diff --git a/001-wrappers-grafana-cli.patch b/0001-update-grafana-cli-script-with-distro-specific-paths.patch similarity index 35% rename from 001-wrappers-grafana-cli.patch rename to 0001-update-grafana-cli-script-with-distro-specific-paths.patch index 01fe90eb17122d10ed3af29421d4ef26fe722feb..837d0ff5473b42fd25912074d415a2da83d41a9f 100644 --- a/001-wrappers-grafana-cli.patch +++ b/0001-update-grafana-cli-script-with-distro-specific-paths.patch @@ -1,16 +1,24 @@ +From 1e47ea7adc316e2df3d0081c2c0ebe75ddd6bda0 Mon Sep 17 00:00:00 2001 +From: Andreas Gerstmayr +Date: Wed, 22 Jun 2022 16:57:52 +0200 +Subject: [PATCH] update grafana-cli script with distro-specific paths and + switch to grafana user + + diff --git a/packaging/wrappers/grafana-cli b/packaging/wrappers/grafana-cli -index 9cad151c0d..a786edc596 100755 +index 7c6c46aef9..945714642b 100755 --- a/packaging/wrappers/grafana-cli +++ b/packaging/wrappers/grafana-cli -@@ -5,18 +5,19 @@ +@@ -5,7 +5,7 @@ # the system-wide Grafana configuration that was bundled with the package as we # use the binary. -DEFAULT=/etc/default/grafana +DEFAULT=/etc/sysconfig/grafana-server - GRAFANA_HOME=/usr/share/grafana - CONF_DIR=/etc/grafana + GRAFANA_HOME="${GRAFANA_HOME:-/usr/share/grafana}" + +@@ -13,11 +13,12 @@ CONF_DIR=/etc/grafana DATA_DIR=/var/lib/grafana PLUGINS_DIR=/var/lib/grafana/plugins LOG_DIR=/var/log/grafana @@ -19,30 +27,39 @@ index 9cad151c0d..a786edc596 100755 CONF_FILE=$CONF_DIR/grafana.ini PROVISIONING_CFG_DIR=$CONF_DIR/provisioning --EXECUTABLE=$GRAFANA_HOME/bin/grafana-cli +-EXECUTABLE="$GRAFANA_HOME/bin/grafana" +EXECUTABLE=$LIBEXEC_DIR/grafana-cli if [ ! -x $EXECUTABLE ]; then - echo "Program not installed or not executable" -@@ -24,6 +25,7 @@ if [ ! -x $EXECUTABLE ]; then - fi - - # overwrite settings from default file -+#shellcheck disable=SC1090 - if [ -f "$DEFAULT" ]; then + echo "$EXECUTABLE not installed or not executable" +@@ -29,14 +30,23 @@ if [ -f "$DEFAULT" ]; then . "$DEFAULT" fi -@@ -36,4 +38,13 @@ OPTS="--homepath=${GRAFANA_HOME} \ - cfg:default.paths.logs=${LOG_DIR} \ - cfg:default.paths.plugins=${PLUGINS_DIR}'" --eval $EXECUTABLE "$OPTS" "$@" -+if [ "$(id -u)" -eq 0 ]; then +-OPTS="--homepath=${GRAFANA_HOME} \ +- --config=${CONF_FILE} \ +- --pluginsDir=${PLUGINS_DIR} \ +- --configOverrides='cfg:default.paths.provisioning=$PROVISIONING_CFG_DIR \ +- cfg:default.paths.data=${DATA_DIR} \ +- cfg:default.paths.logs=${LOG_DIR} \ +- cfg:default.paths.plugins=${PLUGINS_DIR}'" ++OPTS=("--homepath=${GRAFANA_HOME}" ++ "--config=${CONF_FILE}" ++ "--pluginsDir=${PLUGINS_DIR}" ++ "--configOverrides=cfg:default.paths.provisioning=$PROVISIONING_CFG_DIR \ ++ cfg:default.paths.data=${DATA_DIR} \ ++ cfg:default.paths.logs=${LOG_DIR} \ ++ cfg:default.paths.plugins=${PLUGINS_DIR}") + + CMD=cli + +-eval $EXECUTABLE "$CMD" "$OPTS" "$@" ++if [ "$(id -u)" -eq 0 -o "$(id -g)" -eq 0 ]; then + cd "${GRAFANA_HOME}" -+ exec runuser -u "${GRAFANA_USER}" -- "$EXECUTABLE" "$OPTS" "$@" ++ exec runuser -u "${GRAFANA_USER}" -- "$EXECUTABLE" "${OPTS[@]}" "$@" +elif [ "$(id -u -n)" = "${GRAFANA_USER}" ]; then + cd "${GRAFANA_HOME}" -+ exec "$EXECUTABLE" "$OPTS" "$@" ++ exec "$EXECUTABLE" "${OPTS[@]}" "$@" +else + echo "$0: please run this script as user \"${GRAFANA_USER}\" or root." + exit 5 diff --git a/002-manpages.patch b/0002-add-manpages.patch similarity index 81% rename from 002-manpages.patch rename to 0002-add-manpages.patch index 2927b397753a7d1f971ff897516d42d551193175..a059e0a0ac067d5a99a2dbe442dacfa17dfa88bf 100644 --- a/002-manpages.patch +++ b/0002-add-manpages.patch @@ -1,10 +1,16 @@ +From 5b6c18f715808f99c32550fc3b670fc5bf600f72 Mon Sep 17 00:00:00 2001 +From: Andreas Gerstmayr +Date: Wed, 22 Jun 2022 17:01:09 +0200 +Subject: [PATCH] add manpages + + diff --git a/docs/man/man1/grafana-cli.1 b/docs/man/man1/grafana-cli.1 new file mode 100644 -index 0000000000..7ac2af882c +index 0000000000..39c0d5cee0 --- /dev/null +++ b/docs/man/man1/grafana-cli.1 -@@ -0,0 +1,60 @@ -+.TH GRAFANA "1" "April 2022" "Grafana cli version 7.5.15" "User Commands" +@@ -0,0 +1,63 @@ ++.TH GRAFANA "1" "September 2022" "Grafana cli version 9.0.9" "User Commands" +.SH NAME +grafana-cli \- command line administration for the Grafana metrics dashboard and graph editor +.SH DESCRIPTION @@ -22,6 +28,9 @@ index 0000000000..7ac2af882c +admin +Grafana admin commands +.TP ++cue ++Cue validation commands ++.TP +help, h +Shows a list of commands or help for one command +.SS "GLOBAL OPTIONS:" @@ -36,10 +45,10 @@ index 0000000000..7ac2af882c +Full url to the plugin zip file instead of downloading the plugin from grafana.com/api [$GF_PLUGIN_URL] +.TP +\fB\-\-insecure\fR -+Skip TLS verification (insecure) ++Skip TLS verification (insecure) (default: false) +.TP -+\fB\-\-debug\fR, \fB\-d\fR -+enable debug logging ++\fB\-\-debug\fR ++Enable debug logging (default: false) +.TP +\fB\-\-configOverrides\fR value +Configuration options to override defaults as a string. e.g. cfg:default.paths.log=/dev/null @@ -66,11 +75,11 @@ index 0000000000..7ac2af882c +.BR http://docs.grafana.org/ . diff --git a/docs/man/man1/grafana-server.1 b/docs/man/man1/grafana-server.1 new file mode 100644 -index 0000000000..c616268b31 +index 0000000000..683a2369cc --- /dev/null +++ b/docs/man/man1/grafana-server.1 -@@ -0,0 +1,72 @@ -+.TH VERSION "1" "April 2022" "Version 7.5.15" "User Commands" +@@ -0,0 +1,80 @@ ++.TH VERSION "1" "September 2022" "Version 9.0.9" "User Commands" +.SH NAME +grafana-server \- back-end server for the Grafana metrics dashboard and graph editor +.SH DESCRIPTION @@ -94,7 +103,7 @@ index 0000000000..c616268b31 +.P +.SH OPTIONS +The -+.B gafana-server ++.B grafana-server +configuration is specified in +.BR /etc/grafana/grafana.ini +and is well documented with comments. @@ -122,6 +131,10 @@ index 0000000000..c616268b31 +.IP +Turn on pprof profiling +.HP ++\fB\-profile\-addr\fR string ++.IP ++Define custom address for profiling (default "localhost") ++.HP +\fB\-profile\-port\fR uint +.IP +Define custom port for profiling (default 6060) @@ -137,6 +150,10 @@ index 0000000000..c616268b31 +\fB\-v\fR +.IP +prints current version and exits ++.TP ++\fB\-vv\fR ++.IP ++prints current version, all dependencies and exits +.SH "SEE ALSO" +The full documentation for +.B Grafana diff --git a/0003-update-default-configuration.patch b/0003-update-default-configuration.patch new file mode 100644 index 0000000000000000000000000000000000000000..a0c961af1e998a861d05bd4a4c03e31e3b5e6903 --- /dev/null +++ b/0003-update-default-configuration.patch @@ -0,0 +1,72 @@ +From 026c4f235fd3bfc741304a5e12e13bd1c7b85eac Mon Sep 17 00:00:00 2001 +From: Andreas Gerstmayr +Date: Wed, 22 Jun 2022 17:05:48 +0200 +Subject: [PATCH] update default configuration + + +diff --git a/conf/defaults.ini b/conf/defaults.ini +index 9f7cf4a90b..e1e5468bfa 100644 +--- a/conf/defaults.ini ++++ b/conf/defaults.ini +@@ -240,7 +240,7 @@ user_agent = + # No ip addresses are being tracked, only simple counters to track + # running instances, dashboard and error counts. It is very helpful to us. + # Change this option to false to disable reporting. +-reporting_enabled = true ++reporting_enabled = false + + # The name of the distributor of the Grafana instance. Ex hosted-grafana, grafana-labs + reporting_distributor = grafana-labs +@@ -249,8 +249,8 @@ reporting_distributor = grafana-labs + # for new versions of grafana. The check is used + # in some UI views to notify that a grafana update exists. + # This option does not cause any auto updates, nor send any information +-# only a GET request to https://grafana.com/api/grafana/versions/stable to get the latest version. +-check_for_updates = true ++# only a GET request to https://raw.githubusercontent.com/grafana/grafana/main/latest.json to get the latest version. ++check_for_updates = false + + # Set to false to disable all checks to https://grafana.com + # for new versions of plugins. The check is used +diff --git a/conf/sample.ini b/conf/sample.ini +index 916de769f9..2f270d4940 100644 +--- a/conf/sample.ini ++++ b/conf/sample.ini +@@ -247,7 +247,7 @@ + # No ip addresses are being tracked, only simple counters to track + # running instances, dashboard and error counts. It is very helpful to us. + # Change this option to false to disable reporting. +-;reporting_enabled = true ++;reporting_enabled = false + + # The name of the distributor of the Grafana instance. Ex hosted-grafana, grafana-labs + ;reporting_distributor = grafana-labs +@@ -256,8 +256,8 @@ + # for new versions of grafana. The check is used + # in some UI views to notify that a grafana update exists. + # This option does not cause any auto updates, nor send any information +-# only a GET request to https://grafana.com/api/grafana/versions/stable to get the latest version. +-;check_for_updates = true ++# only a GET request to https://raw.githubusercontent.com/grafana/grafana/main/latest.json to get the latest version. ++;check_for_updates = false + + # Set to false to disable all checks to https://grafana.com + # for new versions of plugins. The check is used +@@ -427,7 +427,7 @@ + + # Minimum dashboard refresh interval. When set, this will restrict users to set the refresh interval of a dashboard lower than given interval. Per default this is 5 seconds. + # The interval string is a possibly signed sequence of decimal numbers, followed by a unit suffix (ms, s, m, h, d), e.g. 30s or 1m. +-;min_refresh_interval = 5s ++min_refresh_interval = 1s + + # Path to the default home dashboard. If this value is empty, then Grafana uses StaticRootPath + "dashboards/home.json" + ;default_home_dashboard_path = +@@ -1411,7 +1411,7 @@ + ;enable_alpha = false + ;app_tls_skip_verify_insecure = false + # Enter a comma-separated list of plugin identifiers to identify plugins to load even if they are unsigned. Plugins with modified signatures are never loaded. +-;allow_loading_unsigned_plugins = ++allow_loading_unsigned_plugins = performancecopilot-pcp-app,pcp-redis-datasource,pcp-vector-datasource,pcp-bpftrace-datasource,pcp-flamegraph-panel,pcp-breadcrumbs-panel,pcp-troubleshooting-panel,performancecopilot-redis-datasource,performancecopilot-vector-datasource,performancecopilot-bpftrace-datasource,performancecopilot-flamegraph-panel,performancecopilot-breadcrumbs-panel,performancecopilot-troubleshooting-panel + # Enable or disable installing / uninstalling / updating plugins directly from within Grafana. + ;plugin_admin_enabled = false + ;plugin_admin_external_manage_enabled = false diff --git a/0004-remove-unused-backend-dependencies.patch b/0004-remove-unused-backend-dependencies.patch new file mode 100644 index 0000000000000000000000000000000000000000..15697489b2d05db42f601cdebef4afcd3890bff3 --- /dev/null +++ b/0004-remove-unused-backend-dependencies.patch @@ -0,0 +1,62 @@ +From 076177ff583b8e6d92948e0a4ddde0e8992d09a3 Mon Sep 17 00:00:00 2001 +From: Andreas Gerstmayr +Date: Wed, 22 Jun 2022 17:18:56 +0200 +Subject: [PATCH] remove unused backend dependencies + +saml and gofpdf are not used in the OSS edition of Grafana +after editing `pkg/extensions/main.go`, run `go mod tidy` + +diff --git a/go.mod b/go.mod +index fcbc09da5e..82fdf39842 100644 +--- a/go.mod ++++ b/go.mod +@@ -45,7 +45,6 @@ require ( + github.com/blang/semver/v4 v4.0.0 // @grafana/grafana-release-guild + github.com/bradfitz/gomemcache v0.0.0-20190913173617-a41fca850d0b // @grafana/backend-platform + github.com/centrifugal/centrifuge v0.30.2 // @grafana/grafana-app-platform-squad +- github.com/crewjam/saml v0.4.13 // @grafana/grafana-authnz-team + github.com/fatih/color v1.15.0 // @grafana/backend-platform + github.com/gchaincl/sqlhooks v1.3.0 // @grafana/backend-platform + github.com/go-ldap/ldap/v3 v3.4.4 // @grafana/grafana-authnz-team +@@ -187,7 +186,6 @@ require ( + github.com/josharian/intern v1.0.0 // indirect + github.com/jpillora/backoff v1.0.0 // indirect + github.com/mailru/easyjson v0.7.7 // indirect +- github.com/mattermost/xml-roundtrip-validator v0.1.0 // indirect + github.com/mattetti/filebuffer v1.0.1 // indirect + github.com/mattn/go-runewidth v0.0.13 // indirect + github.com/miekg/dns v1.1.51 // indirect +diff --git a/go.sum b/go.sum +index d05dfb55fd..b160387abe 100644 +--- a/go.sum ++++ b/go.sum +@@ -1826,8 +1826,6 @@ github.com/grafana/pyroscope/api v0.3.0/go.mod h1:JggA80ToAAUACYGfwL49XoFk5aN5ec + github.com/grafana/regexp v0.0.0-20221122212121-6b5c0a4cb7fd/go.mod h1:M5qHK+eWfAv8VR/265dIuEpL3fNfeC21tXXp9itM24A= + github.com/grafana/regexp v0.0.0-20221123153739-15dc172cd2db h1:7aN5cccjIqCLTzedH7MZzRZt5/lsAHch6Z3L2ZGn5FA= + github.com/grafana/regexp v0.0.0-20221123153739-15dc172cd2db/go.mod h1:M5qHK+eWfAv8VR/265dIuEpL3fNfeC21tXXp9itM24A= +-github.com/grafana/saml v0.4.15-0.20231025143828-a6c0e9b86a4c h1:1pHLC1ZTz7N5QI3jzCs5sqmVvAKe+JwGnpp9lQ+iUjY= +-github.com/grafana/saml v0.4.15-0.20231025143828-a6c0e9b86a4c/go.mod h1:S4+611dxnKt8z/ulbvaJzcgSHsuhjVc1QHNTcr1R7Fw= + github.com/grafana/sqlds/v2 v2.3.10 h1:HWKhE0vR6LoEiE+Is8CSZOgaB//D1yqb2ntkass9Fd4= + github.com/grafana/sqlds/v2 v2.3.10/go.mod h1:c6ibxnxRVGxV/0YkEgvy7QpQH/lyifFyV7K/14xvdIs= + github.com/grafana/tempo v1.5.1-0.20230524121406-1dc1bfe7085b h1:mDlkqgTEJuK7vjPG44f3ZMtId5AAYLWHvBVbiGqIOOQ= +@@ -2222,8 +2220,6 @@ github.com/markbates/sigtx v1.0.0/go.mod h1:QF1Hv6Ic6Ca6W+T+DL0Y/ypborFKyvUY9Hmu + github.com/markbates/willie v1.0.9/go.mod h1:fsrFVWl91+gXpx/6dv715j7i11fYPfZ9ZGfH0DQzY7w= + github.com/matryer/is v1.4.0 h1:sosSmIWwkYITGrxZ25ULNDeKiMNzFSr4V/eqBQP0PeE= + github.com/matryer/is v1.4.0/go.mod h1:8I/i5uYgLzgsgEloJE1U6xx5HkBQpAZvepWuujKwMRU= +-github.com/mattermost/xml-roundtrip-validator v0.1.0 h1:RXbVD2UAl7A7nOTR4u7E3ILa4IbtvKBHw64LDsmu9hU= +-github.com/mattermost/xml-roundtrip-validator v0.1.0/go.mod h1:qccnGMcpgwcNaBnxqpJpWWUiPNr5H3O8eDgGV9gT5To= + github.com/mattetti/filebuffer v1.0.1 h1:gG7pyfnSIZCxdoKq+cPa8T0hhYtD9NxCdI4D7PTjRLM= + github.com/mattetti/filebuffer v1.0.1/go.mod h1:YdMURNDOttIiruleeVr6f56OrMc+MydEnTcXwtkxNVs= + github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= +diff --git a/pkg/extensions/main.go b/pkg/extensions/main.go +index 327e208221..426aad2a21 100644 +--- a/pkg/extensions/main.go ++++ b/pkg/extensions/main.go +@@ -11,7 +11,6 @@ import ( + _ "github.com/beevik/etree" + _ "github.com/blugelabs/bluge" + _ "github.com/blugelabs/bluge_segment_api" +- _ "github.com/crewjam/saml" + _ "github.com/go-jose/go-jose/v3" + _ "github.com/gobwas/glob" + _ "github.com/googleapis/gax-go/v2" diff --git a/0005-remove-unused-frontend-crypto.patch b/0005-remove-unused-frontend-crypto.patch new file mode 100644 index 0000000000000000000000000000000000000000..268eadbf029c4e926b46698f1ea78ece5812c5cb --- /dev/null +++ b/0005-remove-unused-frontend-crypto.patch @@ -0,0 +1,333 @@ +From ddd615152004e0bc5985a574c05d31778351dfa3 Mon Sep 17 00:00:00 2001 +From: Andreas Gerstmayr +Date: Wed, 22 Jun 2022 17:36:47 +0200 +Subject: [PATCH] remove unused frontend crypto + +update `package.json` and then run `yarn install` to update the +`yarn.lock` lockfile + +diff --git a/package.json b/package.json +index 38deb6d7de..aad5e88bf0 100644 +--- a/package.json ++++ b/package.json +@@ -425,6 +425,9 @@ + "resolutions": { + "underscore": "1.13.6", + "@types/slate": "0.47.11", ++ "crypto-browserify": "https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz", ++ "selfsigned": "https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz", ++ "http-signature": "https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz", + "ngtemplate-loader/loader-utils": "^2.0.0", + "semver@~7.0.0": "7.5.4", + "semver@7.3.4": "7.5.4", +diff --git a/yarn.lock b/yarn.lock +index bf22ba52a1..1552ddc052 100644 +--- a/yarn.lock ++++ b/yarn.lock +@@ -10935,22 +10935,6 @@ __metadata: + languageName: node + linkType: hard + +-"asn1@npm:~0.2.3": +- version: 0.2.6 +- resolution: "asn1@npm:0.2.6" +- dependencies: +- safer-buffer: "npm:~2.1.0" +- checksum: cf629291fee6c1a6f530549939433ebf32200d7849f38b810ff26ee74235e845c0c12b2ed0f1607ac17383d19b219b69cefa009b920dab57924c5c544e495078 +- languageName: node +- linkType: hard +- +-"assert-plus@npm:1.0.0, assert-plus@npm:^1.0.0": +- version: 1.0.0 +- resolution: "assert-plus@npm:1.0.0" +- checksum: f4f991ae2df849cc678b1afba52d512a7cbf0d09613ba111e72255409ff9158550c775162a47b12d015d1b82b3c273e8e25df0e4783d3ddb008a293486d00a07 +- languageName: node +- linkType: hard +- + "assert@npm:2.0.0, assert@npm:^2.0.0": + version: 2.0.0 + resolution: "assert@npm:2.0.0" +@@ -11427,15 +11411,6 @@ __metadata: + languageName: node + linkType: hard + +-"bcrypt-pbkdf@npm:^1.0.0": +- version: 1.0.2 +- resolution: "bcrypt-pbkdf@npm:1.0.2" +- dependencies: +- tweetnacl: "npm:^0.14.3" +- checksum: 13a4cde058250dbf1fa77a4f1b9a07d32ae2e3b9e28e88a0c7a1827835bc3482f3e478c4a0cfd4da6ff0c46dae07da1061123a995372b32cc563d9975f975404 +- languageName: node +- linkType: hard +- + "before-after-hook@npm:^2.2.0": + version: 2.2.2 + resolution: "before-after-hook@npm:2.2.2" +@@ -12929,13 +12904,6 @@ __metadata: + languageName: node + linkType: hard + +-"core-util-is@npm:1.0.2": +- version: 1.0.2 +- resolution: "core-util-is@npm:1.0.2" +- checksum: d0f7587346b44a1fe6c269267e037dd34b4787191e473c3e685f507229d88561c40eb18872fabfff02977301815d474300b7bfbd15396c13c5377393f7e87ec3 +- languageName: node +- linkType: hard +- + "core-util-is@npm:~1.0.0": + version: 1.0.3 + resolution: "core-util-is@npm:1.0.3" +@@ -13857,15 +13825,6 @@ __metadata: + languageName: node + linkType: hard + +-"dashdash@npm:^1.12.0": +- version: 1.14.1 +- resolution: "dashdash@npm:1.14.1" +- dependencies: +- assert-plus: "npm:^1.0.0" +- checksum: 137b287fa021201ce100cef772c8eeeaaafdd2aa7282864022acf3b873021e54cb809e9c060fa164840bf54ff72d00d6e2d8da1ee5a86d7200eeefa1123a8f7f +- languageName: node +- linkType: hard +- + "data-urls@npm:^3.0.2": + version: 3.0.2 + resolution: "data-urls@npm:3.0.2" +@@ -14573,16 +14532,6 @@ __metadata: + languageName: node + linkType: hard + +-"ecc-jsbn@npm:~0.1.1": +- version: 0.1.2 +- resolution: "ecc-jsbn@npm:0.1.2" +- dependencies: +- jsbn: "npm:~0.1.0" +- safer-buffer: "npm:^2.1.0" +- checksum: d43591f2396196266e186e6d6928038cc11c76c3699a912cb9c13757060f7bbc7f17f47c4cb16168cdeacffc7965aef021142577e646fb3cb88810c15173eb57 +- languageName: node +- linkType: hard +- + "ee-first@npm:1.1.1": + version: 1.1.1 + resolution: "ee-first@npm:1.1.1" +@@ -15991,20 +15940,6 @@ __metadata: + languageName: node + linkType: hard + +-"extsprintf@npm:1.3.0": +- version: 1.3.0 +- resolution: "extsprintf@npm:1.3.0" +- checksum: 26967d6c7ecbfb5bc5b7a6c43503dc5fafd9454802037e9fa1665e41f615da4ff5918bd6cb871a3beabed01a31eca1ccd0bdfb41231f50ad50d405a430f78377 +- languageName: node +- linkType: hard +- +-"extsprintf@npm:^1.2.0": +- version: 1.4.1 +- resolution: "extsprintf@npm:1.4.1" +- checksum: bfd6d55f3c0c04d826fe0213264b383c03f32825af6b1ff777f3f2dc49467e599361993568d75b7b19a8ea1bb08c8e7cd8c3d87d179ced91bb0dcf81ca6938e0 +- languageName: node +- linkType: hard +- + "fast-deep-equal@npm:^3.1.1, fast-deep-equal@npm:^3.1.3": + version: 3.1.3 + resolution: "fast-deep-equal@npm:3.1.3" +@@ -16916,15 +16851,6 @@ __metadata: + languageName: node + linkType: hard + +-"getpass@npm:^0.1.1": +- version: 0.1.7 +- resolution: "getpass@npm:0.1.7" +- dependencies: +- assert-plus: "npm:^1.0.0" +- checksum: ab18d55661db264e3eac6012c2d3daeafaab7a501c035ae0ccb193c3c23e9849c6e29b6ac762b9c2adae460266f925d55a3a2a3a3c8b94be2f222df94d70c046 +- languageName: node +- linkType: hard +- + "giget@npm:^1.0.0": + version: 1.1.2 + resolution: "giget@npm:1.1.2" +@@ -18263,25 +18189,10 @@ __metadata: + languageName: node + linkType: hard + +-"http-signature@npm:~1.2.0": +- version: 1.2.0 +- resolution: "http-signature@npm:1.2.0" +- dependencies: +- assert-plus: "npm:^1.0.0" +- jsprim: "npm:^1.2.2" +- sshpk: "npm:^1.7.0" +- checksum: 2ff7112e6b0d8f08b382dfe705078c655501f2ddd76cf589d108445a9dd388a0a9be928c37108261519a7f53e6bbd1651048d74057b804807cce1ec49e87a95b +- languageName: node +- linkType: hard +- +-"http-signature@npm:~1.3.6": +- version: 1.3.6 +- resolution: "http-signature@npm:1.3.6" +- dependencies: +- assert-plus: "npm:^1.0.0" +- jsprim: "npm:^2.0.2" +- sshpk: "npm:^1.14.1" +- checksum: 5f08e0c82174999da97114facb0d0d47e268d60b6fc10f92cb87b99d5ccccd36f79b9508c29dda0b4f4e3a1b2f7bcaf847e68ecd5da2f1fc465fcd1d054b7884 ++"http-signature@https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz": ++ version: 1.1.3 ++ resolution: "http-signature@https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz" ++ checksum: 78b64605540e2d25bede2d74ec9e7740ab9a466c9a562ae3a8ccc7e07e26e601a013859c94adf890679403cd337b9690f598d64bc4fbc1d2eaa2f27241ca08a1 + languageName: node + linkType: hard + +@@ -20609,13 +20520,6 @@ __metadata: + languageName: node + linkType: hard + +-"jsbn@npm:~0.1.0": +- version: 0.1.1 +- resolution: "jsbn@npm:0.1.1" +- checksum: 5450133242845100e694f0ef9175f44c012691a9b770b2571e677314e6f70600abb10777cdfc9a0c6a9f2ac6d134577403633de73e2fcd0f97875a67744e2d14 +- languageName: node +- linkType: hard +- + "jscodeshift@npm:^0.14.0": + version: 0.14.0 + resolution: "jscodeshift@npm:0.14.0" +@@ -20767,13 +20671,6 @@ __metadata: + languageName: node + linkType: hard + +-"json-schema@npm:0.4.0": +- version: 0.4.0 +- resolution: "json-schema@npm:0.4.0" +- checksum: 8b3b64eff4a807dc2a3045b104ed1b9335cd8d57aa74c58718f07f0f48b8baa3293b00af4dcfbdc9144c3aafea1e97982cc27cc8e150fc5d93c540649507a458 +- languageName: node +- linkType: hard +- + "json-source-map@npm:0.6.1": + version: 0.6.1 + resolution: "json-source-map@npm:0.6.1" +@@ -20886,30 +20783,6 @@ __metadata: + languageName: node + linkType: hard + +-"jsprim@npm:^1.2.2": +- version: 1.4.2 +- resolution: "jsprim@npm:1.4.2" +- dependencies: +- assert-plus: "npm:1.0.0" +- extsprintf: "npm:1.3.0" +- json-schema: "npm:0.4.0" +- verror: "npm:1.10.0" +- checksum: df2bf234eab1b5078d01bcbff3553d50a243f7b5c10a169745efeda6344d62798bd1d85bcca6a8446f3b5d0495e989db45f9de8dae219f0f9796e70e0c776089 +- languageName: node +- linkType: hard +- +-"jsprim@npm:^2.0.2": +- version: 2.0.2 +- resolution: "jsprim@npm:2.0.2" +- dependencies: +- assert-plus: "npm:1.0.0" +- extsprintf: "npm:1.3.0" +- json-schema: "npm:0.4.0" +- verror: "npm:1.10.0" +- checksum: fcfca5b55f83e1b8be5f932c71754bd37afd2611f81685abd05689e8ce718a91155ff7bd5b94c65ce483a787b5c43c6d0c18c1d2259fca5bb61a3f8ea2e29c0a +- languageName: node +- linkType: hard +- + "jsurl@npm:^0.1.5": + version: 0.1.5 + resolution: "jsurl@npm:0.1.5" +@@ -22734,7 +22607,7 @@ __metadata: + languageName: node + linkType: hard + +-"node-forge@npm:^1, node-forge@npm:^1.3.1": ++"node-forge@npm:^1.3.1": + version: 1.3.1 + resolution: "node-forge@npm:1.3.1" + checksum: 05bab6868633bf9ad4c3b1dd50ec501c22ffd69f556cdf169a00998ca1d03e8107a6032ba013852f202035372021b845603aeccd7dfcb58cdb7430013b3daa8d +@@ -27151,7 +27024,7 @@ __metadata: + languageName: node + linkType: hard + +-"safer-buffer@npm:>= 2.1.2 < 3, safer-buffer@npm:>= 2.1.2 < 3.0.0, safer-buffer@npm:^2.0.2, safer-buffer@npm:^2.1.0, safer-buffer@npm:~2.1.0": ++"safer-buffer@npm:>= 2.1.2 < 3, safer-buffer@npm:>= 2.1.2 < 3.0.0": + version: 2.1.2 + resolution: "safer-buffer@npm:2.1.2" + checksum: 7eaf7a0cf37cc27b42fb3ef6a9b1df6e93a1c6d98c6c6702b02fe262d5fcbd89db63320793b99b21cb5348097d0a53de81bd5f4e8b86e20cc9412e3f1cfb4e83 +@@ -27282,12 +27155,10 @@ __metadata: + languageName: node + linkType: hard + +-"selfsigned@npm:^2.1.1": +- version: 2.1.1 +- resolution: "selfsigned@npm:2.1.1" +- dependencies: +- node-forge: "npm:^1" +- checksum: 6005206e0d005448274aceceaded5195b944f67a42b72d212a6169d2e5f4bdc87c15a3fe45732c544db8c7175702091aaf95403ad6632585294a6ec8cca63638 ++"selfsigned@https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz": ++ version: 1.1.3 ++ resolution: "selfsigned@https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz" ++ checksum: 4988a0dbdf123fb808194a6198f5951e2df711de6fd967d72a8876baccaa23d5c260efb8f1dbfbc5bf1f852e81f897ad09267908977ab94862867ef971a3d48d + languageName: node + linkType: hard + +@@ -28053,27 +27924,6 @@ __metadata: + languageName: node + linkType: hard + +-"sshpk@npm:^1.14.1, sshpk@npm:^1.7.0": +- version: 1.17.0 +- resolution: "sshpk@npm:1.17.0" +- dependencies: +- asn1: "npm:~0.2.3" +- assert-plus: "npm:^1.0.0" +- bcrypt-pbkdf: "npm:^1.0.0" +- dashdash: "npm:^1.12.0" +- ecc-jsbn: "npm:~0.1.1" +- getpass: "npm:^0.1.1" +- jsbn: "npm:~0.1.0" +- safer-buffer: "npm:^2.0.2" +- tweetnacl: "npm:~0.14.0" +- bin: +- sshpk-conv: bin/sshpk-conv +- sshpk-sign: bin/sshpk-sign +- sshpk-verify: bin/sshpk-verify +- checksum: 668c2a279a6ce66fd739ce5684e37927dd75427cc020c828a208f85890a4c400705d4ba09f32fa44efca894339dc6931941664f6f6ba36dfa543de6d006cbe9c +- languageName: node +- linkType: hard +- + "ssri@npm:^10.0.0, ssri@npm:^10.0.1": + version: 10.0.5 + resolution: "ssri@npm:10.0.5" +@@ -29479,13 +29329,6 @@ __metadata: + languageName: node + linkType: hard + +-"tweetnacl@npm:^0.14.3, tweetnacl@npm:~0.14.0": +- version: 0.14.5 +- resolution: "tweetnacl@npm:0.14.5" +- checksum: 04ee27901cde46c1c0a64b9584e04c96c5fe45b38c0d74930710751ea991408b405747d01dfae72f80fc158137018aea94f9c38c651cb9c318f0861a310c3679 +- languageName: node +- linkType: hard +- + "type-check@npm:^0.4.0, type-check@npm:~0.4.0": + version: 0.4.0 + resolution: "type-check@npm:0.4.0" +@@ -30199,17 +30042,6 @@ __metadata: + languageName: node + linkType: soft + +-"verror@npm:1.10.0": +- version: 1.10.0 +- resolution: "verror@npm:1.10.0" +- dependencies: +- assert-plus: "npm:^1.0.0" +- core-util-is: "npm:1.0.2" +- extsprintf: "npm:^1.2.0" +- checksum: da548149dd9c130a8a2587c9ee71ea30128d1526925707e2d01ed9c5c45c9e9f86733c66a328247cdd5f7c1516fb25b0f959ba754bfbe15072aa99ff96468a29 +- languageName: node +- linkType: hard +- + "vinyl-fs@npm:^3.0.2": + version: 3.0.3 + resolution: "vinyl-fs@npm:3.0.3" diff --git a/0006-skip-marketplace-plugin-install-test.patch b/0006-skip-marketplace-plugin-install-test.patch new file mode 100644 index 0000000000000000000000000000000000000000..3180726bfc55865c9cd01363155c1262ff7c7102 --- /dev/null +++ b/0006-skip-marketplace-plugin-install-test.patch @@ -0,0 +1,21 @@ +From ed8a438d72a667844ae07804491b568ad2f5dcdd Mon Sep 17 00:00:00 2001 +From: Andreas Gerstmayr +Date: Thu, 23 Jun 2022 17:00:46 +0200 +Subject: [PATCH] skip marketplace plugin install test + +This test (tries to) install a plugin from the Grafana marketplace. +Network connectivity is disabled in the build environment for security +reasons, therefore we need to disable this test. + +diff --git a/pkg/tests/api/plugins/api_plugins_test.go b/pkg/tests/api/plugins/api_plugins_test.go +index 4fc2295ed8..a326c40b04 100644 +--- a/pkg/tests/api/plugins/api_plugins_test.go ++++ b/pkg/tests/api/plugins/api_plugins_test.go +@@ -71,6 +71,7 @@ func TestIntegrationPlugins(t *testing.T) { + }) + + t.Run("Request is not forbidden if from an admin", func(t *testing.T) { ++ t.Skip("this test requires connectivity to the Grafana plugin marketplace (fetching metadata)") + statusCode, body := makePostRequest(t, grafanaAPIURL(usernameAdmin, grafanaListedAddr, "plugins/test/install")) + + assert.Equal(t, 404, statusCode) diff --git a/0007-redact-weak-ciphers.patch b/0007-redact-weak-ciphers.patch new file mode 100644 index 0000000000000000000000000000000000000000..1b7148acd5cd005d821d098b60eb50a4dec7e5cd --- /dev/null +++ b/0007-redact-weak-ciphers.patch @@ -0,0 +1,30 @@ +From 7ac26d6beb2175f0d6001ca0df322ce610401cce Mon Sep 17 00:00:00 2001 +From: Stan Cox +Date: Wed, 22 Jun 2022 17:05:48 +0200 +Subject: [PATCH] redact weak ciphers + + +diff --git a/pkg/api/http_server.go b/pkg/api/http_server.go +index da04044683..8a29270d4d 100644 +--- a/pkg/api/http_server.go ++++ b/pkg/api/http_server.go +@@ -820,13 +820,13 @@ func (hs *HTTPServer) getDefaultCiphers(tlsVersion uint16, protocol string) []ui + tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, +- tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, ++ // tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, + tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, +- tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, +- tls.TLS_RSA_WITH_AES_128_GCM_SHA256, +- tls.TLS_RSA_WITH_AES_256_GCM_SHA384, +- tls.TLS_RSA_WITH_AES_128_CBC_SHA, +- tls.TLS_RSA_WITH_AES_256_CBC_SHA, ++ // tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, ++ // tls.TLS_RSA_WITH_AES_128_GCM_SHA256, ++ // tls.TLS_RSA_WITH_AES_256_GCM_SHA384, ++ // tls.TLS_RSA_WITH_AES_128_CBC_SHA, ++ // tls.TLS_RSA_WITH_AES_256_CBC_SHA, + } + } + if protocol == "h2" { diff --git a/0008-replace-faulty-slices-sort.patch b/0008-replace-faulty-slices-sort.patch new file mode 100644 index 0000000000000000000000000000000000000000..b9cea8c021a838bfbc31d00ad01b2f63cae9ca10 --- /dev/null +++ b/0008-replace-faulty-slices-sort.patch @@ -0,0 +1,40 @@ +From 3f45f26993ed94837001bb9760d7859e7a057649 Mon Sep 17 00:00:00 2001 +From: Sam Feifer +Date: Fri, 1 Mar 2024 15:00:55 -0500 +Subject: [PATCH] replace faulty slices sort + + +diff --git a/pkg/services/sqlstore/migrator/dialect.go b/pkg/services/sqlstore/migrator/dialect.go +index 183b619de8..da21edeafa 100644 +--- a/pkg/services/sqlstore/migrator/dialect.go ++++ b/pkg/services/sqlstore/migrator/dialect.go +@@ -368,7 +368,8 @@ func (b *BaseDialect) InsertQuery(tableName string, row map[string]any) (string, + for col := range row { + keys = append(keys, col) + } +- slices.Sort[string](keys) ++ slices.Sort(keys) ++ //slices.Sort[string](keys) + + // build query and values + for _, col := range keys { +@@ -398,7 +399,8 @@ func (b *BaseDialect) UpdateQuery(tableName string, row map[string]any, where ma + for col := range row { + keys = append(keys, col) + } +- slices.Sort[string](keys) ++ slices.Sort(keys) ++ //slices.Sort[string](keys) + + // build update query and values + for _, col := range keys { +@@ -411,7 +413,8 @@ func (b *BaseDialect) UpdateQuery(tableName string, row map[string]any, where ma + for col := range where { + keys = append(keys, col) + } +- slices.Sort[string](keys) ++ slices.Sort(keys) ++ //slices.Sort[string](keys) + + // build where clause and values + for _, col := range keys { diff --git a/0009-update-wrappers-and-systemd-with-distro-paths.patch b/0009-update-wrappers-and-systemd-with-distro-paths.patch new file mode 100644 index 0000000000000000000000000000000000000000..5331ddf2cb9c03de037e5cda2bf687c1622072ec --- /dev/null +++ b/0009-update-wrappers-and-systemd-with-distro-paths.patch @@ -0,0 +1,76 @@ +From 5fe02f961e67af04907dc57beda42456128ab1c8 Mon Sep 17 00:00:00 2001 +From: Sam Feifer +Date: Fri, 1 Mar 2024 15:05:24 -0500 +Subject: [PATCH] update wrappers and systemd with distro paths + + +diff --git a/packaging/rpm/systemd/grafana-server.service b/packaging/rpm/systemd/grafana-server.service +index e3adc3f469..b2e4aced06 100644 +--- a/packaging/rpm/systemd/grafana-server.service ++++ b/packaging/rpm/systemd/grafana-server.service +@@ -14,7 +14,7 @@ Restart=on-failure + WorkingDirectory=/usr/share/grafana + RuntimeDirectory=grafana + RuntimeDirectoryMode=0750 +-ExecStart=/usr/share/grafana/bin/grafana server \ ++ExecStart=/usr/sbin/grafana server \ + --config=${CONF_FILE} \ + --pidfile=${PID_FILE_DIR}/grafana-server.pid \ + --packaging=rpm \ +diff --git a/packaging/wrappers/grafana b/packaging/wrappers/grafana +index 86e0fc9faa..5c88bae4c3 100755 +--- a/packaging/wrappers/grafana ++++ b/packaging/wrappers/grafana +@@ -5,7 +5,7 @@ + # the system-wide Grafana configuration that was bundled with the package as we + # use the binary. + +-DEFAULT=/etc/default/grafana ++DEFAULT=/etc/sysconfig/grafana-server + + GRAFANA_HOME="${GRAFANA_HOME:-/usr/share/grafana}" + +@@ -13,11 +13,12 @@ CONF_DIR=/etc/grafana + DATA_DIR=/var/lib/grafana + PLUGINS_DIR=/var/lib/grafana/plugins + LOG_DIR=/var/log/grafana +++LIBEXEC_DIR=/usr/libexec/grafana + + CONF_FILE=$CONF_DIR/grafana.ini + PROVISIONING_CFG_DIR=$CONF_DIR/provisioning + +-EXECUTABLE="$GRAFANA_HOME/bin/grafana" +++EXECUTABLE=$LIBEXEC_DIR/grafana + + if [ ! -x $EXECUTABLE ]; then + echo "$EXECUTABLE not installed or not executable" +@@ -46,4 +47,13 @@ if [ "$CMD" = cli ]; then + --pluginsDir=${PLUGINS_DIR}" + fi + +-eval $EXECUTABLE "$CMD" "$OPTS" "$@" ++if [ "$(id -u)" -eq 0 -o "$(id -g)" -eq 0 ]; then ++ cd "${GRAFANA_HOME}" ++ exec runuser -u "${GRAFANA_USER}" -- "$EXECUTABLE" "$CMD" "${OPTS[@]}" "$@" ++elif [ "$(id -u -n)" = "${GRAFANA_USER}" ]; then ++ cd "${GRAFANA_HOME}" ++ exec "$EXECUTABLE" "$CMD" "${OPTS[@]}" "$@" ++else ++ echo "$0: please run this script as user \"${GRAFANA_USER}\" or root." ++ exit 5 ++fi +\ No newline at end of file +diff --git a/packaging/wrappers/grafana-server b/packaging/wrappers/grafana-server +index 466b0d7c69..6be356f562 100755 +--- a/packaging/wrappers/grafana-server ++++ b/packaging/wrappers/grafana-server +@@ -7,7 +7,8 @@ + + GRAFANA_HOME="${GRAFANA_HOME:-/usr/share/grafana}" + +-EXECUTABLE="$GRAFANA_HOME/bin/grafana" ++LIBEXEC_DIR=/usr/libexec/grafana ++EXECUTABLE=$LIBEXEC_DIR/grafana + + if [ ! -x $EXECUTABLE ]; then + echo "$EXECUTABLE not installed or not executable" diff --git a/0010-remove-bcrypt-references.patch b/0010-remove-bcrypt-references.patch new file mode 100644 index 0000000000000000000000000000000000000000..d617c85062edd2dbb93e8fe86e11f56f4b5e30f0 --- /dev/null +++ b/0010-remove-bcrypt-references.patch @@ -0,0 +1,108 @@ +From eb711315d4c8a81ff52984293758a47372c21b8d Mon Sep 17 00:00:00 2001 +From: Sam Feifer +Date: Fri, 1 Mar 2024 15:07:22 -0500 +Subject: [PATCH] remove bcrypt references + + +diff --git a/pkg/services/extsvcauth/oauthserver/oasimpl/service.go b/pkg/services/extsvcauth/oauthserver/oasimpl/service.go +index 8c5a90248d..43f6d11e08 100644 +--- a/pkg/services/extsvcauth/oauthserver/oasimpl/service.go ++++ b/pkg/services/extsvcauth/oauthserver/oasimpl/service.go +@@ -19,7 +19,6 @@ import ( + "github.com/ory/fosite/compose" + "github.com/ory/fosite/storage" + "github.com/ory/fosite/token/jwt" +- "golang.org/x/crypto/bcrypt" + + "github.com/grafana/grafana/pkg/api/routing" + "github.com/grafana/grafana/pkg/bus" +@@ -235,88 +234,7 @@ func (s *OAuth2ServiceImpl) RemoveExternalService(ctx context.Context, name stri + // it ensures that the associated service account has the correct permissions. + // Database consistency is not guaranteed, consider changing this in the future. + func (s *OAuth2ServiceImpl) SaveExternalService(ctx context.Context, registration *extsvcauth.ExternalServiceRegistration) (*extsvcauth.ExternalService, error) { +- if registration == nil { +- s.logger.Warn("RegisterExternalService called without registration") +- return nil, nil +- } +- slug := registration.Name +- s.logger.Info("Registering external service", "external service", slug) +- +- // Check if the client already exists in store +- client, errFetchExtSvc := s.sqlstore.GetExternalServiceByName(ctx, slug) +- if errFetchExtSvc != nil && !errors.Is(errFetchExtSvc, oauthserver.ErrClientNotFound) { +- s.logger.Error("Error fetching service", "external service", slug, "error", errFetchExtSvc) +- return nil, errFetchExtSvc +- } +- // Otherwise, create a new client +- if client == nil { +- s.logger.Debug("External service does not yet exist", "external service", slug) +- client = &oauthserver.OAuthExternalService{ +- Name: slug, +- ServiceAccountID: oauthserver.NoServiceAccountID, +- Audiences: s.cfg.AppURL, +- } +- } +- +- // Parse registration form to compute required permissions for the client +- client.SelfPermissions, client.ImpersonatePermissions = s.handleRegistrationPermissions(registration) +- +- if registration.OAuthProviderCfg == nil { +- return nil, errors.New("missing oauth provider configuration") +- } +- +- if registration.OAuthProviderCfg.RedirectURI != nil { +- client.RedirectURI = *registration.OAuthProviderCfg.RedirectURI +- } +- +- var errGenCred error +- client.ClientID, client.Secret, errGenCred = s.genCredentials() +- if errGenCred != nil { +- s.logger.Error("Error generating credentials", "client", client.LogID(), "error", errGenCred) +- return nil, errGenCred +- } +- +- grantTypes := s.computeGrantTypes(registration.Self.Enabled, registration.Impersonation.Enabled) +- client.GrantTypes = strings.Join(grantTypes, ",") +- +- // Handle key options +- s.logger.Debug("Handle key options") +- keys, err := s.handleKeyOptions(ctx, registration.OAuthProviderCfg.Key) +- if err != nil { +- s.logger.Error("Error handling key options", "client", client.LogID(), "error", err) +- return nil, err +- } +- if keys != nil { +- client.PublicPem = []byte(keys.PublicPem) +- } +- dto := client.ToExternalService(keys) +- +- hashedSecret, err := bcrypt.GenerateFromPassword([]byte(client.Secret), bcrypt.DefaultCost) +- if err != nil { +- s.logger.Error("Error hashing secret", "client", client.LogID(), "error", err) +- return nil, err +- } +- client.Secret = string(hashedSecret) +- +- s.logger.Debug("Save service account") +- saID, errSaveServiceAccount := s.saService.ManageExtSvcAccount(ctx, &serviceaccounts.ManageExtSvcAccountCmd{ +- ExtSvcSlug: slugify.Slugify(client.Name), +- Enabled: registration.Self.Enabled, +- OrgID: oauthserver.TmpOrgID, +- Permissions: client.SelfPermissions, +- }) +- if errSaveServiceAccount != nil { +- return nil, errSaveServiceAccount +- } +- client.ServiceAccountID = saID +- +- err = s.sqlstore.SaveExternalService(ctx, client) +- if err != nil { +- s.logger.Error("Error saving external service", "client", client.LogID(), "error", err) +- return nil, err +- } +- s.logger.Debug("Registered", "client", client.LogID()) +- return dto, nil ++ panic("bcrypt cipher not available") + } + + // randString generates a a cryptographically secure random string of n bytes diff --git a/003-fix-dashboard-abspath-test.patch b/003-fix-dashboard-abspath-test.patch deleted file mode 100644 index ad7e5bff0cd0315b301a26acd9e3ed9f06438128..0000000000000000000000000000000000000000 --- a/003-fix-dashboard-abspath-test.patch +++ /dev/null @@ -1,24 +0,0 @@ -diff --git a/pkg/services/provisioning/dashboards/file_reader_linux_test.go b/pkg/services/provisioning/dashboards/file_reader_linux_test.go -index 3584bbc242..1a89767b69 100644 ---- a/pkg/services/provisioning/dashboards/file_reader_linux_test.go -+++ b/pkg/services/provisioning/dashboards/file_reader_linux_test.go -@@ -28,6 +28,7 @@ func TestProvisionedSymlinkedFolder(t *testing.T) { - } - - want, err := filepath.Abs(containingID) -+ want, err = filepath.EvalSymlinks(want) - - if err != nil { - t.Errorf("expected err to be nil") -diff --git a/pkg/services/provisioning/dashboards/file_reader_test.go b/pkg/services/provisioning/dashboards/file_reader_test.go -index 946d487d5f..2acef40eed 100644 ---- a/pkg/services/provisioning/dashboards/file_reader_test.go -+++ b/pkg/services/provisioning/dashboards/file_reader_test.go -@@ -318,6 +318,7 @@ func TestDashboardFileReader(t *testing.T) { - } - - absPath1, err := filepath.Abs(unprovision + "/dashboard1.json") -+ absPath1, err = filepath.EvalSymlinks(absPath1) - So(err, ShouldBeNil) - // This one does not exist on disk, simulating a deleted file - absPath2, err := filepath.Abs(unprovision + "/dashboard2.json") diff --git a/004-remove-unused-dependencies.patch b/004-remove-unused-dependencies.patch deleted file mode 100644 index 585c0c1753bbb57252721ba0b165563b173a4e5d..0000000000000000000000000000000000000000 --- a/004-remove-unused-dependencies.patch +++ /dev/null @@ -1,206 +0,0 @@ -From ce669908e2d54d29dd4b585f3614f6df8c447f8a Mon Sep 17 00:00:00 2001 -From: Andreas Gerstmayr -Date: Tue, 5 Apr 2022 16:12:37 +0200 -Subject: [PATCH] remove unused dependencies - - -diff --git a/go.mod b/go.mod -index c1d6c0ee42..c040bbaab0 100644 ---- a/go.mod -+++ b/go.mod -@@ -21,7 +21,6 @@ require ( - github.com/bradfitz/gomemcache v0.0.0-20190913173617-a41fca850d0b - github.com/centrifugal/centrifuge v0.13.0 - github.com/cortexproject/cortex v1.4.1-0.20201022071705-85942c5703cf -- github.com/crewjam/saml v0.4.6-0.20201227203850-bca570abb2ce - github.com/davecgh/go-spew v1.1.1 - github.com/denisenkom/go-mssqldb v0.0.0-20200910202707-1e08a3fab204 - github.com/facebookgo/ensure v0.0.0-20160127193407-b4ab57deab51 // indirect -@@ -57,7 +56,6 @@ require ( - github.com/jmespath/go-jmespath v0.4.0 - github.com/jonboulle/clockwork v0.2.2 // indirect - github.com/json-iterator/go v1.1.10 -- github.com/jung-kurt/gofpdf v1.16.2 - github.com/lib/pq v1.9.0 - github.com/linkedin/goavro/v2 v2.10.0 - github.com/magefile/mage v1.11.0 -diff --git a/go.sum b/go.sum -index 98874d6a7c..50212f12f2 100644 ---- a/go.sum -+++ b/go.sum -@@ -206,12 +206,10 @@ github.com/bmatcuk/doublestar v1.2.2/go.mod h1:wiQtGV+rzVYxB7WIlirSN++5HPtPlXEo9 - github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869/go.mod h1:Ekp36dRnpXw/yCqJaO+ZrUyxD+3VXMFFr56k5XYrpB4= - github.com/bmizerany/pat v0.0.0-20170815010413-6226ea591a40/go.mod h1:8rLXio+WjiTceGBHIoTvn60HIbs7Hm7bcHjyrSqYB9c= - github.com/boltdb/bolt v1.3.1/go.mod h1:clJnj/oiGkjum5o1McbSZDSLxVThjynRyGBgiAx27Ps= --github.com/boombuler/barcode v1.0.0/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= - github.com/bradfitz/gomemcache v0.0.0-20190913173617-a41fca850d0b h1:L/QXpzIa3pOvUGt1D1lA5KjYhPBAN/3iWdP7xeFS9F0= - github.com/bradfitz/gomemcache v0.0.0-20190913173617-a41fca850d0b/go.mod h1:H0wQNHz2YrLsuXOZozoeDmnHXkNCRmMW0gwFWDfEZDA= - github.com/bsm/sarama-cluster v2.1.13+incompatible/go.mod h1:r7ao+4tTNXvWm+VRpRJchr2kQhqxgmAp2iEX5W96gMM= - github.com/c-bata/go-prompt v0.2.2/go.mod h1:VzqtzE2ksDBcdln8G7mk2RX9QyGjH+OVqOCSiVIqS34= --github.com/c2h5oh/datasize v0.0.0-20200112174442-28bbd4740fee h1:BnPxIde0gjtTnc9Er7cxvBk8DHLWhEux0SxayC8dP6I= - github.com/c2h5oh/datasize v0.0.0-20200112174442-28bbd4740fee/go.mod h1:S/7n9copUssQ56c7aAgHqftWO4LTf4xY6CGWt8Bc+3M= - github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ= - github.com/cenkalti/backoff v0.0.0-20181003080854-62661b46c409/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= -@@ -281,9 +279,6 @@ github.com/cpuguy83/go-md2man/v2 v2.0.0 h1:EoUDS0afbrsXAZ9YQ9jdu/mZ2sXgT1/2yyNng - github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= - github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= - github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= --github.com/crewjam/httperr v0.0.0-20190612203328-a946449404da/go.mod h1:+rmNIXRvYMqLQeR4DHyTvs6y0MEMymTz4vyFpFkKTPs= --github.com/crewjam/saml v0.4.6-0.20201227203850-bca570abb2ce h1:pAuTpLhCqC20s2RLhUirfw606jReW+8z2U5EvG+0S7E= --github.com/crewjam/saml v0.4.6-0.20201227203850-bca570abb2ce/go.mod h1:/gCaeLf13J8/621RNZ6TaExji/8xCWcn6UmdJ57wURQ= - github.com/crossdock/crossdock-go v0.0.0-20160816171116-049aabb0122b/go.mod h1:v9FBN7gdVTpiD/+LZ7Po0UKvROyT87uLVxTHVky/dlQ= - github.com/cyberdelia/templates v0.0.0-20141128023046-ca7fffd4298c/go.mod h1:GyV+0YP4qX0UQ7r2MoYZ+AvYDp12OF5yg4q8rGnyNh4= - github.com/cznic/b v0.0.0-20180115125044-35e9bbe41f07/go.mod h1:URriBxXwVq5ijiJ12C7iIZqlA69nTlI+LgI6/pwftG8= -@@ -302,13 +297,11 @@ github.com/davecgh/go-spew v0.0.0-20161028175848-04cdfd42973b/go.mod h1:J7Y8YcW2 - github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= - github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= - github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= --github.com/dchest/uniuri v0.0.0-20160212164326-8902c56451e9/go.mod h1:GgB8SF9nRG+GqaDtLcwJZsQFhcogVCJ79j4EdT0c2V4= - github.com/deepmap/oapi-codegen v1.3.13 h1:9HKGCsdJqE4dnrQ8VerFS0/1ZOJPmAhN+g8xgp8y3K4= - github.com/deepmap/oapi-codegen v1.3.13/go.mod h1:WAmG5dWY8/PYHt4vKxlt90NsbHMAOCiteYKZMiIRfOo= - github.com/dgraph-io/badger v1.6.0/go.mod h1:zwt7syl517jmP8s94KqSxTlM6IMsdhYy6psNgSztDR4= - github.com/dgraph-io/badger v1.6.2/go.mod h1:JW2yswe3V058sS0kZ2h/AXeDSqFjxnZcRrVH//y2UQE= - github.com/dgraph-io/ristretto v0.0.2/go.mod h1:KPxhHT9ZxKefz+PCeOGsrHpl1qZ7i70dGTu2u+Ahh6E= --github.com/dgrijalva/jwt-go v3.2.0+incompatible h1:7qlOGliEKZXTDg6OTjfoBKDXWrumCAMpl/TFQ4/5kLM= - github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= - github.com/dgryski/go-bitstream v0.0.0-20180413035011-3522498ce2c8/go.mod h1:VMaSuZ+SZcx/wljOQKvp5srsbCiKDEb6K2wC4+PiBmQ= - github.com/dgryski/go-farm v0.0.0-20190423205320-6a90982ecee2/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw= -@@ -434,8 +427,6 @@ github.com/go-logfmt/logfmt v0.5.0 h1:TrB8swr/68K7m9CcGut2g3UOihhbcbiMAYiuTXdEih - github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A= - github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas= - github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= --github.com/go-macaron/binding v0.0.0-20190806013118-0b4f37bab25b h1:U65wj9SF7qUBTGrnt6VxbHCT0Dw8dz4uch52G+5SdfA= --github.com/go-macaron/binding v0.0.0-20190806013118-0b4f37bab25b/go.mod h1:AG8Z6qkQM8s47aUDJOco/SNwJ8Czif2hMm7rc0abDog= - github.com/go-macaron/gzip v0.0.0-20160222043647-cad1c6580a07 h1:YSIA98PevNf1NtCa/J6cz7gjzpz99WVAOa9Eg0klKps= - github.com/go-macaron/gzip v0.0.0-20160222043647-cad1c6580a07/go.mod h1://cJFfDp/70L0oTNAMB+M8Jd0rpuIx/55iARuJ6StwE= - github.com/go-macaron/inject v0.0.0-20160627170012-d8a0b8677191 h1:NjHlg70DuOkcAMqgt0+XA+NHwtu66MkTVVgR4fFWbcI= -@@ -886,7 +877,6 @@ github.com/joeshaw/multierror v0.0.0-20140124173710-69b34d4ec901/go.mod h1:Z86h9 - github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg= - github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= - github.com/jonboulle/clockwork v0.2.0/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8= --github.com/jonboulle/clockwork v0.2.1/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8= - github.com/jonboulle/clockwork v0.2.2 h1:UOGuzwb1PwsrDAObMuhUnj0p5ULPj8V/xJ7Kx9qUBdQ= - github.com/jonboulle/clockwork v0.2.2/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8= - github.com/joncrlsn/dque v2.2.1-0.20200515025108-956d14155fa2+incompatible/go.mod h1:hDZb8oMj3Kp8MxtbNLg9vrtAUDHjgI1yZvqivT4O8Iw= -@@ -914,10 +904,7 @@ github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7 - github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= - github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= - github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= --github.com/jung-kurt/gofpdf v1.0.0/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes= - github.com/jung-kurt/gofpdf v1.0.3-0.20190309125859-24315acbbda5/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes= --github.com/jung-kurt/gofpdf v1.16.2 h1:jgbatWHfRlPYiK85qgevsZTHviWXKwB1TTiKdz5PtRc= --github.com/jung-kurt/gofpdf v1.16.2/go.mod h1:1hl7y57EsiPAkLbOwzpzqgx1A30nQCk/YmFV8S2vmK0= - github.com/jwilder/encoding v0.0.0-20170811194829-b4e1701a28ef/go.mod h1:Ct9fl0F6iIOGgxJ5npU/IUOhOhqlVrGjyIZc8/MagT0= - github.com/k0kubun/colorstring v0.0.0-20150214042306-9440f1994b88 h1:uC1QfSlInpQF+M0ao65imhwqKnz3Q2z/d8PWZRMQvDM= - github.com/k0kubun/colorstring v0.0.0-20150214042306-9440f1994b88/go.mod h1:3w7q1U84EfirKl04SVQ/s7nPm1ZPhiXd34z40TNz36k= -@@ -1006,8 +993,6 @@ github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJ - github.com/markbates/oncer v0.0.0-20181203154359-bf2de49a0be2/go.mod h1:Ld9puTsIW75CHf65OeIOkyKbteujpZVXDpWK6YGZbxE= - github.com/markbates/safe v1.0.1/go.mod h1:nAqgmRi7cY2nqMc92/bSEeQA+R4OheNU2T1kNSCBdG0= - github.com/matryer/moq v0.0.0-20190312154309-6cfb0558e1bd/go.mod h1:9ELz6aaclSIGnZBoaSLZ3NAl1VTufbOrXBPvtcy6WiQ= --github.com/mattermost/xml-roundtrip-validator v0.0.0-20201213122252-bcd7e1b9601e h1:qqXczln0qwkVGcpQ+sQuPOVntt2FytYarXXxYSNJkgw= --github.com/mattermost/xml-roundtrip-validator v0.0.0-20201213122252-bcd7e1b9601e/go.mod h1:qccnGMcpgwcNaBnxqpJpWWUiPNr5H3O8eDgGV9gT5To= - github.com/mattetti/filebuffer v1.0.0/go.mod h1:X6nyAIge2JGVmuJt2MFCqmHrb/5IHiphfHtot0s5cnI= - github.com/mattetti/filebuffer v1.0.1 h1:gG7pyfnSIZCxdoKq+cPa8T0hhYtD9NxCdI4D7PTjRLM= - github.com/mattetti/filebuffer v1.0.1/go.mod h1:YdMURNDOttIiruleeVr6f56OrMc+MydEnTcXwtkxNVs= -@@ -1083,7 +1068,6 @@ github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0Qu - github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= - github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= - github.com/mitchellh/mapstructure v1.2.2/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= --github.com/mitchellh/mapstructure v1.3.2 h1:mRS76wmkOn3KkKAyXDu42V+6ebnXWIztFSYGN7GeoRg= - github.com/mitchellh/mapstructure v1.3.2/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= - github.com/mitchellh/reflectwalk v1.0.1 h1:FVzMWA5RllMAKIdUSC8mdWo3XtwoecrH79BY70sEEpE= - github.com/mitchellh/reflectwalk v1.0.1/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= -@@ -1200,7 +1184,6 @@ github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR - github.com/peterh/liner v1.0.1-0.20180619022028-8c1271fcf47f/go.mod h1:xIteQHvHuaLYG9IFj6mSxM0fCKrs34IrEQUhOYuGPHc= - github.com/philhofer/fwd v1.0.0/go.mod h1:gk3iGcWd9+svBvR0sR+KPcfE+RNWozjowpeBVG3ZVNU= - github.com/philhofer/fwd v1.1.1/go.mod h1:gk3iGcWd9+svBvR0sR+KPcfE+RNWozjowpeBVG3ZVNU= --github.com/phpdave11/gofpdi v1.0.7/go.mod h1:vBmVV0Do6hSBHC8uKUQ71JGW+ZGQq74llk/7bXwjDoI= - github.com/pierrec/cmdflag v0.0.2/go.mod h1:a3zKGZ3cdQUfxjd0RGMLZr8xI3nvpJOB+m6o/1X5BmU= - github.com/pierrec/lz4 v0.0.0-20190327172049-315a67e90e41/go.mod h1:3/3N9NVKO0jef7pBehbT1qWhCMrIgbYNnFAZCqQ5LRc= - github.com/pierrec/lz4 v1.0.2-0.20190131084431-473cd7ce01a1/go.mod h1:3/3N9NVKO0jef7pBehbT1qWhCMrIgbYNnFAZCqQ5LRc= -@@ -1327,7 +1310,6 @@ github.com/russross/blackfriday v1.5.2 h1:HyvC0ARfnZBqnXwABFeSZHpKvJHJJfPz81GNue - github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= - github.com/russross/blackfriday/v2 v2.0.1 h1:lPqVAte+HuHNfhJ/0LC98ESWRz8afy9tM/0RK8m9o+Q= - github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= --github.com/ruudk/golang-pdf417 v0.0.0-20181029194003-1af4ab5afa58/go.mod h1:6lfFZQK844Gfx8o5WFuvpxWRwnSoipWe/p622j1v06w= - github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= - github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= - github.com/samuel/go-zookeeper v0.0.0-20190810000440-0ceca61e4d75/go.mod h1:gi+0XIa01GRL2eRQVjQkKGqKF3SF9vZR/HnPullcV2E= -@@ -1510,7 +1492,6 @@ github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de - github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= - github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= - github.com/yuin/gopher-lua v0.0.0-20200816102855-ee81675732da/go.mod h1:E1AXubJBdNmFERAOucpDIxNzeGfLzg0mYh+UfMWdChA= --github.com/zenazn/goji v0.9.1-0.20160507202103-64eb34159fe5/go.mod h1:7S9M489iMyHBNxwZnk9/EHS098H4/F6TATF2mIxtB1Q= - github.com/ziutek/mymysql v1.5.4 h1:GB0qdRGsTwQSBVYuVShFBKaXSnSnYYC2d9knnE1LHFs= - github.com/ziutek/mymysql v1.5.4/go.mod h1:LMSpPZ6DbqWFxNCHW77HeMg9I646SAhApZ/wKdgO/C0= - gitlab.com/nyarla/go-crypt v0.0.0-20160106005555-d9a5dc2b789b/go.mod h1:T3BPAOm2cqquPa0MKWeNkmOM5RQsRhkrwMWonFMN7fE= -@@ -1619,7 +1600,6 @@ golang.org/x/exp v0.0.0-20200821190819-94841d0725da/go.mod h1:3jZMyOhIsHpP37uCMk - golang.org/x/image v0.0.0-20180708004352-c73c2afc3b81/go.mod h1:ux5Hcp/YLpHSI86hEcLt0YII63i6oz57MZXIpbrjZUs= - golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= - golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= --golang.org/x/image v0.0.0-20190910094157-69e4b8554b2a/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= - golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= - golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= - golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= -@@ -1766,7 +1746,6 @@ golang.org/x/sys v0.0.0-20190626221950-04f50cda93cb/go.mod h1:h1NjWce9XRLGQEsW7w - golang.org/x/sys v0.0.0-20190712062909-fae7ac547cb7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= - golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= - golang.org/x/sys v0.0.0-20190801041406-cbf593c0f2f3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= --golang.org/x/sys v0.0.0-20190804053845-51ab0e2deafa/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= - golang.org/x/sys v0.0.0-20190813064441-fde4db37ae7a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= - golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= - golang.org/x/sys v0.0.0-20190902133755-9109b7679e13/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -@@ -1876,8 +1855,6 @@ golang.org/x/tools v0.0.0-20190617190820-da514acc4774/go.mod h1:/rFqwRUd4F7ZHNgw - golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= - golang.org/x/tools v0.0.0-20190624222133-a101b041ded4/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= - golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= --golang.org/x/tools v0.0.0-20190802220118-1d1727260058/go.mod h1:jcCCGcm9btYwXyDqrUWc6MKQKKGJCWEQ3AfLSRIbEuI= --golang.org/x/tools v0.0.0-20190805222050-c5a2fd39b72a/go.mod h1:jcCCGcm9btYwXyDqrUWc6MKQKKGJCWEQ3AfLSRIbEuI= - golang.org/x/tools v0.0.0-20190813034749-528a2984e271/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= - golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= - golang.org/x/tools v0.0.0-20190907020128-2ca718005c18/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -@@ -1933,7 +1910,6 @@ golang.org/x/tools v0.0.0-20201022035929-9cf592e881e9/go.mod h1:emZCQorbCU4vsT4f - golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= - golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= - golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= --golang.org/x/tools v0.0.0-20201226215659-b1c90890d22a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= - golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= - golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= - golang.org/x/tools v0.0.0-20210108195828-e2f9c7f1fc8e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -@@ -2120,9 +2096,6 @@ gopkg.in/jcmturner/gokrb5.v7 v7.2.3/go.mod h1:l8VISx+WGYp+Fp7KRbsiUuXTTOnxIc3Tuv - gopkg.in/jcmturner/rpc.v1 v1.1.0/go.mod h1:YIdkC4XfD6GXbzje11McwsDuOlZQSb9W4vfLvuNnlv8= - gopkg.in/ldap.v3 v3.0.2 h1:R6RBtabK6e1GO0eQKtkyOFbAHO73QesLzI2w2DZ6b9w= - gopkg.in/ldap.v3 v3.0.2/go.mod h1:oxD7NyBuxchC+SgJDE1Q5Od05eGt29SDQVBmV+HYbzw= --gopkg.in/macaron.v1 v1.3.4/go.mod h1:/RoHTdC8ALpyJ3+QR36mKjwnT1F1dyYtsGM9Ate6ZFI= --gopkg.in/macaron.v1 v1.4.0 h1:RJHC09fAnQ8tuGUiZNjG0uyL1BWSdSWd9SpufIcEArQ= --gopkg.in/macaron.v1 v1.4.0/go.mod h1:uMZCFccv9yr5TipIalVOyAyZQuOH3OkmXvgcWwhJuP4= - gopkg.in/mail.v2 v2.3.1 h1:WYFn/oANrAGP2C0dcV6/pbkPzv8yGzqTjPmTeO7qoXk= - gopkg.in/mail.v2 v2.3.1/go.mod h1:htwXN1Qh09vZJ1NVKxQqHPBaCBbzKhp5GzuJEA4VJWw= - gopkg.in/mgo.v2 v2.0.0-20180705113604-9856a29383ce/go.mod h1:yeKp02qBN3iKW1OzL3MGk2IdtZzaj7SFntXj72NppTA= -@@ -2151,7 +2124,6 @@ gopkg.in/yaml.v3 v3.0.0-20200603094226-e3079894b1e8/go.mod h1:K4uyk7z7BCEPqu6E+C - gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= - gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo= - gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= --gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo= - gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw= - gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk= - honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -diff --git a/pkg/extensions/main.go b/pkg/extensions/main.go -index 24031ace2e..081475fc89 100644 ---- a/pkg/extensions/main.go -+++ b/pkg/extensions/main.go -@@ -6,14 +6,12 @@ import ( - - _ "github.com/beevik/etree" - _ "github.com/cortexproject/cortex/pkg/util" -- _ "github.com/crewjam/saml" - _ "github.com/gobwas/glob" - "github.com/grafana/grafana/pkg/registry" - "github.com/grafana/grafana/pkg/services/licensing" - "github.com/grafana/grafana/pkg/services/validations" - _ "github.com/grafana/loki/pkg/logproto" - _ "github.com/grpc-ecosystem/go-grpc-middleware" -- _ "github.com/jung-kurt/gofpdf" - _ "github.com/linkedin/goavro/v2" - _ "github.com/pkg/errors" - _ "github.com/robfig/cron" diff --git a/005-fix-gtime-test-32bit.patch b/005-fix-gtime-test-32bit.patch deleted file mode 100644 index c38a50fedd406e26159012aca17d000aab11ae83..0000000000000000000000000000000000000000 --- a/005-fix-gtime-test-32bit.patch +++ /dev/null @@ -1,17 +0,0 @@ -diff --git a/pkg/components/gtime/gtime_test.go b/pkg/components/gtime/gtime_test.go -index 0b1b23a1db..eb9fe718c7 100644 ---- a/pkg/components/gtime/gtime_test.go -+++ b/pkg/components/gtime/gtime_test.go -@@ -20,9 +20,9 @@ func TestParseInterval(t *testing.T) { - {inp: "1d", duration: 24 * time.Hour}, - {inp: "1w", duration: 168 * time.Hour}, - {inp: "2w", duration: 2 * 168 * time.Hour}, -- {inp: "1M", duration: time.Duration(daysInMonth * 24 * int(time.Hour))}, -- {inp: "1y", duration: time.Duration(daysInYear * 24 * int(time.Hour))}, -- {inp: "5y", duration: time.Duration(calculateDays5y() * 24 * int(time.Hour))}, -+ {inp: "1M", duration: time.Duration(int64(daysInMonth) * 24 * int64(time.Hour))}, -+ {inp: "1y", duration: time.Duration(int64(daysInYear) * 24 * int64(time.Hour))}, -+ {inp: "5y", duration: time.Duration(int64(calculateDays5y()) * 24 * int64(time.Hour))}, - {inp: "invalid-duration", err: regexp.MustCompile(`^time: invalid duration "?invalid-duration"?$`)}, - } - for i, tc := range tcs { diff --git a/006-remove-unused-frontend-crypto.patch b/006-remove-unused-frontend-crypto.patch deleted file mode 100644 index d430e10674f0407e7732b5b9c838a2ecec092929..0000000000000000000000000000000000000000 --- a/006-remove-unused-frontend-crypto.patch +++ /dev/null @@ -1,752 +0,0 @@ -From 3aed20dfb829f396403bae154cb4fcc0bb586966 Mon Sep 17 00:00:00 2001 -From: Andreas Gerstmayr -Date: Tue, 5 Apr 2022 18:42:31 +0200 -Subject: [PATCH] remove unused frontend crypto - - -diff --git a/package.json b/package.json -index f859115e8d..831586ad88 100644 ---- a/package.json -+++ b/package.json -@@ -294,6 +294,9 @@ - "whatwg-fetch": "3.1.0" - }, - "resolutions": { -+ "crypto-browserify": "https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.1.tgz", -+ "selfsigned": "https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.1.tgz", -+ "http-signature": "https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.1.tgz", - "caniuse-db": "1.0.30000772", - "react-use-measure": "https://github.com/mckn/react-use-measure.git#remove-cjs-export" - }, -diff --git a/scripts/webpack/webpack.common.js b/scripts/webpack/webpack.common.js -index 3e56d31c37..a03ed1a67a 100644 ---- a/scripts/webpack/webpack.common.js -+++ b/scripts/webpack/webpack.common.js -@@ -66,6 +66,7 @@ module.exports = { - }, - node: { - fs: 'empty', -+ crypto: false, - }, - plugins: [ - new MonacoWebpackPlugin({ -diff --git a/yarn.lock b/yarn.lock -index c17e6153be..3f5e5b80d6 100644 ---- a/yarn.lock -+++ b/yarn.lock -@@ -8301,27 +8301,6 @@ asap@~1.0.0: - resolved "https://registry.yarnpkg.com/asap/-/asap-1.0.0.tgz#b2a45da5fdfa20b0496fc3768cc27c12fa916a7d" - integrity sha1-sqRdpf36ILBJb8N2jMJ8EvqRan0= - --asn1.js@^4.0.0: -- version "4.10.1" -- resolved "https://registry.yarnpkg.com/asn1.js/-/asn1.js-4.10.1.tgz#b9c2bf5805f1e64aadeed6df3a2bfafb5a73f5a0" -- integrity sha512-p32cOF5q0Zqs9uBiONKYLm6BClCoBCM5O9JfeUSlnQLBTxYdTK+pW+nXflm8UkKd2UYlEbYz5qEi0JuZR9ckSw== -- dependencies: -- bn.js "^4.0.0" -- inherits "^2.0.1" -- minimalistic-assert "^1.0.0" -- --asn1@~0.2.3: -- version "0.2.4" -- resolved "https://registry.yarnpkg.com/asn1/-/asn1-0.2.4.tgz#8d2475dfab553bb33e77b54e59e880bb8ce23136" -- integrity sha512-jxwzQpLQjSmWXgwaCZE9Nz+glAG01yF1QnWgbhGwHI5A6FRIEY6IVqtHhIepHqI7/kyEyQEagBC5mBEFlIYvdg== -- dependencies: -- safer-buffer "~2.1.0" -- --assert-plus@1.0.0, assert-plus@^1.0.0: -- version "1.0.0" -- resolved "https://registry.yarnpkg.com/assert-plus/-/assert-plus-1.0.0.tgz#f12e0f3c5d77b0b1cdd9146942e4e96c1e4dd525" -- integrity sha1-8S4PPF13sLHN2RRpQuTpbB5N1SU= -- - assert@^1.1.1: - version "1.5.0" - resolved "https://registry.yarnpkg.com/assert/-/assert-1.5.0.tgz#55c109aaf6e0aefdb3dc4b71240c70bf574b18eb" -@@ -8936,13 +8915,6 @@ batch@0.6.1: - resolved "https://registry.yarnpkg.com/batch/-/batch-0.6.1.tgz#dc34314f4e679318093fc760272525f94bf25c16" - integrity sha1-3DQxT05nkxgJP8dgJyUl+UvyXBY= - --bcrypt-pbkdf@^1.0.0: -- version "1.0.2" -- resolved "https://registry.yarnpkg.com/bcrypt-pbkdf/-/bcrypt-pbkdf-1.0.2.tgz#a4301d389b6a43f9b67ff3ca11a3f6637e360e9e" -- integrity sha1-pDAdOJtqQ/m2f/PKEaP2Y342Dp4= -- dependencies: -- tweetnacl "^0.14.3" -- - before-after-hook@^2.0.0: - version "2.1.0" - resolved "https://registry.yarnpkg.com/before-after-hook/-/before-after-hook-2.1.0.tgz#b6c03487f44e24200dd30ca5e6a1979c5d2fb635" -@@ -9009,11 +8981,6 @@ bluebird@^3.3.5, bluebird@^3.5.1, bluebird@^3.5.3, bluebird@^3.7.2: - resolved "https://registry.yarnpkg.com/bluebird/-/bluebird-3.7.2.tgz#9f229c15be272454ffa973ace0dbee79a1b0c36f" - integrity sha512-XpNj6GDQzdfW+r2Wnn7xiSAd7TM3jzkxGXBGTtWKuSXv1xUV+azxAm8jdWZN06QTQk+2N2XB9jRDkvbmQmcRtg== - --bn.js@^4.0.0, bn.js@^4.1.0, bn.js@^4.1.1, bn.js@^4.4.0: -- version "4.11.9" -- resolved "https://registry.yarnpkg.com/bn.js/-/bn.js-4.11.9.tgz#26d556829458f9d1e81fc48952493d0ba3507828" -- integrity sha512-E6QoYqCKZfgatHTdHzs1RRKP7ip4vvm+EyRUeE2RF0NblwVvb0p6jSVeNTOFxPn26QXN2o6SMfNxKp6kU8zQaw== -- - body-parser@1.19.0: - version "1.19.0" - resolved "https://registry.yarnpkg.com/body-parser/-/body-parser-1.19.0.tgz#96b2709e57c9c4e09a6fd66a8fd979844f69f08a" -@@ -9115,11 +9082,6 @@ braces@^3.0.1, braces@~3.0.2: - dependencies: - fill-range "^7.0.1" - --brorand@^1.0.1: -- version "1.1.0" -- resolved "https://registry.yarnpkg.com/brorand/-/brorand-1.1.0.tgz#12c25efe40a45e3c323eb8675a0a0ce57b22371f" -- integrity sha1-EsJe/kCkXjwyPrhnWgoM5XsiNx8= -- - browser-process-hrtime@^0.1.2: - version "0.1.3" - resolved "https://registry.yarnpkg.com/browser-process-hrtime/-/browser-process-hrtime-0.1.3.tgz#616f00faef1df7ec1b5bf9cfe2bdc3170f26c7b4" -@@ -9135,58 +9097,6 @@ browser-stdout@1.3.1: - resolved "https://registry.yarnpkg.com/browser-stdout/-/browser-stdout-1.3.1.tgz#baa559ee14ced73452229bad7326467c61fabd60" - integrity sha512-qhAVI1+Av2X7qelOfAIYwXONood6XlZE/fXaBSmW/T5SzLAmCgzi+eiWE7fUvbHaeNBQH13UftjpXxsfLkMpgw== - --browserify-aes@^1.0.0, browserify-aes@^1.0.4: -- version "1.2.0" -- resolved "https://registry.yarnpkg.com/browserify-aes/-/browserify-aes-1.2.0.tgz#326734642f403dabc3003209853bb70ad428ef48" -- integrity sha512-+7CHXqGuspUn/Sl5aO7Ea0xWGAtETPXNSAjHo48JfLdPWcMng33Xe4znFvQweqc/uzk5zSOI3H52CYnjCfb5hA== -- dependencies: -- buffer-xor "^1.0.3" -- cipher-base "^1.0.0" -- create-hash "^1.1.0" -- evp_bytestokey "^1.0.3" -- inherits "^2.0.1" -- safe-buffer "^5.0.1" -- --browserify-cipher@^1.0.0: -- version "1.0.1" -- resolved "https://registry.yarnpkg.com/browserify-cipher/-/browserify-cipher-1.0.1.tgz#8d6474c1b870bfdabcd3bcfcc1934a10e94f15f0" -- integrity sha512-sPhkz0ARKbf4rRQt2hTpAHqn47X3llLkUGn+xEJzLjwY8LRs2p0v7ljvI5EyoRO/mexrNunNECisZs+gw2zz1w== -- dependencies: -- browserify-aes "^1.0.4" -- browserify-des "^1.0.0" -- evp_bytestokey "^1.0.0" -- --browserify-des@^1.0.0: -- version "1.0.2" -- resolved "https://registry.yarnpkg.com/browserify-des/-/browserify-des-1.0.2.tgz#3af4f1f59839403572f1c66204375f7a7f703e9c" -- integrity sha512-BioO1xf3hFwz4kc6iBhI3ieDFompMhrMlnDFC4/0/vd5MokpuAc3R+LYbwTA9A5Yc9pq9UYPqffKpW2ObuwX5A== -- dependencies: -- cipher-base "^1.0.1" -- des.js "^1.0.0" -- inherits "^2.0.1" -- safe-buffer "^5.1.2" -- --browserify-rsa@^4.0.0: -- version "4.0.1" -- resolved "https://registry.yarnpkg.com/browserify-rsa/-/browserify-rsa-4.0.1.tgz#21e0abfaf6f2029cf2fafb133567a701d4135524" -- integrity sha1-IeCr+vbyApzy+vsTNWenAdQTVSQ= -- dependencies: -- bn.js "^4.1.0" -- randombytes "^2.0.1" -- --browserify-sign@^4.0.0: -- version "4.0.4" -- resolved "https://registry.yarnpkg.com/browserify-sign/-/browserify-sign-4.0.4.tgz#aa4eb68e5d7b658baa6bf6a57e630cbd7a93d298" -- integrity sha1-qk62jl17ZYuqa/alfmMMvXqT0pg= -- dependencies: -- bn.js "^4.1.1" -- browserify-rsa "^4.0.0" -- create-hash "^1.1.0" -- create-hmac "^1.1.2" -- elliptic "^6.0.0" -- inherits "^2.0.1" -- parse-asn1 "^5.0.0" -- - browserify-zlib@^0.2.0: - version "0.2.0" - resolved "https://registry.yarnpkg.com/browserify-zlib/-/browserify-zlib-0.2.0.tgz#2869459d9aa3be245fe8fe2ca1f46e2e7f54d73f" -@@ -9259,11 +9169,6 @@ buffer-indexof@^1.0.0: - resolved "https://registry.yarnpkg.com/buffer-indexof/-/buffer-indexof-1.1.1.tgz#52fabcc6a606d1a00302802648ef68f639da268c" - integrity sha512-4/rOEg86jivtPTeOUUT61jJO1Ya1TrR/OkqCSZDyq84WJh3LuuiphBYJN+fm5xufIk4XAFcEwte/8WzC8If/1g== - --buffer-xor@^1.0.3: -- version "1.0.3" -- resolved "https://registry.yarnpkg.com/buffer-xor/-/buffer-xor-1.0.3.tgz#26e61ed1422fb70dd42e6e36729ed51d855fe8d9" -- integrity sha1-JuYe0UIvtw3ULm42cp7VHYVf6Nk= -- - buffer@^4.3.0: - version "4.9.1" - resolved "https://registry.yarnpkg.com/buffer/-/buffer-4.9.1.tgz#6d1bb601b07a4efced97094132093027c95bc298" -@@ -9566,17 +9471,7 @@ caniuse-db@1.0.30000772: - resolved "https://registry.yarnpkg.com/caniuse-db/-/caniuse-db-1.0.30000772.tgz#51aae891768286eade4a3d8319ea76d6a01b512b" - integrity sha1-UarokXaChureSj2DGep21qAbUSs= - --caniuse-lite@^1.0.0, caniuse-lite@^1.0.30001173: -- version "1.0.30001299" -- resolved "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001299.tgz" -- integrity sha512-iujN4+x7QzqA2NCSrS5VUy+4gLmRd4xv6vbBBsmfVqTx8bLAD8097euLqQgKxSVLvxjSDcvF1T/i9ocgnUFexw== -- --caniuse-lite@^1.0.30000981, caniuse-lite@^1.0.30001020, caniuse-lite@^1.0.30001035, caniuse-lite@^1.0.30001093: -- version "1.0.30001299" -- resolved "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001299.tgz" -- integrity sha512-iujN4+x7QzqA2NCSrS5VUy+4gLmRd4xv6vbBBsmfVqTx8bLAD8097euLqQgKxSVLvxjSDcvF1T/i9ocgnUFexw== -- --caniuse-lite@^1.0.30001109: -+caniuse-lite@^1.0.0, caniuse-lite@^1.0.30000981, caniuse-lite@^1.0.30001020, caniuse-lite@^1.0.30001035, caniuse-lite@^1.0.30001093, caniuse-lite@^1.0.30001109, caniuse-lite@^1.0.30001173: - version "1.0.30001299" - resolved "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001299.tgz" - integrity sha512-iujN4+x7QzqA2NCSrS5VUy+4gLmRd4xv6vbBBsmfVqTx8bLAD8097euLqQgKxSVLvxjSDcvF1T/i9ocgnUFexw== -@@ -9819,14 +9714,6 @@ ci-info@^2.0.0: - resolved "https://registry.yarnpkg.com/ci-info/-/ci-info-2.0.0.tgz#67a9e964be31a51e15e5010d58e6f12834002f46" - integrity sha512-5tK7EtrZ0N+OLFMthtqOj4fI2Jeb88C4CAZPu25LDVUgXJ0A3Js4PMGqrn0JU1W0Mh1/Z8wZzYPxqUrXeBboCQ== - --cipher-base@^1.0.0, cipher-base@^1.0.1, cipher-base@^1.0.3: -- version "1.0.4" -- resolved "https://registry.yarnpkg.com/cipher-base/-/cipher-base-1.0.4.tgz#8760e4ecc272f4c363532f926d874aae2c1397de" -- integrity sha512-Kkht5ye6ZGmwv40uUDZztayT2ThLQGfnj/T71N/XzeZeo3nf8foyW7zGTsPYkEya3m5f3cAypH+qe7YOrM1U2Q== -- dependencies: -- inherits "^2.0.1" -- safe-buffer "^5.0.1" -- - circular-json@^0.3.1: - version "0.3.3" - resolved "https://registry.yarnpkg.com/circular-json/-/circular-json-0.3.3.tgz#815c99ea84f6809529d2f45791bdf82711352d66" -@@ -10562,7 +10449,7 @@ core-js@^3.0.1, core-js@^3.0.4, core-js@^3.6.5: - resolved "https://registry.yarnpkg.com/core-js/-/core-js-3.8.3.tgz#c21906e1f14f3689f93abcc6e26883550dd92dd0" - integrity sha512-KPYXeVZYemC2TkNEkX/01I+7yd+nX3KddKwZ1Ww7SKWdI2wQprSgLmrTddT8nw92AjEklTsPBoSdQBhbI1bQ6Q== - --core-util-is@1.0.2, core-util-is@~1.0.0: -+core-util-is@~1.0.0: - version "1.0.2" - resolved "https://registry.yarnpkg.com/core-util-is/-/core-util-is-1.0.2.tgz#b5fd54220aa2bc5ab57aab7140c940754503c1a7" - integrity sha1-tf1UIgqivFq1eqtxQMlAdUUDwac= -@@ -10613,14 +10500,6 @@ cpy@^8.1.1: - p-filter "^2.1.0" - p-map "^3.0.0" - --create-ecdh@^4.0.0: -- version "4.0.3" -- resolved "https://registry.yarnpkg.com/create-ecdh/-/create-ecdh-4.0.3.tgz#c9111b6f33045c4697f144787f9254cdc77c45ff" -- integrity sha512-GbEHQPMOswGpKXM9kCWVrremUcBmjteUaQ01T9rkKCPDXfUHX0IoP9LpHYo2NPFampa4e+/pFDc3jQdxrxQLaw== -- dependencies: -- bn.js "^4.1.0" -- elliptic "^6.0.0" -- - create-emotion@^10.0.27: - version "10.0.27" - resolved "https://registry.yarnpkg.com/create-emotion/-/create-emotion-10.0.27.tgz#cb4fa2db750f6ca6f9a001a33fbf1f6c46789503" -@@ -10638,29 +10517,6 @@ create-error-class@^3.0.0: - dependencies: - capture-stack-trace "^1.0.0" - --create-hash@^1.1.0, create-hash@^1.1.2: -- version "1.2.0" -- resolved "https://registry.yarnpkg.com/create-hash/-/create-hash-1.2.0.tgz#889078af11a63756bcfb59bd221996be3a9ef196" -- integrity sha512-z00bCGNHDG8mHAkP7CtT1qVu+bFQUPjYq/4Iv3C3kWjTFV10zIjfSoeqXo9Asws8gwSHDGj/hl2u4OGIjapeCg== -- dependencies: -- cipher-base "^1.0.1" -- inherits "^2.0.1" -- md5.js "^1.3.4" -- ripemd160 "^2.0.1" -- sha.js "^2.4.0" -- --create-hmac@^1.1.0, create-hmac@^1.1.2, create-hmac@^1.1.4: -- version "1.1.7" -- resolved "https://registry.yarnpkg.com/create-hmac/-/create-hmac-1.1.7.tgz#69170c78b3ab957147b2b8b04572e47ead2243ff" -- integrity sha512-MJG9liiZ+ogc4TzUwuvbER1JRdgvUFSB5+VR/g5h82fGaIRWMWddtKBHi7/sVhfjQZ6SehlyhvQYrcYkaUIpLg== -- dependencies: -- cipher-base "^1.0.3" -- create-hash "^1.1.0" -- inherits "^2.0.1" -- ripemd160 "^2.0.0" -- safe-buffer "^5.0.1" -- sha.js "^2.4.8" -- - create-react-context@0.3.0: - version "0.3.0" - resolved "https://registry.yarnpkg.com/create-react-context/-/create-react-context-0.3.0.tgz#546dede9dc422def0d3fc2fe03afe0bc0f4f7d8c" -@@ -10712,22 +10568,9 @@ crypt@~0.0.1: - resolved "https://registry.yarnpkg.com/crypt/-/crypt-0.0.2.tgz#88d7ff7ec0dfb86f713dc87bbb42d044d3e6c41b" - integrity sha1-iNf/fsDfuG9xPch7u0LQRNPmxBs= - --crypto-browserify@^3.11.0: -- version "3.12.0" -- resolved "https://registry.yarnpkg.com/crypto-browserify/-/crypto-browserify-3.12.0.tgz#396cf9f3137f03e4b8e532c58f698254e00f80ec" -- integrity sha512-fz4spIh+znjO2VjL+IdhEpRJ3YN6sMzITSBijk6FK2UvTqruSQW+/cCZTSNsMiZNvUeq0CqurF+dAbyiGOY6Wg== -- dependencies: -- browserify-cipher "^1.0.0" -- browserify-sign "^4.0.0" -- create-ecdh "^4.0.0" -- create-hash "^1.1.0" -- create-hmac "^1.1.0" -- diffie-hellman "^5.0.0" -- inherits "^2.0.1" -- pbkdf2 "^3.0.3" -- public-encrypt "^4.0.0" -- randombytes "^2.0.0" -- randomfill "^1.0.3" -+crypto-browserify@^3.11.0, "crypto-browserify@https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.1.tgz", "http-signature@https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.1.tgz", http-signature@~1.2.0, selfsigned@^1.10.8, "selfsigned@https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.1.tgz": -+ version "1.1.1" -+ resolved "https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.1.tgz#f8cae15d883ffc0abc663b5eaaa711fcc64bb5c2" - - crypto-random-string@^1.0.0: - version "1.0.0" -@@ -11450,13 +11293,6 @@ dargs@^4.0.1: - dependencies: - number-is-nan "^1.0.0" - --dashdash@^1.12.0: -- version "1.14.1" -- resolved "https://registry.yarnpkg.com/dashdash/-/dashdash-1.14.1.tgz#853cfa0f7cbe2fed5de20326b8dd581035f6e2f0" -- integrity sha1-hTz6D3y+L+1d4gMmuN1YEDX24vA= -- dependencies: -- assert-plus "^1.0.0" -- - data-urls@^1.1.0: - version "1.1.0" - resolved "https://registry.yarnpkg.com/data-urls/-/data-urls-1.1.0.tgz#15ee0582baa5e22bb59c77140da8f9c76963bbfe" -@@ -11709,14 +11545,6 @@ deprecation@^2.0.0, deprecation@^2.3.1: - resolved "https://registry.yarnpkg.com/deprecation/-/deprecation-2.3.1.tgz#6368cbdb40abf3373b525ac87e4a260c3a700919" - integrity sha512-xmHIy4F3scKVwMsQ4WnVaS8bHOx0DmVwRywosKhaILI0ywMDWPtBSku2HNxRvF7jtwDRsoEwYQSfbxj8b7RlJQ== - --des.js@^1.0.0: -- version "1.0.0" -- resolved "https://registry.yarnpkg.com/des.js/-/des.js-1.0.0.tgz#c074d2e2aa6a8a9a07dbd61f9a15c2cd83ec8ecc" -- integrity sha1-wHTS4qpqipoH29YfmhXCzYPsjsw= -- dependencies: -- inherits "^2.0.1" -- minimalistic-assert "^1.0.0" -- - destroy@~1.0.4: - version "1.0.4" - resolved "https://registry.yarnpkg.com/destroy/-/destroy-1.0.4.tgz#978857442c44749e4206613e37946205826abd80" -@@ -11808,15 +11636,6 @@ diff@^4.0.2: - resolved "https://registry.yarnpkg.com/diff/-/diff-4.0.2.tgz#60f3aecb89d5fae520c11aa19efc2bb982aade7d" - integrity sha512-58lmxKSA4BNyLz+HHMUzlOEpg09FV+ev6ZMe3vJihgdxzgcwZ8VoEEPmALCZG9LmqfVoNMMKpttIYTVG6uDY7A== - --diffie-hellman@^5.0.0: -- version "5.0.3" -- resolved "https://registry.yarnpkg.com/diffie-hellman/-/diffie-hellman-5.0.3.tgz#40e8ee98f55a2149607146921c63e1ae5f3d2875" -- integrity sha512-kqag/Nl+f3GwyK25fhUMYj81BUOrZ9IuJsjIcDE5icNM9FJHAVm3VcUDxdLPoQtTuUylWm6ZIknYJwwaPxsUzg== -- dependencies: -- bn.js "^4.1.0" -- miller-rabin "^4.0.0" -- randombytes "^2.0.0" -- - dir-glob@2.0.0: - version "2.0.0" - resolved "https://registry.yarnpkg.com/dir-glob/-/dir-glob-2.0.0.tgz#0b205d2b6aef98238ca286598a8204d29d0a0034" -@@ -12084,14 +11903,6 @@ eastasianwidth@^0.2.0: - resolved "https://registry.yarnpkg.com/eastasianwidth/-/eastasianwidth-0.2.0.tgz#696ce2ec0aa0e6ea93a397ffcf24aa7840c827cb" - integrity sha512-I88TYZWc9XiYHRQ4/3c5rjjfgkjhLyW2luGIheGERbNQ6OY7yTybanSpDXZa8y7VUP9YmDcYa+eyq4ca7iLqWA== - --ecc-jsbn@~0.1.1: -- version "0.1.2" -- resolved "https://registry.yarnpkg.com/ecc-jsbn/-/ecc-jsbn-0.1.2.tgz#3a83a904e54353287874c564b7549386849a98c9" -- integrity sha1-OoOpBOVDUyh4dMVkt1SThoSamMk= -- dependencies: -- jsbn "~0.1.0" -- safer-buffer "^2.1.0" -- - ee-first@1.1.1: - version "1.1.1" - resolved "https://registry.yarnpkg.com/ee-first/-/ee-first-1.1.1.tgz#590c61156b0ae2f4f0255732a158b266bc56b21d" -@@ -12136,19 +11947,6 @@ element-resize-detector@^1.2.1: - dependencies: - batch-processor "1.0.0" - --elliptic@^6.0.0: -- version "6.5.3" -- resolved "https://registry.yarnpkg.com/elliptic/-/elliptic-6.5.3.tgz#cb59eb2efdaf73a0bd78ccd7015a62ad6e0f93d6" -- integrity sha512-IMqzv5wNQf+E6aHeIqATs0tOLeOTwj1QKbRcS3jBbYkl5oLAserA8yJTT7/VyHUYG91PRmPyeQDObKLPpeS4dw== -- dependencies: -- bn.js "^4.4.0" -- brorand "^1.0.1" -- hash.js "^1.0.0" -- hmac-drbg "^1.0.0" -- inherits "^2.0.1" -- minimalistic-assert "^1.0.0" -- minimalistic-crypto-utils "^1.0.0" -- - emitter-component@^1.1.1: - version "1.1.1" - resolved "https://registry.yarnpkg.com/emitter-component/-/emitter-component-1.1.1.tgz#065e2dbed6959bf470679edabeaf7981d1003ab6" -@@ -13033,14 +12831,6 @@ eventsource@^1.0.7: - dependencies: - original "^1.0.0" - --evp_bytestokey@^1.0.0, evp_bytestokey@^1.0.3: -- version "1.0.3" -- resolved "https://registry.yarnpkg.com/evp_bytestokey/-/evp_bytestokey-1.0.3.tgz#7fcbdb198dc71959432efe13842684e0525acb02" -- integrity sha512-/f2Go4TognH/KvCISP7OUsHn85hT9nUkxxA9BEWxFn+Oj9o8ZNLm/40hdlgSLyuOimsrTKLUMEorQexp/aPQeA== -- dependencies: -- md5.js "^1.3.4" -- safe-buffer "^5.1.1" -- - exec-sh@^0.3.2: - version "0.3.2" - resolved "https://registry.yarnpkg.com/exec-sh/-/exec-sh-0.3.2.tgz#6738de2eb7c8e671d0366aea0b0db8c6f7d7391b" -@@ -13311,16 +13101,6 @@ extract-zip@^1.7.0: - mkdirp "^0.5.4" - yauzl "^2.10.0" - --extsprintf@1.3.0: -- version "1.3.0" -- resolved "https://registry.yarnpkg.com/extsprintf/-/extsprintf-1.3.0.tgz#96918440e3041a7a414f8c52e3c574eb3c3e1e05" -- integrity sha1-lpGEQOMEGnpBT4xS48V06zw+HgU= -- --extsprintf@^1.2.0: -- version "1.4.0" -- resolved "https://registry.yarnpkg.com/extsprintf/-/extsprintf-1.4.0.tgz#e2689f8f356fad62cca65a3a91c5df5f9551692f" -- integrity sha1-4mifjzVvrWLMplo6kcXfX5VRaS8= -- - fast-deep-equal@^2.0.1: - version "2.0.1" - resolved "https://registry.yarnpkg.com/fast-deep-equal/-/fast-deep-equal-2.0.1.tgz#7b05218ddf9667bf7f370bf7fdb2cb15fdd0aa49" -@@ -14177,13 +13957,6 @@ getos@^3.2.1: - dependencies: - async "^3.2.0" - --getpass@^0.1.1: -- version "0.1.7" -- resolved "https://registry.yarnpkg.com/getpass/-/getpass-0.1.7.tgz#5eff8e3e684d569ae4cb2b1282604e8ba62149fa" -- integrity sha1-Xv+OPmhNVprkyysSgmBOi6YhSfo= -- dependencies: -- assert-plus "^1.0.0" -- - git-raw-commits@2.0.0: - version "2.0.0" - resolved "https://registry.yarnpkg.com/git-raw-commits/-/git-raw-commits-2.0.0.tgz#d92addf74440c14bcc5c83ecce3fb7f8a79118b5" -@@ -14685,22 +14458,6 @@ has@^1.0.0, has@^1.0.1, has@^1.0.3: - dependencies: - function-bind "^1.1.1" - --hash-base@^3.0.0: -- version "3.0.4" -- resolved "https://registry.yarnpkg.com/hash-base/-/hash-base-3.0.4.tgz#5fc8686847ecd73499403319a6b0a3f3f6ae4918" -- integrity sha1-X8hoaEfs1zSZQDMZprCj8/auSRg= -- dependencies: -- inherits "^2.0.1" -- safe-buffer "^5.0.1" -- --hash.js@^1.0.0, hash.js@^1.0.3: -- version "1.1.7" -- resolved "https://registry.yarnpkg.com/hash.js/-/hash.js-1.1.7.tgz#0babca538e8d4ee4a0f8988d68866537a003cf42" -- integrity sha512-taOaskGt4z4SOANNseOviYDvjEJinIkRgmp7LbKP2YTTmVxWBl87s/uzK9r+44BclBSp2X7K1hqeNfz9JbBeXA== -- dependencies: -- inherits "^2.0.3" -- minimalistic-assert "^1.0.1" -- - hast-to-hyperscript@^9.0.0: - version "9.0.1" - resolved "https://registry.yarnpkg.com/hast-to-hyperscript/-/hast-to-hyperscript-9.0.1.tgz#9b67fd188e4c81e8ad66f803855334173920218d" -@@ -14789,15 +14546,6 @@ highlight.js@^10.1.1, highlight.js@~10.5.0: - resolved "https://registry.yarnpkg.com/highlight.js/-/highlight.js-10.5.0.tgz#3f09fede6a865757378f2d9ebdcbc15ba268f98f" - integrity sha512-xTmvd9HiIHR6L53TMC7TKolEj65zG1XU+Onr8oi86mYa+nLcIbxTTWkpW7CsEwv/vK7u1zb8alZIMLDqqN6KTw== - --hmac-drbg@^1.0.0: -- version "1.0.1" -- resolved "https://registry.yarnpkg.com/hmac-drbg/-/hmac-drbg-1.0.1.tgz#d2745701025a6c775a6c545793ed502fc0c649a1" -- integrity sha1-0nRXAQJabHdabFRXk+1QL8DGSaE= -- dependencies: -- hash.js "^1.0.3" -- minimalistic-assert "^1.0.0" -- minimalistic-crypto-utils "^1.0.1" -- - hoist-non-react-statics@3.3.2, hoist-non-react-statics@^3.3.2: - version "3.3.2" - resolved "https://registry.yarnpkg.com/hoist-non-react-statics/-/hoist-non-react-statics-3.3.2.tgz#ece0acaf71d62c2969c2ec59feff42a4b1a85b45" -@@ -15075,15 +14823,6 @@ http-proxy@^1.17.0: - follow-redirects "^1.0.0" - requires-port "^1.0.0" - --http-signature@~1.2.0: -- version "1.2.0" -- resolved "https://registry.yarnpkg.com/http-signature/-/http-signature-1.2.0.tgz#9aecd925114772f3d95b65a60abb8f7c18fbace1" -- integrity sha1-muzZJRFHcvPZW2WmCruPfBj7rOE= -- dependencies: -- assert-plus "^1.0.0" -- jsprim "^1.2.2" -- sshpk "^1.7.0" -- - https-browserify@^1.0.0: - version "1.0.0" - resolved "https://registry.yarnpkg.com/https-browserify/-/https-browserify-1.0.0.tgz#ec06c10e0a34c0f2faf199f7fd7fc78fffd03c73" -@@ -16868,11 +16607,6 @@ js-yaml@3.13.1, js-yaml@^3.13.1, js-yaml@^3.4.6, js-yaml@^3.5.1, js-yaml@^3.5.4, - argparse "^1.0.7" - esprima "^4.0.0" - --jsbn@~0.1.0: -- version "0.1.1" -- resolved "https://registry.yarnpkg.com/jsbn/-/jsbn-0.1.1.tgz#a5e654c2e5a2deb5f201d96cefbca80c0ef2f513" -- integrity sha1-peZUwuWi3rXyAdls77yoDA7y9RM= -- - jsdoctypeparser@^9.0.0: - version "9.0.0" - resolved "https://registry.yarnpkg.com/jsdoctypeparser/-/jsdoctypeparser-9.0.0.tgz#8c97e2fb69315eb274b0f01377eaa5c940bd7b26" -@@ -16982,11 +16716,6 @@ json-schema-traverse@^1.0.0: - resolved "https://registry.yarnpkg.com/json-schema-traverse/-/json-schema-traverse-1.0.0.tgz#ae7bcb3656ab77a73ba5c49bf654f38e6b6860e2" - integrity sha512-NM8/P9n3XjXhIZn1lLhkFaACTOURQXjWhV4BA/RnOv8xvgqtqpAX9IO4mRQxSx1Rlo4tqzeqb0sOlruaOy3dug== - --json-schema@0.2.3: -- version "0.2.3" -- resolved "https://registry.yarnpkg.com/json-schema/-/json-schema-0.2.3.tgz#b480c892e59a2f05954ce727bd3f2a4e882f9e13" -- integrity sha1-tIDIkuWaLwWVTOcnvT8qTogvnhM= -- - json-stable-stringify-without-jsonify@^1.0.1: - version "1.0.1" - resolved "https://registry.yarnpkg.com/json-stable-stringify-without-jsonify/-/json-stable-stringify-without-jsonify-1.0.1.tgz#9db7b59496ad3f3cfef30a75142d2d930ad72651" -@@ -17087,16 +16816,6 @@ jsonpointer@^4.0.0: - resolved "https://registry.yarnpkg.com/jsonpointer/-/jsonpointer-4.0.1.tgz#4fd92cb34e0e9db3c89c8622ecf51f9b978c6cb9" - integrity sha1-T9kss04OnbPInIYi7PUfm5eMbLk= - --jsprim@^1.2.2: -- version "1.4.1" -- resolved "https://registry.yarnpkg.com/jsprim/-/jsprim-1.4.1.tgz#313e66bc1e5cc06e438bc1b7499c2e5c56acb6a2" -- integrity sha1-MT5mvB5cwG5Di8G3SZwuXFastqI= -- dependencies: -- assert-plus "1.0.0" -- extsprintf "1.3.0" -- json-schema "0.2.3" -- verror "1.10.0" -- - jsurl@^0.1.5: - version "0.1.5" - resolved "https://registry.yarnpkg.com/jsurl/-/jsurl-0.1.5.tgz#2a5c8741de39cacafc12f448908bf34e960dcee8" -@@ -17886,15 +17605,6 @@ md5-file@^4.0.0: - resolved "https://registry.yarnpkg.com/md5-file/-/md5-file-4.0.0.tgz#f3f7ba1e2dd1144d5bf1de698d0e5f44a4409584" - integrity sha512-UC0qFwyAjn4YdPpKaDNw6gNxRf7Mcx7jC1UGCY4boCzgvU2Aoc1mOGzTtrjjLKhM5ivsnhoKpQVxKPp+1j1qwg== - --md5.js@^1.3.4: -- version "1.3.5" -- resolved "https://registry.yarnpkg.com/md5.js/-/md5.js-1.3.5.tgz#b5d07b8e3216e3e27cd728d72f70d1e6a342005f" -- integrity sha512-xitP+WxNPcTTOgnTJcrhM0xvdPepipPSf3I8EIpGKeFLjt3PlJLIDG3u8EX53ZIubkb+5U2+3rELYpEhHhzdkg== -- dependencies: -- hash-base "^3.0.0" -- inherits "^2.0.1" -- safe-buffer "^5.1.2" -- - md5@^2.2.1: - version "2.2.1" - resolved "https://registry.yarnpkg.com/md5/-/md5-2.2.1.tgz#53ab38d5fe3c8891ba465329ea23fac0540126f9" -@@ -18123,14 +17833,6 @@ micromatch@^4.0.0, micromatch@^4.0.2: - braces "^3.0.1" - picomatch "^2.0.5" - --miller-rabin@^4.0.0: -- version "4.0.1" -- resolved "https://registry.yarnpkg.com/miller-rabin/-/miller-rabin-4.0.1.tgz#f080351c865b0dc562a8462966daa53543c78a4d" -- integrity sha512-115fLhvZVqWwHPbClyntxEVfVDfl9DLLTuJvq3g2O/Oxi8AiNouAHvDSzHS0viUJc+V5vm3eq91Xwqn9dp4jRA== -- dependencies: -- bn.js "^4.0.0" -- brorand "^1.0.1" -- - mime-db@1.40.0: - version "1.40.0" - resolved "https://registry.yarnpkg.com/mime-db/-/mime-db-1.40.0.tgz#a65057e998db090f732a68f6c276d387d4126c32" -@@ -18217,16 +17919,11 @@ mini-svg-data-uri@^1.1.3: - resolved "https://registry.yarnpkg.com/mini-svg-data-uri/-/mini-svg-data-uri-1.1.3.tgz#9759ee5f4d89a4b724d089ce52eab4b623bfbc88" - integrity sha512-EeKOmdzekjdPe53/GdxmUpNgDQFkNeSte6XkJmOBt4BfWL6FQ9G9RtLNh+JMjFS3LhdpSICMIkZdznjiecASHQ== - --minimalistic-assert@^1.0.0, minimalistic-assert@^1.0.1: -+minimalistic-assert@^1.0.0: - version "1.0.1" - resolved "https://registry.yarnpkg.com/minimalistic-assert/-/minimalistic-assert-1.0.1.tgz#2e194de044626d4a10e7f7fbc00ce73e83e4d5c7" - integrity sha512-UtJcAD4yEaGtjPezWuO9wC4nwUnVH/8/Im3yEHQP4b67cXlD/Qr9hdITCU1xDbSEXg2XKNaP8jsReV7vQd00/A== - --minimalistic-crypto-utils@^1.0.0, minimalistic-crypto-utils@^1.0.1: -- version "1.0.1" -- resolved "https://registry.yarnpkg.com/minimalistic-crypto-utils/-/minimalistic-crypto-utils-1.0.1.tgz#f6c00c1c0b082246e5c4d99dfb8c7c083b2b582a" -- integrity sha1-9sAMHAsIIkblxNmd+4x8CDsrWCo= -- - minimatch@3.0.3: - version "3.0.3" - resolved "https://registry.yarnpkg.com/minimatch/-/minimatch-3.0.3.tgz#2a4e4090b96b2db06a9d7df01055a62a77c9b774" -@@ -18749,11 +18446,6 @@ node-fetch@^2.5.0, node-fetch@^2.6.0, node-fetch@^2.6.1: - resolved "https://registry.yarnpkg.com/node-fetch/-/node-fetch-2.6.1.tgz#045bd323631f76ed2e2b55573394416b639a0052" - integrity sha512-V4aYg89jEoVRxRb2fJdAg8FHvI7cEyYdVAh94HH0UIK8oJxUfkjlDQN9RbMx+bEjP7+ggMiFRprSti032Oipxw== - --node-forge@^0.10.0: -- version "0.10.0" -- resolved "https://registry.yarnpkg.com/node-forge/-/node-forge-0.10.0.tgz#32dea2afb3e9926f02ee5ce8794902691a676bf3" -- integrity sha512-PPmu8eEeG9saEUvI97fm4OYxXVB6bFvyNTyiUOBichBpFG8A1Ljw3bY62+5oOjDEMHRnd0Y7HQ+x7uzxOzC6JA== -- - node-gyp@^5.0.2: - version "5.1.1" - resolved "https://registry.yarnpkg.com/node-gyp/-/node-gyp-5.1.1.tgz#eb915f7b631c937d282e33aed44cb7a025f62a3e" -@@ -19671,18 +19363,6 @@ parent-module@^1.0.0: - dependencies: - callsites "^3.0.0" - --parse-asn1@^5.0.0: -- version "5.1.5" -- resolved "https://registry.yarnpkg.com/parse-asn1/-/parse-asn1-5.1.5.tgz#003271343da58dc94cace494faef3d2147ecea0e" -- integrity sha512-jkMYn1dcJqF6d5CpU689bq7w/b5ALS9ROVSpQDPrZsqqesUJii9qutvoT5ltGedNXMO2e16YUWIghG9KxaViTQ== -- dependencies: -- asn1.js "^4.0.0" -- browserify-aes "^1.0.0" -- create-hash "^1.1.0" -- evp_bytestokey "^1.0.0" -- pbkdf2 "^3.0.3" -- safe-buffer "^5.1.1" -- - parse-entities@^2.0.0: - version "2.0.0" - resolved "https://registry.yarnpkg.com/parse-entities/-/parse-entities-2.0.0.tgz#53c6eb5b9314a1f4ec99fa0fdf7ce01ecda0cbe8" -@@ -19875,17 +19555,6 @@ path-type@^4.0.0: - resolved "https://registry.yarnpkg.com/path-type/-/path-type-4.0.0.tgz#84ed01c0a7ba380afe09d90a8c180dcd9d03043b" - integrity sha512-gDKb8aZMDeD/tZWs9P6+q0J9Mwkdl6xMV8TjnGP3qJVJ06bdMgkbBlLU8IdfOsIsFz2BW1rNVT3XuNEl8zPAvw== - --pbkdf2@^3.0.3: -- version "3.0.17" -- resolved "https://registry.yarnpkg.com/pbkdf2/-/pbkdf2-3.0.17.tgz#976c206530617b14ebb32114239f7b09336e93a6" -- integrity sha512-U/il5MsrZp7mGg3mSQfn742na2T+1/vHDCG5/iTI3X9MKUuYUZVLQhyRsg06mCgDBTd57TxzgZt7P+fYfjRLtA== -- dependencies: -- create-hash "^1.1.2" -- create-hmac "^1.1.4" -- ripemd160 "^2.0.1" -- safe-buffer "^5.0.1" -- sha.js "^2.4.8" -- - pend@~1.2.0: - version "1.2.0" - resolved "https://registry.yarnpkg.com/pend/-/pend-1.2.0.tgz#7a57eb550a6783f9115331fcf4663d5c8e007a50" -@@ -21143,18 +20812,6 @@ pstree.remy@^1.1.7: - resolved "https://registry.yarnpkg.com/pstree.remy/-/pstree.remy-1.1.8.tgz#c242224f4a67c21f686839bbdb4ac282b8373d3a" - integrity sha512-77DZwxQmxKnu3aR542U+X8FypNzbfJ+C5XQDk3uWjWxn6151aIMGthWYRXTqT1E5oJvg+ljaa2OJi+VfvCOQ8w== - --public-encrypt@^4.0.0: -- version "4.0.3" -- resolved "https://registry.yarnpkg.com/public-encrypt/-/public-encrypt-4.0.3.tgz#4fcc9d77a07e48ba7527e7cbe0de33d0701331e0" -- integrity sha512-zVpa8oKZSz5bTMTFClc1fQOnyyEzpl5ozpi1B5YcvBrdohMjH2rfsBtyXcuNuwjsDIXmBYlF2N5FlJYhR29t8Q== -- dependencies: -- bn.js "^4.1.0" -- browserify-rsa "^4.0.0" -- create-hash "^1.1.0" -- parse-asn1 "^5.0.0" -- randombytes "^2.0.1" -- safe-buffer "^5.1.2" -- - pump@^2.0.0: - version "2.0.1" - resolved "https://registry.yarnpkg.com/pump/-/pump-2.0.1.tgz#12399add6e4cf7526d973cbc8b5ce2e2908b3909" -@@ -21306,21 +20963,13 @@ randexp@0.4.6: - discontinuous-range "1.0.0" - ret "~0.1.10" - --randombytes@^2.0.0, randombytes@^2.0.1, randombytes@^2.0.5, randombytes@^2.1.0: -+randombytes@^2.1.0: - version "2.1.0" - resolved "https://registry.yarnpkg.com/randombytes/-/randombytes-2.1.0.tgz#df6f84372f0270dc65cdf6291349ab7a473d4f2a" - integrity sha512-vYl3iOX+4CKUWuxGi9Ukhie6fsqXqS9FE2Zaic4tNFD2N2QQaXOMFbuKK4QmDHC0JO6B1Zp41J0LpT0oR68amQ== - dependencies: - safe-buffer "^5.1.0" - --randomfill@^1.0.3: -- version "1.0.4" -- resolved "https://registry.yarnpkg.com/randomfill/-/randomfill-1.0.4.tgz#c92196fc86ab42be983f1bf31778224931d61458" -- integrity sha512-87lcbR8+MhcWcUiQ+9e+Rwx8MyR2P7qnt15ynUlbm3TU/fjbgz4GsvfSUDTemtCCtVCqb4ZcEFlyPNTh9bBTLw== -- dependencies: -- randombytes "^2.0.5" -- safe-buffer "^5.1.0" -- - range-parser@^1.2.1, range-parser@~1.2.1: - version "1.2.1" - resolved "https://registry.yarnpkg.com/range-parser/-/range-parser-1.2.1.tgz#3cf37023d199e1c24d1a55b84800c2f3e6468031" -@@ -23056,14 +22705,6 @@ rimraf@~2.6.2: - dependencies: - glob "^7.1.3" - --ripemd160@^2.0.0, ripemd160@^2.0.1: -- version "2.0.2" -- resolved "https://registry.yarnpkg.com/ripemd160/-/ripemd160-2.0.2.tgz#a1c1a6f624751577ba5d07914cbc92850585890c" -- integrity sha512-ii4iagi25WusVoiC4B4lq7pbXfAp3D9v5CwfkY33vffw2+pkDjY1D8GaN7spsxvCSx8dkPqOZCEZyfxcmJG2IA== -- dependencies: -- hash-base "^3.0.0" -- inherits "^2.0.1" -- - rollup-plugin-copy@3.3.0: - version "3.3.0" - resolved "https://registry.yarnpkg.com/rollup-plugin-copy/-/rollup-plugin-copy-3.3.0.tgz#5ba230047f86b9f703a29288f242948a5580e7b9" -@@ -23248,7 +22889,7 @@ safe-regex@^1.1.0: - dependencies: - ret "~0.1.10" - --"safer-buffer@>= 2.1.2 < 3", safer-buffer@^2.0.2, safer-buffer@^2.1.0, safer-buffer@~2.1.0: -+"safer-buffer@>= 2.1.2 < 3": - version "2.1.2" - resolved "https://registry.yarnpkg.com/safer-buffer/-/safer-buffer-2.1.2.tgz#44fa161b0187b9549dd84bb91802f9bd8385cd6a" - integrity sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg== -@@ -23442,13 +23083,6 @@ selection-is-backward@^1.0.0: - resolved "https://registry.yarnpkg.com/selection-is-backward/-/selection-is-backward-1.0.0.tgz#97a54633188a511aba6419fc5c1fa91b467e6be1" - integrity sha1-l6VGMxiKURq6ZBn8XB+pG0Z+a+E= - --selfsigned@^1.10.8: -- version "1.10.8" -- resolved "https://registry.yarnpkg.com/selfsigned/-/selfsigned-1.10.8.tgz#0d17208b7d12c33f8eac85c41835f27fc3d81a30" -- integrity sha512-2P4PtieJeEwVgTU9QEcwIRDQ/mXJLX8/+I3ur+Pg16nS8oNbrGxEso9NyYWy8NAmXiNl4dlAp5MwoNeCWzON4w== -- dependencies: -- node-forge "^0.10.0" -- - semver-compare@^1.0.0: - version "1.0.0" - resolved "https://registry.yarnpkg.com/semver-compare/-/semver-compare-1.0.0.tgz#0dee216a1c941ab37e9efb1788f6afc5ff5537fc" -@@ -23590,14 +23224,6 @@ setprototypeof@1.1.1: - resolved "https://registry.yarnpkg.com/setprototypeof/-/setprototypeof-1.1.1.tgz#7e95acb24aa92f5885e0abef5ba131330d4ae683" - integrity sha512-JvdAWfbXeIGaZ9cILp38HntZSFSo3mWg6xGcJJsd+d4aRMOqauag1C63dJfDw7OaMYwEbHMOxEZ1lqVRYP2OAw== - --sha.js@^2.4.0, sha.js@^2.4.8: -- version "2.4.11" -- resolved "https://registry.yarnpkg.com/sha.js/-/sha.js-2.4.11.tgz#37a5cf0b81ecbc6943de109ba2960d1b26584ae7" -- integrity sha512-QMEp5B7cftE7APOjk5Y6xgrbWu+WkLVQwk8JNjZ8nKRciZaByEW6MubieAiToS7+dwvrjGhH8jRXz3MVd0AYqQ== -- dependencies: -- inherits "^2.0.1" -- safe-buffer "^5.0.1" -- - shallow-clone@^3.0.0: - version "3.0.1" - resolved "https://registry.yarnpkg.com/shallow-clone/-/shallow-clone-3.0.1.tgz#8f2981ad92531f55035b01fb230769a40e02efa3" -@@ -24063,21 +23689,6 @@ sprintf-js@~1.0.2: - resolved "https://registry.yarnpkg.com/sprintf-js/-/sprintf-js-1.0.3.tgz#04e6926f662895354f3dd015203633b857297e2c" - integrity sha1-BOaSb2YolTVPPdAVIDYzuFcpfiw= - --sshpk@^1.7.0: -- version "1.16.1" -- resolved "https://registry.yarnpkg.com/sshpk/-/sshpk-1.16.1.tgz#fb661c0bef29b39db40769ee39fa70093d6f6877" -- integrity sha512-HXXqVUq7+pcKeLqqZj6mHFUMvXtOJt1uoUx09pFW6011inTMxqI8BA8PM95myrIyyKwdnzjdFjLiE6KBPVtJIg== -- dependencies: -- asn1 "~0.2.3" -- assert-plus "^1.0.0" -- bcrypt-pbkdf "^1.0.0" -- dashdash "^1.12.0" -- ecc-jsbn "~0.1.1" -- getpass "^0.1.1" -- jsbn "~0.1.0" -- safer-buffer "^2.0.2" -- tweetnacl "~0.14.0" -- - ssri@^6.0.0, ssri@^6.0.1: - version "6.0.1" - resolved "https://registry.yarnpkg.com/ssri/-/ssri-6.0.1.tgz#2a3c41b28dd45b62b63676ecb74001265ae9edd8" -@@ -25342,11 +24953,6 @@ tween-functions@^1.2.0: - resolved "https://registry.yarnpkg.com/tween-functions/-/tween-functions-1.2.0.tgz#1ae3a50e7c60bb3def774eac707acbca73bbc3ff" - integrity sha1-GuOlDnxguz3vd06scHrLynO7w/8= - --tweetnacl@^0.14.3, tweetnacl@~0.14.0: -- version "0.14.5" -- resolved "https://registry.yarnpkg.com/tweetnacl/-/tweetnacl-0.14.5.tgz#5ae68177f192d4456269d108afa93ff8743f4f64" -- integrity sha1-WuaBd/GS1EViadEIr6k/+HQ/T2Q= -- - type-check@^0.4.0, type-check@~0.4.0: - version "0.4.0" - resolved "https://registry.yarnpkg.com/type-check/-/type-check-0.4.0.tgz#07b8203bfa7056c0657050e3ccd2c37730bab8f1" -@@ -25954,15 +25560,6 @@ vendors@^1.0.0: - resolved "https://registry.yarnpkg.com/vendors/-/vendors-1.0.4.tgz#e2b800a53e7a29b93506c3cf41100d16c4c4ad8e" - integrity sha512-/juG65kTL4Cy2su4P8HjtkTxk6VmJDiOPBufWniqQ6wknac6jNiXS9vU+hO3wgusiyqWlzTbVHi0dyJqRONg3w== - --verror@1.10.0: -- version "1.10.0" -- resolved "https://registry.yarnpkg.com/verror/-/verror-1.10.0.tgz#3a105ca17053af55d6e270c1f8288682e18da400" -- integrity sha1-OhBcoXBTr1XW4nDB+CiGguGNpAA= -- dependencies: -- assert-plus "^1.0.0" -- core-util-is "1.0.2" -- extsprintf "^1.2.0" -- - vfile-location@^3.0.0, vfile-location@^3.2.0: - version "3.2.0" - resolved "https://registry.yarnpkg.com/vfile-location/-/vfile-location-3.2.0.tgz#d8e41fbcbd406063669ebf6c33d56ae8721d0f3c" diff --git a/007-patch-unused-backend-crypto.patch b/007-patch-unused-backend-crypto.patch deleted file mode 100644 index 12be571ede7ab7d243920bce83a66aed6487d11f..0000000000000000000000000000000000000000 --- a/007-patch-unused-backend-crypto.patch +++ /dev/null @@ -1,168 +0,0 @@ -diff --git a/vendor/golang.org/x/crypto/openpgp/elgamal/elgamal.go b/vendor/golang.org/x/crypto/openpgp/elgamal/elgamal.go -new file mode 100644 -index 0000000..871e612 ---- /dev/null -+++ b/vendor/golang.org/x/crypto/openpgp/elgamal/elgamal.go -@@ -0,0 +1,25 @@ -+package elgamal -+ -+import ( -+ "io" -+ "math/big" -+) -+ -+// PublicKey represents an ElGamal public key. -+type PublicKey struct { -+ G, P, Y *big.Int -+} -+ -+// PrivateKey represents an ElGamal private key. -+type PrivateKey struct { -+ PublicKey -+ X *big.Int -+} -+ -+func Encrypt(random io.Reader, pub *PublicKey, msg []byte) (c1, c2 *big.Int, err error) { -+ panic("ElGamal encryption not available") -+} -+ -+func Decrypt(priv *PrivateKey, c1, c2 *big.Int) (msg []byte, err error) { -+ panic("ElGamal encryption not available") -+} -diff --git a/vendor/golang.org/x/crypto/openpgp/packet/packet.go b/vendor/golang.org/x/crypto/openpgp/packet/packet.go -index 9728d61..9f04c2d 100644 ---- a/vendor/golang.org/x/crypto/openpgp/packet/packet.go -+++ b/vendor/golang.org/x/crypto/openpgp/packet/packet.go -@@ -16,7 +16,6 @@ import ( - "math/big" - "math/bits" - -- "golang.org/x/crypto/cast5" - "golang.org/x/crypto/openpgp/errors" - ) - -@@ -487,7 +486,7 @@ func (cipher CipherFunction) KeySize() int { - case Cipher3DES: - return 24 - case CipherCAST5: -- return cast5.KeySize -+ panic("cast5 cipher not available") - case CipherAES128: - return 16 - case CipherAES192: -@@ -517,7 +516,7 @@ func (cipher CipherFunction) new(key []byte) (block cipher.Block) { - case Cipher3DES: - block, _ = des.NewTripleDESCipher(key) - case CipherCAST5: -- block, _ = cast5.NewCipher(key) -+ panic("cast5 cipher not available") - case CipherAES128, CipherAES192, CipherAES256: - block, _ = aes.NewCipher(key) - } -diff --git a/vendor/golang.org/x/crypto/openpgp/packet/symmetrically_encrypted.go b/vendor/golang.org/x/crypto/openpgp/packet/symmetrically_encrypted.go -index 6126030..3a54c5f 100644 ---- a/vendor/golang.org/x/crypto/openpgp/packet/symmetrically_encrypted.go -+++ b/vendor/golang.org/x/crypto/openpgp/packet/symmetrically_encrypted.go -@@ -5,13 +5,12 @@ - package packet - - import ( -- "crypto/cipher" - "crypto/sha1" - "crypto/subtle" -- "golang.org/x/crypto/openpgp/errors" - "hash" - "io" -- "strconv" -+ -+ "golang.org/x/crypto/openpgp/errors" - ) - - // SymmetricallyEncrypted represents a symmetrically encrypted byte string. The -@@ -45,46 +44,7 @@ func (se *SymmetricallyEncrypted) parse(r io.Reader) error { - // packet can be read. An incorrect key can, with high probability, be detected - // immediately and this will result in a KeyIncorrect error being returned. - func (se *SymmetricallyEncrypted) Decrypt(c CipherFunction, key []byte) (io.ReadCloser, error) { -- keySize := c.KeySize() -- if keySize == 0 { -- return nil, errors.UnsupportedError("unknown cipher: " + strconv.Itoa(int(c))) -- } -- if len(key) != keySize { -- return nil, errors.InvalidArgumentError("SymmetricallyEncrypted: incorrect key length") -- } -- -- if se.prefix == nil { -- se.prefix = make([]byte, c.blockSize()+2) -- _, err := readFull(se.contents, se.prefix) -- if err != nil { -- return nil, err -- } -- } else if len(se.prefix) != c.blockSize()+2 { -- return nil, errors.InvalidArgumentError("can't try ciphers with different block lengths") -- } -- -- ocfbResync := OCFBResync -- if se.MDC { -- // MDC packets use a different form of OCFB mode. -- ocfbResync = OCFBNoResync -- } -- -- s := NewOCFBDecrypter(c.new(key), se.prefix, ocfbResync) -- if s == nil { -- return nil, errors.ErrKeyIncorrect -- } -- -- plaintext := cipher.StreamReader{S: s, R: se.contents} -- -- if se.MDC { -- // MDC packets have an embedded hash that we need to check. -- h := sha1.New() -- h.Write(se.prefix) -- return &seMDCReader{in: plaintext, h: h}, nil -- } -- -- // Otherwise, we just need to wrap plaintext so that it's a valid ReadCloser. -- return seReader{plaintext}, nil -+ panic("OCFB cipher not available") - } - - // seReader wraps an io.Reader with a no-op Close method. -@@ -254,37 +214,5 @@ func (c noOpCloser) Close() error { - // written. - // If config is nil, sensible defaults will be used. - func SerializeSymmetricallyEncrypted(w io.Writer, c CipherFunction, key []byte, config *Config) (contents io.WriteCloser, err error) { -- if c.KeySize() != len(key) { -- return nil, errors.InvalidArgumentError("SymmetricallyEncrypted.Serialize: bad key length") -- } -- writeCloser := noOpCloser{w} -- ciphertext, err := serializeStreamHeader(writeCloser, packetTypeSymmetricallyEncryptedMDC) -- if err != nil { -- return -- } -- -- _, err = ciphertext.Write([]byte{symmetricallyEncryptedVersion}) -- if err != nil { -- return -- } -- -- block := c.new(key) -- blockSize := block.BlockSize() -- iv := make([]byte, blockSize) -- _, err = config.Random().Read(iv) -- if err != nil { -- return -- } -- s, prefix := NewOCFBEncrypter(block, iv, OCFBNoResync) -- _, err = ciphertext.Write(prefix) -- if err != nil { -- return -- } -- plaintext := cipher.StreamWriter{S: s, W: ciphertext} -- -- h := sha1.New() -- h.Write(iv) -- h.Write(iv[blockSize-2:]) -- contents = &seMDCWriter{w: plaintext, h: h} -- return -+ panic("OCFB cipher not available") - } diff --git a/011-use-hmac-sha-256-for-password-reset-tokens.patch b/011-use-hmac-sha-256-for-password-reset-tokens.patch deleted file mode 100644 index 91b6b468bd707f0ae006d8ad14bc9d41eb368a67..0000000000000000000000000000000000000000 --- a/011-use-hmac-sha-256-for-password-reset-tokens.patch +++ /dev/null @@ -1,353 +0,0 @@ -commit f13c08e9f45d7776cb264b17ec41bc4ff51fc0b9 -Author: Andreas Gerstmayr -Date: Thu Nov 25 18:49:52 2021 +0100 - - notifications: use HMAC-SHA256 to generate time limit codes - - * changes the time limit code generation function to use HMAC-SHA256 - instead of SHA-1 - * multiple new testcases - -diff --git a/pkg/services/notifications/codes.go b/pkg/services/notifications/codes.go -index ea9beb30cc..1ddf05dc69 100644 ---- a/pkg/services/notifications/codes.go -+++ b/pkg/services/notifications/codes.go -@@ -1,48 +1,53 @@ - package notifications - - import ( -- "crypto/sha1" // #nosec -+ "crypto/hmac" -+ "crypto/sha256" - "encoding/hex" - "fmt" -+ "strconv" - "time" - -- "github.com/unknwon/com" -- - "github.com/grafana/grafana/pkg/models" - "github.com/grafana/grafana/pkg/setting" - ) - --const timeLimitCodeLength = 12 + 6 + 40 -+const timeLimitStartDateLength = 12 -+const timeLimitMinutesLength = 6 -+const timeLimitHmacLength = 64 -+const timeLimitCodeLength = timeLimitStartDateLength + timeLimitMinutesLength + timeLimitHmacLength - - // create a time limit code --// code format: 12 length date time string + 6 minutes string + 40 sha1 encoded string --func createTimeLimitCode(data string, minutes int, startInf interface{}) (string, error) { -+// code format: 12 length date time string + 6 minutes string + 64 HMAC-SHA256 encoded string -+func createTimeLimitCode(payload string, minutes int, startStr string) (string, error) { - format := "200601021504" - - var start, end time.Time -- var startStr, endStr string -+ var endStr string - -- if startInf == nil { -+ if startStr == "" { - // Use now time create code - start = time.Now() - startStr = start.Format(format) - } else { - // use start string create code -- startStr = startInf.(string) -- start, _ = time.ParseInLocation(format, startStr, time.Local) -- startStr = start.Format(format) -+ var err error -+ start, err = time.ParseInLocation(format, startStr, time.Local) -+ if err != nil { -+ return "", err -+ } - } - - end = start.Add(time.Minute * time.Duration(minutes)) - endStr = end.Format(format) - -- // create sha1 encode string -- sh := sha1.New() -- if _, err := sh.Write([]byte(data + setting.SecretKey + startStr + endStr + -- com.ToStr(minutes))); err != nil { -- return "", err -+ // create HMAC-SHA256 encoded string -+ key := []byte(setting.SecretKey) -+ h := hmac.New(sha256.New, key) -+ if _, err := h.Write([]byte(payload + startStr + endStr)); err != nil { -+ return "", fmt.Errorf("cannot create hmac: %v", err) - } -- encoded := hex.EncodeToString(sh.Sum(nil)) -+ encoded := hex.EncodeToString(h.Sum(nil)) - - code := fmt.Sprintf("%s%06d%s", startStr, minutes, encoded) - return code, nil -@@ -50,30 +55,29 @@ func createTimeLimitCode(data string, minutes int, startInf interface{}) (string - - // verify time limit code - func validateUserEmailCode(user *models.User, code string) (bool, error) { -- if len(code) <= 18 { -+ if len(code) < timeLimitCodeLength { - return false, nil - } - -- minutes := setting.EmailCodeValidMinutes - code = code[:timeLimitCodeLength] - - // split code -- start := code[:12] -- lives := code[12:18] -- if d, err := com.StrTo(lives).Int(); err == nil { -- minutes = d -+ startStr := code[:timeLimitStartDateLength] -+ minutesStr := code[timeLimitStartDateLength : timeLimitStartDateLength+timeLimitMinutesLength] -+ minutes, err := strconv.Atoi(minutesStr) -+ if err != nil { -+ return false, fmt.Errorf("invalid time limit code: %v", err) - } - -- // right active code -- data := com.ToStr(user.Id) + user.Email + user.Login + user.Password + user.Rands -- retCode, err := createTimeLimitCode(data, minutes, start) -+ // verify code -+ payload := strconv.FormatInt(user.Id, 10) + user.Email + user.Login + user.Password + user.Rands -+ expectedCode, err := createTimeLimitCode(payload, minutes, startStr) - if err != nil { - return false, err - } -- fmt.Printf("code : %s\ncode2: %s", retCode, code) -- if retCode == code && minutes > 0 { -+ if hmac.Equal([]byte(code), []byte(expectedCode)) && minutes > 0 { - // check time is expired or not -- before, _ := time.ParseInLocation("200601021504", start, time.Local) -+ before, _ := time.ParseInLocation("200601021504", startStr, time.Local) - now := time.Now() - if before.Add(time.Minute*time.Duration(minutes)).Unix() > now.Unix() { - return true, nil -@@ -94,15 +98,15 @@ func getLoginForEmailCode(code string) string { - return string(b) - } - --func createUserEmailCode(u *models.User, startInf interface{}) (string, error) { -+func createUserEmailCode(user *models.User, startStr string) (string, error) { - minutes := setting.EmailCodeValidMinutes -- data := com.ToStr(u.Id) + u.Email + u.Login + u.Password + u.Rands -- code, err := createTimeLimitCode(data, minutes, startInf) -+ payload := strconv.FormatInt(user.Id, 10) + user.Email + user.Login + user.Password + user.Rands -+ code, err := createTimeLimitCode(payload, minutes, startStr) - if err != nil { - return "", err - } - - // add tail hex username -- code += hex.EncodeToString([]byte(u.Login)) -+ code += hex.EncodeToString([]byte(user.Login)) - return code, nil - } -diff --git a/pkg/services/notifications/codes_test.go b/pkg/services/notifications/codes_test.go -index d2b1f3a617..bea88e0bf5 100644 ---- a/pkg/services/notifications/codes_test.go -+++ b/pkg/services/notifications/codes_test.go -@@ -1,19 +1,129 @@ - package notifications - - import ( -+ "fmt" -+ "strconv" - "testing" -+ "time" - - "github.com/grafana/grafana/pkg/models" - "github.com/grafana/grafana/pkg/setting" - . "github.com/smartystreets/goconvey/convey" -+ "github.com/stretchr/testify/require" - ) - -+func TestTimeLimitCodes(t *testing.T) { -+ user := &models.User{Id: 10, Email: "t@a.com", Login: "asd", Password: "1", Rands: "2"} -+ -+ format := "200601021504" -+ mailPayload := strconv.FormatInt(user.Id, 10) + user.Email + user.Login + user.Password + user.Rands -+ tenMinutesAgo := time.Now().Add(-time.Minute * 10) -+ -+ tests := []struct { -+ desc string -+ payload string -+ start time.Time -+ minutes int -+ valid bool -+ }{ -+ { -+ desc: "code generated 10 minutes ago, 5 minutes valid", -+ payload: mailPayload, -+ start: tenMinutesAgo, -+ minutes: 5, -+ valid: false, -+ }, -+ { -+ desc: "code generated 10 minutes ago, 9 minutes valid", -+ payload: mailPayload, -+ start: tenMinutesAgo, -+ minutes: 9, -+ valid: false, -+ }, -+ { -+ desc: "code generated 10 minutes ago, 10 minutes valid", -+ payload: mailPayload, -+ start: tenMinutesAgo, -+ minutes: 10, -+ // code was valid exactly 10 minutes since evaluating the tenMinutesAgo assignment -+ // by the time this test is run the code is already expired -+ valid: false, -+ }, -+ { -+ desc: "code generated 10 minutes ago, 11 minutes valid", -+ payload: mailPayload, -+ start: tenMinutesAgo, -+ minutes: 11, -+ valid: true, -+ }, -+ { -+ desc: "code generated 10 minutes ago, 20 minutes valid", -+ payload: mailPayload, -+ start: tenMinutesAgo, -+ minutes: 20, -+ valid: true, -+ }, -+ { -+ desc: "code generated 10 minutes ago, 20 minutes valid, tampered payload", -+ payload: mailPayload[:len(mailPayload)-1] + "x", -+ start: tenMinutesAgo, -+ minutes: 20, -+ valid: false, -+ }, -+ } -+ -+ for _, test := range tests { -+ t.Run(test.desc, func(t *testing.T) { -+ code, err := createTimeLimitCode(test.payload, test.minutes, test.start.Format(format)) -+ require.NoError(t, err) -+ -+ isValid, err := validateUserEmailCode(user, code) -+ require.NoError(t, err) -+ require.Equal(t, test.valid, isValid) -+ }) -+ } -+ -+ t.Run("tampered minutes", func(t *testing.T) { -+ code, err := createTimeLimitCode(mailPayload, 5, tenMinutesAgo.Format(format)) -+ require.NoError(t, err) -+ -+ // code is expired -+ isValid, err := validateUserEmailCode(user, code) -+ require.NoError(t, err) -+ require.Equal(t, false, isValid) -+ -+ // let's try to extend the code by tampering the minutes -+ code = code[:12] + fmt.Sprintf("%06d", 20) + code[18:] -+ isValid, err = validateUserEmailCode(user, code) -+ require.NoError(t, err) -+ require.Equal(t, false, isValid) -+ }) -+ -+ t.Run("tampered start string", func(t *testing.T) { -+ code, err := createTimeLimitCode(mailPayload, 5, tenMinutesAgo.Format(format)) -+ require.NoError(t, err) -+ -+ // code is expired -+ isValid, err := validateUserEmailCode(user, code) -+ require.NoError(t, err) -+ require.Equal(t, false, isValid) -+ -+ // let's try to extend the code by tampering the start string -+ oneMinuteAgo := time.Now().Add(-time.Minute) -+ -+ code = oneMinuteAgo.Format(format) + code[12:] -+ isValid, err = validateUserEmailCode(user, code) -+ require.NoError(t, err) -+ require.Equal(t, false, isValid) -+ }) -+} -+ - func TestEmailCodes(t *testing.T) { - Convey("When generating code", t, func() { - setting.EmailCodeValidMinutes = 120 - - user := &models.User{Id: 10, Email: "t@a.com", Login: "asd", Password: "1", Rands: "2"} -- code, err := createUserEmailCode(user, nil) -+ code, err := createUserEmailCode(user, "") - So(err, ShouldBeNil) - - Convey("getLoginForCode should return login", func() { -@@ -27,7 +137,7 @@ func TestEmailCodes(t *testing.T) { - So(isValid, ShouldBeTrue) - }) - -- Convey("Cannot verify in-valid code", func() { -+ Convey("Cannot verify invalid code", func() { - code = "ASD" - isValid, err := validateUserEmailCode(user, code) - So(err, ShouldBeNil) -diff --git a/pkg/services/notifications/notifications.go b/pkg/services/notifications/notifications.go -index beea82f43e..5a575d1415 100644 ---- a/pkg/services/notifications/notifications.go -+++ b/pkg/services/notifications/notifications.go -@@ -149,7 +149,7 @@ func (ns *NotificationService) sendEmailCommandHandler(cmd *models.SendEmailComm - } - - func (ns *NotificationService) sendResetPasswordEmail(cmd *models.SendResetPasswordEmailCommand) error { -- code, err := createUserEmailCode(cmd.User, nil) -+ code, err := createUserEmailCode(cmd.User, "") - if err != nil { - return err - } -diff --git a/pkg/services/notifications/notifications_test.go b/pkg/services/notifications/notifications_test.go -index e7680c3943..fb73e332ea 100644 ---- a/pkg/services/notifications/notifications_test.go -+++ b/pkg/services/notifications/notifications_test.go -@@ -1,12 +1,14 @@ - package notifications - - import ( -+ "regexp" - "testing" - - "github.com/grafana/grafana/pkg/bus" - "github.com/grafana/grafana/pkg/models" - "github.com/grafana/grafana/pkg/setting" - . "github.com/smartystreets/goconvey/convey" -+ "github.com/stretchr/testify/require" - ) - - func TestNotifications(t *testing.T) { -@@ -25,13 +27,28 @@ func TestNotifications(t *testing.T) { - So(err, ShouldBeNil) - - Convey("When sending reset email password", func() { -- err := ns.sendResetPasswordEmail(&models.SendResetPasswordEmailCommand{User: &models.User{Email: "asd@asd.com"}}) -+ user := models.User{Email: "asd@asd.com", Login: "asd@asd.com"} -+ err := ns.sendResetPasswordEmail(&models.SendResetPasswordEmailCommand{User: &user}) - So(err, ShouldBeNil) - - sentMsg := <-ns.mailQueue - So(sentMsg.Body, ShouldContainSubstring, "body") - So(sentMsg.Subject, ShouldEqual, "Reset your Grafana password - asd@asd.com") - So(sentMsg.Body, ShouldNotContainSubstring, "Subject") -+ -+ // find code in mail -+ r, _ := regexp.Compile(`code=(\w+)`) -+ match := r.FindString(sentMsg.Body) -+ code := match[len("code="):] -+ -+ // verify code -+ bus.AddHandler("test", func(query *models.GetUserByLoginQuery) error { -+ query.Result = &user -+ return nil -+ }) -+ query := models.ValidateResetPasswordCodeQuery{Code: code} -+ err = ns.validateResetPasswordCode(&query) -+ require.NoError(t, err) - }) - }) - } diff --git a/012-support-go1.18.patch b/012-support-go1.18.patch deleted file mode 100644 index 0a0ace45fa6e13ae709442f4bee264bfd2225d89..0000000000000000000000000000000000000000 --- a/012-support-go1.18.patch +++ /dev/null @@ -1,315 +0,0 @@ -From b8c4b70b19df84c054831823c92fbf2f3c192e78 Mon Sep 17 00:00:00 2001 -From: Andreas Gerstmayr -Date: Tue, 5 Apr 2022 16:16:31 +0200 -Subject: [PATCH] support Go 1.18 - -json-iterator/go supports go1.18 since v1.1.12 -https://github.com/json-iterator/go/releases/tag/v1.1.12 - -gonum.org/v1/gonum supports go1.18 since commit cccd8af5f6bd1539dd688c88102cb37e9117f96a -https://github.com/gonum/gonum/pull/1729 - -diff --git a/go.mod b/go.mod -index c040bbaab0..cf9af7d44f 100644 ---- a/go.mod -+++ b/go.mod -@@ -39,7 +39,7 @@ require ( - github.com/gobwas/glob v0.2.3 - github.com/golang/mock v1.5.0 - github.com/golang/protobuf v1.4.3 -- github.com/google/go-cmp v0.5.4 -+ github.com/google/go-cmp v0.5.7 - github.com/google/uuid v1.2.0 - github.com/gosimple/slug v1.9.0 - github.com/grafana/grafana-aws-sdk v0.4.0 -@@ -55,7 +55,7 @@ require ( - github.com/jaegertracing/jaeger v1.22.1-0.20210304164023-2fff3ca58910 - github.com/jmespath/go-jmespath v0.4.0 - github.com/jonboulle/clockwork v0.2.2 // indirect -- github.com/json-iterator/go v1.1.10 -+ github.com/json-iterator/go v1.1.12 - github.com/lib/pq v1.9.0 - github.com/linkedin/goavro/v2 v2.10.0 - github.com/magefile/mage v1.11.0 -@@ -84,11 +84,11 @@ require ( - github.com/yudai/gojsondiff v1.0.0 - go.opentelemetry.io/collector v0.21.0 - golang.org/x/crypto v0.0.0-20201221181555-eec23a3978ad -- golang.org/x/net v0.0.0-20210119194325-5f4716e94777 -+ golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f - golang.org/x/oauth2 v0.0.0-20210113205817-d3ed898aa8a3 -- golang.org/x/sync v0.0.0-20201207232520-09787c993a3a -+ golang.org/x/sync v0.0.0-20210220032951-036812b2e83c - golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e -- gonum.org/v1/gonum v0.8.2 -+ gonum.org/v1/gonum v0.11.0 - google.golang.org/api v0.40.0 - google.golang.org/grpc v1.36.0 - gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect -diff --git a/go.sum b/go.sum -index 50212f12f2..1250ae409c 100644 ---- a/go.sum -+++ b/go.sum -@@ -49,6 +49,8 @@ collectd.org v0.3.0/go.mod h1:A/8DzQBkF6abtvrT2j/AU/4tiBgJWYyh0y/oB/4MlWE= - contrib.go.opencensus.io/exporter/ocagent v0.6.0/go.mod h1:zmKjrJcdo0aYcVS7bmEeSEBLPA9YJp5bjrofdU3pIXs= - contrib.go.opencensus.io/exporter/prometheus v0.2.0/go.mod h1:TYmVAyE8Tn1lyPcltF5IYYfWp2KHu7lQGIZnj8iZMys= - dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= -+gioui.org v0.0.0-20210308172011-57750fc8a0a6/go.mod h1:RSH6KIUZ0p2xy5zHDxgAM4zumjgTw83q2ge/PI+yyw8= -+git.sr.ht/~sbinet/gg v0.3.1/go.mod h1:KGYtlADtqsqANL9ueOFkWymvzUvLMQllU5Ixo+8v3pc= - github.com/AndreasBriese/bbloom v0.0.0-20190306092124-e2d15f34fcf9/go.mod h1:bOvUY6CB00SOBii9/FifXqc0awNKxLFCL/+pkDPuyl8= - github.com/AndreasBriese/bbloom v0.0.0-20190825152654-46b345b51c96/go.mod h1:bOvUY6CB00SOBii9/FifXqc0awNKxLFCL/+pkDPuyl8= - github.com/Azure/azure-pipeline-go v0.2.1/go.mod h1:UGSo8XybXnIGZ3epmeBw7Jdz+HiUVpqIlpz/HKHylF4= -@@ -138,7 +140,10 @@ github.com/VividCortex/mysqlerr v0.0.0-20170204212430-6c6b55f8796f/go.mod h1:f3H - github.com/afex/hystrix-go v0.0.0-20180502004556-fa1af6a1f4f5/go.mod h1:SkGFH1ia65gfNATL8TAiHDNxPzPdmEL5uirI2Uyuz6c= - github.com/agnivade/levenshtein v1.0.1/go.mod h1:CURSv5d9Uaml+FovSIICkLbAUZ9S4RqaHDIsdSBg7lM= - github.com/ajg/form v1.5.1/go.mod h1:uL1WgH+h2mgNtvBq0339dVnzXdBETtL2LeUXaIv25UY= -+github.com/ajstarks/deck v0.0.0-20200831202436-30c9fc6549a9/go.mod h1:JynElWSGnm/4RlzPXRlREEwqTHAN3T56Bv2ITsFT3gY= -+github.com/ajstarks/deck/generate v0.0.0-20210309230005-c3f852c02e19/go.mod h1:T13YZdzov6OU0A1+RfKZiZN9ca6VeKdBdyDV+BY97Tk= - github.com/ajstarks/svgo v0.0.0-20180226025133-644b8db467af/go.mod h1:K08gAheRH3/J6wwsYMMT4xOr94bZjxIelGM0+d/wbFw= -+github.com/ajstarks/svgo v0.0.0-20211024235047-1546f124cd8b/go.mod h1:1KcenG0jGWcpt8ov532z81sp/kMMUG485J2InIOyADM= - github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= - github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= - github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= -@@ -206,6 +211,8 @@ github.com/bmatcuk/doublestar v1.2.2/go.mod h1:wiQtGV+rzVYxB7WIlirSN++5HPtPlXEo9 - github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869/go.mod h1:Ekp36dRnpXw/yCqJaO+ZrUyxD+3VXMFFr56k5XYrpB4= - github.com/bmizerany/pat v0.0.0-20170815010413-6226ea591a40/go.mod h1:8rLXio+WjiTceGBHIoTvn60HIbs7Hm7bcHjyrSqYB9c= - github.com/boltdb/bolt v1.3.1/go.mod h1:clJnj/oiGkjum5o1McbSZDSLxVThjynRyGBgiAx27Ps= -+github.com/boombuler/barcode v1.0.0/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= -+github.com/boombuler/barcode v1.0.1/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= - github.com/bradfitz/gomemcache v0.0.0-20190913173617-a41fca850d0b h1:L/QXpzIa3pOvUGt1D1lA5KjYhPBAN/3iWdP7xeFS9F0= - github.com/bradfitz/gomemcache v0.0.0-20190913173617-a41fca850d0b/go.mod h1:H0wQNHz2YrLsuXOZozoeDmnHXkNCRmMW0gwFWDfEZDA= - github.com/bsm/sarama-cluster v2.1.13+incompatible/go.mod h1:r7ao+4tTNXvWm+VRpRJchr2kQhqxgmAp2iEX5W96gMM= -@@ -384,6 +391,7 @@ github.com/felixge/httpsnoop v1.0.1 h1:lvB5Jl89CsZtGIWuTcDM1E/vkVs49/Ml7JJe07l8S - github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= - github.com/fluent/fluent-bit-go v0.0.0-20190925192703-ea13c021720c/go.mod h1:WQX+afhrekY9rGK+WT4xvKSlzmia9gDoLYu4GGYGASQ= - github.com/fogleman/gg v1.2.1-0.20190220221249-0403632d5b90/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k= -+github.com/fogleman/gg v1.3.0/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k= - github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= - github.com/fortytw2/leaktest v1.3.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHquHwclZch5g= - github.com/franela/goblin v0.0.0-20200105215937-c9ffbefa60db/go.mod h1:7dvUGVsVBjqR7JHJk0brhHOZYGmfBYOrK0ZhYMEtBr4= -@@ -414,6 +422,11 @@ github.com/go-check/check v0.0.0-20180628173108-788fd7840127/go.mod h1:9ES+weclK - github.com/go-chi/chi v4.0.2+incompatible/go.mod h1:eB3wogJHnLi3x/kFX2A+IbTBlXxmMeXJVKy9tTv1XzQ= - github.com/go-errors/errors v1.0.1 h1:LUHzmkK3GUKUrL/1gfBUxAHzcev3apQlezX/+O7ma6w= - github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q= -+github.com/go-fonts/dejavu v0.1.0/go.mod h1:4Wt4I4OU2Nq9asgDCteaAaWZOV24E+0/Pwo0gppep4g= -+github.com/go-fonts/latin-modern v0.2.0/go.mod h1:rQVLdDMK+mK1xscDwsqM5J8U2jrRa3T0ecnM9pNujks= -+github.com/go-fonts/liberation v0.1.1/go.mod h1:K6qoJYypsmfVjWg8KOVDQhLc8UDgIK2HYqyqAO9z7GY= -+github.com/go-fonts/liberation v0.2.0/go.mod h1:K6qoJYypsmfVjWg8KOVDQhLc8UDgIK2HYqyqAO9z7GY= -+github.com/go-fonts/stix v0.1.0/go.mod h1:w/c1f0ldAUlJmLBvlbkvVXLAD+tAMqobIIQpmnUIzUY= - github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= - github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= - github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= -@@ -421,6 +434,8 @@ github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2 - github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= - github.com/go-kit/kit v0.10.0 h1:dXFJfIHVvUcpSgDOV+Ne6t7jXri8Tfv2uOLHUZ2XNuo= - github.com/go-kit/kit v0.10.0/go.mod h1:xUsJbQ/Fp4kEt7AFgCuvyX4a71u8h9jB8tj/ORgOZ7o= -+github.com/go-latex/latex v0.0.0-20210118124228-b3d85cf34e07/go.mod h1:CO1AlKB2CSIqUrmQPqA0gdRIlnLEY0gK5JGjh37zN5U= -+github.com/go-latex/latex v0.0.0-20210823091927-c0d11ff05a81/go.mod h1:SX0U8uGpxhq9o2S/CELCSUxEWWAuoCUcVCQWv7G2OCk= - github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= - github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= - github.com/go-logfmt/logfmt v0.5.0 h1:TrB8swr/68K7m9CcGut2g3UOihhbcbiMAYiuTXdEih4= -@@ -508,6 +523,8 @@ github.com/go-openapi/validate v0.18.0/go.mod h1:Uh4HdOzKt19xGIGm1qHf/ofbX1YQ4Y+ - github.com/go-openapi/validate v0.19.2/go.mod h1:1tRCw7m3jtI8eNWEEliiAqUIcBztB2KDnRCRMUi7GTA= - github.com/go-openapi/validate v0.19.3/go.mod h1:90Vh6jjkTn+OT1Eefm0ZixWNFjhtOH7vS9k0lo6zwJo= - github.com/go-openapi/validate v0.19.8/go.mod h1:8DJv2CVJQ6kGNpFW6eV9N3JviE1C85nY1c2z52x1Gk4= -+github.com/go-pdf/fpdf v0.5.0/go.mod h1:HzcnA+A23uwogo0tp9yU+l3V+KXhiESpt1PMayhOh5M= -+github.com/go-pdf/fpdf v0.6.0/go.mod h1:HzcnA+A23uwogo0tp9yU+l3V+KXhiESpt1PMayhOh5M= - github.com/go-redis/redis/v8 v8.0.0-beta.10.0.20200905143926-df7fe4e2ce72/go.mod h1:CJP1ZIHwhosNYwIdaHPZK9vHsM3+roNBaZ7U9Of1DXc= - github.com/go-redis/redis/v8 v8.2.3/go.mod h1:ysgGY09J/QeDYbu3HikWEIPCwaeOkuNoTgKayTEaEOw= - github.com/go-sourcemap/sourcemap v2.1.3+incompatible h1:W1iEw64niKVGogNgBN3ePyLFfuisuzeidWPMPWmECqU= -@@ -635,8 +652,9 @@ github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ - github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= - github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= - github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= --github.com/google/go-cmp v0.5.4 h1:L8R9j+yAqZuZjsqh/z+F1NCffTKKLShY6zXTItVIZ8M= - github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -+github.com/google/go-cmp v0.5.7 h1:81/ik6ipDQS2aGcBfIN5dHDB36BwrStyeAQquSYCV4o= -+github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE= - github.com/google/go-github v17.0.0+incompatible/go.mod h1:zLgOLi98H3fifZn+44m+umXrS52loVEgC2AApnigrVQ= - github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= - github.com/google/gofuzz v0.0.0-20161122191042-44d81051d367/go.mod h1:HP5RmnzzSNb993RKQDq4+1A4ia9nllfqcQFTQJedwGI= -@@ -893,8 +911,9 @@ github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCV - github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= - github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= - github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= --github.com/json-iterator/go v1.1.10 h1:Kz6Cvnvv2wGdaG/V8yMvfkmNiXq9Ya2KUv4rouJJr68= - github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= -+github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= -+github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= - github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= - github.com/jstemmer/go-junit-report v0.9.1 h1:6QPYqodiu3GuPL+7mfx+NwDdp2eTkp9IfEUpgAwUN0o= - github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= -@@ -904,6 +923,7 @@ github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7 - github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= - github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= - github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= -+github.com/jung-kurt/gofpdf v1.0.0/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes= - github.com/jung-kurt/gofpdf v1.0.3-0.20190309125859-24315acbbda5/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes= - github.com/jwilder/encoding v0.0.0-20170811194829-b4e1701a28ef/go.mod h1:Ct9fl0F6iIOGgxJ5npU/IUOhOhqlVrGjyIZc8/MagT0= - github.com/k0kubun/colorstring v0.0.0-20150214042306-9440f1994b88 h1:uC1QfSlInpQF+M0ao65imhwqKnz3Q2z/d8PWZRMQvDM= -@@ -1080,8 +1100,9 @@ github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w - github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= - github.com/modern-go/reflect2 v0.0.0-20180320133207-05fbef0ca5da/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= - github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= --github.com/modern-go/reflect2 v1.0.1 h1:9f412s+6RmYXLWZSEzVVgPGK7C2PphHj5RJrvfx9AWI= - github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= -+github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= -+github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= - github.com/montanaflynn/stats v0.0.0-20171201202039-1bf9dbcd8cbe/go.mod h1:wL8QJuTMNUDYhXwkmfOly8iTdp5TEcJFWZD2D7SIkUc= - github.com/morikuni/aec v0.0.0-20170113033406-39771216ff4c/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc= - github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc= -@@ -1184,6 +1205,9 @@ github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR - github.com/peterh/liner v1.0.1-0.20180619022028-8c1271fcf47f/go.mod h1:xIteQHvHuaLYG9IFj6mSxM0fCKrs34IrEQUhOYuGPHc= - github.com/philhofer/fwd v1.0.0/go.mod h1:gk3iGcWd9+svBvR0sR+KPcfE+RNWozjowpeBVG3ZVNU= - github.com/philhofer/fwd v1.1.1/go.mod h1:gk3iGcWd9+svBvR0sR+KPcfE+RNWozjowpeBVG3ZVNU= -+github.com/phpdave11/gofpdf v1.4.2/go.mod h1:zpO6xFn9yxo3YLyMvW8HcKWVdbNqgIfOOp2dXMnm1mY= -+github.com/phpdave11/gofpdi v1.0.12/go.mod h1:vBmVV0Do6hSBHC8uKUQ71JGW+ZGQq74llk/7bXwjDoI= -+github.com/phpdave11/gofpdi v1.0.13/go.mod h1:vBmVV0Do6hSBHC8uKUQ71JGW+ZGQq74llk/7bXwjDoI= - github.com/pierrec/cmdflag v0.0.2/go.mod h1:a3zKGZ3cdQUfxjd0RGMLZr8xI3nvpJOB+m6o/1X5BmU= - github.com/pierrec/lz4 v0.0.0-20190327172049-315a67e90e41/go.mod h1:3/3N9NVKO0jef7pBehbT1qWhCMrIgbYNnFAZCqQ5LRc= - github.com/pierrec/lz4 v1.0.2-0.20190131084431-473cd7ce01a1/go.mod h1:3/3N9NVKO0jef7pBehbT1qWhCMrIgbYNnFAZCqQ5LRc= -@@ -1310,6 +1334,8 @@ github.com/russross/blackfriday v1.5.2 h1:HyvC0ARfnZBqnXwABFeSZHpKvJHJJfPz81GNue - github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= - github.com/russross/blackfriday/v2 v2.0.1 h1:lPqVAte+HuHNfhJ/0LC98ESWRz8afy9tM/0RK8m9o+Q= - github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= -+github.com/ruudk/golang-pdf417 v0.0.0-20181029194003-1af4ab5afa58/go.mod h1:6lfFZQK844Gfx8o5WFuvpxWRwnSoipWe/p622j1v06w= -+github.com/ruudk/golang-pdf417 v0.0.0-20201230142125-a7e3863a1245/go.mod h1:pQAZKsJ8yyVxGRWYNEm9oFB8ieLgKFnamEyDmSA0BRk= - github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= - github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= - github.com/samuel/go-zookeeper v0.0.0-20190810000440-0ceca61e4d75/go.mod h1:gi+0XIa01GRL2eRQVjQkKGqKF3SF9vZR/HnPullcV2E= -@@ -1491,6 +1517,7 @@ github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de - github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= - github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= - github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -+github.com/yuin/goldmark v1.4.1/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= - github.com/yuin/gopher-lua v0.0.0-20200816102855-ee81675732da/go.mod h1:E1AXubJBdNmFERAOucpDIxNzeGfLzg0mYh+UfMWdChA= - github.com/ziutek/mymysql v1.5.4 h1:GB0qdRGsTwQSBVYuVShFBKaXSnSnYYC2d9knnE1LHFs= - github.com/ziutek/mymysql v1.5.4/go.mod h1:LMSpPZ6DbqWFxNCHW77HeMg9I646SAhApZ/wKdgO/C0= -@@ -1587,6 +1614,7 @@ golang.org/x/exp v0.0.0-20190125153040-c74c464bbbf2/go.mod h1:CJ0aWSM057203Lf6IL - golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= - golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= - golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek= -+golang.org/x/exp v0.0.0-20191002040644-a1355ae1e2c3/go.mod h1:NOZ3BPKG0ec/BKJQgnvsSFpcKLM5xXVWnvZS97DWHgE= - golang.org/x/exp v0.0.0-20191029154019-8994fa331a53/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY= - golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY= - golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= -@@ -1600,6 +1628,16 @@ golang.org/x/exp v0.0.0-20200821190819-94841d0725da/go.mod h1:3jZMyOhIsHpP37uCMk - golang.org/x/image v0.0.0-20180708004352-c73c2afc3b81/go.mod h1:ux5Hcp/YLpHSI86hEcLt0YII63i6oz57MZXIpbrjZUs= - golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= - golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= -+golang.org/x/image v0.0.0-20190910094157-69e4b8554b2a/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= -+golang.org/x/image v0.0.0-20200119044424-58c23975cae1/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= -+golang.org/x/image v0.0.0-20200430140353-33d19683fad8/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= -+golang.org/x/image v0.0.0-20200618115811-c13761719519/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= -+golang.org/x/image v0.0.0-20201208152932-35266b937fa6/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= -+golang.org/x/image v0.0.0-20210216034530-4410531fe030/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= -+golang.org/x/image v0.0.0-20210607152325-775e3b0c77b9/go.mod h1:023OzeP/+EPmXeapQh35lcL3II3LrY8Ic+EFFKVhULM= -+golang.org/x/image v0.0.0-20210628002857-a66eb6448b8d/go.mod h1:023OzeP/+EPmXeapQh35lcL3II3LrY8Ic+EFFKVhULM= -+golang.org/x/image v0.0.0-20211028202545-6944b10bf410/go.mod h1:023OzeP/+EPmXeapQh35lcL3II3LrY8Ic+EFFKVhULM= -+golang.org/x/image v0.0.0-20220302094943-723b81ca9867/go.mod h1:023OzeP/+EPmXeapQh35lcL3II3LrY8Ic+EFFKVhULM= - golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= - golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= - golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= -@@ -1621,8 +1659,9 @@ golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzB - golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= - golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= - golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= --golang.org/x/mod v0.4.1 h1:Kvvh58BN8Y9/lBi7hTekvtMpm07eUZ0ck5pRHpsMWrY= - golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -+golang.org/x/mod v0.5.1 h1:OJxoQ/rynoF0dcCdI7cLPktw/hR2cueqYfjm43oqK38= -+golang.org/x/mod v0.5.1/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro= - golang.org/x/net v0.0.0-20170114055629-f2499483f923/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= - golang.org/x/net v0.0.0-20180530234432-1e491301e022/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= - golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -@@ -1682,8 +1721,9 @@ golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwY - golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= - golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= - golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= --golang.org/x/net v0.0.0-20210119194325-5f4716e94777 h1:003p0dJM77cxMSyCPFphvZf/Y5/NXf5fzg6ufd1/Oew= - golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -+golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f h1:OfiFi4JbukWwe3lzw+xunroH1mnC1e2Gy5cxNJApiSY= -+golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= - golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= - golang.org/x/oauth2 v0.0.0-20181106182150-f42d05182288/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= - golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -@@ -1707,8 +1747,9 @@ golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJ - golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= - golang.org/x/sync v0.0.0-20200930132711-30421366ff76/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= - golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= --golang.org/x/sync v0.0.0-20201207232520-09787c993a3a h1:DcqTD9SDLc+1P/r1EmRBwnVsrOwW+kk2vWf9n+1sGhs= - golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -+golang.org/x/sync v0.0.0-20210220032951-036812b2e83c h1:5KslGYwFpkhGh+Q16bwMP3cOontH8FOep7tGV86Y7SQ= -+golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= - golang.org/x/sys v0.0.0-20170830134202-bb24a47a89ea/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= - golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= - golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -@@ -1802,8 +1843,11 @@ golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7w - golang.org/x/sys v0.0.0-20201214210602-f9fddec55a1e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= - golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= - golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= --golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c h1:VwygUrnw9jn88c4u8GD3rZQbqrP/tgas88tPUbBxQrk= - golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -+golang.org/x/sys v0.0.0-20210304124612-50617c2ba197/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -+golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -+golang.org/x/sys v0.0.0-20211019181941-9d821ace8654 h1:id054HUawV2/6IGm2IV8KZQjqtwAOo2CYlOToYqa0d0= -+golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= - golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= - golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= - golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -@@ -1814,8 +1858,10 @@ golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3 - golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= - golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= - golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= --golang.org/x/text v0.3.5 h1:i6eZZ+zk0SOf0xgBpEpPD18qWcJda6q1sxt3S0kzyUQ= - golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -+golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -+golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk= -+golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= - golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= - golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= - golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -@@ -1860,6 +1906,7 @@ golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtn - golang.org/x/tools v0.0.0-20190907020128-2ca718005c18/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= - golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= - golang.org/x/tools v0.0.0-20190918214516-5a1a30219888/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -+golang.org/x/tools v0.0.0-20190927191325-030b2cf1153e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= - golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= - golang.org/x/tools v0.0.0-20191029041327-9cc4af7d6b2c/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= - golang.org/x/tools v0.0.0-20191029190741-b9c20aec41a5/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -@@ -1913,8 +1960,9 @@ golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4f - golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= - golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= - golang.org/x/tools v0.0.0-20210108195828-e2f9c7f1fc8e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= --golang.org/x/tools v0.1.0 h1:po9/4sTYwZU9lPhi1tOrb4hCv3qrhiQ77LZfGa2OjwY= - golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= -+golang.org/x/tools v0.1.9 h1:j9KsMiaP1c3B0OTQGth0/k+miLGTgLsAFUCrF2vLcF8= -+golang.org/x/tools v0.1.9/go.mod h1:nABZi5QlRsZVlzPpHl034qft6wpY4eDcsTt5AaioBiU= - golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= - golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= - golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -@@ -1923,12 +1971,15 @@ golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8T - gonum.org/v1/gonum v0.0.0-20180816165407-929014505bf4/go.mod h1:Y+Yx5eoAFn32cQvJDxZx5Dpnq+c3wtXuadVZAcxbbBo= - gonum.org/v1/gonum v0.0.0-20181121035319-3f7ecaa7e8ca/go.mod h1:Y+Yx5eoAFn32cQvJDxZx5Dpnq+c3wtXuadVZAcxbbBo= - gonum.org/v1/gonum v0.6.0/go.mod h1:9mxDZsDKxgMAuccQkewq682L+0eCu4dCN2yonUJTCLU= --gonum.org/v1/gonum v0.8.2 h1:CCXrcPKiGGotvnN6jfUsKk4rRqm7q09/YbKb5xCEvtM= - gonum.org/v1/gonum v0.8.2/go.mod h1:oe/vMfY3deqTw+1EZJhuvEW2iwGF1bW9wwu7XCu0+v0= -+gonum.org/v1/gonum v0.9.3/go.mod h1:TZumC3NeyVQskjXqmyWt4S3bINhy7B4eYwW69EbyX+0= -+gonum.org/v1/gonum v0.11.0 h1:f1IJhK4Km5tBJmaiJXtk/PkL4cdVX6J+tGiM187uT5E= -+gonum.org/v1/gonum v0.11.0/go.mod h1:fSG4YDCxxUZQJ7rKsQrj0gMOg00Il0Z96/qMA4bVQhA= - gonum.org/v1/netlib v0.0.0-20181029234149-ec6d1f5cefe6/go.mod h1:wa6Ws7BG/ESfp6dHfk7C6KdzKA7wR7u/rKwOGE66zvw= --gonum.org/v1/netlib v0.0.0-20190313105609-8cb42192e0e0 h1:OE9mWmgKkjJyEmDAAtGMPjXu+YNeGvK9VTSHY6+Qihc= - gonum.org/v1/netlib v0.0.0-20190313105609-8cb42192e0e0/go.mod h1:wa6Ws7BG/ESfp6dHfk7C6KdzKA7wR7u/rKwOGE66zvw= - gonum.org/v1/plot v0.0.0-20190515093506-e2840ee46a6b/go.mod h1:Wt8AAjI+ypCyYX3nZBvf6cAIx93T+c/OS2HFAYskSZc= -+gonum.org/v1/plot v0.9.0/go.mod h1:3Pcqqmp6RHvJI72kgb8fThyUnav364FOsdDo2aGW5lY= -+gonum.org/v1/plot v0.10.1/go.mod h1:VZW5OlhkL1mysU9vaqNHnsy86inf6Ot+jB3r+BczCEo= - google.golang.org/api v0.3.1/go.mod h1:6wY9I6uQWHQ8EM57III9mq/AjF+i8G65rmVagqKMtkk= - google.golang.org/api v0.3.2/go.mod h1:6wY9I6uQWHQ8EM57III9mq/AjF+i8G65rmVagqKMtkk= - google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= -@@ -2136,6 +2187,7 @@ honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9 - honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= - honnef.co/go/tools v0.0.1-2020.1.6/go.mod h1:pyyisuGw24ruLjrr1ddx39WE0y9OooInRzEYLhQB2YY= - honnef.co/go/tools v0.1.2/go.mod h1:NgwopIslSNH47DimFoV78dnkksY2EFtX0ajyb3K/las= -+honnef.co/go/tools v0.1.3/go.mod h1:NgwopIslSNH47DimFoV78dnkksY2EFtX0ajyb3K/las= - howett.net/plist v0.0.0-20181124034731-591f970eefbb/go.mod h1:vMygbs4qMhSZSc4lCUl2OEE+rDiIIJAIdR4m7MiMcm0= - k8s.io/api v0.0.0-20190813020757-36bff7324fb7/go.mod h1:3Iy+myeAORNCLgjd/Xu9ebwN7Vh59Bw0vh9jhoX+V58= - k8s.io/api v0.0.0-20191115095533-47f6de673b26/go.mod h1:iA/8arsvelvo4IDqIhX4IbjTEKBGgvsf2OraTuRtLFU= diff --git a/013-CVE-2021-23648.patch b/013-CVE-2021-23648.patch deleted file mode 100644 index edd9b83e25190bf928cbfc4387460a6e96a3e756..0000000000000000000000000000000000000000 --- a/013-CVE-2021-23648.patch +++ /dev/null @@ -1,71 +0,0 @@ -From 76121bc49ce1d5417202ce0a567e4f0f00c75667 Mon Sep 17 00:00:00 2001 -From: Andreas Gerstmayr -Date: Tue, 5 Apr 2022 17:40:30 +0200 -Subject: [PATCH] upgrade @braintree/sanitize-url to v6.0.0 - -Resolves: CVE-2021-23648 - -diff --git a/package.json b/package.json -index 831586ad88..ab8b142ed9 100644 ---- a/package.json -+++ b/package.json -@@ -209,7 +209,6 @@ - "@sentry/utils": "5.24.2", - "@torkelo/react-select": "3.0.8", - "@types/antlr4": "^4.7.1", -- "@types/braintree__sanitize-url": "4.0.0", - "@types/common-tags": "^1.8.0", - "@types/hoist-non-react-statics": "3.3.1", - "@types/jsurl": "^1.2.28", -diff --git a/packages/grafana-data/package.json b/packages/grafana-data/package.json -index b24b1af2f4..c3f1b4e181 100644 ---- a/packages/grafana-data/package.json -+++ b/packages/grafana-data/package.json -@@ -22,7 +22,7 @@ - "typecheck": "tsc --noEmit" - }, - "dependencies": { -- "@braintree/sanitize-url": "4.0.0", -+ "@braintree/sanitize-url": "6.0.0", - "@types/d3-interpolate": "^1.3.1", - "apache-arrow": "0.16.0", - "eventemitter3": "4.0.7", -@@ -36,7 +36,6 @@ - "@rollup/plugin-commonjs": "16.0.0", - "@rollup/plugin-json": "4.1.0", - "@rollup/plugin-node-resolve": "10.0.0", -- "@types/braintree__sanitize-url": "4.0.0", - "@types/jest": "26.0.15", - "@types/jquery": "3.3.38", - "@types/lodash": "4.14.123", -diff --git a/yarn.lock b/yarn.lock -index 3f5e5b80d6..a84bfebaa7 100644 ---- a/yarn.lock -+++ b/yarn.lock -@@ -3030,10 +3030,10 @@ - resolved "https://registry.yarnpkg.com/@bcoe/v8-coverage/-/v8-coverage-0.2.3.tgz#75a2e8b51cb758a7553d6804a5932d7aace75c39" - integrity sha512-0hYQ8SB4Db5zvZB4axdMHGwEaQjkZzFjQiN9LVYvIFB2nSUHW9tYpxWriPrWDASIxiaXax83REcLxuSdnGPZtw== - --"@braintree/sanitize-url@4.0.0": -- version "4.0.0" -- resolved "https://registry.yarnpkg.com/@braintree/sanitize-url/-/sanitize-url-4.0.0.tgz#2cda79ffd67b6ea919a63b5e1a883b92d636e844" -- integrity sha512-bOoFoTxuEUuri/v1q0OXN0HIrZ2EiZlRSKdveU8vS5xf2+g0TmpXhmxkTc1s+XWR5xZNoVU4uvf/Mher98tfLw== -+"@braintree/sanitize-url@6.0.0": -+ version "6.0.0" -+ resolved "https://registry.yarnpkg.com/@braintree/sanitize-url/-/sanitize-url-6.0.0.tgz#fe364f025ba74f6de6c837a84ef44bdb1d61e68f" -+ integrity sha512-mgmE7XBYY/21erpzhexk4Cj1cyTQ9LzvnTxtzM17BJ7ERMNE6W72mQRo0I1Ud8eFJ+RVVIcBNhLFZ3GX4XFz5w== - - "@cnakazawa/watch@^1.0.3": - version "1.0.3" -@@ -5752,11 +5752,6 @@ - resolved "https://registry.yarnpkg.com/@types/braces/-/braces-3.0.0.tgz#7da1c0d44ff1c7eb660a36ec078ea61ba7eb42cb" - integrity sha512-TbH79tcyi9FHwbyboOKeRachRq63mSuWYXOflsNO9ZyE5ClQ/JaozNKl+aWUq87qPNsXasXxi2AbgfwIJ+8GQw== - --"@types/braintree__sanitize-url@4.0.0": -- version "4.0.0" -- resolved "https://registry.yarnpkg.com/@types/braintree__sanitize-url/-/braintree__sanitize-url-4.0.0.tgz#0e8a834501f8c375d4b3fb8dcf9398a08ebe068d" -- integrity sha512-69eGJ8808/WfTJGsvMi1pxQ9UG5Z+llD1x9ash5QX+qvxElDD+eYNAn19cTEVTq6WwUqrqlaTWVCKaTRFTuGmA== -- - "@types/cheerio@*": - version "0.22.13" - resolved "https://registry.yarnpkg.com/@types/cheerio/-/cheerio-0.22.13.tgz#5eecda091a24514185dcba99eda77e62bf6523e6" diff --git a/014-CVE-2022-21698.patch b/014-CVE-2022-21698.patch deleted file mode 100644 index 0f2639120681930e3210a83365dd46695b3a5cb5..0000000000000000000000000000000000000000 --- a/014-CVE-2022-21698.patch +++ /dev/null @@ -1,102 +0,0 @@ -From 72cfe3ee850b1e3e00e138d87bd369eabab31697 Mon Sep 17 00:00:00 2001 -From: Andreas Gerstmayr -Date: Tue, 5 Apr 2022 18:55:29 +0200 -Subject: [PATCH] upgrade prometheus/client_golang to v1.11.1 - - -diff --git a/go.mod b/go.mod -index cf9af7d44f..e7d89f6c76 100644 ---- a/go.mod -+++ b/go.mod -@@ -65,9 +65,9 @@ require ( - github.com/opentracing/opentracing-go v1.2.0 - github.com/patrickmn/go-cache v2.1.0+incompatible - github.com/pkg/errors v0.9.1 -- github.com/prometheus/client_golang v1.9.0 -+ github.com/prometheus/client_golang v1.11.1 - github.com/prometheus/client_model v0.2.0 -- github.com/prometheus/common v0.18.0 -+ github.com/prometheus/common v0.26.0 - github.com/robfig/cron v0.0.0-20180505203441-b41be1df6967 - github.com/robfig/cron/v3 v3.0.1 - github.com/russellhaering/goxmldsig v1.1.0 -diff --git a/go.sum b/go.sum -index 1250ae409c..149c317b36 100644 ---- a/go.sum -+++ b/go.sum -@@ -434,6 +434,7 @@ github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2 - github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= - github.com/go-kit/kit v0.10.0 h1:dXFJfIHVvUcpSgDOV+Ne6t7jXri8Tfv2uOLHUZ2XNuo= - github.com/go-kit/kit v0.10.0/go.mod h1:xUsJbQ/Fp4kEt7AFgCuvyX4a71u8h9jB8tj/ORgOZ7o= -+github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY= - github.com/go-latex/latex v0.0.0-20210118124228-b3d85cf34e07/go.mod h1:CO1AlKB2CSIqUrmQPqA0gdRIlnLEY0gK5JGjh37zN5U= - github.com/go-latex/latex v0.0.0-20210823091927-c0d11ff05a81/go.mod h1:SX0U8uGpxhq9o2S/CELCSUxEWWAuoCUcVCQWv7G2OCk= - github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= -@@ -653,6 +654,7 @@ github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ - github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= - github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= - github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -+github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= - github.com/google/go-cmp v0.5.7 h1:81/ik6ipDQS2aGcBfIN5dHDB36BwrStyeAQquSYCV4o= - github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE= - github.com/google/go-github v17.0.0+incompatible/go.mod h1:zLgOLi98H3fifZn+44m+umXrS52loVEgC2AApnigrVQ= -@@ -912,6 +914,7 @@ github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/u - github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= - github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= - github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= -+github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= - github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= - github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= - github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= -@@ -1249,8 +1252,9 @@ github.com/prometheus/client_golang v1.4.1/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3O - github.com/prometheus/client_golang v1.5.1/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU= - github.com/prometheus/client_golang v1.6.0/go.mod h1:ZLOG9ck3JLRdB5MgO8f+lLTe83AXG6ro35rLTxvnIl4= - github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M= --github.com/prometheus/client_golang v1.9.0 h1:Rrch9mh17XcxvEu9D9DEpb4isxjGBtcevQjKvxPRQIU= - github.com/prometheus/client_golang v1.9.0/go.mod h1:FqZLKOZnGdFAhOK4nqGHa7D66IdsO+O441Eve7ptJDU= -+github.com/prometheus/client_golang v1.11.1 h1:+4eQaD7vAZ6DsfsxB15hbE0odUjGI5ARs9yskGu1v4s= -+github.com/prometheus/client_golang v1.11.1/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0= - github.com/prometheus/client_model v0.0.0-20170216185247-6f3806018612/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= - github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= - github.com/prometheus/client_model v0.0.0-20190115171406-56726106282f/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= -@@ -1275,8 +1279,8 @@ github.com/prometheus/common v0.12.0/go.mod h1:U+gB1OBLb1lF3O42bTCL+FK18tX9Oar16 - github.com/prometheus/common v0.14.0/go.mod h1:U+gB1OBLb1lF3O42bTCL+FK18tX9Oar16Clt/msog/s= - github.com/prometheus/common v0.15.0/go.mod h1:U+gB1OBLb1lF3O42bTCL+FK18tX9Oar16Clt/msog/s= - github.com/prometheus/common v0.17.0/go.mod h1:U+gB1OBLb1lF3O42bTCL+FK18tX9Oar16Clt/msog/s= --github.com/prometheus/common v0.18.0 h1:WCVKW7aL6LEe1uryfI9dnEc2ZqNB1Fn0ok930v0iL1Y= --github.com/prometheus/common v0.18.0/go.mod h1:U+gB1OBLb1lF3O42bTCL+FK18tX9Oar16Clt/msog/s= -+github.com/prometheus/common v0.26.0 h1:iMAkS2TDoNWnKM+Kopnx/8tnEStIfpYA0ur0xQzzhMQ= -+github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc= - github.com/prometheus/node_exporter v1.0.0-rc.0.0.20200428091818-01054558c289 h1:dTUS1vaLWq+Y6XKOTnrFpoVsQKLCbCp1OLj24TDi7oM= - github.com/prometheus/node_exporter v1.0.0-rc.0.0.20200428091818-01054558c289/go.mod h1:FGbBv5OPKjch+jNUJmEQpMZytIdyW0NdBtWFcfSKusc= - github.com/prometheus/procfs v0.0.0-20180612222113-7d6f385de8be/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= -@@ -1292,8 +1296,9 @@ github.com/prometheus/procfs v0.0.6/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+Gx - github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A= - github.com/prometheus/procfs v0.0.11/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= - github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= --github.com/prometheus/procfs v0.2.0 h1:wH4vA7pcjKuZzjF7lM8awk4fnuJO6idemZXoKnULUx4= - github.com/prometheus/procfs v0.2.0/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= -+github.com/prometheus/procfs v0.6.0 h1:mxy4L2jP6qMonqmq+aTtOx1ifVWUgG/TAmntgbh3xv4= -+github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= - github.com/prometheus/prometheus v0.0.0-20180315085919-58e2a31db8de/go.mod h1:oAIUtOny2rjMX0OWN5vPR5/q/twIROJvdqnQKDdil/s= - github.com/prometheus/prometheus v0.0.0-20190818123050-43acd0e2e93f/go.mod h1:rMTlmxGCvukf2KMu3fClMDKLLoJ5hl61MhcJ7xKakf0= - github.com/prometheus/prometheus v1.8.2-0.20200107122003-4708915ac6ef/go.mod h1:7U90zPoLkWjEIQcy/rweQla82OCTUzxVHE51G3OhJbI= -@@ -1846,6 +1851,7 @@ golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7w - golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= - golang.org/x/sys v0.0.0-20210304124612-50617c2ba197/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= - golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -+golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= - golang.org/x/sys v0.0.0-20211019181941-9d821ace8654 h1:id054HUawV2/6IGm2IV8KZQjqtwAOo2CYlOToYqa0d0= - golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= - golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= -@@ -2108,8 +2114,9 @@ google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2 - google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= - google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= - google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4= --google.golang.org/protobuf v1.25.0 h1:Ejskq+SyPohKW+1uil0JJMtmHCgJPJ/qWTxr8qp+R4c= - google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= -+google.golang.org/protobuf v1.26.0-rc.1 h1:7QnIQpGRHE5RnLKnESfDoxm2dTapTZua5a0kS0A+VXQ= -+google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= - gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U= - gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= - gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc h1:2gGKlE2+asNV9m7xrywl36YYNnBG5ZQ0r/BOOxqPpmk= diff --git a/015-CVE-2022-21698.vendor.patch b/015-CVE-2022-21698.vendor.patch deleted file mode 100644 index c80937a12689215dc728ae29f550b0d5471c7ad8..0000000000000000000000000000000000000000 --- a/015-CVE-2022-21698.vendor.patch +++ /dev/null @@ -1,20 +0,0 @@ -From 16b1f5dec2596a1529a31a43389ed3089ee63b73 Mon Sep 17 00:00:00 2001 -From: Andreas Gerstmayr -Date: Tue, 5 Apr 2022 18:55:29 +0200 -Subject: [PATCH] adjust vendored loki dependency for prometheus/client_golang - v1.11.1 - - -diff --git a/vendor/github.com/grafana/loki/pkg/logcli/client/client.go b/vendor/github.com/grafana/loki/pkg/logcli/client/client.go -index ec8cd02eff..7e76792005 100644 ---- a/vendor/github.com/grafana/loki/pkg/logcli/client/client.go -+++ b/vendor/github.com/grafana/loki/pkg/logcli/client/client.go -@@ -183,7 +183,7 @@ func (c *DefaultClient) doRequest(path, query string, quiet bool, out interface{ - TLSConfig: c.TLSConfig, - } - -- client, err := config.NewClientFromConfig(clientConfig, "logcli", false, false) -+ client, err := config.NewClientFromConfig(clientConfig, "logcli", config.WithHTTP2Disabled()) - if err != nil { - return err - } diff --git a/1001-vendor-patch-removed-backend-crypto.patch b/1001-vendor-patch-removed-backend-crypto.patch new file mode 100644 index 0000000000000000000000000000000000000000..82707ca2fd63e8efd20c96133d13ab6a7d4377ba --- /dev/null +++ b/1001-vendor-patch-removed-backend-crypto.patch @@ -0,0 +1,2134 @@ +patch removed backend crypto + +the `Makefile` removed a few files containing (unused) crypto +algorithms from the vendor tarball, which are not used in Grafana. +This patch removes all references to the deleted files. + +diff --git a/vendor/golang.org/x/crypto/openpgp/elgamal/elgamal.go b/vendor/golang.org/x/crypto/openpgp/elgamal/elgamal.go +new file mode 100644 +index 0000000000..871e612a61 +--- /dev/null ++++ b/vendor/golang.org/x/crypto/openpgp/elgamal/elgamal.go +@@ -0,0 +1,25 @@ ++package elgamal ++ ++import ( ++ "io" ++ "math/big" ++) ++ ++// PublicKey represents an ElGamal public key. ++type PublicKey struct { ++ G, P, Y *big.Int ++} ++ ++// PrivateKey represents an ElGamal private key. ++type PrivateKey struct { ++ PublicKey ++ X *big.Int ++} ++ ++func Encrypt(random io.Reader, pub *PublicKey, msg []byte) (c1, c2 *big.Int, err error) { ++ panic("ElGamal encryption not available") ++} ++ ++func Decrypt(priv *PrivateKey, c1, c2 *big.Int) (msg []byte, err error) { ++ panic("ElGamal encryption not available") ++} +diff --git a/vendor/github.com/prometheus/exporter-toolkit/web/handler.go b/vendor/github.com/prometheus/exporter-toolkit/web/handler.go +index c607a16..11dbc3c 100644 +--- a/vendor/github.com/prometheus/exporter-toolkit/web/handler.go ++++ b/vendor/github.com/prometheus/exporter-toolkit/web/handler.go +@@ -16,14 +16,11 @@ + package web + + import ( +- "encoding/hex" + "fmt" + "net/http" +- "strings" + "sync" + + "github.com/go-kit/log" +- "golang.org/x/crypto/bcrypt" + ) + + // extraHTTPHeaders is a map of HTTP headers that can be added to HTTP +@@ -37,22 +34,6 @@ var extraHTTPHeaders = map[string][]string{ + "Content-Security-Policy": nil, + } + +-func validateUsers(configPath string) error { +- c, err := getConfig(configPath) +- if err != nil { +- return err +- } +- +- for _, p := range c.Users { +- _, err = bcrypt.Cost([]byte(p)) +- if err != nil { +- return err +- } +- } +- +- return nil +-} +- + // validateHeaderConfig checks that the provided header configuration is correct. + // It does not check the validity of all the values, only the ones which are + // well-defined enumerations. +@@ -84,60 +65,3 @@ type webHandler struct { + // only once in parallel as this is CPU intensive. + bcryptMtx sync.Mutex + } +- +-func (u *webHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { +- c, err := getConfig(u.tlsConfigPath) +- if err != nil { +- u.logger.Log("msg", "Unable to parse configuration", "err", err) +- http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) +- return +- } +- +- // Configure http headers. +- for k, v := range c.HTTPConfig.Header { +- w.Header().Set(k, v) +- } +- +- if len(c.Users) == 0 { +- u.handler.ServeHTTP(w, r) +- return +- } +- +- user, pass, auth := r.BasicAuth() +- if auth { +- hashedPassword, validUser := c.Users[user] +- +- if !validUser { +- // The user is not found. Use a fixed password hash to +- // prevent user enumeration by timing requests. +- // This is a bcrypt-hashed version of "fakepassword". +- hashedPassword = "$2y$10$QOauhQNbBCuQDKes6eFzPeMqBSjb7Mr5DUmpZ/VcEd00UAV/LDeSi" +- } +- +- cacheKey := strings.Join( +- []string{ +- hex.EncodeToString([]byte(user)), +- hex.EncodeToString([]byte(hashedPassword)), +- hex.EncodeToString([]byte(pass)), +- }, ":") +- authOk, ok := u.cache.get(cacheKey) +- +- if !ok { +- // This user, hashedPassword, password is not cached. +- u.bcryptMtx.Lock() +- err := bcrypt.CompareHashAndPassword([]byte(hashedPassword), []byte(pass)) +- u.bcryptMtx.Unlock() +- +- authOk = validUser && err == nil +- u.cache.set(cacheKey, authOk) +- } +- +- if authOk && validUser { +- u.handler.ServeHTTP(w, r) +- return +- } +- } +- +- w.Header().Set("WWW-Authenticate", "Basic") +- http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized) +-} +diff --git a/vendor/github.com/prometheus/exporter-toolkit/web/tls_config.go b/vendor/github.com/prometheus/exporter-toolkit/web/tls_config.go +index 61383bc..7f71298 100644 +--- a/vendor/github.com/prometheus/exporter-toolkit/web/tls_config.go ++++ b/vendor/github.com/prometheus/exporter-toolkit/web/tls_config.go +@@ -18,16 +18,10 @@ import ( + "crypto/x509" + "errors" + "fmt" +- "net" +- "net/http" + "os" + "path/filepath" + +- "github.com/coreos/go-systemd/v22/activation" +- "github.com/go-kit/log" +- "github.com/go-kit/log/level" + config_util "github.com/prometheus/common/config" +- "golang.org/x/sync/errgroup" + "gopkg.in/yaml.v2" + ) + +@@ -263,132 +257,16 @@ func ConfigToTLSConfig(c *TLSConfig) (*tls.Config, error) { + + // ServeMultiple starts the server on the given listeners. The FlagConfig is + // also passed on to Serve. +-func ServeMultiple(listeners []net.Listener, server *http.Server, flags *FlagConfig, logger log.Logger) error { +- errs := new(errgroup.Group) +- for _, l := range listeners { +- l := l +- errs.Go(func() error { +- return Serve(l, server, flags, logger) +- }) +- } +- return errs.Wait() +-} + + // ListenAndServe starts the server on addresses given in WebListenAddresses in + // the FlagConfig or instead uses systemd socket activated listeners if + // WebSystemdSocket in the FlagConfig is true. The FlagConfig is also passed on + // to ServeMultiple. +-func ListenAndServe(server *http.Server, flags *FlagConfig, logger log.Logger) error { +- if flags.WebSystemdSocket == nil && (flags.WebListenAddresses == nil || len(*flags.WebListenAddresses) == 0) { +- return ErrNoListeners +- } +- +- if flags.WebSystemdSocket != nil && *flags.WebSystemdSocket { +- level.Info(logger).Log("msg", "Listening on systemd activated listeners instead of port listeners.") +- listeners, err := activation.Listeners() +- if err != nil { +- return err +- } +- if len(listeners) < 1 { +- return errors.New("no socket activation file descriptors found") +- } +- return ServeMultiple(listeners, server, flags, logger) +- } +- +- listeners := make([]net.Listener, 0, len(*flags.WebListenAddresses)) +- for _, address := range *flags.WebListenAddresses { +- listener, err := net.Listen("tcp", address) +- if err != nil { +- return err +- } +- defer listener.Close() +- listeners = append(listeners, listener) +- } +- return ServeMultiple(listeners, server, flags, logger) +-} + + // Server starts the server on the given listener. Based on the file path + // WebConfigFile in the FlagConfig, TLS or basic auth could be enabled. +-func Serve(l net.Listener, server *http.Server, flags *FlagConfig, logger log.Logger) error { +- level.Info(logger).Log("msg", "Listening on", "address", l.Addr().String()) +- tlsConfigPath := *flags.WebConfigFile +- if tlsConfigPath == "" { +- level.Info(logger).Log("msg", "TLS is disabled.", "http2", false, "address", l.Addr().String()) +- return server.Serve(l) +- } +- +- if err := validateUsers(tlsConfigPath); err != nil { +- return err +- } +- +- // Setup basic authentication. +- var handler http.Handler = http.DefaultServeMux +- if server.Handler != nil { +- handler = server.Handler +- } +- +- c, err := getConfig(tlsConfigPath) +- if err != nil { +- return err +- } +- +- server.Handler = &webHandler{ +- tlsConfigPath: tlsConfigPath, +- logger: logger, +- handler: handler, +- cache: newCache(), +- } +- +- config, err := ConfigToTLSConfig(&c.TLSConfig) +- switch err { +- case nil: +- if !c.HTTPConfig.HTTP2 { +- server.TLSNextProto = make(map[string]func(*http.Server, *tls.Conn, http.Handler)) +- } +- // Valid TLS config. +- level.Info(logger).Log("msg", "TLS is enabled.", "http2", c.HTTPConfig.HTTP2, "address", l.Addr().String()) +- case errNoTLSConfig: +- // No TLS config, back to plain HTTP. +- level.Info(logger).Log("msg", "TLS is disabled.", "http2", false, "address", l.Addr().String()) +- return server.Serve(l) +- default: +- // Invalid TLS config. +- return err +- } +- +- server.TLSConfig = config +- +- // Set the GetConfigForClient method of the HTTPS server so that the config +- // and certs are reloaded on new connections. +- server.TLSConfig.GetConfigForClient = func(*tls.ClientHelloInfo) (*tls.Config, error) { +- config, err := getTLSConfig(tlsConfigPath) +- if err != nil { +- return nil, err +- } +- config.NextProtos = server.TLSConfig.NextProtos +- return config, nil +- } +- return server.ServeTLS(l, "", "") +-} + + // Validate configuration file by reading the configuration and the certificates. +-func Validate(tlsConfigPath string) error { +- if tlsConfigPath == "" { +- return nil +- } +- if err := validateUsers(tlsConfigPath); err != nil { +- return err +- } +- c, err := getConfig(tlsConfigPath) +- if err != nil { +- return err +- } +- _, err = ConfigToTLSConfig(&c.TLSConfig) +- if err == errNoTLSConfig { +- return nil +- } +- return err +-} + + type Cipher uint16 + +@@ -472,11 +350,3 @@ func (tv *TLSVersion) MarshalYAML() (interface{}, error) { + } + return fmt.Sprintf("%v", tv), nil + } +- +-// Listen starts the server on the given address. Based on the file +-// tlsConfigPath, TLS or basic auth could be enabled. +-// +-// Deprecated: Use ListenAndServe instead. +-func Listen(server *http.Server, flags *FlagConfig, logger log.Logger) error { +- return ListenAndServe(server, flags, logger) +-} +diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/algorithm/cipher.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/algorithm/cipher.go +index 5760cff..0c87736 100644 +--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/algorithm/cipher.go ++++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/algorithm/cipher.go +@@ -8,8 +8,6 @@ import ( + "crypto/aes" + "crypto/cipher" + "crypto/des" +- +- "golang.org/x/crypto/cast5" + ) + + // Cipher is an official symmetric key cipher algorithm. See RFC 4880, +@@ -38,7 +36,6 @@ const ( + // http://www.iana.org/assignments/pgp-parameters/pgp-parameters.xhtml#pgp-parameters-13 + var CipherById = map[uint8]Cipher{ + TripleDES.Id(): TripleDES, +- CAST5.Id(): CAST5, + AES128.Id(): AES128, + AES192.Id(): AES192, + AES256.Id(): AES256, +@@ -53,7 +50,6 @@ func (sk CipherFunction) Id() uint8 { + + var keySizeByID = map[uint8]int{ + TripleDES.Id(): 24, +- CAST5.Id(): cast5.KeySize, + AES128.Id(): 16, + AES192.Id(): 24, + AES256.Id(): 32, +@@ -65,7 +61,7 @@ func (cipher CipherFunction) KeySize() int { + case TripleDES: + return 24 + case CAST5: +- return cast5.KeySize ++ panic("cast5 cipher not available") + case AES128: + return 16 + case AES192: +@@ -82,7 +78,7 @@ func (cipher CipherFunction) BlockSize() int { + case TripleDES: + return des.BlockSize + case CAST5: +- return 8 ++ panic("cast5 cipher not available") + case AES128, AES192, AES256: + return 16 + } +@@ -96,7 +92,7 @@ func (cipher CipherFunction) New(key []byte) (block cipher.Block) { + case TripleDES: + block, err = des.NewTripleDESCipher(key) + case CAST5: +- block, err = cast5.NewCipher(key) ++ panic("cast5 cipher not available") + case AES128, AES192, AES256: + block, err = aes.NewCipher(key) + } +diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/s2k/s2k.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/s2k/s2k.go +index a436959..420df86 100644 +--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/s2k/s2k.go ++++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/s2k/s2k.go +@@ -15,7 +15,6 @@ import ( + + "github.com/ProtonMail/go-crypto/openpgp/errors" + "github.com/ProtonMail/go-crypto/openpgp/internal/algorithm" +- "golang.org/x/crypto/argon2" + ) + + type Mode uint8 +@@ -27,7 +26,6 @@ const ( + SimpleS2K Mode = 0 + SaltedS2K Mode = 1 + IteratedSaltedS2K Mode = 3 +- Argon2S2K Mode = 4 + GnuS2K Mode = 101 + ) + +@@ -87,10 +85,10 @@ func decodeCount(c uint8) int { + // encodeMemory converts the Argon2 "memory" in the range parallelism*8 to + // 2**31, inclusive, to an encoded memory. The return value is the + // octet that is actually stored in the GPG file. encodeMemory panics +-// if is not in the above range ++// if is not in the above range + // See OpenPGP crypto refresh Section 3.7.1.4. + func encodeMemory(memory uint32, parallelism uint8) uint8 { +- if memory < (8 * uint32(parallelism)) || memory > uint32(2147483648) { ++ if memory < (8*uint32(parallelism)) || memory > uint32(2147483648) { + panic("Memory argument memory is outside the required range") + } + +@@ -174,33 +172,20 @@ func Iterated(out []byte, h hash.Hash, in []byte, salt []byte, count int) { + + // Argon2 writes to out the key derived from the password (in) with the Argon2 + // function (the crypto refresh, section 3.7.1.4) +-func Argon2(out []byte, in []byte, salt []byte, passes uint8, paralellism uint8, memoryExp uint8) { +- key := argon2.IDKey(in, salt, uint32(passes), decodeMemory(memoryExp), paralellism, uint32(len(out))) +- copy(out[:], key) +-} + + // Generate generates valid parameters from given configuration. + // It will enforce the Iterated and Salted or Argon2 S2K method. + func Generate(rand io.Reader, c *Config) (*Params, error) { + var params *Params +- if c != nil && c.Mode() == Argon2S2K { +- // handle Argon2 case +- argonConfig := c.Argon2() +- params = &Params{ +- mode: Argon2S2K, +- passes: argonConfig.Passes(), +- parallelism: argonConfig.Parallelism(), +- memoryExp: argonConfig.EncodedMemory(), +- } +- } else if c != nil && c.PassphraseIsHighEntropy && c.Mode() == SaltedS2K { // Allow SaltedS2K if PassphraseIsHighEntropy ++ if c != nil && c.PassphraseIsHighEntropy && c.Mode() == SaltedS2K { // Allow SaltedS2K if PassphraseIsHighEntropy + hashId, ok := algorithm.HashToHashId(c.hash()) + if !ok { + return nil, errors.UnsupportedError("no such hash") + } + + params = &Params{ +- mode: SaltedS2K, +- hashId: hashId, ++ mode: SaltedS2K, ++ hashId: hashId, + } + } else { // Enforce IteratedSaltedS2K method otherwise + hashId, ok := algorithm.HashToHashId(c.hash()) +@@ -211,7 +196,7 @@ func Generate(rand io.Reader, c *Config) (*Params, error) { + c.S2KMode = IteratedSaltedS2K + } + params = &Params{ +- mode: IteratedSaltedS2K, ++ mode: IteratedSaltedS2K, + hashId: hashId, + countByte: c.EncodedCount(), + } +@@ -274,16 +259,6 @@ func ParseIntoParams(r io.Reader) (params *Params, err error) { + copy(params.salt(), buf[1:9]) + params.countByte = buf[9] + return params, nil +- case Argon2S2K: +- _, err = io.ReadFull(r, buf[:Argon2SaltSize+3]) +- if err != nil { +- return nil, err +- } +- copy(params.salt(), buf[:Argon2SaltSize]) +- params.passes = buf[Argon2SaltSize] +- params.parallelism = buf[Argon2SaltSize+1] +- params.memoryExp = buf[Argon2SaltSize+2] +- return params, nil + case GnuS2K: + // This is a GNU extension. See + // https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=doc/DETAILS;h=fe55ae16ab4e26d8356dc574c9e8bc935e71aef1;hb=23191d7851eae2217ecdac6484349849a24fd94a#l1109 +@@ -306,9 +281,10 @@ func (params *Params) Dummy() bool { + + func (params *Params) salt() []byte { + switch params.mode { +- case SaltedS2K, IteratedSaltedS2K: return params.saltBytes[:8] +- case Argon2S2K: return params.saltBytes[:Argon2SaltSize] +- default: return nil ++ case SaltedS2K, IteratedSaltedS2K: ++ return params.saltBytes[:8] ++ default: ++ return nil + } + } + +@@ -317,15 +293,13 @@ func (params *Params) Function() (f func(out, in []byte), err error) { + return nil, errors.ErrDummyPrivateKey("dummy key found") + } + var hashObj crypto.Hash +- if params.mode != Argon2S2K { +- var ok bool +- hashObj, ok = algorithm.HashIdToHashWithSha1(params.hashId) +- if !ok { +- return nil, errors.UnsupportedError("hash for S2K function: " + strconv.Itoa(int(params.hashId))) +- } +- if !hashObj.Available() { +- return nil, errors.UnsupportedError("hash not available: " + strconv.Itoa(int(hashObj))) +- } ++ var ok bool ++ hashObj, ok = algorithm.HashIdToHashWithSha1(params.hashId) ++ if !ok { ++ return nil, errors.UnsupportedError("hash for S2K function: " + strconv.Itoa(int(params.hashId))) ++ } ++ if !hashObj.Available() { ++ return nil, errors.UnsupportedError("hash not available: " + strconv.Itoa(int(hashObj))) + } + + switch params.mode { +@@ -346,11 +320,6 @@ func (params *Params) Function() (f func(out, in []byte), err error) { + Iterated(out, hashObj.New(), in, params.salt(), decodeCount(params.countByte)) + } + +- return f, nil +- case Argon2S2K: +- f := func(out, in []byte) { +- Argon2(out, in, params.salt(), params.passes, params.parallelism, params.memoryExp) +- } + return f, nil + } + +@@ -361,10 +330,8 @@ func (params *Params) Serialize(w io.Writer) (err error) { + if _, err = w.Write([]byte{uint8(params.mode)}); err != nil { + return + } +- if params.mode != Argon2S2K { +- if _, err = w.Write([]byte{params.hashId}); err != nil { +- return +- } ++ if _, err = w.Write([]byte{params.hashId}); err != nil { ++ return + } + if params.Dummy() { + _, err = w.Write(append([]byte("GNU"), 1)) +@@ -377,9 +344,6 @@ func (params *Params) Serialize(w io.Writer) (err error) { + if params.mode == IteratedSaltedS2K { + _, err = w.Write([]byte{params.countByte}) + } +- if params.mode == Argon2S2K { +- _, err = w.Write([]byte{params.passes, params.parallelism, params.memoryExp}) +- } + } + return + } +diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetrically_encrypted_aead.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetrically_encrypted_aead.go +index e96252c..42ddccf 100644 +--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetrically_encrypted_aead.go ++++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetrically_encrypted_aead.go +@@ -5,12 +5,9 @@ + package packet + + import ( +- "crypto/cipher" +- "crypto/sha256" + "io" + + "github.com/ProtonMail/go-crypto/openpgp/errors" +- "golang.org/x/crypto/hkdf" + ) + + // parseAead parses a V2 SEIPD packet (AEAD) as specified in +@@ -62,95 +59,11 @@ func (se *SymmetricallyEncrypted) associatedData() []byte { + // decryptAead decrypts a V2 SEIPD packet (AEAD) as specified in + // https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-07.html#section-5.13.2 + func (se *SymmetricallyEncrypted) decryptAead(inputKey []byte) (io.ReadCloser, error) { +- aead, nonce := getSymmetricallyEncryptedAeadInstance(se.Cipher, se.Mode, inputKey, se.Salt[:], se.associatedData()) +- +- // Carry the first tagLen bytes +- tagLen := se.Mode.TagLength() +- peekedBytes := make([]byte, tagLen) +- n, err := io.ReadFull(se.Contents, peekedBytes) +- if n < tagLen || (err != nil && err != io.EOF) { +- return nil, errors.StructuralError("not enough data to decrypt:" + err.Error()) +- } +- +- return &aeadDecrypter{ +- aeadCrypter: aeadCrypter{ +- aead: aead, +- chunkSize: decodeAEADChunkSize(se.ChunkSizeByte), +- initialNonce: nonce, +- associatedData: se.associatedData(), +- chunkIndex: make([]byte, 8), +- packetTag: packetTypeSymmetricallyEncryptedIntegrityProtected, +- }, +- reader: se.Contents, +- peekedBytes: peekedBytes, +- }, nil ++ panic("hkdf cipher not available") + } + + // serializeSymmetricallyEncryptedAead encrypts to a writer a V2 SEIPD packet (AEAD) as specified in + // https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-07.html#section-5.13.2 + func serializeSymmetricallyEncryptedAead(ciphertext io.WriteCloser, cipherSuite CipherSuite, chunkSizeByte byte, rand io.Reader, inputKey []byte) (Contents io.WriteCloser, err error) { +- // cipherFunc must have block size 16 to use AEAD +- if cipherSuite.Cipher.blockSize() != 16 { +- return nil, errors.InvalidArgumentError("invalid aead cipher function") +- } +- +- if cipherSuite.Cipher.KeySize() != len(inputKey) { +- return nil, errors.InvalidArgumentError("error in aead serialization: bad key length") +- } +- +- // Data for en/decryption: tag, version, cipher, aead mode, chunk size +- prefix := []byte{ +- 0xD2, +- symmetricallyEncryptedVersionAead, +- byte(cipherSuite.Cipher), +- byte(cipherSuite.Mode), +- chunkSizeByte, +- } +- +- // Write header (that correspond to prefix except first byte) +- n, err := ciphertext.Write(prefix[1:]) +- if err != nil || n < 4 { +- return nil, err +- } +- +- // Random salt +- salt := make([]byte, aeadSaltSize) +- if _, err := rand.Read(salt); err != nil { +- return nil, err +- } +- +- if _, err := ciphertext.Write(salt); err != nil { +- return nil, err +- } +- +- aead, nonce := getSymmetricallyEncryptedAeadInstance(cipherSuite.Cipher, cipherSuite.Mode, inputKey, salt, prefix) +- +- return &aeadEncrypter{ +- aeadCrypter: aeadCrypter{ +- aead: aead, +- chunkSize: decodeAEADChunkSize(chunkSizeByte), +- associatedData: prefix, +- chunkIndex: make([]byte, 8), +- initialNonce: nonce, +- packetTag: packetTypeSymmetricallyEncryptedIntegrityProtected, +- }, +- writer: ciphertext, +- }, nil +-} +- +-func getSymmetricallyEncryptedAeadInstance(c CipherFunction, mode AEADMode, inputKey, salt, associatedData []byte) (aead cipher.AEAD, nonce []byte) { +- hkdfReader := hkdf.New(sha256.New, inputKey, salt, associatedData) +- +- encryptionKey := make([]byte, c.KeySize()) +- _, _ = readFull(hkdfReader, encryptionKey) +- +- // Last 64 bits of nonce are the counter +- nonce = make([]byte, mode.IvLength()-8) +- +- _, _ = readFull(hkdfReader, nonce) +- +- blockCipher := c.new(encryptionKey) +- aead = mode.new(blockCipher) +- +- return ++ panic("hkdf cipher not available") + } +diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/read.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/read.go +index 8499c73..eaffe19 100644 +--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/read.go ++++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/read.go +@@ -17,7 +17,6 @@ import ( + "github.com/ProtonMail/go-crypto/openpgp/errors" + "github.com/ProtonMail/go-crypto/openpgp/internal/algorithm" + "github.com/ProtonMail/go-crypto/openpgp/packet" +- _ "golang.org/x/crypto/sha3" + ) + + // SignatureType is the armor type for a PGP signature. +diff --git a/vendor/github.com/google/s2a-go/internal/record/internal/aeadcrypter/chachapoly.go b/vendor/github.com/google/s2a-go/internal/record/internal/aeadcrypter/chachapoly.go +index 214df4c..f049462 100644 +--- a/vendor/github.com/google/s2a-go/internal/record/internal/aeadcrypter/chachapoly.go ++++ b/vendor/github.com/google/s2a-go/internal/record/internal/aeadcrypter/chachapoly.go +@@ -20,9 +20,6 @@ package aeadcrypter + + import ( + "crypto/cipher" +- "fmt" +- +- "golang.org/x/crypto/chacha20poly1305" + ) + + // Supported key size in bytes. +@@ -39,14 +36,7 @@ type chachapoly struct { + // NewChachaPoly creates a Chacha-Poly crypter instance. Note that the key must + // be Chacha20Poly1305KeySize bytes in length. + func NewChachaPoly(key []byte) (S2AAEADCrypter, error) { +- if len(key) != Chacha20Poly1305KeySize { +- return nil, fmt.Errorf("%d bytes, given: %d", Chacha20Poly1305KeySize, len(key)) +- } +- c, err := chacha20poly1305.New(key) +- if err != nil { +- return nil, err +- } +- return &chachapoly{aead: c}, nil ++ panic("chachap20poly1305 cipher not available") + } + + // Encrypt is the encryption function. dst can contain bytes at the beginning of +diff --git a/vendor/github.com/google/s2a-go/internal/record/internal/halfconn/halfconn.go b/vendor/github.com/google/s2a-go/internal/record/internal/halfconn/halfconn.go +index dff99ff..052f645 100644 +--- a/vendor/github.com/google/s2a-go/internal/record/internal/halfconn/halfconn.go ++++ b/vendor/github.com/google/s2a-go/internal/record/internal/halfconn/halfconn.go +@@ -26,7 +26,6 @@ import ( + + s2apb "github.com/google/s2a-go/internal/proto/common_go_proto" + "github.com/google/s2a-go/internal/record/internal/aeadcrypter" +- "golang.org/x/crypto/cryptobyte" + ) + + // The constants below were taken from Section 7.2 and 7.3 in +@@ -175,19 +174,5 @@ func (hc *S2AHalfConnection) maskedNonce(sequence uint64) []byte { + // deriveSecret implements the Derive-Secret function, as specified in + // https://tools.ietf.org/html/rfc8446#section-7.1. + func (hc *S2AHalfConnection) deriveSecret(secret, label []byte, length int) ([]byte, error) { +- var hkdfLabel cryptobyte.Builder +- hkdfLabel.AddUint16(uint16(length)) +- hkdfLabel.AddUint8LengthPrefixed(func(b *cryptobyte.Builder) { +- b.AddBytes(label) +- }) +- // Append an empty `Context` field to the label, as specified in the RFC. +- // The half connection does not use the `Context` field. +- hkdfLabel.AddUint8LengthPrefixed(func(b *cryptobyte.Builder) { +- b.AddBytes([]byte("")) +- }) +- hkdfLabelBytes, err := hkdfLabel.Bytes() +- if err != nil { +- return nil, fmt.Errorf("deriveSecret failed: %v", err) +- } +- return hc.expander.expand(secret, hkdfLabelBytes, length) ++ panic("cryptobyte cipher not available") + } +diff --git a/vendor/github.com/google/s2a-go/internal/record/internal/halfconn/expander.go b/vendor/github.com/google/s2a-go/internal/record/internal/halfconn/expander.go +index e05f2c3..f46c3a9 100644 +--- a/vendor/github.com/google/s2a-go/internal/record/internal/halfconn/expander.go ++++ b/vendor/github.com/google/s2a-go/internal/record/internal/halfconn/expander.go +@@ -19,10 +19,7 @@ + package halfconn + + import ( +- "fmt" + "hash" +- +- "golang.org/x/crypto/hkdf" + ) + + // hkdfExpander is the interface for the HKDF expansion function; see +@@ -47,13 +44,5 @@ func newDefaultHKDFExpander(h func() hash.Hash) hkdfExpander { + } + + func (d *defaultHKDFExpander) expand(secret, label []byte, length int) ([]byte, error) { +- outBuf := make([]byte, length) +- n, err := hkdf.Expand(d.h, secret, label).Read(outBuf) +- if err != nil { +- return nil, fmt.Errorf("hkdf.Expand.Read failed with error: %v", err) +- } +- if n < length { +- return nil, fmt.Errorf("hkdf.Expand.Read returned unexpected length, got %d, want %d", n, length) +- } +- return outBuf, nil ++ panic("hkdf cipher not available") + } +diff --git a/vendor/github.com/Masterminds/sprig/v3/crypto.go b/vendor/github.com/Masterminds/sprig/v3/crypto.go +index 13a5cd5..a92eaec 100644 +--- a/vendor/github.com/Masterminds/sprig/v3/crypto.go ++++ b/vendor/github.com/Masterminds/sprig/v3/crypto.go +@@ -9,7 +9,6 @@ import ( + "crypto/ecdsa" + "crypto/ed25519" + "crypto/elliptic" +- "crypto/hmac" + "crypto/rand" + "crypto/rsa" + "crypto/sha1" +@@ -18,7 +17,6 @@ import ( + "crypto/x509/pkix" + "encoding/asn1" + "encoding/base64" +- "encoding/binary" + "encoding/hex" + "encoding/pem" + "errors" +@@ -32,8 +30,6 @@ import ( + "strings" + + "github.com/google/uuid" +- bcrypt_lib "golang.org/x/crypto/bcrypt" +- "golang.org/x/crypto/scrypt" + ) + + func sha256sum(input string) string { +@@ -52,12 +48,7 @@ func adler32sum(input string) string { + } + + func bcrypt(input string) string { +- hash, err := bcrypt_lib.GenerateFromPassword([]byte(input), bcrypt_lib.DefaultCost) +- if err != nil { +- return fmt.Sprintf("failed to encrypt string with bcrypt: %s", err) +- } +- +- return string(hash) ++ panic("bcrypt cipher not available") + } + + func htpasswd(username string, password string) string { +@@ -108,40 +99,7 @@ var templateCharacters = map[byte]string{ + } + + func derivePassword(counter uint32, passwordType, password, user, site string) string { +- var templates = passwordTypeTemplates[passwordType] +- if templates == nil { +- return fmt.Sprintf("cannot find password template %s", passwordType) +- } +- +- var buffer bytes.Buffer +- buffer.WriteString(masterPasswordSeed) +- binary.Write(&buffer, binary.BigEndian, uint32(len(user))) +- buffer.WriteString(user) +- +- salt := buffer.Bytes() +- key, err := scrypt.Key([]byte(password), salt, 32768, 8, 2, 64) +- if err != nil { +- return fmt.Sprintf("failed to derive password: %s", err) +- } +- +- buffer.Truncate(len(masterPasswordSeed)) +- binary.Write(&buffer, binary.BigEndian, uint32(len(site))) +- buffer.WriteString(site) +- binary.Write(&buffer, binary.BigEndian, counter) +- +- var hmacv = hmac.New(sha256.New, key) +- hmacv.Write(buffer.Bytes()) +- var seed = hmacv.Sum(nil) +- var temp = templates[int(seed[0])%len(templates)] +- +- buffer.Truncate(0) +- for i, element := range temp { +- passChars := templateCharacters[element] +- passChar := passChars[int(seed[i+1])%len(passChars)] +- buffer.WriteByte(passChar) +- } +- +- return buffer.String() ++ panic("scrypt cipher not available") + } + + func generatePrivateKey(typ string) string { +diff --git a/vendor/github.com/microsoft/go-mssqldb/integratedauth/ntlm/ntlm.go b/vendor/github.com/microsoft/go-mssqldb/integratedauth/ntlm/ntlm.go +index d95032f..f5cbe66 100644 +--- a/vendor/github.com/microsoft/go-mssqldb/integratedauth/ntlm/ntlm.go ++++ b/vendor/github.com/microsoft/go-mssqldb/integratedauth/ntlm/ntlm.go +@@ -16,7 +16,6 @@ import ( + "github.com/microsoft/go-mssqldb/msdsn" + + //lint:ignore SA1019 MD4 is used by legacy NTLM +- "golang.org/x/crypto/md4" + ) + + const ( +@@ -162,10 +161,7 @@ func lmResponse(challenge [8]byte, password string) [24]byte { + } + + func ntlmHash(password string) (hash [21]byte) { +- h := md4.New() +- h.Write(utf16le(password)) +- h.Sum(hash[:0]) +- return ++ panic("md4 cipher not available") + } + + func ntResponse(challenge [8]byte, password string) [24]byte { +@@ -194,12 +190,7 @@ func ntlmSessionResponse(clientNonce [8]byte, serverChallenge [8]byte, password + } + + func ntlmHashNoPadding(val string) []byte { +- hash := make([]byte, 16) +- h := md4.New() +- h.Write(utf16le(val)) +- h.Sum(hash[:0]) +- +- return hash ++ panic("md4 cipher not available") + } + + func hmacMD5(passwordHash, data []byte) []byte { +diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/client_certificate_credential.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/client_certificate_credential.go +index 804eba899e..221306e7dc 100644 +--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/client_certificate_credential.go ++++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/client_certificate_credential.go +@@ -16,7 +16,6 @@ import ( + "github.com/Azure/azure-sdk-for-go/sdk/azcore" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/policy" + "github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential" +- "golang.org/x/crypto/pkcs12" + ) + + const credNameCert = "ClientCertificateCredential" +@@ -158,15 +157,7 @@ func loadPEMCert(certData []byte) ([]*pem.Block, error) { + } + + func loadPKCS12Cert(certData []byte, password string) ([]*pem.Block, error) { +- blocks, err := pkcs12.ToPEM(certData, password) +- if err != nil { +- return nil, err +- } +- if len(blocks) == 0 { +- // not mentioning PKCS12 in this message because we end up here when certData is garbage +- return nil, errors.New("didn't find any certificate content") +- } +- return blocks, err ++ panic("pkcs12 cipher not available") + } + + var _ azcore.TokenCredential = (*ClientCertificateCredential)(nil) +diff --git a/vendor/github.com/Azure/go-autorest/autorest/adal/persist.go b/vendor/github.com/Azure/go-autorest/autorest/adal/persist.go +index 2a974a3..1ea6648 100644 +--- a/vendor/github.com/Azure/go-autorest/autorest/adal/persist.go ++++ b/vendor/github.com/Azure/go-autorest/autorest/adal/persist.go +@@ -23,8 +23,6 @@ import ( + "io/ioutil" + "os" + "path/filepath" +- +- "golang.org/x/crypto/pkcs12" + ) + + var ( +@@ -90,46 +88,5 @@ func SaveToken(path string, mode os.FileMode, token Token) error { + // private key or an error is returned. + // If the private key is not password protected pass the empty string for password. + func DecodePfxCertificateData(pfxData []byte, password string) (*x509.Certificate, *rsa.PrivateKey, error) { +- blocks, err := pkcs12.ToPEM(pfxData, password) +- if err != nil { +- return nil, nil, err +- } +- // first extract the private key +- var priv *rsa.PrivateKey +- for _, block := range blocks { +- if block.Type == "PRIVATE KEY" { +- priv, err = x509.ParsePKCS1PrivateKey(block.Bytes) +- if err != nil { +- return nil, nil, err +- } +- break +- } +- } +- if priv == nil { +- return nil, nil, ErrMissingPrivateKey +- } +- // now find the certificate with the matching public key of our private key +- var cert *x509.Certificate +- for _, block := range blocks { +- if block.Type == "CERTIFICATE" { +- pcert, err := x509.ParseCertificate(block.Bytes) +- if err != nil { +- return nil, nil, err +- } +- certKey, ok := pcert.PublicKey.(*rsa.PublicKey) +- if !ok { +- // keep looking +- continue +- } +- if priv.E == certKey.E && priv.N.Cmp(certKey.N) == 0 { +- // found a match +- cert = pcert +- break +- } +- } +- } +- if cert == nil { +- return nil, nil, ErrMissingCertificate +- } +- return cert, priv, nil ++ panic("pkcs12 cipher not available") + } +diff --git a/vendor/github.com/Azure/go-ntlmssp/nlmp.go b/vendor/github.com/Azure/go-ntlmssp/nlmp.go +index 1e65abe..0ef2301 100644 +--- a/vendor/github.com/Azure/go-ntlmssp/nlmp.go ++++ b/vendor/github.com/Azure/go-ntlmssp/nlmp.go +@@ -10,7 +10,6 @@ package ntlmssp + import ( + "crypto/hmac" + "crypto/md5" +- "golang.org/x/crypto/md4" + "strings" + ) + +@@ -19,9 +18,7 @@ func getNtlmV2Hash(password, username, target string) []byte { + } + + func getNtlmHash(password string) []byte { +- hash := md4.New() +- hash.Write(toUnicode(password)) +- return hash.Sum(nil) ++ panic("md4 cipher not available") + } + + func computeNtlmV2Response(ntlmV2Hash, serverChallenge, clientChallenge, +diff --git a/vendor/github.com/ory/fosite/hash_bcrypt.go b/vendor/github.com/ory/fosite/hash_bcrypt.go +index 44b8fcb..4a75d24 100644 +--- a/vendor/github.com/ory/fosite/hash_bcrypt.go ++++ b/vendor/github.com/ory/fosite/hash_bcrypt.go +@@ -5,10 +5,6 @@ package fosite + + import ( + "context" +- +- "github.com/ory/x/errorsx" +- +- "golang.org/x/crypto/bcrypt" + ) + + const DefaultBCryptWorkFactor = 12 +@@ -21,20 +17,9 @@ type BCrypt struct { + } + + func (b *BCrypt) Hash(ctx context.Context, data []byte) ([]byte, error) { +- wf := b.Config.GetBCryptCost(ctx) +- if wf == 0 { +- wf = DefaultBCryptWorkFactor +- } +- s, err := bcrypt.GenerateFromPassword(data, wf) +- if err != nil { +- return nil, errorsx.WithStack(err) +- } +- return s, nil ++ panic("bcrypt ciper not available") + } + + func (b *BCrypt) Compare(ctx context.Context, hash, data []byte) error { +- if err := bcrypt.CompareHashAndPassword(hash, data); err != nil { +- return errorsx.WithStack(err) +- } +- return nil ++ panic("bcrypt cipher not available") + } +diff --git a/vendor/filippo.io/age/internal/stream/stream.go b/vendor/filippo.io/age/internal/stream/stream.go +index 7cf02c4..29f4f44 100644 +--- a/vendor/filippo.io/age/internal/stream/stream.go ++++ b/vendor/filippo.io/age/internal/stream/stream.go +@@ -10,9 +10,6 @@ import ( + "errors" + "fmt" + "io" +- +- "golang.org/x/crypto/chacha20poly1305" +- "golang.org/x/crypto/poly1305" + ) + + const ChunkSize = 64 * 1024 +@@ -25,23 +22,16 @@ type Reader struct { + buf [encChunkSize]byte + + err error +- nonce [chacha20poly1305.NonceSize]byte ++ nonce []byte + } + + const ( +- encChunkSize = ChunkSize + poly1305.TagSize ++ encChunkSize = ChunkSize + lastChunkFlag = 0x01 + ) + + func NewReader(key []byte, src io.Reader) (*Reader, error) { +- aead, err := chacha20poly1305.New(key) +- if err != nil { +- return nil, err +- } +- return &Reader{ +- a: aead, +- src: src, +- }, nil ++ panic("chacha20poly1305 cipher not available") + } + + func (r *Reader) Read(p []byte) (int, error) { +@@ -87,64 +77,20 @@ func (r *Reader) Read(p []byte) (int, error) { + // in r.unread. last is true if the chunk was marked as the end of the message. + // readChunk must not be called again after returning a last chunk or an error. + func (r *Reader) readChunk() (last bool, err error) { +- if len(r.unread) != 0 { +- panic("stream: internal error: readChunk called with dirty buffer") +- } ++ panic("poly1305 cipher not available") + +- in := r.buf[:] +- n, err := io.ReadFull(r.src, in) +- switch { +- case err == io.EOF: +- // A message can't end without a marked chunk. This message is truncated. +- return false, io.ErrUnexpectedEOF +- case err == io.ErrUnexpectedEOF: +- // The last chunk can be short, but not empty unless it's the first and +- // only chunk. +- if !nonceIsZero(&r.nonce) && n == r.a.Overhead() { +- return false, errors.New("last chunk is empty, try age v1.0.0, and please consider reporting this") +- } +- in = in[:n] +- last = true +- setLastChunkFlag(&r.nonce) +- case err != nil: +- return false, err +- } +- +- outBuf := make([]byte, 0, ChunkSize) +- out, err := r.a.Open(outBuf, r.nonce[:], in, nil) +- if err != nil && !last { +- // Check if this was a full-length final chunk. +- last = true +- setLastChunkFlag(&r.nonce) +- out, err = r.a.Open(outBuf, r.nonce[:], in, nil) +- } +- if err != nil { +- return false, errors.New("failed to decrypt and authenticate payload chunk") +- } +- +- incNonce(&r.nonce) +- r.unread = r.buf[:copy(r.buf[:], out)] +- return last, nil + } + +-func incNonce(nonce *[chacha20poly1305.NonceSize]byte) { +- for i := len(nonce) - 2; i >= 0; i-- { +- nonce[i]++ +- if nonce[i] != 0 { +- break +- } else if i == 0 { +- // The counter is 88 bits, this is unreachable. +- panic("stream: chunk counter wrapped around") +- } +- } ++func incNonce(nonce *[]byte) { ++ panic("chacha20poly1305 cipher not available") + } + +-func setLastChunkFlag(nonce *[chacha20poly1305.NonceSize]byte) { +- nonce[len(nonce)-1] = lastChunkFlag ++func setLastChunkFlag(nonce *[]byte) { ++ panic("chacha20poly1305 cipher not available") + } + +-func nonceIsZero(nonce *[chacha20poly1305.NonceSize]byte) bool { +- return *nonce == [chacha20poly1305.NonceSize]byte{} ++func nonceIsZero(nonce *[]byte) bool { ++ panic("chacha20poly1305 cipher not available") + } + + type Writer struct { +@@ -152,47 +98,17 @@ type Writer struct { + dst io.Writer + unwritten []byte // backed by buf + buf [encChunkSize]byte +- nonce [chacha20poly1305.NonceSize]byte ++ nonce []byte + err error + } + + func NewWriter(key []byte, dst io.Writer) (*Writer, error) { +- aead, err := chacha20poly1305.New(key) +- if err != nil { +- return nil, err +- } +- w := &Writer{ +- a: aead, +- dst: dst, +- } +- w.unwritten = w.buf[:0] +- return w, nil ++ panic("chacha20poly1305 cipher not available") ++ + } + + func (w *Writer) Write(p []byte) (n int, err error) { +- // TODO: consider refactoring with a bytes.Buffer. +- if w.err != nil { +- return 0, w.err +- } +- if len(p) == 0 { +- return 0, nil +- } +- +- total := len(p) +- for len(p) > 0 { +- freeBuf := w.buf[len(w.unwritten):ChunkSize] +- n := copy(freeBuf, p) +- p = p[n:] +- w.unwritten = w.unwritten[:len(w.unwritten)+n] +- +- if len(w.unwritten) == ChunkSize && len(p) > 0 { +- if err := w.flushChunk(notLastChunk); err != nil { +- w.err = err +- return 0, err +- } +- } +- } +- return total, nil ++ panic("chacha20poly1305 cipher not available") + } + + // Close flushes the last chunk. It does not close the underlying Writer. +@@ -216,16 +132,5 @@ const ( + ) + + func (w *Writer) flushChunk(last bool) error { +- if !last && len(w.unwritten) != ChunkSize { +- panic("stream: internal error: flush called with partial chunk") +- } +- +- if last { +- setLastChunkFlag(&w.nonce) +- } +- buf := w.a.Seal(w.buf[:0], w.nonce[:], w.unwritten, nil) +- _, err := w.dst.Write(buf) +- w.unwritten = w.buf[:0] +- incNonce(&w.nonce) +- return err ++ panic("chacha20poly1305 cipher not available") + } +diff --git a/vendor/filippo.io/age/primitives.go b/vendor/filippo.io/age/primitives.go +index 804b019..2ee760f 100644 +--- a/vendor/filippo.io/age/primitives.go ++++ b/vendor/filippo.io/age/primitives.go +@@ -5,29 +5,14 @@ + package age + + import ( +- "crypto/hmac" +- "crypto/sha256" + "errors" +- "io" + + "filippo.io/age/internal/format" +- "golang.org/x/crypto/chacha20poly1305" +- "golang.org/x/crypto/hkdf" + ) + + // aeadEncrypt encrypts a message with a one-time key. + func aeadEncrypt(key, plaintext []byte) ([]byte, error) { +- aead, err := chacha20poly1305.New(key) +- if err != nil { +- return nil, err +- } +- // The nonce is fixed because this function is only used in places where the +- // spec guarantees each key is only used once (by deriving it from values +- // that include fresh randomness), allowing us to save the overhead. +- // For the code that encrypts the actual payload, look at the +- // filippo.io/age/internal/stream package. +- nonce := make([]byte, chacha20poly1305.NonceSize) +- return aead.Seal(nil, nonce, plaintext, nil), nil ++ panic("chacha20poly1305 cipher not available") + } + + var errIncorrectCiphertextSize = errors.New("encrypted value has unexpected length") +@@ -38,35 +23,13 @@ var errIncorrectCiphertextSize = errors.New("encrypted value has unexpected leng + // can be crafted that decrypts successfully under multiple keys. Short + // ciphertexts can only target two keys, which has limited impact. + func aeadDecrypt(key []byte, size int, ciphertext []byte) ([]byte, error) { +- aead, err := chacha20poly1305.New(key) +- if err != nil { +- return nil, err +- } +- if len(ciphertext) != size+aead.Overhead() { +- return nil, errIncorrectCiphertextSize +- } +- nonce := make([]byte, chacha20poly1305.NonceSize) +- return aead.Open(nil, nonce, ciphertext, nil) ++ panic("chacha20poly1305 cipher not available") + } + + func headerMAC(fileKey []byte, hdr *format.Header) ([]byte, error) { +- h := hkdf.New(sha256.New, fileKey, nil, []byte("header")) +- hmacKey := make([]byte, 32) +- if _, err := io.ReadFull(h, hmacKey); err != nil { +- return nil, err +- } +- hh := hmac.New(sha256.New, hmacKey) +- if err := hdr.MarshalWithoutMAC(hh); err != nil { +- return nil, err +- } +- return hh.Sum(nil), nil ++ panic("hkdf cipher not available") + } + + func streamKey(fileKey, nonce []byte) []byte { +- h := hkdf.New(sha256.New, fileKey, nonce, []byte("payload")) +- streamKey := make([]byte, chacha20poly1305.KeySize) +- if _, err := io.ReadFull(h, streamKey); err != nil { +- panic("age: internal error: failed to read from HKDF: " + err.Error()) +- } +- return streamKey ++ panic("chacha20poly1305 cipher not available") + } +diff --git a/vendor/filippo.io/age/scrypt.go b/vendor/filippo.io/age/scrypt.go +index 1346ad1..a97e385 100644 +--- a/vendor/filippo.io/age/scrypt.go ++++ b/vendor/filippo.io/age/scrypt.go +@@ -5,15 +5,8 @@ + package age + + import ( +- "crypto/rand" + "errors" +- "fmt" + "regexp" +- "strconv" +- +- "filippo.io/age/internal/format" +- "golang.org/x/crypto/chacha20poly1305" +- "golang.org/x/crypto/scrypt" + ) + + const scryptLabel = "age-encryption.org/v1/scrypt" +@@ -61,30 +54,7 @@ func (r *ScryptRecipient) SetWorkFactor(logN int) { + const scryptSaltSize = 16 + + func (r *ScryptRecipient) Wrap(fileKey []byte) ([]*Stanza, error) { +- salt := make([]byte, scryptSaltSize) +- if _, err := rand.Read(salt[:]); err != nil { +- return nil, err +- } +- +- logN := r.workFactor +- l := &Stanza{ +- Type: "scrypt", +- Args: []string{format.EncodeToString(salt), strconv.Itoa(logN)}, +- } +- +- salt = append([]byte(scryptLabel), salt...) +- k, err := scrypt.Key(r.password, salt, 1< i.maxWorkFactor { +- return nil, fmt.Errorf("scrypt work factor too large: %v", logN) +- } +- if logN <= 0 { // unreachable +- return nil, fmt.Errorf("invalid scrypt work factor: %v", logN) +- } +- +- salt = append([]byte(scryptLabel), salt...) +- k, err := scrypt.Key(i.password, salt, 1< 32 { +- return "", errors.New("square/go-jose: invalid elliptic key (too large)") +- } +- return fmt.Sprintf(edThumbprintTemplate, crv, +- newFixedSizeBuffer(ed, 32).base64()), nil +-} +- + // Thumbprint computes the JWK Thumbprint of a key using the + // indicated hash algorithm. + func (k *JSONWebKey) Thumbprint(hash crypto.Hash) ([]byte, error) { + var input string + var err error + switch key := k.Key.(type) { +- case ed25519.PublicKey: +- input, err = edThumbprintInput(key) + case *ecdsa.PublicKey: + input, err = ecThumbprintInput(key.Curve, key.X, key.Y) + case *ecdsa.PrivateKey: +@@ -381,8 +356,6 @@ func (k *JSONWebKey) Thumbprint(hash crypto.Hash) ([]byte, error) { + input, err = rsaThumbprintInput(key.N, key.E) + case *rsa.PrivateKey: + input, err = rsaThumbprintInput(key.N, key.E) +- case ed25519.PrivateKey: +- input, err = edThumbprintInput(ed25519.PublicKey(key[32:])) + default: + return nil, fmt.Errorf("square/go-jose: unknown key type '%s'", reflect.TypeOf(key)) + } +@@ -399,7 +372,7 @@ func (k *JSONWebKey) Thumbprint(hash crypto.Hash) ([]byte, error) { + // IsPublic returns true if the JWK represents a public key (not symmetric, not private). + func (k *JSONWebKey) IsPublic() bool { + switch k.Key.(type) { +- case *ecdsa.PublicKey, *rsa.PublicKey, ed25519.PublicKey: ++ case *ecdsa.PublicKey, *rsa.PublicKey: + return true + default: + return false +@@ -417,8 +390,6 @@ func (k *JSONWebKey) Public() JSONWebKey { + ret.Key = key.Public() + case *rsa.PrivateKey: + ret.Key = key.Public() +- case ed25519.PrivateKey: +- ret.Key = key.Public() + default: + return JSONWebKey{} // returning invalid key + } +@@ -447,14 +418,6 @@ func (k *JSONWebKey) Valid() bool { + if key.N == nil || key.E == 0 || key.D == nil || len(key.Primes) < 2 { + return false + } +- case ed25519.PublicKey: +- if len(key) != 32 { +- return false +- } +- case ed25519.PrivateKey: +- if len(key) != 64 { +- return false +- } + default: + return false + } +@@ -472,14 +435,6 @@ func (key rawJSONWebKey) rsaPublicKey() (*rsa.PublicKey, error) { + }, nil + } + +-func fromEdPublicKey(pub ed25519.PublicKey) *rawJSONWebKey { +- return &rawJSONWebKey{ +- Kty: "OKP", +- Crv: "Ed25519", +- X: newBuffer(pub), +- } +-} +- + func fromRsaPublicKey(pub *rsa.PublicKey) *rawJSONWebKey { + return &rawJSONWebKey{ + Kty: "RSA", +@@ -559,36 +514,6 @@ func fromEcPublicKey(pub *ecdsa.PublicKey) (*rawJSONWebKey, error) { + return key, nil + } + +-func (key rawJSONWebKey) edPrivateKey() (ed25519.PrivateKey, error) { +- var missing []string +- switch { +- case key.D == nil: +- missing = append(missing, "D") +- case key.X == nil: +- missing = append(missing, "X") +- } +- +- if len(missing) > 0 { +- return nil, fmt.Errorf("square/go-jose: invalid Ed25519 private key, missing %s value(s)", strings.Join(missing, ", ")) +- } +- +- privateKey := make([]byte, ed25519.PrivateKeySize) +- copy(privateKey[0:32], key.D.bytes()) +- copy(privateKey[32:], key.X.bytes()) +- rv := ed25519.PrivateKey(privateKey) +- return rv, nil +-} +- +-func (key rawJSONWebKey) edPublicKey() (ed25519.PublicKey, error) { +- if key.X == nil { +- return nil, fmt.Errorf("square/go-jose: invalid Ed key, missing x value") +- } +- publicKey := make([]byte, ed25519.PublicKeySize) +- copy(publicKey[0:32], key.X.bytes()) +- rv := ed25519.PublicKey(publicKey) +- return rv, nil +-} +- + func (key rawJSONWebKey) rsaPrivateKey() (*rsa.PrivateKey, error) { + var missing []string + switch { +@@ -634,13 +559,6 @@ func (key rawJSONWebKey) rsaPrivateKey() (*rsa.PrivateKey, error) { + return rv, err + } + +-func fromEdPrivateKey(ed ed25519.PrivateKey) (*rawJSONWebKey, error) { +- raw := fromEdPublicKey(ed25519.PublicKey(ed[32:])) +- +- raw.D = newBuffer(ed[0:32]) +- return raw, nil +-} +- + func fromRsaPrivateKey(rsa *rsa.PrivateKey) (*rawJSONWebKey, error) { + if len(rsa.Primes) != 2 { + return nil, ErrUnsupportedKeyType +diff --git a/vendor/gopkg.in/square/go-jose.v2/signing.go b/vendor/gopkg.in/square/go-jose.v2/signing.go +index bad820c..8065475 100644 +--- a/vendor/gopkg.in/square/go-jose.v2/signing.go ++++ b/vendor/gopkg.in/square/go-jose.v2/signing.go +@@ -24,8 +24,6 @@ import ( + "errors" + "fmt" + +- "golang.org/x/crypto/ed25519" +- + "gopkg.in/square/go-jose.v2/json" + ) + +@@ -154,10 +152,6 @@ func NewMultiSigner(sigs []SigningKey, opts *SignerOptions) (Signer, error) { + // newVerifier creates a verifier based on the key type + func newVerifier(verificationKey interface{}) (payloadVerifier, error) { + switch verificationKey := verificationKey.(type) { +- case ed25519.PublicKey: +- return &edEncrypterVerifier{ +- publicKey: verificationKey, +- }, nil + case *rsa.PublicKey: + return &rsaEncrypterVerifier{ + publicKey: verificationKey, +@@ -193,8 +187,6 @@ func (ctx *genericSigner) addRecipient(alg SignatureAlgorithm, signingKey interf + + func makeJWSRecipient(alg SignatureAlgorithm, signingKey interface{}) (recipientSigInfo, error) { + switch signingKey := signingKey.(type) { +- case ed25519.PrivateKey: +- return newEd25519Signer(alg, signingKey) + case *rsa.PrivateKey: + return newRSASigner(alg, signingKey) + case *ecdsa.PrivateKey: +diff --git a/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/envelope.go b/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/envelope.go +index 4bb18ee8..a3342a76 100644 +--- a/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/envelope.go ++++ b/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/envelope.go +@@ -23,14 +23,11 @@ import ( + "crypto/cipher" + "crypto/rand" + "encoding/base64" +- "fmt" + "time" + + "k8s.io/apiserver/pkg/storage/value" + "k8s.io/apiserver/pkg/storage/value/encrypt/envelope/metrics" + "k8s.io/utils/lru" +- +- "golang.org/x/crypto/cryptobyte" + ) + + func init() { +@@ -82,75 +79,12 @@ func NewEnvelopeTransformer(envelopeService Service, cacheSize int, baseTransfor + + // TransformFromStorage decrypts data encrypted by this transformer using envelope encryption. + func (t *envelopeTransformer) TransformFromStorage(ctx context.Context, data []byte, dataCtx value.Context) ([]byte, bool, error) { +- metrics.RecordArrival(metrics.FromStorageLabel, time.Now()) +- +- // Read the 16 bit length-of-DEK encoded at the start of the encrypted DEK. 16 bits can +- // represent a maximum key length of 65536 bytes. We are using a 256 bit key, whose +- // length cannot fit in 8 bits (1 byte). Thus, we use 16 bits (2 bytes) to store the length. +- var encKey cryptobyte.String +- s := cryptobyte.String(data) +- if ok := s.ReadUint16LengthPrefixed(&encKey); !ok { +- return nil, false, fmt.Errorf("invalid data encountered by envelope transformer: failed to read uint16 length prefixed data") +- } +- +- encData := []byte(s) +- +- // Look up the decrypted DEK from cache or Envelope. +- transformer := t.getTransformer(encKey) +- if transformer == nil { +- if t.cacheEnabled { +- value.RecordCacheMiss() +- } +- key, err := t.envelopeService.Decrypt(encKey) +- if err != nil { +- // Do NOT wrap this err using fmt.Errorf() or similar functions +- // because this gRPC status error has useful error code when +- // record the metric. +- return nil, false, err +- } +- +- transformer, err = t.addTransformer(encKey, key) +- if err != nil { +- return nil, false, err +- } +- } +- +- return transformer.TransformFromStorage(ctx, encData, dataCtx) ++ panic("cryptobyte cipher not available") + } + + // TransformToStorage encrypts data to be written to disk using envelope encryption. + func (t *envelopeTransformer) TransformToStorage(ctx context.Context, data []byte, dataCtx value.Context) ([]byte, error) { +- metrics.RecordArrival(metrics.ToStorageLabel, time.Now()) +- newKey, err := generateKey(32) +- if err != nil { +- return nil, err +- } +- +- encKey, err := t.envelopeService.Encrypt(newKey) +- if err != nil { +- // Do NOT wrap this err using fmt.Errorf() or similar functions +- // because this gRPC status error has useful error code when +- // record the metric. +- return nil, err +- } +- +- transformer, err := t.addTransformer(encKey, newKey) +- if err != nil { +- return nil, err +- } +- +- result, err := transformer.TransformToStorage(ctx, data, dataCtx) +- if err != nil { +- return nil, err +- } +- // Append the length of the encrypted DEK as the first 2 bytes. +- b := cryptobyte.NewBuilder(nil) +- b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { +- b.AddBytes([]byte(encKey)) +- }) +- b.AddBytes(result) +- +- return b.Bytes() ++ panic("cryptobyte cipher not available") + } + + var _ value.Transformer = &envelopeTransformer{} +diff --git a/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/aes/aes_extended_nonce.go b/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/aes/aes_extended_nonce.go +index cf8f3930..de4d145f 100644 +--- a/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/aes/aes_extended_nonce.go ++++ b/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/aes/aes_extended_nonce.go +@@ -20,14 +20,10 @@ import ( + "bytes" + "context" + "crypto/aes" +- "crypto/sha256" + "errors" + "fmt" +- "io" + "time" + +- "golang.org/x/crypto/hkdf" +- + "k8s.io/apiserver/pkg/storage/value" + "k8s.io/utils/clock" + ) +@@ -132,14 +128,7 @@ func (e *extendedNonceGCM) derivedKeyTransformer(info []byte, dataCtx value.Cont + } + + func (e *extendedNonceGCM) sha256KDFExpandOnly(info []byte) ([]byte, error) { +- kdf := hkdf.Expand(sha256.New, e.seed, info) +- +- derivedKey := make([]byte, derivedKeySizeExtendedNonceGCM) +- if _, err := io.ReadFull(kdf, derivedKey); err != nil { +- return nil, fmt.Errorf("failed to read a derived key from KDF: %w", err) +- } +- +- return derivedKey, nil ++ panic("hkdf cipher not available") + } + + func newGCMTransformerWithInfo(key, info []byte) (*transformerWithInfo, error) { + +diff --git a/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/kmsv2/envelope.go b/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/kmsv2/envelope.go +index 45d5db58..db3bd2f9 100644 +--- a/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/kmsv2/envelope.go ++++ b/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/kmsv2/envelope.go +@@ -23,12 +23,10 @@ import ( + "crypto/cipher" + "crypto/sha256" + "fmt" +- "sort" + "time" + "unsafe" + + "github.com/gogo/protobuf/proto" +- "golang.org/x/crypto/cryptobyte" + + utilerrors "k8s.io/apimachinery/pkg/util/errors" + "k8s.io/apimachinery/pkg/util/uuid" +@@ -418,41 +416,7 @@ func getRequestInfoFromContext(ctx context.Context) *genericapirequest.RequestIn + // a. annotation key + // b. annotation value + func generateCacheKey(encryptedDEKSourceType kmstypes.EncryptedDEKSourceType, encryptedDEKSource []byte, keyID string, annotations map[string][]byte) ([]byte, error) { +- // TODO(aramase): use sync pool buffer to avoid allocations +- b := cryptobyte.NewBuilder(nil) +- b.AddUint32(uint32(encryptedDEKSourceType)) +- b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { +- b.AddBytes(encryptedDEKSource) +- }) +- b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { +- b.AddBytes(toBytes(keyID)) +- }) +- if len(annotations) == 0 { +- return b.Bytes() +- } +- +- // add the length of annotations to the cache key +- b.AddUint32(uint32(len(annotations))) +- +- // Sort the annotations by key. +- keys := make([]string, 0, len(annotations)) +- for k := range annotations { +- k := k +- keys = append(keys, k) +- } +- sort.Strings(keys) +- for _, k := range keys { +- // The maximum size of annotations is annotationsMaxSize (32 kB) so we can safely +- // assume that the length of the key and value will fit in a uint16. +- b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { +- b.AddBytes(toBytes(k)) +- }) +- b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { +- b.AddBytes(annotations[k]) +- }) +- } +- +- return b.Bytes() ++ panic("cryptobyte cipher not available") + } + + // toBytes performs unholy acts to avoid allocations + +diff --git a/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/secretbox/secretbox.go b/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/secretbox/secretbox.go +index 9aec8acd..d0a19c71 100644 +--- a/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/secretbox/secretbox.go ++++ b/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/secretbox/secretbox.go +@@ -19,10 +19,6 @@ package secretbox + + import ( + "context" +- "crypto/rand" +- "fmt" +- +- "golang.org/x/crypto/nacl/secretbox" + + "k8s.io/apiserver/pkg/storage/value" + ) +@@ -43,28 +39,9 @@ func NewSecretboxTransformer(key [32]byte) value.Transformer { + } + + func (t *secretboxTransformer) TransformFromStorage(ctx context.Context, data []byte, dataCtx value.Context) ([]byte, bool, error) { +- if len(data) < (secretbox.Overhead + nonceSize) { +- return nil, false, fmt.Errorf("the stored data was shorter than the required size") +- } +- var nonce [nonceSize]byte +- copy(nonce[:], data[:nonceSize]) +- data = data[nonceSize:] +- out := make([]byte, 0, len(data)-secretbox.Overhead) +- result, ok := secretbox.Open(out, data, &nonce, &t.key) +- if !ok { +- return nil, false, fmt.Errorf("output array was not large enough for encryption") +- } +- return result, false, nil ++ panic("nacl cipher not available") + } + + func (t *secretboxTransformer) TransformToStorage(ctx context.Context, data []byte, dataCtx value.Context) ([]byte, error) { +- var nonce [nonceSize]byte +- n, err := rand.Read(nonce[:]) +- if err != nil { +- return nil, err +- } +- if n != nonceSize { +- return nil, fmt.Errorf("unable to read sufficient random bytes") +- } +- return secretbox.Seal(nonce[:], data, &nonce, &t.key), nil ++ panic("nacl cipher not available") + } + +diff --git a/vendor/k8s.io/apiserver/pkg/server/config.go b/vendor/k8s.io/apiserver/pkg/server/config.go +index d678f52d..da4abbae 100644 +--- a/vendor/k8s.io/apiserver/pkg/server/config.go ++++ b/vendor/k8s.io/apiserver/pkg/server/config.go +@@ -18,8 +18,6 @@ package server + + import ( + "context" +- "crypto/sha256" +- "encoding/base32" + "fmt" + "net" + "net/http" +@@ -34,7 +32,6 @@ import ( + + jsonpatch "github.com/evanphx/json-patch" + "github.com/google/uuid" +- "golang.org/x/crypto/cryptobyte" + + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" +@@ -374,29 +371,7 @@ func NewConfig(codecs serializer.CodecFactory) *Config { + defaultHealthChecks := []healthz.HealthChecker{healthz.PingHealthz, healthz.LogHealthz} + var id string + if utilfeature.DefaultFeatureGate.Enabled(genericfeatures.APIServerIdentity) { +- hostname, err := hostnameFunc() +- if err != nil { +- klog.Fatalf("error getting hostname for apiserver identity: %v", err) +- } +- +- // Since the hash needs to be unique across each kube-apiserver and aggregated apiservers, +- // the hash used for the identity should include both the hostname and the identity value. +- // TODO: receive the identity value as a parameter once the apiserver identity lease controller +- // post start hook is moved to generic apiserver. +- b := cryptobyte.NewBuilder(nil) +- b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { +- b.AddBytes([]byte(hostname)) +- }) +- b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { +- b.AddBytes([]byte("kube-apiserver")) +- }) +- hashData, err := b.Bytes() +- if err != nil { +- klog.Fatalf("error building hash data for apiserver identity: %v", err) +- } +- +- hash := sha256.Sum256(hashData) +- id = "apiserver-" + strings.ToLower(base32.StdEncoding.WithPadding(base32.NoPadding).EncodeToString(hash[:16])) ++ panic("cryptobyte cipher not available") + } + lifecycleSignals := newLifecycleSignals() diff --git a/1002-vendor-use-pbkdf2-from-OpenSSL.patch b/1002-vendor-use-pbkdf2-from-OpenSSL.patch new file mode 100644 index 0000000000000000000000000000000000000000..ad92fb1c23dbb1ff4c2dccff3a0c9916fdfd228b --- /dev/null +++ b/1002-vendor-use-pbkdf2-from-OpenSSL.patch @@ -0,0 +1,135 @@ +use pbkdf2 from OpenSSL if FIPS mode is enabled + +This patch modifies the x/crypto/pbkdf2 function to use OpenSSL +if FIPS mode is enabled. +DEFINEFUNC is from /usr/lib/golang/src/vendor/github.com/golang-fips/openssl-fips/openssl/goopenssl.h + +diff --git a/vendor/golang.org/x/crypto/internal/boring/boring.go b/vendor/golang.org/x/crypto/internal/boring/boring.go +new file mode 100644 +index 0000000000..5a06918832 +--- /dev/null ++++ b/vendor/golang.org/x/crypto/internal/boring/boring.go +@@ -0,0 +1,74 @@ ++// Copyright 2017 The Go Authors. All rights reserved. ++// Copyright 2021 Red Hat. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++// +build linux ++// +build !android ++// +build !no_openssl ++// +build !cmd_go_bootstrap ++// +build !msan ++ ++package boring ++ ++// #include "/usr/lib/golang/src/vendor/github.com/golang-fips/openssl/v2/goopenssl.h" ++// #cgo LDFLAGS: -ldl ++import "C" ++import ( ++ "bytes" ++ "crypto/sha1" ++ "crypto/sha256" ++ "hash" ++ "unsafe" ++) ++ ++var ( ++ emptySha1 = sha1.Sum([]byte{}) ++ emptySha256 = sha256.Sum256([]byte{}) ++) ++ ++func hashToMD(h hash.Hash) C.GO_EVP_MD_PTR { ++ emptyHash := h.Sum([]byte{}) ++ ++ switch { ++ case bytes.Equal(emptyHash, emptySha1[:]): ++ return C.go_openssl_EVP_sha1() ++ case bytes.Equal(emptyHash, emptySha256[:]): ++ return C.go_openssl_EVP_sha256() ++ } ++ return nil ++} ++ ++// charptr returns the address of the underlying array in b, ++// being careful not to panic when b has zero length. ++func charptr(b []byte) *C.char { ++ if len(b) == 0 { ++ return nil ++ } ++ return (*C.char)(unsafe.Pointer(&b[0])) ++} ++ ++// ucharptr returns the address of the underlying array in b, ++// being careful not to panic when b has zero length. ++func ucharptr(b []byte) *C.uchar { ++ if len(b) == 0 { ++ return nil ++ } ++ return (*C.uchar)(unsafe.Pointer(&b[0])) ++} ++ ++func Pbkdf2Key(password, salt []byte, iter, keyLen int, h func() hash.Hash) []byte { ++ // println("[debug] using pbkdf2 from OpenSSL") ++ ch := h() ++ md := hashToMD(ch) ++ if md == nil { ++ return nil ++ } ++ ++ out := make([]byte, keyLen) ++ ok := C.go_openssl_PKCS5_PBKDF2_HMAC(charptr(password), C.int(len(password)), ucharptr(salt), C.int(len(salt)), C.int(iter), md, C.int(keyLen), ucharptr(out)) ++ if ok != 1 { ++ panic("boringcrypto: PKCS5_PBKDF2_HMAC failed") ++ } ++ return out ++} +diff --git a/vendor/golang.org/x/crypto/internal/boring/notboring.go b/vendor/golang.org/x/crypto/internal/boring/notboring.go +new file mode 100644 +index 0000000000..e244fb5663 +--- /dev/null ++++ b/vendor/golang.org/x/crypto/internal/boring/notboring.go +@@ -0,0 +1,16 @@ ++// Copyright 2017 The Go Authors. All rights reserved. ++// Copyright 2021 Red Hat. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++// +build !linux !cgo android cmd_go_bootstrap msan no_openssl ++ ++package boring ++ ++import ( ++ "hash" ++) ++ ++func Pbkdf2Key(password, salt []byte, iter, keyLen int, h func() hash.Hash) []byte { ++ panic("boringcrypto: not available") ++} +diff --git a/vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go b/vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go +index 593f653008..799a611f94 100644 +--- a/vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go ++++ b/vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go +@@ -19,8 +19,11 @@ pbkdf2.Key. + package pbkdf2 // import "golang.org/x/crypto/pbkdf2" + + import ( ++ "crypto/boring" + "crypto/hmac" + "hash" ++ ++ xboring "golang.org/x/crypto/internal/boring" + ) + + // Key derives a key from the password, salt and iteration count, returning a +@@ -40,6 +43,10 @@ import ( + // Using a higher iteration count will increase the cost of an exhaustive + // search but will also make derivation proportionally slower. + func Key(password, salt []byte, iter, keyLen int, h func() hash.Hash) []byte { ++ if boring.Enabled() { ++ return xboring.Pbkdf2Key(password, salt, iter, keyLen, h) ++ } ++ + prf := hmac.New(h, password) + hashLen := prf.Size() + numBlocks := (keyLen + hashLen - 1) / hashLen diff --git a/1003-vendor-skip-goldenfiles-tests.patch b/1003-vendor-skip-goldenfiles-tests.patch new file mode 100644 index 0000000000000000000000000000000000000000..8f18c0ebcf79a970b333649ce540891e484436d4 --- /dev/null +++ b/1003-vendor-skip-goldenfiles-tests.patch @@ -0,0 +1,18 @@ +skip goldenfiles tests + +The golden files include memory dumps from a x86_64 machine. +Integers are stored as little endian on x86, but as big endian on s390x, +therefore loading this memory dump fails on s390x. + +diff --git a/vendor/github.com/grafana/grafana-plugin-sdk-go/experimental/golden_response_checker.go b/vendor/github.com/grafana/grafana-plugin-sdk-go/experimental/golden_response_checker.go +index 320f40f3bd..20f5fa4f46 100644 +--- a/vendor/github.com/grafana/grafana-plugin-sdk-go/experimental/golden_response_checker.go ++++ b/vendor/github.com/grafana/grafana-plugin-sdk-go/experimental/golden_response_checker.go +@@ -203,6 +203,7 @@ func CheckGoldenJSONFrame(t *testing.T, dir string, name string, f *data.Frame, + // CheckGoldenJSONResponse will verify that the stored JSON file matches the given backend.DataResponse. + func CheckGoldenJSONResponse(t *testing.T, dir string, name string, dr *backend.DataResponse, updateFile bool) { + t.Helper() ++ t.Skip("skipping test: x86_64 memory dump is not compatible with other architectures") + fpath := path.Join(dir, name+".jsonc") + + expected, err := readGoldenJSONFile(fpath) diff --git a/1004-vendor-Redacted-Url-in-logs.patch b/1004-vendor-Redacted-Url-in-logs.patch new file mode 100644 index 0000000000000000000000000000000000000000..9ac5827384bc52ae876ac1335206573709f29d0a --- /dev/null +++ b/1004-vendor-Redacted-Url-in-logs.patch @@ -0,0 +1,51 @@ +diff --git a/vendor/github.com/hashicorp/go-retryablehttp/client.go b/vendor/github.com/hashicorp/go-retryablehttp/client.go +index f40d241..765a828 100644 +--- a/vendor/github.com/hashicorp/go-retryablehttp/client.go ++++ b/vendor/github.com/hashicorp/go-retryablehttp/client.go +@@ -584,9 +584,9 @@ func (c *Client) Do(req *Request) (*http.Response, error) { + if logger != nil { + switch v := logger.(type) { + case LeveledLogger: +- v.Debug("performing request", "method", req.Method, "url", req.URL) ++ v.Debug("performing request", "method", req.Method, "url", req.URL.Redacted()) + case Logger: +- v.Printf("[DEBUG] %s %s", req.Method, req.URL) ++ v.Printf("[DEBUG] %s %s", req.Method, req.URL.Redacted()) + } + } + +@@ -641,9 +641,9 @@ func (c *Client) Do(req *Request) (*http.Response, error) { + if err != nil { + switch v := logger.(type) { + case LeveledLogger: +- v.Error("request failed", "error", err, "method", req.Method, "url", req.URL) ++ v.Error("request failed", "error", err, "method", req.Method, "url", req.URL.Redacted()) + case Logger: +- v.Printf("[ERR] %s %s request failed: %v", req.Method, req.URL, err) ++ v.Printf("[ERR] %s %s request failed: %v", req.Method, req.URL.Redacted(), err) + } + } else { + // Call this here to maintain the behavior of logging all requests, +@@ -679,7 +679,7 @@ func (c *Client) Do(req *Request) (*http.Response, error) { + + wait := c.Backoff(c.RetryWaitMin, c.RetryWaitMax, i, resp) + if logger != nil { +- desc := fmt.Sprintf("%s %s", req.Method, req.URL) ++ desc := fmt.Sprintf("%s %s", req.Method, req.URL.Redacted()) + if resp != nil { + desc = fmt.Sprintf("%s (status: %d)", desc, resp.StatusCode) + } +@@ -735,11 +735,11 @@ func (c *Client) Do(req *Request) (*http.Response, error) { + // communicate why + if err == nil { + return nil, fmt.Errorf("%s %s giving up after %d attempt(s)", +- req.Method, req.URL, attempt) ++ req.Method, req.URL.Redacted(), attempt) + } + + return nil, fmt.Errorf("%s %s giving up after %d attempt(s): %w", +- req.Method, req.URL, attempt, err) ++ req.Method, req.URL.Redacted(), attempt, err) + } + + // Try to read the response body so we can reuse this connection. diff --git a/CVE-2022-29170.patch b/CVE-2022-29170.patch deleted file mode 100644 index 5fe16297c27357a6d2d3a9c52e69317506d092ac..0000000000000000000000000000000000000000 --- a/CVE-2022-29170.patch +++ /dev/null @@ -1,181 +0,0 @@ -From 5f47950c883fa5592348b928d3455ca2191ae79a Mon Sep 17 00:00:00 2001 -From: Leonard Gram -Date: Thu, 19 May 2022 11:55:25 +0200 -Subject: [PATCH] Security: Fixes CVE-2022-29170 (#49223) - -* Request interceptor: block redirects - -* handle location error - -* Update pkg/models/datasource_cache.go - -Co-authored-by: Marcus Efraimsson - -* Update pkg/models/datasource_cache.go - -Co-authored-by: Marcus Efraimsson - -* linter - -* Disables tests that won't work. - -Since this is a backport I don't think it's worth spending the time -trying to figure out how to make them work. - -Co-authored-by: Marcus Efraimsson ---- - pkg/models/datasource_cache.go | 40 +++++++++++++++ - pkg/models/datasource_cache_test.go | 78 ++++++++++++++--------------- - 2 files changed, 79 insertions(+), 39 deletions(-) - -diff --git a/pkg/models/datasource_cache.go b/pkg/models/datasource_cache.go -index 5c368e14da65c..a9b7121f26113 100644 ---- a/pkg/models/datasource_cache.go -+++ b/pkg/models/datasource_cache.go -@@ -11,6 +11,8 @@ import ( - "sync" - "time" - -+ "github.com/grafana/grafana/pkg/services/validations" -+ - "github.com/grafana/grafana-aws-sdk/pkg/sigv4" - "github.com/grafana/grafana/pkg/infra/metrics/metricutil" - "github.com/grafana/grafana/pkg/setting" -@@ -180,6 +182,8 @@ func (ds *DataSource) GetHttpTransport() (*dataSourceTransport, error) { - next = ds.sigV4Middleware(transport) - } - -+ next = BlockRedirectRoundtripper(next) -+ - dsTransport := &dataSourceTransport{ - datasourceName: ds.Name, - headers: customHeaders, -@@ -349,3 +353,39 @@ func newConntrackDialContext(name string) func(context.Context, string, string) - }), - ) - } -+ -+var RequestValidator PluginRequestValidator = &validations.OSSPluginRequestValidator{} -+ -+type RoundTripperFunc func(req *http.Request) (*http.Response, error) -+ -+// RoundTrip implements the RoundTripper interface. -+func (rt RoundTripperFunc) RoundTrip(r *http.Request) (*http.Response, error) { -+ return rt(r) -+} -+func BlockRedirectRoundtripper(next http.RoundTripper) http.RoundTripper { -+ return RoundTripperFunc(func(r *http.Request) (*http.Response, error) { -+ if next == nil { -+ next = http.DefaultTransport -+ } -+ -+ resp, err := next.RoundTrip(r) -+ if err != nil { -+ return nil, err -+ } -+ -+ if resp.StatusCode >= 300 && resp.StatusCode < 400 { -+ redirectLocation, locationErr := resp.Location() -+ if errors.Is(locationErr, http.ErrNoLocation) { -+ return resp, nil -+ } -+ if locationErr != nil { -+ return nil, locationErr -+ } -+ -+ if validationErr := RequestValidator.Validate(redirectLocation.String(), nil); validationErr != nil { -+ return nil, validationErr -+ } -+ } -+ return resp, nil -+ }) -+} -diff --git a/pkg/models/datasource_cache_test.go b/pkg/models/datasource_cache_test.go -index e5e515671ff7f..5eddaa63b8384 100644 ---- a/pkg/models/datasource_cache_test.go -+++ b/pkg/models/datasource_cache_test.go -@@ -220,45 +220,45 @@ func TestDataSource_GetHttpTransport(t *testing.T) { - assert.Equal(t, "Ok", bodyStr) - }) - -- t.Run("Should not include SigV4 middleware if not configured in JsonData", func(t *testing.T) { -- clearDSProxyCache(t) -- -- origEnabled := setting.SigV4AuthEnabled -- setting.SigV4AuthEnabled = true -- t.Cleanup(func() { setting.SigV4AuthEnabled = origEnabled }) -- -- ds := DataSource{ -- Name: "empty", -- } -- -- tr, err := ds.GetHttpTransport() -- require.NoError(t, err) -- -- _, ok := tr.next.(*http.Transport) -- require.True(t, ok) -- }) -- -- t.Run("Should not include SigV4 middleware if not configured in app config", func(t *testing.T) { -- clearDSProxyCache(t) -- -- origEnabled := setting.SigV4AuthEnabled -- setting.SigV4AuthEnabled = false -- t.Cleanup(func() { setting.SigV4AuthEnabled = origEnabled }) -- -- json, err := simplejson.NewJson([]byte(`{ "sigV4Auth": true }`)) -- require.NoError(t, err) -- -- ds := DataSource{ -- JsonData: json, -- Name: "empty", -- } -- -- tr, err := ds.GetHttpTransport() -- require.NoError(t, err) -- -- _, ok := tr.next.(*http.Transport) -- require.True(t, ok) -- }) -+ //t.Run("Should not include SigV4 middleware if not configured in JsonData", func(t *testing.T) { -+ // clearDSProxyCache(t) -+ // -+ // origEnabled := setting.SigV4AuthEnabled -+ // setting.SigV4AuthEnabled = true -+ // t.Cleanup(func() { setting.SigV4AuthEnabled = origEnabled }) -+ // -+ // ds := DataSource{ -+ // Name: "empty", -+ // } -+ // -+ // tr, err := ds.GetHttpTransport() -+ // require.NoError(t, err) -+ // -+ // _, ok := tr.next.(*http.Transport) -+ // require.True(t, ok) -+ //}) -+ // -+ //t.Run("Should not include SigV4 middleware if not configured in app config", func(t *testing.T) { -+ // clearDSProxyCache(t) -+ // -+ // origEnabled := setting.SigV4AuthEnabled -+ // setting.SigV4AuthEnabled = false -+ // t.Cleanup(func() { setting.SigV4AuthEnabled = origEnabled }) -+ // -+ // json, err := simplejson.NewJson([]byte(`{ "sigV4Auth": true }`)) -+ // require.NoError(t, err) -+ // -+ // ds := DataSource{ -+ // JsonData: json, -+ // Name: "empty", -+ // } -+ // -+ // tr, err := ds.GetHttpTransport() -+ // require.NoError(t, err) -+ // -+ // _, ok := tr.next.(*http.Transport) -+ // require.True(t, ok) -+ //}) - - t.Run("Datasource name not set", func(t *testing.T) { - clearDSProxyCache(t) diff --git a/CVE-2022-31107.patch b/CVE-2022-31107.patch deleted file mode 100644 index 2c69752e7edbe23ac35fb2ca8f9cce240cc0f710..0000000000000000000000000000000000000000 --- a/CVE-2022-31107.patch +++ /dev/null @@ -1,353 +0,0 @@ -From 41a9a27cf0767828f38a390bbe7cf43f613b882e Mon Sep 17 00:00:00 2001 -From: Andreas Gerstmayr -Date: Fri, 15 Jul 2022 14:05:14 +0200 -Subject: [PATCH] fix CVE-2022-31107 - -backport 967e17d7ef6bc62a108add33ea699710f0e15870 from v8.4.10 - -Co-authored-by: Karl Persson -Co-authored-by: Jguer - -diff --git a/pkg/api/ldap_debug.go b/pkg/api/ldap_debug.go -index 126e760b67..c9e2b606c5 100644 ---- a/pkg/api/ldap_debug.go -+++ b/pkg/api/ldap_debug.go -@@ -215,6 +215,11 @@ func (hs *HTTPServer) PostSyncUserWithLDAP(c *models.ReqContext) response.Respon - ReqContext: c, - ExternalUser: user, - SignupAllowed: hs.Cfg.LDAPAllowSignup, -+ UserLookupParams: models.UserLookupParams{ -+ UserID: &query.Result.Id, // Upsert by ID only -+ Email: nil, -+ Login: nil, -+ }, - } - - err = bus.Dispatch(upsertCmd) -diff --git a/pkg/api/login_oauth.go b/pkg/api/login_oauth.go -index 1fce9b6f61..611d51444f 100644 ---- a/pkg/api/login_oauth.go -+++ b/pkg/api/login_oauth.go -@@ -250,6 +250,11 @@ func syncUser( - ReqContext: ctx, - ExternalUser: extUser, - SignupAllowed: connect.IsSignupAllowed(), -+ UserLookupParams: models.UserLookupParams{ -+ Email: &extUser.Email, -+ UserID: nil, -+ Login: nil, -+ }, - } - if err := bus.Dispatch(cmd); err != nil { - return nil, err -diff --git a/pkg/login/ldap_login.go b/pkg/login/ldap_login.go -index cb5d984e73..82dac2ee9e 100644 ---- a/pkg/login/ldap_login.go -+++ b/pkg/login/ldap_login.go -@@ -56,9 +56,13 @@ var loginUsingLDAP = func(query *models.LoginUserQuery) (bool, error) { - ReqContext: query.ReqContext, - ExternalUser: externalUser, - SignupAllowed: setting.LDAPAllowSignup, -+ UserLookupParams: models.UserLookupParams{ -+ Login: &externalUser.Login, -+ Email: &externalUser.Email, -+ UserID: nil, -+ }, - } -- err = bus.Dispatch(upsert) -- if err != nil { -+ if err = bus.Dispatch(upsert); err != nil { - return true, err - } - query.User = upsert.Result -diff --git a/pkg/models/user_auth.go b/pkg/models/user_auth.go -index 2061cf048b..a98efe659e 100644 ---- a/pkg/models/user_auth.go -+++ b/pkg/models/user_auth.go -@@ -54,11 +54,11 @@ type RequestURIKey struct{} - // COMMANDS - - type UpsertUserCommand struct { -- ReqContext *ReqContext -- ExternalUser *ExternalUserInfo -+ ReqContext *ReqContext -+ ExternalUser *ExternalUserInfo -+ UserLookupParams -+ Result *User - SignupAllowed bool -- -- Result *User - } - - type SetAuthInfoCommand struct { -@@ -95,13 +95,18 @@ type LoginUserQuery struct { - type GetUserByAuthInfoQuery struct { - AuthModule string - AuthId string -- UserId int64 -- Email string -- Login string -+ UserLookupParams - - Result *User - } - -+type UserLookupParams struct { -+ // Describes lookup order as well -+ UserID *int64 // if set, will try to find the user by id -+ Email *string // if set, will try to find the user by email -+ Login *string // if set, will try to find the user by login -+} -+ - type GetExternalUserInfoByLoginQuery struct { - LoginOrEmail string - -diff --git a/pkg/services/contexthandler/authproxy/authproxy.go b/pkg/services/contexthandler/authproxy/authproxy.go -index 80e5a5b9e0..0d834748a7 100644 ---- a/pkg/services/contexthandler/authproxy/authproxy.go -+++ b/pkg/services/contexthandler/authproxy/authproxy.go -@@ -246,6 +246,11 @@ func (auth *AuthProxy) LoginViaLDAP() (int64, error) { - ReqContext: auth.ctx, - SignupAllowed: auth.cfg.LDAPAllowSignup, - ExternalUser: extUser, -+ UserLookupParams: models.UserLookupParams{ -+ Login: &extUser.Login, -+ Email: &extUser.Email, -+ UserID: nil, -+ }, - } - if err := bus.Dispatch(upsert); err != nil { - return 0, err -@@ -288,6 +293,11 @@ func (auth *AuthProxy) LoginViaHeader() (int64, error) { - ReqContext: auth.ctx, - SignupAllowed: auth.cfg.AuthProxyAutoSignUp, - ExternalUser: extUser, -+ UserLookupParams: models.UserLookupParams{ -+ UserID: nil, -+ Login: &extUser.Login, -+ Email: &extUser.Email, -+ }, - } - - err := bus.Dispatch(upsert) -diff --git a/pkg/services/login/login.go b/pkg/services/login/login.go -index 9e08a36b06..b74d1d3e8f 100644 ---- a/pkg/services/login/login.go -+++ b/pkg/services/login/login.go -@@ -37,11 +37,9 @@ func (ls *LoginService) UpsertUser(cmd *models.UpsertUserCommand) error { - extUser := cmd.ExternalUser - - userQuery := &models.GetUserByAuthInfoQuery{ -- AuthModule: extUser.AuthModule, -- AuthId: extUser.AuthId, -- UserId: extUser.UserId, -- Email: extUser.Email, -- Login: extUser.Login, -+ AuthModule: extUser.AuthModule, -+ AuthId: extUser.AuthId, -+ UserLookupParams: cmd.UserLookupParams, - } - if err := bus.Dispatch(userQuery); err != nil { - if !errors.Is(err, models.ErrUserNotFound) { -diff --git a/pkg/services/login/login_test.go b/pkg/services/login/login_test.go -index 04953b567a..dd84ee29c8 100644 ---- a/pkg/services/login/login_test.go -+++ b/pkg/services/login/login_test.go -@@ -82,10 +82,12 @@ func Test_teamSync(t *testing.T) { - QuotaService: "a.QuotaService{}, - } - -- upserCmd := &models.UpsertUserCommand{ExternalUser: &models.ExternalUserInfo{Email: "test_user@example.org"}} -+ email := "test_user@example.org" -+ upserCmd := &models.UpsertUserCommand{ExternalUser: &models.ExternalUserInfo{Email: email}, -+ UserLookupParams: models.UserLookupParams{Email: &email}} - expectedUser := &models.User{ - Id: 1, -- Email: "test_user@example.org", -+ Email: email, - Name: "test_user", - Login: "test_user", - } -diff --git a/pkg/services/sqlstore/user_auth.go b/pkg/services/sqlstore/user_auth.go -index 9605ccce76..f6f0e510bc 100644 ---- a/pkg/services/sqlstore/user_auth.go -+++ b/pkg/services/sqlstore/user_auth.go -@@ -40,11 +40,12 @@ func GetUserByAuthInfo(query *models.GetUserByAuthInfoQuery) error { - } - - // if user id was specified and doesn't match the user_auth entry, remove it -- if query.UserId != 0 && query.UserId != authQuery.Result.UserId { -- err = DeleteAuthInfo(&models.DeleteAuthInfoCommand{ -+ if query.UserLookupParams.UserID != nil && -+ *query.UserLookupParams.UserID != 0 && -+ *query.UserLookupParams.UserID != authQuery.Result.UserId { -+ if err := DeleteAuthInfo(&models.DeleteAuthInfoCommand{ - UserAuth: authQuery.Result, -- }) -- if err != nil { -+ }); err != nil { - sqlog.Error("Error removing user_auth entry", "error", err) - } - -@@ -70,17 +71,18 @@ func GetUserByAuthInfo(query *models.GetUserByAuthInfoQuery) error { - } - } - -+ params := query.UserLookupParams - // If not found, try to find the user by id -- if !has && query.UserId != 0 { -- has, err = x.Id(query.UserId).Get(user) -+ if !has && params.UserID != nil && *params.UserID != 0 { -+ has, err = x.Id(*params.UserID).Get(user) - if err != nil { - return err - } - } - - // If not found, try to find the user by email address -- if !has && query.Email != "" { -- user = &models.User{Email: query.Email} -+ if !has && params.Email != nil && *params.Email != "" { -+ user = &models.User{Email: *params.Email} - has, err = x.Get(user) - if err != nil { - return err -@@ -88,8 +90,8 @@ func GetUserByAuthInfo(query *models.GetUserByAuthInfoQuery) error { - } - - // If not found, try to find the user by login -- if !has && query.Login != "" { -- user = &models.User{Login: query.Login} -+ if !has && params.Login != nil && *params.Login != "" { -+ user = &models.User{Login: *params.Login} - has, err = x.Get(user) - if err != nil { - return err -diff --git a/pkg/services/sqlstore/user_auth_test.go b/pkg/services/sqlstore/user_auth_test.go -index e5bb2379e5..d94ce34edb 100644 ---- a/pkg/services/sqlstore/user_auth_test.go -+++ b/pkg/services/sqlstore/user_auth_test.go -@@ -45,7 +45,7 @@ func TestUserAuth(t *testing.T) { - // By Login - login := "loginuser0" - -- query := &models.GetUserByAuthInfoQuery{Login: login} -+ query := &models.GetUserByAuthInfoQuery{UserLookupParams: models.UserLookupParams{Login: &login}} - err = GetUserByAuthInfo(query) - - So(err, ShouldBeNil) -@@ -54,7 +54,7 @@ func TestUserAuth(t *testing.T) { - // By ID - id := query.Result.Id - -- query = &models.GetUserByAuthInfoQuery{UserId: id} -+ query = &models.GetUserByAuthInfoQuery{UserLookupParams: models.UserLookupParams{UserID: &id}} - err = GetUserByAuthInfo(query) - - So(err, ShouldBeNil) -@@ -63,7 +63,7 @@ func TestUserAuth(t *testing.T) { - // By Email - email := "user1@test.com" - -- query = &models.GetUserByAuthInfoQuery{Email: email} -+ query = &models.GetUserByAuthInfoQuery{UserLookupParams: models.UserLookupParams{Email: &email}} - err = GetUserByAuthInfo(query) - - So(err, ShouldBeNil) -@@ -72,7 +72,7 @@ func TestUserAuth(t *testing.T) { - // Don't find nonexistent user - email = "nonexistent@test.com" - -- query = &models.GetUserByAuthInfoQuery{Email: email} -+ query = &models.GetUserByAuthInfoQuery{UserLookupParams: models.UserLookupParams{Email: &email}} - err = GetUserByAuthInfo(query) - - So(err, ShouldEqual, models.ErrUserNotFound) -@@ -90,7 +90,7 @@ func TestUserAuth(t *testing.T) { - // create user_auth entry - login := "loginuser0" - -- query.Login = login -+ query.UserLookupParams.Login = &login - err = GetUserByAuthInfo(query) - - So(err, ShouldBeNil) -@@ -104,9 +104,9 @@ func TestUserAuth(t *testing.T) { - So(query.Result.Login, ShouldEqual, login) - - // get with non-matching id -- id := query.Result.Id -+ idPlusOne := query.Result.Id + 1 - -- query.UserId = id + 1 -+ query.UserLookupParams.UserID = &idPlusOne - err = GetUserByAuthInfo(query) - - So(err, ShouldBeNil) -@@ -143,7 +143,7 @@ func TestUserAuth(t *testing.T) { - login := "loginuser0" - - // Calling GetUserByAuthInfoQuery on an existing user will populate an entry in the user_auth table -- query := &models.GetUserByAuthInfoQuery{Login: login, AuthModule: "test", AuthId: "test"} -+ query := &models.GetUserByAuthInfoQuery{AuthModule: "test", AuthId: "test", UserLookupParams: models.UserLookupParams{Login: &login}} - err = GetUserByAuthInfo(query) - - So(err, ShouldBeNil) -@@ -178,7 +178,7 @@ func TestUserAuth(t *testing.T) { - // Calling GetUserByAuthInfoQuery on an existing user will populate an entry in the user_auth table - // Make the first log-in during the past - getTime = func() time.Time { return time.Now().AddDate(0, 0, -2) } -- query := &models.GetUserByAuthInfoQuery{Login: login, AuthModule: "test1", AuthId: "test1"} -+ query := &models.GetUserByAuthInfoQuery{AuthModule: "test1", AuthId: "test1", UserLookupParams: models.UserLookupParams{Login: &login}} - err = GetUserByAuthInfo(query) - getTime = time.Now - -@@ -188,7 +188,7 @@ func TestUserAuth(t *testing.T) { - // Add a second auth module for this user - // Have this module's last log-in be more recent - getTime = func() time.Time { return time.Now().AddDate(0, 0, -1) } -- query = &models.GetUserByAuthInfoQuery{Login: login, AuthModule: "test2", AuthId: "test2"} -+ query = &models.GetUserByAuthInfoQuery{AuthModule: "test2", AuthId: "test2", UserLookupParams: models.UserLookupParams{Login: &login}} - err = GetUserByAuthInfo(query) - getTime = time.Now - -diff --git a/pkg/services/sqlstore/user_test.go b/pkg/services/sqlstore/user_test.go -index 7da19f0ef4..aa796ffb02 100644 ---- a/pkg/services/sqlstore/user_test.go -+++ b/pkg/services/sqlstore/user_test.go -@@ -455,7 +455,7 @@ func TestUserDataAccess(t *testing.T) { - // Calling GetUserByAuthInfoQuery on an existing user will populate an entry in the user_auth table - // Make the first log-in during the past - getTime = func() time.Time { return time.Now().AddDate(0, 0, -2) } -- query := &models.GetUserByAuthInfoQuery{Login: login, AuthModule: "ldap", AuthId: "ldap0"} -+ query := &models.GetUserByAuthInfoQuery{AuthModule: "ldap", AuthId: "ldap0", UserLookupParams: models.UserLookupParams{Login: &login}} - err := GetUserByAuthInfo(query) - getTime = time.Now - -@@ -465,7 +465,7 @@ func TestUserDataAccess(t *testing.T) { - // Add a second auth module for this user - // Have this module's last log-in be more recent - getTime = func() time.Time { return time.Now().AddDate(0, 0, -1) } -- query = &models.GetUserByAuthInfoQuery{Login: login, AuthModule: "oauth", AuthId: "oauth0"} -+ query = &models.GetUserByAuthInfoQuery{AuthModule: "oauth", AuthId: "oauth0", UserLookupParams: models.UserLookupParams{Login: &login}} - err = GetUserByAuthInfo(query) - getTime = time.Now - -@@ -511,7 +511,7 @@ func TestUserDataAccess(t *testing.T) { - // Calling GetUserByAuthInfoQuery on an existing user will populate an entry in the user_auth table - // Make the first log-in during the past - getTime = func() time.Time { return time.Now().AddDate(0, 0, -2) } -- query := &models.GetUserByAuthInfoQuery{Login: login, AuthModule: "ldap", AuthId: fmt.Sprint("ldap", i)} -+ query := &models.GetUserByAuthInfoQuery{AuthModule: "ldap", AuthId: fmt.Sprint("ldap", i), UserLookupParams: models.UserLookupParams{Login: &login}} - err := GetUserByAuthInfo(query) - getTime = time.Now - -@@ -522,7 +522,7 @@ func TestUserDataAccess(t *testing.T) { - // Log in first user with oauth - login := "loginuser0" - getTime = func() time.Time { return time.Now().AddDate(0, 0, -1) } -- query := &models.GetUserByAuthInfoQuery{Login: login, AuthModule: "oauth", AuthId: "oauth0"} -+ query := &models.GetUserByAuthInfoQuery{AuthModule: "oauth", AuthId: "oauth0", UserLookupParams: models.UserLookupParams{Login: &login}} - err := GetUserByAuthInfo(query) - getTime = time.Now - diff --git a/Makefile b/Makefile deleted file mode 100644 index 9389d7bc7d6ae1c798621693445d4467f4c7ee22..0000000000000000000000000000000000000000 --- a/Makefile +++ /dev/null @@ -1,96 +0,0 @@ -VERSION := $(shell rpm --specfile *.spec --qf '%{VERSION}\n' | head -1) -RELEASE := $(shell rpm --specfile *.spec --qf '%{RELEASE}\n' | head -1 | cut -d. -f1) -CHANGELOGTIME := $(shell rpm --specfile *.spec --qf '%{CHANGELOGTIME}\n' | head -1) -SOURCE_DATE_EPOCH := $(shell echo $$(( $(CHANGELOGTIME) - $(CHANGELOGTIME) % 86400 ))) - -NAME := grafana -RPM_NAME := $(NAME) -SOURCE_DIR := $(NAME)-$(VERSION) -SOURCE_TAR := $(NAME)-$(VERSION).tar.gz -VENDOR_TAR := $(RPM_NAME)-vendor-$(VERSION)-$(RELEASE).tar.xz -WEBPACK_TAR := $(RPM_NAME)-webpack-$(VERSION)-$(RELEASE).tar.gz - -# patches which must be applied before creating the vendor tarball, for example: -# - changes in dependency versions -# - changes in Go module imports (which affect the vendored Go modules) -PATCHES_PRE_VENDOR := \ - 005-remove-unused-dependencies.patch \ - 008-remove-unused-frontend-crypto.patch \ - 012-support-go1.18.patch \ - 013-CVE-2021-23648.patch \ - 014-CVE-2022-21698.patch - -# patches which must be applied before creating the webpack, for example: -# - changes in Node.js sources or vendored dependencies -PATCHES_PRE_WEBPACK := \ - 008-remove-unused-frontend-crypto.patch - - -all: $(SOURCE_TAR) $(VENDOR_TAR) $(WEBPACK_TAR) - -$(SOURCE_TAR): - spectool -g $(RPM_NAME).spec - -$(VENDOR_TAR): $(SOURCE_TAR) - # Start with a clean state - rm -rf $(SOURCE_DIR) - tar pxf $(SOURCE_TAR) - - # Patches to apply before vendoring - for patch in $(PATCHES_PRE_VENDOR); do echo applying $$patch ...; patch -d $(SOURCE_DIR) -p1 --fuzz=0 < $$patch; done - - # Go - cd $(SOURCE_DIR) && go mod vendor -v - # Remove unused crypto - rm $(SOURCE_DIR)/vendor/golang.org/x/crypto/cast5/cast5.go - rm $(SOURCE_DIR)/vendor/golang.org/x/crypto/ed25519/ed25519.go - rm $(SOURCE_DIR)/vendor/golang.org/x/crypto/ed25519/internal/edwards25519/const.go - rm $(SOURCE_DIR)/vendor/golang.org/x/crypto/ed25519/internal/edwards25519/edwards25519.go - rm $(SOURCE_DIR)/vendor/golang.org/x/crypto/openpgp/elgamal/elgamal.go - rm $(SOURCE_DIR)/vendor/golang.org/x/crypto/openpgp/packet/ocfb.go - awk '$$2~/^v/ && $$4 != "indirect" {print "Provides: bundled(golang(" $$1 ")) = " substr($$2, 2)}' $(SOURCE_DIR)/go.mod | \ - sed -E 's/=(.*)-(.*)-(.*)/=\1-\2.\3/g' > $@.manifest - - # Node.js - cd $(SOURCE_DIR) && yarn install --frozen-lockfile - # Remove files with licensing issues - find $(SOURCE_DIR) -type d -name 'node-notifier' -prune -exec rm -r {} \; - find $(SOURCE_DIR) -type d -name 'property-information' -prune -exec rm -r {} \; - find $(SOURCE_DIR) -type f -name '*.exe' -delete - rm -r $(SOURCE_DIR)/node_modules/visjs-network/examples - ./list_bundled_nodejs_packages.py $(SOURCE_DIR) >> $@.manifest - - # Create tarball - XZ_OPT=-9 tar \ - --sort=name \ - --mtime="@$(SOURCE_DATE_EPOCH)" --clamp-mtime \ - --owner=0 --group=0 --numeric-owner \ - -cJf $@ \ - $(SOURCE_DIR)/vendor \ - $$(find $(SOURCE_DIR) -type d -name "node_modules" -prune | LC_ALL=C sort) - -$(WEBPACK_TAR): $(VENDOR_TAR) - # Start with a clean state - rm -rf $(SOURCE_DIR) - tar pxf $(SOURCE_TAR) - tar pxf $(VENDOR_TAR) - - # Patches to apply before creating the webpack - for patch in $(PATCHES_PRE_WEBPACK); do echo applying $$patch ...; patch -d $(SOURCE_DIR) -p1 --fuzz=0 < $$patch; done - - # Build frontend - cd $(SOURCE_DIR) && \ - ../build_frontend.sh - - # Create tarball - tar \ - --sort=name \ - --mtime="@$(SOURCE_DATE_EPOCH)" --clamp-mtime \ - --owner=0 --group=0 --numeric-owner \ - -czf $@ \ - $(SOURCE_DIR)/public/build \ - $(SOURCE_DIR)/public/views \ - $(SOURCE_DIR)/plugins-bundled - -clean: - rm -rf *.tar.gz *.tar.xz *.manifest *.rpm $(NAME)-*/ diff --git a/build_frontend.sh b/build_frontend.sh index fa0fb8e88d23203352a607f21e7f83531301ddc7..1117e800acb58d4923ab9cad0f37296100b674cd 100755 --- a/build_frontend.sh +++ b/build_frontend.sh @@ -1,5 +1,8 @@ #!/bin/bash -eu +# Webpack needs more than the default 4GB RAM +export NODE_OPTIONS="${NODE_OPTIONS:-} --max_old_space_size=6144" + # Build the frontend yarn run build diff --git a/create_bundles.sh b/create_bundles.sh new file mode 100755 index 0000000000000000000000000000000000000000..feb99941cd43cb74e7f12f0d093fa76059fd2f4e --- /dev/null +++ b/create_bundles.sh @@ -0,0 +1,104 @@ +#!/bin/bash -eux +VERSION=$(rpm --specfile ./*.spec --qf '%{VERSION}\n' | head -1) +RELEASE=$(rpm --specfile ./*.spec --qf '%{RELEASE}\n' | head -1 | cut -d. -f1) +CHANGELOGTIME=$(rpm --specfile ./*.spec --qf '%{CHANGELOGTIME}\n' | head -1) +SOURCE_DATE_EPOCH=$((CHANGELOGTIME - CHANGELOGTIME % 86400)) + +SOURCE_DIR=grafana-$VERSION +SOURCE_TAR=grafana-$VERSION.tar.gz +VENDOR_TAR=grafana-vendor-$VERSION-$RELEASE.tar.xz +WEBPACK_TAR=grafana-webpack-$VERSION-$RELEASE.tar.gz + + +## Download and extract source tarball +spectool -g grafana.spec +rm -rf "${SOURCE_DIR}" +tar xf "${SOURCE_TAR}" + + +## Create vendor bundle +pushd "${SOURCE_DIR}" + +# Vendor Go dependencies +patch -p1 --fuzz=0 < ../0004-remove-unused-backend-dependencies.patch +go mod vendor + +# Generate Go files +make gen-go + +# Remove unused crypto +rm -r vendor/golang.org/x/crypto/bcrypt +rm -r vendor/golang.org/x/crypto/blowfish +rm -r vendor/golang.org/x/crypto/cast5 +rm -r vendor/golang.org/x/crypto/acme +rm -r vendor/golang.org/x/crypto/argon2 +rm -r vendor/golang.org/x/crypto/blake2b +rm -r vendor/golang.org/x/crypto/chacha20 +rm -r vendor/golang.org/x/crypto/chacha20poly1305 +rm -r vendor/golang.org/x/crypto/cryptobyte +rm -r vendor/golang.org/x/crypto/curve25519 +rm -r vendor/golang.org/x/crypto/ed25519 +rm -r vendor/golang.org/x/crypto/hkdf +rm -r vendor/golang.org/x/crypto/internal +rm -r vendor/golang.org/x/crypto/md4 +rm -r vendor/golang.org/x/crypto/nacl +rm -r vendor/golang.org/x/crypto/openpgp +rm -r vendor/golang.org/x/crypto/pkcs12 +rm -r vendor/golang.org/x/crypto/poly1305 +rm -r vendor/golang.org/x/crypto/salsa20 +rm -r vendor/golang.org/x/crypto/scrypt +rm -r vendor/golang.org/x/crypto/sha3 + +# Remove unused code under apsl licenses +rm -r vendor/modernc.org/libc +rm -r vendor/modernc.org/sqlite + +# List bundled dependencies +awk '$2 ~ /^v/ && $4 != "indirect" {print "Provides: bundled(golang(" $1 ")) = " substr($2, 2)}' go.mod | \ + sed -E 's/=(.*)-(.*)-(.*)/=\1-\2.\3/g' > "../${VENDOR_TAR}.manifest" + +# Vendor Node.js dependencies +patch -p1 --fuzz=0 < ../0005-remove-unused-frontend-crypto.patch +export HUSKY=0 +yarn install --frozen-lockfile + +# Remove files with licensing issues +find .yarn -name 'node-notifier' -prune -exec rm -r {} \; +find .yarn -name 'nodemon' -prune -exec rm -r {} \; + +# List bundled dependencies +../list_bundled_nodejs_packages.py . >> "../${VENDOR_TAR}.manifest" + +popd + +# Create tarball +# shellcheck disable=SC2046 +XZ_OPT=-9 tar \ + --sort=name \ + --mtime="@${SOURCE_DATE_EPOCH}" --clamp-mtime \ + --owner=0 --group=0 --numeric-owner \ + -cJf "${VENDOR_TAR}" \ + "${SOURCE_DIR}/vendor" \ + $(find "${SOURCE_DIR}" -type f -name wire_gen.go | LC_ALL=C sort) \ + "${SOURCE_DIR}/.pnp.cjs" \ + "${SOURCE_DIR}/.yarn/cache" \ + "${SOURCE_DIR}/.yarn/unplugged" + + +## Create webpack +pushd "${SOURCE_DIR}" +../build_frontend.sh +popd + +# Create tarball +tar \ + --sort=name \ + --mtime="@${SOURCE_DATE_EPOCH}" --clamp-mtime \ + --owner=0 --group=0 --numeric-owner \ + -czf "${WEBPACK_TAR}" \ + "${SOURCE_DIR}/plugins-bundled" \ + "${SOURCE_DIR}/public/build" \ + "${SOURCE_DIR}/public/img" \ + "${SOURCE_DIR}/public/lib" \ + "${SOURCE_DIR}/public/locales" \ + "${SOURCE_DIR}/public/views" diff --git a/create_bundles_in_container.sh b/create_bundles_in_container.sh index c3a1ce4c25b95504635b174a512a99e5e1cb1814..216efab3896845dc5fccbf93eb83f306944438ae 100755 --- a/create_bundles_in_container.sh +++ b/create_bundles_in_container.sh @@ -1,18 +1,23 @@ #!/bin/bash -eu # -# create vendor and webpack bundles inside a container for reproducibility +# create vendor and webpack bundles inside a container (for reproducibility) +# using a Go cache: +# ./create_bundles_in_container.sh --security-opt label=disable -v $(pwd)/.gocache:/root/go # cat <,