Update Go to 1.6.1.

Two security-related issues were recently reported, and to address these issues
we have just released Go 1.6.1 and Go 1.5.4.

We recommend that all users update to one of these releases (if you're not sure
which, choose Go 1.6.1).

The issues addressed by these releases are:

On Windows, Go loads system DLLs by name with LoadLibrary, making it vulnerable
to DLL preloading attacks. For instance, if a user runs a Go executable from a
Downloads folder, malicious DLL files also downloaded to that folder could be
loaded into that executable.
This is CVE-2016-3958 and was addressed by this change: https://golang.org/cl/21428
Thanks to Taru Karttunen for identifying this issue.

Go's crypto libraries passed certain parameters unchecked to the underlying big
integer library, possibly leading to extremely long-running computations, which
in turn makes Go programs vulnerable to remote denial of service attacks.
Programs using HTTPS client certificates or the Go SSH server libraries are
both exposed to this vulnerability.
This is CVE-2016-3959 and was addressed by this change: https://golang.org/cl/21533
Thanks to David Wong for identifying this issue.

5 files changed, 11 insertions, 36 deletions

diff --git a/lang/go/Makefile b/lang/go/Makefile
index b6a9da3623e..fdb0bb68691 100644
--- a/lang/go/Makefile
+++ b/lang/go/Makefile
@@ -1,10 +1,9 @@
-# $NetBSD: Makefile,v 1.40 2016/04/08 20:00:02 bsiegert Exp $
+# $NetBSD: Makefile,v 1.41 2016/04/13 07:12:00 bsiegert Exp $
 
 .include "version.mk"
 
 DISTNAME=	go${GO_VERSION}.src
 PKGNAME=	go-${GO_VERSION}
-PKGREVISION=	1
 CATEGORIES=	lang
 MASTER_SITES=	https://storage.googleapis.com/golang/
 
diff --git a/lang/go/PLIST b/lang/go/PLIST
index 27df0026126..0e739f90fbf 100644
--- a/lang/go/PLIST
+++ b/lang/go/PLIST
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.22 2016/02/23 20:12:25 bsiegert Exp $
+@comment $NetBSD: PLIST,v 1.23 2016/04/13 07:12:00 bsiegert Exp $
 bin/go
 bin/gofmt
 go/AUTHORS
@@ -815,6 +815,7 @@ go/pkg/${GO_PLATFORM}/index/suffixarray.a
 go/pkg/${GO_PLATFORM}/internal/golang.org/x/net/http2/hpack.a
 go/pkg/${GO_PLATFORM}/internal/race.a
 go/pkg/${GO_PLATFORM}/internal/singleflight.a
+go/pkg/${GO_PLATFORM}/internal/syscall/windows/sysdll.a
 go/pkg/${GO_PLATFORM}/internal/testenv.a
 go/pkg/${GO_PLATFORM}/internal/trace.a
 go/pkg/${GO_PLATFORM}/io.a
@@ -2515,6 +2516,7 @@ go/src/internal/syscall/windows/registry/syscall.go
 go/src/internal/syscall/windows/registry/value.go
 go/src/internal/syscall/windows/registry/zsyscall_windows.go
 go/src/internal/syscall/windows/syscall_windows.go
+go/src/internal/syscall/windows/sysdll/sysdll.go
 go/src/internal/syscall/windows/zsyscall_windows.go
 go/src/internal/testenv/testenv.go
 go/src/internal/trace/goroutines.go
diff --git a/lang/go/distinfo b/lang/go/distinfo
index 78867b5b46f..b1577e4527e 100644
--- a/lang/go/distinfo
+++ b/lang/go/distinfo
@@ -1,12 +1,11 @@
-$NetBSD: distinfo,v 1.34 2016/04/08 20:00:02 bsiegert Exp $
+$NetBSD: distinfo,v 1.35 2016/04/13 07:12:00 bsiegert Exp $
 
-SHA1 (go1.6.src.tar.gz) = 3282b6cb1e491662f7067544605d8cbf6f016553
-RMD160 (go1.6.src.tar.gz) = 9ed6feb79610d4ef0b9c2113dfddce72ff26ae7a
-SHA512 (go1.6.src.tar.gz) = 59e9d72a80558fd5e3f176e068897a45333b36e35f6c00393647941a70e741168e65941b6059397378020c3b78ec3471a48809682f7efd97cf33eec6325fc3e8
-Size (go1.6.src.tar.gz) = 12613308 bytes
+SHA1 (go1.6.1.src.tar.gz) = aa8f912f2534c8faa5c5b6d278e7cb3a4f4d238c
+RMD160 (go1.6.1.src.tar.gz) = cf261ac91523982d0d6980a297bccb3fdbcd718c
+SHA512 (go1.6.1.src.tar.gz) = 31ea2504f8ab0fd709005275d0c2129b6cdb4e5d34d6e2b435b23480674b135d1bff8de863b1e01201e757523f4dc28b6ebefeb87d7e855f2509a6837e436fab
+Size (go1.6.1.src.tar.gz) = 12615799 bytes
 SHA1 (patch-lib_time_update.bash) = bcf565b97ae7898a9e5cef7686fe42c69bc0bba1
 SHA1 (patch-misc_io_clangwrap.sh) = cd91c47ba0fe7b6eb8009dd261c0c26c7d581c29
 SHA1 (patch-src_cmd_go_pkg.go) = ccc470577951bd00741c39229599c0c06be52d0a
-SHA1 (patch-src_crypto_dsa_dsa.go) = ed2bdfeab0205f8fdddd7a765f150b0ce832d7a7
 SHA1 (patch-src_crypto_x509_root__bsd.go) = 0eca1eafa967268ae9b224be4aeda347ebc91901
 SHA1 (patch-src_syscall_syscall__solaris.go) = 436371947897dcba574a6dfecc6bbcd04f6e25b2
diff --git a/lang/go/patches/patch-src_crypto_dsa_dsa.go b/lang/go/patches/patch-src_crypto_dsa_dsa.go
deleted file mode 100644
index 29123c1a8c9..00000000000
--- a/lang/go/patches/patch-src_crypto_dsa_dsa.go
+++ /dev/null
@@ -1,25 +0,0 @@
-$NetBSD: patch-src_crypto_dsa_dsa.go,v 1.1 2016/04/08 20:00:02 bsiegert Exp $
-
-Fix for CVE-2016-3959:
-
-crypto/dsa: eliminate invalid PublicKey early
-
-For PublicKey.P == 0, Verify will fail. Don't even try.
-
-Change-Id: I1009f2b3dead8d0041626c946633acb10086d8c8
-Reviewed-on: https://go-review.googlesource.com/21533
-Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
-
---- src/crypto/dsa/dsa.go.orig	2016-02-17 20:35:21.000000000 +0000
-+++ src/crypto/dsa/dsa.go
-@@ -249,6 +249,10 @@ func Sign(rand io.Reader, priv *PrivateK
- func Verify(pub *PublicKey, hash []byte, r, s *big.Int) bool {
- 	// FIPS 186-3, section 4.7
- 
-+	if pub.P.Sign() == 0 {
-+		return false
-+	}
-+
- 	if r.Sign() < 1 || r.Cmp(pub.Q) >= 0 {
- 		return false
- 	}
diff --git a/lang/go/version.mk b/lang/go/version.mk
index afd07b3c418..25df9be7fa7 100644
--- a/lang/go/version.mk
+++ b/lang/go/version.mk
@@ -1,8 +1,8 @@
-# $NetBSD: version.mk,v 1.12 2016/02/23 20:12:25 bsiegert Exp $
+# $NetBSD: version.mk,v 1.13 2016/04/13 07:12:00 bsiegert Exp $
 
 .include "../../mk/bsd.prefs.mk"
 
-GO_VERSION=	1.6
+GO_VERSION=	1.6.1
 GO14_VERSION=	1.4.3
 
 ONLY_FOR_PLATFORM=	*-*-i386 *-*-x86_64 *-*-evbarm