[pkgsrc/trunk]: pkgsrc/lang/go Update Go to 1.9.4.

[bsiegert <bsiegert%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/17d0f3fe1aaf
branches:  trunk
changeset: 375332:17d0f3fe1aaf
user:      bsiegert <bsiegert%pkgsrc.org@localhost>
date:      Thu Feb 08 19:32:17 2018 +0000

description:
Update Go to 1.9.4.

By using the clang or gcc plugin mechanism, it was possible for an attacker to
trick the ?go get? command into executing arbitrary code. The go command now
restricts the set of allowed host compiler and linker arguments in cgo source
files to a list of allowed flags, in particular disallowing -fplugin= and
-plugin=.

The issue is CVE-2018-6574 and Go issue golang.org/issue/23672. See the Go
issue for details.

Thanks to Christopher Brown of Mattermost for reporting this problem.

diffstat:

 lang/go/PLIST      |   4 +++-
 lang/go/distinfo   |  10 +++++-----
 lang/go/version.mk |   4 ++--
 3 files changed, 10 insertions(+), 8 deletions(-)

diffs (52 lines):

diff -r 8cc9bf757513 -r 17d0f3fe1aaf lang/go/PLIST
--- a/lang/go/PLIST     Thu Feb 08 19:12:50 2018 +0000
+++ b/lang/go/PLIST     Thu Feb 08 19:32:17 2018 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.37 2018/01/28 11:31:03 bsiegert Exp $
+@comment $NetBSD: PLIST,v 1.38 2018/02/08 19:32:17 bsiegert Exp $
 bin/go
 bin/gofmt
 go/AUTHORS
@@ -1789,6 +1789,8 @@
 go/src/cmd/go/internal/web/security.go
 go/src/cmd/go/internal/work/build.go
 go/src/cmd/go/internal/work/build_test.go
+go/src/cmd/go/internal/work/security.go
+go/src/cmd/go/internal/work/security_test.go
 go/src/cmd/go/internal/work/testgo.go
 go/src/cmd/go/main.go
 go/src/cmd/go/mkalldocs.sh
diff -r 8cc9bf757513 -r 17d0f3fe1aaf lang/go/distinfo
--- a/lang/go/distinfo  Thu Feb 08 19:12:50 2018 +0000
+++ b/lang/go/distinfo  Thu Feb 08 19:32:17 2018 +0000
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.56 2018/01/28 11:31:03 bsiegert Exp $
+$NetBSD: distinfo,v 1.57 2018/02/08 19:32:17 bsiegert Exp $
 
-SHA1 (go1.9.3.src.tar.gz) = e1854548e8e2defca7d63ab752ff46f38eb7db2a
-RMD160 (go1.9.3.src.tar.gz) = 0088a287f3a3c4bd4c152101f684e22173c59fa4
-SHA512 (go1.9.3.src.tar.gz) = 31c564af58b78c648c9bece8fa2ed3334feb80316b07b16f6286319e26d317da90d1af0464c3a2f776a3da72d31b22b063dbc620b93114bf142a11e8a625e527
-Size (go1.9.3.src.tar.gz) = 16385451 bytes
+SHA1 (go1.9.4.src.tar.gz) = 12b0ecee83525cd594f4fbf30380d4832e06f189
+RMD160 (go1.9.4.src.tar.gz) = 801d6a8a57d2dc0fefba283ea1ae456b869a7398
+SHA512 (go1.9.4.src.tar.gz) = 1a7c830e07507ff7b89025adfb5c713444d97301f8ad47ef2564722c1e28186e946350f07e22777fbdd6f2f589c334eb01dfd589e97cb8a86f73669547badb0b
+Size (go1.9.4.src.tar.gz) = 16392325 bytes
 SHA1 (patch-misc_io_clangwrap.sh) = cd91c47ba0fe7b6eb8009dd261c0c26c7d581c29
 SHA1 (patch-src_cmd_dist_util.go) = 24e6f1b6ded842a8ce322a40e8766f7d344bc47e
 SHA1 (patch-src_cmd_link_internal_ld_elf.go) = acc8d92b7eae1b77470bd3e88af93d458695ac76
diff -r 8cc9bf757513 -r 17d0f3fe1aaf lang/go/version.mk
--- a/lang/go/version.mk        Thu Feb 08 19:12:50 2018 +0000
+++ b/lang/go/version.mk        Thu Feb 08 19:32:17 2018 +0000
@@ -1,10 +1,10 @@
-# $NetBSD: version.mk,v 1.33 2018/01/30 17:05:21 jperkin Exp $
+# $NetBSD: version.mk,v 1.34 2018/02/08 19:32:17 bsiegert Exp $
 
 SSP_SUPPORTED= no
 
 .include "../../mk/bsd.prefs.mk"
 
-GO_VERSION=    1.9.3
+GO_VERSION=    1.9.4
 GO14_VERSION=  1.4.3
 
 ONLY_FOR_PLATFORM=     *-*-i386 *-*-x86_64 *-*-earmv[67]hf