6 +19,7 @@ const (
 	SYS_OPENAT        = 286
 	SYS_PREAD64       = 179
 	SYS_READ          = 3
+	SYS_UNAME         = 122
 
 	EFD_NONBLOCK = 0x800
 
diff --git a/src/internal/runtime/syscall/linux/defs_linux_riscv64.go b/src/internal/runtime/syscall/linux/defs_linux_riscv64.go
index 8aa61c391dcdcb..08e5d49b83c9bd 100644
--- a/src/internal/runtime/syscall/linux/defs_linux_riscv64.go
+++ b/src/internal/runtime/syscall/linux/defs_linux_riscv64.go
@@ -17,6 +17,7 @@ const (
 	SYS_OPENAT        = 56
 	SYS_PREAD64       = 67
 	SYS_READ          = 63
+	SYS_UNAME         = 160
 
 	EFD_NONBLOCK = 0x800
 
diff --git a/src/internal/runtime/syscall/linux/defs_linux_s390x.go b/src/internal/runtime/syscall/linux/defs_linux_s390x.go
index 52945db0e5b72f..da11c704081abc 100644
--- a/src/internal/runtime/syscall/linux/defs_linux_s390x.go
+++ b/src/internal/runtime/syscall/linux/defs_linux_s390x.go
@@ -17,6 +17,7 @@ const (
 	SYS_OPENAT        = 288
 	SYS_PREAD64       = 180
 	SYS_READ          = 3
+	SYS_UNAME         = 122
 
 	EFD_NONBLOCK = 0x800
 
diff --git a/src/internal/runtime/syscall/linux/syscall_linux.go b/src/internal/runtime/syscall/linux/syscall_linux.go
index 8201e7d1907444..b64f511b03c947 100644
--- a/src/internal/runtime/syscall/linux/syscall_linux.go
+++ b/src/internal/runtime/syscall/linux/syscall_linux.go
@@ -86,3 +86,17 @@ func Pread(fd int, p []byte, offset int64) (n int, errno uintptr) {
 	}
 	return int(r1), e
 }
+
+type Utsname struct {
+	Sysname    [65]byte
+	Nodename   [65]byte
+	Release    [65]byte
+	Version    [65]byte
+	Machine    [65]byte
+	Domainname [65]byte
+}
+
+func Uname(buf *Utsname) (errno uintptr) {
+	_, _, e := Syscall6(SYS_UNAME, uintptr(unsafe.Pointer(buf)), 0, 0, 0, 0, 0)
+	return e
+}
diff --git a/src/runtime/os_linux.go b/src/runtime/os_linux.go
index 7e6af22d48a764..493567b5303673 100644
--- a/src/runtime/os_linux.go
+++ b/src/runtime/os_linux.go
@@ -354,6 +354,7 @@ func osinit() {
 	numCPUStartup = getCPUCount()
 	physHugePageSize = getHugePageSize()
 	vgetrandomInit()
+	configure64bitsTimeOn32BitsArchitectures()
 }
 
 var urandom_dev = []byte("/dev/urandom\x00")
@@ -935,3 +936,64 @@ func mprotect(addr unsafe.Pointer, n uintptr, prot int32) (ret int32, errno int3
 	r, _, err := linux.Syscall6(linux.SYS_MPROTECT, uintptr(addr), n, uintptr(prot), 0, 0, 0)
 	return int32(r), int32(err)
 }
+
+type kernelVersion struct {
+	major int
+	minor int
+}
+
+// getKernelVersion returns major and minor kernel version numbers
+// parsed from the uname release field.
+func getKernelVersion() kernelVersion {
+	var buf linux.Utsname
+	if e := linux.Uname(&buf); e != 0 {
+		throw("uname failed")
+	}
+
+	rel := gostringnocopy(&buf.Release[0])
+	major, minor, _, ok := parseRelease(rel)
+	if !ok {
+		throw("failed to parse kernel version from uname")
+	}
+	return kernelVersion{major: major, minor: minor}
+}
+
+// parseRelease parses a dot-separated version number. It follows the
+// semver syntax, but allows the minor and patch versions to be
+// elided.
+func parseRelease(rel string) (major, minor, patch int, ok bool) {
+	// Strip anything after a dash or plus.
+	for i := 0; i < len(rel); i++ {
+		if rel[i] == '-' || rel[i] == '+' {
+			rel = rel[:i]
+			break
+		}
+	}
+
+	next := func() (int, bool) {
+		for i := 0; i < len(rel); i++ {
+			if rel[i] == '.' {
+				ver, err := strconv.Atoi(rel[:i])
+				rel = rel[i+1:]
+				return ver, err == nil
+			}
+		}
+		ver, err := strconv.Atoi(rel)
+		rel = ""
+		return ver, err == nil
+	}
+	if major, ok = next(); !ok || rel == "" {
+		return
+	}
+	if minor, ok = next(); !ok || rel == "" {
+		return
+	}
+	patch, ok = next()
+	return
+}
+
+// GE checks if the running kernel version
+// is greater than or equal to the provided version.
+func (kv kernelVersion) GE(x, y int) bool {
+	return kv.major > x || (kv.major == x && kv.minor >= y)
+}
diff --git a/src/runtime/os_linux32.go b/src/runtime/os_linux32.go
index 16de6fb350f624..02cb18f32d57d2 100644
--- a/src/runtime/os_linux32.go
+++ b/src/runtime/os_linux32.go
@@ -7,27 +7,25 @@
 package runtime
 
 import (
-	"internal/runtime/atomic"
 	"unsafe"
 )
 
+func configure64bitsTimeOn32BitsArchitectures() {
+	use64bitsTimeOn32bits = getKernelVersion().GE(5, 1)
+}
+
 //go:noescape
 func futex_time32(addr unsafe.Pointer, op int32, val uint32, ts *timespec32, addr2 unsafe.Pointer, val3 uint32) int32
 
 //go:noescape
 func futex_time64(addr unsafe.Pointer, op int32, val uint32, ts *timespec, addr2 unsafe.Pointer, val3 uint32) int32
 
-var isFutexTime32bitOnly atomic.Bool
+var use64bitsTimeOn32bits bool
 
 //go:nosplit
 func futex(addr unsafe.Pointer, op int32, val uint32, ts *timespec, addr2 unsafe.Pointer, val3 uint32) int32 {
-	if !isFutexTime32bitOnly.Load() {
-		ret := futex_time64(addr, op, val, ts, addr2, val3)
-		// futex_time64 is only supported on Linux 5.0+
-		if ret != -_ENOSYS {
-			return ret
-		}
-		isFutexTime32bitOnly.Store(true)
+	if use64bitsTimeOn32bits {
+		return futex_time64(addr, op, val, ts, addr2, val3)
 	}
 	// Downgrade ts.
 	var ts32 timespec32
@@ -45,17 +43,10 @@ func timer_settime32(timerid int32, flags int32, new, old *itimerspec32) int32
 //go:noescape
 func timer_settime64(timerid int32, flags int32, new, old *itimerspec) int32
 
-var isSetTime32bitOnly atomic.Bool
-
 //go:nosplit
 func timer_settime(timerid int32, flags int32, new, old *itimerspec) int32 {
-	if !isSetTime32bitOnly.Load() {
-		ret := timer_settime64(timerid, flags, new, old)
-		// timer_settime64 is only supported on Linux 5.0+
-		if ret != -_ENOSYS {
-			return ret
-		}
-		isSetTime32bitOnly.Store(true)
+	if use64bitsTimeOn32bits {
+		return timer_settime64(timerid, flags, new, old)
 	}
 
 	var newts, oldts itimerspec32
@@ -73,6 +64,5 @@ func timer_settime(timerid int32, flags int32, new, old *itimerspec) int32 {
 		old32 = &oldts
 	}
 
-	// Fall back to 32-bit timer
 	return timer_settime32(timerid, flags, new32, old32)
 }
diff --git a/src/runtime/os_linux64.go b/src/runtime/os_linux64.go
index 7b70d80fbe5a89..f9571dd7586614 100644
--- a/src/runtime/os_linux64.go
+++ b/src/runtime/os_linux64.go
@@ -10,6 +10,8 @@ import (
 	"unsafe"
 )
 
+func configure64bitsTimeOn32BitsArchitectures() {}
+
 //go:noescape
 func futex(addr unsafe.Pointer, op int32, val uint32, ts *timespec, addr2 unsafe.Pointer, val3 uint32) int32
 

From 9b01c04815150908b1e6768872fbcdb6cfdea698 Mon Sep 17 00:00:00 2001
From: Neal Patel <nealpatel@google.com>
Date: Mon, 27 Apr 2026 17:34:58 -0400
Subject: [PATCH 08/31] [release-branch.go1.26] html/template: fix escaper
 bypass by treating empty script type as JavaScript

Thank you to Mundur (https://github.com/M0nd0R) for reporting this issue.

For #78981
Fixes #79025
Fixes CVE-2026-39826

Change-Id: I3f2e06496020ece655d156fb099ff556af8cc836
Reviewed-on: https://go-review.googlesource.com/c/go/+/771180
Reviewed-by: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
(cherry picked from commit a63b23ffb2eebc9ca3a14c369b615ca623bb20f7)
Reviewed-on: https://go-review.googlesource.com/c/go/+/772042
Reviewed-by: Neal Patel <nealpatel@google.com>
---
 src/html/template/escape_test.go | 15 +++++++++++++++
 src/html/template/js.go          |  1 +
 2 files changed, 16 insertions(+)

diff --git a/src/html/template/escape_test.go b/src/html/template/escape_test.go
index 126dc22f330576..9d09f6abc553d3 100644
--- a/src/html/template/escape_test.go
+++ b/src/html/template/escape_test.go
@@ -231,6 +231,21 @@ func TestEscape(t *testing.T) {
 			"<script>alert({{.A}})</script>",
 			`<script>alert(["\u003ca\u003e","\u003cb\u003e"])</script>`,
 		},
+		{
+			"scriptTypeSpace",
+			"<script type=\" \">{{.H}}</script>",
+			"<script type=\" \">\"\\u003cHello\\u003e\"</script>",
+		},
+		{
+			"scriptTypeTab",
+			"<script type=\"\t\">{{.H}}</script>",
+			"<script type=\"\t\">\"\\u003cHello\\u003e\"</script>",
+		},
+		{
+			"scriptTypeEmpty",
+			"<script type=\"\">{{.H}}</script>",
+			"<script type=\"\">\"\\u003cHello\\u003e\"</script>",
+		},
 		{
 			"jsObjValueNotOverEscaped",
 			"<button onclick='alert({{.A | html}})'>",
diff --git a/src/html/template/js.go b/src/html/template/js.go
index b3bf94801b238a..e2db30f966ed7d 100644
--- a/src/html/template/js.go
+++ b/src/html/template/js.go
@@ -462,6 +462,7 @@ func isJSType(mimeType string) bool {
 	mimeType = strings.TrimSpace(mimeType)
 	switch mimeType {
 	case
+		"",
 		"application/ecmascript",
 		"application/javascript",
 		"application/json",

From 95470667eb6613f73557a4228e0731f4bacef0ec Mon Sep 17 00:00:00 2001
From: Damien Neil <dneil@google.com>
Date: Fri, 24 Apr 2026 14:10:47 -0700
Subject: [PATCH 09/31] [release-branch.go1.26] net/http/httputil: reencode
 queries with many parameters in proxy

When ReverseProxy forwards a request containing more than
urlmaxqueryparams (GODEBUG) query parameters, reencode the
outbound query parameters.

Avoids potential smuggling of query parameters, where the
sender sends many query parameters, the user's Rewrite hook
fails to observe those parameters due to the limit being
exceeded, and the request is forwarded with the full set
of parameters.

For #78948
Fixes #78986
Fixes CVE-2026-39825

Change-Id: I691be7899c4b6208bf61f6b78dacfdf56a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/770541
Reviewed-by: Nicholas Husin <nsh@golang.org>
Reviewed-by: Nicholas Husin <husin@google.com>
Auto-Submit: Damien Neil <dneil@google.com>
LUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
(cherry picked from commit 6795bb331782b33691f772d30c810b4c3a317aeb)
Reviewed-on: https://go-review.googlesource.com/c/go/+/772040
Reviewed-by: Damien Neil <dneil@google.com>
---
 src/net/http/httputil/reverseproxy.go      | 14 ++++++++++++++
 src/net/http/httputil/reverseproxy_test.go |  6 ++++++
 src/net/url/url.go                         |  1 +
 3 files changed, 21 insertions(+)

diff --git a/src/net/http/httputil/reverseproxy.go b/src/net/http/httputil/reverseproxy.go
index 7c220319c4d70c..8c994827255cc9 100644
--- a/src/net/http/httputil/reverseproxy.go
+++ b/src/net/http/httputil/reverseproxy.go
@@ -10,6 +10,7 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"internal/godebug"
 	"io"
 	"log"
 	"mime"
@@ -922,11 +923,24 @@ func (c switchProtocolCopier) copyToBackend(errc chan<- error) {
 	errc <- errCopyDone
 }
 
+var urlmaxqueryparams = godebug.New("urlmaxqueryparams")
+
+// Keep this in sync with net/url.
+const defaultMaxParams = 10000
+
 func cleanQueryParams(s string) string {
 	reencode := func(s string) string {
 		v, _ := url.ParseQuery(s)
 		return v.Encode()
 	}
+	if urlmaxqueryparams.Value() != "" {
+		// Always reencode when a non-default urlmaxqueryparams is set.
+		return reencode(s)
+	}
+	if numParams := strings.Count(s, "&") + 1; numParams > defaultMaxParams {
+		// Too many query parameters.
+		return reencode(s)
+	}
 	for i := 0; i < len(s); {
 		switch s[i] {
 		case ';':
diff --git a/src/net/http/httputil/reverseproxy_test.go b/src/net/http/httputil/reverseproxy_test.go
index 3cca6eda992670..ef78ba4b0f6921 100644
--- a/src/net/http/httputil/reverseproxy_test.go
+++ b/src/net/http/httputil/reverseproxy_test.go
@@ -2087,6 +2087,12 @@ func testReverseProxyQueryParameterSmuggling(t *testing.T, wantCleanQuery bool,
 	}, {
 		rawQuery:   "a=1&a=%zz&b=3",
 		cleanQuery: "a=1&b=3",
+	}, {
+		rawQuery:   "a=%zz",
+		cleanQuery: "",
+	}, {
+		rawQuery:   strings.Repeat("a=1&", 10000) + "a=1",
+		cleanQuery: "",
 	}} {
 		res, err := frontend.Client().Get(frontend.URL + "?" + test.rawQuery)
 		if err != nil {
diff --git a/src/net/url/url.go b/src/net/url/url.go
index ead6fae3dd0e29..82e6fb2eb29a2c 100644
--- a/src/net/url/url.go
+++ b/src/net/url/url.go
@@ -936,6 +936,7 @@ func ParseQuery(query string) (Values, error) {
 
 var urlmaxqueryparams = godebug.New("urlmaxqueryparams")
 
+// Keep this in sync with net/http/httputil.
 const defaultMaxParams = 10000
 
 func urlParamsWithinMax(params int) bool {

From cb994d85ff1f8185fe988f3c62ce0dedda5d03ef Mon Sep 17 00:00:00 2001
From: yongqijia <YongqiJia520@gmail.com>
Date: Tue, 3 Mar 2026 14:22:28 +0800
Subject: [PATCH 10/31] [release-branch.go1.26] cmd/fix: change -diff to exit 1
 if diffs exist

Currently "go fix -diff" and "go vet -fix -diff" always exit with status
0 even when they print diffs, which is inconsistent with "gofmt -d"
(#46289) and "go mod tidy -diff" (#27005) that exit non-zero when diffs
are present.

The root cause is that the default VetHandleStdout (copyToStdout) simply
copies the tool stdout through without checking whether any content was
produced. This change installs a new copyAndDetectDiff handler in -diff
mode that copies the tool stdout through and calls base.SetExitStatus(1)
when content is present, matching the pattern used by "go mod tidy -diff".

For #77583
Fixes #77801

Change-Id: I588fbaae8b3690da2f821240baa4a3b14b78f280
Reviewed-on: https://go-review.googlesource.com/c/go/+/749700
Reviewed-by: Michael Matloob <matloob@golang.org>
Reviewed-by: Michael Matloob <matloob@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
(cherry picked from commit 2d72c268ea10db520b7dd99802cf2aa40b18c1af)
Reviewed-on: https://go-review.googlesource.com/c/go/+/772000
LUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
---
 src/cmd/go/alldocs.go                         |  6 ++-
 src/cmd/go/internal/vet/vet.go                | 38 +++++++++++++++----
 .../go/testdata/script/fix_diff_exitcode.txt  | 36 ++++++++++++++++++
 src/cmd/go/testdata/script/fix_suite.txt      |  4 +-
 src/cmd/go/testdata/script/fix_vendor.txt     |  4 +-
 src/cmd/go/testdata/script/vet_basic.txt      |  8 ++--
 6 files changed, 79 insertions(+), 17 deletions(-)
 create mode 100644 src/cmd/go/testdata/script/fix_diff_exitcode.txt

diff --git a/src/cmd/go/alldocs.go b/src/cmd/go/alldocs.go
index 8c346dafdb0c3a..dc20c7a16f8bbe 100644
--- a/src/cmd/go/alldocs.go
+++ b/src/cmd/go/alldocs.go
@@ -507,7 +507,8 @@
 // It supports these flags:
 //
 //	  -diff
-//		instead of applying each fix, print the patch as a unified diff
+//		instead of applying each fix, print the patch as a unified diff;
+//		exit with a non-zero status if the diff is not empty
 //
 // The -fixtool=prog flag selects a different analysis tool with
 // alternative or additional fixers; see the documentation for go vet's
@@ -2037,7 +2038,8 @@
 //	  -fix
 //		instead of printing each diagnostic, apply its first fix (if any)
 //	  -diff
-//		instead of applying each fix, print the patch as a unified diff
+//		instead of applying each fix, print the patch as a unified diff;
+//		exit with a non-zero status if the diff is not empty
 //
 // The -vettool=prog flag selects a different analysis tool with
 // alternative or additional checks. For example, the 'shadow' analyzer
diff --git a/src/cmd/go/internal/vet/vet.go b/src/cmd/go/internal/vet/vet.go
index e7d01782bf2f6c..68357f81b3c39a 100644
--- a/src/cmd/go/internal/vet/vet.go
+++ b/src/cmd/go/internal/vet/vet.go
@@ -44,7 +44,8 @@ It supports these flags:
   -fix
 	instead of printing each diagnostic, apply its first fix (if any)
   -diff
-	instead of applying each fix, print the patch as a unified diff
+	instead of applying each fix, print the patch as a unified diff;
+	exit with a non-zero status if the diff is not empty
 
 The -vettool=prog flag selects a different analysis tool with
 alternative or additional checks. For example, the 'shadow' analyzer
@@ -81,7 +82,8 @@ and applies suggested fixes.
 It supports these flags:
 
   -diff
-	instead of applying each fix, print the patch as a unified diff
+	instead of applying each fix, print the patch as a unified diff;
+	exit with a non-zero status if the diff is not empty
 
 The -fixtool=prog flag selects a different analysis tool with
 alternative or additional fixers; see the documentation for go vet's
@@ -165,8 +167,8 @@ func run(ctx context.Context, cmd *base.Command, args []string) {
 	// command args                 tool args
 	// go vet               =>      cmd/vet -json           Parse stdout, print diagnostics to stderr.
 	// go vet -json         =>      cmd/vet -json           Pass stdout through.
-	// go vet -fix [-diff]  =>      cmd/vet -fix [-diff]    Pass stdout through.
-	// go fix [-diff]       =>      cmd/fix -fix [-diff]    Pass stdout through.
+	// go vet -fix [-diff]  =>      cmd/vet -fix [-diff]    Pass stdout through (and exit 1 if diffs).
+	// go fix [-diff]       =>      cmd/fix -fix [-diff]    Pass stdout through (and exit 1 if diffs).
 	// go fix -json         =>      cmd/fix -json           Pass stdout through.
 	//
 	// Notes:
@@ -189,6 +191,10 @@ func run(ctx context.Context, cmd *base.Command, args []string) {
 			toolFlags = append(toolFlags, "-fix")
 			if diffFlag {
 				toolFlags = append(toolFlags, "-diff")
+				// In -diff mode, the tool prints unified diffs to stdout.
+				// Copy stdout through and exit non-zero if diffs were printed,
+				// consistent with gofmt -d and go mod tidy -diff.
+				work.VetHandleStdout = copyAndDetectDiff
 			} else {
 				applyFixes = true
 			}
@@ -343,6 +349,24 @@ func readZip(zipfile string, out map[string][]byte) error {
 	return nil
 }
 
+// copyAndDetectDiff copies the tool's stdout to the go command's stdout
+// and sets exit status 1 if any output was produced (meaning diffs exist).
+// This is used in -diff mode to implement the convention that "go fix -diff"
+// exits non-zero when the diff is not empty, consistent with gofmt -d
+// and go mod tidy -diff.
+func copyAndDetectDiff(r io.Reader) error {
+	stdouterrMu.Lock()
+	defer stdouterrMu.Unlock()
+	n, err := io.Copy(os.Stdout, r)
+	if err != nil {
+		return fmt.Errorf("copying diff output: %w", err)
+	}
+	if n > 0 {
+		base.SetExitStatus(1)
+	}
+	return nil
+}
+
 // printJSONDiagnostics parses JSON (from the tool's stdout) and
 // prints it (to stderr) in "file:line: message" form.
 // It also ensures that we exit nonzero if there were diagnostics.
@@ -386,11 +410,11 @@ func printJSONDiagnostics(r io.Reader) error {
 	return nil
 }
 
-var stderrMu sync.Mutex // serializes concurrent writes to stdout
+var stdouterrMu sync.Mutex // serializes concurrent writes to stdout and stderr
 
 func printJSONDiagnostic(analyzer string, diag jsonDiagnostic) {
-	stderrMu.Lock()
-	defer stderrMu.Unlock()
+	stdouterrMu.Lock()
+	defer stdouterrMu.Unlock()
 
 	type posn struct {
 		file      string
diff --git a/src/cmd/go/testdata/script/fix_diff_exitcode.txt b/src/cmd/go/testdata/script/fix_diff_exitcode.txt
new file mode 100644
index 00000000000000..2622c0265b6ca4
--- /dev/null
+++ b/src/cmd/go/testdata/script/fix_diff_exitcode.txt
@@ -0,0 +1,36 @@
+# Test that go fix -diff exits with non-zero status when diffs exist,
+# and exits with zero status when no diffs are needed.
+# This is consistent with gofmt -d (#46289) and go mod tidy -diff (#27005).
+
+# When the source needs fixes, go fix -diff should print the diff
+# and exit with a non-zero code.
+! go fix -diff example.com/needsfix
+stdout 'net.JoinHostPort'
+
+# When the source is already clean, go fix -diff should print nothing
+# and exit with a zero code.
+go fix -diff example.com/clean
+! stdout .
+
+-- go.mod --
+module example.com
+go 1.26
+
+-- needsfix/x.go --
+package needsfix
+
+import (
+	"fmt"
+	"net"
+)
+
+var s string
+var _, _ = net.Dial("tcp", fmt.Sprintf("%s:%d", s, 80))
+
+-- clean/x.go --
+package clean
+
+import "net"
+
+var s string
+var _, _ = net.Dial("tcp", net.JoinHostPort(s, "80"))
diff --git a/src/cmd/go/testdata/script/fix_suite.txt b/src/cmd/go/testdata/script/fix_suite.txt
index 455629dc172f30..28ef96e4d1cacd 100644
--- a/src/cmd/go/testdata/script/fix_suite.txt
+++ b/src/cmd/go/testdata/script/fix_suite.txt
@@ -5,9 +5,9 @@
 # Each assertion matches the expected diff.
 #
 # Tip: to see the actual stdout,
-# temporarily prefix the go command with "! ".
+# temporarily remove the "! " prefix from the go command.
 
-go fix -diff example.com/x
+! go fix -diff example.com/x
 
 # buildtag
 stdout '-// \+build go1.26'
diff --git a/src/cmd/go/testdata/script/fix_vendor.txt b/src/cmd/go/testdata/script/fix_vendor.txt
index f03f3269221a98..b1ee1975dbb9b3 100644
--- a/src/cmd/go/testdata/script/fix_vendor.txt
+++ b/src/cmd/go/testdata/script/fix_vendor.txt
@@ -7,8 +7,8 @@ go mod vendor
 
 # Show fixes on two packages, one in the main module
 # and one in a vendored dependency.
-# Only the main one (a) is shown.
-go fix -diff example.com/a example.com/b
+# Only the main one (a) is shown. Diff => nonzero exit.
+! go fix -diff example.com/a example.com/b
 stdout 'a[/\\]a.go'
 stdout '\-var _ interface\{\}'
 stdout '\+var _ any'
diff --git a/src/cmd/go/testdata/script/vet_basic.txt b/src/cmd/go/testdata/script/vet_basic.txt
index a0dd3ae2d84d7f..faff586fcb07b2 100644
--- a/src/cmd/go/testdata/script/vet_basic.txt
+++ b/src/cmd/go/testdata/script/vet_basic.txt
@@ -28,8 +28,8 @@ stdout '"message": "address format .* does not work with IPv6",'
 stdout '"suggested_fixes":'
 stdout '"message": "Replace fmt.Sprintf with net.JoinHostPort",'
 
-# vet -fix -diff displays a diff.
-go vet -fix -diff example.com/x
+# vet -fix -diff displays a diff. Diff => nonzero exit.
+! go vet -fix -diff example.com/x
 stdout '\-var _ = fmt.Sprintf\(s\)'
 stdout '\+var _ = fmt.Sprintf\("%s", s\)'
 stdout '\-var _, _ = net.Dial\("tcp", fmt.Sprintf\("%s:%d", s, 80\)\)'
@@ -53,8 +53,8 @@ grep 'net.JoinHostPort' x.go
 ! stderr .
 cp x.go.bak x.go
 
-# Show diff of fixes from the fix suite.
-go fix -diff example.com/x
+# Show diff of fixes from the fix suite. Diff => nonzero exit.
+! go fix -diff example.com/x
 ! stdout '\-var _ = fmt.Sprintf\(s\)'
 stdout '\-var _, _ = net.Dial\("tcp", fmt.Sprintf\("%s:%d", s, 80\)\)'
 stdout '\+var _, _ = net.Dial\("tcp", net.JoinHostPort\(s, "80"\)\)'

From c9712872cceb0dc445be5d92817f1f0fa5a71f5c Mon Sep 17 00:00:00 2001
From: Cherry Mui <cherryyz@google.com>
Date: Mon, 23 Mar 2026 17:23:04 -0400
Subject: [PATCH 11/31] [release-branch.go1.26] crypto/internal/fips140/drbg:
 build tag out entropy generation on Wasm

In FIPS-140 mode we currently use a scratch buffer in the BSS
section to generate entropy by measuring jittering for memory
touches. The BSS variable usually doesn't cost much, except on
Wasm, due to the way the linear memory works. FIPS-140 mode is
not supported on Wasm, so this code is not actually needed there.
This CL uses a build tag to exclude it, so we don't need to
include an (unused) 32 MB BSS variable in Wasm binaries.

Updates #78321.
Fixes #78354.

Change-Id: I5139029fa98c302e8769be3e3034967d777f1f16
Reviewed-on: https://go-review.googlesource.com/c/go/+/758361
LUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
(cherry picked from commit e32ec4742e3a9b5a28635e20806331afd587b429)
Reviewed-on: https://go-review.googlesource.com/c/go/+/767320
---
 .../internal/fips140/drbg/entropy_fips140.go  | 97 +++++++++++++++++++
 .../internal/fips140/drbg/entropy_wasm.go     | 11 +++
 src/crypto/internal/fips140/drbg/rand.go      | 76 +--------------
 3 files changed, 109 insertions(+), 75 deletions(-)
 create mode 100644 src/crypto/internal/fips140/drbg/entropy_fips140.go
 create mode 100644 src/crypto/internal/fips140/drbg/entropy_wasm.go

diff --git a/src/crypto/internal/fips140/drbg/entropy_fips140.go b/src/crypto/internal/fips140/drbg/entropy_fips140.go
new file mode 100644
index 00000000000000..ba083e8c332f70
--- /dev/null
+++ b/src/crypto/internal/fips140/drbg/entropy_fips140.go
@@ -0,0 +1,97 @@
+// Copyright 2026 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !wasm
+
+// This file contains reading from from entropy sources in FIPS-140
+// mode. It uses a scratch buffer in the BSS section (see below),
+// which usually doesn't cost much, except on Wasm, due to the way
+// the linear memory works. FIPS-140 mode is not supported on Wasm,
+// so we just use a build tag to exclude it. (Could also exclude other
+// platforms that does not support FIPS-140 mode, but as the BSS
+// variable doesn't cost much, don't bother.)
+
+package drbg
+
+import (
+	entropy "crypto/internal/entropy/v1.0.0"
+	"crypto/internal/sysrand"
+	"sync"
+	"sync/atomic"
+)
+
+// memory is a scratch buffer that is accessed between samples by the entropy
+// source to expose it to memory access timings.
+//
+// We reuse it and share it between Seed calls to avoid the significant (~500µs)
+// cost of zeroing a new allocation every time. The entropy source accesses it
+// using atomics (and doesn't care about its contents).
+//
+// It should end up in the .noptrbss section, and become backed by physical pages
+// at first use. This ensures that programs that do not use the FIPS 140-3 module
+// do not incur any memory use or initialization penalties.
+var memory entropy.ScratchBuffer
+
+func getEntropy() *[SeedSize]byte {
+	var retries int
+	seed, err := entropy.Seed(&memory)
+	for err != nil {
+		// The CPU jitter-based SP 800-90B entropy source has a non-negligible
+		// chance of failing the startup health tests.
+		//
+		// Each time it does, it enters a permanent failure state, and we
+		// restart it anew. This is not expected to happen more than a few times
+		// in a row.
+		if retries++; retries > 100 {
+			panic("fips140/drbg: failed to obtain initial entropy")
+		}
+		seed, err = entropy.Seed(&memory)
+	}
+	return &seed
+}
+
+// getEntropy is very slow (~500µs), so we don't want it on the hot path.
+// We keep both a persistent DRBG instance and a pool of additional instances.
+// Occasional uses will use drbgInstance, even if the pool was emptied since the
+// last use. Frequent concurrent uses will fill the pool and use it.
+var drbgInstance atomic.Pointer[Counter]
+var drbgPool = sync.Pool{
+	New: func() any {
+		return NewCounter(getEntropy())
+	},
+}
+
+func readFromEntropy(b []byte) {
+	// At every read, 128 random bits from the operating system are mixed as
+	// additional input, to make the output as strong as non-FIPS randomness.
+	// This is not credited as entropy for FIPS purposes, as allowed by Section
+	// 8.7.2: "Note that a DRBG does not rely on additional input to provide
+	// entropy, even though entropy could be provided in the additional input".
+	additionalInput := new([SeedSize]byte)
+	sysrand.Read(additionalInput[:16])
+
+	drbg := drbgInstance.Swap(nil)
+	if drbg == nil {
+		drbg = drbgPool.Get().(*Counter)
+	}
+	defer func() {
+		if !drbgInstance.CompareAndSwap(nil, drbg) {
+			drbgPool.Put(drbg)
+		}
+	}()
+
+	for len(b) > 0 {
+		size := min(len(b), maxRequestSize)
+		if reseedRequired := drbg.Generate(b[:size], additionalInput); reseedRequired {
+			// See SP 800-90A Rev. 1, Section 9.3.1, Steps 6-8, as explained in
+			// Section 9.3.2: if Generate reports a reseed is required, the
+			// additional input is passed to Reseed along with the entropy and
+			// then nulled before the next Generate call.
+			drbg.Reseed(getEntropy(), additionalInput)
+			additionalInput = nil
+			continue
+		}
+		b = b[size:]
+	}
+}
diff --git a/src/crypto/internal/fips140/drbg/entropy_wasm.go b/src/crypto/internal/fips140/drbg/entropy_wasm.go
new file mode 100644
index 00000000000000..f2e4cc73b16d31
--- /dev/null
+++ b/src/crypto/internal/fips140/drbg/entropy_wasm.go
@@ -0,0 +1,11 @@
+// Copyright 2026 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build wasm
+
+package drbg
+
+func readFromEntropy(b []byte) {
+	panic("FIPS-140 entropy generation is not supported on Wasm")
+}
diff --git a/src/crypto/internal/fips140/drbg/rand.go b/src/crypto/internal/fips140/drbg/rand.go
index 949e74ac60c51b..d9e545f980b2fc 100644
--- a/src/crypto/internal/fips140/drbg/rand.go
+++ b/src/crypto/internal/fips140/drbg/rand.go
@@ -9,55 +9,11 @@
 package drbg
 
 import (
-	entropy "crypto/internal/entropy/v1.0.0"
 	"crypto/internal/fips140"
 	"crypto/internal/sysrand"
 	"io"
-	"sync"
-	"sync/atomic"
 )
 
-// memory is a scratch buffer that is accessed between samples by the entropy
-// source to expose it to memory access timings.
-//
-// We reuse it and share it between Seed calls to avoid the significant (~500µs)
-// cost of zeroing a new allocation every time. The entropy source accesses it
-// using atomics (and doesn't care about its contents).
-//
-// It should end up in the .noptrbss section, and become backed by physical pages
-// at first use. This ensures that programs that do not use the FIPS 140-3 module
-// do not incur any memory use or initialization penalties.
-var memory entropy.ScratchBuffer
-
-func getEntropy() *[SeedSize]byte {
-	var retries int
-	seed, err := entropy.Seed(&memory)
-	for err != nil {
-		// The CPU jitter-based SP 800-90B entropy source has a non-negligible
-		// chance of failing the startup health tests.
-		//
-		// Each time it does, it enters a permanent failure state, and we
-		// restart it anew. This is not expected to happen more than a few times
-		// in a row.
-		if retries++; retries > 100 {
-			panic("fips140/drbg: failed to obtain initial entropy")
-		}
-		seed, err = entropy.Seed(&memory)
-	}
-	return &seed
-}
-
-// getEntropy is very slow (~500µs), so we don't want it on the hot path.
-// We keep both a persistent DRBG instance and a pool of additional instances.
-// Occasional uses will use drbgInstance, even if the pool was emptied since the
-// last use. Frequent concurrent uses will fill the pool and use it.
-var drbgInstance atomic.Pointer[Counter]
-var drbgPool = sync.Pool{
-	New: func() any {
-		return NewCounter(getEntropy())
-	},
-}
-
 // Read fills b with cryptographically secure random bytes. In FIPS mode, it
 // uses an SP 800-90A Rev. 1 Deterministic Random Bit Generator (DRBG).
 // Otherwise, it uses the operating system's random number generator.
@@ -76,37 +32,7 @@ func Read(b []byte) {
 		return
 	}
 
-	// At every read, 128 random bits from the operating system are mixed as
-	// additional input, to make the output as strong as non-FIPS randomness.
-	// This is not credited as entropy for FIPS purposes, as allowed by Section
-	// 8.7.2: "Note that a DRBG does not rely on additional input to provide
-	// entropy, even though entropy could be provided in the additional input".
-	additionalInput := new([SeedSize]byte)
-	sysrand.Read(additionalInput[:16])
-
-	drbg := drbgInstance.Swap(nil)
-	if drbg == nil {
-		drbg = drbgPool.Get().(*Counter)
-	}
-	defer func() {
-		if !drbgInstance.CompareAndSwap(nil, drbg) {
-			drbgPool.Put(drbg)
-		}
-	}()
-
-	for len(b) > 0 {
-		size := min(len(b), maxRequestSize)
-		if reseedRequired := drbg.Generate(b[:size], additionalInput); reseedRequired {
-			// See SP 800-90A Rev. 1, Section 9.3.1, Steps 6-8, as explained in
-			// Section 9.3.2: if Generate reports a reseed is required, the
-			// additional input is passed to Reseed along with the entropy and
-			// then nulled before the next Generate call.
-			drbg.Reseed(getEntropy(), additionalInput)
-			additionalInput = nil
-			continue
-		}
-		b = b[size:]
-	}
+	readFromEntropy(b)
 }
 
 var testingReader io.Reader

From e137885d6831d7f196c2401034938b3fc2f6d7c6 Mon Sep 17 00:00:00 2001
From: Mateusz Poliwczak <mpoliwczak34@gmail.com>
Date: Fri, 27 Mar 2026 18:09:23 +0100
Subject: [PATCH 12/31] [release-branch.go1.26]
 cmd/compile/internal/devirtualize: use pointer identity for type comparison

Updates #78404
Fixes #78409


Change-Id: I6adc1fb42ad6a3acce21333c6819d0796a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/760161
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Keith Randall <khr@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Keith Randall <khr@golang.org>
(cherry picked from commit 09031d907c720e38cdde6242c763d25c9f985327)
Reviewed-on: https://go-review.googlesource.com/c/go/+/761060
Reviewed-by: Robert Griesemer <gri@google.com>
LUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
---
 .../internal/devirtualize/devirtualize.go     | 17 ++++++++-
 test/devirtualization.go                      | 36 ++++++++++++++++++
 test/fixedbugs/issue78404.go                  | 37 +++++++++++++++++++
 3 files changed, 88 insertions(+), 2 deletions(-)
 create mode 100644 test/fixedbugs/issue78404.go

diff --git a/src/cmd/compile/internal/devirtualize/devirtualize.go b/src/cmd/compile/internal/devirtualize/devirtualize.go
index 5f1da236545ac4..59ddc2e5366cd6 100644
--- a/src/cmd/compile/internal/devirtualize/devirtualize.go
+++ b/src/cmd/compile/internal/devirtualize/devirtualize.go
@@ -293,9 +293,22 @@ func concreteType1(s *State, n ir.Node, seen map[*ir.Name]struct{}) (outT *types
 				continue
 			}
 		}
-		if t == nil || (typ != nil && !types.Identical(typ, t)) {
-			return nil
+		if t == nil {
+			return nil // unknown concrete type
 		}
+
+		// Methods are only declared on named types, and each named type
+		// is represented by a unique [*types.Type], thus pointer comparison
+		// is fine here.
+		//
+		// The only scenario where [types.IdenticalStrict] could help here is with
+		// unnamed struct types that embed another type (e.g. foo = struct { Impl }{}).
+		// However, such patterns are uncommon and not worth the additional complexity
+		// in the devirtualizer.
+		if typ != nil && typ != t {
+			return nil // assigned with a different type
+		}
+
 		typ = t
 	}
 
diff --git a/test/devirtualization.go b/test/devirtualization.go
index edabb94108d02d..12a95f6d755bf4 100644
--- a/test/devirtualization.go
+++ b/test/devirtualization.go
@@ -1281,3 +1281,39 @@ func namedBoolTest() {
 	var i M = ok // ERROR "ok does not escape"
 	i.M()        // ERROR "devirtualizing i.M to namedBool$" "inlining call to namedBool.M"
 }
+
+//go:noinline
+func identicalType() {
+	var i C = struct {
+		CImpl
+	}{} // ERROR "struct \{ CImpl \}\{\} escapes to heap"
+
+	i = struct {
+		CImpl
+	}{} // ERROR "struct \{ CImpl \}\{\} escapes to heap"
+
+	i.C()
+}
+
+type GenericAImpl[T any] struct{ _ T }
+
+//go:noinline
+func (GenericAImpl[T]) A() {}
+
+//go:noinline
+func generics() {
+	{
+		var i A = GenericAImpl[int]{} // ERROR "GenericAImpl\[int\]\{\} does not escape"
+		i.A()                         // ERROR "devirtualizing i.A to GenericAImpl\[int\]"
+	}
+	{
+		var i A = GenericAImpl[int]{} // ERROR "GenericAImpl\[int\]\{\} does not escape"
+		i = GenericAImpl[int]{}       // ERROR "GenericAImpl\[int\]\{\} does not escape"
+		i.A()                         // ERROR "devirtualizing i.A to GenericAImpl\[int\]"
+	}
+	{
+		var i A = GenericAImpl[int]{} // ERROR "GenericAImpl\[int\]\{\} escapes to heap"
+		i = GenericAImpl[byte]{}      // ERROR "GenericAImpl\[uint8\]\{\} escapes to heap"
+		i.A()
+	}
+}
diff --git a/test/fixedbugs/issue78404.go b/test/fixedbugs/issue78404.go
new file mode 100644
index 00000000000000..0625d372b56cc0
--- /dev/null
+++ b/test/fixedbugs/issue78404.go
@@ -0,0 +1,37 @@
+// run
+
+// Copyright 2026 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package main
+
+type Iface[IO any] interface {
+	Foo()
+}
+
+type underlyingIfaceImpl struct{}
+
+func (e *underlyingIfaceImpl) Foo() {}
+
+type Impl1[IO any] struct {
+	underlyingIfaceImpl
+}
+
+type Impl2 struct {
+	underlyingIfaceImpl
+}
+
+func NewImpl1[IO any]() Iface[IO] {
+	return &Impl1[IO]{}
+}
+
+var alwaysFalse = false
+
+func main() {
+	val := NewImpl1[int]()
+	if alwaysFalse { // dead branch
+		val = &Impl2{}
+	}
+	val.Foo() // must not panic
+}

From 50856a181c0635b51bcb99b1df35e23d02cfacf6 Mon Sep 17 00:00:00 2001
From: Damien Neil <dneil@google.com>
Date: Wed, 8 Apr 2026 09:55:54 -0700
Subject: [PATCH 13/31] [release-branch.go1.26] cmd/go: use MkdirTemp to create
 temp directory for "go bug"

Don't use a predictable, potentially attacker-controlled filename in /tmp.

For #78584
Fixes #78588
Fixes CVE-2026-39819

Change-Id: I72116aa6dd8fa50f65b6dc0292a15a8c6a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/763882
Reviewed-by: Nicholas Husin <husin@google.com>
Reviewed-by: Nicholas Husin <nsh@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
(cherry picked from commit 5d6aa23e5b6151d25955a512532383c28c745e18)
Reviewed-on: https://go-review.googlesource.com/c/go/+/763883
LUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Michael Pratt <mpratt@google.com>
---
 src/cmd/go/internal/bug/bug.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/cmd/go/internal/bug/bug.go b/src/cmd/go/internal/bug/bug.go
index 749edc51cf1d03..f967e9a8ef5725 100644
--- a/src/cmd/go/internal/bug/bug.go
+++ b/src/cmd/go/internal/bug/bug.go
@@ -184,14 +184,14 @@ func firstLine(buf []byte) []byte {
 // printGlibcVersion prints information about the glibc version.
 // It ignores failures.
 func printGlibcVersion(w io.Writer) {
-	tempdir := os.TempDir()
-	if tempdir == "" {
+	tempdir, err := os.MkdirTemp("", "")
+	if err != nil {
 		return
 	}
 	src := []byte(`int main() {}`)
 	srcfile := filepath.Join(tempdir, "go-bug.c")
 	outfile := filepath.Join(tempdir, "go-bug")
-	err := os.WriteFile(srcfile, src, 0644)
+	err = os.WriteFile(srcfile, src, 0644)
 	if err != nil {
 		return
 	}

From 73f417a37cd467639d1441cb74191d69a5586031 Mon Sep 17 00:00:00 2001
From: Robert Griesemer <gri@google.com>
Date: Wed, 11 Mar 2026 19:02:07 -0700
Subject: [PATCH 14/31] [release-branch.go1.26] go/types, types2: handle
 unconstrained type parameters correctly in a few places

When iterating over a type set via a range clause, am unconstrained
type set produces a single (nil, nil) result. This was not properly
accounted for in a few places:

- In the code for the append and copy built-in, handle the (nil, nil)
  case.
- Likewise, in NewSignatureType, panic with the correct (string) error
  in this case.

Check all remaining places where we iterate over type sets with range
for correctness.

Fixes #78198.

Change-Id: If0f33f43dad59b4b5ef4c310f80522c25c6e251f
Reviewed-on: https://go-review.googlesource.com/c/go/+/755941
Reviewed-by: Robert Griesemer <gri@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Mark Freeman <markfreeman@google.com>
Auto-Submit: Robert Griesemer <gri@google.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/756124
LUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
---
 src/cmd/compile/internal/types2/builtins.go         |  4 ++--
 src/cmd/compile/internal/types2/issues_test.go      |  6 +++++-
 src/cmd/compile/internal/types2/signature.go        |  3 +++
 src/cmd/compile/internal/types2/under.go            |  6 +++---
 src/go/types/builtins.go                            |  4 ++--
 src/go/types/issues_test.go                         |  6 +++++-
 src/go/types/signature.go                           |  3 +++
 src/go/types/under.go                               |  6 +++---
 src/internal/types/testdata/fixedbugs/issue78163.go | 11 +++++++++++
 9 files changed, 37 insertions(+), 12 deletions(-)
 create mode 100644 src/internal/types/testdata/fixedbugs/issue78163.go

diff --git a/src/cmd/compile/internal/types2/builtins.go b/src/cmd/compile/internal/types2/builtins.go
index 549d94615bccec..c0073c5136b0c7 100644
--- a/src/cmd/compile/internal/types2/builtins.go
+++ b/src/cmd/compile/internal/types2/builtins.go
@@ -112,7 +112,7 @@ func (check *Checker) builtin(x *operand, call *syntax.CallExpr, id builtinId) (
 				for _, u := range typeset(y.typ) {
 					if s, _ := u.(*Slice); s != nil && Identical(s.elem, universeByte) {
 						// typeset ⊇ {[]byte}
-					} else if isString(u) {
+					} else if u != nil && isString(u) {
 						// typeset ⊇ {string}
 						hasString = true
 					} else {
@@ -375,7 +375,7 @@ func (check *Checker) builtin(x *operand, call *syntax.CallExpr, id builtinId) (
 			for _, u := range typeset(y.typ) {
 				if s, _ := u.(*Slice); s != nil && Identical(s.elem, universeByte) {
 					// typeset ⊇ {[]byte}
-				} else if isString(u) {
+				} else if u != nil && isString(u) {
 					// typeset ⊇ {string}
 				} else {
 					special = false
diff --git a/src/cmd/compile/internal/types2/issues_test.go b/src/cmd/compile/internal/types2/issues_test.go
index 8ddb39987a5db0..d0b1f4e36c1451 100644
--- a/src/cmd/compile/internal/types2/issues_test.go
+++ b/src/cmd/compile/internal/types2/issues_test.go
@@ -631,9 +631,13 @@ func TestIssue55030(t *testing.T) {
 	makeSig := func(typ Type, valid bool) {
 		if !valid {
 			defer func() {
-				if recover() == nil {
+				r := recover()
+				if r == nil {
 					panic("NewSignatureType panic expected")
 				}
+				if _, ok := r.(string); !ok {
+					panic("NewSignatureType string panic expected")
+				}
 			}()
 		}
 		par := NewParam(nopos, nil, "", typ)
diff --git a/src/cmd/compile/internal/types2/signature.go b/src/cmd/compile/internal/types2/signature.go
index d569ba8013954a..13f99885ab5ce9 100644
--- a/src/cmd/compile/internal/types2/signature.go
+++ b/src/cmd/compile/internal/types2/signature.go
@@ -61,6 +61,9 @@ func NewSignatureType(recv *Var, recvTypeParams, typeParams []*TypeParam, params
 		last := params.At(n - 1).typ
 		var S *Slice
 		for t := range typeset(last) {
+			if t == nil {
+				break
+			}
 			var s *Slice
 			if isString(t) {
 				s = NewSlice(universeByte)
diff --git a/src/cmd/compile/internal/types2/under.go b/src/cmd/compile/internal/types2/under.go
index 98c62733c7cd99..15fca73522278a 100644
--- a/src/cmd/compile/internal/types2/under.go
+++ b/src/cmd/compile/internal/types2/under.go
@@ -26,12 +26,12 @@ func all(t Type, f func(t, u Type) bool) bool {
 // typeset is an iterator over the (type/underlying type) pairs of the
 // specific type terms of the type set implied by t.
 // If t is a type parameter, the implied type set is the type set of t's constraint.
-// In that case, if there are no specific terms, typeset calls yield with (nil, nil).
+// In this case, if there are no specific terms, the iterator produces (nil, nil).
 // If t is not a type parameter, the implied type set consists of just t.
-// In any case, typeset is guaranteed to call yield at least once.
+// In any case, typeset is guaranteed to produce at least one set of results.
 func typeset(t Type) iter.Seq2[Type, Type] {
 	return func(yield func(t, u Type) bool) {
-		_ = all(t, yield)
+		all(t, yield)
 	}
 }
 
diff --git a/src/go/types/builtins.go b/src/go/types/builtins.go
index 90a3b4a901f8e7..3da5a679e9bf08 100644
--- a/src/go/types/builtins.go
+++ b/src/go/types/builtins.go
@@ -115,7 +115,7 @@ func (check *Checker) builtin(x *operand, call *ast.CallExpr, id builtinId) (_ b
 				for _, u := range typeset(y.typ) {
 					if s, _ := u.(*Slice); s != nil && Identical(s.elem, universeByte) {
 						// typeset ⊇ {[]byte}
-					} else if isString(u) {
+					} else if u != nil && isString(u) {
 						// typeset ⊇ {string}
 						hasString = true
 					} else {
@@ -378,7 +378,7 @@ func (check *Checker) builtin(x *operand, call *ast.CallExpr, id builtinId) (_ b
 			for _, u := range typeset(y.typ) {
 				if s, _ := u.(*Slice); s != nil && Identical(s.elem, universeByte) {
 					// typeset ⊇ {[]byte}
-				} else if isString(u) {
+				} else if u != nil && isString(u) {
 					// typeset ⊇ {string}
 				} else {
 					special = false
diff --git a/src/go/types/issues_test.go b/src/go/types/issues_test.go
index 6388dcf6876e75..a6ce660c2bc21f 100644
--- a/src/go/types/issues_test.go
+++ b/src/go/types/issues_test.go
@@ -641,9 +641,13 @@ func TestIssue55030(t *testing.T) {
 	makeSig := func(typ Type, valid bool) {
 		if !valid {
 			defer func() {
-				if recover() == nil {
+				r := recover()
+				if r == nil {
 					panic("NewSignatureType panic expected")
 				}
+				if _, ok := r.(string); !ok {
+					panic("NewSignatureType string panic expected")
+				}
 			}()
 		}
 		par := NewParam(nopos, nil, "", typ)
diff --git a/src/go/types/signature.go b/src/go/types/signature.go
index 13f60c07722b25..f89357b7d48149 100644
--- a/src/go/types/signature.go
+++ b/src/go/types/signature.go
@@ -74,6 +74,9 @@ func NewSignatureType(recv *Var, recvTypeParams, typeParams []*TypeParam, params
 		last := params.At(n - 1).typ
 		var S *Slice
 		for t := range typeset(last) {
+			if t == nil {
+				break
+			}
 			var s *Slice
 			if isString(t) {
 				s = NewSlice(universeByte)
diff --git a/src/go/types/under.go b/src/go/types/under.go
index 6056b2e4829d3b..1b304237419f23 100644
--- a/src/go/types/under.go
+++ b/src/go/types/under.go
@@ -29,12 +29,12 @@ func all(t Type, f func(t, u Type) bool) bool {
 // typeset is an iterator over the (type/underlying type) pairs of the
 // specific type terms of the type set implied by t.
 // If t is a type parameter, the implied type set is the type set of t's constraint.
-// In that case, if there are no specific terms, typeset calls yield with (nil, nil).
+// In this case, if there are no specific terms, the iterator produces (nil, nil).
 // If t is not a type parameter, the implied type set consists of just t.
-// In any case, typeset is guaranteed to call yield at least once.
+// In any case, typeset is guaranteed to produce at least one set of results.
 func typeset(t Type) iter.Seq2[Type, Type] {
 	return func(yield func(t, u Type) bool) {
-		_ = all(t, yield)
+		all(t, yield)
 	}
 }
 
diff --git a/src/internal/types/testdata/fixedbugs/issue78163.go b/src/internal/types/testdata/fixedbugs/issue78163.go
new file mode 100644
index 00000000000000..a697181f809c4b
--- /dev/null
+++ b/src/internal/types/testdata/fixedbugs/issue78163.go
@@ -0,0 +1,11 @@
+// Copyright 2026 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package p
+
+func _[P any](x P) {
+	var s []byte
+	_ = append(s, x /* ERROR "cannot use x (variable of type P constrained by any) as []byte value in argument to append" */ ...)
+	copy(s, x /* ERROR "invalid copy: argument must be a slice; have x (variable of type P constrained by any)" */)
+}

From e9df527f067d95a1d2b574e1855cf3ada76e2b7d Mon Sep 17 00:00:00 2001
From: Filippo Valsorda <filippo@golang.org>
Date: Wed, 25 Mar 2026 20:48:44 +0100
Subject: [PATCH 15/31] [release-branch.go1.26] crypto/tls: wrap ML-KEM hybrids
 in fips140.WithoutEnforcement

To avoid excessive backports, this CL copies rerunWithFIPS140Enforced
from CL 759382, and overrides the certificates used for FIPS-140 tests
to avoid requiring the entirety of CL 759380 and CL 759381.

Fixes #78372
Updates #78298
Updates #78178
Updates #75528
Updates #75166
Updates #76112

Change-Id: Ie78f3bf5f0b232482da44aba28a0f6d66a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/759383
Reviewed-by: David Chase <drchase@google.com>
LUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: Mark Freeman <markfreeman@google.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
(cherry picked from commit 3103a2312445c8d0a1c3ad1c787b9c1c90fbf77a)
Reviewed-on: https://go-review.googlesource.com/c/go/+/771961
Reviewed-by: Michael Pratt <mpratt@google.com>
Commit-Queue: Michael Pratt <mpratt@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Auto-Submit: Michael Pratt <mpratt@google.com>
---
 src/crypto/tls/fips140_test.go   | 64 +++++++++++++++++++++++++-------
 src/crypto/tls/handshake_test.go |  9 +++++
 src/crypto/tls/key_schedule.go   | 27 ++++++++++++--
 src/crypto/tls/tls_test.go       |  8 ++++
 4 files changed, 91 insertions(+), 17 deletions(-)

diff --git a/src/crypto/tls/fips140_test.go b/src/crypto/tls/fips140_test.go
index 96273c0fe0ea2f..540d2e6ee7c9c8 100644
--- a/src/crypto/tls/fips140_test.go
+++ b/src/crypto/tls/fips140_test.go
@@ -7,7 +7,9 @@ package tls
 import (
 	"crypto/ecdsa"
 	"crypto/elliptic"
+	"crypto/fips140"
 	"crypto/internal/boring"
+	ifips140 "crypto/internal/fips140"
 	"crypto/rand"
 	"crypto/rsa"
 	"crypto/x509"
@@ -19,6 +21,7 @@ import (
 	"math/big"
 	"net"
 	"os"
+	"regexp"
 	"runtime"
 	"strings"
 	"testing"
@@ -54,12 +57,29 @@ func generateKeyShare(group CurveID) keyShare {
 	return shares[0]
 }
 
+func rerunWithFIPS140Enforced(t *testing.T) {
+	t.Helper()
+	if err := ifips140.Supported(); err != nil {
+		t.Skipf("test requires FIPS 140 mode: %v", err)
+	}
+	nameRegex := "^" + regexp.QuoteMeta(t.Name()) + "$"
+	cmd := testenv.Command(t, testenv.Executable(t), "-test.run="+nameRegex, "-test.v")
+	cmd.Env = append(cmd.Environ(), "GODEBUG=fips140=only")
+	out, err := cmd.CombinedOutput()
+	t.Logf("running with GODEBUG=fips140=only:\n%s", out)
+	if err != nil {
+		t.Errorf("fips140=only subprocess failed: %v", err)
+	}
+}
+
+var testConfigFIPS140 *Config
+
 func TestFIPSServerProtocolVersion(t *testing.T) {
 	test := func(t *testing.T, name string, v uint16, msg string) {
 		t.Run(name, func(t *testing.T) {
-			serverConfig := testConfig.Clone()
+			serverConfig := testConfigFIPS140.Clone()
 			serverConfig.MinVersion = VersionSSL30
-			clientConfig := testConfig.Clone()
+			clientConfig := testConfigFIPS140.Clone()
 			clientConfig.MinVersion = v
 			clientConfig.MaxVersion = v
 			_, _, err := testHandshake(t, clientConfig, serverConfig)
@@ -91,6 +111,10 @@ func TestFIPSServerProtocolVersion(t *testing.T) {
 		test(t, "VersionTLS12", VersionTLS12, "")
 		test(t, "VersionTLS13", VersionTLS13, "")
 	})
+
+	if !fips140.Enforced() {
+		rerunWithFIPS140Enforced(t)
+	}
 }
 
 func isFIPSVersion(v uint16) bool {
@@ -178,7 +202,7 @@ func isFIPSSignatureScheme(alg SignatureScheme) bool {
 }
 
 func TestFIPSServerCipherSuites(t *testing.T) {
-	serverConfig := testConfig.Clone()
+	serverConfig := testConfigFIPS140.Clone()
 	serverConfig.Certificates = make([]Certificate, 1)
 
 	for _, id := range allCipherSuitesIncludingTLS13() {
@@ -219,16 +243,20 @@ func TestFIPSServerCipherSuites(t *testing.T) {
 			})
 		})
 	}
+
+	if !fips140.Enforced() {
+		rerunWithFIPS140Enforced(t)
+	}
 }
 
 func TestFIPSServerCurves(t *testing.T) {
-	serverConfig := testConfig.Clone()
+	serverConfig := testConfigFIPS140.Clone()
 	serverConfig.CurvePreferences = nil
 	serverConfig.BuildNameToCertificate()
 
 	for _, curveid := range defaultCurvePreferences() {
 		t.Run(fmt.Sprintf("curve=%v", curveid), func(t *testing.T) {
-			clientConfig := testConfig.Clone()
+			clientConfig := testConfigFIPS140.Clone()
 			clientConfig.CurvePreferences = []CurveID{curveid}
 
 			runWithFIPSDisabled(t, func(t *testing.T) {
@@ -248,6 +276,10 @@ func TestFIPSServerCurves(t *testing.T) {
 			})
 		})
 	}
+
+	if !fips140.Enforced() {
+		rerunWithFIPS140Enforced(t)
+	}
 }
 
 func fipsHandshake(t *testing.T, clientConfig, serverConfig *Config) (clientErr, serverErr error) {
@@ -276,7 +308,7 @@ func TestFIPSServerSignatureAndHash(t *testing.T) {
 
 	for _, sigHash := range defaultSupportedSignatureAlgorithms() {
 		t.Run(fmt.Sprintf("%v", sigHash), func(t *testing.T) {
-			serverConfig := testConfig.Clone()
+			serverConfig := testConfigFIPS140.Clone()
 			serverConfig.Certificates = make([]Certificate, 1)
 
 			testingOnlySupportedSignatureAlgorithms = []SignatureScheme{sigHash}
@@ -302,7 +334,7 @@ func TestFIPSServerSignatureAndHash(t *testing.T) {
 			serverConfig.MaxVersion = VersionTLS12
 
 			runWithFIPSDisabled(t, func(t *testing.T) {
-				clientErr, serverErr := fipsHandshake(t, testConfig, serverConfig)
+				clientErr, serverErr := fipsHandshake(t, testConfigFIPS140, serverConfig)
 				if clientErr != nil {
 					t.Fatalf("expected handshake with %v to succeed; client error: %v; server error: %v", sigHash, clientErr, serverErr)
 				}
@@ -310,7 +342,7 @@ func TestFIPSServerSignatureAndHash(t *testing.T) {
 
 			// With fipstls forced, bad curves should be rejected.
 			runWithFIPSEnabled(t, func(t *testing.T) {
-				clientErr, _ := fipsHandshake(t, testConfig, serverConfig)
+				clientErr, _ := fipsHandshake(t, testConfigFIPS140, serverConfig)
 				if isFIPSSignatureScheme(sigHash) {
 					if clientErr != nil {
 						t.Fatalf("expected handshake with %v to succeed; err=%v", sigHash, clientErr)
@@ -323,6 +355,10 @@ func TestFIPSServerSignatureAndHash(t *testing.T) {
 			})
 		})
 	}
+
+	if !fips140.Enforced() {
+		rerunWithFIPS140Enforced(t)
+	}
 }
 
 func TestFIPSClientHello(t *testing.T) {
@@ -337,7 +373,7 @@ func testFIPSClientHello(t *testing.T) {
 	defer c.Close()
 	defer s.Close()
 
-	clientConfig := testConfig.Clone()
+	clientConfig := testConfigFIPS140.Clone()
 	// All sorts of traps for the client to avoid.
 	clientConfig.MinVersion = VersionSSL30
 	clientConfig.MaxVersion = VersionTLS13
@@ -345,7 +381,7 @@ func testFIPSClientHello(t *testing.T) {
 	clientConfig.CurvePreferences = defaultCurvePreferences()
 
 	go Client(c, clientConfig).Handshake()
-	srv := Server(s, testConfig)
+	srv := Server(s, testConfigFIPS140)
 	msg, err := srv.readHandshake(nil)
 	if err != nil {
 		t.Fatal(err)
@@ -409,12 +445,12 @@ func TestFIPSCertAlgs(t *testing.T) {
 
 	// client verifying server cert
 	testServerCert := func(t *testing.T, desc string, pool *x509.CertPool, key any, list [][]byte, ok bool) {
-		clientConfig := testConfig.Clone()
+		clientConfig := testConfigFIPS140.Clone()
 		clientConfig.RootCAs = pool
 		clientConfig.InsecureSkipVerify = false
 		clientConfig.ServerName = "example.com"
 
-		serverConfig := testConfig.Clone()
+		serverConfig := testConfigFIPS140.Clone()
 		serverConfig.Certificates = []Certificate{{Certificate: list, PrivateKey: key}}
 		serverConfig.BuildNameToCertificate()
 
@@ -437,11 +473,11 @@ func TestFIPSCertAlgs(t *testing.T) {
 
 	// server verifying client cert
 	testClientCert := func(t *testing.T, desc string, pool *x509.CertPool, key any, list [][]byte, ok bool) {
-		clientConfig := testConfig.Clone()
+		clientConfig := testConfigFIPS140.Clone()
 		clientConfig.ServerName = "example.com"
 		clientConfig.Certificates = []Certificate{{Certificate: list, PrivateKey: key}}
 
-		serverConfig := testConfig.Clone()
+		serverConfig := testConfigFIPS140.Clone()
 		serverConfig.ClientCAs = pool
 		serverConfig.ClientAuth = RequireAndVerifyClientCert
 
diff --git a/src/crypto/tls/handshake_test.go b/src/crypto/tls/handshake_test.go
index 6e00b4348e6038..7cf0ee2343b132 100644
--- a/src/crypto/tls/handshake_test.go
+++ b/src/crypto/tls/handshake_test.go
@@ -477,6 +477,15 @@ func runMain(m *testing.M) int {
 		defer f.Close()
 	}
 
+	testConfigFIPS140 = testConfig.Clone()
+	// Only crypto/rand.Reader is allowed in FIPS 140-only mode.
+	testConfigFIPS140.Rand = nil
+	// FIPS 140-only mode requires 2048-bit RSA keys.
+	testConfigFIPS140.Certificates = []Certificate{{
+		Certificate: [][]byte{testRSA2048Certificate},
+		PrivateKey:  testRSA2048PrivateKey,
+	}}
+
 	return m.Run()
 }
 
diff --git a/src/crypto/tls/key_schedule.go b/src/crypto/tls/key_schedule.go
index bfa22449c87178..97f4993a179939 100644
--- a/src/crypto/tls/key_schedule.go
+++ b/src/crypto/tls/key_schedule.go
@@ -7,6 +7,7 @@ package tls
 import (
 	"crypto"
 	"crypto/ecdh"
+	"crypto/fips140"
 	"crypto/hmac"
 	"crypto/internal/fips140/tls13"
 	"crypto/mlkem"
@@ -165,7 +166,14 @@ type hybridKeyExchange struct {
 }
 
 func (ke *hybridKeyExchange) keyShares(rand io.Reader) (*keySharePrivateKeys, []keyShare, error) {
-	priv, ecdhShares, err := ke.ecdh.keyShares(rand)
+	var (
+		priv       *keySharePrivateKeys
+		ecdhShares []keyShare
+		err        error
+	)
+	fips140.WithoutEnforcement(func() { // Hybrid of ML-KEM, which is Approved.
+		priv, ecdhShares, err = ke.ecdh.keyShares(rand)
+	})
 	if err != nil {
 		return nil, nil, err
 	}
@@ -201,7 +209,14 @@ func (ke *hybridKeyExchange) serverSharedSecret(rand io.Reader, clientKeyShare [
 		ecdhShareData = clientKeyShare[:ke.ecdhElementSize]
 		mlkemShareData = clientKeyShare[ke.ecdhElementSize:]
 	}
-	ecdhSharedSecret, ks, err := ke.ecdh.serverSharedSecret(rand, ecdhShareData)
+	var (
+		ecdhSharedSecret []byte
+		ks               keyShare
+		err              error
+	)
+	fips140.WithoutEnforcement(func() { // Hybrid of ML-KEM, which is Approved.
+		ecdhSharedSecret, ks, err = ke.ecdh.serverSharedSecret(rand, ecdhShareData)
+	})
 	if err != nil {
 		return nil, keyShare{}, err
 	}
@@ -234,7 +249,13 @@ func (ke *hybridKeyExchange) clientSharedSecret(priv *keySharePrivateKeys, serve
 		ecdhShareData = serverKeyShare[:ke.ecdhElementSize]
 		mlkemShareData = serverKeyShare[ke.ecdhElementSize:]
 	}
-	ecdhSharedSecret, err := ke.ecdh.clientSharedSecret(priv, ecdhShareData)
+	var (
+		ecdhSharedSecret []byte
+		err              error
+	)
+	fips140.WithoutEnforcement(func() { // Hybrid of ML-KEM, which is Approved.
+		ecdhSharedSecret, err = ke.ecdh.clientSharedSecret(priv, ecdhShareData)
+	})
 	if err != nil {
 		return nil, err
 	}
diff --git a/src/crypto/tls/tls_test.go b/src/crypto/tls/tls_test.go
index 4513008a5f930e..86322390862137 100644
--- a/src/crypto/tls/tls_test.go
+++ b/src/crypto/tls/tls_test.go
@@ -11,6 +11,7 @@ import (
 	"crypto/ecdh"
 	"crypto/ecdsa"
 	"crypto/elliptic"
+	"crypto/fips140"
 	"crypto/internal/boring"
 	"crypto/rand"
 	"crypto/tls/internal/fips140tls"
@@ -194,6 +195,13 @@ func runWithFIPSEnabled(t *testing.T, testFunc func(t *testing.T)) {
 }
 
 func runWithFIPSDisabled(t *testing.T, testFunc func(t *testing.T)) {
+	if fips140.Enforced() {
+		t.Run("no-fips140tls", func(t *testing.T) {
+			t.Skip("can't run no-fips140tls tests in fips140=only mode")
+		})
+		return
+	}
+
 	originalFIPS := fips140tls.Required()
 	defer func() {
 		if originalFIPS {

From 19d2ce340195e3ae6286b500a387f5e869e85201 Mon Sep 17 00:00:00 2001
From: Jorropo <jorropo.pgm@gmail.com>
Date: Wed, 4 Mar 2026 10:01:11 +0100
Subject: [PATCH 16/31] [release-branch.go1.26] runtime: fix timespec
 definition on 32bits systems

The nsec field of timespec is a C long even when using
64bits time on 32bits systems.

This is because by timespec API if nsec never holds more than a
second worth of nanoseconds.
If it would theses would increment the sec field while the nsec
field would get the amount of nanoseconds modulus a second.

For #77934
Fixes #77935

Change-Id: I9803998ba70123eb3b226379bd72b11cae972c38
Reviewed-on: https://go-review.googlesource.com/c/go/+/751341
Reviewed-by: Michael Pratt <mpratt@google.com>
Auto-Submit: Jorropo <jorropo.pgm@gmail.com>
Reviewed-by: David Chase <drchase@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
(cherry picked from commit ba402cd756a02cd80bcd76a2f7afc22ae2041c6c)
Reviewed-on: https://go-review.googlesource.com/c/go/+/772020
Auto-Submit: Michael Pratt <mpratt@google.com>
Reviewed-by: Jorropo <jorropo.pgm@gmail.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
LUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
---
 src/runtime/defs_linux_386.go   |  7 ++++---
 src/runtime/defs_linux_arm.go   |  7 ++++---
 src/runtime/defs_linux_mipsx.go |  7 ++++---
 src/runtime/os_linux32.go       | 10 +++++-----
 4 files changed, 17 insertions(+), 14 deletions(-)

diff --git a/src/runtime/defs_linux_386.go b/src/runtime/defs_linux_386.go
index d1875954f3109f..3a8c201ff1de99 100644
--- a/src/runtime/defs_linux_386.go
+++ b/src/runtime/defs_linux_386.go
@@ -152,13 +152,14 @@ func (ts *timespec32) setNsec(ns int64) {
 
 type timespec struct {
 	tv_sec  int64
-	tv_nsec int64
+	tv_nsec int32
+	_       [4]byte // the C ABI aligns int64 to 8 bytes
 }
 
 //go:nosplit
 func (ts *timespec) setNsec(ns int64) {
-	ts.tv_sec = int64(ns / 1e9)
-	ts.tv_nsec = int64(ns % 1e9)
+	ts.tv_sec = ns / 1e9
+	ts.tv_nsec = int32(ns % 1e9)
 }
 
 type timeval struct {
diff --git a/src/runtime/defs_linux_arm.go b/src/runtime/defs_linux_arm.go
index 94577fc5971751..946f5bb230abf0 100644
--- a/src/runtime/defs_linux_arm.go
+++ b/src/runtime/defs_linux_arm.go
@@ -111,13 +111,14 @@ func (ts *timespec32) setNsec(ns int64) {
 
 type timespec struct {
 	tv_sec  int64
-	tv_nsec int64
+	tv_nsec int32
+	_       [4]byte // the C ABI aligns int64 to 8 bytes
 }
 
 //go:nosplit
 func (ts *timespec) setNsec(ns int64) {
-	ts.tv_sec = int64(ns / 1e9)
-	ts.tv_nsec = int64(ns % 1e9)
+	ts.tv_sec = ns / 1e9
+	ts.tv_nsec = int32(ns % 1e9)
 }
 
 type stackt struct {
diff --git a/src/runtime/defs_linux_mipsx.go b/src/runtime/defs_linux_mipsx.go
index b8da4d00af8a1d..c14fa8498f4a2d 100644
--- a/src/runtime/defs_linux_mipsx.go
+++ b/src/runtime/defs_linux_mipsx.go
@@ -109,13 +109,14 @@ func (ts *timespec32) setNsec(ns int64) {
 
 type timespec struct {
 	tv_sec  int64
-	tv_nsec int64
+	tv_nsec int32
+	_       [4]byte // the C ABI aligns int64 to 8 bytes
 }
 
 //go:nosplit
 func (ts *timespec) setNsec(ns int64) {
-	ts.tv_sec = int64(ns / 1e9)
-	ts.tv_nsec = int64(ns % 1e9)
+	ts.tv_sec = ns / 1e9
+	ts.tv_nsec = int32(ns % 1e9)
 }
 
 type timeval struct {
diff --git a/src/runtime/os_linux32.go b/src/runtime/os_linux32.go
index 02cb18f32d57d2..1ee1cdcaf90051 100644
--- a/src/runtime/os_linux32.go
+++ b/src/runtime/os_linux32.go
@@ -31,7 +31,7 @@ func futex(addr unsafe.Pointer, op int32, val uint32, ts *timespec, addr2 unsafe
 	var ts32 timespec32
 	var pts32 *timespec32
 	if ts != nil {
-		ts32.setNsec(ts.tv_sec*1e9 + ts.tv_nsec)
+		ts32.setNsec(ts.tv_sec*1e9 + int64(ts.tv_nsec))
 		pts32 = &ts32
 	}
 	return futex_time32(addr, op, val, pts32, addr2, val3)
@@ -53,14 +53,14 @@ func timer_settime(timerid int32, flags int32, new, old *itimerspec) int32 {
 	var new32, old32 *itimerspec32
 
 	if new != nil {
-		newts.it_interval.setNsec(new.it_interval.tv_sec*1e9 + new.it_interval.tv_nsec)
-		newts.it_value.setNsec(new.it_value.tv_sec*1e9 + new.it_value.tv_nsec)
+		newts.it_interval.setNsec(new.it_interval.tv_sec*1e9 + int64(new.it_interval.tv_nsec))
+		newts.it_value.setNsec(new.it_value.tv_sec*1e9 + int64(new.it_value.tv_nsec))
 		new32 = &newts
 	}
 
 	if old != nil {
-		oldts.it_interval.setNsec(old.it_interval.tv_sec*1e9 + old.it_interval.tv_nsec)
-		oldts.it_value.setNsec(old.it_value.tv_sec*1e9 + old.it_value.tv_nsec)
+		oldts.it_interval.setNsec(old.it_interval.tv_sec*1e9 + int64(old.it_interval.tv_nsec))
+		oldts.it_value.setNsec(old.it_value.tv_sec*1e9 + int64(old.it_value.tv_nsec))
 		old32 = &oldts
 	}
 

From f43caf87123f8c3bfeaeef2dcc4ecaab9f256118 Mon Sep 17 00:00:00 2001
From: Filippo Valsorda <filippo@golang.org>
Date: Tue, 28 Apr 2026 00:00:58 +0200
Subject: [PATCH 17/31] [release-branch.go1.26] lib/fips140: update inprocess
 to v1.26.0

Updates #78982
Updates #78984

Change-Id: Ic91104597bdb6c77f9885159ce2e3ddc6a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/771203
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Michael Pratt <mpratt@google.com>
LUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
---
 lib/fips140/inprocess.txt               | 2 +-
 src/cmd/go/testdata/script/fipssnap.txt | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/fips140/inprocess.txt b/lib/fips140/inprocess.txt
index efd3caba85ba62..426c2fb87f5d08 100644
--- a/lib/fips140/inprocess.txt
+++ b/lib/fips140/inprocess.txt
@@ -1 +1 @@
-v1.0.0-c2097c7c
+v1.26.0
diff --git a/src/cmd/go/testdata/script/fipssnap.txt b/src/cmd/go/testdata/script/fipssnap.txt
index 4d96aedf2a472d..4f2d486c61990f 100644
--- a/src/cmd/go/testdata/script/fipssnap.txt
+++ b/src/cmd/go/testdata/script/fipssnap.txt
@@ -1,4 +1,4 @@
-env snap=v1.0.0-c2097c7c
+env snap=v1.26.0
 env alias=inprocess
 
 env GOFIPS140=$snap

From 2992086cf8f3887f91d75ba28faff5756d8c2c28 Mon Sep 17 00:00:00 2001
From: Filippo Valsorda <filippo@golang.org>
Date: Tue, 28 Apr 2026 00:01:40 +0200
Subject: [PATCH 18/31] [release-branch.go1.26] lib/fips140: add certified
 pointing to v1.0.0-c2097c7c

Updates #78982
Fixes #78984

Change-Id: I37dd130b18026d5830348ad67de465eb6a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/771204
Reviewed-by: Michael Pratt <mpratt@google.com>
LUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
---
 lib/fips140/certified.txt | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 lib/fips140/certified.txt

diff --git a/lib/fips140/certified.txt b/lib/fips140/certified.txt
new file mode 100644
index 00000000000000..efd3caba85ba62
--- /dev/null
+++ b/lib/fips140/certified.txt
@@ -0,0 +1 @@
+v1.0.0-c2097c7c

From e0f5c054cb123da461a4ac858ad6dd0e3fcc6f92 Mon Sep 17 00:00:00 2001
From: Damien Neil <dneil@google.com>
Date: Thu, 26 Mar 2026 12:17:06 -0700
Subject: [PATCH 19/31] [release-branch.go1.26] net: avoid double-free of cgo
 pointer when handling large DNS response

No test, unfortunately: I've had no luck triggering this without
the ability to override the local recursive resolver.

Thanks to hamayanhamayan for reporting this issue.

Fixes CVE-2026-33811
Fixes #78813
For #78803

Change-Id: I9e51410337316c20e4b9fd5b86657f436a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/767860
Reviewed-by: Nicholas Husin <nsh@golang.org>
LUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Nicholas Husin <husin@google.com>
(cherry picked from commit ab2c7eb1c43011dda118282c1e757d8c27cd7d4f)
Reviewed-on: https://go-review.googlesource.com/c/go/+/767542
---
 src/net/cgo_unix.go | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/net/cgo_unix.go b/src/net/cgo_unix.go
index 51efee6f872c53..7d970cfeaba9e9 100644
--- a/src/net/cgo_unix.go
+++ b/src/net/cgo_unix.go
@@ -342,7 +342,10 @@ func cgoResSearch(hostname string, rtype, class int) ([]dnsmessage.Resource, err
 	// useful in the response, even though there *is* a response.
 	bufSize := maxDNSPacketSize
 	buf := (*_C_uchar)(_C_malloc(uintptr(bufSize)))
-	defer _C_free(unsafe.Pointer(buf))
+	defer func() {
+		// Free in a closure which captures buf to pick up a reallocated buffer from below.
+		_C_free(unsafe.Pointer(buf))
+	}()
 
 	s, err := syscall.BytePtrFromString(hostname)
 	if err != nil {

From 18fa391f45339841fd8f55f45805afc3aed9ebc2 Mon Sep 17 00:00:00 2001
From: Filippo Valsorda <filippo@golang.org>
Date: Tue, 28 Apr 2026 13:53:15 +0200
Subject: [PATCH 20/31] [release-branch.go1.26] crypto/fips140: add package
 docs

For #77879
Fixes #79021

Change-Id: I07c2fade6a5a49dd6abd53cb474462b16a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/771360
TryBot-Bypass: Dmitri Shuralyov <dmitshur@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Carlos Amedee <carlos@golang.org>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: Michael Pratt <mpratt@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
(cherry picked from commit f0f2768dffeecf1d68e9a126e41775158f110418)
Reviewed-on: https://go-review.googlesource.com/c/go/+/772200
LUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
---
 src/crypto/fips140/fips140.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/crypto/fips140/fips140.go b/src/crypto/fips140/fips140.go
index f44f3b399b2f05..d3f63d3bf18fcb 100644
--- a/src/crypto/fips140/fips140.go
+++ b/src/crypto/fips140/fips140.go
@@ -2,6 +2,12 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+// Package fips140 provides information about the FIPS 140-3 Go Cryptographic
+// Module and FIPS 140-3 mode.
+//
+// For more details, see the [FIPS 140-3 documentation].
+//
+// [FIPS 140-3 documentation]: https://go.dev/doc/security/fips140
 package fips140
 
 import (

From dd29b59a2b8fd3a318f26c3b1304a0250d40b3b7 Mon Sep 17 00:00:00 2001
From: xieyuschen <xieyuschen@gmail.com>
Date: Wed, 21 Jan 2026 14:57:14 +0800
Subject: [PATCH 21/31] [release-branch.go1.26] cmd/compile: fix loopvar
 version detection with line directives

The Go loop variable semantics changed in Go 1.22: loop variables are now
created per-iteration instead of per-loop. The compiler decides which
semantics to use based on the Go version in go.mod.

When go.mod specifies go 1.21 and the code is built with a Go 1.22+
compiler, the per-loop(compatible behavior) semantics should be used.

However, when a line directive is present in the source file,
go.mod 1.21 and go1.22+ compiler outputs a per-iteration semantics.

For example, the file below wants output 333 but got 012.

    -- go.mod --
    module test
    go 1.21
    -- main.go --
    //line main.go:1
    func main() {
            var fns []func()
            for i := 0; i < 3; i++ {
                    fns = append(fns, func() { fmt.Print(i) })
            }
            for _, fn := range fns {
                    fn()
            }
    }

The distinctVars function uses stmt.Pos().Base() to look up the file
version in FileVersions. Base() returns the file name after line
directives are applied (e.g., "main.go" for "//line main.go:1"), not
the actual source file path. This causes the version lookup to fail
for files with line directives.

This CL fixes the bug by using stmt.Pos().FileBase() instead. FileBase()
returns the actual file path before line directives are applied, ensuring
the correct version information is retrieved from the original source file.

For #77248
Fixes #77297

Change-Id: Idacc0816d112ee393089262468a02acfe40e4b72
Reviewed-on: https://go-review.googlesource.com/c/go/+/737820
Reviewed-by: Keith Randall <khr@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Keith Randall <khr@google.com>
Reviewed-by: Carlos Amedee <carlos@golang.org>
(cherry picked from commit b408256be720c51ff1730d7a97389a975744a312)
Reviewed-on: https://go-review.googlesource.com/c/go/+/772104
Reviewed-by: David Chase <drchase@google.com>
LUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
---
 .../compile/internal/loopvar/loopvar_test.go  | 60 +++++++++++++++++++
 .../testdata/range_esc_closure_linedir.go     | 24 ++++++++
 src/cmd/compile/internal/noder/writer.go      |  2 +-
 3 files changed, 85 insertions(+), 1 deletion(-)
 create mode 100644 src/cmd/compile/internal/loopvar/testdata/range_esc_closure_linedir.go

diff --git a/src/cmd/compile/internal/loopvar/loopvar_test.go b/src/cmd/compile/internal/loopvar/loopvar_test.go
index 0265dd06eec788..c4ff8f620dc5e6 100644
--- a/src/cmd/compile/internal/loopvar/loopvar_test.go
+++ b/src/cmd/compile/internal/loopvar/loopvar_test.go
@@ -6,6 +6,7 @@ package loopvar_test
 
 import (
 	"internal/testenv"
+	"os"
 	"os/exec"
 	"path/filepath"
 	"regexp"
@@ -381,3 +382,62 @@ func TestLoopVarVersionDisableGoBuild(t *testing.T) {
 		t.Errorf("err=%v == nil", err)
 	}
 }
+
+// TestLoopVarLineDirective tests that loopvar version detection works correctly
+// with line directives. This is a regression test for a bug where FileBase() was
+// used instead of Base(), causing incorrect version lookup when line directives
+// were present.
+func TestLoopVarLineDirective(t *testing.T) {
+	switch runtime.GOOS {
+	case "linux", "darwin":
+	default:
+		t.Skipf("Slow test, usually avoid it, os=%s not linux or darwin", runtime.GOOS)
+	}
+	switch runtime.GOARCH {
+	case "amd64", "arm64":
+	default:
+		t.Skipf("Slow test, usually avoid it, arch=%s not amd64 or arm64", runtime.GOARCH)
+	}
+
+	testenv.MustHaveGoBuild(t)
+	gocmd := testenv.GoToolPath(t)
+	tmpdir := t.TempDir()
+	output := filepath.Join(tmpdir, "foo.exe")
+
+	// Create a go.mod file with Go 1.21 to test compatibility behavior.
+	// When building with a higher Go compiler, the loopvar should be created per-loop.
+	gomodPath := filepath.Join(tmpdir, "go.mod")
+	if err := os.WriteFile(gomodPath, []byte("module test\n\ngo 1.21\n"), 0644); err != nil {
+		t.Fatal(err)
+	}
+
+	// Copy the test file (with line directive) to the temporary module
+	testFile := "range_esc_closure_linedir.go"
+	srcPath := filepath.Join("testdata", testFile)
+	dstPath := filepath.Join(tmpdir, testFile)
+	src, err := os.ReadFile(srcPath)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if err := os.WriteFile(dstPath, src, 0644); err != nil {
+		t.Fatal(err)
+	}
+
+	// Build the module (not as a single file, so go.mod is respected)
+	cmd := testenv.Command(t, gocmd, "build", "-o", output, ".")
+	cmd.Dir = tmpdir
+	b, err := cmd.CombinedOutput()
+	if err != nil {
+		t.Logf("build output: %s", b)
+		t.Fatal(err)
+	}
+	t.Logf("build output: %s", b)
+
+	cmd = testenv.Command(t, output)
+	b, err = cmd.CombinedOutput()
+	t.Logf("run output: %s", b)
+
+	if err != nil {
+		t.Errorf("expected success (exit code 0), got: %v", err)
+	}
+}
diff --git a/src/cmd/compile/internal/loopvar/testdata/range_esc_closure_linedir.go b/src/cmd/compile/internal/loopvar/testdata/range_esc_closure_linedir.go
new file mode 100644
index 00000000000000..24823e8990f29f
--- /dev/null
+++ b/src/cmd/compile/internal/loopvar/testdata/range_esc_closure_linedir.go
@@ -0,0 +1,24 @@
+// Copyright 2026 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//line range_esc_closure_linedir.go:5
+package main
+
+import "fmt"
+
+var is []func() int
+
+func main() {
+	var ints = []int{0, 0, 0}
+	for i := range ints {
+		is = append(is, func() int { return i })
+	}
+
+	for _, f := range is {
+		fmt.Println(f())
+		if f() != 2 {
+			panic("loop variable i: expected shared per-loop, but got distinct per-iteration")
+		}
+	}
+}
diff --git a/src/cmd/compile/internal/noder/writer.go b/src/cmd/compile/internal/noder/writer.go
index 0b5aa007bf9404..e772328b0a5b97 100644
--- a/src/cmd/compile/internal/noder/writer.go
+++ b/src/cmd/compile/internal/noder/writer.go
@@ -1557,7 +1557,7 @@ func (w *writer) forStmt(stmt *syntax.ForStmt) {
 
 func (w *writer) distinctVars(stmt *syntax.ForStmt) bool {
 	lv := base.Debug.LoopVar
-	fileVersion := w.p.info.FileVersions[stmt.Pos().Base()]
+	fileVersion := w.p.info.FileVersions[stmt.Pos().FileBase()]
 	is122 := fileVersion == "" || version.Compare(fileVersion, "go1.22") >= 0
 
 	// Turning off loopvar for 1.22 is only possible with loopvarhash=qn

From d9389d318b512400c4b91819a2c64f4f3493fd87 Mon Sep 17 00:00:00 2001
From: mohammadmseet-hue <mohammadmseet@gmail.com>
Date: Sat, 4 Apr 2026 05:17:25 +0000
Subject: [PATCH 22/31] [release-branch.go1.26] net/mail: fix quadratic
 complexity in consumeComment

consumeComment builds the comment string by repeated string
concatenation inside a loop. Each concatenation copies the
entire string built so far, making the function O(n^2) in the
depth of nested comments.

Replace the concatenation with a strings.Builder, which
amortizes allocation by doubling its internal buffer. This
reduces consumeComment from O(n^2) to O(n).

This is the same bug class as the consumeDomainLiteral fix
in CVE-2025-61725.

Benchmark results (benchstat, 8 runs):

  name                        old time/op  new time/op  delta
  ConsumeComment/depth10      2.481us      1.838us      -25.92%
  ConsumeComment/depth100     86.58us      6.498us      -92.50%
  ConsumeComment/depth1000    7.963ms      52.82us      -99.34%
  ConsumeComment/depth10000   897.8ms      521.3us      -99.94%

The quadratic cost becomes visible at depth 100 and dominant
by depth 1000. At depth 10000, the fix is roughly 1700x
faster.

For #78566
Fixes #78568

Change-Id: I3c927f02646fcab7bab167cb82fd46d3327d6d34
GitHub-Last-Rev: 7742dad716ee371766543f88e82bd163bd9d7ac2
GitHub-Pull-Request: golang/go#78393
Reviewed-on: https://go-review.googlesource.com/c/go/+/759940
Reviewed-by: Sean Liao <sean@liao.dev>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Sean Liao <sean@liao.dev>
Reviewed-by: David Chase <drchase@google.com>
Reviewed-by: Junyang Shao <shaojunyang@google.com>
(cherry picked from commit 0d0799f055dcc9b3b41df74bee3fbe398ae2f0e7)
Reviewed-on: https://go-review.googlesource.com/c/go/+/763800
LUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Michael Pratt <mpratt@google.com>
---
 src/net/mail/message.go      |  6 +++---
 src/net/mail/message_test.go | 19 +++++++++++++++++++
 2 files changed, 22 insertions(+), 3 deletions(-)

diff --git a/src/net/mail/message.go b/src/net/mail/message.go
index 1502b3596252ba..fbf1fca68f5e68 100644
--- a/src/net/mail/message.go
+++ b/src/net/mail/message.go
@@ -832,7 +832,7 @@ func (p *addrParser) consumeComment() (string, bool) {
 	// '(' already consumed.
 	depth := 1
 
-	var comment string
+	var comment strings.Builder
 	for {
 		if p.empty() || depth == 0 {
 			break
@@ -846,12 +846,12 @@ func (p *addrParser) consumeComment() (string, bool) {
 			depth--
 		}
 		if depth > 0 {
-			comment += p.s[:1]
+			comment.WriteByte(p.s[0])
 		}
 		p.s = p.s[1:]
 	}
 
-	return comment, depth == 0
+	return comment.String(), depth == 0
 }
 
 func (p *addrParser) decodeRFC2047Word(s string) (word string, isEncoded bool, err error) {
diff --git a/src/net/mail/message_test.go b/src/net/mail/message_test.go
index dad9c367f3e451..3393b03af54bf2 100644
--- a/src/net/mail/message_test.go
+++ b/src/net/mail/message_test.go
@@ -6,6 +6,7 @@ package mail
 
 import (
 	"bytes"
+	"fmt"
 	"io"
 	"mime"
 	"reflect"
@@ -1260,3 +1261,21 @@ func TestEmptyAddress(t *testing.T) {
 		t.Errorf(`ParseAddressList("") = %v, %v, want nil, error`, list, err)
 	}
 }
+
+func BenchmarkConsumeComment(b *testing.B) {
+	for _, n := range []int{10, 100, 1000, 10000} {
+		b.Run(fmt.Sprintf("depth-%d", n), func(b *testing.B) {
+			// Build a deeply nested comment: (((...a...)))
+			open := strings.Repeat("(", n)
+			close := strings.Repeat(")", n)
+			// consumeComment expects the leading '(' already consumed,
+			// so we start with one fewer opening paren and the parser
+			// will handle nesting from there.
+			input := open[:n-1] + "a" + close
+			for b.Loop() {
+				p := addrParser{s: input}
+				p.consumeComment()
+			}
+		})
+	}
+}

From 40fa774fffb7ccaddac9ffd3422d6e989d5a684b Mon Sep 17 00:00:00 2001
From: Damien Neil <dneil@google.com>
Date: Wed, 15 Apr 2026 16:27:23 -0400
Subject: [PATCH 23/31] [release-branch.go1.26] cmd/pack: refuse to extract
 files with directory components

Do not write to /etc/passwd when running "go tool pack x evil.a"
on an archive containing a file named /etc/passwd.

For #78778
Fixes #78791

Change-Id: I4cf69b81af62321ffbb41ace679672a86a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/767520
Reviewed-by: Nicholas Husin <nsh@golang.org>
LUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Nicholas Husin <husin@google.com>
(cherry picked from commit 7409ada33f99c0d74db2b0389c51a15de116e48d)
Reviewed-on: https://go-review.googlesource.com/c/go/+/767661
---
 src/cmd/pack/pack.go      |  5 +++++
 src/cmd/pack/pack_test.go | 44 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 49 insertions(+)

diff --git a/src/cmd/pack/pack.go b/src/cmd/pack/pack.go
index 4ac6ce995fe918..e9382990e3a059 100644
--- a/src/cmd/pack/pack.go
+++ b/src/cmd/pack/pack.go
@@ -139,6 +139,11 @@ func openArchive(name string, mode int, files []string) *Archive {
 	if err != nil {
 		log.Fatal(err)
 	}
+	for _, f := range a.Entries {
+		if !filepath.IsLocal(f.Name) || filepath.Base(f.Name) != f.Name {
+			log.Fatalf("%q: invalid name", f.Name)
+		}
+	}
 	return &Archive{
 		a:        a,
 		files:    files,
diff --git a/src/cmd/pack/pack_test.go b/src/cmd/pack/pack_test.go
index 2922ada8e923cb..b46847bc1452d8 100644
--- a/src/cmd/pack/pack_test.go
+++ b/src/cmd/pack/pack_test.go
@@ -6,6 +6,7 @@ package main
 
 import (
 	"bufio"
+	"bytes"
 	"cmd/internal/archive"
 	"fmt"
 	"internal/testenv"
@@ -382,6 +383,49 @@ func TestRWithNonexistentFile(t *testing.T) {
 	run(packPath(t), "r", "p.a", "p.o") // should succeed
 }
 
+func TestOutputPathSanitization(t *testing.T) {
+	dir := t.TempDir()
+
+	// Create pack.a containing a file named "longpathname".
+	// Note that "go tool pack" requires that all files be at least 8 bytes long.
+	const validPathName = "longpathname"
+	if err := os.WriteFile(dir+"/"+validPathName, make([]byte, 8), 0o666); err != nil {
+		t.Fatal(err)
+	}
+	doRun(t, dir, packPath(t), "grc", "pack.a", validPathName)
+
+	// Create evil.a from pack.a, replacing "longpathname" with "out/pathname".
+	b, err := os.ReadFile(dir + "/pack.a")
+	if err != nil {
+		t.Fatal(err)
+	}
+	idx := bytes.Index(b, []byte(validPathName))
+	if idx < 0 {
+		t.Fatalf("%v not found in pack.a", validPathName)
+	}
+	copy(b[idx:], "out/")
+	os.WriteFile(dir+"/evil.a", b, 0o666)
+
+	// Extract evil.a. It should fail and not extract a file to /out.
+	os.Mkdir(dir+"/out", 0o777)
+
+	cmd := testenv.Command(t, packPath(t), "x", "evil.a")
+	cmd.Dir = dir
+	_, err = cmd.CombinedOutput()
+	if err == nil {
+		t.Errorf("pack x evil.a: unexpected success")
+	}
+
+	ents, err := os.ReadDir(dir + "/out")
+	if err != nil {
+		t.Error(err)
+	}
+	for _, e := range ents {
+		t.Errorf("unexpected file in /out: %q", e.Name())
+	}
+
+}
+
 // doRun runs a program in a directory and returns the output.
 func doRun(t *testing.T, dir string, args ...string) string {
 	cmd := testenv.Command(t, args[0], args[1:]...)

From c9f97f50c4de8749924da3b0dc05f95e7bcd5520 Mon Sep 17 00:00:00 2001
From: Neal Patel <nealpatel@google.com>
Date: Wed, 22 Apr 2026 18:41:25 -0400
Subject: [PATCH 24/31] [release-branch.go1.26] html/template: fix escaping of
 URLs in meta content attributes
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The WHATWG "shared declarative refresh steps" algorithm (§4.2.5.3)
skips ASCII whitespace between "url" and "=" when parsing the URL
portion of a meta content attribute.

Thank you to Samy Ghannad for reporting this issue.

Updates #78913
Fixes #79032
Fixes CVE-2026-39823

Change-Id: I7fc3bb9394b95e07b9b10fbc95725a3de6791774
Reviewed-on: https://go-review.googlesource.com/c/go/+/769920
Reviewed-by: Roland Shoemaker <roland@golang.org>
TryBot-Bypass: Roland Shoemaker <roland@golang.org>
(cherry picked from commit f2ec1254ff32fa39f3ce4faf72bbe44eeeeebad9)
Reviewed-on: https://go-review.googlesource.com/c/go/+/772103
LUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
---
 src/html/template/escape_test.go | 20 ++++++++++++++++++++
 src/html/template/transition.go  | 12 +++++++-----
 2 files changed, 27 insertions(+), 5 deletions(-)

diff --git a/src/html/template/escape_test.go b/src/html/template/escape_test.go
index 9d09f6abc553d3..8992b787b2a9c4 100644
--- a/src/html/template/escape_test.go
+++ b/src/html/template/escape_test.go
@@ -759,6 +759,26 @@ func TestEscape(t *testing.T) {
 			`<meta http-equiv="refresh" content="{{"asd: 123"}}">`,
 			`<meta http-equiv="refresh" content="asd: 123">`,
 		},
+		{
+			"meta content url with whitespace before equals",
+			`<meta http-equiv="refresh" content="0;url ={{"javascript:alert(1)"}}">`,
+			`<meta http-equiv="refresh" content="0;url =#ZgotmplZ">`,
+		},
+		{
+			"meta content url with tab before equals",
+			"<meta http-equiv=\"refresh\" content=\"0;url\t={{\"javascript:alert(1)\"}}\">",
+			"<meta http-equiv=\"refresh\" content=\"0;url\t=#ZgotmplZ\">",
+		},
+		{
+			"meta content url with space after equals",
+			`<meta http-equiv="refresh" content="0;url= {{"javascript:alert(1)"}}">`,
+			`<meta http-equiv="refresh" content="0;url= #ZgotmplZ">`,
+		},
+		{
+			"meta content url with whitespace both sides of equals",
+			"<meta http-equiv=\"refresh\" content=\"0;url \t= {{\"javascript:alert(1)\"}}\">",
+			"<meta http-equiv=\"refresh\" content=\"0;url \t= #ZgotmplZ\">",
+		},
 	}
 
 	for _, test := range tests {
diff --git a/src/html/template/transition.go b/src/html/template/transition.go
index 7fbab1df7b06ee..ea4b272cc241db 100644
--- a/src/html/template/transition.go
+++ b/src/html/template/transition.go
@@ -626,10 +626,12 @@ func tError(c context, s []byte) (context, int) {
 
 // tMetaContent is the context transition function for the meta content attribute state.
 func tMetaContent(c context, s []byte) (context, int) {
-	for i := 0; i < len(s); i++ {
-		if i+3 <= len(s)-1 && bytes.Equal(bytes.ToLower(s[i:i+4]), []byte("url=")) {
-			c.state = stateMetaContentURL
-			return c, i + 4
+	for i := range len(s) {
+		if i+3 <= len(s)-1 && bytes.EqualFold(s[i:i+3], []byte("url")) {
+			if j := eatWhiteSpace(s, i+3); j < len(s) && s[j] == '=' {
+				c.state = stateMetaContentURL
+				return c, j + 1
+			}
 		}
 	}
 	return c, len(s)
@@ -637,7 +639,7 @@ func tMetaContent(c context, s []byte) (context, int) {
 
 // tMetaContentURL is the context transition function for the "url=" part of a meta content attribute state.
 func tMetaContentURL(c context, s []byte) (context, int) {
-	for i := 0; i < len(s); i++ {
+	for i := range len(s) {
 		if s[i] == ';' {
 			c.state = stateMetaContent
 			return c, i + 1

From 3ae315a8cdc64612069b1affc2b22adcbbeb7e87 Mon Sep 17 00:00:00 2001
From: Damien Neil <dneil@google.com>
Date: Mon, 6 Apr 2026 15:57:56 -0700
Subject: [PATCH 25/31] [release-branch.go1.26] os: avoid panic when RemoveAll
 fails to remove a symlink

Fix a case where RemoveAll directly returned the error returned
from openDirAt. When the target of openDirAt is a symlink,
it returns an internal-use-only errSymlink error. This error
panics when printed, to catch misuse of openDirAt.

Fix RemoveAll to detect and handle the errSymlink return.

For #78490
Fixes #78867

Change-Id: Ibd857280bfca1feb50c163a6e4b192716a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/763520
Reviewed-by: Nicholas Husin <husin@google.com>
LUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Nicholas Husin <nsh@golang.org>
(cherry picked from commit 5ddbf4b0e3be9e22b719b8a6a5aeb20029839972)
Reviewed-on: https://go-review.googlesource.com/c/go/+/769021
Reviewed-by: Robert Griesemer <gri@google.com>
---
 src/os/removeall_at.go      |  8 +++++--
 src/os/removeall_test.go    | 42 ++++++++++++++++++++++++++++++-------
 src/os/removeall_unix.go    |  8 -------
 src/os/removeall_windows.go |  4 ----
 4 files changed, 40 insertions(+), 22 deletions(-)

diff --git a/src/os/removeall_at.go b/src/os/removeall_at.go
index 5ddc1ade6134e5..9a7cea613bd066 100644
--- a/src/os/removeall_at.go
+++ b/src/os/removeall_at.go
@@ -93,10 +93,14 @@ func removeAllFrom(parentFd sysfdType, base string) error {
 			if IsNotExist(err) {
 				return nil
 			}
-			if err == syscall.ENOTDIR || isErrNoFollow(err) {
-				// Not a directory; return the error from the unix.Unlinkat.
+			if err == syscall.ENOTDIR {
+				// Not a directory; return the error from the removefileat.
 				return &PathError{Op: "unlinkat", Path: base, Err: uErr}
 			}
+			if _, ok := err.(errSymlink); ok {
+				// Not a user-visible error.
+				err = uErr
+			}
 			recurseErr = &PathError{Op: "openfdat", Path: base, Err: err}
 			break
 		}
diff --git a/src/os/removeall_test.go b/src/os/removeall_test.go
index bc439e4a5eb762..cef6e6e1967da6 100644
--- a/src/os/removeall_test.go
+++ b/src/os/removeall_test.go
@@ -6,6 +6,7 @@ package os_test
 
 import (
 	"bytes"
+	"errors"
 	"fmt"
 	"internal/testenv"
 	. "os"
@@ -238,14 +239,7 @@ func TestRemoveReadOnlyDir(t *testing.T) {
 
 // Issue #29983.
 func TestRemoveAllButReadOnlyAndPathError(t *testing.T) {
-	switch runtime.GOOS {
-	case "js", "wasip1", "windows":
-		t.Skipf("skipping test on %s", runtime.GOOS)
-	}
-
-	if Getuid() == 0 {
-		t.Skip("skipping test when running as root")
-	}
+	testRequiresPermissions(t)
 
 	t.Parallel()
 
@@ -492,6 +486,38 @@ func TestRemoveAllTrailingSlash(t *testing.T) {
 	}
 }
 
+func TestRemoveAllSymlinkRemovalFailure(t *testing.T) {
+	testRequiresPermissions(t)
+	dir := makefs(t, []string{
+		"parent/",
+		"parent/link => target",
+	})
+	if err := Chmod(dir+"/parent", 0o555); err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		Chmod(dir+"/parent", 0o755)
+	}()
+
+	err := RemoveAll(dir + "/parent/link")
+	if !errors.Is(err, ErrPermission) {
+		t.Fatalf("RemoveAll = %v; want ErrPermission", err)
+	}
+	// Issue #78490: RemoveAll leaked errSymlink, which panics when printed.
+	_ = err.Error()
+}
+
+func testRequiresPermissions(t *testing.T) {
+	t.Helper()
+	switch runtime.GOOS {
+	case "js", "wasip1", "windows":
+		t.Skipf("skipping test: %s does not support chmod", runtime.GOOS)
+	}
+	if Getuid() == 0 {
+		t.Skip("skipping test: running as root (which ignores file permissions)")
+	}
+}
+
 func BenchmarkRemoveAll(b *testing.B) {
 	tmpDir := filepath.Join(b.TempDir(), "target")
 	b.ReportAllocs()
diff --git a/src/os/removeall_unix.go b/src/os/removeall_unix.go
index 287fc81fa9c237..61e848d5a547c4 100644
--- a/src/os/removeall_unix.go
+++ b/src/os/removeall_unix.go
@@ -6,14 +6,6 @@
 
 package os
 
-import (
-	"internal/syscall/unix"
-)
-
-func isErrNoFollow(err error) bool {
-	return err == unix.NoFollowErrno
-}
-
 func newDirFile(fd int, name string) (*File, error) {
 	// We use kindNoPoll because we know that this is a directory.
 	return newFile(fd, name, kindNoPoll, false), nil
diff --git a/src/os/removeall_windows.go b/src/os/removeall_windows.go
index 6a1be1cca7bfbb..7e91e8bf3149fd 100644
--- a/src/os/removeall_windows.go
+++ b/src/os/removeall_windows.go
@@ -8,10 +8,6 @@ package os
 
 import "syscall"
 
-func isErrNoFollow(err error) bool {
-	return err == syscall.ELOOP
-}
-
 func newDirFile(fd syscall.Handle, name string) (*File, error) {
 	return newFile(fd, name, kindOpenFile, false), nil
 }

From 722b68ceca5fdb873efb61426ff4d237c4e30c2c Mon Sep 17 00:00:00 2001
From: Junyang Shao <shaojunyang@google.com>
Date: Thu, 12 Mar 2026 20:56:24 +0000
Subject: [PATCH 26/31] [release-branch.go1.26] cmd/compile: keep blank nodes
 alive in b.loop

The current bloop pass implementation skips blank nodes silently. This
CL makes it aware of that and keep them alive in temps.

For #77654.
Fixes #78155.

Change-Id: Iaffa5194ba1f0fe8d7c80a4c8e5c9a65a47bf534
Reviewed-on: https://go-review.googlesource.com/c/go/+/754920
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Keith Randall <khr@google.com>
Reviewed-by: Cuong Manh Le <cuong.manhle.vn@gmail.com>
Reviewed-by: Keith Randall <khr@golang.org>
Reviewed-on: https://go-review.googlesource.com/c/go/+/772122
LUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: David Chase <drchase@google.com>
Auto-Submit: Junyang Shao <shaojunyang@google.com>
Reviewed-by: Michael Pratt <mpratt@google.com>
---
 src/cmd/compile/internal/bloop/bloop.go | 41 ++++++++++++++++++++++++-
 test/bloop.go                           | 11 +++++++
 2 files changed, 51 insertions(+), 1 deletion(-)

diff --git a/src/cmd/compile/internal/bloop/bloop.go b/src/cmd/compile/internal/bloop/bloop.go
index b8ff1f0fbdf168..361c0a9a05ba88 100644
--- a/src/cmd/compile/internal/bloop/bloop.go
+++ b/src/cmd/compile/internal/bloop/bloop.go
@@ -139,6 +139,16 @@ func preserveStmt(curFn *ir.Func, stmt ir.Node) (ret ir.Node) {
 	ret = stmt
 	switch n := stmt.(type) {
 	case *ir.AssignStmt:
+		// If the left hand side is blank, we need to assign it to a temp
+		// so that it can be kept alive.
+		if ir.IsBlank(n.X) {
+			tmp := typecheck.TempAt(n.Pos(), curFn, n.Y.Type())
+			n.X = tmp
+			n.Def = true
+			n.PtrInit().Append(typecheck.Stmt(ir.NewDecl(n.Pos(), ir.ODCL, tmp)))
+			stmt = typecheck.AssignExpr(n)
+			n = stmt.(*ir.AssignStmt)
+		}
 		// Peel down struct and slice indexing to get the names
 		name := getAddressableNameFromNode(n.X)
 		if name != nil {
@@ -154,7 +164,30 @@ func preserveStmt(curFn *ir.Func, stmt ir.Node) (ret ir.Node) {
 		}
 	case *ir.AssignListStmt:
 		ns := []ir.Node{}
-		for _, lhs := range n.Lhs {
+		hasBlank := false
+		for i, lhs := range n.Lhs {
+			if ir.IsBlank(lhs) {
+				// If the left hand side has blanks, we need to assign them to temps
+				// so that they can be kept alive.
+				var typ *types.Type
+				// AssignListStmt can have tuple or a list of expressions on the right hand side.
+				if len(n.Rhs) == 1 && n.Rhs[0].Type() != nil &&
+					n.Rhs[0].Type().IsTuple() &&
+					len(n.Lhs) == n.Rhs[0].Type().NumFields() {
+					typ = n.Rhs[0].Type().Field(i).Type
+				} else if len(n.Rhs) == len(n.Lhs) {
+					typ = n.Rhs[i].Type()
+				} else {
+					// Unrecognized shapes, skip?
+					base.WarnfAt(n.Pos(), "unrecognized shape for assign list stmt for blank assignment")
+					continue
+				}
+				tmp := typecheck.TempAt(n.Pos(), curFn, typ)
+				n.Lhs[i] = tmp
+				n.PtrInit().Append(typecheck.Stmt(ir.NewDecl(n.Pos(), ir.ODCL, tmp)))
+				hasBlank = true
+				lhs = tmp
+			}
 			name := getAddressableNameFromNode(lhs)
 			if name != nil {
 				debugName(name, n.Pos())
@@ -168,6 +201,12 @@ func preserveStmt(curFn *ir.Func, stmt ir.Node) (ret ir.Node) {
 				base.WarnfAt(n.Pos(), "expr is unknown to bloop pass")
 			}
 		}
+		if hasBlank {
+			// blank nodes are rewritten to temps, we need to typecheck the node again.
+			n.Def = true
+			stmt = typecheck.AssignExpr(n)
+			n = stmt.(*ir.AssignListStmt)
+		}
 		ret = keepAliveAt(ns, n)
 	case *ir.AssignOpStmt:
 		name := getAddressableNameFromNode(n.X)
diff --git a/test/bloop.go b/test/bloop.go
index 69ae8f3b9ec8ce..d718425cc193c5 100644
--- a/test/bloop.go
+++ b/test/bloop.go
@@ -15,6 +15,10 @@ func caninline(x int) int { // ERROR "can inline caninline"
 	return x
 }
 
+func caninlineMulti(x int) (int, int) { // ERROR "can inline caninlineMulti"
+	return x, x
+}
+
 var something int
 
 func caninlineNoRet(x int) { // ERROR "can inline caninlineNoRet"
@@ -56,6 +60,13 @@ func test(b *testing.B, localsink, cond int) { // ERROR ".*"
 			caninline(1) // ERROR "inlining call to caninline" "function result will be kept alive"
 		}
 
+		_ = caninline(1) // ERROR "inlining call to caninline" ".*autotmp.* will be kept alive"
+
+		// An assign list stmt with a single rhs expression returning multiple values via a tuple.
+		_, _ = caninlineMulti(1) // ERROR "inlining call to caninlineMulti" ".*autotmp.* will be kept alive"
+		// An assign list stmt with multiple rhs expressions.
+		_, _ = caninline(1), caninline(2) // ERROR "inlining call to caninline" ".*autotmp.* will be kept alive"
+
 		receiver(argument) // ERROR inlining call to receiver" "function arg will be kept alive"
 	}
 }

From 7136366ebf849bad4f77df768c6dc29fbf0d6f86 Mon Sep 17 00:00:00 2001
From: Ryan Currah <ryan@currah.ca>
Date: Thu, 9 Apr 2026 02:52:39 +0000
Subject: [PATCH 27/31] [release-branch.go1.26] cmd/go: invalidate test cache
 when -coverpkg dependencies change

When running tests with -cover and -coverpkg, the resulting coverage
profile includes data from all packages specified in -coverpkg, not
just the test package. Previously, the test cache key did not account
for changes in these out-of-band covered packages, causing stale
coverage profiles to be reused even when source files in covered
packages were modified.

Fix this by hashing the BuildActionIDs of the writeCoverMetaAct's
dependencies (the compile actions for all covered packages) and
incorporating that hash into the coverage profile cache key via
cache.Subkey.

The covMeta hash is now computed directly in tryCacheWithID by
locating the "write coverage meta-data file" action among the run
action's dependencies, keeping all cache logic in one place. When
-coverpkg is used without -coverprofile, a sentinel cache entry is
written so the cache can still detect when covered packages change.

Fixes #78583
For #74873

Change-Id: Ice84557789e325330759442689d0e28f871858bb
GitHub-Last-Rev: 84aa5376f471704b0ee7be79ab33a1d5bba71c5a
GitHub-Pull-Request: golang/go#74773
Reviewed-on: https://go-review.googlesource.com/c/go/+/690775
Reviewed-by: David Chase <drchase@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Michael Matloob <matloob@google.com>
Reviewed-by: Michael Matloob <matloob@golang.org>
Reviewed-on: https://go-review.googlesource.com/c/go/+/764360
LUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
Reviewed-by: Michael Pratt <mpratt@google.com>
---
 src/cmd/go/internal/test/test.go              |  71 ++++++++--
 .../script/test_cache_coverpkg_bug.txt        | 134 ++++++++++++++++++
 .../script/test_cache_coverpkg_no_profile.txt |  80 +++++++++++
 3 files changed, 276 insertions(+), 9 deletions(-)
 create mode 100644 src/cmd/go/testdata/script/test_cache_coverpkg_bug.txt
 create mode 100644 src/cmd/go/testdata/script/test_cache_coverpkg_no_profile.txt

diff --git a/src/cmd/go/internal/test/test.go b/src/cmd/go/internal/test/test.go
index 9309aa65ed47c1..1eb7905413a0d0 100644
--- a/src/cmd/go/internal/test/test.go
+++ b/src/cmd/go/internal/test/test.go
@@ -1405,9 +1405,10 @@ type runTestActor struct {
 type runCache struct {
 	disableCache bool // cache should be disabled for this run
 
-	buf *bytes.Buffer
-	id1 cache.ActionID
-	id2 cache.ActionID
+	buf     *bytes.Buffer
+	id1     cache.ActionID
+	id2     cache.ActionID
+	covMeta cache.ActionID // Hash of writeCoverMetaAct dependencies, for invalidating coverage profiles
 }
 
 func coverProfTempFile(a *work.Action) string {
@@ -1800,6 +1801,33 @@ func (c *runCache) tryCacheWithID(b *work.Builder, a *work.Action, id string) bo
 		return false
 	}
 
+	// If we are collecting coverage for out-of-band packages (-coverpkg),
+	// find the writeCoverMetaAct among the run action's dependencies and hash
+	// its deps to ensure the cache invalidates when covered packages change.
+	// Note: the run action's original deps may be wrapped inside a "test barrier"
+	// action, so we search both a.Deps and any barrier's deps.
+	if len(testCoverPkgs) != 0 {
+		searchDeps := a.Deps
+		for _, dep := range a.Deps {
+			if dep.Mode == "test barrier" {
+				searchDeps = dep.Deps
+				break
+			}
+		}
+		for _, dep := range searchDeps {
+			if dep.Mode == "write coverage meta-data file" {
+				h := cache.NewHash("covermeta")
+				for _, metaDep := range dep.Deps {
+					if aid := metaDep.BuildActionID(); aid != "" {
+						fmt.Fprintf(h, "dep %s\n", aid)
+					}
+				}
+				c.covMeta = h.Sum()
+				break
+			}
+		}
+	}
+
 	var cacheArgs []string
 	for _, arg := range testArgs {
 		i := strings.Index(arg, "=")
@@ -1906,7 +1934,7 @@ func (c *runCache) tryCacheWithID(b *work.Builder, a *work.Action, id string) bo
 	// Merge cached cover profile data to cover profile.
 	if testCoverProfile != "" {
 		// Specifically ignore entry as it will be the same as above.
-		cpData, _, err := cache.GetFile(cache.Default(), coverProfileAndInputKey(testID, testInputsID))
+		cpData, _, err := cache.GetFile(cache.Default(), coverProfileAndInputKey(testID, testInputsID, c.covMeta))
 		if err != nil {
 			if cache.DebugTest {
 				fmt.Fprintf(os.Stderr, "testcache: %s: cached cover profile missing: %v\n", a.Package.ImportPath, err)
@@ -1914,6 +1942,18 @@ func (c *runCache) tryCacheWithID(b *work.Builder, a *work.Action, id string) bo
 			return false
 		}
 		mergeCoverProfile(cpData)
+	} else if c.covMeta != (cache.ActionID{}) {
+		// If we have a coverage metadata hash but no testCoverProfile, we're collecting
+		// coverage for out-of-band packages. Check if the coverage profile cache is still
+		// valid. If c.covMeta changed (meaning a covered package changed), the coverage
+		// profile cache will miss and we need to re-run the test.
+		_, _, err := cache.GetFile(cache.Default(), coverProfileAndInputKey(testID, testInputsID, c.covMeta))
+		if err != nil {
+			if cache.DebugTest {
+				fmt.Fprintf(os.Stderr, "testcache: %s: coverage metadata changed, re-running test: %v\n", a.Package.ImportPath, err)
+			}
+			return false
+		}
 	}
 
 	if len(data) == 0 || data[len(data)-1] != '\n' {
@@ -2104,9 +2144,15 @@ func testAndInputKey(testID, testInputsID cache.ActionID) cache.ActionID {
 	return cache.Subkey(testID, fmt.Sprintf("inputs:%x", testInputsID))
 }
 
-// coverProfileAndInputKey returns the "coverprofile" cache key for the pair (testID, testInputsID).
-func coverProfileAndInputKey(testID, testInputsID cache.ActionID) cache.ActionID {
-	return cache.Subkey(testAndInputKey(testID, testInputsID), "coverprofile")
+// coverProfileAndInputKey returns the "coverprofile" cache key.
+// If covMetaID is non-zero, it is included in the hash to ensure coverage profiles are invalidated
+// when the coverage metadata changes (e.g., when source files in covered packages are modified).
+func coverProfileAndInputKey(testID, testInputsID, covMetaID cache.ActionID) cache.ActionID {
+	key := testAndInputKey(testID, testInputsID)
+	if covMetaID != (cache.ActionID{}) {
+		key = cache.Subkey(key, fmt.Sprintf("coverdeps:%x", covMetaID))
+	}
+	return cache.Subkey(key, "coverprofile")
 }
 
 func (c *runCache) saveOutput(a *work.Action) {
@@ -2147,7 +2193,11 @@ func (c *runCache) saveOutput(a *work.Action) {
 		cache.PutNoVerify(cache.Default(), c.id1, bytes.NewReader(testlog))
 		cache.PutNoVerify(cache.Default(), testAndInputKey(c.id1, testInputsID), bytes.NewReader(a.TestOutput.Bytes()))
 		if coverProfile != nil {
-			cache.PutNoVerify(cache.Default(), coverProfileAndInputKey(c.id1, testInputsID), bytes.NewReader(coverProfile))
+			cache.PutNoVerify(cache.Default(), coverProfileAndInputKey(c.id1, testInputsID, c.covMeta), bytes.NewReader(coverProfile))
+		} else if c.covMeta != (cache.ActionID{}) {
+			// Write a sentinel so the else-if branch in tryCacheWithID can verify
+			// that the covMeta hash has not changed since the last run.
+			cache.PutNoVerify(cache.Default(), coverProfileAndInputKey(c.id1, testInputsID, c.covMeta), bytes.NewReader(nil))
 		}
 	}
 	if c.id2 != (cache.ActionID{}) {
@@ -2157,7 +2207,10 @@ func (c *runCache) saveOutput(a *work.Action) {
 		cache.PutNoVerify(cache.Default(), c.id2, bytes.NewReader(testlog))
 		cache.PutNoVerify(cache.Default(), testAndInputKey(c.id2, testInputsID), bytes.NewReader(a.TestOutput.Bytes()))
 		if coverProfile != nil {
-			cache.PutNoVerify(cache.Default(), coverProfileAndInputKey(c.id2, testInputsID), bytes.NewReader(coverProfile))
+			cache.PutNoVerify(cache.Default(), coverProfileAndInputKey(c.id2, testInputsID, c.covMeta), bytes.NewReader(coverProfile))
+		} else if c.covMeta != (cache.ActionID{}) {
+			// Sentinel for covMeta validity; see comment in id1 block above.
+			cache.PutNoVerify(cache.Default(), coverProfileAndInputKey(c.id2, testInputsID, c.covMeta), bytes.NewReader(nil))
 		}
 	}
 }
diff --git a/src/cmd/go/testdata/script/test_cache_coverpkg_bug.txt b/src/cmd/go/testdata/script/test_cache_coverpkg_bug.txt
new file mode 100644
index 00000000000000..71cd3b392050f8
--- /dev/null
+++ b/src/cmd/go/testdata/script/test_cache_coverpkg_bug.txt
@@ -0,0 +1,134 @@
+# Test for bug where cached coverage profiles with -coverpkg can contain
+# outdated line references when source files are modified.
+# This reproduces the issue where coverage data from cache may reference
+# lines that no longer exist in the updated source files.
+
+[short] skip
+[GODEBUG:gocacheverify=1] skip
+
+# We're testing cache behavior, so start with a clean GOCACHE.
+env GOCACHE=$WORK/cache
+
+# Create a project structure with multiple packages
+# proj/
+#   some_func.go
+#   some_func_test.go
+#   sub/
+#     sub.go
+#     sub_test.go
+#   sum/
+#     sum.go
+
+# Switch to the proj directory
+cd proj
+
+# Run tests with -coverpkg to collect coverage for all packages
+go test -coverpkg=proj/... -coverprofile=cover1.out ./...
+stdout 'coverage:'
+
+# Verify the first coverage profile exists and has expected content
+exists cover1.out
+grep -q 'proj/sub/sub.go:' cover1.out
+
+# Run again to ensure caching works
+go test -coverpkg=proj/... -coverprofile=cover1_cached.out ./...
+stdout '\(cached\)'
+stdout 'coverage:'
+
+# Note: Due to the bug, cached coverage profiles may have duplicate entries.
+# The duplicate entries are the entries for the previous file structure and the new file structure.
+
+# Now modify sub.go to change line structure - this will invalidate
+# the cache for the sub package but not for the proj package.
+cp ../sub_modified.go sub/sub.go
+
+# After modifying sub.go, we should not have both old and new line references.
+go test -coverpkg=proj/... -coverprofile=cover2.out ./...
+stdout 'coverage:'
+
+# With the bug present, we would see duplicate entries for the same lines.
+# With the bug fixed, there should be no duplicate or stale entries in the coverage profile.
+grep 'proj/sub/sub.go:' cover2.out
+# The fix should ensure that only the new line format exists, not the old one
+grep 'proj/sub/sub.go:3.24,4.35' cover2.out
+# This should fail if the stale coverage line exists (the bug is present)
+! grep 'proj/sub/sub.go:3.24,4.22' cover2.out
+
+-- proj/go.mod --
+module proj
+
+go 1.21
+
+-- proj/some_func.go --
+package proj
+
+import "proj/sum"
+
+func SomeFunc(a, b int) int {
+	if a == 0 && b == 0 {
+		return 0
+	}
+	return sum.Sum(a, b)
+}
+
+-- proj/some_func_test.go --
+package proj
+
+import (
+	"testing"
+)
+
+func Test_SomeFunc(t *testing.T) {
+	t.Run("test1", func(t *testing.T) {
+		result := SomeFunc(1, 1)
+		if result != 2 {
+			t.Errorf("Expected 2, got %d", result)
+		}
+	})
+}
+
+-- proj/sub/sub.go --
+package sub
+
+func Sub(a, b int) int {
+	if a == 0 && b == 0 {
+		return 0
+	}
+	return a - b
+}
+
+-- proj/sub/sub_test.go --
+package sub
+
+import (
+	"testing"
+)
+
+func Test_Sub(t *testing.T) {
+	t.Run("test_sub1", func(t *testing.T) {
+		result := Sub(1, 1)
+		if result != 0 {
+			t.Errorf("Expected 0, got %d", result)
+		}
+	})
+}
+
+-- proj/sum/sum.go --
+package sum
+
+func Sum(a, b int) int {
+	if a == 0 {
+		return b
+	}
+	return a + b
+}
+
+-- sub_modified.go --
+package sub
+
+func Sub(a, b int) int {
+	if a == 0 && b == 0 || a == -100 {
+		return 0
+	}
+	return a - b
+}
diff --git a/src/cmd/go/testdata/script/test_cache_coverpkg_no_profile.txt b/src/cmd/go/testdata/script/test_cache_coverpkg_no_profile.txt
new file mode 100644
index 00000000000000..263400a9e675ff
--- /dev/null
+++ b/src/cmd/go/testdata/script/test_cache_coverpkg_no_profile.txt
@@ -0,0 +1,80 @@
+# Test that the test cache is invalidated when -coverpkg dependencies change,
+# even when -coverprofile is not specified. This exercises the else-if branch
+# in tryCacheWithID that checks covMeta without a cover profile file.
+
+[short] skip
+[GODEBUG:gocacheverify=1] skip
+
+# Start with a clean GOCACHE.
+env GOCACHE=$WORK/cache
+
+cd proj
+
+# Run tests with -cover and -coverpkg but without -coverprofile.
+go test -cover -coverpkg=proj/... ./...
+stdout 'coverage:'
+
+# Run again — should be served from cache.
+go test -cover -coverpkg=proj/... ./...
+stdout '\(cached\)'
+stdout 'coverage:'
+
+# Modify a covered package that is not directly under test.
+cp ../sub_modified.go sub/sub.go
+
+# Run again — the cache must be invalidated because a covered package changed.
+go test -cover -coverpkg=proj/... ./...
+! stdout '\(cached\)'
+stdout 'coverage:'
+
+-- proj/go.mod --
+module proj
+
+go 1.21
+
+-- proj/main.go --
+package proj
+
+import "proj/sub"
+
+func Add(a, b int) int {
+	return sub.Sub(a, -b)
+}
+
+-- proj/main_test.go --
+package proj
+
+import "testing"
+
+func TestAdd(t *testing.T) {
+	if Add(1, 2) != 3 {
+		t.Fatal("expected 3")
+	}
+}
+
+-- proj/sub/sub.go --
+package sub
+
+func Sub(a, b int) int {
+	return a - b
+}
+
+-- proj/sub/sub_test.go --
+package sub
+
+import "testing"
+
+func TestSub(t *testing.T) {
+	if Sub(3, 1) != 2 {
+		t.Fatal("expected 2")
+	}
+}
+
+-- sub_modified.go --
+package sub
+
+// Added a comment to change the source.
+
+func Sub(a, b int) int {
+	return a - b
+}

From 0bec63330d73d022d8b44b229f33b99639d16654 Mon Sep 17 00:00:00 2001
From: Neal Patel <nealpatel@google.com>
Date: Tue, 28 Apr 2026 12:10:24 -0400
Subject: [PATCH 28/31] [release-branch.go1.26] net/mail: fix quadratic
 consumePhrase behavior

Updates #78987
Fixes #79004
Fixes CVE-2026-42499

Change-Id: I8438e5dee7e6433573d4161baf8fb2151e7fbc2f
Reviewed-on: https://go-review.googlesource.com/c/go/+/771520
Reviewed-by: Nicholas Husin <husin@google.com>
Reviewed-by: Nicholas Husin <nsh@golang.org>
LUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
(cherry picked from commit 2c59389fcc5194aeae742fb413e55b656c22343f)
Reviewed-on: https://go-review.googlesource.com/c/go/+/772121
Auto-Submit: Michael Pratt <mpratt@google.com>
---
 src/net/mail/message.go      | 23 +++++++++++++++++------
 src/net/mail/message_test.go | 11 +++++++++++
 2 files changed, 28 insertions(+), 6 deletions(-)

diff --git a/src/net/mail/message.go b/src/net/mail/message.go
index fbf1fca68f5e68..80140a467771b9 100644
--- a/src/net/mail/message.go
+++ b/src/net/mail/message.go
@@ -575,8 +575,10 @@ func (p *addrParser) consumeAddrSpec() (spec string, err error) {
 func (p *addrParser) consumePhrase() (phrase string, err error) {
 	debug.Printf("consumePhrase: [%s]", p.s)
 	// phrase = 1*word
-	var words []string
-	var isPrevEncoded bool
+	var (
+		words []string
+		sb    strings.Builder
+	)
 	for {
 		// obs-phrase allows CFWS after one word
 		if len(words) > 0 {
@@ -608,13 +610,22 @@ func (p *addrParser) consumePhrase() (phrase string, err error) {
 			break
 		}
 		debug.Printf("consumePhrase: consumed %q", word)
-		if isPrevEncoded && isEncoded {
-			words[len(words)-1] += word
-		} else {
+		switch {
+		case isEncoded:
+			sb.WriteString(word)
+		case !isEncoded && sb.Len() > 0:
+			words = append(words, sb.String())
+			sb.Reset()
+			words = append(words, word)
+		default:
 			words = append(words, word)
 		}
-		isPrevEncoded = isEncoded
 	}
+
+	if sb.Len() > 0 {
+		words = append(words, sb.String())
+	}
+
 	// Ignore any error if we got at least one word.
 	if err != nil && len(words) == 0 {
 		debug.Printf("consumePhrase: hit err: %v", err)
diff --git a/src/net/mail/message_test.go b/src/net/mail/message_test.go
index 3393b03af54bf2..80a4b2da765e6a 100644
--- a/src/net/mail/message_test.go
+++ b/src/net/mail/message_test.go
@@ -1262,6 +1262,17 @@ func TestEmptyAddress(t *testing.T) {
 	}
 }
 
+func BenchmarkConsumePhrase(b *testing.B) {
+	for _, n := range []int{10, 100, 1000, 10000} {
+		b.Run(fmt.Sprintf("words-%d", n), func(b *testing.B) {
+			input := strings.Repeat("=?utf-8?q?hello?= ", n) + "<user@example.com>"
+			for b.Loop() {
+				(&addrParser{s: input}).consumePhrase()
+			}
+		})
+	}
+}
+
 func BenchmarkConsumeComment(b *testing.B) {
 	for _, n := range []int{10, 100, 1000, 10000} {
 		b.Run(fmt.Sprintf("depth-%d", n), func(b *testing.B) {

From 3baf3eec3b2247bbfbdeac4193c88baa7acc0842 Mon Sep 17 00:00:00 2001
From: Damien Neil <dneil@google.com>
Date: Fri, 24 Apr 2026 16:40:40 -0700
Subject: [PATCH 29/31] [release-branch.go1.26] all: avoid unsafe
 StringToUTF16Ptr on Windows

The syscall.UTF16PtrFromString function panics when
provided with an input containing a NUL character.
Replace with syscall.UTF16PtrFromString.

Fixes potential panics in net.Dial, net.LookupPort,
and syscall.Readlink.

Fixes CVE-2026-39836
Updates #79006
Fixes #79029

Change-Id: I2fd7bb750d27474047f199faca4061466a6a6964
Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/4260
Reviewed-by: Nicholas Husin <husin@google.com>
Reviewed-by: Neal Patel <nealpatel@google.com>
Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/4440
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/775162
Reviewed-by: Cherry Mui <cherryyz@google.com>
Reviewed-by: Michael Pratt <mpratt@google.com>
TryBot-Bypass: Gopher Robot <gobot@golang.org>
Auto-Submit: Gopher Robot <gobot@golang.org>
---
 src/internal/syscall/windows/registry/key.go  | 12 ++++++++++--
 .../syscall/windows/registry/value.go         |  6 +++++-
 src/net/lookup_test.go                        |  1 +
 src/net/lookup_windows.go                     | 19 ++++++++++++++++---
 src/syscall/syscall_windows.go                |  6 +++++-
 5 files changed, 37 insertions(+), 7 deletions(-)

diff --git a/src/internal/syscall/windows/registry/key.go b/src/internal/syscall/windows/registry/key.go
index b95fa8d3326e39..768967ddcfbe57 100644
--- a/src/internal/syscall/windows/registry/key.go
+++ b/src/internal/syscall/windows/registry/key.go
@@ -132,7 +132,11 @@ loopItems:
 func CreateKey(k Key, path string, access uint32) (newk Key, openedExisting bool, err error) {
 	var h syscall.Handle
 	var d uint32
-	err = regCreateKeyEx(syscall.Handle(k), syscall.StringToUTF16Ptr(path),
+	pathp, err := syscall.UTF16PtrFromString(path)
+	if err != nil {
+		return 0, false, err
+	}
+	err = regCreateKeyEx(syscall.Handle(k), pathp,
 		0, nil, _REG_OPTION_NON_VOLATILE, access, nil, &h, &d)
 	if err != nil {
 		return 0, false, err
@@ -142,7 +146,11 @@ func CreateKey(k Key, path string, access uint32) (newk Key, openedExisting bool
 
 // DeleteKey deletes the subkey path of key k and its values.
 func DeleteKey(k Key, path string) error {
-	return regDeleteKey(syscall.Handle(k), syscall.StringToUTF16Ptr(path))
+	pathp, err := syscall.UTF16PtrFromString(path)
+	if err != nil {
+		return err
+	}
+	return regDeleteKey(syscall.Handle(k), pathp)
 }
 
 // A KeyInfo describes the statistics of a key. It is returned by Stat.
diff --git a/src/internal/syscall/windows/registry/value.go b/src/internal/syscall/windows/registry/value.go
index 67b1144eae586f..e267616a8119f9 100644
--- a/src/internal/syscall/windows/registry/value.go
+++ b/src/internal/syscall/windows/registry/value.go
@@ -333,7 +333,11 @@ func (k Key) SetBinaryValue(name string, value []byte) error {
 
 // DeleteValue removes a named value from the key k.
 func (k Key) DeleteValue(name string) error {
-	return regDeleteValue(syscall.Handle(k), syscall.StringToUTF16Ptr(name))
+	namep, err := syscall.UTF16PtrFromString(name)
+	if err != nil {
+		return err
+	}
+	return regDeleteValue(syscall.Handle(k), namep)
 }
 
 // ReadValueNames returns the value names of key k.
diff --git a/src/net/lookup_test.go b/src/net/lookup_test.go
index 2a774100a8ec67..42211ed099ed1e 100644
--- a/src/net/lookup_test.go
+++ b/src/net/lookup_test.go
@@ -769,6 +769,7 @@ func TestLookupPort(t *testing.T) {
 		{"udp", "-1", 0, false},
 		{"udp", "65536", 0, false},
 		{"tcp", "123456789", 0, false},
+		{"tcp", "bad\x00port", 0, false},
 
 		// Issue 13610: LookupPort("tcp", "")
 		{"tcp", "", 0, true},
diff --git a/src/net/lookup_windows.go b/src/net/lookup_windows.go
index 38034dc6014c93..9af20bbb2bc1b0 100644
--- a/src/net/lookup_windows.go
+++ b/src/net/lookup_windows.go
@@ -215,8 +215,13 @@ func (r *Resolver) lookupPort(ctx context.Context, network, service string) (int
 		hints.Family = syscall.AF_INET6
 	}
 
+	servicep, err := syscall.UTF16PtrFromString(service)
+	if err != nil {
+		return 0, newDNSError(err, network+"/"+service, "")
+	}
+
 	var result *syscall.AddrinfoW
-	e := syscall.GetAddrInfoW(nil, syscall.StringToUTF16Ptr(service), &hints, &result)
+	e := syscall.GetAddrInfoW(nil, servicep, &hints, &result)
 	if e != nil {
 		if port, err := lookupPortMap(network, service); err == nil {
 			return port, nil
@@ -269,7 +274,12 @@ func (r *Resolver) lookupCNAME(ctx context.Context, name string) (string, error)
 	}
 	defer syscall.DnsRecordListFree(rec, 1)
 
-	resolved := resolveCNAME(syscall.StringToUTF16Ptr(name), rec)
+	namep, err := syscall.UTF16PtrFromString(name)
+	if err != nil {
+		return "", newDNSError(err, name, "")
+	}
+
+	resolved := resolveCNAME(namep, rec)
 	cname := windows.UTF16PtrToString(resolved)
 	return absDomainName(cname), nil
 }
@@ -415,7 +425,10 @@ const dnsSectionMask = 0x0003
 
 // returns only results applicable to name and resolves CNAME entries.
 func validRecs(r *syscall.DNSRecord, dnstype uint16, name string) []*syscall.DNSRecord {
-	cname := syscall.StringToUTF16Ptr(name)
+	cname, err := syscall.UTF16PtrFromString(name)
+	if err != nil {
+		return nil
+	}
 	if dnstype != syscall.DNS_TYPE_CNAME {
 		cname = resolveCNAME(cname, r)
 	}
diff --git a/src/syscall/syscall_windows.go b/src/syscall/syscall_windows.go
index 3e63897b6bc3a3..895aa92a2eb5ef 100644
--- a/src/syscall/syscall_windows.go
+++ b/src/syscall/syscall_windows.go
@@ -1375,7 +1375,11 @@ func LoadCreateSymbolicLink() error {
 
 // Readlink returns the destination of the named symbolic link.
 func Readlink(path string, buf []byte) (n int, err error) {
-	fd, err := CreateFile(StringToUTF16Ptr(path), GENERIC_READ, 0, nil, OPEN_EXISTING,
+	pathp, err := UTF16PtrFromString(path)
+	if err != nil {
+		return -1, err
+	}
+	fd, err := CreateFile(pathp, GENERIC_READ, 0, nil, OPEN_EXISTING,
 		FILE_FLAG_OPEN_REPARSE_POINT|FILE_FLAG_BACKUP_SEMANTICS, 0)
 	if err != nil {
 		return -1, err

From 8282c628a01c9653e8ecae9c8d7e465c92101279 Mon Sep 17 00:00:00 2001
From: Damien Neil <dneil@google.com>
Date: Thu, 30 Apr 2026 13:10:49 -0700
Subject: [PATCH 30/31] [release-branch.go1.26] cmd/go: reject sumdb response
 lacking module hash

Report an error when a sumdb /lookup/ request does not
include a hash for the requested module, rather than
silently proceeding.

Previously, we would verify that a returned sum matched
the expected module hash, but did not verify that the
response contained a sum. This permits a malicous
proxy to serve a corrupted module along with a
valid-but-irrelevant sumdb response for some other
module. We now ensure that the sumdb response contains
a valid hash for the module we are validating.

Thanks to Mundur (https://github.com/M0nd0R) for reporting this issue.

Fixes CVE-2026-42501
Updates #79070
Fixes #79073

Change-Id: I7d9a367deb237aa70cade2434495998f6a6a6964
Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/4340
Reviewed-by: Nicholas Husin <husin@google.com>
Reviewed-by: Neal Patel <nealpatel@google.com>
Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/4420
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/775163
Reviewed-by: Michael Pratt <mpratt@google.com>
Auto-Submit: Gopher Robot <gobot@golang.org>
Reviewed-by: Cherry Mui <cherryyz@google.com>
TryBot-Bypass: Gopher Robot <gobot@golang.org>
---
 src/cmd/go/internal/modfetch/fetch.go         | 15 ++++++++++++++-
 src/cmd/go/proxy_test.go                      | 17 +++++++++++++++++
 src/cmd/go/testdata/script/mod_sum_absent.txt | 17 +++++++++++++++++
 3 files changed, 48 insertions(+), 1 deletion(-)
 create mode 100644 src/cmd/go/testdata/script/mod_sum_absent.txt

diff --git a/src/cmd/go/internal/modfetch/fetch.go b/src/cmd/go/internal/modfetch/fetch.go
index 7c9280f1d090bd..ed384c3c43fb75 100644
--- a/src/cmd/go/internal/modfetch/fetch.go
+++ b/src/cmd/go/internal/modfetch/fetch.go
@@ -870,7 +870,7 @@ func checkSumDB(mod module.Version, h string) error {
 			return module.VersionError(modWithoutSuffix, fmt.Errorf("verifying %s: checksum mismatch\n\tdownloaded: %v\n\t%s: %v"+sumdbMismatch, noun, h, db, line[len(prefix)-len("h1:"):]))
 		}
 	}
-	return nil
+	return module.VersionError(modWithoutSuffix, fmt.Errorf("verifying %s: checksum missing from sumdb response"+sumdbAbsent, noun))
 }
 
 // Sum returns the checksum for the downloaded copy of the given module,
@@ -1080,6 +1080,19 @@ have intercepted the download attempt.
 For more information, see 'go help module-auth'.
 `
 
+const sumdbAbsent = `
+
+SECURITY ERROR
+This download does NOT match one reported by the checksum server.
+The checksum server has provided checksums, but the checksums do
+not contain an entry for the download.
+The checksum server may be malfunctioning, or an attacker may have
+intercepted the checksum request.
+The download cannot be verified.
+
+For more information, see 'go help module-auth'.
+`
+
 const hashVersionMismatch = `
 
 SECURITY WARNING
diff --git a/src/cmd/go/proxy_test.go b/src/cmd/go/proxy_test.go
index 5ff81361c9609a..2a8bacec186819 100644
--- a/src/cmd/go/proxy_test.go
+++ b/src/cmd/go/proxy_test.go
@@ -172,6 +172,23 @@ func proxyHandler(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	// Request for $GOPROXY/sumdb-redirect/module@version:/lookup/...
+	// performs a lookup for module@version rather than the requested module.
+	if strings.HasPrefix(path, "sumdb-redirect/") {
+		redirect, rest, ok := strings.Cut(path[len("sumdb-redirect"):], ":")
+		if !ok {
+			w.WriteHeader(500)
+			return
+		}
+		if strings.HasPrefix(rest, "/lookup/") {
+			r.URL.Path = "/lookup" + redirect
+		} else {
+			r.URL.Path = rest
+		}
+		sumdbServer.ServeHTTP(w, r)
+		return
+	}
+
 	// Request for $GOPROXY/redirect/<count>/... goes to redirects.
 	if strings.HasPrefix(path, "redirect/") {
 		path = path[len("redirect/"):]
diff --git a/src/cmd/go/testdata/script/mod_sum_absent.txt b/src/cmd/go/testdata/script/mod_sum_absent.txt
new file mode 100644
index 00000000000000..c2dd814542d671
--- /dev/null
+++ b/src/cmd/go/testdata/script/mod_sum_absent.txt
@@ -0,0 +1,17 @@
+# When the sumdb returns a response which does not
+# include a sum for the requested module,
+# we should report an error.
+# Verifies CVE-2026-42501.
+env sumdb=$GOSUMDB
+env proxy=$GOPROXY
+env GOPROXY GONOPROXY GOSUMDB GONOSUMDB
+
+# /sumdb-redirect/ causes the sumdb to return /lookup/ responses
+# for rsc.io/quote@v1.0.0, not for the requested module.
+env GOSUMDB=$sumdb' '$proxy/sumdb-redirect/rsc.io/quote@v1.0.0:
+
+! go get rsc.io/fortune@v1.0.0
+stderr 'SECURITY ERROR'
+! grep rsc.io go.sum
+-- go.mod --
+module m

From 2dc996f71b0ebafb77e64433e58333e049488a3c Mon Sep 17 00:00:00 2001
From: Gopher Robot <gobot@golang.org>
Date: Thu, 7 May 2026 08:48:54 -0700
Subject: [PATCH 31/31] [release-branch.go1.26] go1.26.3

Change-Id: Ifcfb963f256eff89bc1c447b0dd7471d9cd46cc5
Reviewed-on: https://go-review.googlesource.com/c/go/+/775261
Auto-Submit: Gopher Robot <gobot@golang.org>
Reviewed-by: Michael Pratt <mpratt@google.com>
TryBot-Bypass: Gopher Robot <gobot@golang.org>
Reviewed-by: Cherry Mui <cherryyz@google.com>
---
 VERSION | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/VERSION b/VERSION
index 6f84a79fe4133f..5378f3c07548b6 100644
--- a/VERSION
+++ b/VERSION
@@ -1,2 +1,2 @@
-go1.26.2
-time 2026-03-27T21:58:29Z
+go1.26.3
+time 2026-05-04T20:36:18Z