path/filepath: Clean removes ending slash for volume on Windows in Go 1.21.4 #64028
Comments
|
Thanks for reporting. Seems like a regression. @golang/windows @neild |
qmuntal
added
OS-Windows
NeedsInvestigation
|
@gopherbot, please backport to Go 1.21 and maybe 1.20. This appears to be a regression introduced in a security release. |
|
Backport issue(s) opened: #64040 (for 1.20), #64041 (for 1.21). Remember to create the cherry-pick CL(s) as soon as the patch is submitted to master, according to https://go.dev/wiki/MinorReleases. |
|
Change https://go.dev/cl/541175 mentions this issue: |
|
This falls out from an inadvertent change to what we consider the "volume name" to be in paths starting with |
|
I confirmed the CL also fixes another bit of fallout: calling Reading the code, this makes sense, but I figured it might still be worth mentioning. 🙂 |
… Windows While fixing several bugs in path handling on Windows, beginning with \\?\. Prior to #540277, VolumeName considered the first path component after the \\?\ prefix to be part of the volume name. After, it considered only the \\? prefix to be the volume name. Restore the previous behavior. Fixes golang#64040 Updates golang#64028 Change-Id: I6523789e61776342800bd607fb3f29d496257e68 Reviewed-on: https://go-review.googlesource.com/c/go/+/541175 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Roland Shoemaker <roland@golang.org> (cherry picked from commit eda42f7) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
… Windows While fixing several bugs in path handling on Windows, beginning with \\?\. Prior to #540277, VolumeName considered the first path component after the \\?\ prefix to be part of the volume name. After, it considered only the \\? prefix to be the volume name. Restore the previous behavior. Fixes golang#64041 Updates golang#64028 Change-Id: I6523789e61776342800bd607fb3f29d496257e68 Reviewed-on: https://go-review.googlesource.com/c/go/+/541175 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Roland Shoemaker <roland@golang.org> (cherry picked from commit eda42f7) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
… Windows While fixing several bugs in path handling on Windows, beginning with \\?\. Prior to #540277, VolumeName considered the first path component after the \\?\ prefix to be part of the volume name. After, it considered only the \\? prefix to be the volume name. Restore the previous behavior. Fixes golang#64040 Updates golang#64028 Change-Id: I6523789e61776342800bd607fb3f29d496257e68 Reviewed-on: https://go-review.googlesource.com/c/go/+/541175 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Roland Shoemaker <roland@golang.org> (cherry picked from commit eda42f7)
… Windows While fixing several bugs in path handling on Windows, beginning with \\?\. Prior to #540277, VolumeName considered the first path component after the \\?\ prefix to be part of the volume name. After, it considered only the \\? prefix to be the volume name. Restore the previous behavior. Fixes golang#64041 Updates golang#64028 Change-Id: I6523789e61776342800bd607fb3f29d496257e68 Reviewed-on: https://go-review.googlesource.com/c/go/+/541175 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Roland Shoemaker <roland@golang.org> (cherry picked from commit eda42f7)
|
Change https://go.dev/cl/541520 mentions this issue: |
|
Change https://go.dev/cl/541521 mentions this issue: |
|
Opened backports for go1.20 and go1.21;
@bcmills do you know if there's an ETA for patch-releases with this fix? It's currently preventing various projects from updating (and thus missing the security fixes) |
|
Change https://go.dev/cl/541836 mentions this issue: |
|
Change https://go.dev/cl/541837 mentions this issue: |
|
@bcmills do you know if there's an ETAfor go1.20 and 1.21 patch releases with this fix? This regression is currently preventing various projects from updating (and thus patching the CVEs fixed in the latest release) |
dmitshur
added
NeedsFix
|
Generally patch releases occur monthly, although I'm not sure about the timing for the next releases due to U.S. holidays in November and December. (@golang/release may have a clearer idea of when they will occur.) |
|
Thanks! Yeah, people may get itchy if they run their vulnerability scanner and see "unpatched CVE" on binaries, so was curious if there was an ETA with the patches for this regression. |
|
Minor releases are planned for the beginning of each month. I expect the next month's (December) minor releases to follow that pattern. |
|
Gotcha. I wasn't sure if regressions introduced in security releases followed the same schedule, or if there were exceptions to that. |
… Windows While fixing several bugs in path handling on Windows, beginning with \\?\. Prior to #540277, VolumeName considered the first path component after the \\?\ prefix to be part of the volume name. After, it considered only the \\? prefix to be the volume name. Restore the previous behavior. For #64028. Fixes #64041. Change-Id: I6523789e61776342800bd607fb3f29d496257e68 Reviewed-on: https://go-review.googlesource.com/c/go/+/541175 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Roland Shoemaker <roland@golang.org> (cherry picked from commit eda42f7) Reviewed-on: https://go-review.googlesource.com/c/go/+/541521 Reviewed-by: Damien Neil <dneil@google.com> Auto-Submit: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
… Windows While fixing several bugs in path handling on Windows, beginning with \\?\. Prior to #540277, VolumeName considered the first path component after the \\?\ prefix to be part of the volume name. After, it considered only the \\? prefix to be the volume name. Restore the previous behavior. For #64028. Fixes #64040. Change-Id: I6523789e61776342800bd607fb3f29d496257e68 Reviewed-on: https://go-review.googlesource.com/c/go/+/541175 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Roland Shoemaker <roland@golang.org> (cherry picked from commit eda42f7) Reviewed-on: https://go-review.googlesource.com/c/go/+/541520 Auto-Submit: Dmitri Shuralyov <dmitshur@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Run-TryBot: Dmitri Shuralyov <dmitshur@golang.org> Reviewed-by: Damien Neil <dneil@google.com> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
|
Relnote:
|
We found an issue[1] in golang's path/filepath stdlib impacting the build of at least osconfig (potentially others). The bug was fixed and will potentially be available in 1.31.5, we'll get it update whenever it's released. [1] - golang/go#64028
We found an issue[1] in golang's path/filepath stdlib impacting the build of at least osconfig (potentially others). The bug was fixed and will potentially be available in 1.31.5, we'll get it update whenever it's released. [1] - golang/go#64028
While fixing several bugs in path handling on Windows, beginning with \\?\. Prior to #540277, VolumeName considered the first path component after the \\?\ prefix to be part of the volume name. After, it considered only the \\? prefix to be the volume name. Restore the previous behavior. For golang#64028. Fixes golang#64040. Change-Id: I6523789e61776342800bd607fb3f29d496257e68 Reviewed-on: https://go-review.googlesource.com/c/go/+/541175 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Roland Shoemaker <roland@golang.org> (cherry picked from commit eda42f7) Reviewed-on: https://go-review.googlesource.com/c/go/+/541520 Auto-Submit: Dmitri Shuralyov <dmitshur@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Run-TryBot: Dmitri Shuralyov <dmitshur@golang.org> Reviewed-by: Damien Neil <dneil@google.com> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Go 1.21.4 fixed a problem in filepath.Clean regarding
\??\paths. However, it also removed the ending slash for volumes in\\?\paths. Is this expected? The docs still stateThe following test passes on Go 1.21.3.
On Go 1.21.4 this happens:
The text was updated successfully, but these errors were encountered: