Update the vendored golang.org/x/crypto module to the
latest version, which in turn updates the vendored copy
of the x/sys module.
While the portions of x/crypto vendored into this project do
not actually change at all, updating the module's entry in
vendor/modules.txt and go.{mod,sum} means we will not be
flagged by security scanners regarding CVE-2020-29652 in the
x/crypto/ssh library code.
The Git LFS client should not be affected by that security
issue, since we do not use the ssh component of the x/crypto
module.
The specific commands run to perform this update were:
go get golang.org/x/crypto@latest &&
go mod tidy && go mod vendor
When using Go 1.16 in CI, go get is upgrading some of our dependencies
automatically, and since these items are not in the go.sum file, Go
complains and refuses to build our binary. Let's bump the relevant
dependencies and vendor the resulting modules to make sure that Go can
build our binary successfully on a fresh Go 1.16.
Update the vendored golang.org/x/net module to the latest
version, which in turn updates the vendored copy of the
golang.org/x/text module to 0.3.3. That version of x/text
includes a mitigation of CVE-2020-14040, which pertains to
processing UTF-16 data with a Byte Order Mark.
The Git LFS client should not be affected by that security
issue, since it does not open streams in UTF-16 mode, but
we update our modules to stay current with the upstream Go
sources and also to avoid being flagged by security scanners.
The specific commands run to perform this update were:
"go get golang.org/x/net@latest && go mod tidy && go mod vendor"
Use the IoctlFileClone ioctl wrapper provided by golang.org/x/sys/unix
instead of locally implementing it. This also fixes the ioctl on
GOARCHes where the value of FICLONE is different from the currently used
ioctlFiClone value (e.g. mips64/mips64le and ppc64/ppc64le).
This PR also bumps the version of golang.org/x/sys to get
IoctlFileClone and updates its vendored version by running
`go get golang.org/x/sys@latest && go mod tidy && go mod vendor`.
We'll need some additional dependencies to add support for Kerberos to
Git LFS. In order to support HTTP SPNEGO (Negotiate) support, add the
required modules and vendor their dependencies.
Vendor the `golang.org/x/net` dependency. This will be used in a
future commit to add HTTP/2 transport support.
Note that due to the way go modules work, the `golang.org/x/sys`
dependency was updated as well when running `make vendor`.
We use package github.com/olekukonko/ts to issue IOCTL's to gather the
terminal size of the calling terminal in order to determine the length
of lines we attempt to print.
Until now, we have used revision ecf753e7c962, which is over 4 years
old. Since then, github.com/olekukonko/ts has introduced support for
Solaris, which we previously could not build or run on because package
syscall on Solaris does not export an IOCTL constant.
Let's upgrade to the latest version, and bring in support for Solaris.
