New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implemented a Basic TLS #34

Merged
merged 5 commits into from Sep 7, 2014

Conversation

Projects
None yet
4 participants
@Bren2010
Copy link
Contributor

Bren2010 commented Sep 4, 2014

Proposed solution as a simple, secure, and modular transport layer.

Uses peer keys for signing only (which they probably should be restricted to), and a shared key is derived through ECDH. Provides forward secrecy, data secrecy, data integrity, and mutual authentication. Borrows the idea of cipher suites/negotiation from TLS for modularity.

Protocol:
Step 1: Hello = (Random, MultiPublicKey, Supported Algorithms)
Step 2: Exchange = (EECDH Public Key, Sig(Hello1 || Hello2 || EECDH Public Key))
Step 3: Finish = E("Finish")

Atm, it hasn't been integrated with the rest of the code base yet.

Peer review/suggestions welcome, as always.

macSize = 64
}

for {

This comment has been minimized.

@whyrusleeping

whyrusleeping Sep 4, 2014

Member

I would prefer if all of this wasnt a single anonymous function inside of handshake, if we could break this down a little that would be nice (and slightly more readable!)

// the shared secret key.
//
// Focuses only on ECDH now, but can be made more general in the future.
func generateEPubKey(exchange string) ([]byte, func([]byte) ([]byte, error), error) {

This comment has been minimized.

@whyrusleeping

whyrusleeping Sep 4, 2014

Member

can this function thats being returned have a named type to denote its purpose?

}

switch exchange {
case "P-224":

This comment has been minimized.

@whyrusleeping

whyrusleeping Sep 4, 2014

Member

It looks like all we need inside the case statements is the "curve = elliptic.Blah", the rest is common and can be moved out of the switch

@jbenet

This comment has been minimized.

Copy link
Member

jbenet commented Sep 6, 2014

tl;dr: this is not yet audited. we need to audit a lot of stuff, so merging in with the massive disclaimer that this is not yet known to be secure.

17:58 <whyrusleeping> jbenet: look at the changes to the handshake function
17:59 <whyrusleeping> it looks good to me, and appears to work fine. but i just wanted your once over
18:02 <•jbenet> mmm worried about signing off on security stuff by just looking over.
18:02 <whyrusleeping> ah, yeah
18:02 <•jbenet> I mean we need to go through and audit a lot of stuff anyway-- perhaps TRTTD is to merge in and put a massive disclaimer that it's not yet secure.
18:03 <•jbenet> (in the code, i mean)
18:03 <whyrusleeping> yeah? i can do that
18:03 <whyrusleeping> im part of the security group at my university, we can do an audit as a club event to help out
18:03 <•jbenet> that could be great
18:04 <•jbenet> it'd be nice to reach a functionality feature freeze
18:04 <whyrusleeping> okay, ill do the merge then?
18:04 <•jbenet> and then go back to a) polish interface, b) reimplement broken things, c) audit security
New messages
18:04 <•jbenet> yeah, i'll just add this discussion to the PR
@jbenet

This comment has been minimized.

Copy link
Member

jbenet commented Sep 6, 2014

cc @perfmode @cleichner if you want to help CR something

@whyrusleeping whyrusleeping merged commit c6823ac into ipfs:crypto Sep 7, 2014

@dominictarr

This comment has been minimized.

Copy link
Contributor

dominictarr commented Oct 20, 2014

doesn't this leak metadata - who is connecting to who? isn't it possible to be encrypted from the first byte by doing the EECDH exchange first?

@Bren2010

This comment has been minimized.

Copy link
Contributor Author

Bren2010 commented Oct 21, 2014

@dominictarr Yep. But afaik IPFS has no interest in anonymity and following TLS' pattern of authenticating and verifying the secure channel before using it for anything important makes me feel warm and fuzzy inside (and is probably a good way to avoid strange vulns).

@jbenet

This comment has been minimized.

Copy link
Member

jbenet commented Oct 21, 2014

@dominictarr Unless you know who you're connecting to beforehand, a listener you're connecting to will have to get your public key. But yes, fair point, there could be two modes, for initializing connections to new unknown public keys, and for known ones.

@dominictarr

This comment has been minimized.

Copy link
Contributor

dominictarr commented Oct 21, 2014

If you are gonna use something similar to tls why not just use tls?
tls has had more than a few strange vulnerabilities... but it's well studied.

I think there are two strong positions here - either use something that is so well studied
and widely used, that the vulns have been already fixed, or at least, that there are so many other bikes to steal, the chance they steal yours is small, giving you time to fix the lock.
i.e. just use tls.

and the other strong position is making something so simple that it's obviously secure.

I think the possibility for simplicity is considerable here, given that, ipfs, etc, doesn't rely on the security of the connection for it's security. the data is already secure, and it' would still be secure
over plain text - we are only encrypting it to prevent passive eavesdroppers. maybe to authenticate
who we are talking to - but ideally, that could be done inside the privacy layer.

@Bren2010

This comment has been minimized.

Copy link
Contributor Author

Bren2010 commented Oct 21, 2014

@dominictarr Because TLS is designed for a server-client model and heavily utilizes CAs--both of which are contrary to IPFS' design. There's also the point that TLS is incredibly complicated and has a lot of legacy to it, which makes it hard to re-implement securely in situations where we don't have access to standard TLS libraries.

The protocol is already as simple as possible while still satisfying the requirements placed upon it. (Those requirements being forward secrecy, mutual authentication, confidentiality & integrity of data, in addition to being extensible.)

Edit: I realized there was a point I could address. The reason it's better to build a secure channel is largely because of the mutual authentication. Before I wrote this, that's all that was being done--you authenticate each other and then you go back to communicating in plaintext.

That scheme achieves its objective in the presence of malicious actors inside the network, but it doesn't do anything to deter active adversaries (outside the network). So you come to the point that all the hard bits are done--it's incredibly cheap to just build the rest of the secure channel and then I get the guarantee that if I contact Alice, I know that everything I read is legitimately from Alice.

@whyrusleeping

This comment has been minimized.

Copy link
Member

whyrusleeping commented Oct 21, 2014

I agree that we should keep the protocol as simple as possible to allow it to be easily audited and understood. TLS is great, but has way too much baggage for what were after

@dominictarr

This comment has been minimized.

Copy link
Contributor

dominictarr commented Oct 21, 2014

okay to be honest, I am not well versed on exactly how complicated tls is, I can imagine it's more complicated than this, though, sure. But I just feel that this could be even simpler.

There are really two distinct things here - privacy and security. ipfs is secure even over plain text,
because it's an authenticated data-structure. likewise, git (if you sign tags), bittorrent, secure-scuttlebutt. The other thing is privacy.

If you just did privacy, and required the application/next layer to handle authentication and integrity then you could simplify this.

And if you had an out of channel way of setting the parameters then you would not need cipher suite negotiation you could just put {hash, ip, port, ciphersuite} tuples into the dht... and then when you upgrade the ciphersuite, switch to the new port. This would allow a rolling upgrade, and mean there are very few edge cases in the private-channel.

@Bren2010

This comment has been minimized.

Copy link
Contributor Author

Bren2010 commented Oct 21, 2014

okay to be honest, I am not well versed on exactly how complicated tls is, I can imagine it's more complicated than this, though, sure. But I just feel that this could be even simpler.

Reverse engineering someone's TLS implementation is a multi-week effort (I've done it). This protocol took me a few hours to design and implement. It took a few minutes to figure out how it worked after I'd been away from the codebase for a while. This is only a few hundred lines, whereas TLS implementations are thousands of lines.

Personally, I think it's incredibly easy to reason about the security of this, and I would think you do too since you started finding caveats within minutes of being told where the code was.

There are really two distinct things here - privacy and security.

I don't know what either of those words mean in this context... I'm guessing confidentiality and integrity? If so, as I said, confidentiality was added for the reason "why not?" and integrity is there so that I know everything I read off of my channel with Alice was actually written by Alice and meant for me--remember, there'll be more going through our channel than items from the DAGStore. Information about Alice's health, what she wants, what she knows.

And if you had an out of channel way of setting the parameters then you would not need cipher suite negotiation you could just put {hash, ip, port, ciphersuite} tuples into the dht

Disregarding the fact that the logic is circular and that this doesn't add anything, how is putting information into an incredibly complex system of computers simpler than just sending it over the wire to people who ask?

@Bren2010 Bren2010 deleted the Bren2010:crypto branch Oct 21, 2014

@dominictarr

This comment has been minimized.

Copy link
Contributor

dominictarr commented Oct 22, 2014

Okay good point, this is relatively simple.

But, I think you should consider the out-of-band ciphersuit thing.
In particular - it makes it much easier to upgrade the protocol -
this is a very important aspect of ipfs, if it works out, it's expected to be used for a long time.
Decades is reasonable, there are lots of protocols that old in use today.

Sure, you could negotiate a different suite, but you can't remove the negotiation,
so it's always gonna leak some information, but if the protocol/ciphersuit is distributed another way...
you could have an even simpler protocol than this, and you could have neat things,
like have the connection appear completely random from the first byte.

In a p2p system like ipfs, there is already a lookup to go from a peer id (i.e. hash(pubkey))
to a (possibly temporary) peer address, adding the suit/protocol to that is not much extra effort.

@jbenet

This comment has been minimized.

Copy link
Member

jbenet commented Oct 22, 2014

@dominictarr

So like this:

# current multiaddr
/ip4/10.20.30.40/tcp/1234/ipfs/QmZSWmvJdrjtUo9TAVnRnRZbMfgcVbMbwMBhvsYTjBZ9es

# multiaddr specifying tls cypher
# 0xcc14 = TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
/ip4/10.20.30.40/tcp/1234/tls/cc14/ipfs/QmZSWmvJdrjtUo9TAVnRnRZbMfgcVbMbwMBhvsYTjBZ9es/

# some future
/ip8/QmZSWmvJdrjtUo9TAVnRn/sc/cc14/ipfs/QmZSWmvJdrjtUo9TAVnRnRZbMfgcVbMbwMBhvsYTjBZ9es/
@Bren2010

This comment has been minimized.

Copy link
Contributor Author

Bren2010 commented Oct 22, 2014

But, I think you should consider the out-of-band ciphersuit thing.
In particular - it makes it much easier to upgrade the protocol -

@dominictarr The protocol is already trivial to upgrade.

Want to add a new cipher? Implement it and add it to the supported ciphers list.
Want to upgrade the protocol with major breaking changes? Create a supported versions list and negotiate which protocol version to use.

You never remove negotiation because there is always a need to negotiate something. TLS (even dating back to SSL) has never changed the ClientHello and SeverHello messages because there's no reason to.

so it's always gonna leak some information, but if the protocol/ciphersuit is distributed another way...
you could have an even simpler protocol than this, and you could have neat things,
like have the connection appear completely random from the first byte.

The protocol is always going to be trivially distinguishable from random. There's structure to the timing of messages in the protocol. There's structure in the objects sent. IPFS nodes will always behave in predictable ways (unless @jbenet decides to recast the project as a DRBG).

If I look up someone's preferences in the DHT, I can calculate the suite we should use because I have both variables, but how do I convey that knowledge to them if my only way of talking to them is walking up and just using the suite? Negotiation is a function of two variables, so how does the person on the other end make that calculation if they don't know anything about me?

In a p2p system like ipfs, there is already a lookup to go from a peer id (i.e. hash(pubkey))

If you're new to the network or have limited connectivity, how do you find someone's preferences to make a new connection to them to improve connectivity? How do you avoid the circular dependency of "I want to talk to Alice, so I need to look her up in the DHT, and that requires making a connection to someone, so I look them up in the DHT, which requires making a connection to someone, so I look..."

@whyrusleeping

This comment has been minimized.

Copy link
Member

whyrusleeping commented Oct 22, 2014

I do agree that all the information in the handshake should be available in the DHT for lookup, but i do also think it needs to be in the handshake for the very same reasons @Bren2010 expressed in his last paragraph.

@dominictarr

This comment has been minimized.

Copy link
Contributor

dominictarr commented Oct 24, 2014

So, i think the world has changed a lot since tls was conceived. The most important thing is how updates occur - I remember getting netscape navigator on a CDROM from my isp. Of course, you are not gonna get an update out very quick that way, and some people will never upgrade.

Nowadays we have automatic updates - sure, that is back door, but lets say we can create a decentralized way to do something like that (I have ideas, we can discuss later) I don't think we have the same concern for legacy code with ipfs, etc. But also - http has a default port, and surfers follow links to your site, and you can't break links or you break the web. web protocols had to be on the same port.

Ipfs does not have links that will break like this - because links are to data, not to servers.

How does a new peer find the network? A completely new node still needs an entry point, right?
This means something like a "start list" of servers that tend to stay online and addressable. This doesn't centralize the protocol because they are still regular nodes, and anyone can start a startlist node - it's just a matter of publishing it's address widely.

If we need to keep the start list servers accessable, that start list could contain the cipher suite, or it could indicate that a negotiation handshake is used instead. Is this how ipfs will introduce nodes?

@jbenet

This comment has been minimized.

Copy link
Member

jbenet commented Oct 27, 2014

Ipfs does not have links that will break like this - because links are to data, not to servers.

Exactly.

How does a new peer find the network? A completely new node still needs an entry point, right?
This means something like a "start list" of servers that tend to stay online and addressable. This doesn't centralize the protocol because they are still regular nodes, and anyone can start a startlist node - it's just a matter of publishing it's address widely.

Yes, we use a list of bootstrapping addresses, which include the node.ID (public key). e.g.

/ip4/104.131.131.82/tcp/4001/QmaCpDMGvV2BGHeYERUEnRQAwe3N8SzbUtfsmvsqQLuvuJ
/ip4/1.2.3.4/udp/5234/QmSPS2WsvjFJ7AsTULbxw4o7oGD2PVTkR9zbiWQcapCtzS
...

Note that all distributed systems have the bootstrapping problem and solve it effectively the same way. DHTs, bitcoin, even DNS (hard coded root . resolver IPs).

For our purposes, we'll distribute signed, up-to-date bootstrapping list with implementations, and make it available via HTTP, DNS, and other systems.

If we need to keep the start list servers accessable, that start list could contain the cipher suite, or it could indicate that a negotiation handshake is used instead. Is this how ipfs will introduce nodes?

Yeah, we could do something like:

/ip4/104.131.131.82/tcp/4001/tls/cc14/QmaCpDMGvV2BGHeYERUEnRQAwe3N8SzbUtfsmvsqQLuvuJ
...

but i'm not yet convinced negotiation of cyphers is a bad idea. nodes should be more stern about the cyphers it uses (i.e. prune out weaker things) (NB: not negotiating cyphers does not get rid of handshake. would have to get rid of ephemeral sec chan key to do so. which we could do, since trust here depends on the source key. sessions strictly live shorter than the key used for node.ID (i.e. does forward secrecy make sense if the master private key which defines the node is compromised??) . AFAICT right now, the only other benefit of the ephemeral key is letting nodes split up implementations and safeguard keys better (i.e. i could have a full implementation that i don't give my private key to, only derived keys).

@whyrusleeping

This comment has been minimized.

Copy link
Member

whyrusleeping commented Oct 27, 2014

would be kinda cool to have udp service discovery implemented for ipfs

@jbenet

This comment has been minimized.

Copy link
Member

jbenet commented Oct 27, 2014

would be kinda cool to have udp service discovery implemented for ipfs

yep!! there;s lots of protocols for local discovery, we should use as many as we can. this helps bittorrent clients be so successful at moving data around.

cryptix added a commit that referenced this pull request May 29, 2015

godeps: update everything to master
New:

* golang.org/x/text (c93e7c9fff19fb9139b5ab04ce041833add0134e)

* github.com/jackpal/gateway (192609c58b8985e645cbe82ddcb28a4362ca0fdc)


Changed:

* github.com/Sirupsen/logrus (old rev 26709e2714106fb8ad40b773b711ebce25b78914) (new rev 6ba91e24c498b49d0363c723e9e2ab2b5b8fd012)
Alexander F Rødseth (1):
      Terminals on Windows may not have colors

Antoine Grondin (1):
      default logs to stderr

Dotan J. Nahum (1):
      logrus_syslog / syslog - example should now be valid

Madhav Puri (2):
      Fix Fatalf() and Fatalln() to exit irrespective of log level
      Fix Fatal*() function of logger to match the behavior of Fatal*() functions of entry

Matthew Baird (1):
      proper use of TextFormatter in documentation

Philip Allen (4):
      Added Raygun hook.
      Moving raygun hook to its own repositiroy at github.com/squirkle/logrus-raygun-hook
      Merge branch 'master' of https://github.com/Sirupsen/logrus
      removing raygun hook from hooks dir, adding reference in hooks table of main README.md

Simon Eskildsen (12):
      Merge pull request #170 from aybabtme/log-to-stderr
      Merge pull request #177 from xyproto/master
      Merge pull request #178 from mattbaird/patch-1
      Merge pull request #168 from squirkle/master
      Merge pull request #183 from evalphobia/feature/sentry-http-request
      formatter/json: fix possible race
      version: bump to 0.8
      Merge pull request #187 from mapuri/master
      version: bump to 0.8.1
      Merge pull request #188 from mapuri/master
      version: 0.8.2
      Merge pull request #189 from jondot/patch-1

evalphobia (1):
      Added special field for *http.Request to Sentry hook

* github.com/cenkalti/backoff (old rev 9831e1e25c874e0a0601b6dc43641071414eec7a) (new rev 6c45d6bc1e78d94431dff8fc28a99f20bafa355a)
Cenk Alti (1):
      fix #14

* github.com/cheggaaa/pb (old rev e8c7cc515bfde3e267957a3b110080ceed51354e) (new rev d7729fd7ec1372c15b83db39834bf842bf2d69fb)
Andrew Sutherland (4):
      just return ourselves on chainable methods
      use channel to trigger isFinished
      make units type safe
      dont panic on multiple Finish calls

Andrey Smirnov (1):
      Fix the data race on pb.isFinish member.

Frederick F. Kautz IV (1):
      Running gofmt, no semantic changes.

Fábio Gomes (1):
      Adds Set64 func to set the current value as int64

Sergey Cherepanov (8):
      netbsd support
      Merge pull request #34 from smira/master
      Merge pull request #35 from nixxquality/patch-1
      Merge pull request #36 from fkautz/pr_out_running_gofmt_no_semantic_changes
      Merge pull request #37 from drewis/forupstream
      Merge pull request #38 from monde-sistemas/master
      correct speed when start value not 0
      return object for a chain calling

nixxquality (1):
      Fix typo

* github.com/crowdmob/goamz/aws (old rev 82345796204222aa56be89cf930c316b1297f906) (new rev 3a06871fe9fc0281ca90f3a7d97258d042ed64c0)
Adrien Bustany (2):
      s3: Retry on url.Error too
      s3test: Implement MultiDel support

Ali Moeeny (4):
      Merge pull request #324 from abustany/s3-retry-url-error
      Merge pull request #329 from richarddbarnett/master
      Merge pull request #330 from abustany/s3test-multidel
      Merge pull request #331 from AndreyKostov/master

Andrey Kostov (1):
      Fix signed urls for s3 with v4 auth and IAM roles

Matthew Moore (1):
      Update README.md

Richard Barnett (1):
      Add Kinesis endpoint for us-west-1

* github.com/crowdmob/goamz/s3 (old rev 82345796204222aa56be89cf930c316b1297f906) (new rev 3a06871fe9fc0281ca90f3a7d97258d042ed64c0)
Adrien Bustany (2):
      s3: Retry on url.Error too
      s3test: Implement MultiDel support

Ali Moeeny (4):
      Merge pull request #324 from abustany/s3-retry-url-error
      Merge pull request #329 from richarddbarnett/master
      Merge pull request #330 from abustany/s3test-multidel
      Merge pull request #331 from AndreyKostov/master

Andrey Kostov (1):
      Fix signed urls for s3 with v4 auth and IAM roles

Matthew Moore (1):
      Update README.md

Richard Barnett (1):
      Add Kinesis endpoint for us-west-1

* github.com/fd/go-nat (old rev 50e7633d5f27d81490026a13e5b92d2e42d8c6bb) (new rev dcaf50131e4810440bed2cbb6f7f32c4f4cc95dd)
Simon Menke (1):
      Using github.com/jackpal/gateway to discover NAT-PMP/PCP gateways

* github.com/fzzy/radix/redis (old rev 27a863cdffdb0998d13e1e11992b18489aeeaa25) (new rev 031cc11e9800a2626ee2ae629655a922b630a07d)
Brian Picciano (19):
      make cluster package thread-safe
      CHANGELOG
      update READMEs to have references to cluster
      throttle Reset calls in cluster
      change how options are passed around in cluster, and fix throttle
      CHANGELOG
      add a Pattern field to SubReply
      make DialTimeout actually use DialTimeout (requested by #53)
      fix bugs in cluster which prevented proper failover handling
      make cluster.getConn attempt to make the pool in question to better handle failover cases, also simplify moved logic a bit
      fix cluster test to handle the Reset throttle properly
      CHANGELOG
      refactor resp writing to not create an intermediate buffer and just write directly to the io.Writer
      small formatting fixes
      optimize flattening in resp to not create as many intermediate data structures
      refactor resp writing even further by making conn have a writeBuffer pre-allocated which resp simply appends to
      update cluster tests for newest testify code
      CHANGELOG
      CHANGELOG

Victor (1):
      add Reply.Float64() method

* github.com/gogo/protobuf (old rev 0ac967c269268f1af7d9bcc7927ccc9a589b2b36) (new rev b9e369e8ffb6773efc654ea13594566404314ee1)
Anton Povarov (1):
      simpler and more computationally efficient solution

Dwayne Schultz (4):
      Add checks in marshal/unmarshal for presence of required fields
      Improve compatibility
      Revert "Improve compatibility"
      Use import helper

Georg Apitz (2):
      Apply @anton-povarov's patch for bitmasks for missing required fields
      Add test for nested NinOptNative

John Tuley (11):
      Update artifacts from `make all`
      Test using `Marshal` instead of `MarshalTo`
      Use `proto.Marshal`/`proto.Unmarshal`
      Move NewRequiredNotSetError to encode_gogo.go
      Restore permissions on protoc-gen-gogo/main.go
      Remove empty lines
      Remove empty lines
      Check marshal error in requiredexamplepb_test.go
      Merge remote-tracking branch 'gogo/master'
      Add test for unmarshalling populated optional fields as required
      Add tests for required fields

Tamir Duberstein (1):
      Generate errcheck-passing code

Walter Schulze (4):
      regenerated code
      Merge pull request #51 from tamird/errcheck
      fixed errcheck for old protoc versions
      Merge pull request #48 from jmtuley/master

* github.com/hashicorp/golang-lru (old rev 253b2dc1ca8bae42c3b5b6e53dd2eab1a7551116) (new rev 995efda3e073b6946b175ed93901d729ad47466a)
Alexander Gugel (1):
      Add Contains, Peek

Armon Dadgar (6):
      Merge pull request #3 from blopker/master
      Merge pull request #4 from mreid-moz/add_onevict
      Merge pull request #6 from client9/master
      Merge pull request #8 from sciolizer/keys-order
      Merge pull request #10 from alexanderGugel/has-peek
      Merge pull request #12 from dkumor/master

Bo Lopker (1):
      Add RWMutex for read-only functions

Daniel Kumor (2):
      Fixed onEvict bug for Purge
      Added test for onEvicted interface value

Joshua Ball (1):
      Keys() preserves order

Kyle Kelley (1):
      fmt.Sprintf inside panic call

Mark Reid (6):
      Add an 'onEvict' function called when an element is removed.
      Export the "OnEvicted" function.
      Stop exposing the internals for eviction.
      Take a single lock to purge the cache.
      Purge in the correct LRU order.
      Call the evict function, then reset the cache.

Nick Galbreath (2):
      change Add method to return bool on eviction
      gofmt cleanup

Ryan Uber (1):
      Merge pull request #2 from rgbkrk/patch-1

* github.com/hashicorp/yamux (old rev 9feabe6854fadca1abec9cd3bd2a613fe9a34000) (new rev b2e55852ddaf823a85c67f798080eb7d08acd71d)
Armon Dadgar (5):
      Prevent Read on a closed stream
      Adding NumStreams to query open stream count
      Prevent deadlock with closeStream race
      Session close waits for receive loop to terminate
      Adding backpressure to Open to avoid RST

* github.com/howeyc/fsnotify (old rev 6b1ef893dc11e0447abda6da20a5203481878dda) (new rev 4894fe7efedeeef21891033e1cce3b23b9af7ad2)
Chris Howey (1):
      Merge pull request #109 from missdeer/master

Fan Yang (2):
      Update fsnotify_bsd.go
      Update fsnotify_open_bsd.go

* github.com/huin/goupnp (old rev 223008361153d7d434c1f0ac990cd3fcae6931f5) (new rev c57ae84388ab59076fd547f1abeab71c2edb0a21)
Felix Lange (1):
      soap: quote action names in header

Huin (1):
      Fix CharsetReader creation.

Jianfei Wang (1):
      support xml encoding other than utf-8

John Beisley (2):
      Merge branch 'fjl-soap-quote'
      Merge branch 'thinxer-master'

* github.com/jackpal/go-nat-pmp (old rev a45aa3d54aef73b504e15eb71bea0e5565b5e6e1) (new rev 46523a463303c6ede3ddfe45bde1c7ed52ebaacd)
Jack Palevich (1):
      Add NewClientForDefaultGateway, test of same.

* github.com/jbenet/go-peerstream (old rev 8d52ed2801410a2af995b4e87660272d11c8a9a4) (new rev 675a5da7e3500d73c2edc84565d6c46b540ad1b4)
Brian Tiger Chow (1):
      Update listener.go

Juan Batiz-Benet (1):
      Merge pull request #7 from briantigerchow/patch-1

* github.com/kardianos/osext (old rev 8fef92e41e22a70e700a96b29f066cda30ea24ef) (new rev 6e7f843663477789fac7c02def0d0909e969b4e5)
Daniel Theophanes (2):
      osext: do not return trailing slash in folder path.
      osext: state in readme that args[0] doesn't always work.

* github.com/miekg/dns (old rev 82ffc45b1f84ff71bd1cebed8b210118ce3d181e) (new rev bb1103f648f811d2018d4bedcb2d4b2bce34a0f1)
Alex Sergeyev (6):
      Issue with TLSA parsing identified
      Fixed SSHFP parsing when multiple lines used for text representation.
      Updated NSAP support according to RFC1706
      Fixed reversed logic.
      Support for almost all possible ways to format HINFO record
      Added comment to commented-out testcase

Mart Roosmaa (1):
      Use algorithm number to determine private key type.

Michael Haro (3):
      Check that the query ID matches the answer ID.
      Keep Exchange as it was, but still check ID.
      Cleanup Client.exchange

Miek Gieben (10):
      Merge pull request #207 from roosmaa/keyparse
      Merge pull request #208 from michaelharo/checkid
      Merge pull request #209 from michaelharo/client
      Merge commit '627287e675fb79f57928f77fbfae24abe15ed58b' into tlsa
      Playing with TLSA records
      Fix off-by-one on the maxTok and maxCom check
      Add TLSA parsing tests
      Check the l.err token errors
      Merge pull request #211 from miekg/tlsa
      Merge pull request #212 from asergeyev/master

* github.com/syndtr/goleveldb/leveldb (old rev 4875955338b0a434238a31165cb87255ab6e9e4a) (new rev 315fcfb05d4d46d4354b313d146ef688dda272a9)
Suryandaru Triandana (6):
      Merge pull request #106 from restlessbandit/getprop-errors
      leveldb: allows disabling buffer pool
      manualtest/dbstress: disable block cache and buffer pool by default
      memdb: use named constant instead of integer literal and Reset now holds lock
      leveldb: cleanup DB.recoverJournal(), memdb, session record and split session.go
      leveldb: allows open or puts DB into read-only mode (closes #107)

Travis J Parker (1):
      uses a public API error that can be compared against for invalid property names

* github.com/whyrusleeping/iptb (old rev 3970c95a864f1a40037f796ff596607ce8ae43be) (new rev fa9bbc437fae1c3a9410e7f1bc3dd02f0449279a)
Jeromy (1):
      bootstrap addrs cant be 0.0.0.0

* golang.org/x/crypto (old rev c84e1f8e3a7e322d497cd16c0e8a13c7e127baf3) (new rev ce6bda69189e9f4ff278a5e181691cd695f753ae)
Dmitry Savintsev (1):
      crypto/ssh: fix encoding of ssh certs with critical options

Han-Wen Nienhuys (1):
      x/crypto/ssh: bail early if a server has no auth methods configured.

Joel Sing (1):
      poly1305: fix compilation on arm with go tip

Jungho Ahn (1):
      x/crypto/poly1305: add ARM assembly

KB Sriram (1):
      x/crypto/openpgp: Limit packet recursion depth.

Shenghou Ma (1):
      ocsp: fix test on TZ=UTC systems

datianshi (1):
      ssh: add hmac-sha2-256.

* golang.org/x/net (old rev ff8eb9a34a5cbb9941ffc6f84a19a8014c2646ad) (new rev 589db58a47224e5786650dac2677b9c302bab6c2)
Dave Cheney (1):
      x/net/websocket: always close underlying connection on ws.Close

Ian Lance Taylor (1):
      html/charset/testdata: update licensing info in README

Mikio Hara (4):
      ipv4: fix build on linux/arm64
      ipv6: fix build on linux/arm64
      icmp: more coverage to ping test
      icmp: add missing attribute length check

Nigel Tao (7):
      webdav: skip XML-related tests on Go 1.4.
      webdav: make properties belong to the File(System), not a PropSystem.
      webdav: special-case the propfind_invalid2 litmus test.
      webdav: delete the PropSystem and MemPS types.
      webdav: add StripPrefix.
      webdav: have copyFiles copy dead properties.
      webdav: let DeadPropsHolder.DeadProps return an error.

Robert Stepanek (3):
      webdav: Add PROPPATCH support to in-memory property system.
      webdav: Return HTTP 404 for PROPFIND/PROPPATCH requests on an inexistent     webdav.Dir resource.
      webdav: Simplify handling of Etag and Content-Type headers for GET, HEAD,     POST and PUT requests.

* gopkg.in/natefinch/lumberjack.v2 (old rev d28785c2f27cd682d872df46ccd8232843629f54) (new rev 588a21fb0fa0ebdfde42670fa214576b6f0f22df)
Matt Silverlock (1):
      Fixed import in example test to use gopkg.in.

Nate Finch (2):
      Merge pull request #11 from elithrar/v2.0
      Fix bug #12

cryptix added a commit that referenced this pull request May 30, 2015

godeps: update everything to master
New:

* golang.org/x/text (c93e7c9fff19fb9139b5ab04ce041833add0134e)

* github.com/jackpal/gateway (192609c58b8985e645cbe82ddcb28a4362ca0fdc)

Changed:

* github.com/Sirupsen/logrus (old rev 26709e2714106fb8ad40b773b711ebce25b78914) (new rev 6ba91e24c498b49d0363c723e9e2ab2b5b8fd012)
Alexander F Rødseth (1):
      Terminals on Windows may not have colors

Antoine Grondin (1):
      default logs to stderr

Dotan J. Nahum (1):
      logrus_syslog / syslog - example should now be valid

Madhav Puri (2):
      Fix Fatalf() and Fatalln() to exit irrespective of log level
      Fix Fatal*() function of logger to match the behavior of Fatal*() functions of entry

Matthew Baird (1):
      proper use of TextFormatter in documentation

Philip Allen (4):
      Added Raygun hook.
      Moving raygun hook to its own repositiroy at github.com/squirkle/logrus-raygun-hook
      Merge branch 'master' of https://github.com/Sirupsen/logrus
      removing raygun hook from hooks dir, adding reference in hooks table of main README.md

Simon Eskildsen (12):
      Merge pull request #170 from aybabtme/log-to-stderr
      Merge pull request #177 from xyproto/master
      Merge pull request #178 from mattbaird/patch-1
      Merge pull request #168 from squirkle/master
      Merge pull request #183 from evalphobia/feature/sentry-http-request
      formatter/json: fix possible race
      version: bump to 0.8
      Merge pull request #187 from mapuri/master
      version: bump to 0.8.1
      Merge pull request #188 from mapuri/master
      version: 0.8.2
      Merge pull request #189 from jondot/patch-1

evalphobia (1):
      Added special field for *http.Request to Sentry hook

* github.com/cenkalti/backoff (old rev 9831e1e25c874e0a0601b6dc43641071414eec7a) (new rev 6c45d6bc1e78d94431dff8fc28a99f20bafa355a)
Cenk Alti (1):
      fix #14

* github.com/cheggaaa/pb (old rev e8c7cc515bfde3e267957a3b110080ceed51354e) (new rev d7729fd7ec1372c15b83db39834bf842bf2d69fb)
Andrew Sutherland (4):
      just return ourselves on chainable methods
      use channel to trigger isFinished
      make units type safe
      dont panic on multiple Finish calls

Andrey Smirnov (1):
      Fix the data race on pb.isFinish member.

Frederick F. Kautz IV (1):
      Running gofmt, no semantic changes.

Fábio Gomes (1):
      Adds Set64 func to set the current value as int64

Sergey Cherepanov (8):
      netbsd support
      Merge pull request #34 from smira/master
      Merge pull request #35 from nixxquality/patch-1
      Merge pull request #36 from fkautz/pr_out_running_gofmt_no_semantic_changes
      Merge pull request #37 from drewis/forupstream
      Merge pull request #38 from monde-sistemas/master
      correct speed when start value not 0
      return object for a chain calling

nixxquality (1):
      Fix typo

* github.com/crowdmob/goamz/aws (old rev 82345796204222aa56be89cf930c316b1297f906) (new rev 3a06871fe9fc0281ca90f3a7d97258d042ed64c0)
Adrien Bustany (2):
      s3: Retry on url.Error too
      s3test: Implement MultiDel support

Ali Moeeny (4):
      Merge pull request #324 from abustany/s3-retry-url-error
      Merge pull request #329 from richarddbarnett/master
      Merge pull request #330 from abustany/s3test-multidel
      Merge pull request #331 from AndreyKostov/master

Andrey Kostov (1):
      Fix signed urls for s3 with v4 auth and IAM roles

Matthew Moore (1):
      Update README.md

Richard Barnett (1):
      Add Kinesis endpoint for us-west-1

* github.com/crowdmob/goamz/s3 (old rev 82345796204222aa56be89cf930c316b1297f906) (new rev 3a06871fe9fc0281ca90f3a7d97258d042ed64c0)
Adrien Bustany (2):
      s3: Retry on url.Error too
      s3test: Implement MultiDel support

Ali Moeeny (4):
      Merge pull request #324 from abustany/s3-retry-url-error
      Merge pull request #329 from richarddbarnett/master
      Merge pull request #330 from abustany/s3test-multidel
      Merge pull request #331 from AndreyKostov/master

Andrey Kostov (1):
      Fix signed urls for s3 with v4 auth and IAM roles

Matthew Moore (1):
      Update README.md

Richard Barnett (1):
      Add Kinesis endpoint for us-west-1

* github.com/fd/go-nat (old rev 50e7633d5f27d81490026a13e5b92d2e42d8c6bb) (new rev dcaf50131e4810440bed2cbb6f7f32c4f4cc95dd)
Simon Menke (1):
      Using github.com/jackpal/gateway to discover NAT-PMP/PCP gateways

* github.com/fzzy/radix/redis (old rev 27a863cdffdb0998d13e1e11992b18489aeeaa25) (new rev 031cc11e9800a2626ee2ae629655a922b630a07d)
Brian Picciano (19):
      make cluster package thread-safe
      CHANGELOG
      update READMEs to have references to cluster
      throttle Reset calls in cluster
      change how options are passed around in cluster, and fix throttle
      CHANGELOG
      add a Pattern field to SubReply
      make DialTimeout actually use DialTimeout (requested by #53)
      fix bugs in cluster which prevented proper failover handling
      make cluster.getConn attempt to make the pool in question to better handle failover cases, also simplify moved logic a bit
      fix cluster test to handle the Reset throttle properly
      CHANGELOG
      refactor resp writing to not create an intermediate buffer and just write directly to the io.Writer
      small formatting fixes
      optimize flattening in resp to not create as many intermediate data structures
      refactor resp writing even further by making conn have a writeBuffer pre-allocated which resp simply appends to
      update cluster tests for newest testify code
      CHANGELOG
      CHANGELOG

Victor (1):
      add Reply.Float64() method

* github.com/gogo/protobuf (old rev 0ac967c269268f1af7d9bcc7927ccc9a589b2b36) (new rev b9e369e8ffb6773efc654ea13594566404314ee1)
Anton Povarov (1):
      simpler and more computationally efficient solution

Dwayne Schultz (4):
      Add checks in marshal/unmarshal for presence of required fields
      Improve compatibility
      Revert "Improve compatibility"
      Use import helper

Georg Apitz (2):
      Apply @anton-povarov's patch for bitmasks for missing required fields
      Add test for nested NinOptNative

John Tuley (11):
      Update artifacts from `make all`
      Test using `Marshal` instead of `MarshalTo`
      Use `proto.Marshal`/`proto.Unmarshal`
      Move NewRequiredNotSetError to encode_gogo.go
      Restore permissions on protoc-gen-gogo/main.go
      Remove empty lines
      Remove empty lines
      Check marshal error in requiredexamplepb_test.go
      Merge remote-tracking branch 'gogo/master'
      Add test for unmarshalling populated optional fields as required
      Add tests for required fields

Tamir Duberstein (1):
      Generate errcheck-passing code

Walter Schulze (4):
      regenerated code
      Merge pull request #51 from tamird/errcheck
      fixed errcheck for old protoc versions
      Merge pull request #48 from jmtuley/master

* github.com/hashicorp/golang-lru (old rev 253b2dc1ca8bae42c3b5b6e53dd2eab1a7551116) (new rev 995efda3e073b6946b175ed93901d729ad47466a)
Alexander Gugel (1):
      Add Contains, Peek

Armon Dadgar (6):
      Merge pull request #3 from blopker/master
      Merge pull request #4 from mreid-moz/add_onevict
      Merge pull request #6 from client9/master
      Merge pull request #8 from sciolizer/keys-order
      Merge pull request #10 from alexanderGugel/has-peek
      Merge pull request #12 from dkumor/master

Bo Lopker (1):
      Add RWMutex for read-only functions

Daniel Kumor (2):
      Fixed onEvict bug for Purge
      Added test for onEvicted interface value

Joshua Ball (1):
      Keys() preserves order

Kyle Kelley (1):
      fmt.Sprintf inside panic call

Mark Reid (6):
      Add an 'onEvict' function called when an element is removed.
      Export the "OnEvicted" function.
      Stop exposing the internals for eviction.
      Take a single lock to purge the cache.
      Purge in the correct LRU order.
      Call the evict function, then reset the cache.

Nick Galbreath (2):
      change Add method to return bool on eviction
      gofmt cleanup

Ryan Uber (1):
      Merge pull request #2 from rgbkrk/patch-1

* github.com/hashicorp/yamux (old rev 9feabe6854fadca1abec9cd3bd2a613fe9a34000) (new rev b2e55852ddaf823a85c67f798080eb7d08acd71d)
Armon Dadgar (5):
      Prevent Read on a closed stream
      Adding NumStreams to query open stream count
      Prevent deadlock with closeStream race
      Session close waits for receive loop to terminate
      Adding backpressure to Open to avoid RST

* github.com/howeyc/fsnotify (old rev 6b1ef893dc11e0447abda6da20a5203481878dda) (new rev 4894fe7efedeeef21891033e1cce3b23b9af7ad2)
Chris Howey (1):
      Merge pull request #109 from missdeer/master

Fan Yang (2):
      Update fsnotify_bsd.go
      Update fsnotify_open_bsd.go

* github.com/huin/goupnp (old rev 223008361153d7d434c1f0ac990cd3fcae6931f5) (new rev c57ae84388ab59076fd547f1abeab71c2edb0a21)
Felix Lange (1):
      soap: quote action names in header

Huin (1):
      Fix CharsetReader creation.

Jianfei Wang (1):
      support xml encoding other than utf-8

John Beisley (2):
      Merge branch 'fjl-soap-quote'
      Merge branch 'thinxer-master'

* github.com/jackpal/go-nat-pmp (old rev a45aa3d54aef73b504e15eb71bea0e5565b5e6e1) (new rev 46523a463303c6ede3ddfe45bde1c7ed52ebaacd)
Jack Palevich (1):
      Add NewClientForDefaultGateway, test of same.

* github.com/jbenet/go-peerstream (old rev 8d52ed2801410a2af995b4e87660272d11c8a9a4) (new rev 675a5da7e3500d73c2edc84565d6c46b540ad1b4)
Brian Tiger Chow (1):
      Update listener.go

Juan Batiz-Benet (1):
      Merge pull request #7 from briantigerchow/patch-1

* github.com/kardianos/osext (old rev 8fef92e41e22a70e700a96b29f066cda30ea24ef) (new rev 6e7f843663477789fac7c02def0d0909e969b4e5)
Daniel Theophanes (2):
      osext: do not return trailing slash in folder path.
      osext: state in readme that args[0] doesn't always work.

* github.com/miekg/dns (old rev 82ffc45b1f84ff71bd1cebed8b210118ce3d181e) (new rev bb1103f648f811d2018d4bedcb2d4b2bce34a0f1)
Alex Sergeyev (6):
      Issue with TLSA parsing identified
      Fixed SSHFP parsing when multiple lines used for text representation.
      Updated NSAP support according to RFC1706
      Fixed reversed logic.
      Support for almost all possible ways to format HINFO record
      Added comment to commented-out testcase

Mart Roosmaa (1):
      Use algorithm number to determine private key type.

Michael Haro (3):
      Check that the query ID matches the answer ID.
      Keep Exchange as it was, but still check ID.
      Cleanup Client.exchange

Miek Gieben (10):
      Merge pull request #207 from roosmaa/keyparse
      Merge pull request #208 from michaelharo/checkid
      Merge pull request #209 from michaelharo/client
      Merge commit '627287e675fb79f57928f77fbfae24abe15ed58b' into tlsa
      Playing with TLSA records
      Fix off-by-one on the maxTok and maxCom check
      Add TLSA parsing tests
      Check the l.err token errors
      Merge pull request #211 from miekg/tlsa
      Merge pull request #212 from asergeyev/master

* github.com/syndtr/goleveldb/leveldb (old rev 4875955338b0a434238a31165cb87255ab6e9e4a) (new rev 315fcfb05d4d46d4354b313d146ef688dda272a9)
Suryandaru Triandana (6):
      Merge pull request #106 from restlessbandit/getprop-errors
      leveldb: allows disabling buffer pool
      manualtest/dbstress: disable block cache and buffer pool by default
      memdb: use named constant instead of integer literal and Reset now holds lock
      leveldb: cleanup DB.recoverJournal(), memdb, session record and split session.go
      leveldb: allows open or puts DB into read-only mode (closes #107)

Travis J Parker (1):
      uses a public API error that can be compared against for invalid property names

* github.com/whyrusleeping/iptb (old rev 3970c95a864f1a40037f796ff596607ce8ae43be) (new rev fa9bbc437fae1c3a9410e7f1bc3dd02f0449279a)
Jeromy (1):
      bootstrap addrs cant be 0.0.0.0

* golang.org/x/crypto (old rev c84e1f8e3a7e322d497cd16c0e8a13c7e127baf3) (new rev ce6bda69189e9f4ff278a5e181691cd695f753ae)
Dmitry Savintsev (1):
      crypto/ssh: fix encoding of ssh certs with critical options

Han-Wen Nienhuys (1):
      x/crypto/ssh: bail early if a server has no auth methods configured.

Joel Sing (1):
      poly1305: fix compilation on arm with go tip

Jungho Ahn (1):
      x/crypto/poly1305: add ARM assembly

KB Sriram (1):
      x/crypto/openpgp: Limit packet recursion depth.

Shenghou Ma (1):
      ocsp: fix test on TZ=UTC systems

datianshi (1):
      ssh: add hmac-sha2-256.

* golang.org/x/net (old rev ff8eb9a34a5cbb9941ffc6f84a19a8014c2646ad) (new rev 589db58a47224e5786650dac2677b9c302bab6c2)
Dave Cheney (1):
      x/net/websocket: always close underlying connection on ws.Close

Ian Lance Taylor (1):
      html/charset/testdata: update licensing info in README

Mikio Hara (4):
      ipv4: fix build on linux/arm64
      ipv6: fix build on linux/arm64
      icmp: more coverage to ping test
      icmp: add missing attribute length check

Nigel Tao (7):
      webdav: skip XML-related tests on Go 1.4.
      webdav: make properties belong to the File(System), not a PropSystem.
      webdav: special-case the propfind_invalid2 litmus test.
      webdav: delete the PropSystem and MemPS types.
      webdav: add StripPrefix.
      webdav: have copyFiles copy dead properties.
      webdav: let DeadPropsHolder.DeadProps return an error.

Robert Stepanek (3):
      webdav: Add PROPPATCH support to in-memory property system.
      webdav: Return HTTP 404 for PROPFIND/PROPPATCH requests on an inexistent     webdav.Dir resource.
      webdav: Simplify handling of Etag and Content-Type headers for GET, HEAD,     POST and PUT requests.

* gopkg.in/natefinch/lumberjack.v2 (old rev d28785c2f27cd682d872df46ccd8232843629f54) (new rev 588a21fb0fa0ebdfde42670fa214576b6f0f22df)
Matt Silverlock (1):
      Fixed import in example test to use gopkg.in.

Nate Finch (2):
      Merge pull request #11 from elithrar/v2.0
      Fix bug #12

cryptix added a commit that referenced this pull request May 31, 2015

godeps: update everything to master
New:

* golang.org/x/text (c93e7c9fff19fb9139b5ab04ce041833add0134e)

* github.com/jackpal/gateway (192609c58b8985e645cbe82ddcb28a4362ca0fdc)

Changed:

* github.com/Sirupsen/logrus (old rev 26709e2714106fb8ad40b773b711ebce25b78914) (new rev 6ba91e24c498b49d0363c723e9e2ab2b5b8fd012)
Alexander F Rødseth (1):
      Terminals on Windows may not have colors

Antoine Grondin (1):
      default logs to stderr

Dotan J. Nahum (1):
      logrus_syslog / syslog - example should now be valid

Madhav Puri (2):
      Fix Fatalf() and Fatalln() to exit irrespective of log level
      Fix Fatal*() function of logger to match the behavior of Fatal*() functions of entry

Matthew Baird (1):
      proper use of TextFormatter in documentation

Philip Allen (4):
      Added Raygun hook.
      Moving raygun hook to its own repositiroy at github.com/squirkle/logrus-raygun-hook
      Merge branch 'master' of https://github.com/Sirupsen/logrus
      removing raygun hook from hooks dir, adding reference in hooks table of main README.md

Simon Eskildsen (12):
      Merge pull request #170 from aybabtme/log-to-stderr
      Merge pull request #177 from xyproto/master
      Merge pull request #178 from mattbaird/patch-1
      Merge pull request #168 from squirkle/master
      Merge pull request #183 from evalphobia/feature/sentry-http-request
      formatter/json: fix possible race
      version: bump to 0.8
      Merge pull request #187 from mapuri/master
      version: bump to 0.8.1
      Merge pull request #188 from mapuri/master
      version: 0.8.2
      Merge pull request #189 from jondot/patch-1

evalphobia (1):
      Added special field for *http.Request to Sentry hook

* github.com/cenkalti/backoff (old rev 9831e1e25c874e0a0601b6dc43641071414eec7a) (new rev 6c45d6bc1e78d94431dff8fc28a99f20bafa355a)
Cenk Alti (1):
      fix #14

* github.com/cheggaaa/pb (old rev e8c7cc515bfde3e267957a3b110080ceed51354e) (new rev d7729fd7ec1372c15b83db39834bf842bf2d69fb)
Andrew Sutherland (4):
      just return ourselves on chainable methods
      use channel to trigger isFinished
      make units type safe
      dont panic on multiple Finish calls

Andrey Smirnov (1):
      Fix the data race on pb.isFinish member.

Frederick F. Kautz IV (1):
      Running gofmt, no semantic changes.

Fábio Gomes (1):
      Adds Set64 func to set the current value as int64

Sergey Cherepanov (8):
      netbsd support
      Merge pull request #34 from smira/master
      Merge pull request #35 from nixxquality/patch-1
      Merge pull request #36 from fkautz/pr_out_running_gofmt_no_semantic_changes
      Merge pull request #37 from drewis/forupstream
      Merge pull request #38 from monde-sistemas/master
      correct speed when start value not 0
      return object for a chain calling

nixxquality (1):
      Fix typo

* github.com/crowdmob/goamz/aws (old rev 82345796204222aa56be89cf930c316b1297f906) (new rev 3a06871fe9fc0281ca90f3a7d97258d042ed64c0)
Adrien Bustany (2):
      s3: Retry on url.Error too
      s3test: Implement MultiDel support

Ali Moeeny (4):
      Merge pull request #324 from abustany/s3-retry-url-error
      Merge pull request #329 from richarddbarnett/master
      Merge pull request #330 from abustany/s3test-multidel
      Merge pull request #331 from AndreyKostov/master

Andrey Kostov (1):
      Fix signed urls for s3 with v4 auth and IAM roles

Matthew Moore (1):
      Update README.md

Richard Barnett (1):
      Add Kinesis endpoint for us-west-1

* github.com/crowdmob/goamz/s3 (old rev 82345796204222aa56be89cf930c316b1297f906) (new rev 3a06871fe9fc0281ca90f3a7d97258d042ed64c0)
Adrien Bustany (2):
      s3: Retry on url.Error too
      s3test: Implement MultiDel support

Ali Moeeny (4):
      Merge pull request #324 from abustany/s3-retry-url-error
      Merge pull request #329 from richarddbarnett/master
      Merge pull request #330 from abustany/s3test-multidel
      Merge pull request #331 from AndreyKostov/master

Andrey Kostov (1):
      Fix signed urls for s3 with v4 auth and IAM roles

Matthew Moore (1):
      Update README.md

Richard Barnett (1):
      Add Kinesis endpoint for us-west-1

* github.com/fd/go-nat (old rev 50e7633d5f27d81490026a13e5b92d2e42d8c6bb) (new rev dcaf50131e4810440bed2cbb6f7f32c4f4cc95dd)
Simon Menke (1):
      Using github.com/jackpal/gateway to discover NAT-PMP/PCP gateways

* github.com/fzzy/radix/redis (old rev 27a863cdffdb0998d13e1e11992b18489aeeaa25) (new rev 031cc11e9800a2626ee2ae629655a922b630a07d)
Brian Picciano (19):
      make cluster package thread-safe
      CHANGELOG
      update READMEs to have references to cluster
      throttle Reset calls in cluster
      change how options are passed around in cluster, and fix throttle
      CHANGELOG
      add a Pattern field to SubReply
      make DialTimeout actually use DialTimeout (requested by #53)
      fix bugs in cluster which prevented proper failover handling
      make cluster.getConn attempt to make the pool in question to better handle failover cases, also simplify moved logic a bit
      fix cluster test to handle the Reset throttle properly
      CHANGELOG
      refactor resp writing to not create an intermediate buffer and just write directly to the io.Writer
      small formatting fixes
      optimize flattening in resp to not create as many intermediate data structures
      refactor resp writing even further by making conn have a writeBuffer pre-allocated which resp simply appends to
      update cluster tests for newest testify code
      CHANGELOG
      CHANGELOG

Victor (1):
      add Reply.Float64() method

* github.com/gogo/protobuf (old rev 0ac967c269268f1af7d9bcc7927ccc9a589b2b36) (new rev b9e369e8ffb6773efc654ea13594566404314ee1)
Anton Povarov (1):
      simpler and more computationally efficient solution

Dwayne Schultz (4):
      Add checks in marshal/unmarshal for presence of required fields
      Improve compatibility
      Revert "Improve compatibility"
      Use import helper

Georg Apitz (2):
      Apply @anton-povarov's patch for bitmasks for missing required fields
      Add test for nested NinOptNative

John Tuley (11):
      Update artifacts from `make all`
      Test using `Marshal` instead of `MarshalTo`
      Use `proto.Marshal`/`proto.Unmarshal`
      Move NewRequiredNotSetError to encode_gogo.go
      Restore permissions on protoc-gen-gogo/main.go
      Remove empty lines
      Remove empty lines
      Check marshal error in requiredexamplepb_test.go
      Merge remote-tracking branch 'gogo/master'
      Add test for unmarshalling populated optional fields as required
      Add tests for required fields

Tamir Duberstein (1):
      Generate errcheck-passing code

Walter Schulze (4):
      regenerated code
      Merge pull request #51 from tamird/errcheck
      fixed errcheck for old protoc versions
      Merge pull request #48 from jmtuley/master

* github.com/hashicorp/golang-lru (old rev 253b2dc1ca8bae42c3b5b6e53dd2eab1a7551116) (new rev 995efda3e073b6946b175ed93901d729ad47466a)
Alexander Gugel (1):
      Add Contains, Peek

Armon Dadgar (6):
      Merge pull request #3 from blopker/master
      Merge pull request #4 from mreid-moz/add_onevict
      Merge pull request #6 from client9/master
      Merge pull request #8 from sciolizer/keys-order
      Merge pull request #10 from alexanderGugel/has-peek
      Merge pull request #12 from dkumor/master

Bo Lopker (1):
      Add RWMutex for read-only functions

Daniel Kumor (2):
      Fixed onEvict bug for Purge
      Added test for onEvicted interface value

Joshua Ball (1):
      Keys() preserves order

Kyle Kelley (1):
      fmt.Sprintf inside panic call

Mark Reid (6):
      Add an 'onEvict' function called when an element is removed.
      Export the "OnEvicted" function.
      Stop exposing the internals for eviction.
      Take a single lock to purge the cache.
      Purge in the correct LRU order.
      Call the evict function, then reset the cache.

Nick Galbreath (2):
      change Add method to return bool on eviction
      gofmt cleanup

Ryan Uber (1):
      Merge pull request #2 from rgbkrk/patch-1

* github.com/hashicorp/yamux (old rev 9feabe6854fadca1abec9cd3bd2a613fe9a34000) (new rev b2e55852ddaf823a85c67f798080eb7d08acd71d)
Armon Dadgar (5):
      Prevent Read on a closed stream
      Adding NumStreams to query open stream count
      Prevent deadlock with closeStream race
      Session close waits for receive loop to terminate
      Adding backpressure to Open to avoid RST

* github.com/howeyc/fsnotify (old rev 6b1ef893dc11e0447abda6da20a5203481878dda) (new rev 4894fe7efedeeef21891033e1cce3b23b9af7ad2)
Chris Howey (1):
      Merge pull request #109 from missdeer/master

Fan Yang (2):
      Update fsnotify_bsd.go
      Update fsnotify_open_bsd.go

* github.com/huin/goupnp (old rev 223008361153d7d434c1f0ac990cd3fcae6931f5) (new rev c57ae84388ab59076fd547f1abeab71c2edb0a21)
Felix Lange (1):
      soap: quote action names in header

Huin (1):
      Fix CharsetReader creation.

Jianfei Wang (1):
      support xml encoding other than utf-8

John Beisley (2):
      Merge branch 'fjl-soap-quote'
      Merge branch 'thinxer-master'

* github.com/jackpal/go-nat-pmp (old rev a45aa3d54aef73b504e15eb71bea0e5565b5e6e1) (new rev 46523a463303c6ede3ddfe45bde1c7ed52ebaacd)
Jack Palevich (1):
      Add NewClientForDefaultGateway, test of same.

* github.com/jbenet/go-peerstream (old rev 8d52ed2801410a2af995b4e87660272d11c8a9a4) (new rev 675a5da7e3500d73c2edc84565d6c46b540ad1b4)
Brian Tiger Chow (1):
      Update listener.go

Juan Batiz-Benet (1):
      Merge pull request #7 from briantigerchow/patch-1

* github.com/kardianos/osext (old rev 8fef92e41e22a70e700a96b29f066cda30ea24ef) (new rev 6e7f843663477789fac7c02def0d0909e969b4e5)
Daniel Theophanes (2):
      osext: do not return trailing slash in folder path.
      osext: state in readme that args[0] doesn't always work.

* github.com/miekg/dns (old rev 82ffc45b1f84ff71bd1cebed8b210118ce3d181e) (new rev bb1103f648f811d2018d4bedcb2d4b2bce34a0f1)
Alex Sergeyev (6):
      Issue with TLSA parsing identified
      Fixed SSHFP parsing when multiple lines used for text representation.
      Updated NSAP support according to RFC1706
      Fixed reversed logic.
      Support for almost all possible ways to format HINFO record
      Added comment to commented-out testcase

Mart Roosmaa (1):
      Use algorithm number to determine private key type.

Michael Haro (3):
      Check that the query ID matches the answer ID.
      Keep Exchange as it was, but still check ID.
      Cleanup Client.exchange

Miek Gieben (10):
      Merge pull request #207 from roosmaa/keyparse
      Merge pull request #208 from michaelharo/checkid
      Merge pull request #209 from michaelharo/client
      Merge commit '627287e675fb79f57928f77fbfae24abe15ed58b' into tlsa
      Playing with TLSA records
      Fix off-by-one on the maxTok and maxCom check
      Add TLSA parsing tests
      Check the l.err token errors
      Merge pull request #211 from miekg/tlsa
      Merge pull request #212 from asergeyev/master

* github.com/syndtr/goleveldb/leveldb (old rev 4875955338b0a434238a31165cb87255ab6e9e4a) (new rev 315fcfb05d4d46d4354b313d146ef688dda272a9)
Suryandaru Triandana (6):
      Merge pull request #106 from restlessbandit/getprop-errors
      leveldb: allows disabling buffer pool
      manualtest/dbstress: disable block cache and buffer pool by default
      memdb: use named constant instead of integer literal and Reset now holds lock
      leveldb: cleanup DB.recoverJournal(), memdb, session record and split session.go
      leveldb: allows open or puts DB into read-only mode (closes #107)

Travis J Parker (1):
      uses a public API error that can be compared against for invalid property names

* github.com/whyrusleeping/iptb (old rev 3970c95a864f1a40037f796ff596607ce8ae43be) (new rev fa9bbc437fae1c3a9410e7f1bc3dd02f0449279a)
Jeromy (1):
      bootstrap addrs cant be 0.0.0.0

* golang.org/x/crypto (old rev c84e1f8e3a7e322d497cd16c0e8a13c7e127baf3) (new rev ce6bda69189e9f4ff278a5e181691cd695f753ae)
Dmitry Savintsev (1):
      crypto/ssh: fix encoding of ssh certs with critical options

Han-Wen Nienhuys (1):
      x/crypto/ssh: bail early if a server has no auth methods configured.

Joel Sing (1):
      poly1305: fix compilation on arm with go tip

Jungho Ahn (1):
      x/crypto/poly1305: add ARM assembly

KB Sriram (1):
      x/crypto/openpgp: Limit packet recursion depth.

Shenghou Ma (1):
      ocsp: fix test on TZ=UTC systems

datianshi (1):
      ssh: add hmac-sha2-256.

* golang.org/x/net (old rev ff8eb9a34a5cbb9941ffc6f84a19a8014c2646ad) (new rev 589db58a47224e5786650dac2677b9c302bab6c2)
Dave Cheney (1):
      x/net/websocket: always close underlying connection on ws.Close

Ian Lance Taylor (1):
      html/charset/testdata: update licensing info in README

Mikio Hara (4):
      ipv4: fix build on linux/arm64
      ipv6: fix build on linux/arm64
      icmp: more coverage to ping test
      icmp: add missing attribute length check

Nigel Tao (7):
      webdav: skip XML-related tests on Go 1.4.
      webdav: make properties belong to the File(System), not a PropSystem.
      webdav: special-case the propfind_invalid2 litmus test.
      webdav: delete the PropSystem and MemPS types.
      webdav: add StripPrefix.
      webdav: have copyFiles copy dead properties.
      webdav: let DeadPropsHolder.DeadProps return an error.

Robert Stepanek (3):
      webdav: Add PROPPATCH support to in-memory property system.
      webdav: Return HTTP 404 for PROPFIND/PROPPATCH requests on an inexistent     webdav.Dir resource.
      webdav: Simplify handling of Etag and Content-Type headers for GET, HEAD,     POST and PUT requests.

* gopkg.in/natefinch/lumberjack.v2 (old rev d28785c2f27cd682d872df46ccd8232843629f54) (new rev 588a21fb0fa0ebdfde42670fa214576b6f0f22df)
Matt Silverlock (1):
      Fixed import in example test to use gopkg.in.

Nate Finch (2):
      Merge pull request #11 from elithrar/v2.0
      Fix bug #12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment