pkglint -r --network --only "migrate"
As a side-effect of migrating the homepages, pkglint also fixed a few
indentations in unrelated lines. These and the new homepages have been
checked manually.
This release addresses a recently supported security issue. This DoS
vulnerability in the crypto/elliptic implementations of the P-521 and P-384
elliptic curves may let an attacker craft inputs that consume excessive
amounts of CPU.
These inputs might be delivered via TLS handshakes, X.509 certificates, JWT
tokens, ECDH shares or ECDSA signatures. In some cases, if an ECDH private
key is reused more than once, the attack can also lead to key recovery.
The issue is CVE-2019-6486 and Go issue golang.org/issue/29903.
See the Go issue for more details.
These releases include fixes to cgo, the compiler, linker, runtime,
documentation, go command, and the net/http and go/types packages.
They include a fix to a bug introduced in Go 1.11.3 and Go 1.10.6
that broke "go get" for import path patterns containing "...".
View the release notes for more information:
https://golang.org/doc/devel/release.html#go1.10.minor
go1.10.5 (released 2018/11/02) includes fixes to the go command, linker,
runtime and the database/sql package. See the Go 1.10.5 milestone on our issue
tracker for details.
This uses a similar approach as go111. Its revision is one higher than
the existing lang/go.
Next steps:
- make builds use this for dependent packages
- delete lang/go to complete the move
