https://groups.google.com/forum/#!msg/golang-announce/mVeX35iXuSw/Flp8FX7QEAAJ
We have just released Go 1.11.5 and Go 1.10.8 to address a recently reported security issue. We recommend that all users update to one of these releases (if you’re not sure which, choose Go 1.11.5).
This DoS vulnerability in the crypto/elliptic implementations of the P-521 and P-384 elliptic curves may let an attacker craft inputs that consume excessive amounts of CPU.
These inputs might be delivered via TLS handshakes, X.509 certificates, JWT tokens, ECDH shares or ECDSA signatures. In some cases, if an ECDH private key is reused more than once, the attack can also lead to key recovery.
The issue is CVE-2019-6486 and Go issue golang.org/issue/29903. See the Go issue for more details.
He prefers to contribute to his own nixpkgs fork triton.
Since he is still marked as maintainer in many packages
this leaves the wrong impression he still maintains those.
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/go/versions.
These checks were done:
- built on NixOS
- Warning: no invocation of /nix/store/sz746n0jm0n8dnv47d7cqvwny8ncfbi4-go-1.10.3/bin/gofmt had a zero exit code or showed the expected version
- /nix/store/sz746n0jm0n8dnv47d7cqvwny8ncfbi4-go-1.10.3/bin/.go-wrapped passed the binary check.
- /nix/store/sz746n0jm0n8dnv47d7cqvwny8ncfbi4-go-1.10.3/bin/go passed the binary check.
- 2 of 3 passed binary check by having a zero exit code.
- 0 of 3 passed binary check by having the new version present in output.
- found 1.10.3 with grep in /nix/store/sz746n0jm0n8dnv47d7cqvwny8ncfbi4-go-1.10.3
- directory tree listing: https://gist.github.com/499abd38cfb9318ba6bbcd885951c6b8
- du listing: https://gist.github.com/04fbe15eac23c814fa6b313c8e543e4c
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/go/versions.
These checks were done:
- built on NixOS
- ran ‘/nix/store/w2wgdl5ljbx1fq6iwlavrl4nzbchq954-go-1.10.2/bin/.go-wrapped help’ got 0 exit code
- ran ‘/nix/store/w2wgdl5ljbx1fq6iwlavrl4nzbchq954-go-1.10.2/bin/go help’ got 0 exit code
- found 1.10.2 with grep in /nix/store/w2wgdl5ljbx1fq6iwlavrl4nzbchq954-go-1.10.2
- directory tree listing: https://gist.github.com/249bfa4dc4d10281576f20de902e501a
Following legacy packing conventions, `isArm` was defined just for
32-bit ARM instruction set. This is confusing to non packagers though,
because Aarch64 is an ARM instruction set.
The official ARM overview for ARMv8[1] is surprisingly not confusing,
given the overall state of affairs for ARM naming conventions, and
offers us a solution. It divides the nomenclature into three levels:
```
ISA: ARMv8 {-A, -R, -M}
/ \
Mode: Aarch32 Aarch64
| / \
Encoding: A64 A32 T32
```
At the top is the overall v8 instruction set archicture. Second are the
two modes, defined by bitwidth but differing in other semantics too, and
buttom are the encodings, (hopefully?) isomorphic if they encode the
same mode.
The 32 bit encodings are mostly backwards compatible with previous
non-Thumb and Thumb encodings, and if so we can pun the mode names to
instead mean "sets of compatable or isomorphic encodings", and then
voilà we have nice names for 32-bit and 64-bit arm instruction sets
which do not use the word ARM so as to not confused either laymen or
experienced ARM packages.
[1]: https://developer.arm.com/products/architecture/a-profile
