From 4d2dad596140fa729fb5e67aed2ad9787d3a1901 Mon Sep 17 00:00:00 2001
From: Jeff <laojianzi1994@gmail.com>
Date: Mon, 11 Jan 2021 09:07:45 +0800
Subject: [PATCH 1/5] test: fixed the TestUnixSocket test on windows (#2595)

Co-authored-by: thinkerou <thinkerou@gmail.com>
---
 gin_integration_test.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/gin_integration_test.go b/gin_integration_test.go
index 5f508c70..41ad9874 100644
--- a/gin_integration_test.go
+++ b/gin_integration_test.go
@@ -14,6 +14,7 @@ import (
 	"net/http"
 	"net/http/httptest"
 	"os"
+	"path/filepath"
 	"sync"
 	"testing"
 	"time"
@@ -146,7 +147,7 @@ func TestRunWithPort(t *testing.T) {
 func TestUnixSocket(t *testing.T) {
 	router := New()
 
-	unixTestSocket := "/tmp/unix_unit_test"
+	unixTestSocket := filepath.Join(os.TempDir(), "unix_unit_test")
 
 	defer os.Remove(unixTestSocket)
 

From e753c502dcbbab6769305871d700c770e68d1b0f Mon Sep 17 00:00:00 2001
From: Rubi <14269809+codenoid@users.noreply.github.com>
Date: Mon, 11 Jan 2021 23:03:31 +0700
Subject: [PATCH 2/5] gin mode unknown: show available mode (#2567)

Co-authored-by: thinkerou <thinkerou@gmail.com>
---
 mode.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mode.go b/mode.go
index 11f833e9..c8813aff 100644
--- a/mode.go
+++ b/mode.go
@@ -63,7 +63,7 @@ func SetMode(value string) {
 	case TestMode:
 		ginMode = testCode
 	default:
-		panic("gin mode unknown: " + value)
+		panic("gin mode unknown: " + value + " (available mode: debug release test)")
 	}
 
 	modeName = value

From f4bc259de33c561fd3b0ae3e7aaa849c1d251c0b Mon Sep 17 00:00:00 2001
From: Qt <golang.chen@gmail.com>
Date: Tue, 12 Jan 2021 08:32:04 +0800
Subject: [PATCH 3/5] fix error gin support min Go version (#2584)

Co-authored-by: thinkerou <thinkerou@gmail.com>
---
 debug.go      | 4 ++--
 debug_test.go | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/debug.go b/debug.go
index c66ca440..4c7cd0c3 100644
--- a/debug.go
+++ b/debug.go
@@ -12,7 +12,7 @@ import (
 	"strings"
 )
 
-const ginSupportMinGoVer = 10
+const ginSupportMinGoVer = 12
 
 // IsDebugging returns true if the framework is running in debug mode.
 // Use SetMode(gin.ReleaseMode) to disable debug mode.
@@ -67,7 +67,7 @@ func getMinVer(v string) (uint64, error) {
 
 func debugPrintWARNINGDefault() {
 	if v, e := getMinVer(runtime.Version()); e == nil && v <= ginSupportMinGoVer {
-		debugPrint(`[WARNING] Now Gin requires Go 1.11 or later and Go 1.12 will be required soon.
+		debugPrint(`[WARNING] Now Gin requires Go 1.12+.
 
 `)
 	}
diff --git a/debug_test.go b/debug_test.go
index d8cd5d1a..c2272d0f 100644
--- a/debug_test.go
+++ b/debug_test.go
@@ -104,7 +104,7 @@ func TestDebugPrintWARNINGDefault(t *testing.T) {
 	})
 	m, e := getMinVer(runtime.Version())
 	if e == nil && m <= ginSupportMinGoVer {
-		assert.Equal(t, "[GIN-debug] [WARNING] Now Gin requires Go 1.11 or later and Go 1.12 will be required soon.\n\n[GIN-debug] [WARNING] Creating an Engine instance with the Logger and Recovery middleware already attached.\n\n", re)
+		assert.Equal(t, "[GIN-debug] [WARNING] Now Gin requires Go 1.12+.\n\n[GIN-debug] [WARNING] Creating an Engine instance with the Logger and Recovery middleware already attached.\n\n", re)
 	} else {
 		assert.Equal(t, "[GIN-debug] [WARNING] Creating an Engine instance with the Logger and Recovery middleware already attached.\n\n", re)
 	}

From 46ddd4259cac975be1eb11b4f1192264f582db16 Mon Sep 17 00:00:00 2001
From: Josep Jesus Bigorra Algaba
 <42377845+averageflow@users.noreply.github.com>
Date: Wed, 13 Jan 2021 02:06:12 +0100
Subject: [PATCH 4/5] Fixes to the graceful shutdown example (#2552)

* Change error comparison to use errors.Is() and add a line of whitespace before the if statement on graceful shutdown

* Change from log.Fatalf to log.Printf to ensure the graceful shutdown actually works

Co-authored-by: J. J. Bigorra <josep@prowarehouse.nl>
Co-authored-by: thinkerou <thinkerou@gmail.com>
---
 README.md | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 18b19430..0c263244 100644
--- a/README.md
+++ b/README.md
@@ -1793,8 +1793,8 @@ func main() {
 	// Initializing the server in a goroutine so that
 	// it won't block the graceful shutdown handling below
 	go func() {
-		if err := srv.ListenAndServe(); err != nil && err != http.ErrServerClosed {
-			log.Fatalf("listen: %s\n", err)
+		if err := srv.ListenAndServe(); err != nil && errors.Is(err, http.ErrServerClosed) {
+			log.Printf("listen: %s\n", err)
 		}
 	}()
 
@@ -1812,6 +1812,7 @@ func main() {
 	// the request it is currently handling
 	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
 	defer cancel()
+	
 	if err := srv.Shutdown(ctx); err != nil {
 		log.Fatal("Server forced to shutdown:", err)
 	}

From b01605bb5b43dbf33781970af5ad6633e5549fd1 Mon Sep 17 00:00:00 2001
From: Snawoot <vladislav-ex-github@vm-0.com>
Date: Wed, 13 Jan 2021 03:40:37 +0200
Subject: [PATCH 5/5] basic auth: fix timing oracle (#2609)

Co-authored-by: thinkerou <thinkerou@gmail.com>
---
 auth.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/auth.go b/auth.go
index 43ad36f5..4d8a6ce4 100644
--- a/auth.go
+++ b/auth.go
@@ -5,6 +5,7 @@
 package gin
 
 import (
+	"crypto/subtle"
 	"encoding/base64"
 	"net/http"
 	"strconv"
@@ -30,7 +31,7 @@ func (a authPairs) searchCredential(authValue string) (string, bool) {
 		return "", false
 	}
 	for _, pair := range a {
-		if pair.value == authValue {
+		if subtle.ConstantTimeCompare([]byte(pair.value), []byte(authValue)) == 1 {
 			return pair.user, true
 		}
 	}