Log message:
go: Introduce support for GO_DEPS.

This supports packages that require a large number of go-based dependencies,
treating them as additional distfiles and built inline as part of the package
build.  The print-go-deps target is helpful to generate the list of GO_DEPS
required for each package by parsing the Gopkg.lock file in the extracted
sources.

Thanks to rillig@ for various suggestions and comments.

Log message:
Update go112 to 1.12.4.

go1.12.2 (released 2019/04/05) includes fixes to the compiler, the go command,
the runtime, and the doc, net, net/http/httputil, and os packages. See the Go
1.12.2 milestone on our issue tracker for details.

go1.12.3 (released 2019/04/08) was accidentally released without its intended
fix. It is identical to go1.12.2, except for its version number. The intended
fix is in go1.12.4.

go1.12.4 (released 2019/04/11) fixes an issue where using the prebuilt binary
releases on older versions of GNU/Linux led to failures when linking programs
that used cgo. Only Linux users who hit this issue need to update.

Log message:
Update go111 to 1.11.9.

go1.11.7 (released 2019/04/05) includes fixes to the runtime and the net
packages. See the Go 1.11.7 milestone on our issue tracker for details.

go1.11.8 (released 2019/04/08) was accidentally released without its intended
fix. It is identical to go1.11.7, except for its version number. The intended
fix is in go1.11.9.

go1.11.9 (released 2019/04/11) fixes an issue where using the prebuilt binary
releases on older versions of GNU/Linux led to failures when linking programs
that used cgo. Only Linux users who hit this issue need to update.

Log message:
Update go112 to 1.12.1.

go1.12.1 (released 2019/03/14) includes fixes to cgo, the compiler, the go
command, and the fmt, net/smtp, os, path/filepath, sync, and text/template
packages. See the Go 1.12.1 milestone on our issue tracker for details.

Log message:
Update go111 to 1.11.6.

go1.11.6 (released 2019/03/14) includes fixes to cgo, the compiler, linker,
runtime, go command, and the crypto/x509, encoding/json, net, and net/url
packages. See the Go 1.11.6 milestone on our issue tracker for details.

Log message:
go: switch default version to 1.12.

This means all builds of packages written in Go use 1.12.

Log message:
Add a package for Go 1.12.

Some of the highlights include opt-in support for TLS 1.3, improved modules
support (in preparation for being the default in Go 1.13), support for
windows/arm, and improved macOS & iOS forwards compatibility.

See https://blog.golang.org/go1.12.

In pkgsrc, this is _not_ the default version for Go package builds just yet.

Log message:
Update go110 to 1.10.8 (security).

This release addresses a recently supported security issue. This DoS
vulnerability in the crypto/elliptic implementations of the P-521 and P-384
elliptic curves may let an attacker craft inputs that consume excessive
amounts of CPU.

These inputs might be delivered via TLS handshakes, X.509 certificates, JWT
tokens, ECDH shares or ECDSA signatures. In some cases, if an ECDH private
key is reused more than once, the attack can also lead to key recovery.

The issue is CVE-2019-6486 and Go issue golang.org/issue/29903.
See the Go issue for more details.

Log message:
Update go111 to 1.11.5 (security).

This release addresses a recently supported security issue. This DoS
vulnerability in the crypto/elliptic implementations of the P-521 and P-384
elliptic curves may let an attacker craft inputs that consume excessive
amounts of CPU.

These inputs might be delivered via TLS handshakes, X.509 certificates, JWT
tokens, ECDH shares or ECDSA signatures. In some cases, if an ECDH private
key is reused more than once, the attack can also lead to key recovery.

The issue is CVE-2019-6486 and Go issue golang.org/issue/29903.
See the Go issue for more details.

Log message:
go: Actually bump to 1.11.4.  Unbreaks build.