Log message:
go119, go121: remove
go124 is the current version. go123 is still supported.
To build go124 from source, the chain is
go14 - go118 - go120 - go122 - go124
Thus, nothing needs go119 and go121.
agreed by maya@ on tech-pkg

Log message:
go119: add missing file to PLIST

Log message:
go119: update to 1.19.13
go1.19.13 (released 2023-09-06) includes fixes to the go command, and the
crypto/tls and net/http packages. See the Go 1.19.13 milestone on our issue
tracker for details.

Log message:
Update go119 to 1.19.12 (security).
crypto/tls: restrict RSA keys in certificates to <= 8192 bits
Extremely large RSA keys in certificate chains can cause a client/server
to expend significant CPU time verifying signatures. Limit this by
restricting the size of RSA keys transmitted during handshakes to <=
8192 bits.
Based on a survey of publicly trusted RSA keys, there are currently only
three certificates in circulation with keys larger than this, and all
three appear to be test certificates that are not actively deployed. It
is possible there are larger keys in use in private PKIs, but we target
the web PKI, so causing breakage here in the interests of increasing the
default safety of users of crypto/tls seems reasonable.
Thanks to Mateusz Poliwczak for reporting this issue.

Log message:
Revbump all Go packages after go120 update

Log message:
go119: update to 1.19.11 (security)
This minor release includes 1 security fix following the security policy:
net/http: insufficient sanitization of Host header
The HTTP/1 client did not fully validate the contents of the Host header. A
maliciously crafted Host header could inject additional headers or entire
requests. The HTTP/1 client now refuses to send requests containing an invalid
Request.Host or Request.URL.Host value.
Thanks to Bartek Nowotarski for reporting this issue.
Includes security fixes for CVE-2023-29406 and Go issue
https://go.dev/issue/60374

Log message:
go119: update to 1.19.10 (security)
This minor release includes 3 security fixes following the security policy:
- cmd/go: cgo code injection
  The go command may generate unexpected code at build time when using cgo. This
  may result in unexpected behavior when running a go program which uses cgo.
  This may occur when running an untrusted module which contains directories
  with newline characters in their names. Modules which are retrieved using the
  go command, i.e. via "go get", are not affected (modules retrieved using
  GOPATH-mode, i.e.  GO111MODULE=off, may be affected).
  Thanks to Juho Nurminen of Mattermost for reporting this issue.
  This is CVE-2023-29402 and Go issue https://go.dev/issue/60167.
- runtime: unexpected behavior of setuid/setgid binaries
  The Go runtime didn't act any differently when a binary had the setuid/setgid
  bit set. On Unix platforms, if a setuid/setgid binary was executed with
  standard I/O file descriptors closed, opening any files could result in
  unexpected content being read/written with elevated prilieges. Similarly if a
  setuid/setgid program was terminated, either via panic or signal, it could
  leak the contents of its registers.
  Thanks to Vincent Dehors from Synacktiv for reporting this issue.
  This is CVE-2023-29403 and Go issue https://go.dev/issue/60272.
- cmd/go: improper sanitization of LDFLAGS
  The go command may execute arbitrary code at build time when using cgo. This
  may occur when running "go get" on a malicious module, or when \ 
running any
  other command which builds untrusted code. This is can by triggered by linker
  flags, specified via a "#cgo LDFLAGS" directive.
  Thanks to Juho Nurminen of Mattermost for reporting this issue.
  This is CVE-2023-29404 and CVE-2023-29405 and Go issues
  https://go.dev/issue/60305 and https://go.dev/issue/60306.

Log message:
go119: update to 1.19.9 (security)
This minor release includes 3 security fixes following the security policy:
* html/template: improper sanitization of CSS values
  Angle brackets (<>) were not considered dangerous characters when inserted
  into CSS contexts. Templates containing multiple actions separated by a '/'
  character could result in unexpectedly closing the CSS context and allowing
  for injection of unexpected HMTL, if executed with untrusted input.
  Thanks to Juho Nurminen of Mattermost for reporting this issue.
  This is CVE-2023-24539 and Go issue https://go.dev/issue/59720.
* html/template: improper handling of JavaScript whitespace
  Not all valid JavaScript whitespace characters were considered to be
  whitespace. Templates containing whitespace characters outside of the
  character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts \ 
that also
  contain actions may not be properly sanitized during execution.
  Thanks to Juho Nurminen of Mattermost for reporting this issue.
  This is CVE-2023-24540 and Go issue https://go.dev/issue/59721.
* html/template: improper handling of empty HTML attributes
  Templates containing actions in unquoted HTML attributes (e.g. \ 
"attr={{.}}")
  executed with empty input could result in output that would have unexpected
  results when parsed due to HTML normalization rules. This may allow injection
  of arbitrary attributes into tags.
  Thanks to Juho Nurminen of Mattermost for reporting this issue.
  This is CVE-2023-29400 and Go issue https://go.dev/issue/59722.