[release-branch.go1.13] go1.13

Change-Id: Iad80da6df9a6f9a39458e1060bed3557a5ed89a4
Reviewed-on: https://go-review.googlesource.com/c/go/+/193037
Run-TryBot: Andrew Bonventre <andybons@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Bryan C. Mills <bcmills@google.com>
Reviewed-by: Alexander Rakoczy <alex@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Reviewed-by: Andrew Bonventre <andybons@golang.org>

CONTRIBUTORS

@@ -76,6 +76,7 @@ Alan Donovan <adonovan@google.com>
 Alan Shreve <alan@inconshreveable.com>
 Albert Nigmatzianov <albertnigma@gmail.com>
 Albert Strasheim <fullung@gmail.com>
+Albert Teoh <albert.teoh@gmail.com>
 Albert Yu <yukinying@gmail.com>
 Alberto Bertogli <albertito@blitiri.com.ar>
 Alberto Donizetti <alb.donizetti@gmail.com>
@@ -140,6 +141,7 @@ Ali Rizvi-Santiago <arizvisa@gmail.com>
 Aliaksandr Valialkin <valyala@gmail.com>
 Alif Rachmawadi <subosito@gmail.com>
 Allan Simon <allan.simon@supinfo.com>
+Allen Li <ayatane@google.com>
 Alok Menghrajani <alok.menghrajani@gmail.com>
 Aman Gupta <aman@tmm1.net>
 Amir Mohammad Saied <amir@gluegadget.com>
@@ -147,6 +149,7 @@ Amr Mohammed <merodiro@gmail.com>
 Amrut Joshi <amrut.joshi@gmail.com>
 Anand K. Mistry <anand@mistry.ninja>
 Anders Pearson <anders@columbia.edu>
+Anderson Queiroz <contato@andersonq.eti.br>
 André Carvalho <asantostc@gmail.com>
 Andre Nathan <andrenth@gmail.com>
 Andrea Nodari <andrea.nodari91@gmail.com>
@@ -182,6 +185,7 @@ Andrew Radev <andrey.radev@gmail.com>
 Andrew Skiba <skibaa@gmail.com>
 Andrew Stribblehill <ads@wompom.org>
 Andrew Szeto <andrew@jabagawee.com>
+Andrew Todd <andrew.todd@wework.com>
 Andrew Werner <andrew@upthere.com> <awerner32@gmail.com>
 Andrew Wilkins <axwalk@gmail.com>
 Andrew Williams <williams.andrew@gmail.com>
@@ -235,6 +239,7 @@ Arnaud Ysmal <arnaud.ysmal@gmail.com>
 Arne Hormann <arnehormann@gmail.com>
 Arnout Engelen <arnout@bzzt.net>
 Aron Nopanen <aron.nopanen@gmail.com>
+Artem Kolin <artemkaxboy@gmail.com>
 Arthur Fabre <arthur@arthurfabre.com>
 Arthur Khashaev <arthur@khashaev.ru>
 Artyom Pervukhin <artyom.pervukhin@gmail.com>
@@ -284,6 +289,7 @@ Benny Siegert <bsiegert@gmail.com>
 Benoit Sigoure <tsunanet@gmail.com>
 Berengar Lehr <Berengar.Lehr@gmx.de>
 Berkant Ipek <41230766+0xbkt@users.noreply.github.com>
+Bharath Thiruveedula <tbharath91@gmail.com>
 Bill Neubauer <wcn@golang.org> <wcn@google.com> <bill.neubauer@gmail.com>
 Bill O'Farrell <billo@ca.ibm.com>
 Bill Prin <waprin@google.com>
@@ -401,6 +407,7 @@ Chris Zou <chriszou@ca.ibm.com>
 Christian Alexander <christian@linux.com>
 Christian Couder <chriscool@tuxfamily.org>
 Christian Himpel <chressie@googlemail.com> <chressie@gmail.com>
+Christian Muehlhaeuser <muesli@gmail.com>
 Christian Pellegrin <chri@evolware.org>
 Christian R. Petrin <christianpetrin@gmail.com>
 Christine Hansmann <chhansmann@gmail.com>
@@ -481,6 +488,7 @@ Daria Kolistratova <daria.kolistratova@intel.com>
 Darien Raymond <admin@v2ray.com>
 Darren Elwood <darren@textnode.com>
 Darren Grant <darren.e.grant@gmail.com>
+Darren McCleary <darren.rmc@gmail.com>
 Darshan Parajuli <parajulidarshan@gmail.com>
 Datong Sun <dndx@idndx.com>
 Dave Borowitz <dborowitz@google.com>
@@ -501,6 +509,7 @@ David Chase <drchase@google.com>
 David Covert <davidhcovert@gmail.com>
 David Crawshaw <david.crawshaw@zentus.com> <crawshaw@google.com> <crawshaw@golang.org>
 David du Colombier <0intro@gmail.com>
+David Finkel <david.finkel@gmail.com>
 David Forsythe <dforsythe@gmail.com>
 David G. Andersen <dave.andersen@gmail.com>
 David Glasser <glasser@meteor.com>
@@ -594,6 +603,7 @@ Dustin Shields-Cloues <dcloues@gmail.com>
 Dvir Volk <dvir@everything.me> <dvirsky@gmail.com>
 Dylan Waits <dylan@waits.io>
 Edan Bedrik <3d4nb3@gmail.com>
+Eddie Scholtz <escholtz@google.com>
 Eden Li <eden.li@gmail.com>
 Eduard Urbach <e.urbach@gmail.com>
 Eduardo Ramalho <eduardo.ramalho@gmail.com>
@@ -763,9 +773,12 @@ GitHub User @pityonline (438222) <pityonline@gmail.com>
 GitHub User @pytimer (17105586) <lixin20101023@gmail.com>
 GitHub User @saitarunreddy (21041941) <saitarunreddypalla@gmail.com>
 GitHub User @shogo-ma (9860598) <Choroma194@gmail.com>
+GitHub User @tatsumack (4510569) <tatsu.mack@gmail.com>
 GitHub User @tell-k (26263) <ffk2005@gmail.com>
 GitHub User @uhei (2116845) <uhei@users.noreply.github.com>
 GitHub User @uropek (39370426) <uropek@gmail.com>
+GitHub User @utkarsh-extc (53217283) <53217283+utkarsh-extc@users.noreply.github.com>
+GitHub User @yuanhh (1298735) <yuan415030@gmail.com>
 GitHub User @ZZMarquis (7624583) <zhonglingjian3821@163.com>
 Giulio Iotti <dullgiulio@gmail.com>
 Giulio Micheloni <giulio.micheloni@gmail.com>
@@ -861,6 +874,7 @@ Igor Bernstein <igorbernstein@google.com>
 Igor Dolzhikov <bluesriverz@gmail.com>
 Igor Vashyst <ivashyst@gmail.com>
 Igor Zhilianin <igor.zhilianin@gmail.com>
+Illya Yalovyy <yalovoy@gmail.com>
 Ilya Tocar <ilya.tocar@intel.com>
 INADA Naoki <songofacandy@gmail.com>
 Inanc Gumus <m@inanc.io>
@@ -905,6 +919,7 @@ James Clarke <jrtc27@jrtc27.com>
 James Cowgill <James.Cowgill@imgtec.com>
 James Craig Burley <james-github@burleyarch.com>
 James David Chalfant <james.chalfant@gmail.com>
+James Eady <jmeady@google.com>
 James Fysh <james.fysh@gmail.com>
 James Gray <james@james4k.com>
 James Hartig <fastest963@gmail.com>
@@ -937,6 +952,7 @@ Jan Lehnardt <jan@apache.org>
 Jan Mercl <0xjnml@gmail.com> <befelemepeseveze@gmail.com>
 Jan Newmarch <jan.newmarch@gmail.com>
 Jan Pilzer <jan.pilzer@gmx.de>
+Jan Steinke <jan.steinke@gmail.com>
 Jan Ziak <0xe2.0x9a.0x9b@gmail.com>
 Jani Monoses <jani.monoses@ubuntu.com> <jani.monoses@gmail.com>
 Jannis Andrija Schnitzer <jannis@schnitzer.im>
@@ -954,6 +970,7 @@ Jason Smale <jsmale@zendesk.com>
 Jason Travis <infomaniac7@gmail.com>
 Jason Wangsadinata <jwangsadinata@gmail.com>
 Javier Kohen <jkohen@google.com>
+Javier Revillas <jrevillas@massivedynamic.io>
 Javier Segura <javism@gmail.com>
 Jay Conrod <jayconrod@google.com>
 Jay Taylor <outtatime@gmail.com>
@@ -1071,6 +1088,8 @@ Jordan Krage <jmank88@gmail.com>
 Jordan Lewis <jordanthelewis@gmail.com>
 Jordan Liggitt <liggitt@google.com>
 Jordan Rhee <jordanrh@microsoft.com>
+Jordi Martin <jordimartin@gmail.com>
+Jorge Araya <jorgejavieran@yahoo.com.mx>
 Jos Visser <josv@google.com>
 Jose Luis Vázquez González <josvazg@gmail.com>
 Joseph Bonneau <jcb@google.com>
@@ -1114,6 +1133,7 @@ Justin Gracenin <jgracenin@gmail.com>
 Justin Li <git@justinli.net>
 Justin Nuß <nuss.justin@gmail.com>
 Justyn Temme <justyntemme@gmail.com>
+Kelly Heller <pestophagous@gmail.com>
 Kai Backman <kaib@golang.org>
 Kai Dong <dokia2357@gmail.com>
 Kai Trukenmüller <ktye78@gmail.com>
@@ -1159,6 +1179,7 @@ Kenta Mori <zoncoen@gmail.com>
 Ketan Parmar <ketanbparmar@gmail.com>
 Kevin Ballard <kevin@sb.org>
 Kevin Burke <kev@inburke.com>
+Kevin Gillette <extemporalgenome@gmail.com>
 Kevin Kirsche <kev.kirsche@gmail.com>
 Kevin Klues <klueska@gmail.com> <klueska@google.com>
 Kevin Malachowski <chowski@google.com>
@@ -1284,6 +1305,7 @@ Marius A. Eriksen <marius@grailbio.com>
 Marius Nuennerich <mnu@google.com>
 Mark Adams <mark@markadams.me>
 Mark Bucciarelli <mkbucc@gmail.com>
+Mark Glines <mark@glines.org>
 Mark Harrison <marhar@google.com>
 Mark Percival <m@mdp.im>
 Mark Pulford <mark@kyne.com.au>
@@ -1480,6 +1502,7 @@ Muir Manders <muir@mnd.rs>
 Mura Li <mura_li@castech.com.tw>
 Mykhailo Lesyk <mikhail@lesyk.org>
 Nan Deng <monnand@gmail.com>
+Nao Yonashiro <owan.orisano@gmail.com>
 Naoki Kanatani <k12naoki@gmail.com>
 Nate Wilkinson <nathanwilk7@gmail.com>
 Nathan Cantelmo <n.cantelmo@gmail.com>
@@ -1566,6 +1589,7 @@ Paolo Giarrusso <p.giarrusso@gmail.com>
 Paolo Martini <mrtnpaolo@gmail.com>
 Parker Moore <parkrmoore@gmail.com>
 Parminder Singh <parmsingh101@gmail.com>
+Pascal Dierich <pascal@pascaldierich.com>
 Pascal S. de Kloe <pascal@quies.net>
 Pat Moroney <pat@pat.email>
 Patrick Barker <barkerp@vmware.com>
@@ -1658,6 +1682,7 @@ Prasanna Swaminathan <prasanna@mediamath.com>
 Prashant Varanasi <prashant@prashantv.com>
 Pravendra Singh <hackpravj@gmail.com>
 Preetam Jinka <pj@preet.am>
+Pure White <wu.purewhite@gmail.com>
 Qais Patankar <qaisjp@gmail.com>
 Qiuxuan Zhu <ilsh1022@gmail.com>
 Quan Tran <qeed.quan@gmail.com>
@@ -1774,6 +1799,7 @@ Sad Pencil <qh06@qq.com>
 Sai Cheemalapati <saicheems@google.com>
 Sakeven Jiang <jc5930@sina.cn>
 Salmān Aljammāz <s@0x65.net>
+Sam Arnold <sarnold64@bloomberg.net>
 Sam Boyer <tech@samboyer.org>
 Sam Ding <samding@ca.ibm.com>
 Sam Hug <samuel.b.hug@gmail.com>
@@ -1785,6 +1811,7 @@ Sami Pönkänen <sami.ponkanen@gmail.com>
 Samuel Kelemen <SCKelemen@users.noreply.github.com>
 Samuel Tan <samueltan@google.com>
 Samuele Pedroni <pedronis@lucediurna.net>
+Sander van Harmelen <sander@vanharmelen.nl>
 Sanjay Menakuru <balasanjay@gmail.com>
 Santhosh Kumar Tekuri <santhosh.tekuri@gmail.com>
 Sarah Adams <shadams@google.com>
@@ -1814,6 +1841,7 @@ Sebastien Williams-Wynn <sebastien@cytora.com>
 Segev Finer <segev208@gmail.com>
 Seiji Takahashi <timaki.st@gmail.com>
 Sergei Skorobogatov <skorobo@rambler.ru>
+Sergei Zagurskii <gvozdoder@gmail.com>
 Sergey 'SnakE' Gromov <snake.scaly@gmail.com>
 Sergey Arseev <sergey.arseev@intel.com>
 Sergey Dobrodey <sergey.dobrodey@synesis.ru>
@@ -1845,6 +1873,7 @@ Shijie Hao <haormj@gmail.com>
 Shinji Tanaka <shinji.tanaka@gmail.com>
 Shintaro Kaneko <kaneshin0120@gmail.com>
 Shivakumar GN <shivakumar.gn@gmail.com>
+Shivani Singhal <shivani.singhal2804@gmail.com>
 Shivansh Rai <shivansh@freebsd.org>
 Shubham Sharma <shubham.sha12@gmail.com>
 Shun Fan <sfan@google.com>
@@ -1865,6 +1894,7 @@ StalkR <stalkr@stalkr.net>
 Stan Schwertly <stan@schwertly.com>
 Stanislav Afanasev <php.progger@gmail.com>
 Steeve Morin <steeve.morin@gmail.com>
+Stefan Baebler <sbaebler@outbrain.com>
 Stefan Nilsson <snilsson@nada.kth.se> <trolleriprofessorn@gmail.com>
 Stepan Shabalin <neverliberty@gmail.com>
 Stephan Renatus <srenatus@chef.io>
@@ -1951,6 +1981,7 @@ Thomas Wanielista <tomwans@gmail.com>
 Thorben Krueger <thorben.krueger@gmail.com>
 Thordur Bjornsson <thorduri@secnorth.net>
 Tiago Queiroz <contato@tiago.eti.br>
+Tianon Gravi <admwiggin@gmail.com>
 Tilman Dilo <tilman.dilo@gmail.com>
 Tim Cooijmans <timcooijmans@gmail.com>
 Tim Cooper <tim.cooper@layeh.com>
@@ -1991,6 +2022,7 @@ Tony Walker <walkert.uk@gmail.com>
 Tooru Takahashi <tooru.takahashi134@gmail.com>
 Tor Andersson <tor.andersson@gmail.com>
 Tormod Erevik Lea <tormodlea@gmail.com>
+Toshihiro Shiino <shiino.toshihiro@gmail.com>
 Toshiki Shima <hayabusa1419@gmail.com>
 Totoro W <tw19881113@gmail.com>
 Travis Bischel <travis.bischel@gmail.com>
@@ -2052,6 +2084,7 @@ Volker Dobler <dr.volker.dobler@gmail.com>
 Volodymyr Paprotski <vpaprots@ca.ibm.com>
 W. Trevor King <wking@tremily.us>
 Wade Simmons <wade@wades.im>
+Wagner Riffel <wgrriffel@gmail.com>
 Walter Poupore <wpoupore@google.com>
 Wander Lairson Costa <wcosta@mozilla.com>
 Warren Fernandes <warren.f.fernandes@gmail.com>

VERSION

@@ -0,0 +1 @@
+go1.13

doc/devel/release.html

@@ -23,6 +23,13 @@ in supported releases as needed by issuing minor revisions
 (for example, Go 1.6.1, Go 1.6.2, and so on).
 </p>
 
+<h2 id="go1.13">go1.13 (released 2019/09/03)</h2>
+
+<p>
+Go 1.13 is a major release of Go.
+Read the <a href="/doc/go1.13">Go 1.13 Release Notes</a> for more information.
+</p>
+
 <h2 id="go1.12">go1.12 (released 2019/02/25)</h2>
 
 <p>

doc/go1.10.html

@@ -12,7 +12,7 @@ Do not send CLs removing the interior tags from such phrases.
 -->
 
 <style>
-ul li { margin: 0.5em 0; }
+  main ul li { margin: 0.5em 0; }
 </style>
 
 <h2 id="introduction">Introduction to Go 1.10</h2>

doc/go1.11.html

@@ -12,7 +12,7 @@ Do not send CLs removing the interior tags from such phrases.
 -->
 
 <style>
-  ul li { margin: 0.5em 0; }
+  main ul li { margin: 0.5em 0; }
 </style>
 
 <h2 id="introduction">Introduction to Go 1.11</h2>

doc/go1.12.html

@@ -12,7 +12,7 @@ Do not send CLs removing the interior tags from such phrases.
 -->
 
 <style>
-  ul li { margin: 0.5em 0; }
+  main ul li { margin: 0.5em 0; }
 </style>
 
 <h2 id="introduction">Introduction to Go 1.12</h2>

doc/go1.13.html

@@ -12,16 +12,16 @@ Do not send CLs removing the interior tags from such phrases.
 -->
 
 <style>
-  ul li { margin: 0.5em 0; }
+  main ul li { margin: 0.5em 0; }
 </style>
 
-<h2 id="introduction">DRAFT RELEASE NOTES - Introduction to Go 1.13</h2>
+<h2 id="introduction">Introduction to Go 1.13</h2>
 
 <p>
-  <strong>
-    Go 1.13 is not yet released. These are work-in-progress
-    release notes. Go 1.13 is expected to be released in August 2019.
-  </strong>
+  The latest Go release, version 1.13, arrives six months after <a href="go1.12">Go 1.12</a>.
+  Most of its changes are in the implementation of the toolchain, runtime, and libraries.
+  As always, the release maintains the Go 1 <a href="/doc/go1compat.html">promise of compatibility</a>.
+  We expect almost all Go programs to continue to compile and run as before.
 </p>
 
 <p>
@@ -31,7 +31,8 @@ Do not send CLs removing the interior tags from such phrases.
   for privacy information about these services and the
   <a href="/cmd/go/#hdr-Module_downloading_and_verification">go command documentation</a>
   for configuration details including how to disable the use of these servers or use
-  different ones.
+  different ones. If you depend on non-public modules, see the
+  <a href="/cmd/go/#hdr-Module_configuration_for_non_public_modules">documentation for configuring your environment</a>.
 </p>
 
 <h2 id="language">Changes to the language</h2>
@@ -121,7 +122,7 @@ Do not send CLs removing the interior tags from such phrases.
 <h3 id="android">Android</h3>
 
 <p><!-- CL 170127 -->
-  Go programs are now compatible with Android Q.
+  Go programs are now compatible with Android 10.
 </p>
 
 <h3 id="darwin">Darwin</h3>
@@ -138,7 +139,8 @@ Do not send CLs removing the interior tags from such phrases.
   As <a href="go1.12#freebsd">announced</a> in the Go 1.12 release notes,
   Go 1.13 now requires FreeBSD 11.2 or later;
   support for previous versions has been discontinued.
-  FreeBSD 12.0 or later requires a kernel with the COMPAT_FREEBSD11 option set (this is the default).
+  FreeBSD 12.0 or later requires a kernel with the <code>COMPAT_FREEBSD11</code>
+  option set (this is the default).
 </p>
 
 <h3 id="illumos">Illumos</h3>
@@ -149,18 +151,6 @@ Do not send CLs removing the interior tags from such phrases.
   build tag.
 </p>
 
-<h3 id="netbsd">NetBSD</h3>
-
-<p><!--CL 155739 -->
-  Go now supports NetBSD on arm64.
-</p>
-
-<h3 id="openbsd">OpenBSD</h3>
-
-<p><!--CL 174125 -->
-  Go now supports OpenBSD on arm64.
-</p>
-
 <h3 id="windows">Windows</h3>
 
 <p><!-- CL 178977 -->
@@ -315,7 +305,7 @@ go env -w GOSUMDB=off
 
 <p>
   The <code>go</code> command now verifies the mapping
-  between <a href="/cmd/go#hdr-Pseudo_versions">pseudo-versions</a> and
+  between <a href="/cmd/go/#hdr-Pseudo_versions">pseudo-versions</a> and
   version-control metadata. Specifically:
   <ul>
     <li>The version prefix must be of the form <code>vX.0.0</code>, or derived
@@ -551,9 +541,9 @@ godoc
   To support wrapping, <a href="#fmt"><code>fmt.Errorf</code></a> now has a <code>%w</code>
   verb for creating wrapped errors, and three new functions in
   the <a href="#errors"><code>errors</code></a> package (
-  <a href="/pkg/errors#Unwrap"><code>errors.Unwrap</code></a>,
-  <a href="/pkg/errors#Is"><code>errors.Is</code></a> and
-  <a href="/pkg/errors#As"><code>errors.As</code></a>) simplify unwrapping
+  <a href="/pkg/errors/#Unwrap"><code>errors.Unwrap</code></a>,
+  <a href="/pkg/errors/#Is"><code>errors.Is</code></a> and
+  <a href="/pkg/errors/#As"><code>errors.As</code></a>) simplify unwrapping
   and inspecting wrapped errors.
 </p>
 <p>
@@ -592,10 +582,15 @@ godoc
   <dd>
     <p>
       Support for SSL version 3.0 (SSLv3) <a href="https://golang.org/issue/32716">
-      is now deprecated and will be removed in Go 1.14</a>. Note that SSLv3
-      <a href="https://tools.ietf.org/html/rfc7568">is cryptographically
-      broken</a>, is already disabled by default in <code>crypto/tls</code>,
-      and was never supported by Go clients.
+      is now deprecated and will be removed in Go 1.14</a>. Note that SSLv3 is the
+      <a href="https://tools.ietf.org/html/rfc7568">cryptographically broken</a>
+      protocol predating TLS.
+    </p>
+
+    <p>
+      SSLv3 was always disabled by default, other than in Go 1.12, when it was
+      mistakenly enabled by default server-side. It is now again disabled by
+      default. (SSLv3 was never supported client-side.)
     </p>
 
     <p><!-- CL 177698 -->
@@ -667,6 +662,24 @@ godoc
 
 <dl id="fmt"><dt><a href="/pkg/fmt/">fmt</a></dt>
   <dd>
+    <!-- CL 160245 -->
+    <p>
+      The printing verbs <code>%x</code> and <code>%X</code> now format floating-point and
+      complex numbers in hexadecimal notation, in lower-case and upper-case respectively.
+    </p>
+
+    <!-- CL 160246 -->
+    <p>
+      The new printing verb <code>%O</code> formats integers in base 8, emitting the <code>0o</code> prefix.
+    </p>
+
+    <!-- CL 160247 -->
+    <p>
+      The scanner now accepts hexadecimal floating-point values, digit-separating underscores
+      and leading <code>0b</code> and <code>0o</code> prefixes.
+      See the <a href="#language">Changes to the language</a> for details.
+    </p>
+
     <!-- CL 176998 -->
     <p>The <a href="/pkg/fmt/#Errorf"><code>Errorf</code></a> function
       has a new verb, <code>%w</code>, whose operand must be an error.
@@ -723,6 +736,18 @@ godoc
       The new <a href="/pkg/math/big/#Rat.SetUint64"><code>Rat.SetUint64</code></a> method sets the <code>Rat</code> to a <code>uint64</code> value.
     </p>
 
+    <p><!-- CL 166157 -->
+      For <a href="/pkg/math/big/#Float.Parse"><code>Float.Parse</code></a>, if base is 0, underscores
+      may be used between digits for readability.
+      See the <a href="#language">Changes to the language</a> for details.
+    </p>
+
+    <p><!-- CL 166157 -->
+      For <a href="/pkg/math/big/#Int.SetString"><code>Int.SetString</code></a>, if base is 0, underscores
+      may be used between digits for readability.
+      See the <a href="#language">Changes to the language</a> for details.
+    </p>
+
     <p><!-- CL 168237 -->
       <a href="/pkg/math/big/#Rat.SetString"><code>Rat.SetString</code></a> now accepts non-decimal floating point representations.
     </p>
@@ -745,7 +770,7 @@ godoc
 <dl id="net"><dt><a href="/pkg/net/">net</a></dt>
   <dd>
     <p><!-- CL 156366 -->
-      On Unix systems where <code>use-vc</code> is set in <code>resolve.conf</code>, TCP is used for DNS resolution.
+      On Unix systems where <code>use-vc</code> is set in <code>resolv.conf</code>, TCP is used for DNS resolution.
     </p>
 
     <p><!-- CL 170678 -->
@@ -760,7 +785,7 @@ godoc
       <code>Timeout</code> method that returns <code>true</code> if called.
       This can make a keep-alive error difficult to distinguish from
       an error returned due to a missed deadline as set by the
-      <a href="/pkg/net#Conn"><code>SetDeadline</code></a>
+      <a href="/pkg/net/#Conn"><code>SetDeadline</code></a>
       method and similar methods.
       Code that uses deadlines and checks for them with
       the <code>Timeout</code> method or
@@ -789,7 +814,8 @@ godoc
     </p>
 
     <p><!-- CL 140357 -->
-      When reusing HTTP/2, the <a href="/pkg/net/http#Transport"><code>Transport</code></a> no longer performs unnecessary TLS handshakes.
+      <a href="/pkg/net/http/#Transport.MaxConnsPerHost"><code>Transport.MaxConnsPerHost</code></a> now works
+      properly with HTTP/2.
     </p>
 
     <p><!-- CL 154383 -->
@@ -813,14 +839,14 @@ godoc
     </p>
 
     <p><!-- CL 167681 -->
-      The new <a href="/pkg/net/http#Server"><code>Server</code></a> fields
+      The new <a href="/pkg/net/http/#Server"><code>Server</code></a> fields
       <a href="/pkg/net/http/#Server.BaseContext"><code>BaseContext</code></a> and
       <a href="/pkg/net/http/#Server.ConnContext"><code>ConnContext</code></a>
-      allow finer control over the <a href="/pkg/context#Context"><code>Context</code></a> values provided to requests and connections.
+      allow finer control over the <a href="/pkg/context/#Context"><code>Context</code></a> values provided to requests and connections.
     </p>
 
     <p><!-- CL 167781 -->
-      <a href="/pkg/net/http#DetectContentType"><code>http.DetectContentType</code></a> now correctly detects RAR signatures, and can now also detect RAR v5 signatures.
+      <a href="/pkg/net/http/#DetectContentType"><code>http.DetectContentType</code></a> now correctly detects RAR signatures, and can now also detect RAR v5 signatures.
     </p>
 
     <p><!-- CL 173658 -->
@@ -836,7 +862,8 @@ godoc
     </p>
 
     <p><!-- CL 179457 -->
-      <a href="/pkg/net/http/#Transport"><code>Transport</code></a> now silently ignores a <code>408 "Request Timeout"</code> response.
+      The <a href="/pkg/net/http/#Transport"><code>Transport</code></a> no longer logs errors when servers
+      gracefully shut down idle connections using a <code>"408 Request Timeout"</code> response.
     </p>
 
 </dl><!-- net/http -->
@@ -858,9 +885,9 @@ godoc
 <dl id="os/exec"><dt><a href="/pkg/os/exec/">os/exec</a></dt>
   <dd>
     <p><!-- CL 174318 -->
-      On Windows, the environment for a <a href="/pkg/os/exec#Cmd"><code>Cmd</code></a> always inherits the
+      On Windows, the environment for a <a href="/pkg/os/exec/#Cmd"><code>Cmd</code></a> always inherits the
       <code>%SYSTEMROOT%</code> value of the parent process unless the
-      <a href="/pkg/os/exec#Cmd.Env"><code>Cmd.Env</code></a> field includes an explicit value for it.
+      <a href="/pkg/os/exec/#Cmd.Env"><code>Cmd.Env</code></a> field includes an explicit value for it.
     </p>
 
 </dl><!-- os/exec -->
@@ -888,7 +915,19 @@ godoc
 
 </dl><!-- runtime -->
 
-<dl id="strings"><dt><a href="/pkg/strings">strings</a></dt>
+<dl id="strconv"><dt><a href="/pkg/strconv/">strconv</a></dt>
+  <dd>
+    <p><!-- CL 160243 -->
+       For <a href="/pkg/strconv/#ParseFloat"><code>strconv.ParseFloat</code></a>,
+       <a href="/pkg/strconv/#ParseInt"><code>strconv.ParseInt</code></a>
+       and <a href="/pkg/strconv/#ParseUint"><code>strconv.ParseUint</code></a>,
+       if base is 0, underscores may be used between digits for readability.
+       See the <a href="#language">Changes to the language</a> for details.
+    </p>
+
+</dl><!-- strconv -->
+
+<dl id="strings"><dt><a href="/pkg/strings/">strings</a></dt>
   <dd>
     <p><!-- CL 142003 -->
       The new <a href="/pkg/strings/#ToValidUTF8"><code>ToValidUTF8</code></a> function returns a
@@ -942,9 +981,10 @@ godoc
 <dl id="syscall/js"><dt><a href="/pkg/syscall/js/">syscall/js</a></dt>
   <dd>
     <p><!-- CL 177537 -->
-      TypedArrayOf has been replaced by
+      <code>TypedArrayOf</code> has been replaced by
       <a href="/pkg/syscall/js/#CopyBytesToGo"><code>CopyBytesToGo</code></a> and
-      <a href="/pkg/syscall/js/#CopyBytesToJS"><code>CopyBytesToJS</code></a> for copying bytes between a byte slice and a Uint8Array.
+      <a href="/pkg/syscall/js/#CopyBytesToJS"><code>CopyBytesToJS</code></a> for copying bytes
+      between a byte slice and a <code>Uint8Array</code>.
     </p>
 
 </dl><!-- syscall/js -->

doc/go1.6.html

@@ -10,7 +10,7 @@ Edit .,s;^([a-z][A-Za-z0-9_/]+)\.([A-Z][A-Za-z0-9_]+\.)?([A-Z][A-Za-z0-9_]+)([ .
 -->
 
 <style>
-ul li { margin: 0.5em 0; }
+  main ul li { margin: 0.5em 0; }
 </style>
 
 <h2 id="introduction">Introduction to Go 1.6</h2>

doc/go1.7.html

@@ -22,7 +22,7 @@ Do not send CLs removing the interior tags from such phrases.
 -->
 
 <style>
-ul li { margin: 0.5em 0; }
+  main ul li { margin: 0.5em 0; }
 </style>
 
 <h2 id="introduction">Introduction to Go 1.7</h2>

doc/go1.8.html

@@ -12,7 +12,7 @@ Do not send CLs removing the interior tags from such phrases.
 -->
 
 <style>
-ul li { margin: 0.5em 0; }
+  main ul li { margin: 0.5em 0; }
 </style>
 
 <h2 id="introduction">Introduction to Go 1.8</h2>

doc/go1.9.html

@@ -12,7 +12,7 @@ Do not send CLs removing the interior tags from such phrases.
 -->
 
 <style>
-ul li { margin: 0.5em 0; }
+  main ul li { margin: 0.5em 0; }
 </style>
 
 <h2 id="introduction">Introduction to Go 1.9</h2>

src/cmd/go.mod

@@ -5,7 +5,7 @@ go 1.12
 require (
 	github.com/google/pprof v0.0.0-20190515194954-54271f7e092f
 	github.com/ianlancetaylor/demangle v0.0.0-20180524225900-fc6590592b44 // indirect
-	golang.org/x/arch v0.0.0-20181203225421-5a4828bb7045
+	golang.org/x/arch v0.0.0-20190815191158-8a70ba74b3a1
 	golang.org/x/crypto v0.0.0-20190325154230-a5d413f7728c
 	golang.org/x/sys v0.0.0-20190502175342-a43fa875dd82 // indirect
 	golang.org/x/tools v0.0.0-20190611154301-25a4f137592f

src/cmd/go.sum

@@ -2,8 +2,8 @@ github.com/google/pprof v0.0.0-20190515194954-54271f7e092f h1:Jnx61latede7zDD3Di
 github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
 github.com/ianlancetaylor/demangle v0.0.0-20180524225900-fc6590592b44 h1:pKqc8lAAA6rcwpvsephnRuZp4VHbfszZRClvqAE6Sq8=
 github.com/ianlancetaylor/demangle v0.0.0-20180524225900-fc6590592b44/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
-golang.org/x/arch v0.0.0-20181203225421-5a4828bb7045 h1:Pn8fQdvx+z1avAi7fdM2kRYWQNxGlavNDSyzrQg2SsU=
-golang.org/x/arch v0.0.0-20181203225421-5a4828bb7045/go.mod h1:cYlCBUl1MsqxdiKgmc4uh7TxZfWSFLOGSRR090WDxt8=
+golang.org/x/arch v0.0.0-20190815191158-8a70ba74b3a1 h1:A71BZbKSu+DtCNry/x5JKn20C+64DirDHmePEA8k0FY=
+golang.org/x/arch v0.0.0-20190815191158-8a70ba74b3a1/go.mod h1:flIaEI6LNU6xOCD5PaJvn9wGP0agmIOqjrtsKGRguv4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190325154230-a5d413f7728c h1:Vj5n4GlwjmQteupaxJ9+0FNOmBrHfq7vN4btdGoDZgI=
 golang.org/x/crypto v0.0.0-20190325154230-a5d413f7728c/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
@@ -17,3 +17,4 @@ golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/tools v0.0.0-20190611154301-25a4f137592f h1:6awn5JC4pwVI5HiBqs7MDtRxnwV9PpO5iSA9v6P09pA=
 golang.org/x/tools v0.0.0-20190611154301-25a4f137592f/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
+rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=

src/cmd/go/internal/get/vcs.go

@@ -164,8 +164,14 @@ var vcsGit = &vcsCmd{
 	// See golang.org/issue/9032.
 	tagSyncDefault: []string{"submodule update --init --recursive"},
 
-	scheme:     []string{"git", "https", "http", "git+ssh", "ssh"},
-	pingCmd:    "ls-remote -- {scheme}://{repo}",
+	scheme: []string{"git", "https", "http", "git+ssh", "ssh"},
+
+	// Leave out the '--' separator in the ls-remote command: git 2.7.4 does not
+	// support such a separator for that command, and this use should be safe
+	// without it because the {scheme} value comes from the predefined list above.
+	// See golang.org/issue/33836.
+	pingCmd: "ls-remote {scheme}://{repo}",
+
 	remoteRepo: gitRemoteRepo,
 }
 

src/cmd/go/internal/modload/load.go

@@ -1140,7 +1140,7 @@ func (r *mvsReqs) required(mod module.Version) ([]module.Version, error) {
 	if mpath := f.Module.Mod.Path; mpath != origPath && mpath != mod.Path {
 		return nil, module.VersionError(mod, fmt.Errorf(`parsing go.mod:
 	module declares its path as: %s
-	        but was required as: %s`, mod.Path, mpath))
+	        but was required as: %s`, mpath, mod.Path))
 	}
 	if f.Go != nil {
 		r.versions.LoadOrStore(mod, f.Go.Version)

src/cmd/go/testdata/mod/example.com_badchain_c_v1.1.0.txt

@@ -1,7 +1,7 @@
 example.com/badchain/c v1.1.0
 
 -- .mod --
-module example.com/badchain/wrong
+module badchain.example.com/c
 -- .info --
 {"Version":"v1.1.0"}
 -- c.go --

src/cmd/go/testdata/script/mod_load_badchain.txt

@@ -58,28 +58,28 @@ func Test(t *testing.T) {}
 -- update-main-expected --
 go get: example.com/badchain/c@v1.0.0 updating to
 	example.com/badchain/c@v1.1.0: parsing go.mod:
-	module declares its path as: example.com/badchain/c
-	        but was required as: example.com/badchain/wrong
+	module declares its path as: badchain.example.com/c
+	        but was required as: example.com/badchain/c
 -- update-a-expected --
 go get: example.com/badchain/a@v1.1.0 requires
 	example.com/badchain/b@v1.1.0 requires
 	example.com/badchain/c@v1.1.0: parsing go.mod:
-	module declares its path as: example.com/badchain/c
-	        but was required as: example.com/badchain/wrong
+	module declares its path as: badchain.example.com/c
+	        but was required as: example.com/badchain/c
 -- list-expected --
 go: example.com/badchain/a@v1.1.0 requires
 	example.com/badchain/b@v1.1.0 requires
 	example.com/badchain/c@v1.1.0: parsing go.mod:
-	module declares its path as: example.com/badchain/c
-	        but was required as: example.com/badchain/wrong
+	module declares its path as: badchain.example.com/c
+	        but was required as: example.com/badchain/c
 -- list-missing-expected --
 go: m/use imports
 	example.com/badchain/c: example.com/badchain/c@v1.1.0: parsing go.mod:
-	module declares its path as: example.com/badchain/c
-	        but was required as: example.com/badchain/wrong
+	module declares its path as: badchain.example.com/c
+	        but was required as: example.com/badchain/c
 -- list-missing-test-expected --
 go: m/testuse tested by
 	m/testuse.test imports
 	example.com/badchain/c: example.com/badchain/c@v1.1.0: parsing go.mod:
-	module declares its path as: example.com/badchain/c
-	        but was required as: example.com/badchain/wrong
+	module declares its path as: badchain.example.com/c
+	        but was required as: example.com/badchain/c

src/cmd/vendor/golang.org/x/arch/x86/x86asm/decode.go

@@ -203,7 +203,9 @@ func instPrefix(b byte, mode int) (Inst, error) {
 // For now we use instPrefix but perhaps later we will return
 // a specific error here.
 func truncated(src []byte, mode int) (Inst, error) {
-	//	return Inst{}, len(src), ErrTruncated
+	if len(src) == 0 {
+		return Inst{}, ErrTruncated
+	}
 	return instPrefix(src[0], mode) // too long
 }
 
@@ -216,7 +218,6 @@ var (
 
 // decoderCover records coverage information for which parts
 // of the byte code have been executed.
-// TODO(rsc): This is for testing. Only use this if a flag is given.
 var decoderCover []bool
 
 // Decode decodes the leading bytes in src as a single instruction.
@@ -406,7 +407,7 @@ ReadPrefixes:
 
 		//Group 5 - Vex encoding
 		case 0xC5:
-			if pos == 0 && (mode == 64 || (mode == 32 && pos+1 < len(src) && src[pos+1]&0xc0 == 0xc0)) {
+			if pos == 0 && pos+1 < len(src) && (mode == 64 || (mode == 32 && src[pos+1]&0xc0 == 0xc0)) {
 				vex = p
 				vexIndex = pos
 				inst.Prefix[pos] = p
@@ -418,7 +419,7 @@ ReadPrefixes:
 				break ReadPrefixes
 			}
 		case 0xC4:
-			if pos == 0 && (mode == 64 || (mode == 32 && pos+2 < len(src) && src[pos+1]&0xc0 == 0xc0)) {
+			if pos == 0 && pos+2 < len(src) && (mode == 64 || (mode == 32 && src[pos+1]&0xc0 == 0xc0)) {
 				vex = p
 				vexIndex = pos
 				inst.Prefix[pos] = p
@@ -460,9 +461,6 @@ ReadPrefixes:
 	// opshift gives the shift to use when saving the next
 	// opcode byte into inst.Opcode.
 	opshift = 24
-	if decoderCover == nil {
-		decoderCover = make([]bool, len(decoder))
-	}
 
 	// Decode loop, executing decoder program.
 	var oldPC, prevPC int
@@ -474,7 +472,9 @@ Decode:
 			println("run", pc)
 		}
 		x := decoder[pc]
-		decoderCover[pc] = true
+		if decoderCover != nil {
+			decoderCover[pc] = true
+		}
 		pc++
 
 		// Read and decode ModR/M if needed by opcode.

src/cmd/vendor/modules.txt

@@ -16,7 +16,7 @@ github.com/google/pprof/third_party/d3flamegraph
 github.com/google/pprof/third_party/svgpan
 # github.com/ianlancetaylor/demangle v0.0.0-20180524225900-fc6590592b44
 github.com/ianlancetaylor/demangle
-# golang.org/x/arch v0.0.0-20181203225421-5a4828bb7045
+# golang.org/x/arch v0.0.0-20190815191158-8a70ba74b3a1
 golang.org/x/arch/arm/armasm
 golang.org/x/arch/arm64/arm64asm
 golang.org/x/arch/ppc64/ppc64asm

src/crypto/tls/common.go

@@ -794,6 +794,10 @@ var supportedVersions = []uint16{
 func (c *Config) supportedVersions(isClient bool) []uint16 {
 	versions := make([]uint16, 0, len(supportedVersions))
 	for _, v := range supportedVersions {
+		// TLS 1.0 is the default minimum version.
+		if (c == nil || c.MinVersion == 0) && v < VersionTLS10 {
+			continue
+		}
 		if c != nil && c.MinVersion != 0 && v < c.MinVersion {
 			continue
 		}

src/crypto/tls/handshake_server_test.go

@@ -77,6 +77,20 @@ func TestRejectBadProtocolVersion(t *testing.T) {
 	}, "unsupported versions")
 }
 
+func TestSSLv3OptIn(t *testing.T) {
+	config := testConfig.Clone()
+	config.MinVersion = 0
+	testClientHelloFailure(t, config, &clientHelloMsg{
+		vers:   VersionSSL30,
+		random: make([]byte, 32),
+	}, "unsupported versions")
+	testClientHelloFailure(t, config, &clientHelloMsg{
+		vers:              VersionTLS12,
+		supportedVersions: []uint16{VersionSSL30},
+		random:            make([]byte, 32),
+	}, "unsupported versions")
+}
+
 func TestNoSuiteOverlap(t *testing.T) {
 	clientHello := &clientHelloMsg{
 		vers:               VersionTLS10,

src/encoding/json/indent.go

@@ -8,9 +8,6 @@ import "bytes"
 
 // Compact appends to dst the JSON-encoded src with
 // insignificant space characters elided.
-// Like Marshal, Compact applies HTMLEscape to any
-// string literals so that the JSON will be safe to embed
-// inside HTML <script> tags.
 func Compact(dst *bytes.Buffer, src []byte) error {
 	return compact(dst, src, false)
 }

src/fmt/scan.go

@@ -609,7 +609,7 @@ func (s *ss) scanRune(bitSize int) int64 {
 	return r
 }
 
-// scanBasePrefix reports whether the integer begins with a bas prefix
+// scanBasePrefix reports whether the integer begins with a base prefix
 // and returns the base, digit string, and whether a zero was found.
 // It is called only if the verb is %v.
 func (s *ss) scanBasePrefix() (base int, digits string, zeroFound bool) {

src/go.mod

@@ -4,7 +4,7 @@ go 1.12
 
 require (
 	golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8
-	golang.org/x/net v0.0.0-20190607181551-461777fb6f67
+	golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7
 	golang.org/x/sys v0.0.0-20190529130038-5219a1e1c5f8 // indirect
 	golang.org/x/text v0.3.2 // indirect
 )

src/go.sum

@@ -2,8 +2,8 @@ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACk
 golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8 h1:1wopBVtVdWnn03fZelqdXTqk7U7zPQCb+T4rbU9ZEoU=
 golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190607181551-461777fb6f67 h1:rJJxsykSlULwd2P2+pg/rtnwN2FrWp4IuCxOSyS0V00=
-golang.org/x/net v0.0.0-20190607181551-461777fb6f67/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7 h1:fHDIZ2oxGnUZRN6WgWFCbYBjH9uqVPRCUVUDhs0wnbA=
+golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190529130038-5219a1e1c5f8 h1:2WjIC11WRITGlVWmyLXKjzIVj1ZwoWZ//tadeUUV6/o=

src/net/http/h2_bundle.go

@@ -3611,10 +3611,11 @@ func (p *http2pipe) Done() <-chan struct{} {
 }
 
 const (
-	http2prefaceTimeout        = 10 * time.Second
-	http2firstSettingsTimeout  = 2 * time.Second // should be in-flight with preface anyway
-	http2handlerChunkWriteSize = 4 << 10
-	http2defaultMaxStreams     = 250 // TODO: make this 100 as the GFE seems to?
+	http2prefaceTimeout         = 10 * time.Second
+	http2firstSettingsTimeout   = 2 * time.Second // should be in-flight with preface anyway
+	http2handlerChunkWriteSize  = 4 << 10
+	http2defaultMaxStreams      = 250 // TODO: make this 100 as the GFE seems to?
+	http2maxQueuedControlFrames = 10000
 )
 
 var (
@@ -3722,6 +3723,15 @@ func (s *http2Server) maxConcurrentStreams() uint32 {
 	return http2defaultMaxStreams
 }
 
+// maxQueuedControlFrames is the maximum number of control frames like
+// SETTINGS, PING and RST_STREAM that will be queued for writing before
+// the connection is closed to prevent memory exhaustion attacks.
+func (s *http2Server) maxQueuedControlFrames() int {
+	// TODO: if anybody asks, add a Server field, and remember to define the
+	// behavior of negative values.
+	return http2maxQueuedControlFrames
+}
+
 type http2serverInternalState struct {
 	mu          sync.Mutex
 	activeConns map[*http2serverConn]struct{}
@@ -4065,6 +4075,7 @@ type http2serverConn struct {
 	sawFirstSettings            bool // got the initial SETTINGS frame after the preface
 	needToSendSettingsAck       bool
 	unackedSettings             int    // how many SETTINGS have we sent without ACKs?
+	queuedControlFrames         int    // control frames in the writeSched queue
 	clientMaxStreams            uint32 // SETTINGS_MAX_CONCURRENT_STREAMS from client (our PUSH_PROMISE limit)
 	advMaxStreams               uint32 // our SETTINGS_MAX_CONCURRENT_STREAMS advertised the client
 	curClientStreams            uint32 // number of open streams initiated by the client
@@ -4456,6 +4467,14 @@ func (sc *http2serverConn) serve() {
 			}
 		}
 
+		// If the peer is causing us to generate a lot of control frames,
+		// but not reading them from us, assume they are trying to make us
+		// run out of memory.
+		if sc.queuedControlFrames > sc.srv.maxQueuedControlFrames() {
+			sc.vlogf("http2: too many control frames in send queue, closing connection")
+			return
+		}
+
 		// Start the shutdown timer after sending a GOAWAY. When sending GOAWAY
 		// with no error code (graceful shutdown), don't start the timer until
 		// all open streams have been completed.
@@ -4657,6 +4676,14 @@ func (sc *http2serverConn) writeFrame(wr http2FrameWriteRequest) {
 	}
 
 	if !ignoreWrite {
+		if wr.isControl() {
+			sc.queuedControlFrames++
+			// For extra safety, detect wraparounds, which should not happen,
+			// and pull the plug.
+			if sc.queuedControlFrames < 0 {
+				sc.conn.Close()
+			}
+		}
 		sc.writeSched.Push(wr)
 	}
 	sc.scheduleFrameWrite()
@@ -4774,10 +4801,8 @@ func (sc *http2serverConn) wroteFrame(res http2frameWriteResult) {
 // If a frame is already being written, nothing happens. This will be called again
 // when the frame is done being written.
 //
-// If a frame isn't being written we need to send one, the best frame
-// to send is selected, preferring first things that aren't
-// stream-specific (e.g. ACKing settings), and then finding the
-// highest priority stream.
+// If a frame isn't being written and we need to send one, the best frame
+// to send is selected by writeSched.
 //
 // If a frame isn't being written and there's nothing else to send, we
 // flush the write buffer.
@@ -4805,6 +4830,9 @@ func (sc *http2serverConn) scheduleFrameWrite() {
 		}
 		if !sc.inGoAway || sc.goAwayCode == http2ErrCodeNo {
 			if wr, ok := sc.writeSched.Pop(); ok {
+				if wr.isControl() {
+					sc.queuedControlFrames--
+				}
 				sc.startFrameWrite(wr)
 				continue
 			}
@@ -5097,6 +5125,8 @@ func (sc *http2serverConn) processSettings(f *http2SettingsFrame) error {
 	if err := f.ForeachSetting(sc.processSetting); err != nil {
 		return err
 	}
+	// TODO: judging by RFC 7540, Section 6.5.3 each SETTINGS frame should be
+	// acknowledged individually, even if multiple are received before the ACK.
 	sc.needToSendSettingsAck = true
 	sc.scheduleFrameWrite()
 	return nil
@@ -7451,7 +7481,7 @@ func (cc *http2ClientConn) roundTrip(req *Request) (res *Response, gotErrAfterRe
 		req.Method != "HEAD" {
 		// Request gzip only, not deflate. Deflate is ambiguous and
 		// not as universally supported anyway.
-		// See: http://www.gzip.org/zlib/zlib_faq.html#faq38
+		// See: https://zlib.net/zlib_faq.html#faq39
 		//
 		// Note that we don't request this for HEAD requests,
 		// due to a bug in nginx:
@@ -9445,7 +9475,7 @@ type http2WriteScheduler interface {
 
 	// Pop dequeues the next frame to write. Returns false if no frames can
 	// be written. Frames with a given wr.StreamID() are Pop'd in the same
-	// order they are Push'd.
+	// order they are Push'd. No frames should be discarded except by CloseStream.
 	Pop() (wr http2FrameWriteRequest, ok bool)
 }
 
@@ -9489,6 +9519,12 @@ func (wr http2FrameWriteRequest) StreamID() uint32 {
 	return wr.stream.id
 }
 
+// isControl reports whether wr is a control frame for MaxQueuedControlFrames
+// purposes. That includes non-stream frames and RST_STREAM frames.
+func (wr http2FrameWriteRequest) isControl() bool {
+	return wr.stream == nil
+}
+
 // DataSize returns the number of flow control bytes that must be consumed
 // to write this entire frame. This is 0 for non-DATA frames.
 func (wr http2FrameWriteRequest) DataSize() int {

src/net/http/server.go

@@ -231,13 +231,13 @@ type CloseNotifier interface {
 
 var (
 	// ServerContextKey is a context key. It can be used in HTTP
-	// handlers with context.WithValue to access the server that
+	// handlers with Context.Value to access the server that
 	// started the handler. The associated value will be of
 	// type *Server.
 	ServerContextKey = &contextKey{"http-server"}
 
 	// LocalAddrContextKey is a context key. It can be used in
-	// HTTP handlers with context.WithValue to access the local
+	// HTTP handlers with Context.Value to access the local
 	// address the connection arrived on.
 	// The associated value will be of type net.Addr.
 	LocalAddrContextKey = &contextKey{"local-addr"}
@@ -3177,8 +3177,8 @@ func (srv *Server) onceSetNextProtoDefaults() {
 // After such a timeout, writes by h to its ResponseWriter will return
 // ErrHandlerTimeout.
 //
-// TimeoutHandler buffers all Handler writes to memory and does not
-// support the Hijacker or Flusher interfaces.
+// TimeoutHandler supports the Flusher and Pusher interfaces but does not
+// support the Hijacker interface.
 func TimeoutHandler(h Handler, dt time.Duration, msg string) Handler {
 	return &timeoutHandler{
 		handler: h,

src/net/http/transport.go

@@ -953,6 +953,7 @@ func (t *Transport) queueForIdleConn(w *wantConn) (delivered bool) {
 		t.idleConnWait = make(map[connectMethodKey]wantConnQueue)
 	}
 	q := t.idleConnWait[w.key]
+	q.cleanFront()
 	q.pushBack(w)
 	t.idleConnWait[w.key] = q
 	return false
@@ -1137,7 +1138,7 @@ func (q *wantConnQueue) pushBack(w *wantConn) {
 	q.tail = append(q.tail, w)
 }
 
-// popFront removes and returns the w at the front of the queue.
+// popFront removes and returns the wantConn at the front of the queue.
 func (q *wantConnQueue) popFront() *wantConn {
 	if q.headPos >= len(q.head) {
 		if len(q.tail) == 0 {
@@ -1152,6 +1153,30 @@ func (q *wantConnQueue) popFront() *wantConn {
 	return w
 }
 
+// peekFront returns the wantConn at the front of the queue without removing it.
+func (q *wantConnQueue) peekFront() *wantConn {
+	if q.headPos < len(q.head) {
+		return q.head[q.headPos]
+	}
+	if len(q.tail) > 0 {
+		return q.tail[0]
+	}
+	return nil
+}
+
+// cleanFront pops any wantConns that are no longer waiting from the head of the
+// queue, reporting whether any were popped.
+func (q *wantConnQueue) cleanFront() (cleaned bool) {
+	for {
+		w := q.peekFront()
+		if w == nil || w.waiting() {
+			return cleaned
+		}
+		q.popFront()
+		cleaned = true
+	}
+}
+
 // getConn dials and creates a new persistConn to the target as
 // specified in the connectMethod. This includes doing a proxy CONNECT
 // and/or setting up TLS.  If this doesn't return an error, the persistConn
@@ -1261,6 +1286,7 @@ func (t *Transport) queueForDial(w *wantConn) {
 		t.connsPerHostWait = make(map[connectMethodKey]wantConnQueue)
 	}
 	q := t.connsPerHostWait[w.key]
+	q.cleanFront()
 	q.pushBack(w)
 	t.connsPerHostWait[w.key] = q
 }

src/net/http/transport_test.go

@@ -1658,6 +1658,176 @@ func TestTransportPersistConnLeakShortBody(t *testing.T) {
 	}
 }
 
+// A countedConn is a net.Conn that decrements an atomic counter when finalized.
+type countedConn struct {
+	net.Conn
+}
+
+// A countingDialer dials connections and counts the number that remain reachable.
+type countingDialer struct {
+	dialer      net.Dialer
+	mu          sync.Mutex
+	total, live int64
+}
+
+func (d *countingDialer) DialContext(ctx context.Context, network, address string) (net.Conn, error) {
+	conn, err := d.dialer.DialContext(ctx, network, address)
+	if err != nil {
+		return nil, err
+	}
+
+	counted := new(countedConn)
+	counted.Conn = conn
+
+	d.mu.Lock()
+	defer d.mu.Unlock()
+	d.total++
+	d.live++
+
+	runtime.SetFinalizer(counted, d.decrement)
+	return counted, nil
+}
+
+func (d *countingDialer) decrement(*countedConn) {
+	d.mu.Lock()
+	defer d.mu.Unlock()
+	d.live--
+}
+
+func (d *countingDialer) Read() (total, live int64) {
+	d.mu.Lock()
+	defer d.mu.Unlock()
+	return d.total, d.live
+}
+
+func TestTransportPersistConnLeakNeverIdle(t *testing.T) {
+	defer afterTest(t)
+
+	ts := httptest.NewServer(HandlerFunc(func(w ResponseWriter, r *Request) {
+		// Close every connection so that it cannot be kept alive.
+		conn, _, err := w.(Hijacker).Hijack()
+		if err != nil {
+			t.Errorf("Hijack failed unexpectedly: %v", err)
+			return
+		}
+		conn.Close()
+	}))
+	defer ts.Close()
+
+	var d countingDialer
+	c := ts.Client()
+	c.Transport.(*Transport).DialContext = d.DialContext
+
+	body := []byte("Hello")
+	for i := 0; ; i++ {
+		total, live := d.Read()
+		if live < total {
+			break
+		}
+		if i >= 1<<12 {
+			t.Fatalf("Count of live client net.Conns (%d) not lower than total (%d) after %d Do / GC iterations.", live, total, i)
+		}
+
+		req, err := NewRequest("POST", ts.URL, bytes.NewReader(body))
+		if err != nil {
+			t.Fatal(err)
+		}
+		_, err = c.Do(req)
+		if err == nil {
+			t.Fatal("expected broken connection")
+		}
+
+		runtime.GC()
+	}
+}
+
+type countedContext struct {
+	context.Context
+}
+
+type contextCounter struct {
+	mu   sync.Mutex
+	live int64
+}
+
+func (cc *contextCounter) Track(ctx context.Context) context.Context {
+	counted := new(countedContext)
+	counted.Context = ctx
+	cc.mu.Lock()
+	defer cc.mu.Unlock()
+	cc.live++
+	runtime.SetFinalizer(counted, cc.decrement)
+	return counted
+}
+
+func (cc *contextCounter) decrement(*countedContext) {
+	cc.mu.Lock()
+	defer cc.mu.Unlock()
+	cc.live--
+}
+
+func (cc *contextCounter) Read() (live int64) {
+	cc.mu.Lock()
+	defer cc.mu.Unlock()
+	return cc.live
+}
+
+func TestTransportPersistConnContextLeakMaxConnsPerHost(t *testing.T) {
+	defer afterTest(t)
+
+	ts := httptest.NewServer(HandlerFunc(func(w ResponseWriter, r *Request) {
+		runtime.Gosched()
+		w.WriteHeader(StatusOK)
+	}))
+	defer ts.Close()
+
+	c := ts.Client()
+	c.Transport.(*Transport).MaxConnsPerHost = 1
+
+	ctx := context.Background()
+	body := []byte("Hello")
+	doPosts := func(cc *contextCounter) {
+		var wg sync.WaitGroup
+		for n := 64; n > 0; n-- {
+			wg.Add(1)
+			go func() {
+				defer wg.Done()
+
+				ctx := cc.Track(ctx)
+				req, err := NewRequest("POST", ts.URL, bytes.NewReader(body))
+				if err != nil {
+					t.Error(err)
+				}
+
+				_, err = c.Do(req.WithContext(ctx))
+				if err != nil {
+					t.Errorf("Do failed with error: %v", err)
+				}
+			}()
+		}
+		wg.Wait()
+	}
+
+	var initialCC contextCounter
+	doPosts(&initialCC)
+
+	// flushCC exists only to put pressure on the GC to finalize the initialCC
+	// contexts: the flushCC allocations should eventually displace the initialCC
+	// allocations.
+	var flushCC contextCounter
+	for i := 0; ; i++ {
+		live := initialCC.Read()
+		if live == 0 {
+			break
+		}
+		if i >= 100 {
+			t.Fatalf("%d Contexts still not finalized after %d GC cycles.", live, i)
+		}
+		doPosts(&flushCC)
+		runtime.GC()
+	}
+}
+
 // This used to crash; https://golang.org/issue/3266
 func TestTransportIdleConnCrash(t *testing.T) {
 	defer afterTest(t)

src/os/os_test.go

@@ -2251,6 +2251,8 @@ func TestPipeThreads(t *testing.T) {
 		t.Skip("skipping on Plan 9; does not support runtime poller")
 	case "js":
 		t.Skip("skipping on js; no support for os.Pipe")
+	case "darwin":
+		t.Skip("skipping on Darwin; issue 33953")
 	}
 
 	threads := 100

src/strconv/atof.go

@@ -643,7 +643,7 @@ func atof64(s string) (f float64, err error) {
 // ParseFloat returns the nearest floating-point number rounded
 // using IEEE754 unbiased rounding.
 // (Parsing a hexadecimal floating-point value only rounds when
-// there are more bits in the hexadecimal representatiton than
+// there are more bits in the hexadecimal representation than
 // will fit in the mantissa.)
 //
 // The errors that ParseFloat returns have concrete type *NumError

src/strconv/atoi.go

@@ -154,7 +154,8 @@ func ParseUint(s string, base int, bitSize int) (uint64, error) {
 //
 // If base == 0, the base is implied by the string's prefix:
 // base 2 for "0b", base 8 for "0" or "0o", base 16 for "0x",
-// and base 10 otherwise.
+// and base 10 otherwise. Also, for base == 0 only, underscore
+// characters are permitted per the Go integer literal syntax.
 // If base is below 0, is 1, or is above 36, an error is returned.
 //
 // The bitSize argument specifies the integer type

src/vendor/golang.org/x/net/lif/zsys_solaris_amd64.go

@@ -1,4 +1,4 @@
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs defs_solaris.go
 
 package lif

src/vendor/golang.org/x/net/route/zsys_darwin.go

@@ -1,4 +1,4 @@
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs defs_darwin.go
 
 package route

src/vendor/golang.org/x/net/route/zsys_dragonfly.go

@@ -1,4 +1,4 @@
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs defs_dragonfly.go
 
 package route

src/vendor/golang.org/x/net/route/zsys_freebsd_386.go

@@ -1,4 +1,4 @@
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs defs_freebsd.go
 
 package route

src/vendor/golang.org/x/net/route/zsys_freebsd_amd64.go

@@ -1,4 +1,4 @@
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs defs_freebsd.go
 
 package route

src/vendor/golang.org/x/net/route/zsys_freebsd_arm.go

@@ -1,4 +1,4 @@
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs defs_freebsd.go
 
 package route

src/vendor/golang.org/x/net/route/zsys_netbsd.go

@@ -1,4 +1,4 @@
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs defs_netbsd.go
 
 package route

src/vendor/golang.org/x/net/route/zsys_openbsd.go

@@ -1,4 +1,4 @@
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs defs_openbsd.go
 
 package route

src/vendor/modules.txt

@@ -7,7 +7,7 @@ golang.org/x/crypto/hkdf
 golang.org/x/crypto/internal/chacha20
 golang.org/x/crypto/internal/subtle
 golang.org/x/crypto/poly1305
-# golang.org/x/net v0.0.0-20190607181551-461777fb6f67
+# golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7
 golang.org/x/net/dns/dnsmessage
 golang.org/x/net/http/httpguts
 golang.org/x/net/http/httpproxy