~tsileo/blobstash

7c71e60ad6a33826b21f17af9b6fceb109205551 — Thomas Sileo 4 years ago 3bd2ac0
deps: update
M go.mod => go.mod +6 -4
@@ 7,7 7,7 @@ require (
	a4.io/go/indieauth v1.0.0
	a4.io/ssse v0.0.0-20181202155639-1949828a8689
	github.com/alecthomas/chroma v0.7.2 // indirect
	github.com/aws/aws-sdk-go v1.30.9
	github.com/aws/aws-sdk-go v1.30.14
	github.com/blevesearch/segment v0.9.0
	github.com/carbocation/interpose v0.0.0-20161206215253-723534742ba3
	github.com/dave/jennifer v1.4.0


@@ 22,6 22,7 @@ require (
	github.com/gorilla/sessions v1.2.0
	github.com/hashicorp/golang-lru v0.5.4
	github.com/inconshreveable/log15 v0.0.0-20200109203555-b30bc20e4fd1
	github.com/klauspost/reedsolomon v1.9.4 // indirect
	github.com/mvdan/xurls v1.1.0 // indirect
	github.com/nfnt/resize v0.0.0-20180221191011-83c6a9932646
	github.com/reiver/go-porterstemmer v1.0.1


@@ 35,9 36,10 @@ require (
	github.com/yuin/goldmark v1.1.30
	github.com/yuin/gopher-lua v0.0.0-20191220021717-ab39c6098bdb
	github.com/zpatrick/rbac v0.0.0-20180829190353-d2c4f050cf28
	golang.org/x/crypto v0.0.0-20200414173820-0848c9571904
	golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e // indirect
	golang.org/x/sys v0.0.0-20200413165638-669c56c373c4 // indirect
	golang.org/x/crypto v0.0.0-20200423211502-4bdfaf469ed5
	golang.org/x/net v0.0.0-20200421231249-e086a090c8fd // indirect
	golang.org/x/sys v0.0.0-20200420163511-1957bb5e6d1f // indirect
	google.golang.org/appengine v1.6.6 // indirect
	gopkg.in/inconshreveable/log15.v2 v2.0.0-20200109203555-b30bc20e4fd1
	gopkg.in/src-d/go-git.v4 v4.13.1
	gopkg.in/yaml.v2 v2.2.8

M go.sum => go.sum +13 -0
@@ 81,6 81,8 @@ github.com/aws/aws-sdk-go v1.29.22 h1:3WmsCj3C30l6/4f50mPkDZoTPWSvaRCjcVJOWdCJoI
github.com/aws/aws-sdk-go v1.29.22/go.mod h1:1KvfttTE3SPKMpo8g2c6jL3ZKfXtFvKscTgahTma5Xg=
github.com/aws/aws-sdk-go v1.30.9 h1:DntpBUKkchINPDbhEzDRin1eEn1TG9TZFlzWPf0i8to=
github.com/aws/aws-sdk-go v1.30.9/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0=
github.com/aws/aws-sdk-go v1.30.14 h1:vZfX2b/fknc9wKcytbLWykM7in5k6dbQ8iHTJDUP1Ng=
github.com/aws/aws-sdk-go v1.30.14/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0=
github.com/blevesearch/segment v0.0.0-20160915185041-762005e7a34f h1:kqbi9lqXLLs+zfWlgo1PIiRQ86n33K1JKotjj4rSYOg=
github.com/blevesearch/segment v0.0.0-20160915185041-762005e7a34f/go.mod h1:IInt5XRvpiGE09KOk9mmCMLjHhydIhNPKPPFLFBB7L8=
github.com/blevesearch/segment v0.9.0 h1:5lG7yBCx98or7gK2cHMKPukPZ/31Kag7nONpoBt22Ac=


@@ 259,6 261,8 @@ github.com/klauspost/reedsolomon v1.8.0 h1:lvvOkvk64cE1EGbBIgFk7WSOOsI1GexpuLiT7
github.com/klauspost/reedsolomon v1.8.0/go.mod h1:CwCi+NUr9pqSVktrkN+Ondf06rkhYZ/pcNv7fu+8Un4=
github.com/klauspost/reedsolomon v1.9.3 h1:N/VzgeMfHmLc+KHMD1UL/tNkfXAt8FnUqlgXGIduwAY=
github.com/klauspost/reedsolomon v1.9.3/go.mod h1:CwCi+NUr9pqSVktrkN+Ondf06rkhYZ/pcNv7fu+8Un4=
github.com/klauspost/reedsolomon v1.9.4 h1:FB9jDBGqUNyhUg4Gszz384ulFqVSc61Pdap+HRPgnSo=
github.com/klauspost/reedsolomon v1.9.4/go.mod h1:CwCi+NUr9pqSVktrkN+Ondf06rkhYZ/pcNv7fu+8Un4=
github.com/konsorten/go-windows-terminal-sequences v1.0.1 h1:mweAR1A6xJ3oS2pRaGiHgQ4OO8tzTaLawm8vnODuwDk=
github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
github.com/konsorten/go-windows-terminal-sequences v1.0.2 h1:DB17ag19krx9CFsz4o3enTrPXyIXCl+2iCXH/aMAp9s=


@@ 377,6 381,7 @@ github.com/stretchr/testify v1.5.1 h1:nOGnQDM7FYENwehXlg/kFVnos3rEvtKTjRvOWSzb6H
github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
github.com/syndtr/goleveldb v0.0.0-20181128100959-b001fa50d6b2 h1:GnOzE5fEFN3b2zDhJJABEofdb51uMRNb8eqIVtdducs=
github.com/syndtr/goleveldb v0.0.0-20181128100959-b001fa50d6b2/go.mod h1:Z4AUp2Km+PwemOoO/VB5AOx9XSsIItzFjoJlOSiYmn0=
github.com/syndtr/goleveldb v1.0.0/go.mod h1:ZVVdQEZoIme9iO1Ch2Jdy24qqXrMMOU6lpPAyBWyWuQ=
github.com/syndtr/goleveldb v1.0.1-0.20190923125748-758128399b1d h1:gZZadD8H+fF+n9CmNhYL1Y0dJB+kLOmKd7FbPJLeGHs=
github.com/syndtr/goleveldb v1.0.1-0.20190923125748-758128399b1d/go.mod h1:9OrXJhf154huy1nPWmuSrkgjPUtUNhA+Zmy+6AESzuA=
github.com/toqueteos/trie v0.0.0-20150530104557-56fed4a05683 h1:ej8ns+4aeQO+mm9VIzwnJElkqR0Vs6kTfIcvgyJFoMY=


@@ 459,6 464,8 @@ golang.org/x/crypto v0.0.0-20200311171314-f7b00557c8c4 h1:QmwruyY+bKbDDL0BaglrbZ
golang.org/x/crypto v0.0.0-20200311171314-f7b00557c8c4/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20200414173820-0848c9571904 h1:bXoxMPcSLOq08zI3/c5dEBT6lE4eh+jOh886GHrn6V8=
golang.org/x/crypto v0.0.0-20200414173820-0848c9571904/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20200423211502-4bdfaf469ed5 h1:Q7tZBpemrlsc2I7IyODzhtallWRSm4Q0d09pL6XbQtU=
golang.org/x/crypto v0.0.0-20200423211502-4bdfaf469ed5/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20181213202711-891ebc4b82d6 h1:gT0Y6H7hbVPUtvtk0YGxMXPgN+p8fYlqWkgJeUCZcaQ=


@@ 485,6 492,8 @@ golang.org/x/net v0.0.0-20200301022130-244492dfa37a h1:GuSPYbZzB5/dcLNCwLQLsg3ob
golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e h1:3G+cUijn7XD+S4eJFddp53Pv7+slrESplyjG25HgL+k=
golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
golang.org/x/net v0.0.0-20200421231249-e086a090c8fd h1:QPwSajcTUrFriMF1nJ3XzgoqakqQEsnZf9LdXdi2nkI=
golang.org/x/net v0.0.0-20200421231249-e086a090c8fd/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20181108010431-42b317875d0f h1:Bl/8QSvNqXvPGPGXa2z5xUTmV7VDcZyvRZ+QQXkXTZQ=
golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=


@@ 528,6 537,8 @@ golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7w
golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200413165638-669c56c373c4 h1:opSr2sbRXk5X5/givKrrKj9HXxFpW2sdCiP8MJSKLQY=
golang.org/x/sys v0.0.0-20200413165638-669c56c373c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200420163511-1957bb5e6d1f h1:gWF768j/LaZugp8dyS4UwsslYCYz9XgFxvlgsn0n9H8=
golang.org/x/sys v0.0.0-20200420163511-1957bb5e6d1f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs=


@@ 540,6 551,8 @@ google.golang.org/appengine v1.3.0 h1:FBSsiFRMz3LBeXIomRnVzrQwSDj4ibvcRexLG0LZGQ
google.golang.org/appengine v1.3.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
google.golang.org/appengine v1.6.5 h1:tycE03LOZYQNhDpS27tcQdAzLCVMaj7QT2SXxebnpCM=
google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
google.golang.org/appengine v1.6.6 h1:lMO5rYAqUxkmaj76jAkRUvt5JZgFymx/+Q5Mzfivuhc=
google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=

M vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/assume_role_provider.go => vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/assume_role_provider.go +24 -0
@@ 169,6 169,29 @@ type AssumeRoleProvider struct {
	// size.
	Policy *string

	// The ARNs of IAM managed policies you want to use as managed session policies.
	// The policies must exist in the same account as the role.
	//
	// This parameter is optional. You can provide up to 10 managed policy ARNs.
	// However, the plain text that you use for both inline and managed session
	// policies can't exceed 2,048 characters.
	//
	// An AWS conversion compresses the passed session policies and session tags
	// into a packed binary format that has a separate limit. Your request can fail
	// for this limit even if your plain text meets the other requirements. The
	// PackedPolicySize response element indicates by percentage how close the policies
	// and tags for your request are to the upper size limit.
	//
	// Passing policies to this operation returns new temporary credentials. The
	// resulting session's permissions are the intersection of the role's identity-based
	// policy and the session policies. You can use the role's temporary credentials
	// in subsequent AWS API calls to access resources in the account that owns
	// the role. You cannot use session policies to grant more permissions than
	// those allowed by the identity-based policy of the role that is being assumed.
	// For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
	// in the IAM User Guide.
	PolicyArns []*sts.PolicyDescriptorType

	// The identification number of the MFA device that is associated with the user
	// who is making the AssumeRole call. Specify this value if the trust policy
	// of the role being assumed includes a condition that requires MFA authentication.


@@ 291,6 314,7 @@ func (p *AssumeRoleProvider) RetrieveWithContext(ctx credentials.Context) (crede
		RoleSessionName:   aws.String(p.RoleSessionName),
		ExternalId:        p.ExternalID,
		Tags:              p.Tags,
		PolicyArns:        p.PolicyArns,
		TransitiveTagKeys: p.TransitiveTagKeys,
	}
	if p.Policy != nil {

M vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/web_identity_provider.go => vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/web_identity_provider.go +30 -5
@@ 28,15 28,34 @@ const (
// compare test values.
var now = time.Now

// TokenFetcher shuold return WebIdentity token bytes or an error
type TokenFetcher interface {
	FetchToken(credentials.Context) ([]byte, error)
}

// FetchTokenPath is a path to a WebIdentity token file
type FetchTokenPath string

// FetchToken returns a token by reading from the filesystem
func (f FetchTokenPath) FetchToken(ctx credentials.Context) ([]byte, error) {
	data, err := ioutil.ReadFile(string(f))
	if err != nil {
		errMsg := fmt.Sprintf("unable to read file at %s", f)
		return nil, awserr.New(ErrCodeWebIdentity, errMsg, err)
	}
	return data, nil
}

// WebIdentityRoleProvider is used to retrieve credentials using
// an OIDC token.
type WebIdentityRoleProvider struct {
	credentials.Expiry
	PolicyArns []*sts.PolicyDescriptorType

	client       stsiface.STSAPI
	ExpiryWindow time.Duration

	tokenFilePath   string
	tokenFetcher    TokenFetcher
	roleARN         string
	roleSessionName string
}


@@ 52,9 71,15 @@ func NewWebIdentityCredentials(c client.ConfigProvider, roleARN, roleSessionName
// NewWebIdentityRoleProvider will return a new WebIdentityRoleProvider with the
// provided stsiface.STSAPI
func NewWebIdentityRoleProvider(svc stsiface.STSAPI, roleARN, roleSessionName, path string) *WebIdentityRoleProvider {
	return NewWebIdentityRoleProviderWithToken(svc, roleARN, roleSessionName, FetchTokenPath(path))
}

// NewWebIdentityRoleProviderWithToken will return a new WebIdentityRoleProvider with the
// provided stsiface.STSAPI and a TokenFetcher
func NewWebIdentityRoleProviderWithToken(svc stsiface.STSAPI, roleARN, roleSessionName string, tokenFetcher TokenFetcher) *WebIdentityRoleProvider {
	return &WebIdentityRoleProvider{
		client:          svc,
		tokenFilePath:   path,
		tokenFetcher:    tokenFetcher,
		roleARN:         roleARN,
		roleSessionName: roleSessionName,
	}


@@ 71,10 96,9 @@ func (p *WebIdentityRoleProvider) Retrieve() (credentials.Value, error) {
// 'WebIdentityTokenFilePath' specified destination and if that is empty an
// error will be returned.
func (p *WebIdentityRoleProvider) RetrieveWithContext(ctx credentials.Context) (credentials.Value, error) {
	b, err := ioutil.ReadFile(p.tokenFilePath)
	b, err := p.tokenFetcher.FetchToken(ctx)
	if err != nil {
		errMsg := fmt.Sprintf("unable to read file at %s", p.tokenFilePath)
		return credentials.Value{}, awserr.New(ErrCodeWebIdentity, errMsg, err)
		return credentials.Value{}, awserr.New(ErrCodeWebIdentity, "failed fetching WebIdentity token: ", err)
	}

	sessionName := p.roleSessionName


@@ 84,6 108,7 @@ func (p *WebIdentityRoleProvider) RetrieveWithContext(ctx credentials.Context) (
		sessionName = strconv.FormatInt(now().UnixNano(), 10)
	}
	req, resp := p.client.AssumeRoleWithWebIdentityRequest(&sts.AssumeRoleWithWebIdentityInput{
		PolicyArns:       p.PolicyArns,
		RoleArn:          &p.roleARN,
		RoleSessionName:  &sessionName,
		WebIdentityToken: aws.String(string(b)),

M vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go => vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go +147 -32
@@ 17,6 17,7 @@ const (

// AWS Standard partition's regions.
const (
	AfSouth1RegionID     = "af-south-1"     // Africa (Cape Town).
	ApEast1RegionID      = "ap-east-1"      // Asia Pacific (Hong Kong).
	ApNortheast1RegionID = "ap-northeast-1" // Asia Pacific (Tokyo).
	ApNortheast2RegionID = "ap-northeast-2" // Asia Pacific (Seoul).


@@ 97,7 98,7 @@ var awsPartition = partition{
	DNSSuffix: "amazonaws.com",
	RegionRegex: regionRegex{
		Regexp: func() *regexp.Regexp {
			reg, _ := regexp.Compile("^(us|eu|ap|sa|ca|me)\\-\\w+\\-\\d+$")
			reg, _ := regexp.Compile("^(us|eu|ap|sa|ca|me|af)\\-\\w+\\-\\d+$")
			return reg
		}(),
	},


@@ 107,6 108,9 @@ var awsPartition = partition{
		SignatureVersions: []string{"v4"},
	},
	Regions: regions{
		"af-south-1": region{
			Description: "Africa (Cape Town)",
		},
		"ap-east-1": region{
			Description: "Asia Pacific (Hong Kong)",
		},


@@ 172,6 176,7 @@ var awsPartition = partition{
		"access-analyzer": service{

			Endpoints: endpoints{
				"af-south-1":     endpoint{},
				"ap-east-1":      endpoint{},
				"ap-northeast-1": endpoint{},
				"ap-northeast-2": endpoint{},


@@ 195,6 200,7 @@ var awsPartition = partition{
		"acm": service{

			Endpoints: endpoints{
				"af-south-1":     endpoint{},
				"ap-east-1":      endpoint{},
				"ap-northeast-1": endpoint{},
				"ap-northeast-2": endpoint{},


@@ 303,6 309,12 @@ var awsPartition = partition{
		"api.ecr": service{

			Endpoints: endpoints{
				"af-south-1": endpoint{
					Hostname: "api.ecr.af-south-1.amazonaws.com",
					CredentialScope: credentialScope{
						Region: "af-south-1",
					},
				},
				"ap-east-1": endpoint{
					Hostname: "api.ecr.ap-east-1.amazonaws.com",
					CredentialScope: credentialScope{


@@ 437,6 449,29 @@ var awsPartition = partition{
				},
			},
		},
		"api.elastic-inference": service{

			Endpoints: endpoints{
				"ap-northeast-1": endpoint{
					Hostname: "api.elastic-inference.ap-northeast-1.amazonaws.com",
				},
				"ap-northeast-2": endpoint{
					Hostname: "api.elastic-inference.ap-northeast-2.amazonaws.com",
				},
				"eu-west-1": endpoint{
					Hostname: "api.elastic-inference.eu-west-1.amazonaws.com",
				},
				"us-east-1": endpoint{
					Hostname: "api.elastic-inference.us-east-1.amazonaws.com",
				},
				"us-east-2": endpoint{
					Hostname: "api.elastic-inference.us-east-2.amazonaws.com",
				},
				"us-west-2": endpoint{
					Hostname: "api.elastic-inference.us-west-2.amazonaws.com",
				},
			},
		},
		"api.mediatailor": service{

			Endpoints: endpoints{


@@ 510,6 545,7 @@ var awsPartition = partition{
		"apigateway": service{

			Endpoints: endpoints{
				"af-south-1":     endpoint{},
				"ap-east-1":      endpoint{},
				"ap-northeast-1": endpoint{},
				"ap-northeast-2": endpoint{},


@@ 535,6 571,7 @@ var awsPartition = partition{
				Protocols: []string{"http", "https"},
			},
			Endpoints: endpoints{
				"af-south-1":     endpoint{},
				"ap-east-1":      endpoint{},
				"ap-northeast-1": endpoint{},
				"ap-northeast-2": endpoint{},


@@ 646,6 683,7 @@ var awsPartition = partition{
				Protocols: []string{"http", "https"},
			},
			Endpoints: endpoints{
				"af-south-1":     endpoint{},
				"ap-east-1":      endpoint{},
				"ap-northeast-1": endpoint{},
				"ap-northeast-2": endpoint{},


@@ 834,6 872,7 @@ var awsPartition = partition{
		"cloudformation": service{

			Endpoints: endpoints{
				"af-south-1":     endpoint{},
				"ap-east-1":      endpoint{},
				"ap-northeast-1": endpoint{},
				"ap-northeast-2": endpoint{},


@@ 952,6 991,7 @@ var awsPartition = partition{
		"cloudtrail": service{

			Endpoints: endpoints{
				"af-south-1":     endpoint{},
				"ap-east-1":      endpoint{},
				"ap-northeast-1": endpoint{},
				"ap-northeast-2": endpoint{},


@@ 1075,6 1115,7 @@ var awsPartition = partition{
		"codedeploy": service{

			Endpoints: endpoints{
				"af-south-1":     endpoint{},
				"ap-east-1":      endpoint{},
				"ap-northeast-1": endpoint{},
				"ap-northeast-2": endpoint{},


@@ 1505,6 1546,7 @@ var awsPartition = partition{
		"directconnect": service{

			Endpoints: endpoints{
				"af-south-1":     endpoint{},
				"ap-east-1":      endpoint{},
				"ap-northeast-1": endpoint{},
				"ap-northeast-2": endpoint{},


@@ 1560,6 1602,7 @@ var awsPartition = partition{
		"dms": service{

			Endpoints: endpoints{
				"af-south-1":     endpoint{},
				"ap-east-1":      endpoint{},
				"ap-northeast-1": endpoint{},
				"ap-northeast-2": endpoint{},


@@ 1684,12 1727,42 @@ var awsPartition = partition{
				"eu-west-1":      endpoint{},
				"eu-west-2":      endpoint{},
				"eu-west-3":      endpoint{},
				"me-south-1":     endpoint{},
				"sa-east-1":      endpoint{},
				"us-east-1":      endpoint{},
				"us-east-2":      endpoint{},
				"us-west-1":      endpoint{},
				"us-west-2":      endpoint{},
				"fips-ca-central-1": endpoint{
					Hostname: "ds-fips.ca-central-1.amazonaws.com",
					CredentialScope: credentialScope{
						Region: "ca-central-1",
					},
				},
				"fips-us-east-1": endpoint{
					Hostname: "ds-fips.us-east-1.amazonaws.com",
					CredentialScope: credentialScope{
						Region: "us-east-1",
					},
				},
				"fips-us-east-2": endpoint{
					Hostname: "ds-fips.us-east-2.amazonaws.com",
					CredentialScope: credentialScope{
						Region: "us-east-2",
					},
				},
				"fips-us-west-1": endpoint{
					Hostname: "ds-fips.us-west-1.amazonaws.com",
					CredentialScope: credentialScope{
						Region: "us-west-1",
					},
				},
				"fips-us-west-2": endpoint{
					Hostname: "ds-fips.us-west-2.amazonaws.com",
					CredentialScope: credentialScope{
						Region: "us-west-2",
					},
				},
				"me-south-1": endpoint{},
				"sa-east-1":  endpoint{},
				"us-east-1":  endpoint{},
				"us-east-2":  endpoint{},
				"us-west-1":  endpoint{},
				"us-west-2":  endpoint{},
			},
		},
		"dynamodb": service{


@@ 1697,6 1770,7 @@ var awsPartition = partition{
				Protocols: []string{"http", "https"},
			},
			Endpoints: endpoints{
				"af-south-1":     endpoint{},
				"ap-east-1":      endpoint{},
				"ap-northeast-1": endpoint{},
				"ap-northeast-2": endpoint{},


@@ 1759,6 1833,7 @@ var awsPartition = partition{
				Protocols: []string{"http", "https"},
			},
			Endpoints: endpoints{
				"af-south-1":     endpoint{},
				"ap-east-1":      endpoint{},
				"ap-northeast-1": endpoint{},
				"ap-northeast-2": endpoint{},


@@ 1823,6 1898,7 @@ var awsPartition = partition{
		"ecs": service{

			Endpoints: endpoints{
				"af-south-1":     endpoint{},
				"ap-east-1":      endpoint{},
				"ap-northeast-1": endpoint{},
				"ap-northeast-2": endpoint{},


@@ 1853,7 1929,7 @@ var awsPartition = partition{
						Region: "us-west-1",
					},
				},
				"madison-fips-us-west-2": endpoint{
				"fips-us-west-2": endpoint{
					Hostname: "ecs-fips.us-west-2.amazonaws.com",
					CredentialScope: credentialScope{
						Region: "us-west-2",


@@ 1867,32 1943,10 @@ var awsPartition = partition{
				"us-west-2":  endpoint{},
			},
		},
		"elastic-inference": service{

			Endpoints: endpoints{
				"ap-northeast-1": endpoint{
					Hostname: "api.elastic-inference.ap-northeast-1.amazonaws.com",
				},
				"ap-northeast-2": endpoint{
					Hostname: "api.elastic-inference.ap-northeast-2.amazonaws.com",
				},
				"eu-west-1": endpoint{
					Hostname: "api.elastic-inference.eu-west-1.amazonaws.com",
				},
				"us-east-1": endpoint{
					Hostname: "api.elastic-inference.us-east-1.amazonaws.com",
				},
				"us-east-2": endpoint{
					Hostname: "api.elastic-inference.us-east-2.amazonaws.com",
				},
				"us-west-2": endpoint{
					Hostname: "api.elastic-inference.us-west-2.amazonaws.com",
				},
			},
		},
		"elasticache": service{

			Endpoints: endpoints{
				"af-south-1":     endpoint{},
				"ap-east-1":      endpoint{},
				"ap-northeast-1": endpoint{},
				"ap-northeast-2": endpoint{},


@@ 1922,6 1976,7 @@ var awsPartition = partition{
		"elasticbeanstalk": service{

			Endpoints: endpoints{
				"af-south-1":     endpoint{},
				"ap-east-1":      endpoint{},
				"ap-northeast-1": endpoint{},
				"ap-northeast-2": endpoint{},


@@ 2102,6 2157,7 @@ var awsPartition = partition{
				Protocols: []string{"https"},
			},
			Endpoints: endpoints{
				"af-south-1":     endpoint{},
				"ap-east-1":      endpoint{},
				"ap-northeast-1": endpoint{},
				"ap-northeast-2": endpoint{},


@@ 2152,6 2208,7 @@ var awsPartition = partition{
				Protocols:     []string{"https"},
			},
			Endpoints: endpoints{
				"af-south-1":     endpoint{},
				"ap-east-1":      endpoint{},
				"ap-northeast-1": endpoint{},
				"ap-northeast-2": endpoint{},


@@ 2243,6 2300,7 @@ var awsPartition = partition{
		"es": service{

			Endpoints: endpoints{
				"af-south-1":     endpoint{},
				"ap-east-1":      endpoint{},
				"ap-northeast-1": endpoint{},
				"ap-northeast-2": endpoint{},


@@ 2272,6 2330,7 @@ var awsPartition = partition{
		"events": service{

			Endpoints: endpoints{
				"af-south-1":     endpoint{},
				"ap-east-1":      endpoint{},
				"ap-northeast-1": endpoint{},
				"ap-northeast-2": endpoint{},


@@ 2511,6 2570,7 @@ var awsPartition = partition{
			Endpoints: endpoints{
				"ap-east-1":      endpoint{},
				"ap-northeast-1": endpoint{},
				"ap-northeast-2": endpoint{},
				"ap-southeast-1": endpoint{},
				"ap-southeast-2": endpoint{},
				"eu-central-1":   endpoint{},


@@ 2547,6 2607,7 @@ var awsPartition = partition{
				Protocols: []string{"http", "https"},
			},
			Endpoints: endpoints{
				"af-south-1":     endpoint{},
				"ap-east-1":      endpoint{},
				"ap-northeast-1": endpoint{},
				"ap-northeast-2": endpoint{},


@@ 2668,6 2729,7 @@ var awsPartition = partition{
			Endpoints: endpoints{
				"ap-southeast-2": endpoint{},
				"eu-north-1":     endpoint{},
				"eu-west-1":      endpoint{},
				"me-south-1":     endpoint{},
				"us-east-2":      endpoint{},
				"us-west-2":      endpoint{},


@@ 2986,6 3048,7 @@ var awsPartition = partition{
		"kinesis": service{

			Endpoints: endpoints{
				"af-south-1":     endpoint{},
				"ap-east-1":      endpoint{},
				"ap-northeast-1": endpoint{},
				"ap-northeast-2": endpoint{},


@@ 3075,6 3138,7 @@ var awsPartition = partition{
		"kms": service{

			Endpoints: endpoints{
				"af-south-1":     endpoint{},
				"ap-east-1":      endpoint{},
				"ap-northeast-1": endpoint{},
				"ap-northeast-2": endpoint{},


@@ 3116,6 3180,7 @@ var awsPartition = partition{
		"lambda": service{

			Endpoints: endpoints{
				"af-south-1":     endpoint{},
				"ap-east-1":      endpoint{},
				"ap-northeast-1": endpoint{},
				"ap-northeast-2": endpoint{},


@@ 3228,6 3293,7 @@ var awsPartition = partition{
		"logs": service{

			Endpoints: endpoints{
				"af-south-1":     endpoint{},
				"ap-east-1":      endpoint{},
				"ap-northeast-1": endpoint{},
				"ap-northeast-2": endpoint{},


@@ 3340,6 3406,7 @@ var awsPartition = partition{
				"ap-southeast-1": endpoint{},
				"ap-southeast-2": endpoint{},
				"eu-central-1":   endpoint{},
				"eu-north-1":     endpoint{},
				"eu-west-1":      endpoint{},
				"eu-west-2":      endpoint{},
				"eu-west-3":      endpoint{},


@@ 3370,6 3437,7 @@ var awsPartition = partition{
				},
			},
			Endpoints: endpoints{
				"af-south-1":     endpoint{},
				"ap-east-1":      endpoint{},
				"ap-northeast-1": endpoint{},
				"ap-northeast-2": endpoint{},


@@ 3411,8 3479,11 @@ var awsPartition = partition{
				},
			},
			Endpoints: endpoints{
				"ap-southeast-1": endpoint{},
				"ap-southeast-2": endpoint{},
				"eu-central-1":   endpoint{},
				"eu-west-1":      endpoint{},
				"eu-west-2":      endpoint{},
				"us-east-1":      endpoint{},
				"us-west-2":      endpoint{},
			},


@@ 3422,6 3493,7 @@ var awsPartition = partition{
				Protocols: []string{"http", "https"},
			},
			Endpoints: endpoints{
				"af-south-1":     endpoint{},
				"ap-east-1":      endpoint{},
				"ap-northeast-1": endpoint{},
				"ap-northeast-2": endpoint{},


@@ 3946,6 4018,7 @@ var awsPartition = partition{
		"rds": service{

			Endpoints: endpoints{
				"af-south-1":     endpoint{},
				"ap-east-1":      endpoint{},
				"ap-northeast-1": endpoint{},
				"ap-northeast-2": endpoint{},


@@ 3971,6 4044,7 @@ var awsPartition = partition{
		"redshift": service{

			Endpoints: endpoints{
				"af-south-1":     endpoint{},
				"ap-east-1":      endpoint{},
				"ap-northeast-1": endpoint{},
				"ap-northeast-2": endpoint{},


@@ 4041,6 4115,7 @@ var awsPartition = partition{
		"resource-groups": service{

			Endpoints: endpoints{
				"af-south-1":     endpoint{},
				"ap-east-1":      endpoint{},
				"ap-northeast-1": endpoint{},
				"ap-northeast-2": endpoint{},


@@ 4148,8 4223,11 @@ var awsPartition = partition{
				},
			},
			Endpoints: endpoints{
				"ap-southeast-1": endpoint{},
				"ap-southeast-2": endpoint{},
				"eu-central-1":   endpoint{},
				"eu-west-1":      endpoint{},
				"eu-west-2":      endpoint{},
				"us-east-1":      endpoint{},
				"us-west-2":      endpoint{},
			},


@@ 4212,7 4290,8 @@ var awsPartition = partition{
				DualStackHostname: "{service}.dualstack.{region}.{dnsSuffix}",
			},
			Endpoints: endpoints{
				"ap-east-1": endpoint{},
				"af-south-1": endpoint{},
				"ap-east-1":  endpoint{},
				"ap-northeast-1": endpoint{
					Hostname:          "s3.ap-northeast-1.amazonaws.com",
					SignatureVersions: []string{"s3", "s3v4"},


@@ 4701,6 4780,7 @@ var awsPartition = partition{
		"sms": service{

			Endpoints: endpoints{
				"af-south-1":     endpoint{},
				"ap-east-1":      endpoint{},
				"ap-northeast-1": endpoint{},
				"ap-northeast-2": endpoint{},


@@ 4860,6 4940,7 @@ var awsPartition = partition{
				Protocols: []string{"http", "https"},
			},
			Endpoints: endpoints{
				"af-south-1":     endpoint{},
				"ap-east-1":      endpoint{},
				"ap-northeast-1": endpoint{},
				"ap-northeast-2": endpoint{},


@@ 4910,6 4991,7 @@ var awsPartition = partition{
				Protocols:     []string{"http", "https"},
			},
			Endpoints: endpoints{
				"af-south-1":     endpoint{},
				"ap-east-1":      endpoint{},
				"ap-northeast-1": endpoint{},
				"ap-northeast-2": endpoint{},


@@ 4959,6 5041,7 @@ var awsPartition = partition{
		"ssm": service{

			Endpoints: endpoints{
				"af-south-1":     endpoint{},
				"ap-east-1":      endpoint{},
				"ap-northeast-1": endpoint{},
				"ap-northeast-2": endpoint{},


@@ 5030,6 5113,7 @@ var awsPartition = partition{
		"states": service{

			Endpoints: endpoints{
				"af-south-1":     endpoint{},
				"ap-east-1":      endpoint{},
				"ap-northeast-1": endpoint{},
				"ap-northeast-2": endpoint{},


@@ 5165,6 5249,7 @@ var awsPartition = partition{
			PartitionEndpoint: "aws-global",

			Endpoints: endpoints{
				"af-south-1":     endpoint{},
				"ap-east-1":      endpoint{},
				"ap-northeast-1": endpoint{},
				"ap-northeast-2": endpoint{},


@@ 5230,6 5315,7 @@ var awsPartition = partition{
		"swf": service{

			Endpoints: endpoints{
				"af-south-1":     endpoint{},
				"ap-east-1":      endpoint{},
				"ap-northeast-1": endpoint{},
				"ap-northeast-2": endpoint{},


@@ 5277,6 5363,7 @@ var awsPartition = partition{
		"tagging": service{

			Endpoints: endpoints{
				"af-south-1":     endpoint{},
				"ap-east-1":      endpoint{},
				"ap-northeast-1": endpoint{},
				"ap-northeast-2": endpoint{},


@@ 5710,6 5797,7 @@ var awsPartition = partition{
		"xray": service{

			Endpoints: endpoints{
				"af-south-1":     endpoint{},
				"ap-east-1":      endpoint{},
				"ap-northeast-1": endpoint{},
				"ap-northeast-2": endpoint{},


@@ 6754,6 6842,18 @@ var awsusgovPartition = partition{
		"ds": service{

			Endpoints: endpoints{
				"fips-us-gov-east-1": endpoint{
					Hostname: "ds-fips.us-gov-east-1.amazonaws.com",
					CredentialScope: credentialScope{
						Region: "us-gov-east-1",
					},
				},
				"fips-us-gov-west-1": endpoint{
					Hostname: "ds-fips.us-gov-west-1.amazonaws.com",
					CredentialScope: credentialScope{
						Region: "us-gov-west-1",
					},
				},
				"us-gov-east-1": endpoint{},
				"us-gov-west-1": endpoint{},
			},


@@ 7347,6 7447,13 @@ var awsusgovPartition = partition{
				},
			},
		},
		"securityhub": service{

			Endpoints: endpoints{
				"us-gov-east-1": endpoint{},
				"us-gov-west-1": endpoint{},
			},
		},
		"serverlessrepo": service{
			Defaults: endpoint{
				Protocols: []string{"https"},


@@ 7686,6 7793,14 @@ var awsisoPartition = partition{
				"us-iso-east-1": endpoint{},
			},
		},
		"comprehend": service{
			Defaults: endpoint{
				Protocols: []string{"https"},
			},
			Endpoints: endpoints{
				"us-iso-east-1": endpoint{},
			},
		},
		"config": service{

			Endpoints: endpoints{

M vendor/github.com/aws/aws-sdk-go/aws/version.go => vendor/github.com/aws/aws-sdk-go/aws/version.go +1 -1
@@ 5,4 5,4 @@ package aws
const SDKName = "aws-sdk-go"

// SDKVersion is the version of this SDK
const SDKVersion = "1.30.9"
const SDKVersion = "1.30.14"

M vendor/github.com/klauspost/reedsolomon/galois.go => vendor/github.com/klauspost/reedsolomon/galois.go +0 -3
@@ 852,9 852,6 @@ func galMultiply(a, b byte) byte {
	return mulTable[a][b]
}

// amd64 indicates whether we are on an amd64 platform.
var amd64 bool

// Original function:
/*
// galMultiply multiplies to elements of the field.

M vendor/github.com/klauspost/reedsolomon/galoisAvx512_amd64.go => vendor/github.com/klauspost/reedsolomon/galoisAvx512_amd64.go +0 -4
@@ 13,10 13,6 @@ func _galMulAVX512Parallel82(in, out [][]byte, matrix *[matrixSize82]byte, addTo
//go:noescape
func _galMulAVX512Parallel84(in, out [][]byte, matrix *[matrixSize84]byte, addTo bool)

func init() {
	amd64 = true
}

const (
	dimIn        = 8                            // Number of input rows processed simultaneously
	dimOut82     = 2                            // Number of output rows processed simultaneously for x2 routine

M vendor/github.com/klauspost/reedsolomon/galois_noasm.go => vendor/github.com/klauspost/reedsolomon/galois_noasm.go +4 -0
@@ 29,6 29,10 @@ func sliceXor(in, out []byte, sse2 bool) {
	}
}

func init() {
	defaultOptions.useAVX512 = false
}

func (r reedSolomon) codeSomeShardsAvx512(matrixRows, inputs, outputs [][]byte, outputCount, byteCount int) {
	panic("unreachable")
}

M vendor/github.com/klauspost/reedsolomon/options.go => vendor/github.com/klauspost/reedsolomon/options.go +9 -7
@@ 20,18 20,19 @@ type options struct {

var defaultOptions = options{
	maxGoroutines: 384,
	minSplitSize:  1024,
	minSplitSize:  -1,

	// Detect CPU capabilities.
	useSSSE3:  cpuid.CPU.SSSE3(),
	useSSE2:   cpuid.CPU.SSE2(),
	useAVX2:   cpuid.CPU.AVX2(),
	useAVX512: cpuid.CPU.AVX512F() && cpuid.CPU.AVX512BW(),
}

func init() {
	if runtime.GOMAXPROCS(0) <= 1 {
		defaultOptions.maxGoroutines = 1
	}
	// Detect CPU capabilities.
	defaultOptions.useSSSE3 = cpuid.CPU.SSSE3()
	defaultOptions.useSSE2 = cpuid.CPU.SSE2()
	defaultOptions.useAVX2 = cpuid.CPU.AVX2()
	defaultOptions.useAVX512 = cpuid.CPU.AVX512F() && cpuid.CPU.AVX512BW() && amd64
}

// WithMaxGoroutines is the maximum number of goroutines number for encoding & decoding.


@@ 61,6 62,7 @@ func WithAutoGoroutines(shardSize int) Option {
}

// WithMinSplitSize is the minimum encoding size in bytes per goroutine.
// By default this parameter is determined by CPU cache characteristics.
// See WithMaxGoroutines on how jobs are split.
// If n <= 0, it is ignored.
func WithMinSplitSize(n int) Option {


@@ 71,7 73,7 @@ func WithMinSplitSize(n int) Option {
	}
}

func withSSE3(enabled bool) Option {
func withSSSE3(enabled bool) Option {
	return func(o *options) {
		o.useSSSE3 = enabled
	}

M vendor/github.com/klauspost/reedsolomon/reedsolomon.go => vendor/github.com/klauspost/reedsolomon/reedsolomon.go +13 -0
@@ 270,6 270,19 @@ func New(dataShards, parityShards int, opts ...Option) (Encoder, error) {
		r.o.maxGoroutines = g
	}

	if r.o.minSplitSize <= 0 {
		// Set minsplit as high as we can, but still have parity in L1.
		cacheSize := cpuid.CPU.Cache.L1D
		if cacheSize <= 0 {
			cacheSize = 32 << 10
		}
		r.o.minSplitSize = cacheSize / (parityShards + 1)
		// Min 1K
		if r.o.minSplitSize < 1024 {
			r.o.minSplitSize = 1024
		}
	}

	// Inverted matrices are cached in a tree keyed by the indices
	// of the invalid rows of the data to reconstruct.
	// The inversion root node will have the identity matrix as

M vendor/golang.org/x/crypto/chacha20/chacha_generic.go => vendor/golang.org/x/crypto/chacha20/chacha_generic.go +63 -56
@@ 42,10 42,14 @@ type Cipher struct {

	// The last len bytes of buf are leftover key stream bytes from the previous
	// XORKeyStream invocation. The size of buf depends on how many blocks are
	// computed at a time.
	// computed at a time by xorKeyStreamBlocks.
	buf [bufSize]byte
	len int

	// overflow is set when the counter overflowed, no more blocks can be
	// generated, and the next XORKeyStream call should panic.
	overflow bool

	// The counter-independent results of the first round are cached after they
	// are computed the first time.
	precompDone      bool


@@ 89,6 93,7 @@ func newUnauthenticatedCipher(c *Cipher, key, nonce []byte) (*Cipher, error) {
		return nil, errors.New("chacha20: wrong nonce size")
	}

	key, nonce = key[:KeySize], nonce[:NonceSize] // bounds check elimination hint
	c.key = [8]uint32{
		binary.LittleEndian.Uint32(key[0:4]),
		binary.LittleEndian.Uint32(key[4:8]),


@@ 139,15 144,18 @@ func quarterRound(a, b, c, d uint32) (uint32, uint32, uint32, uint32) {
// SetCounter sets the Cipher counter. The next invocation of XORKeyStream will
// behave as if (64 * counter) bytes had been encrypted so far.
//
// To prevent accidental counter reuse, SetCounter panics if counter is
// less than the current value.
// To prevent accidental counter reuse, SetCounter panics if counter is less
// than the current value.
//
// Note that the execution time of XORKeyStream is not independent of the
// counter value.
func (s *Cipher) SetCounter(counter uint32) {
	// Internally, s may buffer multiple blocks, which complicates this
	// implementation slightly. When checking whether the counter has rolled
	// back, we must use both s.counter and s.len to determine how many blocks
	// we have already output.
	outputCounter := s.counter - uint32(s.len)/blockSize
	if counter < outputCounter {
	if s.overflow || counter < outputCounter {
		panic("chacha20: SetCounter attempted to rollback counter")
	}



@@ 196,34 204,52 @@ func (s *Cipher) XORKeyStream(dst, src []byte) {
			dst[i] = src[i] ^ b
		}
		s.len -= len(keyStream)
		src = src[len(keyStream):]
		dst = dst[len(keyStream):]
		dst, src = dst[len(keyStream):], src[len(keyStream):]
	}
	if len(src) == 0 {
		return
	}

	const blocksPerBuf = bufSize / blockSize
	numBufs := (uint64(len(src)) + bufSize - 1) / bufSize
	if uint64(s.counter)+numBufs*blocksPerBuf >= 1<<32 {
	// If we'd need to let the counter overflow and keep generating output,
	// panic immediately. If instead we'd only reach the last block, remember
	// not to generate any more output after the buffer is drained.
	numBlocks := (uint64(len(src)) + blockSize - 1) / blockSize
	if s.overflow || uint64(s.counter)+numBlocks > 1<<32 {
		panic("chacha20: counter overflow")
	} else if uint64(s.counter)+numBlocks == 1<<32 {
		s.overflow = true
	}

	// xorKeyStreamBlocks implementations expect input lengths that are a
	// multiple of bufSize. Platform-specific ones process multiple blocks at a
	// time, so have bufSizes that are a multiple of blockSize.

	rem := len(src) % bufSize
	full := len(src) - rem

	full := len(src) - len(src)%bufSize
	if full > 0 {
		s.xorKeyStreamBlocks(dst[:full], src[:full])
	}
	dst, src = dst[full:], src[full:]

	// If using a multi-block xorKeyStreamBlocks would overflow, use the generic
	// one that does one block at a time.
	const blocksPerBuf = bufSize / blockSize
	if uint64(s.counter)+blocksPerBuf > 1<<32 {
		s.buf = [bufSize]byte{}
		numBlocks := (len(src) + blockSize - 1) / blockSize
		buf := s.buf[bufSize-numBlocks*blockSize:]
		copy(buf, src)
		s.xorKeyStreamBlocksGeneric(buf, buf)
		s.len = len(buf) - copy(dst, buf)
		return
	}

	// If we have a partial (multi-)block, pad it for xorKeyStreamBlocks, and
	// keep the leftover keystream for the next XORKeyStream invocation.
	if rem > 0 {
	if len(src) > 0 {
		s.buf = [bufSize]byte{}
		copy(s.buf[:], src[full:])
		copy(s.buf[:], src)
		s.xorKeyStreamBlocks(s.buf[:], s.buf[:])
		s.len = bufSize - copy(dst[full:], s.buf[:])
		s.len = bufSize - copy(dst, s.buf[:])
	}
}



@@ 260,7 286,9 @@ func (s *Cipher) xorKeyStreamBlocksGeneric(dst, src []byte) {
		s.precompDone = true
	}

	for i := 0; i < len(src); i += blockSize {
	// A condition of len(src) > 0 would be sufficient, but this also
	// acts as a bounds check elimination hint.
	for len(src) >= 64 && len(dst) >= 64 {
		// The remainder of the first column round.
		fcr0, fcr4, fcr8, fcr12 := quarterRound(c0, c4, c8, s.counter)



@@ 285,49 313,28 @@ func (s *Cipher) xorKeyStreamBlocksGeneric(dst, src []byte) {
			x3, x4, x9, x14 = quarterRound(x3, x4, x9, x14)
		}

		// Finally, add back the initial state to generate the key stream.
		x0 += c0
		x1 += c1
		x2 += c2
		x3 += c3
		x4 += c4
		x5 += c5
		x6 += c6
		x7 += c7
		x8 += c8
		x9 += c9
		x10 += c10
		x11 += c11
		x12 += s.counter
		x13 += c13
		x14 += c14
		x15 += c15
		// Add back the initial state to generate the key stream, then
		// XOR the key stream with the source and write out the result.
		addXor(dst[0:4], src[0:4], x0, c0)
		addXor(dst[4:8], src[4:8], x1, c1)
		addXor(dst[8:12], src[8:12], x2, c2)
		addXor(dst[12:16], src[12:16], x3, c3)
		addXor(dst[16:20], src[16:20], x4, c4)
		addXor(dst[20:24], src[20:24], x5, c5)
		addXor(dst[24:28], src[24:28], x6, c6)
		addXor(dst[28:32], src[28:32], x7, c7)
		addXor(dst[32:36], src[32:36], x8, c8)
		addXor(dst[36:40], src[36:40], x9, c9)
		addXor(dst[40:44], src[40:44], x10, c10)
		addXor(dst[44:48], src[44:48], x11, c11)
		addXor(dst[48:52], src[48:52], x12, s.counter)
		addXor(dst[52:56], src[52:56], x13, c13)
		addXor(dst[56:60], src[56:60], x14, c14)
		addXor(dst[60:64], src[60:64], x15, c15)

		s.counter += 1
		if s.counter == 0 {
			panic("chacha20: internal error: counter overflow")
		}

		in, out := src[i:], dst[i:]
		in, out = in[:blockSize], out[:blockSize] // bounds check elimination hint

		// XOR the key stream with the source and write out the result.
		xor(out[0:], in[0:], x0)
		xor(out[4:], in[4:], x1)
		xor(out[8:], in[8:], x2)
		xor(out[12:], in[12:], x3)
		xor(out[16:], in[16:], x4)
		xor(out[20:], in[20:], x5)
		xor(out[24:], in[24:], x6)
		xor(out[28:], in[28:], x7)
		xor(out[32:], in[32:], x8)
		xor(out[36:], in[36:], x9)
		xor(out[40:], in[40:], x10)
		xor(out[44:], in[44:], x11)
		xor(out[48:], in[48:], x12)
		xor(out[52:], in[52:], x13)
		xor(out[56:], in[56:], x14)
		xor(out[60:], in[60:], x15)
		src, dst = src[blockSize:], dst[blockSize:]
	}
}


M vendor/golang.org/x/crypto/chacha20/xor.go => vendor/golang.org/x/crypto/chacha20/xor.go +9 -8
@@ 13,10 13,10 @@ const unaligned = runtime.GOARCH == "386" ||
	runtime.GOARCH == "ppc64le" ||
	runtime.GOARCH == "s390x"

// xor reads a little endian uint32 from src, XORs it with u and
// addXor reads a little endian uint32 from src, XORs it with (a + b) and
// places the result in little endian byte order in dst.
func xor(dst, src []byte, u uint32) {
	_, _ = src[3], dst[3] // eliminate bounds checks
func addXor(dst, src []byte, a, b uint32) {
	_, _ = src[3], dst[3] // bounds check elimination hint
	if unaligned {
		// The compiler should optimize this code into
		// 32-bit unaligned little endian loads and stores.


@@ 27,15 27,16 @@ func xor(dst, src []byte, u uint32) {
		v |= uint32(src[1]) << 8
		v |= uint32(src[2]) << 16
		v |= uint32(src[3]) << 24
		v ^= u
		v ^= a + b
		dst[0] = byte(v)
		dst[1] = byte(v >> 8)
		dst[2] = byte(v >> 16)
		dst[3] = byte(v >> 24)
	} else {
		dst[0] = src[0] ^ byte(u)
		dst[1] = src[1] ^ byte(u>>8)
		dst[2] = src[2] ^ byte(u>>16)
		dst[3] = src[3] ^ byte(u>>24)
		a += b
		dst[0] = src[0] ^ byte(a)
		dst[1] = src[1] ^ byte(a>>8)
		dst[2] = src[2] ^ byte(a>>16)
		dst[3] = src[3] ^ byte(a>>24)
	}
}

M vendor/golang.org/x/crypto/poly1305/mac_noasm.go => vendor/golang.org/x/crypto/poly1305/mac_noasm.go +0 -2
@@ 7,5 7,3 @@
package poly1305

type mac struct{ macGeneric }

func newMAC(key *[32]byte) mac { return mac{newMACGeneric(key)} }

M vendor/golang.org/x/crypto/poly1305/poly1305.go => vendor/golang.org/x/crypto/poly1305/poly1305.go +15 -7
@@ 46,10 46,9 @@ func Verify(mac *[16]byte, m []byte, key *[32]byte) bool {
// two different messages with the same key allows an attacker
// to forge messages at will.
func New(key *[32]byte) *MAC {
	return &MAC{
		mac:       newMAC(key),
		finalized: false,
	}
	m := &MAC{}
	initialize(key, &m.macState)
	return m
}

// MAC is an io.Writer computing an authentication tag


@@ 58,7 57,7 @@ func New(key *[32]byte) *MAC {
// MAC cannot be used like common hash.Hash implementations,
// because using a poly1305 key twice breaks its security.
// Therefore writing data to a running MAC after calling
// Sum causes it to panic.
// Sum or Verify causes it to panic.
type MAC struct {
	mac // platform-dependent implementation



@@ 71,10 70,10 @@ func (h *MAC) Size() int { return TagSize }
// Write adds more data to the running message authentication code.
// It never returns an error.
//
// It must not be called after the first call of Sum.
// It must not be called after the first call of Sum or Verify.
func (h *MAC) Write(p []byte) (n int, err error) {
	if h.finalized {
		panic("poly1305: write to MAC after Sum")
		panic("poly1305: write to MAC after Sum or Verify")
	}
	return h.mac.Write(p)
}


@@ 87,3 86,12 @@ func (h *MAC) Sum(b []byte) []byte {
	h.finalized = true
	return append(b, mac[:]...)
}

// Verify returns whether the authenticator of all data written to
// the message authentication code matches the expected value.
func (h *MAC) Verify(expected []byte) bool {
	var mac [TagSize]byte
	h.mac.Sum(&mac)
	h.finalized = true
	return subtle.ConstantTimeCompare(expected, mac[:]) == 1
}

M vendor/golang.org/x/crypto/poly1305/sum_amd64.go => vendor/golang.org/x/crypto/poly1305/sum_amd64.go +0 -11
@@ 9,17 9,6 @@ package poly1305
//go:noescape
func update(state *macState, msg []byte)

func sum(out *[16]byte, m []byte, key *[32]byte) {
	h := newMAC(key)
	h.Write(m)
	h.Sum(out)
}

func newMAC(key *[32]byte) (h mac) {
	initialize(key, &h.r, &h.s)
	return
}

// mac is a wrapper for macGeneric that redirects calls that would have gone to
// updateGeneric to update.
//

M vendor/golang.org/x/crypto/poly1305/sum_generic.go => vendor/golang.org/x/crypto/poly1305/sum_generic.go +10 -8
@@ 31,9 31,10 @@ func sumGeneric(out *[TagSize]byte, msg []byte, key *[32]byte) {
	h.Sum(out)
}

func newMACGeneric(key *[32]byte) (h macGeneric) {
	initialize(key, &h.r, &h.s)
	return
func newMACGeneric(key *[32]byte) macGeneric {
	m := macGeneric{}
	initialize(key, &m.macState)
	return m
}

// macState holds numbers in saturated 64-bit little-endian limbs. That is,


@@ 97,11 98,12 @@ const (
	rMask1 = 0x0FFFFFFC0FFFFFFC
)

func initialize(key *[32]byte, r, s *[2]uint64) {
	r[0] = binary.LittleEndian.Uint64(key[0:8]) & rMask0
	r[1] = binary.LittleEndian.Uint64(key[8:16]) & rMask1
	s[0] = binary.LittleEndian.Uint64(key[16:24])
	s[1] = binary.LittleEndian.Uint64(key[24:32])
// initialize loads the 256-bit key into the two 128-bit secret values r and s.
func initialize(key *[32]byte, m *macState) {
	m.r[0] = binary.LittleEndian.Uint64(key[0:8]) & rMask0
	m.r[1] = binary.LittleEndian.Uint64(key[8:16]) & rMask1
	m.s[0] = binary.LittleEndian.Uint64(key[16:24])
	m.s[1] = binary.LittleEndian.Uint64(key[24:32])
}

// uint128 holds a 128-bit number as two 64-bit limbs, for use with the

M vendor/golang.org/x/crypto/poly1305/sum_noasm.go => vendor/golang.org/x/crypto/poly1305/sum_noasm.go +8 -3
@@ 2,12 2,17 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

// +build s390x,!go1.11 !amd64,!s390x,!ppc64le gccgo purego
// At this point only s390x has an assembly implementation of sum. All other
// platforms have assembly implementations of mac, and just define sum as using
// that through New. Once s390x is ported, this file can be deleted and the body
// of sum moved into Sum.

// +build !go1.11 !s390x gccgo purego

package poly1305

func sum(out *[TagSize]byte, msg []byte, key *[32]byte) {
	h := newMAC(key)
	h := New(key)
	h.Write(msg)
	h.Sum(out)
	h.Sum(out[:0])
}

M vendor/golang.org/x/crypto/poly1305/sum_ppc64le.go => vendor/golang.org/x/crypto/poly1305/sum_ppc64le.go +0 -11
@@ 9,17 9,6 @@ package poly1305
//go:noescape
func update(state *macState, msg []byte)

func sum(out *[16]byte, m []byte, key *[32]byte) {
	h := newMAC(key)
	h.Write(m)
	h.Sum(out)
}

func newMAC(key *[32]byte) (h mac) {
	initialize(key, &h.r, &h.s)
	return
}

// mac is a wrapper for macGeneric that redirects calls that would have gone to
// updateGeneric to update.
//

M vendor/golang.org/x/crypto/ssh/cipher.go => vendor/golang.org/x/crypto/ssh/cipher.go +1 -1
@@ 119,7 119,7 @@ var cipherModes = map[string]*cipherMode{
	chacha20Poly1305ID: {64, 0, newChaCha20Cipher},

	// CBC mode is insecure and so is not included in the default config.
	// (See http://www.isg.rhul.ac.uk/~kp/SandPfinal.pdf). If absolutely
	// (See https://www.ieee-security.org/TC/SP2013/papers/4977a526.pdf). If absolutely
	// needed, it's possible to specify a custom Config to enable it.
	// You should expect that an active attacker can recover plaintext if
	// you do.

M vendor/google.golang.org/appengine/.travis.yml => vendor/google.golang.org/appengine/.travis.yml +0 -2
@@ 10,8 10,6 @@ script:

matrix:
  include:
    - go: 1.8.x
      env: GOAPP=true
    - go: 1.9.x
      env: GOAPP=true
    - go: 1.10.x

M vendor/google.golang.org/appengine/internal/api.go => vendor/google.golang.org/appengine/internal/api.go +5 -2
@@ 58,8 58,11 @@ var (

	apiHTTPClient = &http.Client{
		Transport: &http.Transport{
			Proxy: http.ProxyFromEnvironment,
			Dial:  limitDial,
			Proxy:               http.ProxyFromEnvironment,
			Dial:                limitDial,
			MaxIdleConns:        1000,
			MaxIdleConnsPerHost: 10000,
			IdleConnTimeout:     90 * time.Second,
		},
	}


M vendor/modules.txt => vendor/modules.txt +8 -6
@@ 46,7 46,7 @@ github.com/alecthomas/chroma/lexers/w
github.com/alecthomas/chroma/lexers/x
github.com/alecthomas/chroma/lexers/y
github.com/alecthomas/chroma/styles
# github.com/aws/aws-sdk-go v1.30.9
# github.com/aws/aws-sdk-go v1.30.14
## explicit
github.com/aws/aws-sdk-go/aws
github.com/aws/aws-sdk-go/aws/arn


@@ 173,7 173,8 @@ github.com/justinas/nosurf
github.com/kevinburke/ssh_config
# github.com/klauspost/cpuid v1.2.3
github.com/klauspost/cpuid
# github.com/klauspost/reedsolomon v1.9.3
# github.com/klauspost/reedsolomon v1.9.4
## explicit
github.com/klauspost/reedsolomon
# github.com/konsorten/go-windows-terminal-sequences v1.0.2
github.com/konsorten/go-windows-terminal-sequences


@@ 270,7 271,7 @@ github.com/yuin/gopher-lua/pm
# github.com/zpatrick/rbac v0.0.0-20180829190353-d2c4f050cf28
## explicit
github.com/zpatrick/rbac
# golang.org/x/crypto v0.0.0-20200414173820-0848c9571904
# golang.org/x/crypto v0.0.0-20200423211502-4bdfaf469ed5
## explicit
golang.org/x/crypto/acme
golang.org/x/crypto/acme/autocert


@@ 297,7 298,7 @@ golang.org/x/crypto/ssh
golang.org/x/crypto/ssh/agent
golang.org/x/crypto/ssh/internal/bcrypt_pbkdf
golang.org/x/crypto/ssh/knownhosts
# golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e
# golang.org/x/net v0.0.0-20200421231249-e086a090c8fd
## explicit
golang.org/x/net/context
golang.org/x/net/html


@@ 305,7 306,7 @@ golang.org/x/net/html/atom
golang.org/x/net/idna
golang.org/x/net/internal/socks
golang.org/x/net/proxy
# golang.org/x/sys v0.0.0-20200413165638-669c56c373c4
# golang.org/x/sys v0.0.0-20200420163511-1957bb5e6d1f
## explicit
golang.org/x/sys/cpu
golang.org/x/sys/unix


@@ 315,7 316,8 @@ golang.org/x/text/secure/bidirule
golang.org/x/text/transform
golang.org/x/text/unicode/bidi
golang.org/x/text/unicode/norm
# google.golang.org/appengine v1.6.5
# google.golang.org/appengine v1.6.6
## explicit
google.golang.org/appengine
google.golang.org/appengine/datastore
google.golang.org/appengine/datastore/internal/cloudkey