[pkgsrc/trunk]: pkgsrc/lang go118: update to 1.18.8

[bsiegert <bsiegert%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/5a251890f213
branches:  trunk
changeset: 387562:5a251890f213
user:      bsiegert <bsiegert%pkgsrc.org@localhost>
date:      Tue Nov 01 17:26:16 2022 +0000

description:
go118: update to 1.18.8

This release includes 1 security fixes following the security policy:

syscall, os/exec: unsanitized NUL in environment variables

On Windows, syscall.StartProcess and os/exec.Cmd did not properly check for
invalid environment variable values. A malicious environment variable value
could exploit this behavior to set a value for a different environment
variable. For example, the environment variable string "A=B\x00C=D" set the
variables "A=B" and "C=D".

Thanks to RyotaK (https://twitter.com/ryotkak) for reporting this issue.

This is CVE-2022-41716 and Go issue https://go.dev/issue/56284.

View the release notes for more information:
https://go.dev/doc/devel/release#go1.18.8

diffstat:

 lang/go/version.mk  |  4 ++--
 lang/go118/distinfo |  8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diffs (34 lines):

diff -r 1d74d30914be -r 5a251890f213 lang/go/version.mk
--- a/lang/go/version.mk        Tue Nov 01 17:23:45 2022 +0000
+++ b/lang/go/version.mk        Tue Nov 01 17:26:16 2022 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: version.mk,v 1.163 2022/10/05 11:20:24 bsiegert Exp $
+# $NetBSD: version.mk,v 1.164 2022/11/01 17:26:16 bsiegert Exp $
 
 #
 # If bsd.prefs.mk is included before go-package.mk in a package, then this
@@ -7,7 +7,7 @@
 .include "go-vars.mk"
 
 GO119_VERSION= 1.19.2
-GO118_VERSION= 1.18.7
+GO118_VERSION= 1.18.8
 GO117_VERSION= 1.17.13
 GO116_VERSION= 1.16.15
 GO110_VERSION= 1.10.8
diff -r 1d74d30914be -r 5a251890f213 lang/go118/distinfo
--- a/lang/go118/distinfo       Tue Nov 01 17:23:45 2022 +0000
+++ b/lang/go118/distinfo       Tue Nov 01 17:26:16 2022 +0000
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.8 2022/10/05 09:51:52 bsiegert Exp $
+$NetBSD: distinfo,v 1.9 2022/11/01 17:26:17 bsiegert Exp $
 
-BLAKE2s (go1.18.7.src.tar.gz) = 90a986b01c2ff99dc45c08aa05e35c3c3495bc0265a057aead2d64656e321780
-SHA512 (go1.18.7.src.tar.gz) = cf1ff024e94b900b87cc52d3ec04b0f7f853880a99c416791ad4b9af5f8e50ec82fbe00788bc8dcc184ef5ce1a9df17f5f5e95cf01c0c8138f28f53d691ca5d4
-Size (go1.18.7.src.tar.gz) = 22872579 bytes
+BLAKE2s (go1.18.8.src.tar.gz) = 73aaf4a5384d4fe3a69ccef38a5193465c4f65bb2a71212fd757fda811a2293a
+SHA512 (go1.18.8.src.tar.gz) = 8fb257e2e53bf887948735c03a68748c55e2ceda3c6593cabb0c70e82b0e4e8f6ecd8aece5e6b1b96e4589a53ae557f8d9d6dea093efff0ae657afad25b05b22
+Size (go1.18.8.src.tar.gz) = 22873390 bytes
 SHA1 (patch-misc_ios_clangwrap.sh) = 0a06403609cb7bce2e6f65444fd322f486761afe
 SHA1 (patch-src_cmd_dist_util.go) = 2d9c2f59e27672d56f5f1a0e3f9d5101a05546a7
 SHA1 (patch-src_crypto_x509_root__bsd.go) = 0b5dead901450967109303f873a2696c65ccac35