[dev.boringcrypto.go1.13] all: merge go1.13.15 into dev.boringcrypto.go1.13

Change-Id: Ib3d40310ea26c8eeb6b1abf7d2433aaac0eeb12d

CONTRIBUTORS

@@ -76,6 +76,7 @@ Alan Donovan <adonovan@google.com>
 Alan Shreve <alan@inconshreveable.com>
 Albert Nigmatzianov <albertnigma@gmail.com>
 Albert Strasheim <fullung@gmail.com>
+Albert Teoh <albert.teoh@gmail.com>
 Albert Yu <yukinying@gmail.com>
 Alberto Bertogli <albertito@blitiri.com.ar>
 Alberto Donizetti <alb.donizetti@gmail.com>
@@ -140,6 +141,7 @@ Ali Rizvi-Santiago <arizvisa@gmail.com>
 Aliaksandr Valialkin <valyala@gmail.com>
 Alif Rachmawadi <subosito@gmail.com>
 Allan Simon <allan.simon@supinfo.com>
+Allen Li <ayatane@google.com>
 Alok Menghrajani <alok.menghrajani@gmail.com>
 Aman Gupta <aman@tmm1.net>
 Amir Mohammad Saied <amir@gluegadget.com>
@@ -147,6 +149,7 @@ Amr Mohammed <merodiro@gmail.com>
 Amrut Joshi <amrut.joshi@gmail.com>
 Anand K. Mistry <anand@mistry.ninja>
 Anders Pearson <anders@columbia.edu>
+Anderson Queiroz <contato@andersonq.eti.br>
 André Carvalho <asantostc@gmail.com>
 Andre Nathan <andrenth@gmail.com>
 Andrea Nodari <andrea.nodari91@gmail.com>
@@ -182,6 +185,7 @@ Andrew Radev <andrey.radev@gmail.com>
 Andrew Skiba <skibaa@gmail.com>
 Andrew Stribblehill <ads@wompom.org>
 Andrew Szeto <andrew@jabagawee.com>
+Andrew Todd <andrew.todd@wework.com>
 Andrew Werner <andrew@upthere.com> <awerner32@gmail.com>
 Andrew Wilkins <axwalk@gmail.com>
 Andrew Williams <williams.andrew@gmail.com>
@@ -235,6 +239,7 @@ Arnaud Ysmal <arnaud.ysmal@gmail.com>
 Arne Hormann <arnehormann@gmail.com>
 Arnout Engelen <arnout@bzzt.net>
 Aron Nopanen <aron.nopanen@gmail.com>
+Artem Kolin <artemkaxboy@gmail.com>
 Arthur Fabre <arthur@arthurfabre.com>
 Arthur Khashaev <arthur@khashaev.ru>
 Artyom Pervukhin <artyom.pervukhin@gmail.com>
@@ -284,6 +289,7 @@ Benny Siegert <bsiegert@gmail.com>
 Benoit Sigoure <tsunanet@gmail.com>
 Berengar Lehr <Berengar.Lehr@gmx.de>
 Berkant Ipek <41230766+0xbkt@users.noreply.github.com>
+Bharath Thiruveedula <tbharath91@gmail.com>
 Bill Neubauer <wcn@golang.org> <wcn@google.com> <bill.neubauer@gmail.com>
 Bill O'Farrell <billo@ca.ibm.com>
 Bill Prin <waprin@google.com>
@@ -401,6 +407,7 @@ Chris Zou <chriszou@ca.ibm.com>
 Christian Alexander <christian@linux.com>
 Christian Couder <chriscool@tuxfamily.org>
 Christian Himpel <chressie@googlemail.com> <chressie@gmail.com>
+Christian Muehlhaeuser <muesli@gmail.com>
 Christian Pellegrin <chri@evolware.org>
 Christian R. Petrin <christianpetrin@gmail.com>
 Christine Hansmann <chhansmann@gmail.com>
@@ -481,6 +488,7 @@ Daria Kolistratova <daria.kolistratova@intel.com>
 Darien Raymond <admin@v2ray.com>
 Darren Elwood <darren@textnode.com>
 Darren Grant <darren.e.grant@gmail.com>
+Darren McCleary <darren.rmc@gmail.com>
 Darshan Parajuli <parajulidarshan@gmail.com>
 Datong Sun <dndx@idndx.com>
 Dave Borowitz <dborowitz@google.com>
@@ -501,6 +509,7 @@ David Chase <drchase@google.com>
 David Covert <davidhcovert@gmail.com>
 David Crawshaw <david.crawshaw@zentus.com> <crawshaw@google.com> <crawshaw@golang.org>
 David du Colombier <0intro@gmail.com>
+David Finkel <david.finkel@gmail.com>
 David Forsythe <dforsythe@gmail.com>
 David G. Andersen <dave.andersen@gmail.com>
 David Glasser <glasser@meteor.com>
@@ -594,6 +603,7 @@ Dustin Shields-Cloues <dcloues@gmail.com>
 Dvir Volk <dvir@everything.me> <dvirsky@gmail.com>
 Dylan Waits <dylan@waits.io>
 Edan Bedrik <3d4nb3@gmail.com>
+Eddie Scholtz <escholtz@google.com>
 Eden Li <eden.li@gmail.com>
 Eduard Urbach <e.urbach@gmail.com>
 Eduardo Ramalho <eduardo.ramalho@gmail.com>
@@ -763,9 +773,12 @@ GitHub User @pityonline (438222) <pityonline@gmail.com>
 GitHub User @pytimer (17105586) <lixin20101023@gmail.com>
 GitHub User @saitarunreddy (21041941) <saitarunreddypalla@gmail.com>
 GitHub User @shogo-ma (9860598) <Choroma194@gmail.com>
+GitHub User @tatsumack (4510569) <tatsu.mack@gmail.com>
 GitHub User @tell-k (26263) <ffk2005@gmail.com>
 GitHub User @uhei (2116845) <uhei@users.noreply.github.com>
 GitHub User @uropek (39370426) <uropek@gmail.com>
+GitHub User @utkarsh-extc (53217283) <53217283+utkarsh-extc@users.noreply.github.com>
+GitHub User @yuanhh (1298735) <yuan415030@gmail.com>
 GitHub User @ZZMarquis (7624583) <zhonglingjian3821@163.com>
 Giulio Iotti <dullgiulio@gmail.com>
 Giulio Micheloni <giulio.micheloni@gmail.com>
@@ -861,6 +874,7 @@ Igor Bernstein <igorbernstein@google.com>
 Igor Dolzhikov <bluesriverz@gmail.com>
 Igor Vashyst <ivashyst@gmail.com>
 Igor Zhilianin <igor.zhilianin@gmail.com>
+Illya Yalovyy <yalovoy@gmail.com>
 Ilya Tocar <ilya.tocar@intel.com>
 INADA Naoki <songofacandy@gmail.com>
 Inanc Gumus <m@inanc.io>
@@ -905,6 +919,7 @@ James Clarke <jrtc27@jrtc27.com>
 James Cowgill <James.Cowgill@imgtec.com>
 James Craig Burley <james-github@burleyarch.com>
 James David Chalfant <james.chalfant@gmail.com>
+James Eady <jmeady@google.com>
 James Fysh <james.fysh@gmail.com>
 James Gray <james@james4k.com>
 James Hartig <fastest963@gmail.com>
@@ -937,6 +952,7 @@ Jan Lehnardt <jan@apache.org>
 Jan Mercl <0xjnml@gmail.com> <befelemepeseveze@gmail.com>
 Jan Newmarch <jan.newmarch@gmail.com>
 Jan Pilzer <jan.pilzer@gmx.de>
+Jan Steinke <jan.steinke@gmail.com>
 Jan Ziak <0xe2.0x9a.0x9b@gmail.com>
 Jani Monoses <jani.monoses@ubuntu.com> <jani.monoses@gmail.com>
 Jannis Andrija Schnitzer <jannis@schnitzer.im>
@@ -954,6 +970,7 @@ Jason Smale <jsmale@zendesk.com>
 Jason Travis <infomaniac7@gmail.com>
 Jason Wangsadinata <jwangsadinata@gmail.com>
 Javier Kohen <jkohen@google.com>
+Javier Revillas <jrevillas@massivedynamic.io>
 Javier Segura <javism@gmail.com>
 Jay Conrod <jayconrod@google.com>
 Jay Taylor <outtatime@gmail.com>
@@ -1071,6 +1088,8 @@ Jordan Krage <jmank88@gmail.com>
 Jordan Lewis <jordanthelewis@gmail.com>
 Jordan Liggitt <liggitt@google.com>
 Jordan Rhee <jordanrh@microsoft.com>
+Jordi Martin <jordimartin@gmail.com>
+Jorge Araya <jorgejavieran@yahoo.com.mx>
 Jos Visser <josv@google.com>
 Jose Luis Vázquez González <josvazg@gmail.com>
 Joseph Bonneau <jcb@google.com>
@@ -1114,6 +1133,7 @@ Justin Gracenin <jgracenin@gmail.com>
 Justin Li <git@justinli.net>
 Justin Nuß <nuss.justin@gmail.com>
 Justyn Temme <justyntemme@gmail.com>
+Kelly Heller <pestophagous@gmail.com>
 Kai Backman <kaib@golang.org>
 Kai Dong <dokia2357@gmail.com>
 Kai Trukenmüller <ktye78@gmail.com>
@@ -1159,6 +1179,7 @@ Kenta Mori <zoncoen@gmail.com>
 Ketan Parmar <ketanbparmar@gmail.com>
 Kevin Ballard <kevin@sb.org>
 Kevin Burke <kev@inburke.com>
+Kevin Gillette <extemporalgenome@gmail.com>
 Kevin Kirsche <kev.kirsche@gmail.com>
 Kevin Klues <klueska@gmail.com> <klueska@google.com>
 Kevin Malachowski <chowski@google.com>
@@ -1284,6 +1305,7 @@ Marius A. Eriksen <marius@grailbio.com>
 Marius Nuennerich <mnu@google.com>
 Mark Adams <mark@markadams.me>
 Mark Bucciarelli <mkbucc@gmail.com>
+Mark Glines <mark@glines.org>
 Mark Harrison <marhar@google.com>
 Mark Percival <m@mdp.im>
 Mark Pulford <mark@kyne.com.au>
@@ -1480,6 +1502,7 @@ Muir Manders <muir@mnd.rs>
 Mura Li <mura_li@castech.com.tw>
 Mykhailo Lesyk <mikhail@lesyk.org>
 Nan Deng <monnand@gmail.com>
+Nao Yonashiro <owan.orisano@gmail.com>
 Naoki Kanatani <k12naoki@gmail.com>
 Nate Wilkinson <nathanwilk7@gmail.com>
 Nathan Cantelmo <n.cantelmo@gmail.com>
@@ -1566,6 +1589,7 @@ Paolo Giarrusso <p.giarrusso@gmail.com>
 Paolo Martini <mrtnpaolo@gmail.com>
 Parker Moore <parkrmoore@gmail.com>
 Parminder Singh <parmsingh101@gmail.com>
+Pascal Dierich <pascal@pascaldierich.com>
 Pascal S. de Kloe <pascal@quies.net>
 Pat Moroney <pat@pat.email>
 Patrick Barker <barkerp@vmware.com>
@@ -1658,6 +1682,7 @@ Prasanna Swaminathan <prasanna@mediamath.com>
 Prashant Varanasi <prashant@prashantv.com>
 Pravendra Singh <hackpravj@gmail.com>
 Preetam Jinka <pj@preet.am>
+Pure White <wu.purewhite@gmail.com>
 Qais Patankar <qaisjp@gmail.com>
 Qiuxuan Zhu <ilsh1022@gmail.com>
 Quan Tran <qeed.quan@gmail.com>
@@ -1774,6 +1799,7 @@ Sad Pencil <qh06@qq.com>
 Sai Cheemalapati <saicheems@google.com>
 Sakeven Jiang <jc5930@sina.cn>
 Salmān Aljammāz <s@0x65.net>
+Sam Arnold <sarnold64@bloomberg.net>
 Sam Boyer <tech@samboyer.org>
 Sam Ding <samding@ca.ibm.com>
 Sam Hug <samuel.b.hug@gmail.com>
@@ -1785,6 +1811,7 @@ Sami Pönkänen <sami.ponkanen@gmail.com>
 Samuel Kelemen <SCKelemen@users.noreply.github.com>
 Samuel Tan <samueltan@google.com>
 Samuele Pedroni <pedronis@lucediurna.net>
+Sander van Harmelen <sander@vanharmelen.nl>
 Sanjay Menakuru <balasanjay@gmail.com>
 Santhosh Kumar Tekuri <santhosh.tekuri@gmail.com>
 Sarah Adams <shadams@google.com>
@@ -1814,6 +1841,7 @@ Sebastien Williams-Wynn <sebastien@cytora.com>
 Segev Finer <segev208@gmail.com>
 Seiji Takahashi <timaki.st@gmail.com>
 Sergei Skorobogatov <skorobo@rambler.ru>
+Sergei Zagurskii <gvozdoder@gmail.com>
 Sergey 'SnakE' Gromov <snake.scaly@gmail.com>
 Sergey Arseev <sergey.arseev@intel.com>
 Sergey Dobrodey <sergey.dobrodey@synesis.ru>
@@ -1845,6 +1873,7 @@ Shijie Hao <haormj@gmail.com>
 Shinji Tanaka <shinji.tanaka@gmail.com>
 Shintaro Kaneko <kaneshin0120@gmail.com>
 Shivakumar GN <shivakumar.gn@gmail.com>
+Shivani Singhal <shivani.singhal2804@gmail.com>
 Shivansh Rai <shivansh@freebsd.org>
 Shubham Sharma <shubham.sha12@gmail.com>
 Shun Fan <sfan@google.com>
@@ -1865,6 +1894,7 @@ StalkR <stalkr@stalkr.net>
 Stan Schwertly <stan@schwertly.com>
 Stanislav Afanasev <php.progger@gmail.com>
 Steeve Morin <steeve.morin@gmail.com>
+Stefan Baebler <sbaebler@outbrain.com>
 Stefan Nilsson <snilsson@nada.kth.se> <trolleriprofessorn@gmail.com>
 Stepan Shabalin <neverliberty@gmail.com>
 Stephan Renatus <srenatus@chef.io>
@@ -1951,6 +1981,7 @@ Thomas Wanielista <tomwans@gmail.com>
 Thorben Krueger <thorben.krueger@gmail.com>
 Thordur Bjornsson <thorduri@secnorth.net>
 Tiago Queiroz <contato@tiago.eti.br>
+Tianon Gravi <admwiggin@gmail.com>
 Tilman Dilo <tilman.dilo@gmail.com>
 Tim Cooijmans <timcooijmans@gmail.com>
 Tim Cooper <tim.cooper@layeh.com>
@@ -1991,6 +2022,7 @@ Tony Walker <walkert.uk@gmail.com>
 Tooru Takahashi <tooru.takahashi134@gmail.com>
 Tor Andersson <tor.andersson@gmail.com>
 Tormod Erevik Lea <tormodlea@gmail.com>
+Toshihiro Shiino <shiino.toshihiro@gmail.com>
 Toshiki Shima <hayabusa1419@gmail.com>
 Totoro W <tw19881113@gmail.com>
 Travis Bischel <travis.bischel@gmail.com>
@@ -2052,6 +2084,7 @@ Volker Dobler <dr.volker.dobler@gmail.com>
 Volodymyr Paprotski <vpaprots@ca.ibm.com>
 W. Trevor King <wking@tremily.us>
 Wade Simmons <wade@wades.im>
+Wagner Riffel <wgrriffel@gmail.com>
 Walter Poupore <wpoupore@google.com>
 Wander Lairson Costa <wcosta@mozilla.com>
 Warren Fernandes <warren.f.fernandes@gmail.com>

README.boringcrypto.md

@@ -0,0 +1,18 @@
+# dev.boringcrypto branch
+
+We have been working inside Google on a fork of Go that uses
+BoringCrypto (the core of [BoringSSL](https://boringssl.googlesource.com/boringssl/)) for various crypto primitives, in
+furtherance of some [work related to FIPS 140-2](http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp2964.pdf). We have heard that
+some external users of Go would be interested in this code as well, so
+I intend to create a new branch dev.boringcrypto that will hold
+patches to make Go use BoringCrypto.
+
+Unlike typical dev branches, we do not intend any eventual merge of
+this code into the master branch. Instead we intend to maintain in
+that branch the latest release plus BoringCrypto patches. In this
+sense it is a bit like dev.typealias holding go1.8+type alias patches.
+
+To be clear, we are not making any statements or representations about
+the suitability of this code in relation to the FIPS 140-2 standard.
+Interested users will have to evaluate for themselves whether the code
+is useful for their own purposes.

api/go1.9.txt

@@ -7,6 +7,7 @@ pkg crypto, const BLAKE2b_512 Hash
 pkg crypto, const BLAKE2s_256 = 16
 pkg crypto, const BLAKE2s_256 Hash
 pkg crypto/x509, type Certificate struct, ExcludedDNSDomains []string
+pkg crypto/x509, type VerifyOptions struct, IsBoring func(*Certificate) bool
 pkg database/sql, method (*Conn) BeginTx(context.Context, *TxOptions) (*Tx, error)
 pkg database/sql, method (*Conn) Close() error
 pkg database/sql, method (*Conn) ExecContext(context.Context, string, ...interface{}) (Result, error)

doc/contrib.html

@@ -34,6 +34,7 @@ We encourage all Go users to subscribe to
 <p>A <a href="/doc/devel/release.html">summary</a> of the changes between Go releases. Notes for the major releases:</p>
 
 <ul>
+	<li><a href="/doc/go1.13">Go 1.13</a> <small>(September 2019)</small></li>
 	<li><a href="/doc/go1.12">Go 1.12</a> <small>(February 2019)</small></li>
 	<li><a href="/doc/go1.11">Go 1.11</a> <small>(August 2018)</small></li>
 	<li><a href="/doc/go1.10">Go 1.10</a> <small>(February 2018)</small></li>

doc/devel/release.html

@@ -23,6 +23,53 @@ in supported releases as needed by issuing minor revisions
 (for example, Go 1.6.1, Go 1.6.2, and so on).
 </p>
 
+<h2 id="go1.13">go1.13 (released 2019/09/03)</h2>
+
+<p>
+Go 1.13 is a major release of Go.
+Read the <a href="/doc/go1.13">Go 1.13 Release Notes</a> for more information.
+</p>
+
+<h3 id="go1.13.minor">Minor revisions</h3>
+
+<p>
+go1.13.1 (released 2019/09/25) includes security fixes to the
+<code>net/http</code> and <code>net/textproto</code> packages.
+See the <a href="https://github.com/golang/go/issues?q=milestone%3AGo1.13.1+label%3ACherryPickApproved">Go
+1.13.1 milestone</a> on our issue tracker for details.
+</p>
+
+<p>
+go1.13.2 (released 2019/10/17) includes security fixes to the
+<code>crypto/dsa</code> package and the compiler.
+See the <a href="https://github.com/golang/go/issues?q=milestone%3AGo1.13.2+label%3ACherryPickApproved">Go
+1.13.2 milestone</a> on our issue tracker for details.
+</p>
+
+<p>
+go1.13.3 (released 2019/10/17) includes fixes to the go command,
+the toolchain, the runtime, <code>syscall</code>, <code>net</code>,
+<code>net/http</code>, and <code>crypto/ecdsa</code> packages.
+See the <a href="https://github.com/golang/go/issues?q=milestone%3AGo1.13.3+label%3ACherryPickApproved">Go
+1.13.3 milestone</a> on our issue tracker for details.
+</p>
+
+<p>
+go1.13.4 (released 2019/10/31) includes fixes to the <code>net/http</code> and
+<code>syscall</code> packages. It also fixes an issue on macOS 10.15 Catalina
+where the non-notarized installer and binaries were being
+<a href="https://golang.org/issue/34986">rejected by Gatekeeper</a>.
+See the <a href="https://github.com/golang/go/issues?q=milestone%3AGo1.13.4+label%3ACherryPickApproved">Go
+1.13.4 milestone</a> on our issue tracker for details.
+</p>
+
+<p>
+go1.13.5 (released 2019/12/04) includes fixes to the go command, the runtime,
+the linker, and the <code>net/http</code> package. See the
+<a href="https://github.com/golang/go/issues?q=milestone%3AGo1.13.5+label%3ACherryPickApproved">Go
+1.13.5 milestone</a> on our issue tracker for details.
+</p>
+
 <h2 id="go1.12">go1.12 (released 2019/02/25)</h2>
 
 <p>
@@ -36,7 +83,7 @@ Read the <a href="/doc/go1.12">Go 1.12 Release Notes</a> for more information.
 go1.12.1 (released 2019/03/14) includes fixes to cgo, the compiler, the go
 command, and the <code>fmt</code>, <code>net/smtp</code>, <code>os</code>,
 <code>path/filepath</code>, <code>sync</code>, and <code>text/template</code>
-packages. See the <a href="https://github.com/golang/go/issues?q=milestone%3AGo1.12.1">Go
+packages. See the <a href="https://github.com/golang/go/issues?q=milestone%3AGo1.12.1+label%3ACherryPickApproved">Go
 1.12.1 milestone</a> on our issue tracker for details.
 </p>
 
@@ -44,7 +91,7 @@ packages. See the <a href="https://github.com/golang/go/issues?q=milestone%3AGo1
 go1.12.2 (released 2019/04/05) includes fixes to the compiler, the go
 command, the runtime, and the <code>doc</code>, <code>net</code>,
 <code>net/http/httputil</code>, and <code>os</code> packages. See the
-<a href="https://github.com/golang/go/issues?q=milestone%3AGo1.12.2">Go
+<a href="https://github.com/golang/go/issues?q=milestone%3AGo1.12.2+label%3ACherryPickApproved">Go
 1.12.2 milestone</a> on our issue tracker for details.
 </p>
 
@@ -65,7 +112,7 @@ Only Linux users who hit this issue need to update.
 <p>
 go1.12.5 (released 2019/05/06) includes fixes to the compiler, the linker,
 the go command, the runtime, and the <code>os</code> package. See the
-<a href="https://github.com/golang/go/issues?q=milestone%3AGo1.12.5">Go
+<a href="https://github.com/golang/go/issues?q=milestone%3AGo1.12.5+label%3ACherryPickApproved">Go
 1.12.5 milestone</a> on our issue tracker for details.
 </p>
 
@@ -73,21 +120,21 @@ the go command, the runtime, and the <code>os</code> package. See the
 go1.12.6 (released 2019/06/11) includes fixes to the compiler, the linker,
 the go command, and the <code>crypto/x509</code>, <code>net/http</code>, and
 <code>os</code> packages. See the
-<a href="https://github.com/golang/go/issues?q=milestone%3AGo1.12.6">Go
+<a href="https://github.com/golang/go/issues?q=milestone%3AGo1.12.6+label%3ACherryPickApproved">Go
 1.12.6 milestone</a> on our issue tracker for details.
 </p>
 
 <p>
 go1.12.7 (released 2019/07/08) includes fixes to cgo, the compiler,
 and the linker.
-See the <a href="https://github.com/golang/go/issues?q=milestone%3AGo1.12.7">Go
+See the <a href="https://github.com/golang/go/issues?q=milestone%3AGo1.12.7+label%3ACherryPickApproved">Go
 1.12.7 milestone</a> on our issue tracker for details.
 </p>
 
 <p>
 go1.12.8 (released 2019/08/13) includes security fixes to the
 <code>net/http</code> and <code>net/url</code> packages.
-See the <a href="https://github.com/golang/go/issues?q=milestone%3AGo1.12.8">Go
+See the <a href="https://github.com/golang/go/issues?q=milestone%3AGo1.12.8+label%3ACherryPickApproved">Go
 1.12.8 milestone</a> on our issue tracker for details.
 </p>
 
@@ -98,6 +145,40 @@ See the <a href="https://github.com/golang/go/issues?q=milestone%3AGo1.12.9+labe
 1.12.9 milestone</a> on our issue tracker for details.
 </p>
 
+<p>
+go1.12.10 (released 2019/09/25) includes security fixes to the
+<code>net/http</code> and <code>net/textproto</code> packages.
+See the <a href="https://github.com/golang/go/issues?q=milestone%3AGo1.12.10+label%3ACherryPickApproved">Go
+1.12.10 milestone</a> on our issue tracker for details.
+</p>
+
+<p>
+go1.12.11 (released 2019/10/17) includes security fixes to the
+<code>crypto/dsa</code> package.
+See the <a href="https://github.com/golang/go/issues?q=milestone%3AGo1.12.11+label%3ACherryPickApproved">Go
+1.12.11 milestone</a> on our issue tracker for details.
+</p>
+
+<p>
+go1.12.12 (released 2019/10/17) includes fixes to the go command,
+runtime, <code>syscall</code> and <code>net</code> packages.
+See the <a href="https://github.com/golang/go/issues?q=milestone%3AGo1.12.12+label%3ACherryPickApproved">Go
+1.12.12 milestone</a> on our issue tracker for details.
+</p>
+
+<p>
+go1.12.13 (released 2019/10/31) fixes an issue on macOS 10.15 Catalina
+where the non-notarized installer and binaries were being
+<a href="https://golang.org/issue/34986">rejected by Gatekeeper</a>.
+Only macOS users who hit this issue need to update.
+</p>
+
+<p>
+go1.12.14 (released 2019/12/04) includes a fix to the runtime. See
+the <a href="https://github.com/golang/go/issues?q=milestone%3AGo1.12.14+label%3ACherryPickApproved">Go
+1.12.14 milestone</a> on our issue tracker for details.
+</p>
+
 <h2 id="go1.11">go1.11 (released 2018/08/24)</h2>
 
 <p>
@@ -112,7 +193,7 @@ go1.11.1 (released 2018/10/01) includes fixes to the compiler, documentation, go
 command, runtime, and the <code>crypto/x509</code>, <code>encoding/json</code>,
 <code>go/types</code>, <code>net</code>, <code>net/http</code>, and
 <code>reflect</code> packages.
-See the <a href="https://github.com/golang/go/issues?q=milestone%3AGo1.11.1">Go
+See the <a href="https://github.com/golang/go/issues?q=milestone%3AGo1.11.1+label%3ACherryPickApproved">Go
 1.11.1 milestone</a> on our issue tracker for details.
 </p>
 
@@ -120,14 +201,14 @@ See the <a href="https://github.com/golang/go/issues?q=milestone%3AGo1.11.1">Go
 go1.11.2 (released 2018/11/02) includes fixes to the compiler, linker,
 documentation, go command, and the <code>database/sql</code> and
 <code>go/types</code> packages.
-See the <a href="https://github.com/golang/go/issues?q=milestone%3AGo1.11.2">Go
+See the <a href="https://github.com/golang/go/issues?q=milestone%3AGo1.11.2+label%3ACherryPickApproved">Go
 1.11.2 milestone</a> on our issue tracker for details.
 </p>
 
 <p>
 go1.11.3 (released 2018/12/12) includes three security fixes to "go get" and
 the <code>crypto/x509</code> package.
-See the <a href="https://github.com/golang/go/issues?q=milestone%3AGo1.11.3">Go
+See the <a href="https://github.com/golang/go/issues?q=milestone%3AGo1.11.3+label%3ACherryPickApproved">Go
 1.11.3 milestone</a> on our issue tracker for details.
 </p>
 
@@ -144,7 +225,7 @@ See the <a href="https://github.com/golang/go/issues?q=milestone%3AGo1.11.4+labe
 <p>
 go1.11.5 (released 2019/01/23) includes a security fix to the
 <code>crypto/elliptic</code> package.  See
-the <a href="https://github.com/golang/go/issues?q=milestone%3AGo1.11.5">Go
+the <a href="https://github.com/golang/go/issues?q=milestone%3AGo1.11.5+label%3ACherryPickApproved">Go
 1.11.5 milestone</a> on our issue tracker for details.
 </p>
 
@@ -152,14 +233,14 @@ the <a href="https://github.com/golang/go/issues?q=milestone%3AGo1.11.5">Go
 go1.11.6 (released 2019/03/14) includes fixes to cgo, the compiler, linker,
 runtime, go command, and the <code>crypto/x509</code>, <code>encoding/json</code>,
 <code>net</code>, and <code>net/url</code> packages. See the
-<a href="https://github.com/golang/go/issues?q=milestone%3AGo1.11.6">Go
+<a href="https://github.com/golang/go/issues?q=milestone%3AGo1.11.6+label%3ACherryPickApproved">Go
 1.11.6 milestone</a> on our issue tracker for details.
 </p>
 
 <p>
 go1.11.7 (released 2019/04/05) includes fixes to the runtime and the
 <code>net</code> packages. See the
-<a href="https://github.com/golang/go/issues?q=milestone%3AGo1.11.7">Go
+<a href="https://github.com/golang/go/issues?q=milestone%3AGo1.11.7+label%3ACherryPickApproved">Go
 1.11.7 milestone</a> on our issue tracker for details.
 </p>
 
@@ -179,26 +260,26 @@ Only Linux users who hit this issue need to update.
 
 <p>
 go1.11.10 (released 2019/05/06) includes fixes to the runtime and the linker.
-See the <a href="https://github.com/golang/go/issues?q=milestone%3AGo1.11.10">Go
+See the <a href="https://github.com/golang/go/issues?q=milestone%3AGo1.11.10+label%3ACherryPickApproved">Go
 1.11.10 milestone</a> on our issue tracker for details.
 </p>
 
 <p>
 go1.11.11 (released 2019/06/11) includes a fix to the <code>crypto/x509</code> package.
-See the <a href="https://github.com/golang/go/issues?q=milestone%3AGo1.11.11">Go
+See the <a href="https://github.com/golang/go/issues?q=milestone%3AGo1.11.11+label%3ACherryPickApproved">Go
 1.11.11 milestone</a> on our issue tracker for details.
 </p>
 
 <p>
 go1.11.12 (released 2019/07/08) includes fixes to the compiler and the linker.
-See the <a href="https://github.com/golang/go/issues?q=milestone%3AGo1.11.12">Go
+See the <a href="https://github.com/golang/go/issues?q=milestone%3AGo1.11.12+label%3ACherryPickApproved">Go
 1.11.12 milestone</a> on our issue tracker for details.
 </p>
 
 <p>
 go1.11.13 (released 2019/08/13) includes security fixes to the
 <code>net/http</code> and <code>net/url</code> packages.
-See the <a href="https://github.com/golang/go/issues?q=milestone%3AGo1.11.13">Go
+See the <a href="https://github.com/golang/go/issues?q=milestone%3AGo1.11.13+label%3ACherryPickApproved">Go
 1.11.13 milestone</a> on our issue tracker for details.
 </p>
 
@@ -216,14 +297,14 @@ go1.10.1 (released 2018/03/28) includes fixes to the compiler, runtime, and the
 <code>archive/zip</code>, <code>crypto/tls</code>, <code>crypto/x509</code>,
 <code>encoding/json</code>, <code>net</code>, <code>net/http</code>, and
 <code>net/http/pprof</code> packages.
-See the <a href="https://github.com/golang/go/issues?q=milestone%3AGo1.10.1">Go
+See the <a href="https://github.com/golang/go/issues?q=milestone%3AGo1.10.1+label%3ACherryPickApproved">Go
 1.10.1 milestone</a> on our issue tracker for details.
 </p>
 
 <p>
 go1.10.2 (released 2018/05/01) includes fixes to the compiler, linker, and go
 command.
-See the <a href="https://github.com/golang/go/issues?q=milestone%3AGo1.10.2">Go
+See the <a href="https://github.com/golang/go/issues?q=milestone%3AGo1.10.2+label%3ACherryPickApproved">Go
 1.10.2 milestone</a> on our issue tracker for details.
 </p>
 
@@ -232,7 +313,7 @@ go1.10.3 (released 2018/06/05) includes fixes to the go command, and the
 <code>crypto/tls</code>, <code>crypto/x509</code>, and <code>strings</code> packages.
 In particular, it adds <a href="https://go.googlesource.com/go/+/d4e21288e444d3ffd30d1a0737f15ea3fc3b8ad9">
 minimal support to the go command for the vgo transition</a>.
-See the <a href="https://github.com/golang/go/issues?q=milestone%3AGo1.10.3">Go
+See the <a href="https://github.com/golang/go/issues?q=milestone%3AGo1.10.3+label%3ACherryPickApproved">Go
 1.10.3 milestone</a> on our issue tracker for details.
 </p>
 
@@ -240,14 +321,14 @@ See the <a href="https://github.com/golang/go/issues?q=milestone%3AGo1.10.3">Go
 go1.10.4 (released 2018/08/24) includes fixes to the go command, linker, and the
 <code>net/http</code>, <code>mime/multipart</code>, <code>ld/macho</code>,
 <code>bytes</code>, and <code>strings</code> packages.
-See the <a href="https://github.com/golang/go/issues?q=milestone%3AGo1.10.4">Go
+See the <a href="https://github.com/golang/go/issues?q=milestone%3AGo1.10.4+label%3ACherryPickApproved">Go
 1.10.4 milestone</a> on our issue tracker for details.
 </p>
 
 <p>
 go1.10.5 (released 2018/11/02) includes fixes to the go command, linker, runtime
 and the <code>database/sql</code> package.
-See the <a href="https://github.com/golang/go/issues?q=milestone%3AGo1.10.5">Go
+See the <a href="https://github.com/golang/go/issues?q=milestone%3AGo1.10.5+label%3ACherryPickApproved">Go
 1.10.5 milestone</a> on our issue tracker for details.
 </p>
 
@@ -255,7 +336,7 @@ See the <a href="https://github.com/golang/go/issues?q=milestone%3AGo1.10.5">Go
 go1.10.6 (released 2018/12/12) includes three security fixes to "go get" and
 the <code>crypto/x509</code> package.
 It contains the same fixes as Go 1.11.3 and was released at the same time.
-See the <a href="https://github.com/golang/go/issues?q=milestone%3AGo1.10.6">Go
+See the <a href="https://github.com/golang/go/issues?q=milestone%3AGo1.10.6+label%3ACherryPickApproved">Go
 1.10.6 milestone</a> on our issue tracker for details.
 </p>
 
@@ -270,7 +351,7 @@ Go 1.10.7 milestone</a> on our issue tracker for details.
 <p>
 go1.10.8 (released 2019/01/23) includes a security fix to the
 <code>crypto/elliptic</code> package.  See
-the <a href="https://github.com/golang/go/issues?q=milestone%3AGo1.10.8">Go
+the <a href="https://github.com/golang/go/issues?q=milestone%3AGo1.10.8+label%3ACherryPickApproved">Go
 1.10.8 milestone</a> on our issue tracker for details.
 </p>
 
@@ -285,7 +366,7 @@ Read the <a href="/doc/go1.9">Go 1.9 Release Notes</a> for more information.
 
 <p>
 go1.9.1 (released 2017/10/04) includes two security fixes.
-See the <a href="https://github.com/golang/go/issues?q=milestone%3AGo1.9.1">Go
+See the <a href="https://github.com/golang/go/issues?q=milestone%3AGo1.9.1+label%3ACherryPickApproved">Go
 1.9.1 milestone</a> on our issue tracker for details.
 </p>
 
@@ -296,7 +377,7 @@ and the <code>crypto/x509</code>, <code>database/sql</code>, <code>log</code>,
 and <code>net/smtp</code> packages.
 It includes a fix to a bug introduced in Go 1.9.1 that broke <code>go</code> <code>get</code>
 of non-Git repositories under certain conditions.
-See the <a href="https://github.com/golang/go/issues?q=milestone%3AGo1.9.2">Go
+See the <a href="https://github.com/golang/go/issues?q=milestone%3AGo1.9.2+label%3ACherryPickApproved">Go
 1.9.2 milestone</a> on our issue tracker for details.
 </p>
 
@@ -304,26 +385,26 @@ See the <a href="https://github.com/golang/go/issues?q=milestone%3AGo1.9.2">Go
 go1.9.3 (released 2018/01/22) includes fixes to the compiler, runtime,
 and the <code>database/sql</code>, <code>math/big</code>, <code>net/http</code>,
 and <code>net/url</code> packages.
-See the <a href="https://github.com/golang/go/issues?q=milestone%3AGo1.9.3">Go
+See the <a href="https://github.com/golang/go/issues?q=milestone%3AGo1.9.3+label%3ACherryPickApproved">Go
 1.9.3 milestone</a> on our issue tracker for details.
 </p>
 
 <p>
 go1.9.4 (released 2018/02/07) includes a security fix to “go get”.
-See the <a href="https://github.com/golang/go/issues?q=milestone%3AGo1.9.4">Go
+See the <a href="https://github.com/golang/go/issues?q=milestone%3AGo1.9.4+label%3ACherryPickApproved">Go
 1.9.4</a> milestone on our issue tracker for details.
 </p>
 
 <p>
 go1.9.5 (released 2018/03/28) includes fixes to the compiler, go command, and
 <code>net/http/pprof</code> package.
-See the <a href="https://github.com/golang/go/issues?q=milestone%3AGo1.9.5">Go
+See the <a href="https://github.com/golang/go/issues?q=milestone%3AGo1.9.5+label%3ACherryPickApproved">Go
 1.9.5 milestone</a> on our issue tracker for details.
 </p>
 
 <p>
 go1.9.6 (released 2018/05/01) includes fixes to the compiler and go command.
-See the <a href="https://github.com/golang/go/issues?q=milestone%3AGo1.9.6">Go
+See the <a href="https://github.com/golang/go/issues?q=milestone%3AGo1.9.6+label%3ACherryPickApproved">Go
 1.9.6 milestone</a> on our issue tracker for details.
 </p>
 
@@ -332,7 +413,7 @@ go1.9.7 (released 2018/06/05) includes fixes to the go command, and the
 <code>crypto/x509</code>, and <code>strings</code> packages.
 In particular, it adds <a href="https://go.googlesource.com/go/+/d4e21288e444d3ffd30d1a0737f15ea3fc3b8ad9">
 minimal support to the go command for the vgo transition</a>.
-See the <a href="https://github.com/golang/go/issues?q=milestone%3AGo1.9.7">Go
+See the <a href="https://github.com/golang/go/issues?q=milestone%3AGo1.9.7+label%3ACherryPickApproved">Go
 1.9.7 milestone</a> on our issue tracker for details.
 </p>
 

doc/go1.10.html

@@ -12,7 +12,7 @@ Do not send CLs removing the interior tags from such phrases.
 -->
 
 <style>
-ul li { margin: 0.5em 0; }
+  main ul li { margin: 0.5em 0; }
 </style>
 
 <h2 id="introduction">Introduction to Go 1.10</h2>

doc/go1.11.html

@@ -12,7 +12,7 @@ Do not send CLs removing the interior tags from such phrases.
 -->
 
 <style>
-  ul li { margin: 0.5em 0; }
+  main ul li { margin: 0.5em 0; }
 </style>
 
 <h2 id="introduction">Introduction to Go 1.11</h2>

doc/go1.12.html

@@ -12,7 +12,7 @@ Do not send CLs removing the interior tags from such phrases.
 -->
 
 <style>
-  ul li { margin: 0.5em 0; }
+  main ul li { margin: 0.5em 0; }
 </style>
 
 <h2 id="introduction">Introduction to Go 1.12</h2>

doc/go1.13.html

@@ -12,16 +12,16 @@ Do not send CLs removing the interior tags from such phrases.
 -->
 
 <style>
-  ul li { margin: 0.5em 0; }
+  main ul li { margin: 0.5em 0; }
 </style>
 
-<h2 id="introduction">DRAFT RELEASE NOTES - Introduction to Go 1.13</h2>
+<h2 id="introduction">Introduction to Go 1.13</h2>
 
 <p>
-  <strong>
-    Go 1.13 is not yet released. These are work-in-progress
-    release notes. Go 1.13 is expected to be released in August 2019.
-  </strong>
+  The latest Go release, version 1.13, arrives six months after <a href="go1.12">Go 1.12</a>.
+  Most of its changes are in the implementation of the toolchain, runtime, and libraries.
+  As always, the release maintains the Go 1 <a href="/doc/go1compat.html">promise of compatibility</a>.
+  We expect almost all Go programs to continue to compile and run as before.
 </p>
 
 <p>
@@ -31,7 +31,8 @@ Do not send CLs removing the interior tags from such phrases.
   for privacy information about these services and the
   <a href="/cmd/go/#hdr-Module_downloading_and_verification">go command documentation</a>
   for configuration details including how to disable the use of these servers or use
-  different ones.
+  different ones. If you depend on non-public modules, see the
+  <a href="/cmd/go/#hdr-Module_configuration_for_non_public_modules">documentation for configuring your environment</a>.
 </p>
 
 <h2 id="language">Changes to the language</h2>
@@ -101,7 +102,7 @@ Do not send CLs removing the interior tags from such phrases.
 
 <h2 id="ports">Ports</h2>
 
-<p>
+<p id="nacl">
   Go 1.13 is the last release that will run on Native Client (NaCl).
 </p>
 
@@ -121,7 +122,7 @@ Do not send CLs removing the interior tags from such phrases.
 <h3 id="android">Android</h3>
 
 <p><!-- CL 170127 -->
-  Go programs are now compatible with Android Q.
+  Go programs are now compatible with Android 10.
 </p>
 
 <h3 id="darwin">Darwin</h3>
@@ -138,7 +139,8 @@ Do not send CLs removing the interior tags from such phrases.
   As <a href="go1.12#freebsd">announced</a> in the Go 1.12 release notes,
   Go 1.13 now requires FreeBSD 11.2 or later;
   support for previous versions has been discontinued.
-  FreeBSD 12.0 or later requires a kernel with the COMPAT_FREEBSD11 option set (this is the default).
+  FreeBSD 12.0 or later requires a kernel with the <code>COMPAT_FREEBSD11</code>
+  option set (this is the default).
 </p>
 
 <h3 id="illumos">Illumos</h3>
@@ -149,18 +151,6 @@ Do not send CLs removing the interior tags from such phrases.
   build tag.
 </p>
 
-<h3 id="netbsd">NetBSD</h3>
-
-<p><!--CL 155739 -->
-  Go now supports NetBSD on arm64.
-</p>
-
-<h3 id="openbsd">OpenBSD</h3>
-
-<p><!--CL 174125 -->
-  Go now supports OpenBSD on arm64.
-</p>
-
 <h3 id="windows">Windows</h3>
 
 <p><!-- CL 178977 -->
@@ -315,7 +305,7 @@ go env -w GOSUMDB=off
 
 <p>
   The <code>go</code> command now verifies the mapping
-  between <a href="/cmd/go#hdr-Pseudo_versions">pseudo-versions</a> and
+  between <a href="/cmd/go/#hdr-Pseudo_versions">pseudo-versions</a> and
   version-control metadata. Specifically:
   <ul>
     <li>The version prefix must be of the form <code>vX.0.0</code>, or derived
@@ -551,9 +541,9 @@ godoc
   To support wrapping, <a href="#fmt"><code>fmt.Errorf</code></a> now has a <code>%w</code>
   verb for creating wrapped errors, and three new functions in
   the <a href="#errors"><code>errors</code></a> package (
-  <a href="/pkg/errors#Unwrap"><code>errors.Unwrap</code></a>,
-  <a href="/pkg/errors#Is"><code>errors.Is</code></a> and
-  <a href="/pkg/errors#As"><code>errors.As</code></a>) simplify unwrapping
+  <a href="/pkg/errors/#Unwrap"><code>errors.Unwrap</code></a>,
+  <a href="/pkg/errors/#Is"><code>errors.Is</code></a> and
+  <a href="/pkg/errors/#As"><code>errors.As</code></a>) simplify unwrapping
   and inspecting wrapped errors.
 </p>
 <p>
@@ -592,10 +582,15 @@ godoc
   <dd>
     <p>
       Support for SSL version 3.0 (SSLv3) <a href="https://golang.org/issue/32716">
-      is now deprecated and will be removed in Go 1.14</a>. Note that SSLv3
-      <a href="https://tools.ietf.org/html/rfc7568">is cryptographically
-      broken</a>, is already disabled by default in <code>crypto/tls</code>,
-      and was never supported by Go clients.
+      is now deprecated and will be removed in Go 1.14</a>. Note that SSLv3 is the
+      <a href="https://tools.ietf.org/html/rfc7568">cryptographically broken</a>
+      protocol predating TLS.
+    </p>
+
+    <p>
+      SSLv3 was always disabled by default, other than in Go 1.12, when it was
+      mistakenly enabled by default server-side. It is now again disabled by
+      default. (SSLv3 was never supported client-side.)
     </p>
 
     <p><!-- CL 177698 -->
@@ -667,6 +662,24 @@ godoc
 
 <dl id="fmt"><dt><a href="/pkg/fmt/">fmt</a></dt>
   <dd>
+    <!-- CL 160245 -->
+    <p>
+      The printing verbs <code>%x</code> and <code>%X</code> now format floating-point and
+      complex numbers in hexadecimal notation, in lower-case and upper-case respectively.
+    </p>
+
+    <!-- CL 160246 -->
+    <p>
+      The new printing verb <code>%O</code> formats integers in base 8, emitting the <code>0o</code> prefix.
+    </p>
+
+    <!-- CL 160247 -->
+    <p>
+      The scanner now accepts hexadecimal floating-point values, digit-separating underscores
+      and leading <code>0b</code> and <code>0o</code> prefixes.
+      See the <a href="#language">Changes to the language</a> for details.
+    </p>
+
     <!-- CL 176998 -->
     <p>The <a href="/pkg/fmt/#Errorf"><code>Errorf</code></a> function
       has a new verb, <code>%w</code>, whose operand must be an error.
@@ -723,6 +736,18 @@ godoc
       The new <a href="/pkg/math/big/#Rat.SetUint64"><code>Rat.SetUint64</code></a> method sets the <code>Rat</code> to a <code>uint64</code> value.
     </p>
 
+    <p><!-- CL 166157 -->
+      For <a href="/pkg/math/big/#Float.Parse"><code>Float.Parse</code></a>, if base is 0, underscores
+      may be used between digits for readability.
+      See the <a href="#language">Changes to the language</a> for details.
+    </p>
+
+    <p><!-- CL 166157 -->
+      For <a href="/pkg/math/big/#Int.SetString"><code>Int.SetString</code></a>, if base is 0, underscores
+      may be used between digits for readability.
+      See the <a href="#language">Changes to the language</a> for details.
+    </p>
+
     <p><!-- CL 168237 -->
       <a href="/pkg/math/big/#Rat.SetString"><code>Rat.SetString</code></a> now accepts non-decimal floating point representations.
     </p>
@@ -745,7 +770,7 @@ godoc
 <dl id="net"><dt><a href="/pkg/net/">net</a></dt>
   <dd>
     <p><!-- CL 156366 -->
-      On Unix systems where <code>use-vc</code> is set in <code>resolve.conf</code>, TCP is used for DNS resolution.
+      On Unix systems where <code>use-vc</code> is set in <code>resolv.conf</code>, TCP is used for DNS resolution.
     </p>
 
     <p><!-- CL 170678 -->
@@ -760,7 +785,7 @@ godoc
       <code>Timeout</code> method that returns <code>true</code> if called.
       This can make a keep-alive error difficult to distinguish from
       an error returned due to a missed deadline as set by the
-      <a href="/pkg/net#Conn"><code>SetDeadline</code></a>
+      <a href="/pkg/net/#Conn"><code>SetDeadline</code></a>
       method and similar methods.
       Code that uses deadlines and checks for them with
       the <code>Timeout</code> method or
@@ -789,13 +814,14 @@ godoc
     </p>
 
     <p><!-- CL 140357 -->
-      When reusing HTTP/2, the <a href="/pkg/net/http#Transport"><code>Transport</code></a> no longer performs unnecessary TLS handshakes.
+      <a href="/pkg/net/http/#Transport.MaxConnsPerHost"><code>Transport.MaxConnsPerHost</code></a> now works
+      properly with HTTP/2.
     </p>
 
     <p><!-- CL 154383 -->
       <a href="/pkg/net/http/#TimeoutHandler"><code>TimeoutHandler</code></a>'s
       <a href="/pkg/net/http/#ResponseWriter"><code>ResponseWriter</code></a> now implements the
-      <a href="/pkg/net/http/#Pusher"><code>Pusher</code></a> and <a href="/pkg/net/http/#Flusher"><code>Flusher</code></a> interfaces.
+      <a href="/pkg/net/http/#Pusher"><code>Pusher</code></a> interface.
     </p>
 
     <p><!-- CL 157339 -->
@@ -813,14 +839,14 @@ godoc
     </p>
 
     <p><!-- CL 167681 -->
-      The new <a href="/pkg/net/http#Server"><code>Server</code></a> fields
+      The new <a href="/pkg/net/http/#Server"><code>Server</code></a> fields
       <a href="/pkg/net/http/#Server.BaseContext"><code>BaseContext</code></a> and
       <a href="/pkg/net/http/#Server.ConnContext"><code>ConnContext</code></a>
-      allow finer control over the <a href="/pkg/context#Context"><code>Context</code></a> values provided to requests and connections.
+      allow finer control over the <a href="/pkg/context/#Context"><code>Context</code></a> values provided to requests and connections.
     </p>
 
     <p><!-- CL 167781 -->
-      <a href="/pkg/net/http#DetectContentType"><code>http.DetectContentType</code></a> now correctly detects RAR signatures, and can now also detect RAR v5 signatures.
+      <a href="/pkg/net/http/#DetectContentType"><code>http.DetectContentType</code></a> now correctly detects RAR signatures, and can now also detect RAR v5 signatures.
     </p>
 
     <p><!-- CL 173658 -->
@@ -836,7 +862,8 @@ godoc
     </p>
 
     <p><!-- CL 179457 -->
-      <a href="/pkg/net/http/#Transport"><code>Transport</code></a> now silently ignores a <code>408 "Request Timeout"</code> response.
+      The <a href="/pkg/net/http/#Transport"><code>Transport</code></a> no longer logs errors when servers
+      gracefully shut down idle connections using a <code>"408 Request Timeout"</code> response.
     </p>
 
 </dl><!-- net/http -->
@@ -858,9 +885,9 @@ godoc
 <dl id="os/exec"><dt><a href="/pkg/os/exec/">os/exec</a></dt>
   <dd>
     <p><!-- CL 174318 -->
-      On Windows, the environment for a <a href="/pkg/os/exec#Cmd"><code>Cmd</code></a> always inherits the
+      On Windows, the environment for a <a href="/pkg/os/exec/#Cmd"><code>Cmd</code></a> always inherits the
       <code>%SYSTEMROOT%</code> value of the parent process unless the
-      <a href="/pkg/os/exec#Cmd.Env"><code>Cmd.Env</code></a> field includes an explicit value for it.
+      <a href="/pkg/os/exec/#Cmd.Env"><code>Cmd.Env</code></a> field includes an explicit value for it.
     </p>
 
 </dl><!-- os/exec -->
@@ -888,7 +915,19 @@ godoc
 
 </dl><!-- runtime -->
 
-<dl id="strings"><dt><a href="/pkg/strings">strings</a></dt>
+<dl id="strconv"><dt><a href="/pkg/strconv/">strconv</a></dt>
+  <dd>
+    <p><!-- CL 160243 -->
+       For <a href="/pkg/strconv/#ParseFloat"><code>strconv.ParseFloat</code></a>,
+       <a href="/pkg/strconv/#ParseInt"><code>strconv.ParseInt</code></a>
+       and <a href="/pkg/strconv/#ParseUint"><code>strconv.ParseUint</code></a>,
+       if base is 0, underscores may be used between digits for readability.
+       See the <a href="#language">Changes to the language</a> for details.
+    </p>
+
+</dl><!-- strconv -->
+
+<dl id="strings"><dt><a href="/pkg/strings/">strings</a></dt>
   <dd>
     <p><!-- CL 142003 -->
       The new <a href="/pkg/strings/#ToValidUTF8"><code>ToValidUTF8</code></a> function returns a
@@ -942,9 +981,10 @@ godoc
 <dl id="syscall/js"><dt><a href="/pkg/syscall/js/">syscall/js</a></dt>
   <dd>
     <p><!-- CL 177537 -->
-      TypedArrayOf has been replaced by
+      <code>TypedArrayOf</code> has been replaced by
       <a href="/pkg/syscall/js/#CopyBytesToGo"><code>CopyBytesToGo</code></a> and
-      <a href="/pkg/syscall/js/#CopyBytesToJS"><code>CopyBytesToJS</code></a> for copying bytes between a byte slice and a Uint8Array.
+      <a href="/pkg/syscall/js/#CopyBytesToJS"><code>CopyBytesToJS</code></a> for copying bytes
+      between a byte slice and a <code>Uint8Array</code>.
     </p>
 
 </dl><!-- syscall/js -->

doc/go1.6.html

@@ -10,7 +10,7 @@ Edit .,s;^([a-z][A-Za-z0-9_/]+)\.([A-Z][A-Za-z0-9_]+\.)?([A-Z][A-Za-z0-9_]+)([ .
 -->
 
 <style>
-ul li { margin: 0.5em 0; }
+  main ul li { margin: 0.5em 0; }
 </style>
 
 <h2 id="introduction">Introduction to Go 1.6</h2>

doc/go1.7.html

@@ -22,7 +22,7 @@ Do not send CLs removing the interior tags from such phrases.
 -->
 
 <style>
-ul li { margin: 0.5em 0; }
+  main ul li { margin: 0.5em 0; }
 </style>
 
 <h2 id="introduction">Introduction to Go 1.7</h2>

doc/go1.8.html

@@ -12,7 +12,7 @@ Do not send CLs removing the interior tags from such phrases.
 -->
 
 <style>
-ul li { margin: 0.5em 0; }
+  main ul li { margin: 0.5em 0; }
 </style>
 
 <h2 id="introduction">Introduction to Go 1.8</h2>

doc/go1.9.html

@@ -12,7 +12,7 @@ Do not send CLs removing the interior tags from such phrases.
 -->
 
 <style>
-ul li { margin: 0.5em 0; }
+  main ul li { margin: 0.5em 0; }
 </style>
 
 <h2 id="introduction">Introduction to Go 1.9</h2>

misc/boring/README.md

@@ -0,0 +1,108 @@
+# README.md
+
+This directory holds build scripts for unofficial, unsupported
+distributions of Go+BoringCrypto.
+
+## Version strings
+
+The distribution name for a Go+BoringCrypto release has the form `<GoVersion>b<BoringCryptoVersion>`,
+where `<GoVersion>` is the Go version the release is based on, and `<BoringCryptoVersion>` is
+an integer that increments each time there is a new release with different BoringCrypto bits.
+The `<BoringCryptoVersion>` is stored in the `VERSION` file in this directory.
+
+For example, the first release is based on Go 1.8.3 is `go1.8.3b1`.
+If the BoringCrypto bits are updated, the next would be `go1.8.3b2`.
+If, after that, Go 1.9 is released and the same BoringCrypto code added to it,
+that would result in `go1.9b2`. There would likely not be a `go1.9b1`,
+since that would indicate Go 1.9 with the older BoringCrypto code.
+
+## Releases
+
+The `build.release` script prepares a binary release and publishes it in Google Cloud Storage
+at `gs://go-boringcrypto/`, making it available for download at
+`https://go-boringcrypto.storage.googleapis.com/<FILE>`.
+The script records each published release in the `RELEASES` file in this directory.
+
+The `build.docker` script, which must be run after `build.release`, prepares a Docker image
+and publishes it on hub.docker.com in the goboring organization.
+`go1.8.3b1` is published as `goboring/golang:1.8.3b1`.
+
+## Release process
+
+Development is done on the dev.boringcrypto branch, which tracks
+master. Releases are cut from dev.boringcrypto.go1.X branches,
+which are BoringCrypto backported to the Go 1.X release branches.
+To issue new BoringCrypto releases based on Go 1.X:
+
+1. If the BoringCrypto bits have been updated, increment the
+   number in `VERSION`, send that change out as a CL for review,
+   get it committed to dev.boringcrypto, and run `git sync`.
+
+2. Change to the dev.boringcrypto.go1.X branch and cherry-pick
+   all BoringCrypto updates, including the update of the
+   `VERSION` file. If desired, merge release-branch.go1.X into
+   dev.boringcrypto.go1.X. Mail them out and get them committed.
+
+3. **Back on the dev.boringcrypto branch**, run `git fetch`,
+   `make.bash` and then `build.release dev.boringcrypto.go1.X`.
+   The script will determine the base Go version and the
+   BoringCrypto version, build a release, and upload it.
+
+4. Run `build.docker`, which will build and upload a Docker image
+   from the latest release.
+
+5. Send out a CL with the updated `RELEASES` file and get it
+   committed to dev.boringcrypto.
+
+## Building from Docker
+
+A Dockerfile that starts with `FROM golang:1.8.3` can switch
+to `FROM goboring/golang:1.8.3b2` (see [goboring/golang on Docker Hub](https://hub.docker.com/r/goboring/golang/))
+and should need no other modifications.
+
+## Building from Bazel
+
+Starting from [bazelbuild/rules_go](https://github.com/bazelbuild/rules_go)
+tag 0.7.1, simply download the BoringCrypto-enabled Go SDK using
+`go_download_sdk()` before calling `go_register_toolchains()`.
+
+For example, to use Go 1.9.3 with BoringCrypto on Linux, use the following lines
+in `WORKSPACE`:
+```python
+load("@io_bazel_rules_go//go:def.bzl", "go_rules_dependencies", "go_download_sdk", "go_register_toolchains")
+
+go_rules_dependencies()
+
+go_download_sdk(
+    name = "go_sdk",
+    sdks = {
+       "linux_amd64": ("go1.9.3b4.linux-amd64.tar.gz", "db1997b2454a2f27669b849d2d2cafb247a55128d53da678f06cb409310d6660"),
+    },
+    urls = ["https://storage.googleapis.com/go-boringcrypto/{}"],
+)
+
+go_register_toolchains()
+```
+
+**Note**: you must *not* enable `pure` mode, since cgo must be enabled. To
+ensure that binaries are linked with BoringCrypto, you can set `pure = "off"` on
+all relevant `go_binary` rules.
+
+## Caveat
+
+BoringCrypto is used for a given build only in limited circumstances:
+
+  - The build must be GOOS=linux, GOARCH=amd64.
+  - The build must have cgo enabled.
+  - The android build tag must not be specified.
+  - The cmd_go_bootstrap build tag must not be specified.
+
+The version string reported by `runtime.Version` does not indicate that BoringCrypto
+was actually used for the build. For example, linux/386 and non-cgo linux/amd64 binaries
+will report a version of `go1.8.3b2` but not be using BoringCrypto.
+
+To check whether a given binary is using BoringCrypto, run `go tool nm` on it and check
+that it has symbols named `*_Cfunc__goboringcrypto_*`.
+
+The program [rsc.io/goversion](https://godoc.org/rsc.io/goversion) will report the
+crypto implementation used by a given binary when invoked with the `-crypto` flag.

misc/boring/RELEASES

@@ -0,0 +1,51 @@
+# This file lists published Go+BoringCrypto releases.
+# Each line describes a single release: <version> <git commit> <target> <URL> <sha256sum>
+go1.9rc2b2 91753387bdf7 linux-amd64 https://go-boringcrypto.storage.googleapis.com/go1.9rc2b2.linux-amd64.tar.gz 59355a45e6970e8013060851ddb3f079afe8db52e90db520a0826a13f1b5ae5b
+go1.8.3b3 f6ff81bac156 linux-amd64 https://go-boringcrypto.storage.googleapis.com/go1.8.3b3.linux-amd64.tar.gz 6287ad971cd268bb2684fb8b1275dea928ad527823062bc057e73036c419e7af
+go1.9rc2b4 c339bc4e07a6 linux-amd64 https://go-boringcrypto.storage.googleapis.com/go1.9rc2b4.linux-amd64.tar.gz a8f677d48dc93920065fca4dca1a55bf7110aba132489c47e25d26d55c67eb32
+go1.9b4 e6ad24cde71e linux-amd64 https://go-boringcrypto.storage.googleapis.com/go1.9b4.linux-amd64.tar.gz 6592e36a05df8e7c59812328a3a4bfa6c4eed72132fc31245951c3ade3ef2a8a
+go1.9b4 e6ad24cde71e src https://go-boringcrypto.storage.googleapis.com/go1.9b4.src.tar.gz c85f31dc743fee0e8ce0c6ffc286e27c1f51b66c9b923afafb43cdc378a41091
+go1.8.3b4 42cb4dcdb59a linux-amd64 https://go-boringcrypto.storage.googleapis.com/go1.8.3b4.linux-amd64.tar.gz 4011c86e6175925e1c63dc7c19a51f825be53bbe7b08260918e5107b0fbd4f85
+go1.8.3b4 42cb4dcdb59a src https://go-boringcrypto.storage.googleapis.com/go1.8.3b4.src.tar.gz 2531ca8918aa024aed8f4a6c9e5c3b25bc8777623f1efa66aec7214601d474e4
+go1.9.2b4 cda3c6f91d7c linux-amd64 https://go-boringcrypto.storage.googleapis.com/go1.9.2b4.linux-amd64.tar.gz 7c5e9a033ddc3ab36646e3bac7fd16962742710c70c18122e44a9ab56cdd3cf7
+go1.9.2b4 cda3c6f91d7c src https://go-boringcrypto.storage.googleapis.com/go1.9.2b4.src.tar.gz 38a2260b64a6a5ab20f8972d08b4765bad116721356433f39aebd29c7598218c
+go1.9.3b4 f4e5ebdf35c8 linux-amd64 https://go-boringcrypto.storage.googleapis.com/go1.9.3b4.linux-amd64.tar.gz db1997b2454a2f27669b849d2d2cafb247a55128d53da678f06cb409310d6660
+go1.9.3b4 f4e5ebdf35c8 src https://go-boringcrypto.storage.googleapis.com/go1.9.3b4.src.tar.gz 7485e1fc53a9fab9cf34f71de74d69f4c50f9d11a449647de40ee04b59bf8a5b
+go1.9.7b4 0bad1bef406e linux-amd64 https://go-boringcrypto.storage.googleapis.com/go1.9.7b4.linux-amd64.tar.gz 9e33a0deb8fed3bd7fa3d122bb5143be9e0a974a422ab4ddac5e765fa1310a6f
+go1.9.7b4 0bad1bef406e src https://go-boringcrypto.storage.googleapis.com/go1.9.7b4.src.tar.gz ad9fb6e22a27382c468467ecade4937f725b33818852f1c1da0d09b471e7486c
+go1.10.3b4 35ba5284935c linux-amd64 https://go-boringcrypto.storage.googleapis.com/go1.10.3b4.linux-amd64.tar.gz 6754729d78a375bd1debd980b1e3e7fd49198a980d0bbd8f39e89569aa001942
+go1.10.3b4 35ba5284935c src https://go-boringcrypto.storage.googleapis.com/go1.10.3b4.src.tar.gz f3e75c60a835c11b97e30429b63917ceb31f799b2ba7e2001d99db908fb8e28f
+go1.10.4b4 2e2a04a605b6 linux-amd64 https://go-boringcrypto.storage.googleapis.com/go1.10.4b4.linux-amd64.tar.gz 17c275ff448686fe1908ecbea5d11ad6f4f7caa288d1786b756439703b12b8b2
+go1.10.4b4 2e2a04a605b6 src https://go-boringcrypto.storage.googleapis.com/go1.10.4b4.src.tar.gz f9cc38e194edabebf338fb74c22f597dc847560618d5d7d4d6cdc28139efa772
+go1.11b4 685dc1638240 linux-amd64 https://go-boringcrypto.storage.googleapis.com/go1.11b4.linux-amd64.tar.gz d53417b2071af0104fbc15a957000bccdcb5bbc094df0401f67d51968f7f2e4e
+go1.11b4 685dc1638240 src https://go-boringcrypto.storage.googleapis.com/go1.11b4.src.tar.gz 39896f0decd6721e81324cb2bb19540706ca97152c6800a6c8ad15a4e4162184
+go1.11.2b4 35cf0d9f6bbd linux-amd64 https://go-boringcrypto.storage.googleapis.com/go1.11.2b4.linux-amd64.tar.gz a9ceb6d0b4413d81ccc94c6460f60ca0c4f36b5dcbf659e1be582cd40c0edfbd
+go1.11.2b4 35cf0d9f6bbd src https://go-boringcrypto.storage.googleapis.com/go1.11.2b4.src.tar.gz 8e12a8df1428f00239dc67dd438a81f72c9925982e90b6899f66270971bddc1c
+go1.10.7b4 8b246fe0f595 linux-amd64 https://go-boringcrypto.storage.googleapis.com/go1.10.7b4.linux-amd64.tar.gz 31917ab96004b9b482399b46928f5c10cdadefed5fda6f4de262efe2c3c7533e
+go1.10.7b4 8b246fe0f595 src https://go-boringcrypto.storage.googleapis.com/go1.10.7b4.src.tar.gz 323a184c77e3a377f5ed993b04946ee7b1a8e3350aba2894c0944f1e313636f1
+go1.11.4b4 572c4bce6792 linux-amd64 https://go-boringcrypto.storage.googleapis.com/go1.11.4b4.linux-amd64.tar.gz e708ef7ecaf17a3e8e6deceadfa167cc1162f710f97ea4bc124d3837d6e2eaa1
+go1.11.4b4 572c4bce6792 src https://go-boringcrypto.storage.googleapis.com/go1.11.4b4.src.tar.gz ea963b80e218a34470e14e6e997fe06b8c5bf3f9c9bb0c801f7d8ef63b9bcb73
+go1.10.8b4 4b76b996cb0a linux-amd64 https://go-boringcrypto.storage.googleapis.com/go1.10.8b4.linux-amd64.tar.gz 6d7d3323030851b595ba7ed66931c352b63de6dfe1ab3e6d6243987765d09819
+go1.10.8b4 4b76b996cb0a src https://go-boringcrypto.storage.googleapis.com/go1.10.8b4.src.tar.gz c1f5df50a4be3d0cb3aed7b80728f2b23c18deff0383636274742a38c145f939
+go1.11.5b4 3fb9dafacc45 linux-amd64 https://go-boringcrypto.storage.googleapis.com/go1.11.5b4.linux-amd64.tar.gz 9b5b2972b452da9ba6bba65bab18fb9e8fbda31b5c489275710e5429d76f568c
+go1.11.5b4 3fb9dafacc45 src https://go-boringcrypto.storage.googleapis.com/go1.11.5b4.src.tar.gz 1c5801e2af25c9299d9fd94c64f9ec11fd35777c45d5d0f398c0a9884b1cfbbf
+go1.12.1b4 88e20e81a61f linux-amd64 https://go-boringcrypto.storage.googleapis.com/go1.12.1b4.linux-amd64.tar.gz b71886e0d65e5efea2e0a3cbd0c3cd0daf84c437078e755ecde25f4ac0bbed2f
+go1.12.1b4 88e20e81a61f src https://go-boringcrypto.storage.googleapis.com/go1.12.1b4.src.tar.gz d44be1396eb2854b5d9c4d8e8ed0cf9fea1e9dc5a02d8f53b41ba571951a329f
+go1.11.6b4 7be8a5843a9b linux-amd64 https://go-boringcrypto.storage.googleapis.com/go1.11.6b4.linux-amd64.tar.gz b704f61b8979e64a46da8884c90cd2b0e2d54e802d55e5f56d7c93752334c197
+go1.11.6b4 7be8a5843a9b src https://go-boringcrypto.storage.googleapis.com/go1.11.6b4.src.tar.gz a56b45e24b61ad7b3c90dfd906cd22426a4de9e2e697b4c9ef07a2af047bcb0d
+go1.12.5b4 ad495d31d908 linux-amd64 https://go-boringcrypto.storage.googleapis.com/go1.12.5b4.linux-amd64.tar.gz df0e64958cf90f27a65b2175eb80bc34a601136eed8e5559bed2a9e349e33707
+go1.12.5b4 ad495d31d908 src https://go-boringcrypto.storage.googleapis.com/go1.12.5b4.src.tar.gz 054d482896a77ae2d7d24c7adf08da5a4401b938871e61a5cdabc735c54cea9f
+go1.11.11b4 346babe6a67f linux-amd64 https://go-boringcrypto.storage.googleapis.com/go1.11.11b4.linux-amd64.tar.gz c4dd44fa00f491b3d2ea808af8a6c234f915adb27c014512d725bafc4784d75f
+go1.11.11b4 346babe6a67f src https://go-boringcrypto.storage.googleapis.com/go1.11.11b4.src.tar.gz 57a724a72f0ba8620cbb48288f39c86ed513c241509ddf73231f4c8cd2a983ac
+go1.12.6b4 6b86b09ad4d3 linux-amd64 https://go-boringcrypto.storage.googleapis.com/go1.12.6b4.linux-amd64.tar.gz eebc2e7f37555760adb361985b861d0cd34f9401cf7456d8d2f2f3082a60eee1
+go1.12.6b4 6b86b09ad4d3 src https://go-boringcrypto.storage.googleapis.com/go1.12.6b4.src.tar.gz 0e6e9aaf2c72a7e61280ce1e77b2ea24f01a59f4c1e6f0aa72b753206724fd3a
+go1.11.12b4 845e947ae34f linux-amd64 https://go-boringcrypto.storage.googleapis.com/go1.11.12b4.linux-amd64.tar.gz 91808261fc357855fba920df01a933d6104e907793014317de00b92802d494d9
+go1.11.12b4 845e947ae34f src https://go-boringcrypto.storage.googleapis.com/go1.11.12b4.src.tar.gz 7b64d9e56ea627138d87c7533df8f9932a79ff900f150a8d8e6a3edc2d0066ec
+go1.12.7b4 bd126d0ad256 linux-amd64 https://go-boringcrypto.storage.googleapis.com/go1.12.7b4.linux-amd64.tar.gz 7f0c73cd397bccad48ab4df4188d3651c25bf33102275848c6e67b882e11f680
+go1.12.7b4 bd126d0ad256 src https://go-boringcrypto.storage.googleapis.com/go1.12.7b4.src.tar.gz 0c48d7b81ef2b948980011fad1d176d6b10636a4016e3aed7438d86e046d816b
+go1.11.13b4 4f8e7223f936 linux-amd64 https://go-boringcrypto.storage.googleapis.com/go1.11.13b4.linux-amd64.tar.gz eeb232577065732f5d57a4c77b7d73aa60231ee6fd6496daf7558993e92e403f
+go1.11.13b4 4f8e7223f936 src https://go-boringcrypto.storage.googleapis.com/go1.11.13b4.src.tar.gz 107da8846803a0a735766ca0947de6cd15cd23d8c584002f06e7ac5f81ecb114
+go1.12.8b4 55186ba70c1a linux-amd64 https://go-boringcrypto.storage.googleapis.com/go1.12.8b4.linux-amd64.tar.gz 63f278abfc1e98546bc0ffc87f000d9aae2b06c0700212cb55ffd17d059fb8e1
+go1.12.8b4 55186ba70c1a src https://go-boringcrypto.storage.googleapis.com/go1.12.8b4.src.tar.gz c12b1d56ba4e0572f85a08681e05c66293ad53f04b11ce74c688d78fcb882061
+go1.12.9b4 ee88e5b118b5 linux-amd64 https://go-boringcrypto.storage.googleapis.com/go1.12.9b4.linux-amd64.tar.gz d90989cba1db647b795400a9520eab2fa30f8dea50f4189b18d53f757a4bac44
+go1.12.9b4 ee88e5b118b5 src https://go-boringcrypto.storage.googleapis.com/go1.12.9b4.src.tar.gz 9d4efed8e13fa5ebdadd4fc22f9e35e67bfb34322570c83a15a0879472412e13

misc/boring/VERSION

@@ -0,0 +1 @@
+4

misc/boring/build.docker

@@ -0,0 +1,57 @@
+#!/bin/bash
+# Copyright 2017 The Go Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style
+# license that can be found in the LICENSE file.
+
+# build.docker builds and publishes a Docker image for
+# a given Go+BoringCrypto release.
+
+set -e
+
+# With no arguments, use the most recent linux-amd64 release in the RELEASES file.
+case "$#" in
+0)
+	version=$(grep linux-amd64 RELEASES | tail -1 | awk '{print $1}');;
+1)
+	version="$1";;
+*)
+	echo 'usage: build.docker [version]' >&2
+	exit 2
+esac
+
+url="$(grep "^$version .* linux-amd64 " RELEASES | awk '{print $4}')"
+sha256="$(grep "^$version .* linux-amd64 " RELEASES | awk '{print $5}')"
+if [ "$sha256" = "" ]; then
+	echo "cannot find $version in RELEASES file" >&2
+	exit 2
+fi
+
+# Build a temporary directory with a Dockerfile.
+dir=$(mktemp -d)
+trap "rm -rf $dir" EXIT
+
+if echo "$url" | grep '!' >/dev/null; then
+	# ! is sed delimiter below. Should never happen.
+	echo "URL contains an exclamation mark!" >&2
+	exit 2
+fi
+
+sed "s!UUU!$url!; s/SSS/$sha256/" dockerfile.in >$dir/Dockerfile
+cp go-wrapper $dir/go-wrapper
+
+dversion=$(echo "$version" | sed 's/^go//')
+docker build --pull -t goboring/golang:$dversion $dir
+docker run goboring/golang:$dversion go version
+docker run goboring/golang:$dversion go tool nm /usr/local/go/bin/go >$dir/nm
+if ! grep crypto/internal/boring/sig.BoringCrypto $dir/nm >/dev/null; then
+	echo 'built docker image but did NOT find sig.BoringCrypto in go command!' >&2
+	exit 2
+fi
+if egrep 'crypto/sha256\.\(\*digest\)' $dir/nm >/dev/null; then
+	echo 'built docker image but DID find sha256.(*digest) in go command unexpectedly!' >&2
+	exit 2
+fi
+docker push goboring/golang:$dversion
+
+echo
+echo published as goboring/golang:$dversion

misc/boring/build.release

@@ -0,0 +1,104 @@
+#!/bin/bash
+# Copyright 2017 The Go Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style
+# license that can be found in the LICENSE file.
+
+# build.release builds and publishes a new Go+BoringCrypto release.
+# After running this script, the change to the RELEASES file should be
+# sent out for review and committed to the repository (but the release
+# is already done, so there's not much to review).
+
+set -e
+
+case "$#" in
+0)
+	rev=HEAD;;
+1)
+	rev="$1";;
+*)
+	echo 'usage: build.release [git-rev]' >&2
+	exit 2
+esac
+
+# Determine commit to use.
+commit=$(git rev-parse "$rev" | awk '{print substr($1, 1, 12)}')
+if [ "$commit" = "" ]; then
+	echo 'cannot find commit in git history' >&2
+	exit 2
+fi
+
+# Determine base Go release from tags.
+base=$(git log --decorate=short --oneline "$rev" | grep 'tag: go' | sed 1q | sed 's/[),].*//; s/.*tag: //')
+if [ "$base" = "" ]; then
+	echo "cannot find go release tag in git history for $rev" >&2
+	exit 2
+fi
+
+# Determine boring crypto version from file.
+boring=$(git show "$commit:misc/boring/VERSION")
+if [ "$boring" = "" ]; then
+	echo "missing BORINGVERSION file in $commit" >&2
+	exit 2
+fi
+
+# Make sure we're not redefining a published release.
+version="${base}b${boring}"
+if grep "^$version " RELEASES >/dev/null; then
+	echo "found $version in RELEASES - not rereleasing" >&2
+	exit 2
+fi
+
+# Show what's going on, while the release builds.
+# Good time for user to type ^C if something is wrong.
+echo >&2
+echo "building $version from $commit" >&2
+echo >&2
+git log -n1 "$commit" >&2
+echo >&2
+
+# Build the release tool in a temporary directory.
+dir=$(mktemp -d)
+trap "rm -rf $dir" EXIT
+export GO111MODULE=on
+export GOBIN="$dir"
+(cd "$dir"; go get golang.org/x/build/cmd/release)
+
+# Build the release.
+sha() {
+    if hash sha256sum 2>/dev/null; then
+        sha256sum "$@"
+    else
+        shasum -a 256 "$@"
+    fi
+}
+shortgo=$(echo "$base" | perl -pe 's/(go\d+\.\d+)(\.\d+|rc\d+)/$1/')
+$dir/release -target linux-amd64 -rev "$commit" -version "$version" -tools "release-branch.$shortgo" -net "release-branch.$shortgo"
+$dir/release -target src -rev "$commit" -version "$version" -tools "release-branch.$shortgo" -net "release-branch.$shortgo"
+output="$version.linux-amd64.tar.gz"
+ls -l "$output"
+sha256=$(sha "$output" | awk '{print $1}')
+outputsrc="$version.src.tar.gz"
+ls -l "$outputsrc"
+sha256src=$(sha "$outputsrc" | awk '{print $1}')
+
+trap "rm -f /tmp/go.release.$$ /tmp/go.nm.$$" EXIT
+tar -xzf "$output" -O go/bin/go >/tmp/go.release.$$
+go tool nm /tmp/go.release.$$ >/tmp/go.nm.$$
+if ! grep crypto/internal/boring/sig.BoringCrypto /tmp/go.nm.$$ >/dev/null; then
+	echo 'built release but did NOT find sig.BoringCrypto in go command!' >&2
+	exit 2
+fi
+if egrep 'crypto/sha256\.\(\*digest\)' /tmp/go.nm.$$ >/dev/null; then
+	echo 'built release but DID find sha256.(*digest) in go command unexpectedly!' >&2
+	exit 2
+fi
+
+# Publish the release.
+gsutil cp "$output" gs://go-boringcrypto/
+url="https://go-boringcrypto.storage.googleapis.com/$output"
+gsutil cp "$outputsrc" gs://go-boringcrypto/
+urlsrc="https://go-boringcrypto.storage.googleapis.com/$outputsrc"
+
+# Record that it was published.
+echo "$version $commit linux-amd64 $url $sha256" >>RELEASES
+echo "$version $commit src $urlsrc $sha256src" >>RELEASES

misc/boring/dockerfile.in

@@ -0,0 +1,29 @@
+# Template for Dockerfile, used in build.docker script.
+# Based on https://github.com/docker-library/golang/blob/master/1.9-rc/stretch/Dockerfile
+FROM buildpack-deps:stretch-scm
+
+# gcc for cgo
+RUN apt-get update && apt-get install -y --no-install-recommends \
+		g++ \
+		gcc \
+		libc6-dev \
+		make \
+		pkg-config \
+	&& rm -rf /var/lib/apt/lists/*
+
+ADD UUU /go.tgz
+
+RUN set -eux; \
+	\
+	echo "SSS /go.tgz" | sha256sum -c -; \
+	tar -C /usr/local -xzf /go.tgz; \
+	rm /go.tgz; \
+	export PATH="/usr/local/go/bin:$PATH"; \
+	go version
+
+ENV GOPATH /go
+ENV PATH $GOPATH/bin:/usr/local/go/bin:$PATH
+RUN mkdir -p "$GOPATH/src" "$GOPATH/bin" && chmod -R 777 "$GOPATH"
+WORKDIR $GOPATH
+
+COPY go-wrapper /usr/local/bin/

misc/boring/go-wrapper

@@ -0,0 +1,100 @@
+#!/bin/sh
+# Copied from https://raw.githubusercontent.com/docker-library/golang/master/1.9-rc/stretch/go-wrapper
+# Copied into Docker images.
+
+set -e
+
+usage() {
+	base="$(basename "$0")"
+	cat <<EOUSAGE
+
+usage: $base command [args]
+
+This script assumes that is is run from the root of your Go package (for
+example, "/go/src/app" if your GOPATH is set to "/go").
+
+In Go 1.4, a feature was introduced to supply the canonical "import path" for a
+given package in a comment attached to a package statement
+(https://golang.org/s/go14customimport).
+
+This script allows us to take a generic directory of Go source files such as
+"/go/src/app" and determine that the canonical "import path" of where that code
+expects to live and reference itself is "github.com/jsmith/my-cool-app".  It
+will then ensure that "/go/src/github.com/jsmith/my-cool-app" is a symlink to
+"/go/src/app", which allows us to build and run it under the proper package
+name.
+
+For compatibility with versions of Go older than 1.4, the "import path" may also
+be placed in a file named ".godir".
+
+Available Commands:
+
+  $base download
+  $base download -u
+    (equivalent to "go get -d [args] [godir]")
+
+  $base install
+  $base install -race
+    (equivalent to "go install [args] [godir]")
+
+  $base run
+  $base run -app -specific -arguments
+    (assumes "GOPATH/bin" is in "PATH")
+
+EOUSAGE
+}
+
+# make sure there is a subcommand specified
+if [ "$#" -eq 0 ]; then
+	usage >&2
+	exit 1
+fi
+# "shift" so that "$@" becomes the remaining arguments and can be passed along to other "go" subcommands easily
+cmd="$1"
+shift
+
+goDir="$(go list -e -f '{{.ImportComment}}' 2>/dev/null || true)"
+
+if [ -z "$goDir" -a -s .godir ]; then
+	goDir="$(cat .godir)"
+fi
+
+dir="$(pwd -P)"
+if [ "$goDir" ]; then
+	goPath="${GOPATH%%:*}" # this just grabs the first path listed in GOPATH, if there are multiple (which is the detection logic "go get" itself uses, too)
+	goDirPath="$goPath/src/$goDir"
+	mkdir -p "$(dirname "$goDirPath")"
+	if [ ! -e "$goDirPath" ]; then
+		ln -sfv "$dir" "$goDirPath"
+	elif [ ! -L "$goDirPath" ]; then
+		echo >&2 "error: $goDirPath already exists but is unexpectedly not a symlink!"
+		exit 1
+	fi
+	goBin="$goPath/bin/$(basename "$goDir")"
+else
+	goBin="$(basename "$dir")" # likely "app"
+fi
+
+case "$cmd" in
+	download)
+		set -- go get -v -d "$@"
+		if [ "$goDir" ]; then set -- "$@" "$goDir"; fi
+		set -x; exec "$@"
+		;;
+		
+	install)
+		set -- go install -v "$@"
+		if [ "$goDir" ]; then set -- "$@" "$goDir"; fi
+		set -x; exec "$@"
+		;;
+		
+	run)
+		set -x; exec "$goBin" "$@"
+		;;
+		
+	*)
+		echo >&2 'error: unknown command:' "$cmd"
+		usage >&2
+		exit 1
+		;;
+esac

misc/boring/merge.sh

@@ -0,0 +1,32 @@
+#! /bin/bash
+set -euo pipefail
+
+if [ "$#" -ne 2 ]; then
+    echo "usage: merge.sh <target branch> <source revision>"
+    echo ""
+    echo "example: merge.sh dev.boringcrypto master"
+    echo "         merge.sh dev.boringcrypto.go1.10 go1.10.7"
+    exit 1
+fi
+
+set -x
+TARGET="$1"
+SOURCE="$2"
+WORKTREE="$(mktemp -d)"
+BRANCH="boring/merge-$TARGET-$(date +%Y%m%d%H%M%S)"
+
+git fetch
+git worktree add --track -b "$BRANCH" "$WORKTREE" "origin/$TARGET"
+
+cd "$WORKTREE"
+export GIT_GOFMT_HOOK=off
+git merge -m "all: merge $SOURCE into $TARGET" "$SOURCE" || \
+    (git rm VERSION && git commit -m "all: merge $SOURCE into $TARGET")
+
+if ! git log --format=%B -n 1 | grep "\[dev.boringcrypto"; then
+    echo "The commit does not seem to be targeting a BoringCrypto branch."
+    exit 1
+fi
+
+git codereview mail -r dmitshur@golang.org,filippo@golang.org -trybot HEAD
+cd - && git worktree remove "$WORKTREE"

misc/boring/release.sh

@@ -0,0 +1,32 @@
+#! /bin/bash
+set -euo pipefail
+
+if [ "$#" -eq 0 ]; then
+    echo "usage: <target branch> [<target branch> ...]"
+    echo ""
+    echo "example: release.sh dev.boringcrypto.go1.11 dev.boringcrypto.go1.12"
+    exit 1
+fi
+
+set -x
+WORKTREE="$(mktemp -d)"
+BRANCH="boring/release-$(date +%Y%m%d%H%M%S)"
+
+git fetch
+git worktree add --track -b "$BRANCH" "$WORKTREE" origin/dev.boringcrypto
+
+cd "$WORKTREE/src"
+./make.bash
+
+cd ../misc/boring
+for branch in "$@"; do
+    ./build.release "origin/$branch"
+done
+./build.docker
+
+git add RELEASES
+git commit -m "misc/boring: add new releases to RELEASES file"
+git codereview mail -r dmitshur@golang.org,filippo@golang.org
+
+rm *.tar.gz
+cd - && git worktree remove "$WORKTREE"

misc/cgo/test/testdata/issue24161e0/main.go

@@ -12,7 +12,7 @@ package issue24161e0
 #include <TargetConditionals.h>
 #include <CoreFoundation/CoreFoundation.h>
 #include <Security/Security.h>
-#if TARGET_OS_IPHONE == 0 && __ENVIRONMENT_MAC_OS_X_VERSION_MIN_REQUIRED__ < 101200
+#if TARGET_OS_IPHONE == 0 && __MAC_OS_X_VERSION_MAX_ALLOWED < 101200
   typedef CFStringRef SecKeyAlgorithm;
   static CFDataRef SecKeyCreateSignature(SecKeyRef key, SecKeyAlgorithm algorithm, CFDataRef dataToSign, CFErrorRef *error){return NULL;}
   #define kSecKeyAlgorithmECDSASignatureDigestX962SHA1 foo()

misc/cgo/test/testdata/issue24161e1/main.go

@@ -12,7 +12,7 @@ package issue24161e1
 #include <TargetConditionals.h>
 #include <CoreFoundation/CoreFoundation.h>
 #include <Security/Security.h>
-#if TARGET_OS_IPHONE == 0 && __ENVIRONMENT_MAC_OS_X_VERSION_MIN_REQUIRED__ < 101200
+#if TARGET_OS_IPHONE == 0 && __MAC_OS_X_VERSION_MAX_ALLOWED < 101200
   typedef CFStringRef SecKeyAlgorithm;
   static CFDataRef SecKeyCreateSignature(SecKeyRef key, SecKeyAlgorithm algorithm, CFDataRef dataToSign, CFErrorRef *error){return NULL;}
   #define kSecKeyAlgorithmECDSASignatureDigestX962SHA1 foo()

misc/cgo/test/testdata/issue24161e2/main.go

@@ -12,7 +12,7 @@ package issue24161e2
 #include <TargetConditionals.h>
 #include <CoreFoundation/CoreFoundation.h>
 #include <Security/Security.h>
-#if TARGET_OS_IPHONE == 0 && __ENVIRONMENT_MAC_OS_X_VERSION_MIN_REQUIRED__ < 101200
+#if TARGET_OS_IPHONE == 0 && __MAC_OS_X_VERSION_MAX_ALLOWED < 101200
   typedef CFStringRef SecKeyAlgorithm;
   static CFDataRef SecKeyCreateSignature(SecKeyRef key, SecKeyAlgorithm algorithm, CFDataRef dataToSign, CFErrorRef *error){return NULL;}
   #define kSecKeyAlgorithmECDSASignatureDigestX962SHA1 foo()

misc/trace/README.md

@@ -1,17 +1,41 @@
-This directory contains helper file for trace viewer (`go tool trace`).
+## Resources for Go's trace viewer
 
-`trace_viewer_full.html` was generated by following
-[instructions](https://github.com/catapult-project/catapult/blob/master/tracing/docs/embedding-trace-viewer.md)
-on revision `dc970d3e1f7b3da5a2849de70ff253acdb70148f`
-of [catapult](https://github.com/catapult-project/catapult) using:
+Go execution trace UI (`go tool trace`) embeds
+Chrome's trace viewer (Catapult) following the 
+[instructions](
+https://chromium.googlesource.com/catapult/+/refs/heads/master/tracing/docs/embedding-trace-viewer.md). This directory contains
+the helper files to embed Chrome's trace viewer.
+
+The current resources were generated/copied from
+[`Catapult@9508452e18f130c98499cb4c4f1e1efaedee8962`](
+https://chromium.googlesource.com/catapult/+/9508452e18f130c98499cb4c4f1e1efaedee8962).
+
+### Updating `trace_viewer_full.html`
+
+The file was generated by catapult's `vulcanize_trace_viewer` command.
 ```
-catapult$ ./tracing/bin/vulcanize_trace_viewer --config=full
-catapult$ cp tracing/bin/trace_viewer_full.html $GOROOT/misc/trace/trace_viewer_lean.html
+$ git clone https://chromium.googlesource.com/catapult
+$ cd catapult
+$ ./tracing/bin/vulcanize_trace_viewer --config=full
+$ cp tracing/bin/trace_viewer_full.html $GOROOT/misc/trace/trace_viewer_full.html
 ```
+
 We are supposed to use --config=lean (produces smaller html),
 but it is broken at the moment:
 https://github.com/catapult-project/catapult/issues/2247
 
+### Updating `webcomponents.min.js`
+
+`webcomponents.min.js` is necessary to let the trace viewer page
+to import the `trace_viewer_full.html`.
+This is copied from the catapult repo.
+
+```
+$ cp third_party/polymer/components/webcomponentsjs/webcomponents.min.js $GOROOT/misc/trace/webcomponents.min.js
+```
+
+## Licenses
+
 The license for trace-viewer is as follows:
 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 //
@@ -40,3 +64,42 @@ The license for trace-viewer is as follows:
 // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+The license for webcomponents.min.js is as follows:
+
+/**
+ * @license
+ * Copyright (c) 2014 The Polymer Project Authors. All rights reserved.
+ * This code may only be used under the BSD style license found at http://polymer.github.io/LICENSE.txt
+ * The complete set of authors may be found at http://polymer.github.io/AUTHORS.txt
+ * The complete set of contributors may be found at http://polymer.github.io/CONTRIBUTORS.txt
+ * Code distributed by Google as part of the polymer project is also
+ * subject to an additional IP rights grant found at http://polymer.github.io/PATENTS.txt
+ */
+// Copyright (c) 2014 The Polymer Authors. All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//    * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//    * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//    * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

src/archive/zip/reader_test.go

@@ -8,6 +8,7 @@ import (
 	"bytes"
 	"encoding/binary"
 	"encoding/hex"
+	"internal/obscuretestdata"
 	"io"
 	"io/ioutil"
 	"os"
@@ -19,11 +20,12 @@ import (
 )
 
 type ZipTest struct {
-	Name    string
-	Source  func() (r io.ReaderAt, size int64) // if non-nil, used instead of testdata/<Name> file
-	Comment string
-	File    []ZipTestFile
-	Error   error // the error that Opening this file should return
+	Name     string
+	Source   func() (r io.ReaderAt, size int64) // if non-nil, used instead of testdata/<Name> file
+	Comment  string
+	File     []ZipTestFile
+	Obscured bool  // needed for Apple notarization (golang.org/issue/34986)
+	Error    error // the error that Opening this file should return
 }
 
 type ZipTestFile struct {
@@ -189,8 +191,12 @@ var tests = []ZipTest{
 	},
 	{
 		// created by Go, before we wrote the "optional" data
-		// descriptor signatures (which are required by OS X)
-		Name: "go-no-datadesc-sig.zip",
+		// descriptor signatures (which are required by macOS).
+		// Use obscured file to avoid Apple’s notarization service
+		// rejecting the toolchain due to an inability to unzip this archive.
+		// See golang.org/issue/34986
+		Name:     "go-no-datadesc-sig.zip.base64",
+		Obscured: true,
 		File: []ZipTestFile{
 			{
 				Name:     "foo.txt",
@@ -208,7 +214,7 @@ var tests = []ZipTest{
 	},
 	{
 		// created by Go, after we wrote the "optional" data
-		// descriptor signatures (which are required by OS X)
+		// descriptor signatures (which are required by macOS)
 		Name: "go-with-datadesc-sig.zip",
 		File: []ZipTestFile{
 			{
@@ -496,8 +502,18 @@ func readTestZip(t *testing.T, zt ZipTest) {
 		rat, size := zt.Source()
 		z, err = NewReader(rat, size)
 	} else {
+		path := filepath.Join("testdata", zt.Name)
+		if zt.Obscured {
+			tf, err := obscuretestdata.DecodeToTempFile(path)
+			if err != nil {
+				t.Errorf("obscuretestdata.DecodeToTempFile(%s): %v", path, err)
+				return
+			}
+			defer os.Remove(tf)
+			path = tf
+		}
 		var rc *ReadCloser
-		rc, err = OpenReader(filepath.Join("testdata", zt.Name))
+		rc, err = OpenReader(path)
 		if err == nil {
 			defer rc.Close()
 			z = &rc.Reader

src/archive/zip/testdata/go-no-datadesc-sig.zip.base64

@@ -0,0 +1 @@
+UEsDBBQACAAAAGWHaECoZTJ+BAAAAAQAAAAHABgAZm9vLnR4dFVUBQAD3lVZT3V4CwABBPUBAAAEFAAAAGZvbwqoZTJ+BAAAAAQAAABQSwMEFAAIAAAAZodoQOmzogQEAAAABAAAAAcAGABiYXIudHh0VVQFAAPgVVlPdXgLAAEE9QEAAAQUAAAAYmFyCumzogQEAAAABAAAAFBLAQIUAxQACAAAAGWHaECoZTJ+BAAAAAQAAAAHABgAAAAAAAAAAACkgQAAAABmb28udHh0VVQFAAPeVVlPdXgLAAEE9QEAAAQUAAAAUEsBAhQDFAAIAAAAZodoQOmzogQEAAAABAAAAAcAGAAAAAAAAAAAAKSBTQAAAGJhci50eHRVVAUAA+BVWU91eAsAAQT1AQAABBQAAABQSwUGAAAAAAIAAgCaAAAAmgAAAAAA

src/cmd/compile/internal/gc/noder.go

@@ -1330,7 +1330,7 @@ func checkLangCompat(lit *syntax.BasicLit) {
 	}
 	// len(s) > 2
 	if strings.Contains(s, "_") {
-		yyerror("underscores in numeric literals only supported as of -lang=go1.13")
+		yyerrorv("go1.13", "underscores in numeric literals")
 		return
 	}
 	if s[0] != '0' {
@@ -1338,15 +1338,15 @@ func checkLangCompat(lit *syntax.BasicLit) {
 	}
 	base := s[1]
 	if base == 'b' || base == 'B' {
-		yyerror("binary literals only supported as of -lang=go1.13")
+		yyerrorv("go1.13", "binary literals")
 		return
 	}
 	if base == 'o' || base == 'O' {
-		yyerror("0o/0O-style octal literals only supported as of -lang=go1.13")
+		yyerrorv("go1.13", "0o/0O-style octal literals")
 		return
 	}
 	if lit.Kind != syntax.IntLit && (base == 'x' || base == 'X') {
-		yyerror("hexadecimal floating-point literals only supported as of -lang=go1.13")
+		yyerrorv("go1.13", "hexadecimal floating-point literals")
 	}
 }
 

src/cmd/compile/internal/gc/reflect.go

@@ -1364,6 +1364,33 @@ func dtypesym(t *types.Type) *obj.LSym {
 	// for security, only the exported fields.
 	case TSTRUCT:
 		fields := t.Fields().Slice()
+
+		// omitFieldForAwfulBoringCryptoKludge reports whether
+		// the field t should be omitted from the reflect data.
+		// In the crypto/... packages we omit an unexported field
+		// named "boring", to keep from breaking client code that
+		// expects rsa.PublicKey etc to have only public fields.
+		// As the name suggests, this is an awful kludge, but it is
+		// limited to the dev.boringcrypto branch and avoids
+		// much more invasive effects elsewhere.
+		omitFieldForAwfulBoringCryptoKludge := func(t *types.Field) bool {
+			if t.Sym == nil || t.Sym.Name != "boring" || t.Sym.Pkg == nil {
+				return false
+			}
+			path := t.Sym.Pkg.Path
+			if t.Sym.Pkg == localpkg {
+				path = myimportpath
+			}
+			return strings.HasPrefix(path, "crypto/")
+		}
+		newFields := fields[:0:0]
+		for _, t1 := range fields {
+			if !omitFieldForAwfulBoringCryptoKludge(t1) {
+				newFields = append(newFields, t1)
+			}
+		}
+		fields = newFields
+
 		for _, t1 := range fields {
 			dtypesym(t1.Type)
 		}

src/cmd/compile/internal/gc/subr.go

@@ -154,6 +154,11 @@ func yyerrorl(pos src.XPos, format string, args ...interface{}) {
 	}
 }
 
+func yyerrorv(lang string, format string, args ...interface{}) {
+	what := fmt.Sprintf(format, args...)
+	yyerrorl(lineno, "%s requires %s or later (-lang was set to %s; check go.mod)", what, lang, flag_lang)
+}
+
 func yyerror(format string, args ...interface{}) {
 	yyerrorl(lineno, format, args...)
 }

src/cmd/compile/internal/gc/typecheck.go

@@ -632,7 +632,7 @@ func typecheck1(n *Node, top int) (res *Node) {
 				return n
 			}
 			if t.IsSigned() && !langSupported(1, 13) {
-				yyerror("invalid operation: %v (signed shift count type %v, only supported as of -lang=go1.13)", n, r.Type)
+				yyerrorv("go1.13", "invalid operation: %v (signed shift count type %v)", n, r.Type)
 				n.Type = nil
 				return n
 			}

src/cmd/compile/internal/ssa/deadstore.go

@@ -73,9 +73,11 @@ func dse(f *Func) {
 		}
 
 		// Walk backwards looking for dead stores. Keep track of shadowed addresses.
-		// An "address" is an SSA Value which encodes both the address and size of
-		// the write. This code will not remove dead stores to the same address
-		// of different types.
+		// A "shadowed address" is a pointer and a size describing a memory region that
+		// is known to be written. We keep track of shadowed addresses in the shadowed
+		// map, mapping the ID of the address to the size of the shadowed region.
+		// Since we're walking backwards, writes to a shadowed region are useless,
+		// as they will be immediately overwritten.
 		shadowed.clear()
 		v := last
 
@@ -93,17 +95,13 @@ func dse(f *Func) {
 				sz = v.AuxInt
 			}
 			if shadowedSize := int64(shadowed.get(v.Args[0].ID)); shadowedSize != -1 && shadowedSize >= sz {
-				// Modify store into a copy
+				// Modify the store/zero into a copy of the memory state,
+				// effectively eliding the store operation.
 				if v.Op == OpStore {
 					// store addr value mem
 					v.SetArgs1(v.Args[2])
 				} else {
 					// zero addr mem
-					typesz := v.Args[0].Type.Elem().Size()
-					if sz != typesz {
-						f.Fatalf("mismatched zero/store sizes: %d and %d [%s]",
-							sz, typesz, v.LongString())
-					}
 					v.SetArgs1(v.Args[1])
 				}
 				v.Aux = nil

src/cmd/compile/internal/ssa/debug_test.go

@@ -49,11 +49,11 @@ var gogcflags = os.Getenv("GO_GCFLAGS")
 // optimizedLibs usually means "not running in a noopt test builder".
 var optimizedLibs = (!strings.Contains(gogcflags, "-N") && !strings.Contains(gogcflags, "-l"))
 
-// TestNexting go-builds a file, then uses a debugger (default gdb, optionally delve)
+// TestNexting go-builds a file, then uses a debugger (default delve, optionally gdb)
 // to next through the generated executable, recording each line landed at, and
 // then compares those lines with reference file(s).
 // Flag -u updates the reference file(s).
-// Flag -d changes the debugger to delve (and uses delve-specific reference files)
+// Flag -g changes the debugger to gdb (and uses gdb-specific reference files)
 // Flag -v is ever-so-slightly verbose.
 // Flag -n is for dry-run, and prints the shell and first debug commands.
 //
@@ -83,9 +83,9 @@ var optimizedLibs = (!strings.Contains(gogcflags, "-N") && !strings.Contains(gog
 // to indicate normalization of Strings, (hex) addresses, and numbers.
 // "O" is an explicit indication that we expect it to be optimized out.
 // For example:
-/*
-	if len(os.Args) > 1 { //gdb-dbg=(hist/A,cannedInput/A) //dlv-dbg=(hist/A,cannedInput/A)
-*/
+//
+// 	if len(os.Args) > 1 { //gdb-dbg=(hist/A,cannedInput/A) //dlv-dbg=(hist/A,cannedInput/A)
+//
 // TODO: not implemented for Delve yet, but this is the plan
 //
 // After a compiler change that causes a difference in the debug behavior, check
@@ -93,7 +93,7 @@ var optimizedLibs = (!strings.Contains(gogcflags, "-N") && !strings.Contains(gog
 // go test debug_test.go -args -u
 // (for Delve)
 // go test debug_test.go -args -u -d
-
+//
 func TestNexting(t *testing.T) {
 	skipReasons := "" // Many possible skip reasons, list all that apply
 	if testing.Short() {
@@ -108,7 +108,13 @@ func TestNexting(t *testing.T) {
 		// Various architectures tend to differ slightly sometimes, and keeping them
 		// all in sync is a pain for people who don't have them all at hand,
 		// so limit testing to amd64 (for now)
-		skipReasons += "not run when testing gdb (-g) unless forced (-f) or linux-amd64"
+		skipReasons += "not run when testing gdb (-g) unless forced (-f) or linux-amd64; "
+	}
+
+	if !*useGdb && !*force && testenv.Builder() == "linux-386-longtest" {
+		// The latest version of Delve does support linux/386. However, the version currently
+		// installed in the linux-386-longtest builder does not. See golang.org/issue/39309.
+		skipReasons += "not run when testing delve on linux-386-longtest builder unless forced (-f); "
 	}
 
 	if *useGdb {

src/cmd/compile/internal/ssa/poset.go

@@ -116,10 +116,10 @@ type posetNode struct {
 // the nodes are different, either because SetNonEqual was called before, or because
 // we know that they are strictly ordered.
 //
-// It is implemented as a forest of DAGs; in each DAG, if node A dominates B,
-// it means that A<B. Equality is represented by mapping two SSA values to the same
-// DAG node; when a new equality relation is recorded between two existing nodes,
-// the nodes are merged, adjusting incoming and outgoing edges.
+// It is implemented as a forest of DAGs; in each DAG, if there is a path (directed)
+// from node A to B, it means that A<B (or A<=B). Equality is represented by mapping
+// two SSA values to the same DAG node; when a new equality relation is recorded
+// between two existing nodes,the nodes are merged, adjusting incoming and outgoing edges.
 //
 // Constants are specially treated. When a constant is added to the poset, it is
 // immediately linked to other constants already present; so for instance if the
@@ -519,11 +519,11 @@ func (po *poset) dfs(r uint32, strict bool, f func(i uint32) bool) bool {
 	return false
 }
 
-// Returns true if i1 dominates i2.
+// Returns true if there is a path from i1 to i2.
 // If strict ==  true: if the function returns true, then i1 <  i2.
 // If strict == false: if the function returns true, then i1 <= i2.
 // If the function returns false, no relation is known.
-func (po *poset) dominates(i1, i2 uint32, strict bool) bool {
+func (po *poset) reaches(i1, i2 uint32, strict bool) bool {
 	return po.dfs(i1, strict, func(n uint32) bool {
 		return n == i2
 	})
@@ -537,7 +537,7 @@ func (po *poset) findroot(i uint32) uint32 {
 	// storing a bitset for each root using it as a mini bloom filter
 	// of nodes present under that root.
 	for _, r := range po.roots {
-		if po.dominates(r, i, false) {
+		if po.reaches(r, i, false) {
 			return r
 		}
 	}
@@ -560,7 +560,7 @@ func (po *poset) mergeroot(r1, r2 uint32) uint32 {
 // found, the function does not modify the DAG and returns false.
 func (po *poset) collapsepath(n1, n2 *Value) bool {
 	i1, i2 := po.values[n1.ID], po.values[n2.ID]
-	if po.dominates(i1, i2, true) {
+	if po.reaches(i1, i2, true) {
 		return false
 	}
 
@@ -796,7 +796,7 @@ func (po *poset) Ordered(n1, n2 *Value) bool {
 		return false
 	}
 
-	return i1 != i2 && po.dominates(i1, i2, true)
+	return i1 != i2 && po.reaches(i1, i2, true)
 }
 
 // Ordered reports whether n1<=n2. It returns false either when it is
@@ -814,8 +814,7 @@ func (po *poset) OrderedOrEqual(n1, n2 *Value) bool {
 		return false
 	}
 
-	return i1 == i2 || po.dominates(i1, i2, false) ||
-		(po.dominates(i2, i1, false) && !po.dominates(i2, i1, true))
+	return i1 == i2 || po.reaches(i1, i2, false)
 }
 
 // Equal reports whether n1==n2. It returns false either when it is
@@ -923,8 +922,8 @@ func (po *poset) setOrder(n1, n2 *Value, strict bool) bool {
 		// Both n1 and n2 are in the poset. This is the complex part of the algorithm
 		// as we need to find many different cases and DAG shapes.
 
-		// Check if n1 somehow dominates n2
-		if po.dominates(i1, i2, false) {
+		// Check if n1 somehow reaches n2
+		if po.reaches(i1, i2, false) {
 			// This is the table of all cases we need to handle:
 			//
 			//      DAG          New      Action
@@ -935,7 +934,7 @@ func (po *poset) setOrder(n1, n2 *Value, strict bool) bool {
 			// #4:  N1<X<N2   |  N1<N2  | do nothing
 
 			// Check if we're in case #2
-			if strict && !po.dominates(i1, i2, true) {
+			if strict && !po.reaches(i1, i2, true) {
 				po.addchild(i1, i2, true)
 				return true
 			}
@@ -944,8 +943,8 @@ func (po *poset) setOrder(n1, n2 *Value, strict bool) bool {
 			return true
 		}
 
-		// Check if n2 somehow dominates n1
-		if po.dominates(i2, i1, false) {
+		// Check if n2 somehow reaches n1
+		if po.reaches(i2, i1, false) {
 			// This is the table of all cases we need to handle:
 			//
 			//      DAG           New      Action
@@ -1033,10 +1032,10 @@ func (po *poset) SetEqual(n1, n2 *Value) bool {
 
 		// If we already knew that n1<=n2, we can collapse the path to
 		// record n1==n2 (and viceversa).
-		if po.dominates(i1, i2, false) {
+		if po.reaches(i1, i2, false) {
 			return po.collapsepath(n1, n2)
 		}
-		if po.dominates(i2, i1, false) {
+		if po.reaches(i2, i1, false) {
 			return po.collapsepath(n2, n1)
 		}
 
@@ -1084,10 +1083,10 @@ func (po *poset) SetNonEqual(n1, n2 *Value) bool {
 	i1, f1 := po.lookup(n1)
 	i2, f2 := po.lookup(n2)
 	if f1 && f2 {
-		if po.dominates(i1, i2, false) && !po.dominates(i1, i2, true) {
+		if po.reaches(i1, i2, false) && !po.reaches(i1, i2, true) {
 			po.addchild(i1, i2, true)
 		}
-		if po.dominates(i2, i1, false) && !po.dominates(i2, i1, true) {
+		if po.reaches(i2, i1, false) && !po.reaches(i2, i1, true) {
 			po.addchild(i2, i1, true)
 		}
 	}

src/cmd/compile/internal/ssa/poset_test.go

@@ -186,7 +186,7 @@ func TestPoset(t *testing.T) {
 		{OrderedOrEqual, 4, 12},
 		{OrderedOrEqual_Fail, 12, 4},
 		{OrderedOrEqual, 4, 7},
-		{OrderedOrEqual, 7, 4},
+		{OrderedOrEqual_Fail, 7, 4},
 
 		// Dag #1: 1<4<=7<12
 		{Checkpoint, 0, 0},
@@ -450,7 +450,7 @@ func TestSetEqual(t *testing.T) {
 		{SetOrderOrEqual, 20, 100},
 		{SetOrder, 100, 110},
 		{OrderedOrEqual, 10, 30},
-		{OrderedOrEqual, 30, 10},
+		{OrderedOrEqual_Fail, 30, 10},
 		{Ordered_Fail, 10, 30},
 		{Ordered_Fail, 30, 10},
 		{Ordered, 10, 40},

src/cmd/compile/internal/ssa/regalloc.go

@@ -976,25 +976,22 @@ func (s *regAllocState) regalloc(f *Func) {
 				}
 			}
 
-			// Second pass - deallocate any phi inputs which are now dead.
+			// Second pass - deallocate all in-register phi inputs.
 			for i, v := range phis {
 				if !s.values[v.ID].needReg {
 					continue
 				}
 				a := v.Args[idx]
-				if !regValLiveSet.contains(a.ID) {
-					// Input is dead beyond the phi, deallocate
-					// anywhere else it might live.
-					s.freeRegs(s.values[a.ID].regs)
-				} else {
-					// Input is still live.
+				r := phiRegs[i]
+				if r == noRegister {
+					continue
+				}
+				if regValLiveSet.contains(a.ID) {
+					// Input value is still live (it is used by something other than Phi).
 					// Try to move it around before kicking out, if there is a free register.
 					// We generate a Copy in the predecessor block and record it. It will be
-					// deleted if never used.
-					r := phiRegs[i]
-					if r == noRegister {
-						continue
-					}
+					// deleted later if never used.
+					//
 					// Pick a free register. At this point some registers used in the predecessor
 					// block may have been deallocated. Those are the ones used for Phis. Exclude
 					// them (and they are not going to be helpful anyway).
@@ -1010,8 +1007,8 @@ func (s *regAllocState) regalloc(f *Func) {
 						s.assignReg(r2, a, c)
 						s.endRegs[p.ID] = append(s.endRegs[p.ID], endReg{r2, a, c})
 					}
-					s.freeReg(r)
 				}
+				s.freeReg(r)
 			}
 
 			// Copy phi ops into new schedule.
@@ -1842,6 +1839,11 @@ func (s *regAllocState) shuffle(stacklive [][]ID) {
 			e.process()
 		}
 	}
+
+	if s.f.pass.debug > regDebug {
+		fmt.Printf("post shuffle %s\n", s.f.Name)
+		fmt.Println(s.f.String())
+	}
 }
 
 type edgeState struct {

src/cmd/compile/internal/syntax/parser_test.go

@@ -96,7 +96,7 @@ func walkDirs(t *testing.T, dir string, action func(string)) {
 			}
 		} else if fi.IsDir() && fi.Name() != "testdata" {
 			path := filepath.Join(dir, fi.Name())
-			if !strings.HasSuffix(path, "/test") {
+			if !strings.HasSuffix(path, string(filepath.Separator)+"test") {
 				dirs = append(dirs, path)
 			}
 		}

src/cmd/cover/func.go

@@ -191,6 +191,10 @@ func findPkgs(profiles []*Profile) (map[string]*Pkg, error) {
 		}
 	}
 
+	if len(list) == 0 {
+		return pkgs, nil
+	}
+
 	// Note: usually run as "go tool cover" in which case $GOROOT is set,
 	// in which case runtime.GOROOT() does exactly what we want.
 	goTool := filepath.Join(runtime.GOROOT(), "bin/go")

src/cmd/doc/doc_test.go

@@ -920,6 +920,9 @@ func TestDotSlashLookup(t *testing.T) {
 		t.Skip("scanning file system takes too long")
 	}
 	maybeSkip(t)
+	if runtime.GOOS == "windows" {
+		t.Skip("known Windows test failure on release-branch.go1.13; fix is in CL 204442 but requires non-test code changes unlikely to be appropriate for backporting this late")
+	}
 	where, err := os.Getwd()
 	if err != nil {
 		t.Fatal(err)

src/cmd/go.mod

@@ -5,8 +5,8 @@ go 1.12
 require (
 	github.com/google/pprof v0.0.0-20190515194954-54271f7e092f
 	github.com/ianlancetaylor/demangle v0.0.0-20180524225900-fc6590592b44 // indirect
-	golang.org/x/arch v0.0.0-20181203225421-5a4828bb7045
+	golang.org/x/arch v0.0.0-20190815191158-8a70ba74b3a1
 	golang.org/x/crypto v0.0.0-20190325154230-a5d413f7728c
 	golang.org/x/sys v0.0.0-20190502175342-a43fa875dd82 // indirect
-	golang.org/x/tools v0.0.0-20190611154301-25a4f137592f
+	golang.org/x/tools v0.0.0-20200615191743-991d59a616de
 )

src/cmd/go.sum

@@ -2,8 +2,8 @@ github.com/google/pprof v0.0.0-20190515194954-54271f7e092f h1:Jnx61latede7zDD3Di
 github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
 github.com/ianlancetaylor/demangle v0.0.0-20180524225900-fc6590592b44 h1:pKqc8lAAA6rcwpvsephnRuZp4VHbfszZRClvqAE6Sq8=
 github.com/ianlancetaylor/demangle v0.0.0-20180524225900-fc6590592b44/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
-golang.org/x/arch v0.0.0-20181203225421-5a4828bb7045 h1:Pn8fQdvx+z1avAi7fdM2kRYWQNxGlavNDSyzrQg2SsU=
-golang.org/x/arch v0.0.0-20181203225421-5a4828bb7045/go.mod h1:cYlCBUl1MsqxdiKgmc4uh7TxZfWSFLOGSRR090WDxt8=
+golang.org/x/arch v0.0.0-20190815191158-8a70ba74b3a1 h1:A71BZbKSu+DtCNry/x5JKn20C+64DirDHmePEA8k0FY=
+golang.org/x/arch v0.0.0-20190815191158-8a70ba74b3a1/go.mod h1:flIaEI6LNU6xOCD5PaJvn9wGP0agmIOqjrtsKGRguv4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190325154230-a5d413f7728c h1:Vj5n4GlwjmQteupaxJ9+0FNOmBrHfq7vN4btdGoDZgI=
 golang.org/x/crypto v0.0.0-20190325154230-a5d413f7728c/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
@@ -15,5 +15,6 @@ golang.org/x/sys v0.0.0-20190502175342-a43fa875dd82 h1:vsphBvatvfbhlb4PO1BYSr9dz
 golang.org/x/sys v0.0.0-20190502175342-a43fa875dd82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/tools v0.0.0-20190611154301-25a4f137592f h1:6awn5JC4pwVI5HiBqs7MDtRxnwV9PpO5iSA9v6P09pA=
-golang.org/x/tools v0.0.0-20190611154301-25a4f137592f/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
+golang.org/x/tools v0.0.0-20200615191743-991d59a616de h1:kFKSx8iHlOzmtGWtfJW+b2UzcJ+rMWHHyUBpjrZq8To=
+golang.org/x/tools v0.0.0-20200615191743-991d59a616de/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
+rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=

src/cmd/go/alldocs.go

@@ -1018,7 +1018,6 @@
 //         Dir      string // absolute path to cached source root directory
 //         Sum      string // checksum for path, version (as in go.sum)
 //         GoModSum string // checksum for go.mod (as in go.sum)
-//         Latest   bool   // would @latest resolve to this version?
 //     }
 //
 // See 'go help modules' for more about module queries.

src/cmd/go/go_boring_test.go

@@ -0,0 +1,20 @@
+// Copyright 2015 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package main_test
+
+import "testing"
+
+func TestBoringInternalLink(t *testing.T) {
+	tg := testgo(t)
+	defer tg.cleanup()
+	tg.parallel()
+	tg.tempFile("main.go", `package main
+		import "crypto/sha1"
+		func main() {
+			sha1.New()
+		}`)
+	tg.run("build", "-ldflags=-w -extld=false", tg.path("main.go"))
+	tg.run("build", "-ldflags=-extld=false", tg.path("main.go"))
+}

src/cmd/go/go_test.go

@@ -4259,8 +4259,12 @@ func TestBinaryOnlyPackages(t *testing.T) {
 	tg.grepStdout("p2: false", "p2 listed as BinaryOnly")
 }
 
-// Issue 16050.
-func TestAlwaysLinkSysoFiles(t *testing.T) {
+// Issue 16050 and 21884.
+func TestLinkSysoFiles(t *testing.T) {
+	if runtime.GOOS != "linux" || runtime.GOARCH != "amd64" {
+		t.Skip("not linux/amd64")
+	}
+
 	tg := testgo(t)
 	defer tg.cleanup()
 	tg.parallel()
@@ -4279,6 +4283,10 @@ func TestAlwaysLinkSysoFiles(t *testing.T) {
 	tg.setenv("CGO_ENABLED", "0")
 	tg.run("list", "-f", "{{.SysoFiles}}", "syso")
 	tg.grepStdout("a.syso", "missing syso file with CGO_ENABLED=0")
+
+	tg.setenv("CGO_ENABLED", "1")
+	tg.run("list", "-msan", "-f", "{{.SysoFiles}}", "syso")
+	tg.grepStdoutNot("a.syso", "unexpected syso file with -msan")
 }
 
 // Issue 16120.
@@ -4878,45 +4886,6 @@ func TestGoTestRaceCoverModeFailures(t *testing.T) {
 	tg.grepBothNot("PASS", "something passed")
 }
 
-// Issue 9737: verify that GOARM and GO386 affect the computed build ID.
-func TestBuildIDContainsArchModeEnv(t *testing.T) {
-	if testing.Short() {
-		t.Skip("skipping in short mode")
-	}
-
-	var tg *testgoData
-	testWith := func(before, after func()) func(*testing.T) {
-		return func(t *testing.T) {
-			tg = testgo(t)
-			defer tg.cleanup()
-			tg.tempFile("src/mycmd/x.go", `package main
-func main() {}`)
-			tg.setenv("GOPATH", tg.path("."))
-
-			tg.cd(tg.path("src/mycmd"))
-			tg.setenv("GOOS", "linux")
-			before()
-			tg.run("install", "mycmd")
-			after()
-			tg.wantStale("mycmd", "stale dependency", "should be stale after environment variable change")
-		}
-	}
-
-	t.Run("386", testWith(func() {
-		tg.setenv("GOARCH", "386")
-		tg.setenv("GO386", "387")
-	}, func() {
-		tg.setenv("GO386", "sse2")
-	}))
-
-	t.Run("arm", testWith(func() {
-		tg.setenv("GOARCH", "arm")
-		tg.setenv("GOARM", "5")
-	}, func() {
-		tg.setenv("GOARM", "7")
-	}))
-}
-
 func TestTestRegexps(t *testing.T) {
 	tg := testgo(t)
 	defer tg.cleanup()

src/cmd/go/internal/generate/generate.go

@@ -22,6 +22,7 @@ import (
 	"cmd/go/internal/cfg"
 	"cmd/go/internal/load"
 	"cmd/go/internal/modload"
+	"cmd/go/internal/str"
 	"cmd/go/internal/work"
 )
 
@@ -438,7 +439,7 @@ func (g *Generator) exec(words []string) {
 	cmd.Stderr = os.Stderr
 	// Run the command in the package directory.
 	cmd.Dir = g.dir
-	cmd.Env = append(cfg.OrigEnv, g.env...)
+	cmd.Env = str.StringList(cfg.OrigEnv, g.env)
 	err := cmd.Run()
 	if err != nil {
 		g.errorf("running %q: %s", words[0], err)

src/cmd/go/internal/get/vcs.go

@@ -164,8 +164,14 @@ var vcsGit = &vcsCmd{
 	// See golang.org/issue/9032.
 	tagSyncDefault: []string{"submodule update --init --recursive"},
 
-	scheme:     []string{"git", "https", "http", "git+ssh", "ssh"},
-	pingCmd:    "ls-remote -- {scheme}://{repo}",
+	scheme: []string{"git", "https", "http", "git+ssh", "ssh"},
+
+	// Leave out the '--' separator in the ls-remote command: git 2.7.4 does not
+	// support such a separator for that command, and this use should be safe
+	// without it because the {scheme} value comes from the predefined list above.
+	// See golang.org/issue/33836.
+	pingCmd: "ls-remote {scheme}://{repo}",
+
 	remoteRepo: gitRemoteRepo,
 }
 
@@ -898,7 +904,7 @@ func metaImportsForPrefix(importPrefix string, mod ModuleMode, security web.Secu
 		}
 		resp, err := web.Get(security, url)
 		if err != nil {
-			return setCache(fetchResult{url: url, err: fmt.Errorf("fetch %s: %v", resp.URL, err)})
+			return setCache(fetchResult{url: url, err: fmt.Errorf("fetching %s: %v", importPrefix, err)})
 		}
 		body := resp.Body
 		defer body.Close()
@@ -907,7 +913,7 @@ func metaImportsForPrefix(importPrefix string, mod ModuleMode, security web.Secu
 			return setCache(fetchResult{url: url, err: fmt.Errorf("parsing %s: %v", resp.URL, err)})
 		}
 		if len(imports) == 0 {
-			err = fmt.Errorf("fetch %s: no go-import meta tag", url)
+			err = fmt.Errorf("fetching %s: no go-import meta tag found in %s", importPrefix, resp.URL)
 		}
 		return setCache(fetchResult{url: url, imports: imports, err: err})
 	})

src/cmd/go/internal/load/pkg.go

@@ -278,6 +278,12 @@ func (p *Package) copyBuild(pp *build.Package) {
 	p.SwigFiles = pp.SwigFiles
 	p.SwigCXXFiles = pp.SwigCXXFiles
 	p.SysoFiles = pp.SysoFiles
+	if cfg.BuildMSan {
+		// There's no way for .syso files to be built both with and without
+		// support for memory sanitizer. Assume they are built without,
+		// and drop them.
+		p.SysoFiles = nil
+	}
 	p.CgoCFLAGS = pp.CgoCFLAGS
 	p.CgoCPPFLAGS = pp.CgoCPPFLAGS
 	p.CgoCXXFLAGS = pp.CgoCXXFLAGS
@@ -1950,9 +1956,14 @@ func Packages(args []string) []*Package {
 // cannot be loaded at all.
 // The packages that fail to load will have p.Error != nil.
 func PackagesAndErrors(patterns []string) []*Package {
-	if len(patterns) > 0 {
-		for _, p := range patterns {
-			if strings.HasSuffix(p, ".go") {
+	for _, p := range patterns {
+		// Listing is only supported with all patterns referring to either:
+		// - Files that are part of the same directory.
+		// - Explicit package paths or patterns.
+		if strings.HasSuffix(p, ".go") {
+			// We need to test whether the path is an actual Go file and not a
+			// package path or pattern ending in '.go' (see golang.org/issue/34653).
+			if fi, err := os.Stat(p); err == nil && !fi.IsDir() {
 				return []*Package{GoFilesPackage(patterns)}
 			}
 		}

src/cmd/go/internal/load/test.go

@@ -399,10 +399,13 @@ func recompileForTest(pmain, preal, ptest, pxtest *Package) {
 			}
 		}
 
-		// Don't compile build info from a main package. This can happen
-		// if -coverpkg patterns include main packages, since those packages
-		// are imported by pmain. See golang.org/issue/30907.
-		if p.Internal.BuildInfo != "" && p != pmain {
+		// Force main packages the test imports to be built as libraries.
+		// Normal imports of main packages are forbidden by the package loader,
+		// but this can still happen if -coverpkg patterns include main packages:
+		// covered packages are imported by pmain. Linking multiple packages
+		// compiled with '-p main' causes duplicate symbol errors.
+		// See golang.org/issue/30907, golang.org/issue/34114.
+		if p.Name == "main" && p != pmain && p != ptest {
 			split()
 		}
 	}

src/cmd/go/internal/modcmd/download.go

@@ -43,7 +43,6 @@ corresponding to this Go struct:
         Dir      string // absolute path to cached source root directory
         Sum      string // checksum for path, version (as in go.sum)
         GoModSum string // checksum for go.mod (as in go.sum)
-        Latest   bool   // would @latest resolve to this version?
     }
 
 See 'go help modules' for more about module queries.
@@ -66,7 +65,6 @@ type moduleJSON struct {
 	Dir      string `json:",omitempty"`
 	Sum      string `json:",omitempty"`
 	GoModSum string `json:",omitempty"`
-	Latest   bool   `json:",omitempty"`
 }
 
 func runDownload(cmd *base.Command, args []string) {
@@ -105,31 +103,6 @@ func runDownload(cmd *base.Command, args []string) {
 		work.Add(m)
 	}
 
-	latest := map[string]string{} // path → version
-	if *downloadJSON {
-		// We need to populate the Latest field, but if the main module depends on a
-		// version newer than latest — or if the version requested on the command
-		// line is itself newer than latest — that's not trivial to determine from
-		// the info returned by ListModules. Instead, we issue a separate
-		// ListModules request for "latest", which should be inexpensive relative to
-		// downloading the modules.
-		var latestArgs []string
-		for _, m := range mods {
-			if m.Error != "" {
-				continue
-			}
-			latestArgs = append(latestArgs, m.Path+"@latest")
-		}
-
-		if len(latestArgs) > 0 {
-			for _, info := range modload.ListModules(latestArgs, listU, listVersions) {
-				if info.Version != "" {
-					latest[info.Path] = info.Version
-				}
-			}
-		}
-	}
-
 	work.Do(10, func(item interface{}) {
 		m := item.(*moduleJSON)
 		var err error
@@ -160,9 +133,6 @@ func runDownload(cmd *base.Command, args []string) {
 			m.Error = err.Error()
 			return
 		}
-		if latest[m.Path] == m.Version {
-			m.Latest = true
-		}
 	})
 
 	if *downloadJSON {

src/cmd/go/internal/modcmd/verify.go

@@ -7,6 +7,7 @@ package modcmd
 import (
 	"bytes"
 	"cmd/go/internal/cfg"
+	"errors"
 	"fmt"
 	"io/ioutil"
 	"os"
@@ -61,12 +62,10 @@ func verifyMod(mod module.Version) bool {
 		_, zipErr = os.Stat(zip)
 	}
 	dir, dirErr := modfetch.DownloadDir(mod)
-	if dirErr == nil {
-		_, dirErr = os.Stat(dir)
-	}
 	data, err := ioutil.ReadFile(zip + "hash")
 	if err != nil {
-		if zipErr != nil && os.IsNotExist(zipErr) && dirErr != nil && os.IsNotExist(dirErr) {
+		if zipErr != nil && errors.Is(zipErr, os.ErrNotExist) &&
+			dirErr != nil && errors.Is(dirErr, os.ErrNotExist) {
 			// Nothing downloaded yet. Nothing to verify.
 			return true
 		}
@@ -75,7 +74,7 @@ func verifyMod(mod module.Version) bool {
 	}
 	h := string(bytes.TrimSpace(data))
 
-	if zipErr != nil && os.IsNotExist(zipErr) {
+	if zipErr != nil && errors.Is(zipErr, os.ErrNotExist) {
 		// ok
 	} else {
 		hZ, err := dirhash.HashZip(zip, dirhash.DefaultHash)
@@ -87,7 +86,7 @@ func verifyMod(mod module.Version) bool {
 			ok = false
 		}
 	}
-	if dirErr != nil && os.IsNotExist(dirErr) {
+	if dirErr != nil && errors.Is(dirErr, os.ErrNotExist) {
 		// ok
 	} else {
 		hD, err := dirhash.HashDir(dir, mod.Path+"@"+mod.Version, dirhash.DefaultHash)

src/cmd/go/internal/modfetch/cache.go

@@ -7,6 +7,7 @@ package modfetch
 import (
 	"bytes"
 	"encoding/json"
+	"errors"
 	"fmt"
 	"io"
 	"io/ioutil"
@@ -57,8 +58,11 @@ func CachePath(m module.Version, suffix string) (string, error) {
 	return filepath.Join(dir, encVer+"."+suffix), nil
 }
 
-// DownloadDir returns the directory to which m should be downloaded.
-// Note that the directory may not yet exist.
+// DownloadDir returns the directory to which m should have been downloaded.
+// An error will be returned if the module path or version cannot be escaped.
+// An error satisfying errors.Is(err, os.ErrNotExist) will be returned
+// along with the directory if the directory does not exist or if the directory
+// is not completely populated.
 func DownloadDir(m module.Version) (string, error) {
 	if PkgMod == "" {
 		return "", fmt.Errorf("internal error: modfetch.PkgMod not set")
@@ -77,9 +81,39 @@ func DownloadDir(m module.Version) (string, error) {
 	if err != nil {
 		return "", err
 	}
-	return filepath.Join(PkgMod, enc+"@"+encVer), nil
+
+	dir := filepath.Join(PkgMod, enc+"@"+encVer)
+	if fi, err := os.Stat(dir); os.IsNotExist(err) {
+		return dir, err
+	} else if err != nil {
+		return dir, &DownloadDirPartialError{dir, err}
+	} else if !fi.IsDir() {
+		return dir, &DownloadDirPartialError{dir, errors.New("not a directory")}
+	}
+	partialPath, err := CachePath(m, "partial")
+	if err != nil {
+		return dir, err
+	}
+	if _, err := os.Stat(partialPath); err == nil {
+		return dir, &DownloadDirPartialError{dir, errors.New("not completely extracted")}
+	} else if !os.IsNotExist(err) {
+		return dir, err
+	}
+	return dir, nil
 }
 
+// DownloadDirPartialError is returned by DownloadDir if a module directory
+// exists but was not completely populated.
+//
+// DownloadDirPartialError is equivalent to os.ErrNotExist.
+type DownloadDirPartialError struct {
+	Dir string
+	Err error
+}
+
+func (e *DownloadDirPartialError) Error() string     { return fmt.Sprintf("%s: %v", e.Dir, e.Err) }
+func (e *DownloadDirPartialError) Is(err error) bool { return err == os.ErrNotExist }
+
 // lockVersion locks a file within the module cache that guards the downloading
 // and extraction of the zipfile for the given module version.
 func lockVersion(mod module.Version) (unlock func(), err error) {

src/cmd/go/internal/modfetch/codehost/git.go

@@ -241,13 +241,6 @@ func (r *gitRepo) findRef(hash string) (ref string, ok bool) {
 	return "", false
 }
 
-func unshallow(gitDir string) []string {
-	if _, err := os.Stat(filepath.Join(gitDir, "shallow")); err == nil {
-		return []string{"--unshallow"}
-	}
-	return []string{}
-}
-
 // minHashDigits is the minimum number of digits to require
 // before accepting a hex digit sequence as potentially identifying
 // a specific commit in a git repo. (Of course, users can always
@@ -397,29 +390,27 @@ func (r *gitRepo) stat(rev string) (*RevInfo, error) {
 // fetchRefsLocked requires that r.mu remain locked for the duration of the call.
 func (r *gitRepo) fetchRefsLocked() error {
 	if r.fetchLevel < fetchAll {
-		if err := r.fetchUnshallow("refs/heads/*:refs/heads/*", "refs/tags/*:refs/tags/*"); err != nil {
+		// NOTE: To work around a bug affecting Git clients up to at least 2.23.0
+		// (2019-08-16), we must first expand the set of local refs, and only then
+		// unshallow the repository as a separate fetch operation. (See
+		// golang.org/issue/34266 and
+		// https://github.com/git/git/blob/4c86140027f4a0d2caaa3ab4bd8bfc5ce3c11c8a/transport.c#L1303-L1309.)
+
+		if _, err := Run(r.dir, "git", "fetch", "-f", r.remote, "refs/heads/*:refs/heads/*", "refs/tags/*:refs/tags/*"); err != nil {
 			return err
 		}
+
+		if _, err := os.Stat(filepath.Join(r.dir, "shallow")); err == nil {
+			if _, err := Run(r.dir, "git", "fetch", "--unshallow", "-f", r.remote); err != nil {
+				return err
+			}
+		}
+
 		r.fetchLevel = fetchAll
 	}
 	return nil
 }
 
-func (r *gitRepo) fetchUnshallow(refSpecs ...string) error {
-	// To work around a protocol version 2 bug that breaks --unshallow,
-	// add -c protocol.version=0.
-	// TODO(rsc): The bug is believed to be server-side, meaning only
-	// on Google's Git servers. Once the servers are fixed, drop the
-	// protocol.version=0. See Google-internal bug b/110495752.
-	var protoFlag []string
-	unshallowFlag := unshallow(r.dir)
-	if len(unshallowFlag) > 0 {
-		protoFlag = []string{"-c", "protocol.version=0"}
-	}
-	_, err := Run(r.dir, "git", protoFlag, "fetch", unshallowFlag, "-f", r.remote, refSpecs)
-	return err
-}
-
 // statLocal returns a RevInfo describing rev in the local git repository.
 // It uses version as info.Version.
 func (r *gitRepo) statLocal(version, rev string) (*RevInfo, error) {
@@ -539,39 +530,10 @@ func (r *gitRepo) ReadFileRevs(revs []string, file string, maxSize int64) (map[s
 	}
 	defer unlock()
 
-	var refs []string
-	var protoFlag []string
-	var unshallowFlag []string
-	for _, tag := range redo {
-		refs = append(refs, "refs/tags/"+tag+":refs/tags/"+tag)
-	}
-	if len(refs) > 1 {
-		unshallowFlag = unshallow(r.dir)
-		if len(unshallowFlag) > 0 {
-			// To work around a protocol version 2 bug that breaks --unshallow,
-			// add -c protocol.version=0.
-			// TODO(rsc): The bug is believed to be server-side, meaning only
-			// on Google's Git servers. Once the servers are fixed, drop the
-			// protocol.version=0. See Google-internal bug b/110495752.
-			protoFlag = []string{"-c", "protocol.version=0"}
-		}
-	}
-	if _, err := Run(r.dir, "git", protoFlag, "fetch", unshallowFlag, "-f", r.remote, refs); err != nil {
+	if err := r.fetchRefsLocked(); err != nil {
 		return nil, err
 	}
 
-	// TODO(bcmills): after the 1.11 freeze, replace the block above with:
-	//	if r.fetchLevel <= fetchSome {
-	//		r.fetchLevel = fetchSome
-	//		var refs []string
-	//		for _, tag := range redo {
-	//			refs = append(refs, "refs/tags/"+tag+":refs/tags/"+tag)
-	//		}
-	//		if _, err := Run(r.dir, "git", "fetch", "--update-shallow", "-f", r.remote, refs); err != nil {
-	//			return nil, err
-	//		}
-	//	}
-
 	if _, err := r.readFileRevs(redo, file, files); err != nil {
 		return nil, err
 	}

src/cmd/go/internal/modfetch/coderepo_test.go

@@ -334,16 +334,6 @@ var codeRepoTests = []codeRepoTest{
 		time:    time.Date(2016, 12, 8, 18, 13, 25, 0, time.UTC),
 		gomod:   "module gopkg.in/check.v1\n",
 	},
-	{
-		vcs:     "git",
-		path:    "gopkg.in/yaml.v2",
-		rev:     "v2",
-		version: "v2.2.3-0.20190319135612-7b8349ac747c",
-		name:    "7b8349ac747c6a24702b762d2c4fd9266cf4f1d6",
-		short:   "7b8349ac747c",
-		time:    time.Date(2019, 03, 19, 13, 56, 12, 0, time.UTC),
-		gomod:   "module \"gopkg.in/yaml.v2\"\n\nrequire (\n\t\"gopkg.in/check.v1\" v0.0.0-20161208181325-20d25e280405\n)\n",
-	},
 	{
 		vcs:     "git",
 		path:    "vcs-test.golang.org/go/mod/gitrepo1",

src/cmd/go/internal/modfetch/fetch.go

@@ -7,6 +7,7 @@ package modfetch
 import (
 	"archive/zip"
 	"bytes"
+	"errors"
 	"fmt"
 	"io"
 	"io/ioutil"
@@ -22,6 +23,7 @@ import (
 	"cmd/go/internal/module"
 	"cmd/go/internal/par"
 	"cmd/go/internal/renameio"
+	"cmd/go/internal/robustio"
 )
 
 var downloadCache par.Cache
@@ -41,24 +43,27 @@ func Download(mod module.Version) (dir string, err error) {
 		err error
 	}
 	c := downloadCache.Do(mod, func() interface{} {
-		dir, err := DownloadDir(mod)
+		dir, err := download(mod)
 		if err != nil {
 			return cached{"", err}
 		}
-		if err := download(mod, dir); err != nil {
-			return cached{"", err}
-		}
 		checkMod(mod)
 		return cached{dir, nil}
 	}).(cached)
 	return c.dir, c.err
 }
 
-func download(mod module.Version, dir string) (err error) {
-	// If the directory exists, the module has already been extracted.
-	fi, err := os.Stat(dir)
-	if err == nil && fi.IsDir() {
-		return nil
+func download(mod module.Version) (dir string, err error) {
+	// If the directory exists, and no .partial file exists,
+	// the module has already been completely extracted.
+	// .partial files may be created when future versions of cmd/go
+	// extract module zip directories in place instead of extracting
+	// to a random temporary directory and renaming.
+	dir, err = DownloadDir(mod)
+	if err == nil {
+		return dir, nil
+	} else if dir == "" || !errors.Is(err, os.ErrNotExist) {
+		return "", err
 	}
 
 	// To avoid cluttering the cache with extraneous files,
@@ -66,7 +71,7 @@ func download(mod module.Version, dir string) (err error) {
 	// Invoke DownloadZip before locking the file.
 	zipfile, err := DownloadZip(mod)
 	if err != nil {
-		return err
+		return "", err
 	}
 
 	if cfg.CmdName != "mod download" {
@@ -75,17 +80,19 @@ func download(mod module.Version, dir string) (err error) {
 
 	unlock, err := lockVersion(mod)
 	if err != nil {
-		return err
+		return "", err
 	}
 	defer unlock()
 
 	// Check whether the directory was populated while we were waiting on the lock.
-	fi, err = os.Stat(dir)
-	if err == nil && fi.IsDir() {
-		return nil
+	_, dirErr := DownloadDir(mod)
+	if dirErr == nil {
+		return dir, nil
 	}
+	_, dirExists := dirErr.(*DownloadDirPartialError)
 
-	// Clean up any remaining temporary directories from previous runs.
+	// Clean up any remaining temporary directories from previous runs, as well
+	// as partially extracted diectories created by future versions of cmd/go.
 	// This is only safe to do because the lock file ensures that their writers
 	// are no longer active.
 	parentDir := filepath.Dir(dir)
@@ -95,6 +102,19 @@ func download(mod module.Version, dir string) (err error) {
 			RemoveAll(path) // best effort
 		}
 	}
+	if dirExists {
+		if err := RemoveAll(dir); err != nil {
+			return "", err
+		}
+	}
+
+	partialPath, err := CachePath(mod, "partial")
+	if err != nil {
+		return "", err
+	}
+	if err := os.Remove(partialPath); err != nil && !os.IsNotExist(err) {
+		return "", err
+	}
 
 	// Extract the zip file to a temporary directory, then rename it to the
 	// final path. That way, we can use the existence of the source directory to
@@ -102,11 +122,11 @@ func download(mod module.Version, dir string) (err error) {
 	// the entire directory (e.g. as an attempt to prune out file corruption)
 	// the module cache will still be left in a recoverable state.
 	if err := os.MkdirAll(parentDir, 0777); err != nil {
-		return err
+		return "", err
 	}
 	tmpDir, err := ioutil.TempDir(parentDir, tmpPrefix)
 	if err != nil {
-		return err
+		return "", err
 	}
 	defer func() {
 		if err != nil {
@@ -117,17 +137,17 @@ func download(mod module.Version, dir string) (err error) {
 	modpath := mod.Path + "@" + mod.Version
 	if err := Unzip(tmpDir, zipfile, modpath, 0); err != nil {
 		fmt.Fprintf(os.Stderr, "-> %s\n", err)
-		return err
+		return "", err
 	}
 
-	if err := os.Rename(tmpDir, dir); err != nil {
-		return err
+	if err := robustio.Rename(tmpDir, dir); err != nil {
+		return "", err
 	}
 
 	// Make dir read-only only *after* renaming it.
 	// os.Rename was observed to fail for read-only directories on macOS.
 	makeDirsReadOnly(dir)
-	return nil
+	return dir, nil
 }
 
 var downloadZipCache par.Cache

src/cmd/go/internal/modget/get.go

@@ -452,10 +452,13 @@ func runGet(cmd *base.Command, args []string) {
 	// This includes explicitly requested modules that don't have a root package
 	// and modules with a target version of "none".
 	var wg sync.WaitGroup
+	var modOnlyMu sync.Mutex
 	modOnly := make(map[string]*query)
 	for _, q := range queries {
 		if q.m.Version == "none" {
+			modOnlyMu.Lock()
 			modOnly[q.m.Path] = q
+			modOnlyMu.Unlock()
 			continue
 		}
 		if q.path == q.m.Path {
@@ -464,7 +467,9 @@ func runGet(cmd *base.Command, args []string) {
 				if hasPkg, err := modload.ModuleHasRootPackage(q.m); err != nil {
 					base.Errorf("go get: %v", err)
 				} else if !hasPkg {
+					modOnlyMu.Lock()
 					modOnly[q.m.Path] = q
+					modOnlyMu.Unlock()
 				}
 				wg.Done()
 			}(q)

src/cmd/go/internal/modload/build.go

@@ -143,9 +143,7 @@ func moduleInfo(m module.Version, fromBuildList bool) *modinfo.ModulePublic {
 			}
 			dir, err := modfetch.DownloadDir(mod)
 			if err == nil {
-				if info, err := os.Stat(dir); err == nil && info.IsDir() {
-					m.Dir = dir
-				}
+				m.Dir = dir
 			}
 		}
 	}

src/cmd/go/internal/modload/import_test.go

@@ -21,7 +21,7 @@ var importTests = []struct {
 	},
 	{
 		path: "golang.org/x/net",
-		err:  "module golang.org/x/net@.* found, but does not contain package golang.org/x/net",
+		err:  `module golang.org/x/net@.* found \(v0.0.0-.*\), but does not contain package golang.org/x/net`,
 	},
 	{
 		path: "golang.org/x/text",

src/cmd/go/internal/modload/load.go

@@ -1140,7 +1140,7 @@ func (r *mvsReqs) required(mod module.Version) ([]module.Version, error) {
 	if mpath := f.Module.Mod.Path; mpath != origPath && mpath != mod.Path {
 		return nil, module.VersionError(mod, fmt.Errorf(`parsing go.mod:
 	module declares its path as: %s
-	        but was required as: %s`, mod.Path, mpath))
+	        but was required as: %s`, mpath, mod.Path))
 	}
 	if f.Go != nil {
 		r.versions.LoadOrStore(mod, f.Go.Version)
@@ -1205,6 +1205,11 @@ func (*mvsReqs) next(m module.Version) (module.Version, error) {
 	return module.Version{Path: m.Path, Version: "none"}, nil
 }
 
+// fetch downloads the given module (or its replacement)
+// and returns its location.
+//
+// The isLocal return value reports whether the replacement,
+// if any, is local to the filesystem.
 func fetch(mod module.Version) (dir string, isLocal bool, err error) {
 	if mod == Target {
 		return ModRoot(), true, nil

src/cmd/go/internal/modload/query.go

@@ -381,9 +381,10 @@ func QueryPattern(pattern, query string, allowed func(module.Version) bool) ([]Q
 			r.Packages = match(r.Mod, root, isLocal)
 			if len(r.Packages) == 0 {
 				return r, &PackageNotInModuleError{
-					Mod:     r.Mod,
-					Query:   query,
-					Pattern: pattern,
+					Mod:         r.Mod,
+					Replacement: Replacement(r.Mod),
+					Query:       query,
+					Pattern:     pattern,
 				}
 			}
 			return r, nil
@@ -471,7 +472,17 @@ func queryPrefixModules(candidateModules []string, queryModule func(path string)
 					notExistErr = rErr
 				}
 			} else if err == nil {
-				err = r.err
+				if len(found) > 0 || noPackage != nil {
+					// golang.org/issue/34094: If we have already found a module that
+					// could potentially contain the target package, ignore unclassified
+					// errors for modules with shorter paths.
+
+					// golang.org/issue/34383 is a special case of this: if we have
+					// already found example.com/foo/v2@v2.0.0 with a matching go.mod
+					// file, ignore the error from example.com/foo@v2.0.0.
+				} else {
+					err = r.err
+				}
 			}
 		}
 	}
@@ -526,21 +537,32 @@ func (e *NoMatchingVersionError) Error() string {
 // code for the versions it knows about, and thus did not have the opportunity
 // to return a non-400 status code to suppress fallback.
 type PackageNotInModuleError struct {
-	Mod     module.Version
-	Query   string
-	Pattern string
+	Mod         module.Version
+	Replacement module.Version
+	Query       string
+	Pattern     string
 }
 
 func (e *PackageNotInModuleError) Error() string {
 	found := ""
-	if e.Query != e.Mod.Version {
+	if r := e.Replacement; r.Path != "" {
+		replacement := r.Path
+		if r.Version != "" {
+			replacement = fmt.Sprintf("%s@%s", r.Path, r.Version)
+		}
+		if e.Query == e.Mod.Version {
+			found = fmt.Sprintf(" (replaced by %s)", replacement)
+		} else {
+			found = fmt.Sprintf(" (%s, replaced by %s)", e.Mod.Version, replacement)
+		}
+	} else if e.Query != e.Mod.Version {
 		found = fmt.Sprintf(" (%s)", e.Mod.Version)
 	}
 
 	if strings.Contains(e.Pattern, "...") {
-		return fmt.Sprintf("module %s@%s%s found, but does not contain packages matching %s", e.Mod.Path, e.Query, found, e.Pattern)
+		return fmt.Sprintf("module %s@%s found%s, but does not contain packages matching %s", e.Mod.Path, e.Query, found, e.Pattern)
 	}
-	return fmt.Sprintf("module %s@%s%s found, but does not contain package %s", e.Mod.Path, e.Query, found, e.Pattern)
+	return fmt.Sprintf("module %s@%s found%s, but does not contain package %s", e.Mod.Path, e.Query, found, e.Pattern)
 }
 
 // ModuleHasRootPackage returns whether module m contains a package m.Path.

src/cmd/go/internal/robustio/robustio_windows.go

@@ -14,7 +14,7 @@ import (
 	"time"
 )
 
-const arbitraryTimeout = 500 * time.Millisecond
+const arbitraryTimeout = 2000 * time.Millisecond
 
 // retry retries ephemeral errors from f up to an arbitrary timeout
 // to work around spurious filesystem errors on Windows

src/cmd/go/internal/search/search.go

@@ -363,30 +363,40 @@ func ImportPathsQuiet(patterns []string) []*Match {
 
 // CleanPatterns returns the patterns to use for the given
 // command line. It canonicalizes the patterns but does not
-// evaluate any matches.
+// evaluate any matches. It preserves text after '@' for commands
+// that accept versions.
 func CleanPatterns(patterns []string) []string {
 	if len(patterns) == 0 {
 		return []string{"."}
 	}
 	var out []string
 	for _, a := range patterns {
+		var p, v string
+		if i := strings.IndexByte(a, '@'); i < 0 {
+			p = a
+		} else {
+			p = a[:i]
+			v = a[i:]
+		}
+
 		// Arguments are supposed to be import paths, but
 		// as a courtesy to Windows developers, rewrite \ to /
 		// in command-line arguments. Handles .\... and so on.
 		if filepath.Separator == '\\' {
-			a = strings.ReplaceAll(a, `\`, `/`)
+			p = strings.ReplaceAll(p, `\`, `/`)
 		}
 
 		// Put argument in canonical form, but preserve leading ./.
-		if strings.HasPrefix(a, "./") {
-			a = "./" + path.Clean(a)
-			if a == "./." {
-				a = "."
+		if strings.HasPrefix(p, "./") {
+			p = "./" + path.Clean(p)
+			if p == "./." {
+				p = "."
 			}
 		} else {
-			a = path.Clean(a)
+			p = path.Clean(p)
 		}
-		out = append(out, a)
+
+		out = append(out, p+v)
 	}
 	return out
 }

src/cmd/go/internal/test/test.go

@@ -572,8 +572,9 @@ func runTest(cmd *base.Command, args []string) {
 	}
 
 	// Pass timeout to tests if it exists.
+	// Prepend rather than appending so that it appears before positional arguments.
 	if testActualTimeout > 0 {
-		testArgs = append(testArgs, "-test.timeout="+testActualTimeout.String())
+		testArgs = append([]string{"-test.timeout=" + testActualTimeout.String()}, testArgs...)
 	}
 
 	// show passing test output (after buffering) with -v flag.
@@ -1141,7 +1142,7 @@ func (c *runCache) builderRunTest(b *work.Builder, a *work.Action) error {
 
 	cmd := exec.Command(args[0], args[1:]...)
 	cmd.Dir = a.Package.Dir
-	cmd.Env = base.EnvForDir(cmd.Dir, cfg.OrigEnv)
+	cmd.Env = base.EnvForDir(cmd.Dir, cfg.OrigEnv[:len(cfg.OrigEnv):len(cfg.OrigEnv)])
 	cmd.Stdout = stdout
 	cmd.Stderr = stdout
 

src/cmd/go/internal/work/exec.go

@@ -200,14 +200,17 @@ func (b *Builder) buildActionID(a *Action) cache.ActionID {
 	// same compiler settings and can reuse each other's results.
 	// If not, the reason is already recorded in buildGcflags.
 	fmt.Fprintf(h, "compile\n")
+	// Only include the package directory if it may affect the output.
+	// We trim workspace paths for all packages when -trimpath is set.
 	// The compiler hides the exact value of $GOROOT
-	// when building things in GOROOT,
-	// but it does not hide the exact value of $GOPATH.
-	// Include the full dir in that case.
+	// when building things in GOROOT.
 	// Assume b.WorkDir is being trimmed properly.
-	if !p.Goroot && !strings.HasPrefix(p.Dir, b.WorkDir) {
+	if !p.Goroot && !cfg.BuildTrimpath && !strings.HasPrefix(p.Dir, b.WorkDir) {
 		fmt.Fprintf(h, "dir %s\n", p.Dir)
 	}
+	if p.Module != nil {
+		fmt.Fprintf(h, "go %s\n", p.Module.GoVersion)
+	}
 	fmt.Fprintf(h, "goos %s goarch %s\n", cfg.Goos, cfg.Goarch)
 	fmt.Fprintf(h, "import %q\n", p.ImportPath)
 	fmt.Fprintf(h, "omitdebug %v standard %v local %v prefix %q\n", p.Internal.OmitDebug, p.Standard, p.Internal.Local, p.Internal.LocalPrefix)
@@ -1030,7 +1033,7 @@ func (b *Builder) vet(a *Action) error {
 	// dependency tree turn on *more* analysis, as here.
 	// (The unsafeptr check does not write any facts for use by
 	// later vet runs.)
-	if a.Package.Goroot && !VetExplicit {
+	if a.Package.Goroot && !VetExplicit && VetTool == "" {
 		// Note that $GOROOT/src/buildall.bash
 		// does the same for the misc-compile trybots
 		// and should be updated if these flags are

src/cmd/go/script_test.go

@@ -441,10 +441,15 @@ func (ts *testScript) cmdCmp(neg bool, args []string) {
 		// It would be strange to say "this file can have any content except this precise byte sequence".
 		ts.fatalf("unsupported: ! cmp")
 	}
+	quiet := false
+	if len(args) > 0 && args[0] == "-q" {
+		quiet = true
+		args = args[1:]
+	}
 	if len(args) != 2 {
 		ts.fatalf("usage: cmp file1 file2")
 	}
-	ts.doCmdCmp(args, false)
+	ts.doCmdCmp(args, false, quiet)
 }
 
 // cmpenv compares two files with environment variable substitution.
@@ -452,13 +457,18 @@ func (ts *testScript) cmdCmpenv(neg bool, args []string) {
 	if neg {
 		ts.fatalf("unsupported: ! cmpenv")
 	}
+	quiet := false
+	if len(args) > 0 && args[0] == "-q" {
+		quiet = true
+		args = args[1:]
+	}
 	if len(args) != 2 {
 		ts.fatalf("usage: cmpenv file1 file2")
 	}
-	ts.doCmdCmp(args, true)
+	ts.doCmdCmp(args, true, quiet)
 }
 
-func (ts *testScript) doCmdCmp(args []string, env bool) {
+func (ts *testScript) doCmdCmp(args []string, env, quiet bool) {
 	name1, name2 := args[0], args[1]
 	var text1, text2 string
 	if name1 == "stdout" {
@@ -484,7 +494,9 @@ func (ts *testScript) doCmdCmp(args []string, env bool) {
 		return
 	}
 
-	fmt.Fprintf(&ts.log, "[diff -%s +%s]\n%s\n", name1, name2, diff(text1, text2))
+	if !quiet {
+		fmt.Fprintf(&ts.log, "[diff -%s +%s]\n%s\n", name1, name2, diff(text1, text2))
+	}
 	ts.fatalf("%s and %s differ", name1, name2)
 }
 

src/cmd/go/testdata/mod/example.com_badchain_c_v1.1.0.txt

@@ -1,7 +1,7 @@
 example.com/badchain/c v1.1.0
 
 -- .mod --
-module example.com/badchain/wrong
+module badchain.example.com/c
 -- .info --
 {"Version":"v1.1.0"}
 -- c.go --

src/cmd/go/testdata/mod/example.com_dotgo.go_v1.0.0.txt

@@ -0,0 +1,16 @@
+This module's path ends with ".go".
+Based on github.com/nats-io/nats.go.
+Used in regression tests for golang.org/issue/32483.
+
+-- .mod --
+module example.com/dotgo.go
+
+go 1.13
+-- .info --
+{"Version":"v1.0.0"}
+-- go.mod --
+module example.com/dotgo.go
+
+go 1.13
+-- dotgo.go --
+package dotgo

src/cmd/go/testdata/script/build_cache_arch_mode.txt

@@ -0,0 +1,27 @@
+# Issue 9737: verify that GOARM and GO386 affect the computed build ID
+
+[short] skip
+
+# 386
+cd $GOPATH/src/mycmd
+env GOOS=linux
+env GOARCH=386
+env GO386=387
+go install mycmd
+env GO386=sse2
+stale mycmd
+
+# arm
+cd $GOPATH/src/mycmd
+env GOOS=linux
+env GOARCH=arm
+env GOARM=5
+go install mycmd
+env GOARM=7
+stale mycmd
+
+
+-- mycmd/x.go --
+package main
+
+func main() {}

src/cmd/go/testdata/script/build_trimpath.txt

@@ -1,21 +1,93 @@
 [short] skip
-
-env -r GOROOT_REGEXP=$GOROOT
-env -r WORK_REGEXP=$WORK
-env GOROOT GOROOT_REGEXP WORK WORK_REGEXP
-
-go build -trimpath -o hello.exe hello.go
-! grep -q $GOROOT_REGEXP hello.exe
-! grep -q $WORK_REGEXP hello.exe
-
 env GO111MODULE=on
-go build -trimpath -o fortune.exe rsc.io/fortune
-! grep -q $GOROOT_REGEXP fortune.exe
-! grep -q $WORK_REGEXP fortune.exe
 
--- hello.go --
+# A binary built without -trimpath should contain the current workspace
+# and GOROOT for debugging and stack traces.
+cd a
+go build -o $WORK/paths-a.exe paths.go
+exec $WORK/paths-a.exe $WORK/paths-a.exe
+stdout 'binary contains GOPATH: true'
+stdout 'binary contains GOROOT: true'
+
+# A binary built with -trimpath should not contain the current workspace
+# or GOROOT.
+go build -trimpath -o $WORK/paths-a.exe paths.go
+exec $WORK/paths-a.exe $WORK/paths-a.exe
+stdout 'binary contains GOPATH: false'
+stdout 'binary contains GOROOT: false'
+
+# A binary from an external module built with -trimpath should not contain
+# the current workspace or GOROOT.
+cd $WORK
+go get -trimpath rsc.io/fortune
+exec $WORK/paths-a.exe $GOPATH/bin/fortune$GOEXE
+stdout 'binary contains GOPATH: false'
+stdout 'binary contains GOROOT: false'
+
+# Two binaries built from identical packages in different directories
+# should be identical.
+# TODO(golang.org/issue/35435): at the moment, they are not.
+#mkdir $GOPATH/src/b
+#cp $GOPATH/src/a/go.mod $GOPATH/src/b/go.mod
+#cp $GOPATH/src/a/paths.go $GOPATH/src/b/paths.go
+#cd $GOPATH/src/b
+#go build -trimpath -o $WORK/paths-b.exe .
+#cmp -q $WORK/paths-a.exe $WORK/paths-b.exe
+
+[!exec:gccgo] stop
+
+# A binary built with gccgo without -trimpath should contain the current
+# GOPATH and GOROOT.
+env GO111MODULE=off # The current released gccgo does not support builds in module mode.
+cd $GOPATH/src/a
+go build -compiler=gccgo -o $WORK/gccgo-paths-a.exe .
+exec $WORK/gccgo-paths-a.exe $WORK/gccgo-paths-b.exe
+stdout 'binary contains GOPATH: true'
+stdout 'binary contains GOROOT: true'
+
+# A binary built with gccgo with -trimpath should not contain GOPATH or GOROOT.
+go build -compiler=gccgo -trimpath -o $WORK/gccgo-paths-a.exe .
+exec $WORK/gccgo-paths-a.exe $WORK/gccgo-paths-b.exe
+stdout 'binary contains GOPATH: false'
+stdout 'binary contains GOROOT: false'
+
+# Two binaries built from identical packages in different directories
+# should be identical.
+# TODO(golang.org/issue/35435): at the moment, they are not.
+#cd ../b
+#go build -compiler=gccgo -trimpath -o $WORK/gccgo-paths-b.exe .
+#cmp -q $WORK/gccgo-paths-a.exe $WORK/gccgo-paths-b.exe
+
+-- $GOPATH/src/a/paths.go --
 package main
-func main() { println("hello") }
 
--- go.mod --
-module m
+import (
+	"bytes"
+	"fmt"
+	"io/ioutil"
+	"log"
+	"os"
+	"path/filepath"
+)
+
+func main() {
+	exe := os.Args[1]
+	data, err := ioutil.ReadFile(exe)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	gopath := []byte(filepath.ToSlash(os.Getenv("GOPATH")))
+	if len(gopath) == 0 {
+		log.Fatal("GOPATH not set")
+	}
+	fmt.Printf("binary contains GOPATH: %v\n", bytes.Contains(data, gopath))
+
+	goroot := []byte(filepath.ToSlash(os.Getenv("GOROOT")))
+	if len(goroot) == 0 {
+		log.Fatal("GOROOT not set")
+	}
+	fmt.Printf("binary contains GOROOT: %v\n", bytes.Contains(data, goroot))
+}
+-- $GOPATH/src/a/go.mod --
+module example.com/a

src/cmd/go/testdata/script/cover_mod_empty.txt

@@ -0,0 +1,9 @@
+go tool cover -func=cover.out
+stdout total.*statements.*0.0%
+
+go mod init golang.org/issue/33855
+
+go tool cover -func=cover.out
+stdout total.*statements.*0.0%
+
+-- cover.out --

src/cmd/go/testdata/script/cover_pkgall_multiple_mains.txt

@@ -1,29 +1,32 @@
 # This test checks that multiple main packages can be tested
 # with -coverpkg=all without duplicate symbol errors.
-# Verifies golang.org/issue/30374.
-
-env GO111MODULE=on
+# Verifies golang.org/issue/30374, golang.org/issue/34114.
 
 [short] skip
+cd $GOPATH/src/example.com/cov
 
+env GO111MODULE=on
 go test -coverpkg=all ./...
 
--- go.mod --
+env GO111MODULE=off
+go test -coverpkg=all ./...
+
+-- $GOPATH/src/example.com/cov/go.mod --
 module example.com/cov
 
--- mainonly/mainonly.go --
+-- $GOPATH/src/example.com/cov/mainonly/mainonly.go --
 package main
 
 func main() {}
 
--- mainwithtest/mainwithtest.go --
+-- $GOPATH/src/example.com/cov/mainwithtest/mainwithtest.go --
 package main
 
 func main() {}
 
 func Foo() {}
 
--- mainwithtest/mainwithtest_test.go --
+-- $GOPATH/src/example.com/cov/mainwithtest/mainwithtest_test.go --
 package main
 
 import "testing"
@@ -32,10 +35,10 @@ func TestFoo(t *testing.T) {
   Foo()
 }
 
--- xtest/x.go --
+-- $GOPATH/src/example.com/cov/xtest/x.go --
 package x
 
--- xtest/x_test.go --
+-- $GOPATH/src/example.com/cov/xtest/x_test.go --
 package x_test
 
 import "testing"

src/cmd/go/testdata/script/get_insecure_redirect.txt

@@ -1,11 +1,10 @@
 # golang.org/issue/29591: 'go get' was following plain-HTTP redirects even without -insecure.
+# golang.org/issue/34049: 'go get' would panic in case of an insecure redirect in GOPATH mode
 
 [!net] skip
 [!exec:git] skip
 
-env GO111MODULE=on
-env GOPROXY=direct
-env GOSUMDB=off
+env GO111MODULE=off
 
 ! go get -d vcs-test.golang.org/insecure/go/insecure
 stderr 'redirected .* to insecure URL'

src/cmd/go/testdata/script/list_ambiguous_path.txt

@@ -0,0 +1,37 @@
+# Ensures that we can correctly list package patterns ending in '.go'.
+# See golang.org/issue/34653.
+
+# A single pattern for a package ending in '.go'.
+go list ./foo.go
+stdout '^test/foo.go$'
+
+# Multiple patterns for packages including one ending in '.go'.
+go list ./bar ./foo.go
+stdout '^test/bar$'
+stdout '^test/foo.go$'
+
+# A single pattern for a Go file.
+go list ./a.go
+stdout '^command-line-arguments$'
+
+# A single typo-ed pattern for a Go file. This should
+# treat the wrong pattern as if it were a package.
+! go list ./foo.go/b.go
+stderr 'package ./foo.go/b.go: cannot find package "."'
+
+# Multiple patterns for Go files with a typo. This should
+# treat the wrong pattern as if it were a non-existint file.
+! go list ./foo.go/a.go ./foo.go/b.go
+[windows] stderr './foo.go/b.go: The system cannot find the file specified'
+[!windows] stderr './foo.go/b.go: no such file or directory'
+
+-- a.go --
+package main
+-- bar/a.go --
+package bar
+-- foo.go/a.go --
+package foo.go
+-- go.mod --
+module "test"
+
+go 1.13

src/cmd/go/testdata/script/list_split_main.txt

@@ -0,0 +1,25 @@
+# This test checks that a "main" package with an external test package
+# is recompiled only once.
+# Verifies golang.org/issue/34321.
+
+env GO111MODULE=off
+
+go list -e -test -deps -f '{{if not .Standard}}{{.ImportPath}}{{end}}' pkg
+cmp stdout want
+
+-- $GOPATH/src/pkg/pkg.go --
+package main
+
+func main() {}
+
+-- $GOPATH/src/pkg/pkg_test.go --
+package main
+
+import "testing"
+
+func Test(t *testing.T) {}
+
+-- want --
+pkg
+pkg [pkg.test]
+pkg.test

src/cmd/go/testdata/script/mod_download.txt

@@ -17,7 +17,6 @@ stderr 'this.domain.is.invalid'
 stdout '"Error": ".*this.domain.is.invalid.*"'
 
 # download -json with version should print JSON
-# and download the .info file for the 'latest' version.
 go mod download -json 'rsc.io/quote@<=v1.5.0'
 stdout '^\t"Path": "rsc.io/quote"'
 stdout '^\t"Version": "v1.5.0"'
@@ -28,14 +27,13 @@ stdout '^\t"Sum": "h1:6fJa6E\+wGadANKkUMlZ0DhXFpoKlslOQDCo259XtdIE="'  # hash of
 stdout '^\t"GoModSum": "h1:LzX7hefJvL54yjefDEDHNONDjII0t9xZLPXsUe\+TKr0="'
 ! stdout '"Error"'
 
-exists $GOPATH/pkg/mod/cache/download/rsc.io/quote/@v/v1.5.2.info
-
 # download queries above should not have added to go.mod.
 go list -m all
 ! stdout rsc.io
 
 # add to go.mod so we can test non-query downloads
 go mod edit -require rsc.io/quote@v1.5.2
+! exists $GOPATH/pkg/mod/cache/download/rsc.io/quote/@v/v1.5.2.info
 ! exists $GOPATH/pkg/mod/cache/download/rsc.io/quote/@v/v1.5.2.mod
 ! exists $GOPATH/pkg/mod/cache/download/rsc.io/quote/@v/v1.5.2.zip
 

src/cmd/go/testdata/script/mod_download_latest.txt

@@ -1,20 +0,0 @@
-env GO111MODULE=on
-
-# If the module is the latest version of itself,
-# the Latest field should be set.
-go mod download -json rsc.io/quote@v1.5.2
-stdout '"Latest":\s*true'
-
-# If the module is older than latest, the field should be unset.
-go mod download -json rsc.io/quote@v1.5.1
-! stdout '"Latest":'
-
-# If the module is newer than "latest", the field should be unset...
-go mod download -json rsc.io/quote@v1.5.3-pre1
-! stdout '"Latest":'
-
-# ...even if that version is also what is required by the main module.
-go mod init example.com
-go mod edit -require rsc.io/quote@v1.5.3-pre1
-go mod download -json rsc.io/quote@v1.5.3-pre1
-! stdout '"Latest":'

src/cmd/go/testdata/script/mod_download_partial.txt

@@ -0,0 +1,56 @@
+# Download a module
+go mod download rsc.io/quote
+exists $GOPATH/pkg/mod/rsc.io/quote@v1.5.2/go.mod
+
+# 'go mod verify' should fail if we delete a file.
+go mod verify
+chmod 0755 $GOPATH/pkg/mod/rsc.io/quote@v1.5.2
+rm $GOPATH/pkg/mod/rsc.io/quote@v1.5.2/go.mod
+! go mod verify
+
+# Create a .partial file to simulate an failure extracting the zip file.
+cp empty $GOPATH/pkg/mod/cache/download/rsc.io/quote/@v/v1.5.2.partial
+
+# 'go mod verify' should not fail, since the module hasn't been completely
+# ingested into the cache.
+go mod verify
+
+# 'go list' should not load packages from the directory.
+# NOTE: the message "directory $dir outside available modules" is reported
+# for directories not in the main module, active modules in the module cache,
+# or local replacements. In this case, the directory is in the right place,
+# but it's incomplete, so 'go list' acts as if it's not an active module.
+! go list $GOPATH/pkg/mod/rsc.io/quote@v1.5.2
+stderr 'outside available modules'
+
+# 'go list -m' should not print the directory.
+go list -m -f '{{.Dir}}' rsc.io/quote
+! stdout .
+
+# 'go mod download' should re-extract the module and remove the .partial file.
+go mod download rsc.io/quote
+! exists $GOPATH/pkg/mod/cache/download/rsc.io/quote/@v/v1.5.2.partial
+exists $GOPATH/pkg/mod/rsc.io/quote@v1.5.2/go.mod
+
+# 'go list' should succeed.
+go list $GOPATH/pkg/mod/rsc.io/quote@v1.5.2
+stdout '^rsc.io/quote$'
+
+# 'go list -m' should print the directory.
+go list -m -f '{{.Dir}}' rsc.io/quote
+stdout 'pkg[/\\]mod[/\\]rsc.io[/\\]quote@v1.5.2'
+
+# go mod verify should fail if we delete a file.
+go mod verify
+chmod 0755 $GOPATH/pkg/mod/rsc.io/quote@v1.5.2
+rm $GOPATH/pkg/mod/rsc.io/quote@v1.5.2/go.mod
+! go mod verify
+
+-- go.mod --
+module m
+
+go 1.14
+
+require rsc.io/quote v1.5.2
+
+-- empty --

src/cmd/go/testdata/script/mod_edit_go.txt

@@ -7,6 +7,13 @@ go mod edit -go=1.9
 grep 'go 1.9' go.mod
 go build
 
+# Reverting the version should force a rebuild and error instead of using
+# the cached 1.9 build. (https://golang.org/issue/37804)
+go mod edit -go=1.8
+! go build
+stderr 'type aliases only supported as of'
+
+
 -- go.mod --
 module m
 go 1.8

src/cmd/go/testdata/script/mod_get_direct.txt

@@ -0,0 +1,20 @@
+# Regression test for golang.org/issue/34092: with an empty module cache,
+# 'GOPROXY=direct go get golang.org/x/tools/gopls@master' did not correctly
+# resolve the pseudo-version for its dependency on golang.org/x/tools.
+
+[short] skip
+[!net] skip
+[!exec:git] skip
+
+env GO111MODULE=on
+env GOPROXY=direct
+env GOSUMDB=off
+
+go list -m cloud.google.com/go@master
+! stdout 'v0.0.0-'
+
+-- go.mod --
+module example.com
+
+go 1.14
+-- go.sum --

src/cmd/go/testdata/script/mod_get_insecure_redirect.txt

@@ -0,0 +1,13 @@
+# golang.org/issue/29591: 'go get' was following plain-HTTP redirects even without -insecure.
+
+[!net] skip
+[!exec:git] skip
+
+env GO111MODULE=on
+env GOPROXY=direct
+env GOSUMDB=off
+
+! go get -d vcs-test.golang.org/insecure/go/insecure
+stderr 'redirected .* to insecure URL'
+
+go get -d -insecure vcs-test.golang.org/insecure/go/insecure

src/cmd/go/testdata/script/mod_get_major.txt

@@ -0,0 +1,23 @@
+[!net] skip
+[!exec:git] skip
+
+env GO111MODULE=on
+env GOPROXY=direct
+env GOSUMDB=off
+
+# golang.org/issue/34383: if a module path ends in a major-version suffix,
+# ensure that 'direct' mode can resolve the package to a module.
+
+go get -d vcs-test.golang.org/git/v3pkg.git/v3@v3.0.0
+
+go list -m vcs-test.golang.org/git/v3pkg.git/v3
+stdout '^vcs-test.golang.org/git/v3pkg.git/v3 v3.0.0$'
+
+go get -d vcs-test.golang.org/git/empty-v2-without-v1.git/v2@v2.0.0
+
+go list -m vcs-test.golang.org/git/empty-v2-without-v1.git/v2
+stdout '^vcs-test.golang.org/git/empty-v2-without-v1.git/v2 v2.0.0$'
+
+-- go.mod --
+module example.com
+go 1.13

src/cmd/go/testdata/script/mod_get_patterns.txt

@@ -10,11 +10,11 @@ grep 'require rsc.io/quote' go.mod
 
 cp go.mod.orig go.mod
 ! go get -d rsc.io/quote/x...
-stderr 'go get rsc.io/quote/x...: module rsc.io/quote@upgrade \(v1.5.2\) found, but does not contain packages matching rsc.io/quote/x...'
+stderr 'go get rsc.io/quote/x...: module rsc.io/quote@upgrade found \(v1.5.2\), but does not contain packages matching rsc.io/quote/x...'
 ! grep 'require rsc.io/quote' go.mod
 
 ! go get -d rsc.io/quote/x/...
-stderr 'go get rsc.io/quote/x/...: module rsc.io/quote@upgrade \(v1.5.2\) found, but does not contain packages matching rsc.io/quote/x/...'
+stderr 'go get rsc.io/quote/x/...: module rsc.io/quote@upgrade found \(v1.5.2\), but does not contain packages matching rsc.io/quote/x/...'
 ! grep 'require rsc.io/quote' go.mod
 
 # If a pattern matches no packages within a module, the module should not

src/cmd/go/testdata/script/mod_get_test.txt

@@ -33,7 +33,7 @@ grep 'rsc.io/quote v1.5.1$' go.mod
 
 # 'go get all' should consider test dependencies with or without -t.
 cp go.mod.empty go.mod
-go get all
+go get -d all
 grep 'rsc.io/quote v1.5.2$' go.mod
 
 -- go.mod.empty --

src/cmd/go/testdata/script/mod_get_trailing_slash.txt

@@ -0,0 +1,30 @@
+# go list should succeed to load a package ending with ".go" if the path does
+# not correspond to an existing local file. Listing a pattern ending with
+# ".go/" should try to list a package regardless of whether a file exists at the
+# path without the suffixed "/" or not.
+go list example.com/dotgo.go
+stdout ^example.com/dotgo.go$
+go list example.com/dotgo.go/
+stdout ^example.com/dotgo.go$
+
+# go get -d should succeed in either case, with or without a version.
+# Arguments are interpreted as packages or package patterns with versions,
+# not source files.
+go get -d example.com/dotgo.go
+go get -d example.com/dotgo.go/
+go get -d example.com/dotgo.go@v1.0.0
+go get -d example.com/dotgo.go/@v1.0.0
+
+# go get (without -d) should also succeed in either case.
+[short] skip
+go get example.com/dotgo.go
+go get example.com/dotgo.go/
+go get example.com/dotgo.go@v1.0.0
+go get example.com/dotgo.go/@v1.0.0
+
+-- go.mod --
+module m
+
+go 1.13
+
+require example.com/dotgo.go v1.0.0

src/cmd/go/testdata/script/mod_issue35317.txt

@@ -0,0 +1,8 @@
+# Regression test for golang.org/issue/35317:
+# 'go get' with multiple module-only arguments was racy.
+
+env GO111MODULE=on
+[short] skip
+
+go mod init example.com
+go get golang.org/x/text@v0.3.0 golang.org/x/internal@v0.1.0 golang.org/x/exp@none

src/cmd/go/testdata/script/mod_list_dir.txt

@@ -1,4 +1,5 @@
 [short] skip
+[windows] skip # known Windows test failure on release-branch.go1.13; fix is in CL 206144 but requires non-test code changes unlikely to be appropriate for backporting this late
 
 # go list with path to directory should work
 

src/cmd/go/testdata/script/mod_list_upgrade.txt

@@ -1,28 +1,8 @@
 env GO111MODULE=on
 
-# If the current version is not latest, 'go list -u' should include its upgrade.
 go list -m -u all
 stdout 'rsc.io/quote v1.2.0 \[v1\.5\.2\]'
 
-# If the current version is latest, 'go list -u' should omit the upgrade.
-go get -d rsc.io/quote@v1.5.2
-go list -m -u all
-stdout 'rsc.io/quote v1.5.2$'
-
-# If the current version is newer than latest, 'go list -u' should
-# omit the upgrade.
-go get -d rsc.io/quote@v1.5.3-pre1
-go list -m -u all
-stdout 'rsc.io/quote v1.5.3-pre1$'
-
-# If the current build list has a higher version and the user asks about
-# a lower one, -u should report the upgrade for the lower one
-# but leave the build list unchanged.
-go list -m -u rsc.io/quote@v1.5.1
-stdout 'rsc.io/quote v1.5.1 \[v1.5.2\]$'
-go list -m -u rsc.io/quote
-stdout 'rsc.io/quote v1.5.3-pre1$'
-
 -- go.mod --
 module x
 require rsc.io/quote v1.2.0

src/cmd/go/testdata/script/mod_load_badchain.txt

@@ -58,28 +58,28 @@ func Test(t *testing.T) {}
 -- update-main-expected --
 go get: example.com/badchain/c@v1.0.0 updating to
 	example.com/badchain/c@v1.1.0: parsing go.mod:
-	module declares its path as: example.com/badchain/c
-	        but was required as: example.com/badchain/wrong
+	module declares its path as: badchain.example.com/c
+	        but was required as: example.com/badchain/c
 -- update-a-expected --
 go get: example.com/badchain/a@v1.1.0 requires
 	example.com/badchain/b@v1.1.0 requires
 	example.com/badchain/c@v1.1.0: parsing go.mod:
-	module declares its path as: example.com/badchain/c
-	        but was required as: example.com/badchain/wrong
+	module declares its path as: badchain.example.com/c
+	        but was required as: example.com/badchain/c
 -- list-expected --
 go: example.com/badchain/a@v1.1.0 requires
 	example.com/badchain/b@v1.1.0 requires
 	example.com/badchain/c@v1.1.0: parsing go.mod:
-	module declares its path as: example.com/badchain/c
-	        but was required as: example.com/badchain/wrong
+	module declares its path as: badchain.example.com/c
+	        but was required as: example.com/badchain/c
 -- list-missing-expected --
 go: m/use imports
 	example.com/badchain/c: example.com/badchain/c@v1.1.0: parsing go.mod:
-	module declares its path as: example.com/badchain/c
-	        but was required as: example.com/badchain/wrong
+	module declares its path as: badchain.example.com/c
+	        but was required as: example.com/badchain/c
 -- list-missing-test-expected --
 go: m/testuse tested by
 	m/testuse.test imports
 	example.com/badchain/c: example.com/badchain/c@v1.1.0: parsing go.mod:
-	module declares its path as: example.com/badchain/c
-	        but was required as: example.com/badchain/wrong
+	module declares its path as: badchain.example.com/c
+	        but was required as: example.com/badchain/c

src/cmd/go/testdata/script/mod_replace.txt

@@ -38,6 +38,13 @@ grep 'not-rsc.io/quote/v3 v3.1.0' go.mod
 exec ./a5.exe
 stdout 'Concurrency is not parallelism.'
 
+# Error messages for modules not found in replacements should
+# indicate the replacement module.
+cp go.mod.orig go.mod
+go mod edit -replace=rsc.io/quote/v3=./local/rsc.io/quote/v3
+! go get -d rsc.io/quote/v3/missing-package
+stderr 'module rsc.io/quote/v3@upgrade found \(v3.0.0, replaced by ./local/rsc.io/quote/v3\), but does not contain package'
+
 -- go.mod --
 module quoter
 

src/cmd/go/testdata/script/test_timeout.txt

@@ -2,12 +2,13 @@
 env GO111MODULE=off
 cd a
 
-# No timeout is passed via 'go test' command.
-go test -v
+# If no timeout is set explicitly, 'go test' should set
+# -test.timeout to its internal deadline.
+go test -v . --
 stdout '10m0s'
 
-# Timeout is passed via 'go test' command.
-go test -v -timeout 30m
+# An explicit -timeout argument should be propagated to -test.timeout.
+go test -v -timeout 30m . --
 stdout '30m0s'
 
 -- a/timeout_test.go --
@@ -19,4 +20,4 @@ import (
 )
 func TestTimeout(t *testing.T) {
 	fmt.Println(flag.Lookup("test.timeout").Value.String())
-}
+}

src/cmd/go/testdata/script/version.txt

@@ -1,6 +1,7 @@
 env GO111MODULE=on
 [short] skip
 
+# Check that 'go version' and 'go version -m' work on a binary built in module mode.
 go build -o fortune.exe rsc.io/fortune
 go version fortune.exe
 stdout '^fortune.exe: .+'
@@ -8,6 +9,10 @@ go version -m fortune.exe
 stdout '^\tpath\trsc.io/fortune'
 stdout '^\tmod\trsc.io/fortune\tv1.0.0'
 
+# Repeat the test with -buildmode=pie.
+# TODO(golang.org/issue/27144): don't skip after -buildmode=pie is implemented
+# on Windows.
+[windows] skip # -buildmode=pie not supported
 go build -buildmode=pie -o external.exe rsc.io/fortune
 go version external.exe
 stdout '^external.exe: .+'

src/cmd/internal/buildid/buildid_test.go

@@ -7,6 +7,7 @@ package buildid
 import (
 	"bytes"
 	"crypto/sha256"
+	"internal/obscuretestdata"
 	"io/ioutil"
 	"os"
 	"reflect"
@@ -19,13 +20,6 @@ const (
 )
 
 func TestReadFile(t *testing.T) {
-	var files = []string{
-		"p.a",
-		"a.elf",
-		"a.macho",
-		"a.pe",
-	}
-
 	f, err := ioutil.TempFile("", "buildid-test-")
 	if err != nil {
 		t.Fatal(err)
@@ -34,26 +28,43 @@ func TestReadFile(t *testing.T) {
 	defer os.Remove(tmp)
 	f.Close()
 
-	for _, f := range files {
-		id, err := ReadFile("testdata/" + f)
+	// Use obscured files to prevent Apple’s notarization service from
+	// mistaking them as candidates for notarization and rejecting the entire
+	// toolchain.
+	// See golang.org/issue/34986
+	var files = []string{
+		"p.a.base64",
+		"a.elf.base64",
+		"a.macho.base64",
+		"a.pe.base64",
+	}
+
+	for _, name := range files {
+		f, err := obscuretestdata.DecodeToTempFile("testdata/" + name)
+		if err != nil {
+			t.Errorf("obscuretestdata.DecodeToTempFile(testdata/%s): %v", name, err)
+			continue
+		}
+		defer os.Remove(f)
+		id, err := ReadFile(f)
 		if id != expectedID || err != nil {
 			t.Errorf("ReadFile(testdata/%s) = %q, %v, want %q, nil", f, id, err, expectedID)
 		}
 		old := readSize
 		readSize = 2048
-		id, err = ReadFile("testdata/" + f)
+		id, err = ReadFile(f)
 		readSize = old
 		if id != expectedID || err != nil {
-			t.Errorf("ReadFile(testdata/%s) [readSize=2k] = %q, %v, want %q, nil", f, id, err, expectedID)
+			t.Errorf("ReadFile(%s) [readSize=2k] = %q, %v, want %q, nil", f, id, err, expectedID)
 		}
 
-		data, err := ioutil.ReadFile("testdata/" + f)
+		data, err := ioutil.ReadFile(f)
 		if err != nil {
 			t.Fatal(err)
 		}
 		m, _, err := FindAndHash(bytes.NewReader(data), expectedID, 1024)
 		if err != nil {
-			t.Errorf("FindAndHash(testdata/%s): %v", f, err)
+			t.Errorf("FindAndHash(%s): %v", f, err)
 			continue
 		}
 		if err := ioutil.WriteFile(tmp, data, 0666); err != nil {
@@ -68,7 +79,7 @@ func TestReadFile(t *testing.T) {
 		err = Rewrite(tf, m, newID)
 		err2 := tf.Close()
 		if err != nil {
-			t.Errorf("Rewrite(testdata/%s): %v", f, err)
+			t.Errorf("Rewrite(%s): %v", f, err)
 			continue
 		}
 		if err2 != nil {
@@ -77,7 +88,7 @@ func TestReadFile(t *testing.T) {
 
 		id, err = ReadFile(tmp)
 		if id != newID || err != nil {
-			t.Errorf("ReadFile(testdata/%s after Rewrite) = %q, %v, want %q, nil", f, id, err, newID)
+			t.Errorf("ReadFile(%s after Rewrite) = %q, %v, want %q, nil", f, id, err, newID)
 		}
 	}
 }