From 391200d0541beccd73cbf487ade240124403a994 Mon Sep 17 00:00:00 2001
From: Sharlatan Hellseher <sharlatanus@gmail.com>
Date: Thu, 12 Mar 2026 11:09:13 +0000
Subject: [PATCH] gnu: go-1.25: Update to 1.25.8 [security-fixes].

go1.25.8 (released 2026-03-05) includes security fixes to the
html/template, net/url, and os packages, as well as bug fixes to the go
command, the compiler, and the os package.

See: <https://github.com/golang/go/compare/go1.25.7...go1.25.8>,
<https://www.openwall.com/lists/oss-security/2026/03/06/1>

Containes fixes for:
CVE-2026-27142: URLs in meta content attribute actions are not escaped
                in html/template.
CVE-2026-25679: Incorrect parsing of IPv6 host literals in net/url.
CVE-2026-27139: FileInfo can escape from a Root in os.

* gnu/packages/golang.scm (go-1.25): Update to 1.25.8.

Change-Id: I01a80a78f20075fe6c05c46f97dfe35f770a99a0
---
 gnu/packages/golang.scm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm
index 06ba31d26a..934aac57ef 100644
--- a/gnu/packages/golang.scm
+++ b/gnu/packages/golang.scm
@@ -1125,7 +1125,7 @@ in the style of communicating sequential processes (@dfn{CSP}).")
   (package
     (inherit go-1.24)
     (name "go")
-    (version "1.25.7")
+    (version "1.25.8")
     (source
      (origin
        (method git-fetch)
@@ -1134,7 +1134,7 @@ in the style of communicating sequential processes (@dfn{CSP}).")
               (commit (string-append "go" version))))
        (file-name (git-file-name name version))
        (sha256
-        (base32 "0mjygpbswf91af07bbc1xpbw1adbcd210401rp5wpqv6d5rqn3jc"))))
+        (base32 "0vgz80mrxlkljr8ynficwvshinirqxbiv2ikscf941ladbv0g604"))))
     (arguments
      (substitute-keyword-arguments (package-arguments go-1.24)
        ((#:phases phases)