https://groups.google.com/forum/#!topic/golang-announce/9eqIHqaWvck
"Go's crypto libraries passed certain parameters unchecked to the
underlying big integer library, possibly leading to extremely
long-running computations, which in turn makes Go programs vulnerable to
remote denial of service attacks. Programs using HTTPS client
certificates or the Go SSH server libraries are both exposed to this
vulnerability.
This is CVE-2016-3959 and was addressed by this change:
https://golang.org/cl/21533
Thanks to David Wong for identifying this issue."
Also preserve the timestamps of the source and compiled binaries so that
"go build" does not think installed libraries should be recompiled.
ok jasper@ sthen@
- Fix a bug in the regress tests that may result in the tests being built/run
with the installed binaries rather than the new binaries.
- Fix a bug related to 'go install' trying to rebuild non-writeable $GOROOT
packages, when used with a $GOPATH (issue 4106).
- Include the 'misc' part of the package, which contains editor
configuration files, etc.
ok jsg@, sthen@
Go is an open source programming environment that makes it easy to build
simple, reliable, and efficient software.
With assistance from sthen@
ok sthen@
