From 772228ef613bb6be255e0fdc06a54551fdf7bae6 Mon Sep 17 00:00:00 2001 From: AlmaLinux RelEng Bot Date: Mon, 30 Mar 2026 10:43:01 -0400 Subject: [PATCH] import CS linux-sgx-2.26-7.el9 --- .gitignore | 15 +- .linux-sgx.metadata | 15 +- ...building-against-host-openssl-crypto.patch | 16 +- ...r-building-against-host-tinyxml2-lib.patch | 12 +- ...building-against-host-CppMicroServic.patch | 8 +- SOURCES/0003-Improve-make-debuggability.patch | 16 +- ...-disabling-use-of-git-for-ippcp-code.patch | 10 +- ...penmp-protobuf-sample_crypto-builds.patch} | 112 +- SOURCES/0006-Fix-compat-with-gcc-14.patch | 24 +- ...ix-escaping-of-regexes-in-sgx-asm-pp.patch | 6 +- ...-Disable-use-of-bogus-DEF_WEAK-macro.patch | 30 - ...r-dev-sgx_provision-dev-sgx_enclave.patch} | 8 +- ...emove-all-references-to-pccs-service.patch | 497 -- ...oname-for-libuae_service.so-library.patch} | 6 +- ...l-remove-redundant-use-of-bool-type.patch} | 6 +- ...CFLAGS-LDFLAGS-set-from-environment.patch} | 14 +- ...psw-make-aesm_service-build-verbose.patch} | 6 +- ...ern-C-function-prototype-compliance.patch} | 6 +- ...rapper-for-nasm-to-fix-cmake-compat.patch} | 8 +- ...0015-fix-BOM-for-pccs-with-DCAP-1.23.patch | 72 + ...sable-inclusion-of-AESM-in-installer.patch | 14 +- ...rop-use-of-bundled-pre-built-openssl.patch | 18 +- ...mprove-debuggability-of-build-system.patch | 20 +- ...me-setting-of-enclave-load-directory.patch | 30 +- ...ed-sgx_urts-library-in-PCKRetrievalT.patch | 8 +- ...only-import-pypac-module-on-Windows.patch} | 26 +- ...-PCKRetrievalTool-config-file-in-etc.patch | 8 +- ...XFLAGS-LDFLAGS-for-various-tools-and.patch | 26 +- ...tween-program-name-first-arg-in-usag.patch | 8 +- ...nst-format-strings-in-QL-log-message.patch | 8 +- ...d-debug-parameter-to-control-logging.patch | 14 +- ...-leftover-debugging-print-args-state.patch | 8 +- ...sion-for-libsgx_qe3_logic.so-library.patch | 20 +- SOURCES/0112-Workaround-broken-GCC-15.patch | 8 +- ...-Don-t-disable-cf-protection-for-qgs.patch | 8 +- ...ecks-for-GCC-version-that-break-fsta.patch | 26 +- ...0116-Don-t-stomp-on-VERBOSE-variable.patch | 8 +- ...-MODE-parameter-for-UNIX-socket-mode.patch | 8 +- ...pccs-sanitize-paths-to-all-resources.patch | 108 + ...9-pccs-only-pass-ApiKey-if-it-is-set.patch | 71 + ...csadmin-make-keyring-module-optional.patch | 104 + ...rt-from-asn1-to-pyasn1-python-module.patch | 341 ++ ...switch-to-pycryptography-for-CRL-ver.patch | 67 + ...re-of-pycryptography-instead-of-pyop.patch | 178 + ...prefer-pycryptography-over-pyopenssl.patch | 104 + ...llback-for-when-pyopenssl-is-not-ava.patch | 75 + ...e-errors-trying-to-clear-the-keyring.patch | 120 + ...Migrate-from-deprecated-pkg_resource.patch | 51 + ...or-boost-1.87-which-drops-asio-io_se.patch | 44 + ...or-boost-1.89-which-deprecated-deadl.patch | 36 + ...-2.1.2-to-2.1.3-in-QuoteGeneration-p.patch | 46 + ...and-morgan-in-QuoteGeneration-pccs-4.patch | 102 + ...sion-from-1.1.11-to-1.1.12-in-QuoteG.patch | 47 + ...-2.1.3-to-2.1.4-in-QuoteGeneration-p.patch | 45 + ...dependencies-updated-to-latest-minor.patch | 4122 +++++++++++++++++ ...-override-tar-module-to-7.0.0-series.patch | 217 + ...me-of-input-file-for-cache-command-i.patch | 30 + ...sgxssl-build-to-alternative-glibc-he.patch | 24 +- ...-Workaround-missing-output-directory.patch | 10 +- ...2-Disable-various-EC-crypto-features.patch | 10 +- ...isable-sm2-and-sm4-crypto-algorithms.patch | 37 +- SOURCES/pccs-node-ffi-rs-bundler | 33 + SOURCES/pccs-nodejs-bundler | 55 + SOURCES/pccs.service | 23 + SOURCES/pccs.sysusers.conf | 1 + SPECS/linux-sgx.spec | 410 +- 66 files changed, 6705 insertions(+), 959 deletions(-) rename SOURCES/{0005-disable-openmp-protobuf-mbedtls-sample_crypto-builds.patch => 0005-disable-openmp-protobuf-sample_crypto-builds.patch} (89%) delete mode 100644 SOURCES/0008-Disable-use-of-bogus-DEF_WEAK-macro.patch rename SOURCES/{0010-psw-prefer-dev-sgx_provision-dev-sgx_enclave.patch => 0008-psw-prefer-dev-sgx_provision-dev-sgx_enclave.patch} (94%) delete mode 100644 SOURCES/0009-Remove-all-references-to-pccs-service.patch rename SOURCES/{0011-psw-fix-soname-for-libuae_service.so-library.patch => 0009-psw-fix-soname-for-libuae_service.so-library.patch} (90%) rename SOURCES/{0012-pcl-remove-redundant-use-of-bool-type.patch => 0010-pcl-remove-redundant-use-of-bool-type.patch} (91%) rename SOURCES/{0013-sdk-honour-CFLAGS-LDFLAGS-set-from-environment.patch => 0011-sdk-honour-CFLAGS-LDFLAGS-set-from-environment.patch} (93%) rename SOURCES/{0014-psw-make-aesm_service-build-verbose.patch => 0012-psw-make-aesm_service-build-verbose.patch} (86%) rename SOURCES/{0015-Fix-modern-C-function-prototype-compliance.patch => 0013-Fix-modern-C-function-prototype-compliance.patch} (93%) rename SOURCES/{0016-Add-wrapper-for-nasm-to-fix-cmake-compat.patch => 0014-Add-wrapper-for-nasm-to-fix-cmake-compat.patch} (93%) create mode 100644 SOURCES/0015-fix-BOM-for-pccs-with-DCAP-1.23.patch rename SOURCES/{0104-Don-t-import-pypac-in-pccsadmin.patch => 0104-pccsadmin-only-import-pypac-module-on-Windows.patch} (52%) create mode 100644 SOURCES/0118-pccs-sanitize-paths-to-all-resources.patch create mode 100644 SOURCES/0119-pccs-only-pass-ApiKey-if-it-is-set.patch create mode 100644 SOURCES/0120-pccsadmin-make-keyring-module-optional.patch create mode 100644 SOURCES/0121-pccsadmin-convert-from-asn1-to-pyasn1-python-module.patch create mode 100644 SOURCES/0122-pccsadmin-fully-switch-to-pycryptography-for-CRL-ver.patch create mode 100644 SOURCES/0123-pccsadmin-use-more-of-pycryptography-instead-of-pyop.patch create mode 100644 SOURCES/0124-pccsadmin-prefer-pycryptography-over-pyopenssl.patch create mode 100644 SOURCES/0125-pccsadmin-add-fallback-for-when-pyopenssl-is-not-ava.patch create mode 100644 SOURCES/0126-pccsadmin-ignore-errors-trying-to-clear-the-keyring.patch create mode 100644 SOURCES/0127-PCS-Client-Tool-Migrate-from-deprecated-pkg_resource.patch create mode 100644 SOURCES/0128-qgs-add-compat-for-boost-1.87-which-drops-asio-io_se.patch create mode 100644 SOURCES/0129-qgs-add-compat-for-boost-1.89-which-deprecated-deadl.patch create mode 100644 SOURCES/0130-Bump-tar-fs-from-2.1.2-to-2.1.3-in-QuoteGeneration-p.patch create mode 100644 SOURCES/0131-Bump-on-headers-and-morgan-in-QuoteGeneration-pccs-4.patch create mode 100644 SOURCES/0132-Bump-brace-expansion-from-1.1.11-to-1.1.12-in-QuoteG.patch create mode 100644 SOURCES/0133-Bump-tar-fs-from-2.1.3-to-2.1.4-in-QuoteGeneration-p.patch create mode 100644 SOURCES/0134-PCCS-dependencies-updated-to-latest-minor.patch create mode 100644 SOURCES/0135-pccs-force-override-tar-module-to-7.0.0-series.patch create mode 100644 SOURCES/0136-pccsadmin-fix-name-of-input-file-for-cache-command-i.patch create mode 100755 SOURCES/pccs-node-ffi-rs-bundler create mode 100755 SOURCES/pccs-nodejs-bundler create mode 100644 SOURCES/pccs.service create mode 100644 SOURCES/pccs.sysusers.conf diff --git a/.gitignore b/.gitignore index 5f279c1..5f3e1c4 100644 --- a/.gitignore +++ b/.gitignore @@ -1,13 +1,16 @@ +SOURCES/DCAP_1.23.tar.gz +SOURCES/dcap-1.23-20260204-pccs-node-modules.tar.xz SOURCES/dcap-qvl-1.21.tar.gz SOURCES/dcap-qvs-1.1.0-2885.tar.gz -SOURCES/dcap_1.22_reproducible.tar.gz -SOURCES/intel-sgx-ssl-3.0_Rev4.tar.gz +SOURCES/intel-sgx-ssl-3.1.6_Rev1.tar.gz SOURCES/ippcp_2021.12.1.tar.gz SOURCES/jwt-cpp-0.6.0.tar.gz SOURCES/libcbor-0.10.2.tar.gz -SOURCES/linux-sgx-2.25-reproducible.tar.gz -SOURCES/openssl-3.0.14.tar.gz -SOURCES/prebuilt_dcap_1.22-repacked.tar.gz +SOURCES/linux-sgx-2.26.tar.gz +SOURCES/node-ffi-rs-1.2.6-vendor.tar.gz +SOURCES/node-ffi-rs-1.2.6.tar.gz +SOURCES/openssl-3.1.6.tar.gz +SOURCES/prebuilt_dcap_1.23-repacked.tar.gz SOURCES/sgx-emm-1.0.3.tar.gz SOURCES/tinyxml2-10.0.0.tar.gz -SOURCES/wasm-micro-runtime-1.3.3.tar.gz +SOURCES/wasm-micro-runtime-1.0.0.tar.gz diff --git a/.linux-sgx.metadata b/.linux-sgx.metadata index a6b6257..5281b02 100644 --- a/.linux-sgx.metadata +++ b/.linux-sgx.metadata @@ -1,13 +1,16 @@ +0f02abd418ab9ef91a0a82c621d5efdfeb62cced SOURCES/DCAP_1.23.tar.gz +29ff22018490f7ea1f5d7b157313bb6d3e101247 SOURCES/dcap-1.23-20260204-pccs-node-modules.tar.xz ae0bef56634efa2e7ab1b3ebb80144227166d5b3 SOURCES/dcap-qvl-1.21.tar.gz 7babe0b9801502798cd46b19e5bffdc73310fb5f SOURCES/dcap-qvs-1.1.0-2885.tar.gz -f5f1925572334c798199b9c0896d0f78131b5698 SOURCES/dcap_1.22_reproducible.tar.gz -68ed8479c8d4f2e8d17f5b5e7d36803726e188b4 SOURCES/intel-sgx-ssl-3.0_Rev4.tar.gz +c57669dbba811553d624924aec70d6836027a11a SOURCES/intel-sgx-ssl-3.1.6_Rev1.tar.gz 2a2b1aa1e1c12b6caefa29be32e2dec3b9b4a269 SOURCES/ippcp_2021.12.1.tar.gz 099ce276013fbb934a03581ca799e690e7e82ed8 SOURCES/jwt-cpp-0.6.0.tar.gz 926051e0ad493c19b7e19b4ff0c360e3b1afa70c SOURCES/libcbor-0.10.2.tar.gz -97945c316502c32338a5bd7714733ff13cffd110 SOURCES/linux-sgx-2.25-reproducible.tar.gz -80b67212212a5ba81b071026d1ad851d6cbcca93 SOURCES/openssl-3.0.14.tar.gz -f0130f03defaf12532f980f7a788dbe6b36b364d SOURCES/prebuilt_dcap_1.22-repacked.tar.gz +da97d22450cf282156e3833f8f767502eaeb2e6a SOURCES/linux-sgx-2.26.tar.gz +fd19d26fd057e51ca4212738051ba57060fc840d SOURCES/node-ffi-rs-1.2.6-vendor.tar.gz +c06dfac5992809f860069e07282d5c6a35efa53d SOURCES/node-ffi-rs-1.2.6.tar.gz +2ab959fbc11283a0bc7a39e33b8f6862372cfc9a SOURCES/openssl-3.1.6.tar.gz +df5ea1a6bfb7ba0372eb0660331ea6ababfe4685 SOURCES/prebuilt_dcap_1.23-repacked.tar.gz 8fd7f0aa93654ecf2efaf36d9f3dbef386bf9893 SOURCES/sgx-emm-1.0.3.tar.gz c9030c4bfa0f7cd5ea3a6669f8bf038a2ffcdfed SOURCES/tinyxml2-10.0.0.tar.gz -9cbfc1a397cfcf4ff8f1127bf272f0a4147039ae SOURCES/wasm-micro-runtime-1.3.3.tar.gz +a2dda9426ce3ed4a59585e08bc6d19339cde4626 SOURCES/wasm-micro-runtime-1.0.0.tar.gz diff --git a/SOURCES/0000-Add-support-for-building-against-host-openssl-crypto.patch b/SOURCES/0000-Add-support-for-building-against-host-openssl-crypto.patch index 1fdfb06..381ce62 100644 --- a/SOURCES/0000-Add-support-for-building-against-host-openssl-crypto.patch +++ b/SOURCES/0000-Add-support-for-building-against-host-openssl-crypto.patch @@ -1,7 +1,7 @@ -From 035a09af5fa31cdc7ab683c8188168623848f033 Mon Sep 17 00:00:00 2001 +From d4f132e1363779aef2c4209789ca364e27f45bb2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Thu, 13 Feb 2025 14:12:38 +0000 -Subject: [PATCH 00/16] Add support for building against host openssl crypto +Subject: [PATCH 00/15] Add support for building against host openssl crypto lib MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 @@ -85,7 +85,7 @@ index a3843bdf..2c9c87b3 100644 ${CMAKE_SOURCE_DIR}/../../../../external/rdrand/src/librdrand.a ) diff --git a/psw/urts/linux/Makefile b/psw/urts/linux/Makefile -index 41797648..4097444c 100644 +index 7e0b6a08..3d08ee5c 100644 --- a/psw/urts/linux/Makefile +++ b/psw/urts/linux/Makefile @@ -43,8 +43,6 @@ CFLAGS += -fPIC -Werror -g @@ -116,7 +116,7 @@ index 41797648..4097444c 100644 INTERNAL_LDFLAGS += -Wl,--version-script=urts_internal.lds -Wl,--gc-sections diff --git a/sdk/sign_tool/SignTool/Makefile b/sdk/sign_tool/SignTool/Makefile -index 3d593972..1eb8d460 100644 +index 1ed9f286..ed177c86 100644 --- a/sdk/sign_tool/SignTool/Makefile +++ b/sdk/sign_tool/SignTool/Makefile @@ -42,9 +42,6 @@ CFLAGS += $(FLAGS) @@ -138,7 +138,7 @@ index 3d593972..1eb8d460 100644 DIR1 := $(LINUX_EXTERNAL_DIR)/tinyxml2/ DIR2 := $(COMMON_DIR)/src/ -@@ -89,7 +86,7 @@ all: sgx_sign | $(BUILD_DIR) +@@ -90,7 +87,7 @@ all: sgx_sign | $(BUILD_DIR) $(BUILD_DIR): @$(MKDIR) $@ @@ -180,7 +180,7 @@ index c66beed2..45ddb576 100644 vpath %.cpp $(LINUX_PSW_DIR)/ae/common \ $(LINUX_SDK_DIR)/simulation/urtssim \ diff --git a/sdk/simulation/urtssim/linux/Makefile b/sdk/simulation/urtssim/linux/Makefile -index dde577ca..505ce8d9 100644 +index e756d468..ea8ca78c 100644 --- a/sdk/simulation/urtssim/linux/Makefile +++ b/sdk/simulation/urtssim/linux/Makefile @@ -42,9 +42,6 @@ endif @@ -202,7 +202,7 @@ index dde577ca..505ce8d9 100644 CPPFLAGS += -I$(COMMON_DIR)/inc/internal \ -I$(LINUX_PSW_DIR)/urts/linux \ -@@ -127,7 +124,7 @@ LDFLAGS += $(COMMON_LDFLAGS) -Wl,--version-script=$(LINUX_PSW_DIR)/urts/linux/ur +@@ -128,7 +125,7 @@ LDFLAGS += $(COMMON_LDFLAGS) -Wl,--version-script=$(LINUX_PSW_DIR)/urts/linux/ur LIBURTSSIM_SHARED := libsgx_urts_sim.so LIBURTS_DEPLOY := libsgx_urts_deploy.so @@ -212,5 +212,5 @@ index dde577ca..505ce8d9 100644 .PHONY: all -- -2.48.1 +2.49.0 diff --git a/SOURCES/0001-Add-support-for-building-against-host-tinyxml2-lib.patch b/SOURCES/0001-Add-support-for-building-against-host-tinyxml2-lib.patch index f905bc0..3bc516f 100644 --- a/SOURCES/0001-Add-support-for-building-against-host-tinyxml2-lib.patch +++ b/SOURCES/0001-Add-support-for-building-against-host-tinyxml2-lib.patch @@ -1,7 +1,7 @@ -From a1ebbd0efeb66f23a02e63946d6f2c8ec9c00c00 Mon Sep 17 00:00:00 2001 +From e372a1a009f1de14ea5ee01ec022633d88f6d234 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Thu, 13 Feb 2025 14:01:10 +0000 -Subject: [PATCH 01/16] Add support for building against host tinyxml2 lib +Subject: [PATCH 01/15] Add support for building against host tinyxml2 lib MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -44,7 +44,7 @@ index acae2106..6dac4028 100644 +TINYXML2_DIR = $(LINUX_EXTERNAL_DIR)/tinyxml2/ +endif diff --git a/sdk/sign_tool/SignTool/Makefile b/sdk/sign_tool/SignTool/Makefile -index 1eb8d460..219fb5ad 100644 +index ed177c86..1dcb6f51 100644 --- a/sdk/sign_tool/SignTool/Makefile +++ b/sdk/sign_tool/SignTool/Makefile @@ -49,11 +49,11 @@ INC += -I$(COMMON_DIR)/inc \ @@ -69,8 +69,8 @@ index 1eb8d460..219fb5ad 100644 +OBJ3 := $(TINYXML2_OBJ) OBJ4 := loader.o \ - se_detect.o -@@ -86,7 +86,7 @@ all: sgx_sign | $(BUILD_DIR) + se_detect.o \ +@@ -87,7 +87,7 @@ all: sgx_sign | $(BUILD_DIR) $(BUILD_DIR): @$(MKDIR) $@ @@ -80,5 +80,5 @@ index 1eb8d460..219fb5ad 100644 sgx_sign: $(OBJS) enclaveparser -- -2.48.1 +2.49.0 diff --git a/SOURCES/0002-Add-support-for-building-against-host-CppMicroServic.patch b/SOURCES/0002-Add-support-for-building-against-host-CppMicroServic.patch index d59d742..b7eff37 100644 --- a/SOURCES/0002-Add-support-for-building-against-host-CppMicroServic.patch +++ b/SOURCES/0002-Add-support-for-building-against-host-CppMicroServic.patch @@ -1,7 +1,7 @@ -From 90ec590f9b17b878cfe2e338d55362349d5ad67e Mon Sep 17 00:00:00 2001 +From 02f4535633d317894629f30daf0583fddcdf3f1c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Thu, 13 Feb 2025 14:01:10 +0000 -Subject: [PATCH 02/16] Add support for building against host CppMicroServices +Subject: [PATCH 02/15] Add support for building against host CppMicroServices lib MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 @@ -125,7 +125,7 @@ index bac84292..89a15875 100644 ifeq ($(RDRAND_MAKEFILE), $(wildcard $(RDRAND_MAKEFILE))) @$(MAKE) distclean -C $(RDRAND_LIBDIR) diff --git a/psw/ae/aesm_service/source/CMakeLists.txt b/psw/ae/aesm_service/source/CMakeLists.txt -index 98c724a7..3edd77c7 100644 +index da3e0b77..89b3e3ae 100644 --- a/psw/ae/aesm_service/source/CMakeLists.txt +++ b/psw/ae/aesm_service/source/CMakeLists.txt @@ -46,7 +46,7 @@ else() @@ -138,5 +138,5 @@ index 98c724a7..3edd77c7 100644 cmake_minimum_required(VERSION ${US_CMAKE_MINIMUM_REQUIRED_VERSION}) cmake_policy(VERSION ${US_CMAKE_MINIMUM_REQUIRED_VERSION}) -- -2.48.1 +2.49.0 diff --git a/SOURCES/0003-Improve-make-debuggability.patch b/SOURCES/0003-Improve-make-debuggability.patch index 6680373..13afe6d 100644 --- a/SOURCES/0003-Improve-make-debuggability.patch +++ b/SOURCES/0003-Improve-make-debuggability.patch @@ -1,7 +1,7 @@ -From 50ba5d706d65359514e973175c34f36b6887a1e8 Mon Sep 17 00:00:00 2001 +From e607f7279049d2db090a2bef9c7943cdb55d9de6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Fri, 1 Mar 2024 12:53:26 +0000 -Subject: [PATCH 03/16] Improve make debuggability +Subject: [PATCH 03/15] Improve make debuggability MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -17,10 +17,10 @@ Signed-off-by: Daniel P. Berrangé 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/sdk/Makefile.source b/sdk/Makefile.source -index 4bbfd4f3..d3e40036 100644 +index e98776df..dfbca6d4 100644 --- a/sdk/Makefile.source +++ b/sdk/Makefile.source -@@ -78,7 +78,7 @@ tstdc: $(LIBTLIBC) +@@ -77,7 +77,7 @@ tstdc: $(LIBTLIBC) ifndef SERVTD_ATTEST $(LIBTLIBC): tlibthread compiler-rt tsafecrt tsetjmp tmm_rsrv @@ -29,7 +29,7 @@ index 4bbfd4f3..d3e40036 100644 @$(MKDIR) $(BUILD_DIR)/.compiler-rt $(BUILD_DIR)/.tlibthread $(BUILD_DIR)/.tsafecrt $(BUILD_DIR)/.tsetjmp $(BUILD_DIR)/.tmm_rsrv @$(RM) -f $(BUILD_DIR)/.compiler-rt/* && cd $(BUILD_DIR)/.compiler-rt && $(AR) x $(LINUX_SDK_DIR)/compiler-rt/libcompiler-rt.a @$(RM) -f $(BUILD_DIR)/.tlibthread/* && cd $(BUILD_DIR)/.tlibthread && $(AR) x $(LINUX_SDK_DIR)/tlibthread/libtlibthread.a -@@ -96,7 +96,7 @@ $(LIBTLIBC): tlibthread compiler-rt tsafecrt tsetjmp tmm_rsrv +@@ -95,7 +95,7 @@ $(LIBTLIBC): tlibthread compiler-rt tsafecrt tsetjmp tmm_rsrv @$(RM) -rf $(BUILD_DIR)/.tsetjmp $(BUILD_DIR)/.tmm_rsrv else $(LIBTLIBC): tlibthread tsafecrt tsetjmp tmm_rsrv @@ -38,7 +38,7 @@ index 4bbfd4f3..d3e40036 100644 @$(MKDIR) $(BUILD_DIR)/.tlibthread $(BUILD_DIR)/.tsafecrt $(BUILD_DIR)/.tsetjmp $(BUILD_DIR)/.tmm_rsrv @$(RM) -f $(BUILD_DIR)/.tlibthread/* && cd $(BUILD_DIR)/.tlibthread && $(AR) x $(LINUX_SDK_DIR)/tlibthread/libtlibthread.a @$(RM) -f $(BUILD_DIR)/.tsafecrt/* && cd $(BUILD_DIR)/.tsafecrt && $(AR) x $(LINUX_SDK_DIR)/tsafecrt/libsgx_tsafecrt.a -@@ -119,7 +119,7 @@ tsafecrt: +@@ -118,7 +118,7 @@ tsafecrt: .PHONY: compiler-rt compiler-rt: @@ -47,7 +47,7 @@ index 4bbfd4f3..d3e40036 100644 .PHONY: tsetjmp tsetjmp: -@@ -163,7 +163,7 @@ cpprt: +@@ -162,7 +162,7 @@ cpprt: .PHONY: tlibcxx tlibcxx: $(BUILD_DIR) @@ -70,5 +70,5 @@ index d1ac38a1..5fb90c21 100644 .PHONY: clean -- -2.48.1 +2.49.0 diff --git a/SOURCES/0004-Support-disabling-use-of-git-for-ippcp-code.patch b/SOURCES/0004-Support-disabling-use-of-git-for-ippcp-code.patch index 5ccd586..63b8cc1 100644 --- a/SOURCES/0004-Support-disabling-use-of-git-for-ippcp-code.patch +++ b/SOURCES/0004-Support-disabling-use-of-git-for-ippcp-code.patch @@ -1,7 +1,7 @@ -From e9150e028f1d0f567bab4d2c7d5e5fc02cadce06 Mon Sep 17 00:00:00 2001 +From 8d858334aeade0a0063456fa03cdbc3f6a55d51f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Thu, 13 Feb 2025 14:37:24 +0000 -Subject: [PATCH 04/16] Support disabling use of git for ippcp code +Subject: [PATCH 04/15] Support disabling use of git for ippcp code MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -16,7 +16,7 @@ Signed-off-by: Daniel P. Berrangé 1 file changed, 4 insertions(+) diff --git a/external/ippcp_internal/Makefile b/external/ippcp_internal/Makefile -index b4108cb8..70718f5e 100644 +index a57c22a9..d78ba90e 100644 --- a/external/ippcp_internal/Makefile +++ b/external/ippcp_internal/Makefile @@ -33,6 +33,8 @@ include ../../buildenv.mk @@ -37,7 +37,7 @@ index b4108cb8..70718f5e 100644 git submodule update -f --init --recursive --remote -- $(IPP_SOURCE) else @@ -92,6 +95,7 @@ else - git clone -b ipp-ipp-crypto_2021_12_1 https://github.com/intel/ipp-crypto.git --depth 1 $(IPP_SOURCE) + git clone -b ipp-crypto_2021_12_1 https://github.com/intel/ipp-crypto.git --depth 1 $(IPP_SOURCE) endif cd $(IPP_SOURCE) && git apply ../0001-IPP-crypto-for-SGX.patch +endif @@ -45,5 +45,5 @@ index b4108cb8..70718f5e 100644 .PHONY: clean -- -2.48.1 +2.49.0 diff --git a/SOURCES/0005-disable-openmp-protobuf-mbedtls-sample_crypto-builds.patch b/SOURCES/0005-disable-openmp-protobuf-sample_crypto-builds.patch similarity index 89% rename from SOURCES/0005-disable-openmp-protobuf-mbedtls-sample_crypto-builds.patch rename to SOURCES/0005-disable-openmp-protobuf-sample_crypto-builds.patch index 214668f..94b2deb 100644 --- a/SOURCES/0005-disable-openmp-protobuf-mbedtls-sample_crypto-builds.patch +++ b/SOURCES/0005-disable-openmp-protobuf-sample_crypto-builds.patch @@ -1,8 +1,7 @@ -From bdeff24e929360b5ecfa5b0fe36513607b98daf3 Mon Sep 17 00:00:00 2001 +From e10242ea154af19d527377c9ff885fa0c7e7ce41 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Tue, 18 Jun 2024 15:57:22 +0100 -Subject: [PATCH 05/16] disable openmp, protobuf, mbedtls & sample_crypto - builds +Subject: [PATCH 05/15] disable openmp, protobuf & sample_crypto builds MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -12,15 +11,15 @@ important, so skip them to reduce amount of bundled package code. Signed-off-by: Daniel P. Berrangé --- - linux/installer/common/sdk/BOMs/sdk_base.txt | 335 ------------------ - .../common/sdk/BOMs/sdk_cve_2020_0551_cf.txt | 3 - - .../sdk/BOMs/sdk_cve_2020_0551_load.txt | 3 - - linux/installer/common/sdk/BOMs/sdk_x64.txt | 4 - - sdk/Makefile.source | 30 +- - 5 files changed, 1 insertion(+), 374 deletions(-) + linux/installer/common/sdk/BOMs/sdk_base.txt | 298 ------------------ + .../common/sdk/BOMs/sdk_cve_2020_0551_cf.txt | 2 - + .../sdk/BOMs/sdk_cve_2020_0551_load.txt | 2 - + linux/installer/common/sdk/BOMs/sdk_x64.txt | 3 - + sdk/Makefile.source | 24 +- + 5 files changed, 1 insertion(+), 328 deletions(-) diff --git a/linux/installer/common/sdk/BOMs/sdk_base.txt b/linux/installer/common/sdk/BOMs/sdk_base.txt -index 032479d8..ed585066 100644 +index d26ee825..ed585066 100644 --- a/linux/installer/common/sdk/BOMs/sdk_base.txt +++ b/linux/installer/common/sdk/BOMs/sdk_base.txt @@ -1,5 +1,4 @@ @@ -29,7 +28,7 @@ index 032479d8..ed585066 100644 /common/inc/sgx_attributes.h /package/include/sgx_attributes.h 0 main STP /common/inc/sgx_capable.h /package/include/sgx_capable.h 0 main STP /common/inc/sgx_cpuid.h /package/include/sgx_cpuid.h 0 main STP -@@ -391,26 +390,6 @@ DeliveryName InstallName FileCheckSum FileFeature FileOwner +@@ -391,16 +390,6 @@ DeliveryName InstallName FileCheckSum FileFeature FileOwner /SampleCode/SealUnseal/Enclave_Unseal/Enclave_Unseal.cpp /package/SampleCode/SealUnseal/Enclave_Unseal/Enclave_Unseal.cpp 0 N/A N/A /SampleCode/SealUnseal/Enclave_Unseal/Enclave_Unseal.edl /package/SampleCode/SealUnseal/Enclave_Unseal/Enclave_Unseal.edl 0 N/A N/A /SampleCode/SealUnseal/Enclave_Unseal/Enclave_Unseal.lds /package/SampleCode/SealUnseal/Enclave_Unseal/Enclave_Unseal.lds 0 N/A N/A @@ -43,20 +42,10 @@ index 032479d8..ed585066 100644 -/SampleCode/ProtobufSGXDemo/Enclave/Enclave.lds /package/SampleCode/ProtobufSGXDemo/Enclave/Enclave.lds 0 N/A N/A -/SampleCode/ProtobufSGXDemo/Enclave/person.proto /package/SampleCode/ProtobufSGXDemo/Enclave/person.proto 0 N/A N/A -/SampleCode/ProtobufSGXDemo/Makefile /package/SampleCode/ProtobufSGXDemo/Makefile 0 N/A N/A --/SampleCode/SampleMbedCrypto/App/App.cpp /package/SampleCode/SampleMbedCrypto/App/App.cpp 0 N/A N/A --/SampleCode/SampleMbedCrypto/App/App.h /package/SampleCode/SampleMbedCrypto/App/App.h 0 N/A N/A --/SampleCode/SampleMbedCrypto/Makefile /package/SampleCode/SampleMbedCrypto/Makefile 0 N/A N/A --/SampleCode/SampleMbedCrypto/Enclave/Enclave.cpp /package/SampleCode/SampleMbedCrypto/Enclave/Enclave.cpp 0 N/A N/A --/SampleCode/SampleMbedCrypto/Enclave/Enclave.lds /package/SampleCode/SampleMbedCrypto/Enclave/Enclave.lds 0 N/A N/A --/SampleCode/SampleMbedCrypto/Enclave/Enclave_debug.lds /package/SampleCode/SampleMbedCrypto/Enclave/Enclave_debug.lds 0 N/A N/A --/SampleCode/SampleMbedCrypto/Enclave/Enclave.h /package/SampleCode/SampleMbedCrypto/Enclave/Enclave.h 0 N/A N/A --/SampleCode/SampleMbedCrypto/Enclave/Enclave.edl /package/SampleCode/SampleMbedCrypto/Enclave/Enclave.edl 0 N/A N/A --/SampleCode/SampleMbedCrypto/Enclave/Enclave.config.xml /package/SampleCode/SampleMbedCrypto/Enclave/Enclave.config.xml 0 N/A N/A --/SampleCode/SampleMbedCrypto/README.txt /package/SampleCode/SampleMbedCrypto/README.txt 0 N/A N/A /SampleCode/SampleAEXNotify/Enclave/Enclave.config.xml /package/SampleCode/SampleAEXNotify/Enclave/Enclave.config.xml 0 N/A N/A /SampleCode/SampleAEXNotify/Enclave/Enclave.cpp /package/SampleCode/SampleAEXNotify/Enclave/Enclave.cpp 0 N/A N/A /SampleCode/SampleAEXNotify/Enclave/Enclave.edl /package/SampleCode/SampleAEXNotify/Enclave/Enclave.edl 0 N/A N/A -@@ -422,7 +401,6 @@ DeliveryName InstallName FileCheckSum FileFeature FileOwner +@@ -412,7 +401,6 @@ DeliveryName InstallName FileCheckSum FileFeature FileOwner /SampleCode/SampleAEXNotify/Makefile /package/SampleCode/SampleAEXNotify/Makefile 0 N/A N/A /SampleCode/SampleAEXNotify/README.txt /package/SampleCode/SampleAEXNotify/README.txt 0 N/A N/A /build/linux/gdb-sgx-plugin/sgx-gdb /package/bin/sgx-gdb 0 main STP @@ -64,7 +53,7 @@ index 032479d8..ed585066 100644 /sdk/tlibcxx/include/CMakeLists.txt /package/include/libcxx/CMakeLists.txt 0 main STP /sdk/tlibcxx/include/__availability /package/include/libcxx/__availability 0 main STP /sdk/tlibcxx/include/__bit_reference /package/include/libcxx/__bit_reference 0 main STP -@@ -607,317 +585,4 @@ DeliveryName InstallName FileCheckSum FileFeature FileOwner +@@ -597,290 +585,4 @@ DeliveryName InstallName FileCheckSum FileFeature FileOwner /sdk/tlibcxx/include/variant /package/include/libcxx/variant 0 main STP /sdk/tlibcxx/include/vector /package/include/libcxx/vector 0 main STP /sdk/tlibcxx/include/version /package/include/libcxx/version 0 main STP @@ -354,39 +343,12 @@ index 032479d8..ed585066 100644 -/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/types/span.h /package/include/tprotobuf/absl/types/span.h 0 main STP -/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/types/variant.h /package/include/tprotobuf/absl/types/variant.h 0 main STP -/external/protobuf/protobuf_code/third_party/abseil-cpp/absl/utility/utility.h /package/include/tprotobuf/absl/utility/utility.h 0 main STP --/external/mbedtls/mbedtls_code/include/mbedtls/aes.h /package/include/mbedtls/aes.h 0 main STP --/external/mbedtls/mbedtls_code/include/mbedtls/bignum.h /package/include/mbedtls/bignum.h 0 main STP --/external/mbedtls/mbedtls_code/include/mbedtls/build_info.h /package/include/mbedtls/build_info.h 0 main STP --/external/mbedtls/mbedtls_code/include/mbedtls/check_config.h /package/include/mbedtls/check_config.h 0 main STP --/external/mbedtls/mbedtls_code/include/mbedtls/cipher.h /package/include/mbedtls/cipher.h 0 main STP -- --/external/mbedtls/mbedtls_code/include/mbedtls/config_psa.h /package/include/mbedtls/config_psa.h 0 main STP --/external/mbedtls/mbedtls_code/include/mbedtls/ctr_drbg.h /package/include/mbedtls/ctr_drbg.h 0 main STP --/external/mbedtls/mbedtls_code/include/mbedtls/ecdsa.h /package/include/mbedtls/ecdsa.h 0 main STP --/external/mbedtls/mbedtls_code/include/mbedtls/ecp.h /package/include/mbedtls/ecp.h 0 main STP --/external/mbedtls/mbedtls_code/include/mbedtls/entropy.h /package/include/mbedtls/entropy.h 0 main STP --/external/mbedtls/mbedtls_code/include/mbedtls/mbedtls_config.h /package/include/mbedtls/mbedtls_config.h 0 main STP --/external/mbedtls/mbedtls_code/include/mbedtls/md.h /package/include/mbedtls/md.h 0 main STP --/external/mbedtls/mbedtls_code/include/mbedtls/platform_util.h /package/include/mbedtls/platform_util.h 0 main STP --/external/mbedtls/mbedtls_code/include/mbedtls/private_access.h /package/include/mbedtls/private_access.h 0 main STP --/external/mbedtls/mbedtls_code/include/mbedtls/sha1.h /package/include/mbedtls/sha1.h 0 main STP --/external/mbedtls/mbedtls_code/include/mbedtls/sha256.h /package/include/mbedtls/sha256.h 0 main STP --/external/mbedtls/mbedtls_code/include/mbedtls/sha512.h /package/include/mbedtls/sha512.h 0 main STP --/external/mbedtls/mbedtls_code/include/mbedtls/threading.h /package/include/mbedtls/threading.h 0 main STP --/external/mbedtls/mbedtls_code/include/mbedtls/platform.h /package/include/mbedtls/platform.h 0 main STP --/external/mbedtls/mbedtls_code/include/mbedtls/ecdh.h /package/include/mbedtls/ecdh.h 0 main STP --/external/mbedtls/mbedtls_code/include/mbedtls/cmac.h /package/include/mbedtls/cmac.h 0 main STP --/external/mbedtls/mbedtls_code/include/mbedtls/rsa.h /package/include/mbedtls/rsa.h 0 main STP --/external/mbedtls/mbedtls_code/include/mbedtls/gcm.h /package/include/mbedtls/gcm.h 0 main STP --/external/mbedtls/mbedtls_code/include/mbedtls/config_adjust_legacy_crypto.h /package/include/mbedtls/config_adjust_legacy_crypto.h 0 main STP --/external/mbedtls/mbedtls_code/include/mbedtls/config_adjust_x509.h /package/include/mbedtls/config_adjust_x509.h 0 main STP --/external/mbedtls/mbedtls_code/include/mbedtls/config_adjust_ssl.h /package/include/mbedtls/config_adjust_ssl.h 0 main STP /common/buildenv.mk /package/buildenv.mk 0 main STP diff --git a/linux/installer/common/sdk/BOMs/sdk_cve_2020_0551_cf.txt b/linux/installer/common/sdk/BOMs/sdk_cve_2020_0551_cf.txt -index d494deba..998def35 100644 +index 65d9dca0..086992f9 100644 --- a/linux/installer/common/sdk/BOMs/sdk_cve_2020_0551_cf.txt +++ b/linux/installer/common/sdk/BOMs/sdk_cve_2020_0551_cf.txt -@@ -9,11 +9,8 @@ DeliveryName InstallName FileCheckSum FileFeature FileOwner +@@ -10,9 +10,7 @@ DeliveryName InstallName FileCheckSum FileFeature FileOwner /build/linuxCF/libsgx_tswitchless.a /package/lib64/cve_2020_0551_cf/libsgx_tswitchless.a 0 main STP /build/linuxCF/libsgx_tprotected_fs.a /package/lib64/cve_2020_0551_cf/libsgx_tprotected_fs.a 0 main STP /build/linuxCF/libsgx_pcl.a /package/lib64/cve_2020_0551_cf/libsgx_pcl.a 0 main STP @@ -396,13 +358,11 @@ index d494deba..998def35 100644 /build/linuxCF/libsgx_ttls.a /package/lib64/cve_2020_0551_cf/libsgx_ttls.a 0 main STP /build/linuxCF/libtdx_tls.a /package/lib64/cve_2020_0551_cf/libtdx_tls.a 0 main STP /build/linuxCF/libsgx_utls.a /package/lib64/cve_2020_0551_cf/libsgx_utls.a 0 main STP --/build/linuxCF/libsgx_mbedcrypto.a /package/lib64/cve_2020_0551_cf/libsgx_mbedcrypto.a 0 main STP - /external/dcap_source/QuoteGeneration/build/linuxCF/libsgx_dcap_tvl.a /package/lib64/cve_2020_0551_cf/libsgx_dcap_tvl.a 0 main STP diff --git a/linux/installer/common/sdk/BOMs/sdk_cve_2020_0551_load.txt b/linux/installer/common/sdk/BOMs/sdk_cve_2020_0551_load.txt -index 53c9cfc6..b68b9976 100644 +index 71684b38..c26c9e63 100644 --- a/linux/installer/common/sdk/BOMs/sdk_cve_2020_0551_load.txt +++ b/linux/installer/common/sdk/BOMs/sdk_cve_2020_0551_load.txt -@@ -9,11 +9,8 @@ DeliveryName InstallName FileCheckSum FileFeature FileOwner +@@ -10,9 +10,7 @@ DeliveryName InstallName FileCheckSum FileFeature FileOwner /build/linuxLOAD/libsgx_tswitchless.a /package/lib64/cve_2020_0551_load/libsgx_tswitchless.a 0 main STP /build/linuxLOAD/libsgx_tprotected_fs.a /package/lib64/cve_2020_0551_load/libsgx_tprotected_fs.a 0 main STP /build/linuxLOAD/libsgx_pcl.a /package/lib64/cve_2020_0551_load/libsgx_pcl.a 0 main STP @@ -412,13 +372,11 @@ index 53c9cfc6..b68b9976 100644 /build/linuxLOAD/libsgx_ttls.a /package/lib64/cve_2020_0551_load/libsgx_ttls.a 0 main STP /build/linuxLOAD/libtdx_tls.a /package/lib64/cve_2020_0551_load/libtdx_tls.a 0 main STP /build/linuxLOAD/libsgx_utls.a /package/lib64/cve_2020_0551_load/libsgx_utls.a 0 main STP --/build/linuxLOAD/libsgx_mbedcrypto.a /package/lib64/cve_2020_0551_load/libsgx_mbedcrypto.a 0 main STP - /external/dcap_source/QuoteGeneration/build/linuxLOAD/libsgx_dcap_tvl.a /package/lib64/cve_2020_0551_load/libsgx_dcap_tvl.a 0 main STP diff --git a/linux/installer/common/sdk/BOMs/sdk_x64.txt b/linux/installer/common/sdk/BOMs/sdk_x64.txt -index 629492c1..602a804d 100644 +index d713050b..111070ee 100644 --- a/linux/installer/common/sdk/BOMs/sdk_x64.txt +++ b/linux/installer/common/sdk/BOMs/sdk_x64.txt -@@ -39,14 +39,10 @@ DeliveryName InstallName FileCheckSum FileFeature FileOwner +@@ -40,10 +40,7 @@ DeliveryName InstallName FileCheckSum FileFeature FileOwner /build/linux/sgx_edger8r /package/bin/x64/sgx_edger8r 0 main STP /build/linux/sgx_sign /package/bin/x64/sgx_sign 0 main STP /build/linux/sgx_encrypt /package/bin/x64/sgx_encrypt 0 main STP @@ -429,22 +387,17 @@ index 629492c1..602a804d 100644 /build/linux/libsgx_ttls.a /package/lib64/libsgx_ttls.a 0 main STP /build/linux/libtdx_tls.a /package/lib64/libtdx_tls.a 0 main STP /build/linux/libsgx_utls.a /package/lib64/libsgx_utls.a 0 main STP --/build/linux/libsgx_mbedcrypto.a /package/lib64/libsgx_mbedcrypto.a 0 main STP - /external/dcap_source/QuoteGeneration/build/linux/libsgx_dcap_tvl.a /package/lib64/libsgx_dcap_tvl.a 0 main STP - /linux/installer/common/sdk/installConfig.x64 /scripts/installConfig 0 main STP - /linux/installer/common/sdk/pkgconfig/x64/libsgx_uae_service_sim.pc /package/pkgconfig/libsgx_uae_service_sim.pc 0 main STP diff --git a/sdk/Makefile.source b/sdk/Makefile.source -index d3e40036..3bd08d5c 100644 +index dfbca6d4..3bd08d5c 100644 --- a/sdk/Makefile.source +++ b/sdk/Makefile.source -@@ -41,15 +41,11 @@ +@@ -41,14 +41,11 @@ # - tprotected_fs: libsgx_tprotected_fs.a # - tcmalloc: libsgx_tcmalloc.a # - sgx_pcl: libsgx_pcl.a -# - openmp: libsgx_omp.a -# - protobuf: libsgx_protobuf.a # - ttls: libsgx_ttls.a --# - mbedtls: libsgx_mbedcrypto.a # - Untrtusted libraries # - ukey_exchange: libsgx_ukey_exchange.a # - uprotected_fs: libsgx_uprotected_fs.a @@ -453,16 +406,16 @@ index d3e40036..3bd08d5c 100644 # - utls: libsgx_utls.a # - Standalone, untrusted libraries # - libcapable: libsgx_capable.a libsgx_capable.so -@@ -67,7 +63,7 @@ LIBTCXX := $(BUILD_DIR)/libsgx_tcxx.a +@@ -66,7 +63,7 @@ LIBTCXX := $(BUILD_DIR)/libsgx_tcxx.a LIBTSE := $(BUILD_DIR)/libsgx_tservice.a .PHONY: components --components: tstdc tcxx tservice trts tcrypto tkey_exchange ukey_exchange tprotected_fs uprotected_fs ptrace sample_crypto libcapable simulation signtool edger8r tcmalloc sgx_pcl sgx_encrypt sgx_tswitchless sgx_uswitchless pthread openmp protobuf ttls utls mbedtls +-components: tstdc tcxx tservice trts tcrypto tkey_exchange ukey_exchange tprotected_fs uprotected_fs ptrace sample_crypto libcapable simulation signtool edger8r tcmalloc sgx_pcl sgx_encrypt sgx_tswitchless sgx_uswitchless pthread openmp protobuf ttls utls +components: tstdc tcxx tservice trts tcrypto tkey_exchange ukey_exchange tprotected_fs uprotected_fs ptrace libcapable simulation signtool edger8r tcmalloc sgx_pcl sgx_encrypt sgx_tswitchless sgx_uswitchless pthread ttls utls # --------------------------------------------------- # tstdc -@@ -221,26 +217,10 @@ tprotected_fs: edger8r +@@ -220,18 +217,6 @@ tprotected_fs: edger8r sgx_pcl: $(MAKE) -C protected_code_loader @@ -481,15 +434,7 @@ index d3e40036..3bd08d5c 100644 .PHONY: ttls ttls: edger8r $(MAKE) -C ttls - --.PHONY: mbedtls --mbedtls: -- $(MAKE) -C $(LINUX_EXTERNAL_DIR)/mbedtls -- - # --------------------------------------------------- - # Untrusted libraries - # --------------------------------------------------- -@@ -256,10 +236,6 @@ uprotected_fs: edger8r +@@ -251,10 +236,6 @@ uprotected_fs: edger8r ptrace: $(MAKE) -C debugger_interface/linux/ @@ -500,7 +445,7 @@ index d3e40036..3bd08d5c 100644 .PHONY: utls utls: $(MAKE) -C utls -@@ -329,7 +305,6 @@ clean: +@@ -324,7 +305,6 @@ clean: $(MAKE) -C protected_fs/sgx_tprotected_fs/ clean $(MAKE) -C protected_fs/sgx_uprotected_fs/ clean $(MAKE) -C debugger_interface/linux/ clean @@ -508,7 +453,7 @@ index d3e40036..3bd08d5c 100644 $(MAKE) -C libcapable/linux/ clean $(MAKE) -C simulation/ clean $(MAKE) -C sign_tool/SignTool clean -@@ -340,11 +315,8 @@ clean: +@@ -335,8 +315,6 @@ clean: $(MAKE) -C switchless/sgx_uswitchless clean $(MAKE) -C tmm_rsrv/ clean $(MAKE) -C pthread clean @@ -516,10 +461,7 @@ index d3e40036..3bd08d5c 100644 - $(MAKE) -C $(LINUX_EXTERNAL_DIR)/protobuf clean $(MAKE) -C ttls clean $(MAKE) -C utls clean -- $(MAKE) -C $(LINUX_EXTERNAL_DIR)/mbedtls clean @$(RM) $(LIBTLIBC) $(LIBTCXX) $(LIBTSE) - @$(RM) $(BUILD_DIR)/libc++_Changes_SGX.txt - @$(RM) -rf $(BUILD_DIR)/.compiler-rt -- -2.48.1 +2.49.0 diff --git a/SOURCES/0006-Fix-compat-with-gcc-14.patch b/SOURCES/0006-Fix-compat-with-gcc-14.patch index c70c683..3775e97 100644 --- a/SOURCES/0006-Fix-compat-with-gcc-14.patch +++ b/SOURCES/0006-Fix-compat-with-gcc-14.patch @@ -1,7 +1,7 @@ -From 44c7af2d59a9654009eb1ea6affe771927d24850 Mon Sep 17 00:00:00 2001 +From f257662821800cfe5cdb38639a35361aac0802a3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Mon, 24 Jun 2024 17:36:13 +0100 -Subject: [PATCH 06/16] Fix compat with gcc 14 +Subject: [PATCH 06/15] Fix compat with gcc 14 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -14,25 +14,11 @@ that std::enable_if_t is available. Signed-off-by: Daniel P. Berrangé --- - psw/ae/aesm_service/source/CMakeLists.txt | 2 +- psw/enclave_common/sgx_enclave_common.cpp | 1 + - 2 files changed, 2 insertions(+), 1 deletion(-) + 1 file changed, 1 insertion(+) -diff --git a/psw/ae/aesm_service/source/CMakeLists.txt b/psw/ae/aesm_service/source/CMakeLists.txt -index 3edd77c7..89b3e3ae 100644 ---- a/psw/ae/aesm_service/source/CMakeLists.txt -+++ b/psw/ae/aesm_service/source/CMakeLists.txt -@@ -61,7 +61,7 @@ if(REF_LE) - endif() - - set(CMAKE_CXX_STANDARD_REQUIRED 1) --set(CMAKE_CXX_STANDARD 11) -+set(CMAKE_CXX_STANDARD 14) - set(CMAKE_SKIP_BUILD_RPATH true) - - ########## SGX SDK Settings ########## diff --git a/psw/enclave_common/sgx_enclave_common.cpp b/psw/enclave_common/sgx_enclave_common.cpp -index 9867ecc8..46fcf873 100644 +index 9a335c81..399d63b2 100644 --- a/psw/enclave_common/sgx_enclave_common.cpp +++ b/psw/enclave_common/sgx_enclave_common.cpp @@ -35,6 +35,7 @@ @@ -44,5 +30,5 @@ index 9867ecc8..46fcf873 100644 #include "sgx_urts.h" #include "arch.h" -- -2.48.1 +2.49.0 diff --git a/SOURCES/0007-Fix-escaping-of-regexes-in-sgx-asm-pp.patch b/SOURCES/0007-Fix-escaping-of-regexes-in-sgx-asm-pp.patch index 22dd9c5..5e85e52 100644 --- a/SOURCES/0007-Fix-escaping-of-regexes-in-sgx-asm-pp.patch +++ b/SOURCES/0007-Fix-escaping-of-regexes-in-sgx-asm-pp.patch @@ -1,7 +1,7 @@ -From b613bffdce4d035dab354887539828906920a69e Mon Sep 17 00:00:00 2001 +From 089dddf45cda329896d5d94202780209567fed9d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Mon, 2 Sep 2024 16:49:18 +0100 -Subject: [PATCH 07/16] Fix escaping of regexes in sgx-asm-pp +Subject: [PATCH 07/15] Fix escaping of regexes in sgx-asm-pp MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -278,5 +278,5 @@ index 2b02396b..0df3fc47 100644 # # File Operations - read/write -- -2.48.1 +2.49.0 diff --git a/SOURCES/0008-Disable-use-of-bogus-DEF_WEAK-macro.patch b/SOURCES/0008-Disable-use-of-bogus-DEF_WEAK-macro.patch deleted file mode 100644 index 8503d3e..0000000 --- a/SOURCES/0008-Disable-use-of-bogus-DEF_WEAK-macro.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 7e6f75bfc9c364a26be6efb0704fb6f58318e59b Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= -Date: Tue, 1 Oct 2024 18:53:17 +0100 -Subject: [PATCH 08/16] Disable use of bogus DEF_WEAK macro -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Signed-off-by: Daniel P. Berrangé ---- - sdk/tlibc/time/strptime.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/sdk/tlibc/time/strptime.c b/sdk/tlibc/time/strptime.c -index 08023a7c..9e62adc6 100644 ---- a/sdk/tlibc/time/strptime.c -+++ b/sdk/tlibc/time/strptime.c -@@ -89,7 +89,9 @@ strptime(const char *buf, const char *fmt, struct tm *tm) - { - return(_strptime(buf, fmt, tm, 1)); - } -+#if 0 - DEF_WEAK(strptime); -+#endif - - static char * - _strptime(const char *buf, const char *fmt, struct tm *tm, int initialize) --- -2.48.1 - diff --git a/SOURCES/0010-psw-prefer-dev-sgx_provision-dev-sgx_enclave.patch b/SOURCES/0008-psw-prefer-dev-sgx_provision-dev-sgx_enclave.patch similarity index 94% rename from SOURCES/0010-psw-prefer-dev-sgx_provision-dev-sgx_enclave.patch rename to SOURCES/0008-psw-prefer-dev-sgx_provision-dev-sgx_enclave.patch index c7874d8..d60b019 100644 --- a/SOURCES/0010-psw-prefer-dev-sgx_provision-dev-sgx_enclave.patch +++ b/SOURCES/0008-psw-prefer-dev-sgx_provision-dev-sgx_enclave.patch @@ -1,7 +1,7 @@ -From b35c87f751c42cec71c4d3107b88084eddc4f749 Mon Sep 17 00:00:00 2001 +From 8967386d8e9eb0f7a11a7e6ce7f97b6b1daf39ef Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Fri, 4 Oct 2024 16:33:20 +0100 -Subject: [PATCH 10/16] psw: prefer /dev/sgx_provision & /dev/sgx_enclave +Subject: [PATCH 08/15] psw: prefer /dev/sgx_provision & /dev/sgx_enclave MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -21,7 +21,7 @@ Signed-off-by: Daniel P. Berrangé 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/psw/enclave_common/sgx_enclave_common.cpp b/psw/enclave_common/sgx_enclave_common.cpp -index 46fcf873..651ba83e 100644 +index 399d63b2..f63149a0 100644 --- a/psw/enclave_common/sgx_enclave_common.cpp +++ b/psw/enclave_common/sgx_enclave_common.cpp @@ -481,11 +481,11 @@ static void enclave_set_provision_access(int hdevice, void* enclave_base) @@ -74,5 +74,5 @@ index 49f2b9aa..fc537a84 100644 } else if (driver_type == SGX_DRIVER_DCAP) -- -2.48.1 +2.49.0 diff --git a/SOURCES/0009-Remove-all-references-to-pccs-service.patch b/SOURCES/0009-Remove-all-references-to-pccs-service.patch deleted file mode 100644 index 6cc34cb..0000000 --- a/SOURCES/0009-Remove-all-references-to-pccs-service.patch +++ /dev/null @@ -1,497 +0,0 @@ -From 2135faf971e82c7dc351dc01baab5c6f716f8f11 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= -Date: Tue, 1 Oct 2024 20:18:48 +0100 -Subject: [PATCH 09/16] Remove all references to pccs service -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -The PCCS code was deleted in the DCAP 1.22 release that SGX -references, resulting in a failure to build the installer: - - $ /usr/bin/make -I linux/installer/common/psw-dcap -f linux/installer/common/psw-dcap/Makefile SRCDIR=. DESTDIR=build/vroot/psw install - python /var/home/berrange/rpmbuild/BUILD/linux-sgx-sgx_2.25_reproducible/linux/installer/common/gen_source/copy_source.py --bom-file /var/home/berrange/rpmbuild/BUILD/linux-sgx-sgx_2.25_reproducible/linux/installer/common/psw-dcap/BOM_install/sgx-dcap-pccs.txt --src-path . --dst-path build/pkgroot/sgx-dcap-pccs - Error: src directory/file ./external/dcap_source/QuoteGeneration/pccs/config/default.json does not exist! - make: *** [linux/installer/common/psw-dcap/Makefile:195: pre_sgx-dcap-pccs] Error 1 - -Signed-off-by: Daniel P. Berrangé ---- - README.md | 4 - - .../psw-dcap/BOM_install/sgx-dcap-pccs.txt | 74 ------------------- - linux/installer/common/psw-dcap/Makefile | 14 +--- - linux/installer/common/psw-dcap/installConfig | 1 - - .../psw-tdx/BOM_install/sgx-dcap-pccs.txt | 74 ------------------- - linux/installer/common/psw-tdx/Makefile | 14 +--- - linux/installer/common/psw-tdx/installConfig | 1 - - linux/installer/rpm/psw-dcap/build.sh | 1 - - .../installer/rpm/psw-dcap/psw-dcap.spec.tmpl | 21 +----- - linux/installer/rpm/psw-tdx/build.sh | 1 - - linux/installer/rpm/psw-tdx/psw-tdx.spec.tmpl | 21 +----- - 11 files changed, 6 insertions(+), 220 deletions(-) - delete mode 100644 linux/installer/common/psw-dcap/BOM_install/sgx-dcap-pccs.txt - delete mode 100644 linux/installer/common/psw-tdx/BOM_install/sgx-dcap-pccs.txt - -diff --git a/README.md b/README.md -index fcd11874..9d4011a2 100644 ---- a/README.md -+++ b/README.md -@@ -523,10 +523,6 @@ Please follow the [Intel(R) SGX DCAP Installation Guide for Linux* OS](https://d - - - Install Quote Provider Library(QPL). You can use your own customized QPL or use default QPL provided by Intel(libsgx-dcap-default-qpl) - --- Install PCK Caching Service. For how to install and configure PCK Caching --Service, please refer to [SGXDataCenterAttestationPrimitives](https://github.com/intel/SGXDataCenterAttestationPrimitives/tree/master/QuoteGeneration/pccs) --- Ensure the PCK Caching Service is setup correctly by local administrator or data center administrator. Also make sure that the configure file of quote provider library (/etc/sgx_default_qcnl.conf) is consistent with the real environment, for example: PCS_URL=https://your_pcs_server:8081/sgx/certification/v1/ -- - ### Start or Stop aesmd Service - The Intel(R) SGX PSW installer installs an aesmd service in your machine, which is running in a special linux account `aesmd`. - To stop the service: `$ sudo service aesmd stop` -diff --git a/linux/installer/common/psw-dcap/BOM_install/sgx-dcap-pccs.txt b/linux/installer/common/psw-dcap/BOM_install/sgx-dcap-pccs.txt -deleted file mode 100644 -index d70745c9..00000000 ---- a/linux/installer/common/psw-dcap/BOM_install/sgx-dcap-pccs.txt -+++ /dev/null -@@ -1,74 +0,0 @@ --DeliveryName InstallName FileCheckSum FileFeature FileOwner --/external/dcap_source/QuoteGeneration/pccs/config/default.json /config/default.json 0 main STP --/external/dcap_source/QuoteGeneration/pccs/constants/index.js /constants/index.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/constants/pccs_status_code.js /constants/pccs_status_code.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/controllers/identityController.js /controllers/identityController.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/controllers/index.js /controllers/index.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/controllers/pckcertController.js /controllers/pckcertController.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/controllers/pckcrlController.js /controllers/pckcrlController.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/controllers/platformCollateralController.js /controllers/platformCollateralController.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/controllers/platformsController.js /controllers/platformsController.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/controllers/refreshController.js /controllers/refreshController.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/controllers/rootcacrlController.js /controllers/rootcacrlController.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/controllers/tcbinfoController.js /controllers/tcbinfoController.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/controllers/crlController.js /controllers/crlController.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/models/fmspc_tcbs.js /dao/models/fmspc_tcbs.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/models/index.js /dao/models/index.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/models/pck_cert.js /dao/models/pck_cert.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/models/pck_certchain.js /dao/models/pck_certchain.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/models/pck_crl.js /dao/models/pck_crl.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/models/pcs_certificates.js /dao/models/pcs_certificates.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/models/pcs_version.js /dao/models/pcs_version.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/models/platform_tcbs.js /dao/models/platform_tcbs.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/models/platforms_registered.js /dao/models/platforms_registered.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/models/platforms.js /dao/models/platforms.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/models/enclave_identities.js /dao/models/enclave_identities.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/models/crl_cache.js /dao/models/crl_cache.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/fmspcTcbDao.js /dao/fmspcTcbDao.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/pckCertchainDao.js /dao/pckCertchainDao.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/pckcertDao.js /dao/pckcertDao.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/pckcrlDao.js /dao/pckcrlDao.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/pcsCertificatesDao.js /dao/pcsCertificatesDao.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/pcsVersionDao.js /dao/pcsVersionDao.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/platformsDao.js /dao/platformsDao.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/platformsRegDao.js /dao/platformsRegDao.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/platformTcbsDao.js /dao/platformTcbsDao.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/enclaveIdentityDao.js /dao/enclaveIdentityDao.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/crlCacheDao.js /dao/crlCacheDao.js 0 main STP --/external/dcap_source/tools/PCKCertSelection/out/libPCKCertSelection.so /lib/libPCKCertSelection.so 0 main STP --/external/dcap_source/QuoteGeneration/pccs/lib_wrapper/pcklib_wrapper.js /lib_wrapper/pcklib_wrapper.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/middleware/auth.js /middleware/auth.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/middleware/error.js /middleware/error.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/middleware/addRequestId.js /middleware/addRequestId.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/migrations/00_db_initialize.up.sql /migrations/00_db_initialize.up.sql 0 main STP --/external/dcap_source/QuoteGeneration/pccs/migrations/01_db_version_1.js /migrations/01_db_version_1.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/migrations/02_db_version_2.js /migrations/02_db_version_2.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/pcs_client/pcs_client.js /pcs_client/pcs_client.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/routes/index.js /routes/index.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/services/identityService.js /services/identityService.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/services/index.js /services/index.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/services/pccs_schemas.js /services/pccs_schemas.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/services/pckcertService.js /services/pckcertService.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/services/pckcrlService.js /services/pckcrlService.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/services/platformCollateralService.js /services/platformCollateralService.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/services/platformsRegService.js /services/platformsRegService.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/services/platformsService.js /services/platformsService.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/services/refreshService.js /services/refreshService.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/services/rootcacrlService.js /services/rootcacrlService.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/services/tcbinfoService.js /services/tcbinfoService.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/services/crlService.js /services/crlService.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/services/caching_modes/cachingMode.js /services/caching_modes/cachingMode.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/services/caching_modes/cachingModeManager.js /services/caching_modes/cachingModeManager.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/services/logic/commonCacheLogic.js /services/logic/commonCacheLogic.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/services/logic/qvCollateralLogic.js /services/logic/qvCollateralLogic.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/utils/Logger.js /utils/Logger.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/utils/PccsError.js /utils/PccsError.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/utils/apputil.js /utils/apputil.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/x509/x509.js /x509/x509.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/install.sh /install.sh 0 main STP --/external/dcap_source/QuoteGeneration/pccs/package.json /package.json 0 main STP --/external/dcap_source/QuoteGeneration/pccs/pccs_server.js /pccs_server.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/pccs.service /pccs.service 0 main STP --/external/dcap_source/QuoteGeneration/pccs/startup.sh /startup.sh 0 main STP --/external/dcap_source/QuoteGeneration/pccs/cleanup.sh /cleanup.sh 0 main STP --/external/dcap_source/QuoteGeneration/pccs/README.md /README.md 0 main STP -diff --git a/linux/installer/common/psw-dcap/Makefile b/linux/installer/common/psw-dcap/Makefile -index a85c8b82..5e8a8560 100644 ---- a/linux/installer/common/psw-dcap/Makefile -+++ b/linux/installer/common/psw-dcap/Makefile -@@ -95,9 +95,6 @@ AESMD_CONF=aesmd.service - AESMD_CONF_DEL=aesmd.conf - AESMD_CONF_PATH=$(if $(wildcard /lib/systemd/system/.),/lib/systemd/system,/usr/lib/systemd/system) - --PCCS_CONF=pccs.service --PCCS_CONF_PATH=$(if $(wildcard /lib/systemd/system/.),/lib/systemd/system,/usr/lib/systemd/system) -- - RAD_CONF=mpa_registration_tool.service - RAD_CONF_DEL=mpa_registration_tool.conf - RAD_CONF_PATH=$(if $(wildcard /lib/systemd/system/.),/lib/systemd/system,/usr/lib/systemd/system) -@@ -192,7 +189,7 @@ ALL_PKGS:= $(AESM_SERVICE_PKGS) $(AE_PKGS) $(DEV_LIB_PKGS) - - $(foreach PKG,$(AESM_SERVICE_PKGS) $(AE_PKGS),$(eval $(call INSTALL_AESM_SERVICE_TEMPLATE,$(PKG)))) - $(foreach PKG,$(DEV_LIB_PKGS),$(eval $(call INSTALL_DEV_LIB_TEMPLATE,$(PKG)))) --$(foreach PKG,$(ALL_PKGS) $(DCAP_PCCS_PACKAGE) $(RA_SERVICE_PACKAGE) $(PCK_ID_RETRIEVAL_TOOL_PACKAGE),$(eval $(call PRE_INSTALL_TEMPLATE,$(PKG)))) -+$(foreach PKG,$(ALL_PKGS) $(RA_SERVICE_PACKAGE) $(PCK_ID_RETRIEVAL_TOOL_PACKAGE),$(eval $(call PRE_INSTALL_TEMPLATE,$(PKG)))) - - PHONY+=$(ALL_PKGS) - PHONY+=$(foreach PKG,$(ALL_PKGS),pre_$(PKG)) -@@ -220,14 +217,6 @@ install_$(AESM_SERVICE_PACKAGE): $(foreach PKG,$(AESM_SERVICE_PKGS),post_$(PKG)) - ln -fs $(shell readlink -m $(USR_LIB_PATH)/libsgx_pce.signed.so) && \ - ln -fs liburts_internal.so libsgx_urts.so.$(URTS_MAJOR_VER) - --PHONY+=install_$(DCAP_PCCS_PACKAGE) --install_$(DCAP_PCCS_PACKAGE): pre_$(DCAP_PCCS_PACKAGE) | $(PACKAGE_ROOT_PATH) -- install -d $(shell readlink -m $(DESTDIR)/$(DCAP_PCCS_PACKAGE)/$(PCCS_CONF_PATH)) && \ -- cp -f $|/$(DCAP_PCCS_PACKAGE)/$(PCCS_CONF) $(DESTDIR)/$(DCAP_PCCS_PACKAGE)/$(PCCS_CONF_PATH) && \ -- rm -f $|/$(DCAP_PCCS_PACKAGE)/$(PCCS_CONF) -- install -d $(shell readlink -m $(DESTDIR)/$(DCAP_PCCS_PACKAGE)/$(SGX_INSTALL_PATH)/$(DCAP_PCCS_PACKAGE)) && \ -- cp -fr $|/$(DCAP_PCCS_PACKAGE)/* $(DESTDIR)/$(DCAP_PCCS_PACKAGE)/$(SGX_INSTALL_PATH)/$(DCAP_PCCS_PACKAGE) -- - PHONY+=$(RA_SERVICE_PACKAGE) - $(RA_SERVICE_PACKAGE): pre_$(RA_SERVICE_PACKAGE) | $(PACKAGE_ROOT_PATH) - install -d $(shell readlink -m $(DESTDIR)/$@/$(SGX_INSTALL_PATH)/$@) && \ -@@ -351,7 +340,6 @@ install_dev_lib: $(foreach PKG,$(DEV_LIB_PKGS),post_$(PKG)) - - PHONY+=install - install: install_$(AESM_SERVICE_PACKAGE) \ -- install_$(DCAP_PCCS_PACKAGE) \ - install_$(RA_SERVICE_PACKAGE) \ - install_$(PCK_ID_RETRIEVAL_TOOL_PACKAGE) \ - install_ae \ -diff --git a/linux/installer/common/psw-dcap/installConfig b/linux/installer/common/psw-dcap/installConfig -index 9f99f032..96acdd9a 100644 ---- a/linux/installer/common/psw-dcap/installConfig -+++ b/linux/installer/common/psw-dcap/installConfig -@@ -30,7 +30,6 @@ DCAP_QL_PACKAGE=libsgx-dcap-ql - DCAP_QL_DEV_PACKAGE=libsgx-dcap-ql-devel - DCAP_QVL_PACKAGE=libsgx-dcap-quote-verify - DCAP_QVL_DEV_PACKAGE=libsgx-dcap-quote-verify-devel --DCAP_PCCS_PACKAGE=sgx-dcap-pccs - - PCK_ID_RETRIEVAL_TOOL_PACKAGE=sgx-pck-id-retrieval-tool - RA_NETWORK_PACKAGE=libsgx-ra-network -diff --git a/linux/installer/common/psw-tdx/BOM_install/sgx-dcap-pccs.txt b/linux/installer/common/psw-tdx/BOM_install/sgx-dcap-pccs.txt -deleted file mode 100644 -index d70745c9..00000000 ---- a/linux/installer/common/psw-tdx/BOM_install/sgx-dcap-pccs.txt -+++ /dev/null -@@ -1,74 +0,0 @@ --DeliveryName InstallName FileCheckSum FileFeature FileOwner --/external/dcap_source/QuoteGeneration/pccs/config/default.json /config/default.json 0 main STP --/external/dcap_source/QuoteGeneration/pccs/constants/index.js /constants/index.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/constants/pccs_status_code.js /constants/pccs_status_code.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/controllers/identityController.js /controllers/identityController.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/controllers/index.js /controllers/index.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/controllers/pckcertController.js /controllers/pckcertController.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/controllers/pckcrlController.js /controllers/pckcrlController.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/controllers/platformCollateralController.js /controllers/platformCollateralController.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/controllers/platformsController.js /controllers/platformsController.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/controllers/refreshController.js /controllers/refreshController.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/controllers/rootcacrlController.js /controllers/rootcacrlController.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/controllers/tcbinfoController.js /controllers/tcbinfoController.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/controllers/crlController.js /controllers/crlController.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/models/fmspc_tcbs.js /dao/models/fmspc_tcbs.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/models/index.js /dao/models/index.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/models/pck_cert.js /dao/models/pck_cert.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/models/pck_certchain.js /dao/models/pck_certchain.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/models/pck_crl.js /dao/models/pck_crl.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/models/pcs_certificates.js /dao/models/pcs_certificates.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/models/pcs_version.js /dao/models/pcs_version.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/models/platform_tcbs.js /dao/models/platform_tcbs.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/models/platforms_registered.js /dao/models/platforms_registered.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/models/platforms.js /dao/models/platforms.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/models/enclave_identities.js /dao/models/enclave_identities.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/models/crl_cache.js /dao/models/crl_cache.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/fmspcTcbDao.js /dao/fmspcTcbDao.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/pckCertchainDao.js /dao/pckCertchainDao.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/pckcertDao.js /dao/pckcertDao.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/pckcrlDao.js /dao/pckcrlDao.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/pcsCertificatesDao.js /dao/pcsCertificatesDao.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/pcsVersionDao.js /dao/pcsVersionDao.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/platformsDao.js /dao/platformsDao.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/platformsRegDao.js /dao/platformsRegDao.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/platformTcbsDao.js /dao/platformTcbsDao.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/enclaveIdentityDao.js /dao/enclaveIdentityDao.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/dao/crlCacheDao.js /dao/crlCacheDao.js 0 main STP --/external/dcap_source/tools/PCKCertSelection/out/libPCKCertSelection.so /lib/libPCKCertSelection.so 0 main STP --/external/dcap_source/QuoteGeneration/pccs/lib_wrapper/pcklib_wrapper.js /lib_wrapper/pcklib_wrapper.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/middleware/auth.js /middleware/auth.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/middleware/error.js /middleware/error.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/middleware/addRequestId.js /middleware/addRequestId.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/migrations/00_db_initialize.up.sql /migrations/00_db_initialize.up.sql 0 main STP --/external/dcap_source/QuoteGeneration/pccs/migrations/01_db_version_1.js /migrations/01_db_version_1.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/migrations/02_db_version_2.js /migrations/02_db_version_2.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/pcs_client/pcs_client.js /pcs_client/pcs_client.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/routes/index.js /routes/index.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/services/identityService.js /services/identityService.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/services/index.js /services/index.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/services/pccs_schemas.js /services/pccs_schemas.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/services/pckcertService.js /services/pckcertService.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/services/pckcrlService.js /services/pckcrlService.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/services/platformCollateralService.js /services/platformCollateralService.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/services/platformsRegService.js /services/platformsRegService.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/services/platformsService.js /services/platformsService.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/services/refreshService.js /services/refreshService.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/services/rootcacrlService.js /services/rootcacrlService.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/services/tcbinfoService.js /services/tcbinfoService.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/services/crlService.js /services/crlService.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/services/caching_modes/cachingMode.js /services/caching_modes/cachingMode.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/services/caching_modes/cachingModeManager.js /services/caching_modes/cachingModeManager.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/services/logic/commonCacheLogic.js /services/logic/commonCacheLogic.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/services/logic/qvCollateralLogic.js /services/logic/qvCollateralLogic.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/utils/Logger.js /utils/Logger.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/utils/PccsError.js /utils/PccsError.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/utils/apputil.js /utils/apputil.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/x509/x509.js /x509/x509.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/install.sh /install.sh 0 main STP --/external/dcap_source/QuoteGeneration/pccs/package.json /package.json 0 main STP --/external/dcap_source/QuoteGeneration/pccs/pccs_server.js /pccs_server.js 0 main STP --/external/dcap_source/QuoteGeneration/pccs/pccs.service /pccs.service 0 main STP --/external/dcap_source/QuoteGeneration/pccs/startup.sh /startup.sh 0 main STP --/external/dcap_source/QuoteGeneration/pccs/cleanup.sh /cleanup.sh 0 main STP --/external/dcap_source/QuoteGeneration/pccs/README.md /README.md 0 main STP -diff --git a/linux/installer/common/psw-tdx/Makefile b/linux/installer/common/psw-tdx/Makefile -index 4f50ee49..0e8cb3e7 100644 ---- a/linux/installer/common/psw-tdx/Makefile -+++ b/linux/installer/common/psw-tdx/Makefile -@@ -80,9 +80,6 @@ QGSD_CONF=qgsd.service - QGSD_CONF_DEL=qgsd.conf - QGSD_CONF_PATH=$(if $(wildcard /lib/systemd/system/.),/lib/systemd/system,/usr/lib/systemd/system) - --PCCS_CONF=pccs.service --PCCS_CONF_PATH=$(if $(wildcard /lib/systemd/system/.),/lib/systemd/system,/usr/lib/systemd/system) -- - RAD_CONF=mpa_registration_tool.service - RAD_CONF_DEL=mpa_registration_tool.conf - RAD_CONF_PATH=$(if $(wildcard /lib/systemd/system/.),/lib/systemd/system,/usr/lib/systemd/system) -@@ -160,7 +157,7 @@ ALL_PKGS:= $(TDX_QGS_PKGS) $(AE_PKGS) $(DEV_LIB_PKGS) - - $(foreach PKG,$(TDX_QGS_PKGS) $(AE_PKGS),$(eval $(call INSTALL_AESM_SERVICE_TEMPLATE,$(PKG)))) - $(foreach PKG,$(DEV_LIB_PKGS),$(eval $(call INSTALL_DEV_LIB_TEMPLATE,$(PKG)))) --$(foreach PKG,$(ALL_PKGS) $(DCAP_PCCS_PACKAGE) $(RA_SERVICE_PACKAGE) $(PCK_ID_RETRIEVAL_TOOL_PACKAGE),$(eval $(call PRE_INSTALL_TEMPLATE,$(PKG)))) -+$(foreach PKG,$(ALL_PKGS) $(RA_SERVICE_PACKAGE) $(PCK_ID_RETRIEVAL_TOOL_PACKAGE),$(eval $(call PRE_INSTALL_TEMPLATE,$(PKG)))) - - PHONY+=$(ALL_PKGS) - PHONY+=$(foreach PKG,$(ALL_PKGS),pre_$(PKG)) -@@ -184,14 +181,6 @@ install_$(TDX_QGS_PACKAGE): $(foreach PKG,$(TDX_QGS_PKGS),post_$(PKG)) - $(DESTDIR)/$(TDX_QGS_PACKAGE)/$(ETC_DIR) && \ - rm -fr $(DESTDIR)/$(TDX_QGS_PACKAGE)/$(SGX_INSTALL_PATH)/$(TDX_QGS_PACKAGE)/conf)) - --PHONY+=install_$(DCAP_PCCS_PACKAGE) --install_$(DCAP_PCCS_PACKAGE): pre_$(DCAP_PCCS_PACKAGE) | $(PACKAGE_ROOT_PATH) -- install -d $(shell readlink -m $(DESTDIR)/$(DCAP_PCCS_PACKAGE)/$(PCCS_CONF_PATH)) && \ -- cp -f $|/$(DCAP_PCCS_PACKAGE)/$(PCCS_CONF) $(DESTDIR)/$(DCAP_PCCS_PACKAGE)/$(PCCS_CONF_PATH) && \ -- rm -f $|/$(DCAP_PCCS_PACKAGE)/$(PCCS_CONF) -- install -d $(shell readlink -m $(DESTDIR)/$(DCAP_PCCS_PACKAGE)/$(SGX_INSTALL_PATH)/$(DCAP_PCCS_PACKAGE)) && \ -- cp -fr $|/$(DCAP_PCCS_PACKAGE)/* $(DESTDIR)/$(DCAP_PCCS_PACKAGE)/$(SGX_INSTALL_PATH)/$(DCAP_PCCS_PACKAGE) -- - PHONY+=$(RA_SERVICE_PACKAGE) - $(RA_SERVICE_PACKAGE): pre_$(RA_SERVICE_PACKAGE) | $(PACKAGE_ROOT_PATH) - install -d $(shell readlink -m $(DESTDIR)/$@/$(SGX_INSTALL_PATH)/$@) && \ -@@ -291,7 +280,6 @@ install_dev_lib: $(foreach PKG,$(DEV_LIB_PKGS),post_$(PKG)) - - PHONY+=install - install: install_$(TDX_QGS_PACKAGE) \ -- install_$(DCAP_PCCS_PACKAGE) \ - install_$(RA_SERVICE_PACKAGE) \ - install_$(PCK_ID_RETRIEVAL_TOOL_PACKAGE) \ - install_ae \ -diff --git a/linux/installer/common/psw-tdx/installConfig b/linux/installer/common/psw-tdx/installConfig -index 7129b71d..c55a8ada 100644 ---- a/linux/installer/common/psw-tdx/installConfig -+++ b/linux/installer/common/psw-tdx/installConfig -@@ -16,7 +16,6 @@ TDX_ATTEST_PACKAGE=libtdx-attest - TDX_ATTEST_DEV_PACKAGE=libtdx-attest-devel - DCAP_QVL_PACKAGE=libsgx-dcap-quote-verify - DCAP_QVL_DEV_PACKAGE=libsgx-dcap-quote-verify-devel --DCAP_PCCS_PACKAGE=sgx-dcap-pccs - PCK_ID_RETRIEVAL_TOOL_PACKAGE=sgx-pck-id-retrieval-tool - RA_NETWORK_PACKAGE=libsgx-ra-network - RA_NETWORK_DEV_PACKAGE=libsgx-ra-network-devel -diff --git a/linux/installer/rpm/psw-dcap/build.sh b/linux/installer/rpm/psw-dcap/build.sh -index 22c8eef5..6188e816 100755 ---- a/linux/installer/rpm/psw-dcap/build.sh -+++ b/linux/installer/rpm/psw-dcap/build.sh -@@ -63,7 +63,6 @@ update_spec() { - -e "s:@dcap_version@:${dcap_version}:" \ - -e "s:@aesm_service_path@:${SGX_INSTALL_PATH}/${AESM_SERVICE_PACKAGE}:" \ - -e "s:@ra_service_path@:${SGX_INSTALL_PATH}/${RA_SERVICE_PACKAGE}:" \ -- -e "s:@dcap_pccs_path@:${SGX_INSTALL_PATH}/${DCAP_PCCS_PACKAGE}:" \ - -e "s:@pck_id_retrieval_tool_path@:${SGX_INSTALL_PATH}/${PCK_ID_RETRIEVAL_TOOL_PACKAGE}:" \ - ${cur_dir}/${psw_dcap}.spec.tmpl > ${cur_dir}/${rpm_build_dir}/SPECS/${psw_dcap}.spec - -diff --git a/linux/installer/rpm/psw-dcap/psw-dcap.spec.tmpl b/linux/installer/rpm/psw-dcap/psw-dcap.spec.tmpl -index c7ba4c12..66fc4a78 100644 ---- a/linux/installer/rpm/psw-dcap/psw-dcap.spec.tmpl -+++ b/linux/installer/rpm/psw-dcap/psw-dcap.spec.tmpl -@@ -31,7 +31,6 @@ - - %define _aesm_service_path @aesm_service_path@ - %define _ra_service_path @ra_service_path@ --%define _dcap_pccs_path @dcap_pccs_path@ - %define _pck_id_retrieval_tool_path @pck_id_retrieval_tool_path@ - %define _psw_version @psw_version@ - %define _dcap_version @dcap_version@ -@@ -303,14 +302,6 @@ Requires: libsgx-dcap-quote-verify = %{version}-%{release} libsgx-headers > - %description -n libsgx-dcap-quote-verify-devel - Intel(R) Software Guard Extensions Data Center Attestation Primitives Quote Verification Library for Developers - --%package -n sgx-dcap-pccs --Version: %{_dcap_version} --Summary: Intel(R) Software Guard Extensions PCK Caching Service --Requires: gcc gcc-c++ make -- --%description -n sgx-dcap-pccs --Intel(R) Software Guard Extensions PCK Caching Service -- - %package -n libsgx-ra-network - Version: %{_dcap_version} - Summary: Intel(R) Software Guard Extensions Registration Agent Network Library -@@ -378,14 +369,13 @@ for pkg in $(ls -A %{?buildroot} 2> /dev/null |grep -v "license"); do - grep -v "^%{_includedir}" | \ - grep -v "^%{_sysconfdir}" | \ - grep -v "^%{_aesm_service_path}" | \ -- grep -v "^%{_dcap_pccs_path}" | \ - grep -v "^%{_ra_service_path}" | \ - grep -v "^%{_pck_id_retrieval_tool_path}" | \ - sed -e "s#^#%dir #" > %{_specdir}/list-${pkg} - for f in $(find %{?buildroot}/${pkg}); do - if [ -d ${f} ]; then - echo ${f} | sed -e "s#^%{?buildroot}/${pkg}##" | \ -- grep -E "^%{_aesm_service_path}|^%{_dcap_pccs_path}|^%{_ra_service_path}|^%{_pck_id_retrieval_tool_path}" | \ -+ grep -E "^%{_aesm_service_path}|^%{_ra_service_path}|^%{_pck_id_retrieval_tool_path}" | \ - sed -e "s#^#%dir #" >> %{_specdir}/list-${pkg} - else - echo ${f} | \ -@@ -395,7 +385,7 @@ for pkg in $(ls -A %{?buildroot} 2> /dev/null |grep -v "license"); do - cp -r %{?buildroot}/${pkg}/* %{?buildroot}/ - rm -fr %{?buildroot}/${pkg} - sed -i -e 's:^/etc/.*\.conf:%config &:' \ -- -e 's:^%{_dcap_pccs_path}/config/default\.json:%config &:' %{_specdir}/list-${pkg} -+ %{_specdir}/list-${pkg} - done - rm -fr %{?buildroot}/license - -@@ -433,7 +423,6 @@ make clean - %files -n libsgx-dcap-ql-devel -f %{_specdir}/list-libsgx-dcap-ql-devel - %files -n libsgx-dcap-quote-verify -f %{_specdir}/list-libsgx-dcap-quote-verify - %files -n libsgx-dcap-quote-verify-devel -f %{_specdir}/list-libsgx-dcap-quote-verify-devel --%files -n sgx-dcap-pccs -f %{_specdir}/list-sgx-dcap-pccs - %files -n libsgx-ra-network -f %{_specdir}/list-libsgx-ra-network - %files -n libsgx-ra-network-devel -f %{_specdir}/list-libsgx-ra-network-devel - %files -n libsgx-ra-uefi -f %{_specdir}/list-libsgx-ra-uefi -@@ -447,12 +436,6 @@ if [ -x %{_aesm_service_path}/startup.sh ]; then %{_aesm_service_path}/startup.s - %preun - if [ -x %{_aesm_service_path}/cleanup.sh ]; then %{_aesm_service_path}/cleanup.sh; fi - --%posttrans -n sgx-dcap-pccs --if [ -x %{_dcap_pccs_path}/startup.sh ]; then %{_dcap_pccs_path}/startup.sh; fi -- --%preun -n sgx-dcap-pccs --if [ -x %{_dcap_pccs_path}/cleanup.sh ]; then %{_dcap_pccs_path}/cleanup.sh; fi -- - %posttrans -n sgx-ra-service - if [ -x %{_ra_service_path}/startup.sh ]; then %{_ra_service_path}/startup.sh; fi - -diff --git a/linux/installer/rpm/psw-tdx/build.sh b/linux/installer/rpm/psw-tdx/build.sh -index f42d6bd2..25a683c8 100755 ---- a/linux/installer/rpm/psw-tdx/build.sh -+++ b/linux/installer/rpm/psw-tdx/build.sh -@@ -63,7 +63,6 @@ update_spec() { - -e "s:@dcap_version@:${dcap_version}:" \ - -e "s:@tdx_qgs_path@:${SGX_INSTALL_PATH}/${TDX_QGS_PACKAGE}:" \ - -e "s:@ra_service_path@:${SGX_INSTALL_PATH}/${RA_SERVICE_PACKAGE}:" \ -- -e "s:@dcap_pccs_path@:${SGX_INSTALL_PATH}/${DCAP_PCCS_PACKAGE}:" \ - -e "s:@pck_id_retrieval_tool_path@:${SGX_INSTALL_PATH}/${PCK_ID_RETRIEVAL_TOOL_PACKAGE}:" \ - ${cur_dir}/${psw_tdx}.spec.tmpl > ${cur_dir}/${rpm_build_dir}/SPECS/${psw_tdx}.spec - -diff --git a/linux/installer/rpm/psw-tdx/psw-tdx.spec.tmpl b/linux/installer/rpm/psw-tdx/psw-tdx.spec.tmpl -index 0dd5fd8c..67eab01a 100644 ---- a/linux/installer/rpm/psw-tdx/psw-tdx.spec.tmpl -+++ b/linux/installer/rpm/psw-tdx/psw-tdx.spec.tmpl -@@ -31,7 +31,6 @@ - - %define _tdx_qgs_path @tdx_qgs_path@ - %define _ra_service_path @ra_service_path@ --%define _dcap_pccs_path @dcap_pccs_path@ - %define _pck_id_retrieval_tool_path @pck_id_retrieval_tool_path@ - %define _psw_version @psw_version@ - %define _dcap_version @dcap_version@ -@@ -198,14 +197,6 @@ Requires: libsgx-dcap-quote-verify = %{version}-%{release} libsgx-headers > - %description -n libsgx-dcap-quote-verify-devel - Intel(R) Software Guard Extensions Data Center Attestation Primitives Quote Verification Library for Developers - --%package -n sgx-dcap-pccs --Version: %{_dcap_version} --Summary: Intel(R) Software Guard Extensions PCK Caching Service --Requires: gcc gcc-c++ make -- --%description -n sgx-dcap-pccs --Intel(R) Software Guard Extensions PCK Caching Service -- - %package -n libsgx-ra-network - Version: %{_dcap_version} - Summary: Intel(R) Software Guard Extensions Registration Agent Network Library -@@ -273,14 +264,13 @@ for pkg in $(ls -A %{?buildroot} 2> /dev/null |grep -v "license"); do - grep -v "^%{_includedir}" | \ - grep -v "^%{_sysconfdir}" | \ - grep -v "^%{_tdx_qgs_path}" | \ -- grep -v "^%{_dcap_pccs_path}" | \ - grep -v "^%{_ra_service_path}" | \ - grep -v "^%{_pck_id_retrieval_tool_path}" | \ - sed -e "s#^#%dir #" > %{_specdir}/list-${pkg} - for f in $(find %{?buildroot}/${pkg}); do - if [ -d ${f} ]; then - echo ${f} | sed -e "s#^%{?buildroot}/${pkg}##" | \ -- grep -E "^%{_tdx_qgs_path}|^%{_dcap_pccs_path}|^%{_ra_service_path}|^%{_pck_id_retrieval_tool_path}" | \ -+ grep -E "^%{_tdx_qgs_path}|^%{_ra_service_path}|^%{_pck_id_retrieval_tool_path}" | \ - sed -e "s#^#%dir #" >> %{_specdir}/list-${pkg} - else - echo ${f} | \ -@@ -290,7 +280,7 @@ for pkg in $(ls -A %{?buildroot} 2> /dev/null |grep -v "license"); do - cp -r %{?buildroot}/${pkg}/* %{?buildroot}/ - rm -fr %{?buildroot}/${pkg} - sed -i -e 's:^/etc/.*\.conf:%config &:' \ -- -e 's:^%{_dcap_pccs_path}/config/default\.json:%config &:' %{_specdir}/list-${pkg} -+ %{_specdir}/list-${pkg} - done - rm -fr %{?buildroot}/license - -@@ -315,7 +305,6 @@ make clean - %files -n libtdx-attest-devel -f %{_specdir}/list-libtdx-attest-devel - %files -n libsgx-dcap-quote-verify -f %{_specdir}/list-libsgx-dcap-quote-verify - %files -n libsgx-dcap-quote-verify-devel -f %{_specdir}/list-libsgx-dcap-quote-verify-devel --%files -n sgx-dcap-pccs -f %{_specdir}/list-sgx-dcap-pccs - %files -n libsgx-ra-network -f %{_specdir}/list-libsgx-ra-network - %files -n libsgx-ra-network-devel -f %{_specdir}/list-libsgx-ra-network-devel - %files -n libsgx-ra-uefi -f %{_specdir}/list-libsgx-ra-uefi -@@ -329,12 +318,6 @@ if [ -x %{_tdx_qgs_path}/startup.sh ]; then %{_tdx_qgs_path}/startup.sh; fi - %preun - if [ -x %{_tdx_qgs_path}/cleanup.sh ]; then %{_tdx_qgs_path}/cleanup.sh; fi - --%posttrans -n sgx-dcap-pccs --if [ -x %{_dcap_pccs_path}/startup.sh ]; then %{_dcap_pccs_path}/startup.sh; fi -- --%preun -n sgx-dcap-pccs --if [ -x %{_dcap_pccs_path}/cleanup.sh ]; then %{_dcap_pccs_path}/cleanup.sh; fi -- - %posttrans -n sgx-ra-service - if [ -x %{_ra_service_path}/startup.sh ]; then %{_ra_service_path}/startup.sh; fi - --- -2.48.1 - diff --git a/SOURCES/0011-psw-fix-soname-for-libuae_service.so-library.patch b/SOURCES/0009-psw-fix-soname-for-libuae_service.so-library.patch similarity index 90% rename from SOURCES/0011-psw-fix-soname-for-libuae_service.so-library.patch rename to SOURCES/0009-psw-fix-soname-for-libuae_service.so-library.patch index 9d6ac62..c2f5807 100644 --- a/SOURCES/0011-psw-fix-soname-for-libuae_service.so-library.patch +++ b/SOURCES/0009-psw-fix-soname-for-libuae_service.so-library.patch @@ -1,7 +1,7 @@ -From 44fa7a1f6108ae855419f32288573ff3c51f1fa4 Mon Sep 17 00:00:00 2001 +From 6d0fee06ee6c87f8f89aac9947bb8b3df9930238 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Fri, 17 Jan 2025 15:38:56 +0000 -Subject: [PATCH 11/16] psw: fix soname for libuae_service.so library +Subject: [PATCH 09/15] psw: fix soname for libuae_service.so library MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -25,5 +25,5 @@ index bffbdc5b..81f5c4b7 100644 $(IPC_SRC:.cpp=.o) : $(IPC_COMMON_PROTO_DIR)/messages.pb.cc AEServicesImpl.o : $(IPC_COMMON_PROTO_DIR)/messages.pb.cc -- -2.48.1 +2.49.0 diff --git a/SOURCES/0012-pcl-remove-redundant-use-of-bool-type.patch b/SOURCES/0010-pcl-remove-redundant-use-of-bool-type.patch similarity index 91% rename from SOURCES/0012-pcl-remove-redundant-use-of-bool-type.patch rename to SOURCES/0010-pcl-remove-redundant-use-of-bool-type.patch index d0906e5..f774ad9 100644 --- a/SOURCES/0012-pcl-remove-redundant-use-of-bool-type.patch +++ b/SOURCES/0010-pcl-remove-redundant-use-of-bool-type.patch @@ -1,7 +1,7 @@ -From 64e9315acfc84f84299e8f0d8d890f158d972b0f Mon Sep 17 00:00:00 2001 +From 26f9569bf1ea44bc2e937b8ccbb1141bb1f88274 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Thu, 6 Feb 2025 09:54:33 +0000 -Subject: [PATCH 12/16] pcl: remove redundant use of 'bool' type +Subject: [PATCH 10/15] pcl: remove redundant use of 'bool' type MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -45,5 +45,5 @@ index 5ad6efde..b78ca907 100644 #endif // #ifdef SE_SIM -- -2.48.1 +2.49.0 diff --git a/SOURCES/0013-sdk-honour-CFLAGS-LDFLAGS-set-from-environment.patch b/SOURCES/0011-sdk-honour-CFLAGS-LDFLAGS-set-from-environment.patch similarity index 93% rename from SOURCES/0013-sdk-honour-CFLAGS-LDFLAGS-set-from-environment.patch rename to SOURCES/0011-sdk-honour-CFLAGS-LDFLAGS-set-from-environment.patch index ffce807..9bf9229 100644 --- a/SOURCES/0013-sdk-honour-CFLAGS-LDFLAGS-set-from-environment.patch +++ b/SOURCES/0011-sdk-honour-CFLAGS-LDFLAGS-set-from-environment.patch @@ -1,7 +1,7 @@ -From 51aa96fc252d5792ca26132478eb5c1c8af1a63c Mon Sep 17 00:00:00 2001 +From 5e43013eff1a6d558f1bad189cae185b383c49f6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Thu, 27 Mar 2025 14:17:01 +0000 -Subject: [PATCH 13/16] sdk: honour CFLAGS/LDFLAGS set from environment +Subject: [PATCH 11/15] sdk: honour CFLAGS/LDFLAGS set from environment MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -49,7 +49,7 @@ index d388dc1d..867de978 100644 LINK_FLAGS := -lcrypto -L$(BUILD_DIR) -lsgx_tservice CPP_FILES := encryptip.cpp diff --git a/sdk/sign_tool/SignTool/Makefile b/sdk/sign_tool/SignTool/Makefile -index 219fb5ad..fe16b392 100644 +index 1dcb6f51..1601de09 100644 --- a/sdk/sign_tool/SignTool/Makefile +++ b/sdk/sign_tool/SignTool/Makefile @@ -40,7 +40,7 @@ FLAGS += -DSE_DEBUG_LEVEL=SE_TRACE_ERROR @@ -88,7 +88,7 @@ index 45ddb576..865d5556 100644 RDRAND_LIBDIR := $(LINUX_EXTERNAL_DIR)/rdrand/src RDRAND_MAKEFILE := $(RDRAND_LIBDIR)/Makefile diff --git a/sdk/simulation/urtssim/linux/Makefile b/sdk/simulation/urtssim/linux/Makefile -index 505ce8d9..b340463a 100644 +index ea8ca78c..dd716f2b 100644 --- a/sdk/simulation/urtssim/linux/Makefile +++ b/sdk/simulation/urtssim/linux/Makefile @@ -65,9 +65,9 @@ DIR5 := $(LINUX_PSW_DIR)/../common/src/linux @@ -103,7 +103,7 @@ index 505ce8d9..b340463a 100644 OBJ1 := enclave.o \ tcs.o \ -@@ -119,7 +119,7 @@ vpath %.cpp .:$(DIR1):$(DIR2):$(DIR3):$(DIR4):$(DIR6) +@@ -120,7 +120,7 @@ vpath %.cpp .:$(DIR1):$(DIR2):$(DIR3):$(DIR4):$(DIR6) vpath %.S .:$(DIR2):$(DIR5) vpath %.c .:$(DIR6) @@ -112,7 +112,7 @@ index 505ce8d9..b340463a 100644 LIBURTSSIM_SHARED := libsgx_urts_sim.so LIBURTS_DEPLOY := libsgx_urts_deploy.so -@@ -133,7 +133,7 @@ all: $(LIBURTSSIM_SHARED) $(LIBURTS_DEPLOY)| $(BUILD_DIR) +@@ -134,7 +134,7 @@ all: $(LIBURTSSIM_SHARED) $(LIBURTS_DEPLOY)| $(BUILD_DIR) $(CP) $(LIBURTS_DEPLOY) $| $(LIBURTSSIM_SHARED): simasm uinst driver_api wrapper uae_service_sim $(OBJ) $(OBJ6) ittnotify @@ -122,5 +122,5 @@ index 505ce8d9..b340463a 100644 $(BUILD_DIR): @$(MKDIR) $@ -- -2.48.1 +2.49.0 diff --git a/SOURCES/0014-psw-make-aesm_service-build-verbose.patch b/SOURCES/0012-psw-make-aesm_service-build-verbose.patch similarity index 86% rename from SOURCES/0014-psw-make-aesm_service-build-verbose.patch rename to SOURCES/0012-psw-make-aesm_service-build-verbose.patch index f25cea8..6203c03 100644 --- a/SOURCES/0014-psw-make-aesm_service-build-verbose.patch +++ b/SOURCES/0012-psw-make-aesm_service-build-verbose.patch @@ -1,7 +1,7 @@ -From e2f8a9054e512b3c49f4264824892baf07898efc Mon Sep 17 00:00:00 2001 +From e9ca38a6045c2ad5d5277cb52bc175eb56ee7466 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Thu, 27 Mar 2025 16:07:10 +0000 -Subject: [PATCH 14/16] psw: make aesm_service build verbose. +Subject: [PATCH 12/15] psw: make aesm_service build verbose. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -25,5 +25,5 @@ index 89a15875..dbfa3fb6 100644 $(CP) $(CPPMICROSERVICES) source/build/bin/ endif -- -2.48.1 +2.49.0 diff --git a/SOURCES/0015-Fix-modern-C-function-prototype-compliance.patch b/SOURCES/0013-Fix-modern-C-function-prototype-compliance.patch similarity index 93% rename from SOURCES/0015-Fix-modern-C-function-prototype-compliance.patch rename to SOURCES/0013-Fix-modern-C-function-prototype-compliance.patch index 5a32649..81a760f 100644 --- a/SOURCES/0015-Fix-modern-C-function-prototype-compliance.patch +++ b/SOURCES/0013-Fix-modern-C-function-prototype-compliance.patch @@ -1,7 +1,7 @@ -From f70028402c31652c65277291e93b4c565c8863ad Mon Sep 17 00:00:00 2001 +From 0ef77c5de1ae80a8a1df4280af1dbd1fba6ebe46 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Mon, 31 Mar 2025 10:55:25 +0100 -Subject: [PATCH 15/16] Fix modern C function prototype compliance +Subject: [PATCH 13/15] Fix modern C function prototype compliance MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -39,5 +39,5 @@ index 8e4e7600..8c38bb68 100644 g_sys_ptrace = (ptrace_t)dlsym(RTLD_NEXT, "ptrace"); g_sys_waitpid = (waitpid_t)dlsym(RTLD_NEXT, "waitpid"); -- -2.48.1 +2.49.0 diff --git a/SOURCES/0016-Add-wrapper-for-nasm-to-fix-cmake-compat.patch b/SOURCES/0014-Add-wrapper-for-nasm-to-fix-cmake-compat.patch similarity index 93% rename from SOURCES/0016-Add-wrapper-for-nasm-to-fix-cmake-compat.patch rename to SOURCES/0014-Add-wrapper-for-nasm-to-fix-cmake-compat.patch index 4432eab..b1a5bd0 100644 --- a/SOURCES/0016-Add-wrapper-for-nasm-to-fix-cmake-compat.patch +++ b/SOURCES/0014-Add-wrapper-for-nasm-to-fix-cmake-compat.patch @@ -1,7 +1,7 @@ -From dc2be9ad1955e85006604ef2840357a1dedf856c Mon Sep 17 00:00:00 2001 +From 77f998c285d15d31ec9104d413b380f90fa91970 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Wed, 2 Apr 2025 17:11:25 +0100 -Subject: [PATCH 16/16] Add wrapper for nasm to fix cmake compat +Subject: [PATCH 14/15] Add wrapper for nasm to fix cmake compat MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -37,7 +37,7 @@ index 00000000..4ad75f73 + exec python ${here}/sgx-asm-pp.py --assembler=nasm --MITIGATION-CVE-2020-0551=${MITIGATION} "$@" +fi diff --git a/external/ippcp_internal/Makefile b/external/ippcp_internal/Makefile -index 70718f5e..d8efe418 100644 +index d78ba90e..71a40247 100644 --- a/external/ippcp_internal/Makefile +++ b/external/ippcp_internal/Makefile @@ -58,10 +58,12 @@ IPP_CONFIG += -DIPPCP_FIPS_MODE=on -DFIPS_CUSTOM_IPPCP_API_HEADER=$(CURDIR)/inc @@ -65,5 +65,5 @@ index 70718f5e..d8efe418 100644 $(IPP_SOURCE)/build: ifeq ($(IPP_USE_GIT), 1) -- -2.48.1 +2.49.0 diff --git a/SOURCES/0015-fix-BOM-for-pccs-with-DCAP-1.23.patch b/SOURCES/0015-fix-BOM-for-pccs-with-DCAP-1.23.patch new file mode 100644 index 0000000..aa52f20 --- /dev/null +++ b/SOURCES/0015-fix-BOM-for-pccs-with-DCAP-1.23.patch @@ -0,0 +1,72 @@ +From 595343c8d79a45760a30b30e1bd66f4079c61f52 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= +Date: Fri, 27 Jun 2025 11:37:26 +0100 +Subject: [PATCH 15/15] fix BOM for pccs with DCAP 1.23 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The BOM for pccs is missing various files causing it to fail to start. +This change is synced from the BOM filelist seen in the DCAP git repo. + +Signed-off-by: Daniel P. Berrangé +--- + .../common/psw-tdx/BOM_install/sgx-dcap-pccs.txt | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/linux/installer/common/psw-tdx/BOM_install/sgx-dcap-pccs.txt b/linux/installer/common/psw-tdx/BOM_install/sgx-dcap-pccs.txt +index d70745c9..73c687b3 100644 +--- a/linux/installer/common/psw-tdx/BOM_install/sgx-dcap-pccs.txt ++++ b/linux/installer/common/psw-tdx/BOM_install/sgx-dcap-pccs.txt +@@ -12,6 +12,7 @@ DeliveryName InstallName FileCheckSum FileFeature FileOwner + /external/dcap_source/QuoteGeneration/pccs/controllers/rootcacrlController.js /controllers/rootcacrlController.js 0 main STP + /external/dcap_source/QuoteGeneration/pccs/controllers/tcbinfoController.js /controllers/tcbinfoController.js 0 main STP + /external/dcap_source/QuoteGeneration/pccs/controllers/crlController.js /controllers/crlController.js 0 main STP ++/external/dcap_source/QuoteGeneration/pccs/controllers/appraisalPolicyController.js /controllers/appraisalPolicyController.js 0 main STP + /external/dcap_source/QuoteGeneration/pccs/dao/models/fmspc_tcbs.js /dao/models/fmspc_tcbs.js 0 main STP + /external/dcap_source/QuoteGeneration/pccs/dao/models/index.js /dao/models/index.js 0 main STP + /external/dcap_source/QuoteGeneration/pccs/dao/models/pck_cert.js /dao/models/pck_cert.js 0 main STP +@@ -24,6 +25,7 @@ DeliveryName InstallName FileCheckSum FileFeature FileOwner + /external/dcap_source/QuoteGeneration/pccs/dao/models/platforms.js /dao/models/platforms.js 0 main STP + /external/dcap_source/QuoteGeneration/pccs/dao/models/enclave_identities.js /dao/models/enclave_identities.js 0 main STP + /external/dcap_source/QuoteGeneration/pccs/dao/models/crl_cache.js /dao/models/crl_cache.js 0 main STP ++/external/dcap_source/QuoteGeneration/pccs/dao/models/appraisal_policy.js /dao/models/appraisal_policy.js 0 main STP + /external/dcap_source/QuoteGeneration/pccs/dao/fmspcTcbDao.js /dao/fmspcTcbDao.js 0 main STP + /external/dcap_source/QuoteGeneration/pccs/dao/pckCertchainDao.js /dao/pckCertchainDao.js 0 main STP + /external/dcap_source/QuoteGeneration/pccs/dao/pckcertDao.js /dao/pckcertDao.js 0 main STP +@@ -35,14 +37,19 @@ DeliveryName InstallName FileCheckSum FileFeature FileOwner + /external/dcap_source/QuoteGeneration/pccs/dao/platformTcbsDao.js /dao/platformTcbsDao.js 0 main STP + /external/dcap_source/QuoteGeneration/pccs/dao/enclaveIdentityDao.js /dao/enclaveIdentityDao.js 0 main STP + /external/dcap_source/QuoteGeneration/pccs/dao/crlCacheDao.js /dao/crlCacheDao.js 0 main STP ++/external/dcap_source/QuoteGeneration/pccs/dao/appraisalPolicyDao.js /dao/appraisalPolicyDao.js 0 main STP + /external/dcap_source/tools/PCKCertSelection/out/libPCKCertSelection.so /lib/libPCKCertSelection.so 0 main STP + /external/dcap_source/QuoteGeneration/pccs/lib_wrapper/pcklib_wrapper.js /lib_wrapper/pcklib_wrapper.js 0 main STP + /external/dcap_source/QuoteGeneration/pccs/middleware/auth.js /middleware/auth.js 0 main STP + /external/dcap_source/QuoteGeneration/pccs/middleware/error.js /middleware/error.js 0 main STP + /external/dcap_source/QuoteGeneration/pccs/middleware/addRequestId.js /middleware/addRequestId.js 0 main STP ++/external/dcap_source/QuoteGeneration/pccs/middleware/filterDuplicatedParams.js /middleware/filterDuplicatedParams.js 0 main STP + /external/dcap_source/QuoteGeneration/pccs/migrations/00_db_initialize.up.sql /migrations/00_db_initialize.up.sql 0 main STP + /external/dcap_source/QuoteGeneration/pccs/migrations/01_db_version_1.js /migrations/01_db_version_1.js 0 main STP + /external/dcap_source/QuoteGeneration/pccs/migrations/02_db_version_2.js /migrations/02_db_version_2.js 0 main STP ++/external/dcap_source/QuoteGeneration/pccs/migrations/03_db_version_3.js /migrations/03_db_version_3.js 0 main STP ++/external/dcap_source/QuoteGeneration/pccs/migrations/04_db_version_4.js /migrations/04_db_version_4.js 0 main STP ++/external/dcap_source/QuoteGeneration/pccs/migrations/05_db_version_5.js /migrations/05_db_version_5.js 0 main STP + /external/dcap_source/QuoteGeneration/pccs/pcs_client/pcs_client.js /pcs_client/pcs_client.js 0 main STP + /external/dcap_source/QuoteGeneration/pccs/routes/index.js /routes/index.js 0 main STP + /external/dcap_source/QuoteGeneration/pccs/services/identityService.js /services/identityService.js 0 main STP +@@ -57,6 +64,7 @@ DeliveryName InstallName FileCheckSum FileFeature FileOwner + /external/dcap_source/QuoteGeneration/pccs/services/rootcacrlService.js /services/rootcacrlService.js 0 main STP + /external/dcap_source/QuoteGeneration/pccs/services/tcbinfoService.js /services/tcbinfoService.js 0 main STP + /external/dcap_source/QuoteGeneration/pccs/services/crlService.js /services/crlService.js 0 main STP ++/external/dcap_source/QuoteGeneration/pccs/services/appraisalPolicyService.js /services/appraisalPolicyService.js 0 main STP + /external/dcap_source/QuoteGeneration/pccs/services/caching_modes/cachingMode.js /services/caching_modes/cachingMode.js 0 main STP + /external/dcap_source/QuoteGeneration/pccs/services/caching_modes/cachingModeManager.js /services/caching_modes/cachingModeManager.js 0 main STP + /external/dcap_source/QuoteGeneration/pccs/services/logic/commonCacheLogic.js /services/logic/commonCacheLogic.js 0 main STP +@@ -72,3 +80,4 @@ DeliveryName InstallName FileCheckSum FileFeature FileOwner + /external/dcap_source/QuoteGeneration/pccs/startup.sh /startup.sh 0 main STP + /external/dcap_source/QuoteGeneration/pccs/cleanup.sh /cleanup.sh 0 main STP + /external/dcap_source/QuoteGeneration/pccs/README.md /README.md 0 main STP ++/external/dcap_source/QuoteGeneration/pccs/nodejs.cnf /nodejs.cnf 0 main STP +-- +2.49.0 + diff --git a/SOURCES/0050-Disable-inclusion-of-AESM-in-installer.patch b/SOURCES/0050-Disable-inclusion-of-AESM-in-installer.patch index a89a40a..11aff78 100644 --- a/SOURCES/0050-Disable-inclusion-of-AESM-in-installer.patch +++ b/SOURCES/0050-Disable-inclusion-of-AESM-in-installer.patch @@ -1,4 +1,4 @@ -From 07f39d2eb84d66fd19d025856747c5521068f26c Mon Sep 17 00:00:00 2001 +From 550144746385554702fdcd65bbe8638cda08d055 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Tue, 11 Feb 2025 14:58:58 +0000 Subject: [PATCH] Disable inclusion of AESM in installer @@ -16,10 +16,10 @@ Signed-off-by: Daniel P. Berrangé 2 files changed, 3 insertions(+), 28 deletions(-) diff --git a/linux/installer/common/psw-dcap/Makefile b/linux/installer/common/psw-dcap/Makefile -index 5e8a8560..e8dd018b 100644 +index a85c8b82..3ea22440 100644 --- a/linux/installer/common/psw-dcap/Makefile +++ b/linux/installer/common/psw-dcap/Makefile -@@ -147,13 +147,7 @@ post_$(1): $(1) | $(PACKAGE_ROOT_PATH) +@@ -150,13 +150,7 @@ post_$(1): $(1) | $(PACKAGE_ROOT_PATH) cp -fr $$|/$$ Date: Mon, 26 Feb 2024 12:19:51 +0000 -Subject: [PATCH 100/117] Drop use of bundled pre-built openssl +Subject: [PATCH 100/136] Drop use of bundled pre-built openssl MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -20,7 +20,7 @@ Signed-off-by: Daniel P. Berrangé 6 files changed, 14 insertions(+), 24 deletions(-) diff --git a/QuoteGeneration/qcnl/linux/Makefile b/QuoteGeneration/qcnl/linux/Makefile -index f5b7be9..f043575 100644 +index f5b7be90..f043575f 100644 --- a/QuoteGeneration/qcnl/linux/Makefile +++ b/QuoteGeneration/qcnl/linux/Makefile @@ -32,7 +32,6 @@ @@ -54,7 +54,7 @@ index f5b7be9..f043575 100644 ifndef DEBUG CNL_Lib_Cpp_Flags += -DDISABLE_TRACE diff --git a/QuoteGeneration/qpl/linux/Makefile b/QuoteGeneration/qpl/linux/Makefile -index b675e72..204234c 100644 +index b675e729..204234c7 100644 --- a/QuoteGeneration/qpl/linux/Makefile +++ b/QuoteGeneration/qpl/linux/Makefile @@ -32,7 +32,6 @@ @@ -87,7 +87,7 @@ index b675e72..204234c 100644 ifndef DEBUG diff --git a/QuoteVerification/buildenv.mk b/QuoteVerification/buildenv.mk -index b25ce40..982c7d5 100644 +index b25ce407..982c7d56 100644 --- a/QuoteVerification/buildenv.mk +++ b/QuoteVerification/buildenv.mk @@ -56,7 +56,6 @@ PREBUILD_PATH := $(DCAP_QG_DIR)/../prebuilt @@ -99,7 +99,7 @@ index b25ce40..982c7d5 100644 SGX_COMMON_CFLAGS := $(COMMON_FLAGS) -m64 -Wjump-misses-init -Wstrict-prototypes -Wunsuffixed-float-constants SGX_COMMON_CXXFLAGS := $(COMMON_FLAGS) -m64 -Wnon-virtual-dtor -std=c++17 diff --git a/QuoteVerification/dcap_quoteverify/linux/Makefile b/QuoteVerification/dcap_quoteverify/linux/Makefile -index 9820b61..fba7f43 100644 +index 74fad4c6..894e616a 100644 --- a/QuoteVerification/dcap_quoteverify/linux/Makefile +++ b/QuoteVerification/dcap_quoteverify/linux/Makefile @@ -36,8 +36,8 @@ INSTALL_PATH ?= /usr/lib/x86_64-linux-gnu @@ -131,7 +131,7 @@ index 9820b61..fba7f43 100644 QVL_VERIFY_CPP_SRCS := $(wildcard ../*.cpp) $(wildcard *.cpp) diff --git a/tools/PCKCertSelection/PCKCertSelectionLib/Makefile b/tools/PCKCertSelection/PCKCertSelectionLib/Makefile -index e0402e9..12c0d35 100644 +index e0402e95..12c0d35e 100644 --- a/tools/PCKCertSelection/PCKCertSelectionLib/Makefile +++ b/tools/PCKCertSelection/PCKCertSelectionLib/Makefile @@ -63,10 +63,7 @@ ifndef QG_DIR @@ -165,7 +165,7 @@ index e0402e9..12c0d35 100644 # debug/release switch diff --git a/tools/PCKCertSelection/PCKCertSelectionLib/Makefile.static_lib b/tools/PCKCertSelection/PCKCertSelectionLib/Makefile.static_lib -index a20a3cd..c8e1d01 100644 +index a20a3cd5..c8e1d01e 100644 --- a/tools/PCKCertSelection/PCKCertSelectionLib/Makefile.static_lib +++ b/tools/PCKCertSelection/PCKCertSelectionLib/Makefile.static_lib @@ -118,7 +118,7 @@ LIB_CPP_OBJECTS := \ @@ -188,5 +188,5 @@ index a20a3cd..c8e1d01 100644 debug: $(PCKCERTSEL_VERBOSE)$(MAKE) DEBUG=1 all -- -2.49.0 +2.52.0 diff --git a/SOURCES/0101-Improve-debuggability-of-build-system.patch b/SOURCES/0101-Improve-debuggability-of-build-system.patch index c5c871b..e4d2ab1 100644 --- a/SOURCES/0101-Improve-debuggability-of-build-system.patch +++ b/SOURCES/0101-Improve-debuggability-of-build-system.patch @@ -1,7 +1,7 @@ -From b4d3b1401e16a557bcba1fe02b525bd5c26ee532 Mon Sep 17 00:00:00 2001 +From b36d8f61a5a18dc5edfbd632e5f2373bcf365b3e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Fri, 1 Mar 2024 12:05:01 +0000 -Subject: [PATCH 101/117] Improve debuggability of build system +Subject: [PATCH 101/136] Improve debuggability of build system MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -17,7 +17,7 @@ Signed-off-by: Daniel P. Berrangé 3 files changed, 16 insertions(+), 16 deletions(-) diff --git a/QuoteGeneration/qcnl/linux/Makefile b/QuoteGeneration/qcnl/linux/Makefile -index f043575..bfe9c61 100644 +index f043575f..bfe9c613 100644 --- a/QuoteGeneration/qcnl/linux/Makefile +++ b/QuoteGeneration/qcnl/linux/Makefile @@ -113,7 +113,7 @@ $(CNL_Lib_Name_Static): $(CNL_Lib_Cpp_Objects) $(CNL_Lib_C_Objects) $(PCK_Select @@ -30,7 +30,7 @@ index f043575..bfe9c61 100644 true diff --git a/QuoteVerification/appraisal/qal/Makefile b/QuoteVerification/appraisal/qal/Makefile -index 139848a..cd361c4 100644 +index 139848ac..cd361c48 100644 --- a/QuoteVerification/appraisal/qal/Makefile +++ b/QuoteVerification/appraisal/qal/Makefile @@ -128,7 +128,7 @@ $(QAL_CXX_Common_Objs): %.o: ../common/%.cpp @@ -43,7 +43,7 @@ index 139848a..cd361c4 100644 clean: $(RM) $(QAL_Obj_Files) $(Target_Lib_Name) $(Target_Lib_Name).$(SGX_MAJOR_VER) $(Target_Static_Lib_Name) $(BUILD_DIR)/$(Target_Lib_Name) $(QVL_Cpp_Obj_Files) diff --git a/QuoteVerification/dcap_quoteverify/linux/Makefile b/QuoteVerification/dcap_quoteverify/linux/Makefile -index fba7f43..5979699 100644 +index 894e616a..7962d102 100644 --- a/QuoteVerification/dcap_quoteverify/linux/Makefile +++ b/QuoteVerification/dcap_quoteverify/linux/Makefile @@ -107,13 +107,13 @@ $(BUILD_DIR): @@ -67,9 +67,9 @@ index fba7f43..5979699 100644 @@ -123,13 +123,13 @@ run: all ######## QVL Library Objects ######## - qve_u.h: $(SGX_EDGER8R) $(QVE_SRC_PATH)/Enclave/qve.edl -- @$(SGX_EDGER8R) --untrusted $(QVE_SRC_PATH)/Enclave/qve.edl --search-path $(QVE_SRC_PATH)/Enclave --search-path $(SGX_SDK)/include -+ $(SGX_EDGER8R) --untrusted $(QVE_SRC_PATH)/Enclave/qve.edl --search-path $(QVE_SRC_PATH)/Enclave --search-path $(SGX_SDK)/include + qve_u.h: $(QVE_SRC_PATH)/Enclave/qve.edl $(SGX_EDGER8R) +- @$(SGX_EDGER8R) --untrusted $< $(addprefix --search-path ,$(QVE_SRC_PATH)/Enclave $(SGX_SDK)/include $(addprefix $(SGXSSL_PACKAGE_PATH)/include/,. $(if $(FIPS),,no)filefunc)) ++ $(SGX_EDGER8R) --untrusted $< $(addprefix --search-path ,$(QVE_SRC_PATH)/Enclave $(SGX_SDK)/include $(addprefix $(SGXSSL_PACKAGE_PATH)/include/,. $(if $(FIPS),,no)filefunc)) @echo "GEN => $@" qve_u.c : qve_u.h @@ -126,7 +126,7 @@ index fba7f43..5979699 100644 + $(AR) rsD $(QVL_VERIFY_LIB_NAME_Static) $(QVL_VERIFY_CPP_OBJS_STATIC) $(QVL_VERIFY_C_OBJS) $(QVE_CPP_OBJ) $(QVL_LIB_COMMON_OBJS) .PHONY: qal - qal: + qal: -- -2.49.0 +2.52.0 diff --git a/SOURCES/0102-Support-build-time-setting-of-enclave-load-directory.patch b/SOURCES/0102-Support-build-time-setting-of-enclave-load-directory.patch index eea8b4f..a1369b1 100644 --- a/SOURCES/0102-Support-build-time-setting-of-enclave-load-directory.patch +++ b/SOURCES/0102-Support-build-time-setting-of-enclave-load-directory.patch @@ -1,7 +1,7 @@ -From edcd2d044a8e20cf8d2e1cebba7f74f2573c9ae5 Mon Sep 17 00:00:00 2001 +From 9a185a6103e9637b785e498d4c4e4c990e7a3478 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Mon, 26 Feb 2024 12:19:51 +0000 -Subject: [PATCH 102/117] Support build time setting of enclave load directory +Subject: [PATCH 102/136] Support build time setting of enclave load directory MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -45,7 +45,7 @@ Signed-off-by: Daniel P. Berrangé 12 files changed, 60 insertions(+), 8 deletions(-) diff --git a/QuoteGeneration/pce_wrapper/linux/Makefile b/QuoteGeneration/pce_wrapper/linux/Makefile -index debcb41..7ceaaea 100644 +index debcb41d..7ceaaea8 100644 --- a/QuoteGeneration/pce_wrapper/linux/Makefile +++ b/QuoteGeneration/pce_wrapper/linux/Makefile @@ -40,7 +40,7 @@ INCLUDE += -I$(ROOT_DIR)/ae/common \ @@ -58,7 +58,7 @@ index debcb41..7ceaaea 100644 CFLAGS += -fPIC -Werror -g Link_Flags := $(SGX_COMMON_CFLAGS) -L$(ROOT_DIR)/build/linux -L$(SGX_SDK)/lib64 -lsgx_urts -lpthread -ldl diff --git a/QuoteGeneration/pce_wrapper/pce_wrapper.cpp b/QuoteGeneration/pce_wrapper/pce_wrapper.cpp -index 1b362da..a940d8b 100644 +index 1b362da8..a940d8b9 100644 --- a/QuoteGeneration/pce_wrapper/pce_wrapper.cpp +++ b/QuoteGeneration/pce_wrapper/pce_wrapper.cpp @@ -112,6 +112,15 @@ bool get_pce_path( @@ -78,7 +78,7 @@ index 1b362da..a940d8b 100644 NULL != dl_info.dli_fname) { diff --git a/QuoteGeneration/quote_wrapper/quote/linux/Makefile b/QuoteGeneration/quote_wrapper/quote/linux/Makefile -index c50fdb3..7d0b398 100644 +index c50fdb32..7d0b398f 100644 --- a/QuoteGeneration/quote_wrapper/quote/linux/Makefile +++ b/QuoteGeneration/quote_wrapper/quote/linux/Makefile @@ -51,7 +51,7 @@ Quote_Include_Paths := -I$(SGX_SDK)/include -I../inc -I../../common/inc -I./ -I. @@ -91,7 +91,7 @@ index c50fdb3..7d0b398 100644 ifndef DEBUG diff --git a/QuoteGeneration/quote_wrapper/quote/qe_logic.cpp b/QuoteGeneration/quote_wrapper/quote/qe_logic.cpp -index 783c27f..0d81066 100644 +index 783c27f2..0d81066d 100644 --- a/QuoteGeneration/quote_wrapper/quote/qe_logic.cpp +++ b/QuoteGeneration/quote_wrapper/quote/qe_logic.cpp @@ -573,6 +573,15 @@ get_qe_path(const TCHAR *p_file_name, @@ -111,7 +111,7 @@ index 783c27f..0d81066 100644 NULL != dl_info.dli_fname) { diff --git a/QuoteGeneration/quote_wrapper/tdx_quote/linux/Makefile b/QuoteGeneration/quote_wrapper/tdx_quote/linux/Makefile -index 61ad7f3..fc5bd20 100644 +index 61ad7f3c..fc5bd208 100644 --- a/QuoteGeneration/quote_wrapper/tdx_quote/linux/Makefile +++ b/QuoteGeneration/quote_wrapper/tdx_quote/linux/Makefile @@ -56,7 +56,7 @@ Quote_Include_Paths := -I$(SGX_SDK)/include -I../inc -I../../common/inc -I./ \ @@ -124,7 +124,7 @@ index 61ad7f3..fc5bd20 100644 -L$(PCE_Library_Dir) -lsgx_pce_logic -L$(SGX_SDK)/lib64 \ -lsgx_urts -lpthread -ldl diff --git a/QuoteGeneration/quote_wrapper/tdx_quote/td_ql_logic.cpp b/QuoteGeneration/quote_wrapper/tdx_quote/td_ql_logic.cpp -index dbbe2af..a57e082 100644 +index dbbe2afc..a57e0829 100644 --- a/QuoteGeneration/quote_wrapper/tdx_quote/td_ql_logic.cpp +++ b/QuoteGeneration/quote_wrapper/tdx_quote/td_ql_logic.cpp @@ -403,6 +403,14 @@ bool tee_att_config_t::get_qe_path(tee_att_ae_type_t type, @@ -143,7 +143,7 @@ index dbbe2af..a57e082 100644 NULL != dl_info.dli_fname) { diff --git a/QuoteVerification/appraisal/qal/Makefile b/QuoteVerification/appraisal/qal/Makefile -index cd361c4..ead4a5d 100644 +index cd361c48..ead4a5d1 100644 --- a/QuoteVerification/appraisal/qal/Makefile +++ b/QuoteVerification/appraisal/qal/Makefile @@ -49,7 +49,7 @@ QAL_Include_Path := -I./ \ @@ -156,7 +156,7 @@ index cd361c4..ead4a5d 100644 QAL_Link_Flags := $(COMMON_LDFLAGS) -L$(WARM_Lib_Path) -lvmlib -ldl -lm -lpthread \ diff --git a/QuoteVerification/appraisal/qal/qae_wrapper.cpp b/QuoteVerification/appraisal/qal/qae_wrapper.cpp -index 6321611..9597c52 100644 +index 63216112..9597c523 100644 --- a/QuoteVerification/appraisal/qal/qae_wrapper.cpp +++ b/QuoteVerification/appraisal/qal/qae_wrapper.cpp @@ -101,6 +101,14 @@ static bool get_qae_path( @@ -182,7 +182,7 @@ index 6321611..9597c52 100644 \ No newline at end of file +} diff --git a/QuoteVerification/dcap_quoteverify/linux/Makefile b/QuoteVerification/dcap_quoteverify/linux/Makefile -index 5979699..c9f11a0 100644 +index 7962d102..c4154b09 100644 --- a/QuoteVerification/dcap_quoteverify/linux/Makefile +++ b/QuoteVerification/dcap_quoteverify/linux/Makefile @@ -55,7 +55,7 @@ QVL_VERIFY_INC := -I$(QVE_SRC_PATH)/Include \ @@ -195,7 +195,7 @@ index 5979699..c9f11a0 100644 QVL_LIB_OBJS := $(QVL_LIB_FILES:.cpp=_untrusted.o) QVL_PARSER_OBJS := $(QVL_PARSER_FILES:.cpp=_untrusted.o) diff --git a/QuoteVerification/dcap_quoteverify/linux/qve_parser.cpp b/QuoteVerification/dcap_quoteverify/linux/qve_parser.cpp -index d3d4353..2f8f581 100644 +index d3d43537..2f8f5814 100644 --- a/QuoteVerification/dcap_quoteverify/linux/qve_parser.cpp +++ b/QuoteVerification/dcap_quoteverify/linux/qve_parser.cpp @@ -88,6 +88,14 @@ bool get_qve_path( @@ -214,7 +214,7 @@ index d3d4353..2f8f581 100644 NULL != dl_info.dli_fname) { diff --git a/tools/PCKRetrievalTool/App/utility.cpp b/tools/PCKRetrievalTool/App/utility.cpp -index b2c9307..d77a6eb 100644 +index b2c9307a..d77a6eb0 100644 --- a/tools/PCKRetrievalTool/App/utility.cpp +++ b/tools/PCKRetrievalTool/App/utility.cpp @@ -235,9 +235,9 @@ bool load_enclave(const char* enclave_name, sgx_enclave_id_t* p_eid) @@ -246,7 +246,7 @@ index b2c9307..d77a6eb 100644 return false; (void)strncat(enclave_path, enclave_name, strnlen(enclave_name, MAX_PATH)); diff --git a/tools/PCKRetrievalTool/Makefile b/tools/PCKRetrievalTool/Makefile -index d9c2bac..1065949 100644 +index d9c2baca..10659496 100644 --- a/tools/PCKRetrievalTool/Makefile +++ b/tools/PCKRetrievalTool/Makefile @@ -108,7 +108,7 @@ App_Include_Paths += -I ../../QuoteGeneration/ae/inc/internal -I ../SGXPlatformR @@ -259,5 +259,5 @@ index d9c2bac..1065949 100644 App_Link_Flags += -lcurl -ldl -lpthread ifeq ($(STANDALONE), 1) -- -2.49.0 +2.52.0 diff --git a/SOURCES/0103-Look-for-versioned-sgx_urts-library-in-PCKRetrievalT.patch b/SOURCES/0103-Look-for-versioned-sgx_urts-library-in-PCKRetrievalT.patch index c9f6b57..5d7e692 100644 --- a/SOURCES/0103-Look-for-versioned-sgx_urts-library-in-PCKRetrievalT.patch +++ b/SOURCES/0103-Look-for-versioned-sgx_urts-library-in-PCKRetrievalT.patch @@ -1,7 +1,7 @@ -From 3cbab8069678b15276d7a8d2d0c7aa34532ad4af Mon Sep 17 00:00:00 2001 +From b92d97f6037cb2e56d343cb979767d51655b097f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Tue, 27 Feb 2024 15:46:41 +0000 -Subject: [PATCH 103/117] Look for versioned sgx_urts library in +Subject: [PATCH 103/136] Look for versioned sgx_urts library in PCKRetrievalTool MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 @@ -18,7 +18,7 @@ Signed-off-by: Daniel P. Berrangé 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/PCKRetrievalTool/App/utility.cpp b/tools/PCKRetrievalTool/App/utility.cpp -index d77a6eb..d195717 100644 +index d77a6eb0..d195717f 100644 --- a/tools/PCKRetrievalTool/App/utility.cpp +++ b/tools/PCKRetrievalTool/App/utility.cpp @@ -82,7 +82,7 @@ typedef sgx_status_t (SGXAPI *sgx_create_enclave_func_t)(const LPCSTR file_name, @@ -40,5 +40,5 @@ index d77a6eb..d195717 100644 } #endif -- -2.49.0 +2.52.0 diff --git a/SOURCES/0104-Don-t-import-pypac-in-pccsadmin.patch b/SOURCES/0104-pccsadmin-only-import-pypac-module-on-Windows.patch similarity index 52% rename from SOURCES/0104-Don-t-import-pypac-in-pccsadmin.patch rename to SOURCES/0104-pccsadmin-only-import-pypac-module-on-Windows.patch index dbe5e30..4626c92 100644 --- a/SOURCES/0104-Don-t-import-pypac-in-pccsadmin.patch +++ b/SOURCES/0104-pccsadmin-only-import-pypac-module-on-Windows.patch @@ -1,33 +1,35 @@ -From 2609841a9ddedd4c3f22778bff0aa399ce6d4f9a Mon Sep 17 00:00:00 2001 +From eca1c479b23dd8e8c87e90988204c08b5e0c3edc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= -Date: Tue, 27 Feb 2024 20:28:24 +0000 -Subject: [PATCH 104/117] Don't import pypac in pccsadmin +Date: Fri, 4 Oct 2024 17:41:37 +0100 +Subject: [PATCH 104/136] pccsadmin: only import 'pypac' module on Windows MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit -The code only uses the pypac module when executing on Windows -hosts. It should not be imported when packaged for Linux -environments to avoid a redundant python dependency. +The PACSession object is only used in a code path that runs on +Windows, so don't try to import this on Linux, to avoid the +redundant dependency. Signed-off-by: Daniel P. Berrangé --- - tools/PccsAdminTool/lib/intelsgx/pcs.py | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) + tools/PccsAdminTool/lib/intelsgx/pcs.py | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tools/PccsAdminTool/lib/intelsgx/pcs.py b/tools/PccsAdminTool/lib/intelsgx/pcs.py -index 9f1d224..af1e78e 100644 +index 9f1d2245..046c781d 100644 --- a/tools/PccsAdminTool/lib/intelsgx/pcs.py +++ b/tools/PccsAdminTool/lib/intelsgx/pcs.py -@@ -5,7 +5,7 @@ import json +@@ -5,8 +5,9 @@ import json import binascii from urllib import parse from OpenSSL import crypto -from pypac import PACSession -+#from pypac import PACSession from platform import system ++if system() == 'Windows': ++ from pypac import PACSession from lib.intelsgx.credential import Credentials from requests.adapters import HTTPAdapter + from urllib3.util import Retry -- -2.49.0 +2.52.0 diff --git a/SOURCES/0105-Look-for-PCKRetrievalTool-config-file-in-etc.patch b/SOURCES/0105-Look-for-PCKRetrievalTool-config-file-in-etc.patch index 8155454..4273c74 100644 --- a/SOURCES/0105-Look-for-PCKRetrievalTool-config-file-in-etc.patch +++ b/SOURCES/0105-Look-for-PCKRetrievalTool-config-file-in-etc.patch @@ -1,7 +1,7 @@ -From eb1018b10a5adedcdc1ae3cf8f5d8be6de5b7d6d Mon Sep 17 00:00:00 2001 +From c8820c38a16ba9c572a6eafefd010b60ba037dde Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Thu, 29 Feb 2024 14:21:36 +0000 -Subject: [PATCH 105/117] Look for PCKRetrievalTool config file in /etc/ +Subject: [PATCH 105/136] Look for PCKRetrievalTool config file in /etc/ MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -15,7 +15,7 @@ Signed-off-by: Daniel P. Berrangé 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/tools/PCKRetrievalTool/App/linux/network_wrapper.cpp b/tools/PCKRetrievalTool/App/linux/network_wrapper.cpp -index e423f38..36f219b 100644 +index e423f384..36f219ba 100644 --- a/tools/PCKRetrievalTool/App/linux/network_wrapper.cpp +++ b/tools/PCKRetrievalTool/App/linux/network_wrapper.cpp @@ -219,7 +219,8 @@ static void network_configuration(string &url, string &proxy_type, string &proxy @@ -39,5 +39,5 @@ index e423f38..36f219b 100644 if(strnlen(local_configuration_file_path ,MAX_PATH)+strnlen(LOCAL_NETWORK_SETTING,MAX_PATH)+sizeof(char) > MAX_PATH) { return false; -- -2.49.0 +2.52.0 diff --git a/SOURCES/0106-Honour-CFLAGS-CXXFLAGS-LDFLAGS-for-various-tools-and.patch b/SOURCES/0106-Honour-CFLAGS-CXXFLAGS-LDFLAGS-for-various-tools-and.patch index 8436fa0..21d121c 100644 --- a/SOURCES/0106-Honour-CFLAGS-CXXFLAGS-LDFLAGS-for-various-tools-and.patch +++ b/SOURCES/0106-Honour-CFLAGS-CXXFLAGS-LDFLAGS-for-various-tools-and.patch @@ -1,7 +1,7 @@ -From c1773ce8ab60a0d887a52b821de28d6fd996b7f4 Mon Sep 17 00:00:00 2001 +From 06874f59bd6693f0f42a999dcfbdc0233d9a4bd2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Fri, 28 Mar 2025 16:00:27 +0000 -Subject: [PATCH 106/117] Honour CFLAGS/CXXFLAGS/LDFLAGS for various tools and +Subject: [PATCH 106/136] Honour CFLAGS/CXXFLAGS/LDFLAGS for various tools and libraries MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 @@ -22,7 +22,7 @@ Signed-off-by: Daniel P. Berrangé 10 files changed, 24 insertions(+), 21 deletions(-) diff --git a/QuoteGeneration/qcnl/linux/Makefile b/QuoteGeneration/qcnl/linux/Makefile -index bfe9c61..531f40b 100644 +index bfe9c613..531f40b8 100644 --- a/QuoteGeneration/qcnl/linux/Makefile +++ b/QuoteGeneration/qcnl/linux/Makefile @@ -46,12 +46,13 @@ CNL_Lib_Include_Paths := -I../../quote_wrapper/common/inc \ @@ -43,7 +43,7 @@ index bfe9c61..531f40b 100644 ifdef SELF_SIGNED_CERT CNL_Lib_Cpp_Flags+= -DSELF_SIGNED_CERT diff --git a/QuoteGeneration/qpl/linux/Makefile b/QuoteGeneration/qpl/linux/Makefile -index 204234c..d703c45 100644 +index 204234c7..d703c45a 100644 --- a/QuoteGeneration/qpl/linux/Makefile +++ b/QuoteGeneration/qpl/linux/Makefile @@ -48,9 +48,9 @@ QPL_Lib_C_Flags := $(COMMON_FLAGS) -g -fPIC -Wno-attributes $(QPL_Lib_Include_Pa @@ -59,7 +59,7 @@ index 204234c..d703c45 100644 ifndef DEBUG diff --git a/QuoteGeneration/quote_wrapper/qgs/Makefile b/QuoteGeneration/quote_wrapper/qgs/Makefile -index 5d87e4d..8228bdf 100644 +index 5d87e4d1..8228bdfc 100644 --- a/QuoteGeneration/quote_wrapper/qgs/Makefile +++ b/QuoteGeneration/quote_wrapper/qgs/Makefile @@ -51,7 +51,7 @@ endif @@ -72,7 +72,7 @@ index 5d87e4d..8228bdf 100644 # add boost_system for link QGS_LFLAGS += -lboost_system -lboost_thread -lpthread diff --git a/QuoteGeneration/quote_wrapper/ql/linux/Makefile b/QuoteGeneration/quote_wrapper/ql/linux/Makefile -index c5d877b..2983665 100644 +index c5d877b5..29836652 100644 --- a/QuoteGeneration/quote_wrapper/ql/linux/Makefile +++ b/QuoteGeneration/quote_wrapper/ql/linux/Makefile @@ -48,13 +48,14 @@ QL_Lib_C_Files := se_trace.c se_thread.c @@ -94,7 +94,7 @@ index c5d877b..2983665 100644 QL_Lib_Cpp_Flags += -DDISABLE_TRACE QL_Lib_Link_Flags += -DDISABLE_TRACE diff --git a/QuoteGeneration/quote_wrapper/quote/linux/Makefile b/QuoteGeneration/quote_wrapper/quote/linux/Makefile -index 7d0b398..9b8c936 100644 +index 7d0b398f..9b8c936c 100644 --- a/QuoteGeneration/quote_wrapper/quote/linux/Makefile +++ b/QuoteGeneration/quote_wrapper/quote/linux/Makefile @@ -52,7 +52,7 @@ Quote_Include_Paths := -I$(SGX_SDK)/include -I../inc -I../../common/inc -I./ -I. @@ -107,7 +107,7 @@ index 7d0b398..9b8c936 100644 ifndef DEBUG Quote_Cpp_Flags += -DDISABLE_TRACE diff --git a/QuoteVerification/dcap_quoteverify/linux/Makefile b/QuoteVerification/dcap_quoteverify/linux/Makefile -index c9f11a0..56095ac 100644 +index c4154b09..e125cbfe 100644 --- a/QuoteVerification/dcap_quoteverify/linux/Makefile +++ b/QuoteVerification/dcap_quoteverify/linux/Makefile @@ -54,8 +54,8 @@ QVL_VERIFY_INC := -I$(QVE_SRC_PATH)/Include \ @@ -131,7 +131,7 @@ index c9f11a0..56095ac 100644 QVL_VERIFY_CPP_SRCS := $(wildcard ../*.cpp) $(wildcard *.cpp) diff --git a/tools/PCKCertSelection/PCKCertSelectionLib/Makefile b/tools/PCKCertSelection/PCKCertSelectionLib/Makefile -index 12c0d35..c106ab4 100644 +index 12c0d35e..c106ab4f 100644 --- a/tools/PCKCertSelection/PCKCertSelectionLib/Makefile +++ b/tools/PCKCertSelection/PCKCertSelectionLib/Makefile @@ -129,11 +129,11 @@ DEBUG_FLAGS := -m64 -O0 -g @@ -149,7 +149,7 @@ index 12c0d35..c106ab4 100644 # debug/release switch diff --git a/tools/PCKRetrievalTool/Makefile b/tools/PCKRetrievalTool/Makefile -index 1065949..b6968c6 100644 +index 10659496..b6968c6d 100644 --- a/tools/PCKRetrievalTool/Makefile +++ b/tools/PCKRetrievalTool/Makefile @@ -108,8 +108,9 @@ App_Include_Paths += -I ../../QuoteGeneration/ae/inc/internal -I ../SGXPlatformR @@ -179,7 +179,7 @@ index 1065949..b6968c6 100644 App/%.o: App/%.cpp diff --git a/tools/SGXPlatformRegistration/package/Makefile b/tools/SGXPlatformRegistration/package/Makefile -index 0c3aec1..adc00f5 100755 +index 0c3aec1e..adc00f59 100755 --- a/tools/SGXPlatformRegistration/package/Makefile +++ b/tools/SGXPlatformRegistration/package/Makefile @@ -73,7 +73,7 @@ else @@ -192,7 +192,7 @@ index 0c3aec1..adc00f5 100755 all: $(MPA_REGISTRATION_EXEC) diff --git a/tools/SGXPlatformRegistration/tool/Makefile b/tools/SGXPlatformRegistration/tool/Makefile -index 4937fe9..83aefee 100644 +index 4937fe94..83aefeec 100644 --- a/tools/SGXPlatformRegistration/tool/Makefile +++ b/tools/SGXPlatformRegistration/tool/Makefile @@ -69,7 +69,7 @@ CPP_SRCS += $(MPA_REGISTRATION_CORE_DIR)/src/AgentConfiguration.cpp $(MPA_REGIST @@ -205,5 +205,5 @@ index 4937fe9..83aefee 100644 LDFLAGS += '-Wl,-rpath,$$ORIGIN' CXXFLAGS += '-DSTANDALONE' -- -2.49.0 +2.52.0 diff --git a/SOURCES/0107-qgs-add-space-between-program-name-first-arg-in-usag.patch b/SOURCES/0107-qgs-add-space-between-program-name-first-arg-in-usag.patch index 52ec735..0ba56ed 100644 --- a/SOURCES/0107-qgs-add-space-between-program-name-first-arg-in-usag.patch +++ b/SOURCES/0107-qgs-add-space-between-program-name-first-arg-in-usag.patch @@ -1,7 +1,7 @@ -From a74ede38e306ff82ddbaf094d6148dc1bf9e524c Mon Sep 17 00:00:00 2001 +From 44eefb7f574b33cb0cf5239948e7d633f1d71dd5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Thu, 3 Oct 2024 14:42:29 +0100 -Subject: [PATCH 107/117] qgs: add space between program name & first arg in +Subject: [PATCH 107/136] qgs: add space between program name & first arg in usage MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 @@ -13,7 +13,7 @@ Signed-off-by: Daniel P. Berrangé 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/QuoteGeneration/quote_wrapper/qgs/server_main.cpp b/QuoteGeneration/quote_wrapper/qgs/server_main.cpp -index 478dbfe..3618b5a 100644 +index 478dbfe0..3618b5ad 100644 --- a/QuoteGeneration/quote_wrapper/qgs/server_main.cpp +++ b/QuoteGeneration/quote_wrapper/qgs/server_main.cpp @@ -75,7 +75,7 @@ int main(int argc, const char* argv[]) @@ -35,5 +35,5 @@ index 478dbfe..3618b5a 100644 exit(1); } -- -2.49.0 +2.52.0 diff --git a/SOURCES/0108-qgs-protect-against-format-strings-in-QL-log-message.patch b/SOURCES/0108-qgs-protect-against-format-strings-in-QL-log-message.patch index efb8b4f..f4b163a 100644 --- a/SOURCES/0108-qgs-protect-against-format-strings-in-QL-log-message.patch +++ b/SOURCES/0108-qgs-protect-against-format-strings-in-QL-log-message.patch @@ -1,7 +1,7 @@ -From 1e760dc7a67d601121b625e0d2bd7b2fe8b7b042 Mon Sep 17 00:00:00 2001 +From 6c38e13fbee555045aec98f6e159531a385bce53 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Fri, 4 Oct 2024 09:43:17 +0100 -Subject: [PATCH 108/117] qgs: protect against format strings in QL log +Subject: [PATCH 108/136] qgs: protect against format strings in QL log messages MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 @@ -18,7 +18,7 @@ Signed-off-by: Daniel P. Berrangé 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/QuoteGeneration/quote_wrapper/qgs/qgs_ql_logic.cpp b/QuoteGeneration/quote_wrapper/qgs/qgs_ql_logic.cpp -index 77838c3..1e97b58 100644 +index 77838c31..1e97b586 100644 --- a/QuoteGeneration/quote_wrapper/qgs/qgs_ql_logic.cpp +++ b/QuoteGeneration/quote_wrapper/qgs/qgs_ql_logic.cpp @@ -50,10 +50,10 @@ typedef quote3_error_t (*sgx_ql_set_logging_callback_t)(sgx_ql_logging_callback_ @@ -35,5 +35,5 @@ index 77838c3..1e97b58 100644 } -- -2.49.0 +2.52.0 diff --git a/SOURCES/0109-qgs-add-debug-parameter-to-control-logging.patch b/SOURCES/0109-qgs-add-debug-parameter-to-control-logging.patch index f637a94..ed9a9da 100644 --- a/SOURCES/0109-qgs-add-debug-parameter-to-control-logging.patch +++ b/SOURCES/0109-qgs-add-debug-parameter-to-control-logging.patch @@ -1,7 +1,7 @@ -From d43ef4cac2c2c022b89b0938be71a9b36b9a1923 Mon Sep 17 00:00:00 2001 +From d1cbef970b8ee800a313b818927449a7dcf1a685 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Thu, 3 Oct 2024 16:57:35 +0100 -Subject: [PATCH 109/117] qgs: add --debug parameter to control logging +Subject: [PATCH 109/136] qgs: add --debug parameter to control logging MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -28,7 +28,7 @@ Signed-off-by: Daniel P. Berrangé 4 files changed, 19 insertions(+), 6 deletions(-) diff --git a/QuoteGeneration/quote_wrapper/qgs/qgs_log.cpp b/QuoteGeneration/quote_wrapper/qgs/qgs_log.cpp -index 1cf1e40..7ae9b75 100644 +index 1cf1e40b..7ae9b750 100644 --- a/QuoteGeneration/quote_wrapper/qgs/qgs_log.cpp +++ b/QuoteGeneration/quote_wrapper/qgs/qgs_log.cpp @@ -36,6 +36,8 @@ @@ -51,7 +51,7 @@ index 1cf1e40..7ae9b75 100644 switch(level){ case QGS_LOG_LEVEL_FATAL: diff --git a/QuoteGeneration/quote_wrapper/qgs/qgs_log.h b/QuoteGeneration/quote_wrapper/qgs/qgs_log.h -index 1d7fd74..05d41a4 100644 +index 1d7fd747..05d41a44 100644 --- a/QuoteGeneration/quote_wrapper/qgs/qgs_log.h +++ b/QuoteGeneration/quote_wrapper/qgs/qgs_log.h @@ -40,6 +40,8 @@ @@ -64,7 +64,7 @@ index 1d7fd74..05d41a4 100644 void qgs_log_init_ex(bool nosyslog); void qgs_log_fini(void); diff --git a/QuoteGeneration/quote_wrapper/qgs/qgs_ql_logic.cpp b/QuoteGeneration/quote_wrapper/qgs/qgs_ql_logic.cpp -index 1e97b58..db642f7 100644 +index 1e97b586..db642f70 100644 --- a/QuoteGeneration/quote_wrapper/qgs/qgs_ql_logic.cpp +++ b/QuoteGeneration/quote_wrapper/qgs/qgs_ql_logic.cpp @@ -113,8 +113,8 @@ namespace intel { namespace sgx { namespace dcap { namespace qgs { @@ -90,7 +90,7 @@ index 1e97b58..db642f7 100644 QGS_LOG_WARN("Failed to set logging callback for the quote provider library.\n"); } diff --git a/QuoteGeneration/quote_wrapper/qgs/server_main.cpp b/QuoteGeneration/quote_wrapper/qgs/server_main.cpp -index 3618b5a..47f6c26 100644 +index 3618b5ad..47f6c264 100644 --- a/QuoteGeneration/quote_wrapper/qgs/server_main.cpp +++ b/QuoteGeneration/quote_wrapper/qgs/server_main.cpp @@ -75,7 +75,7 @@ int main(int argc, const char* argv[]) @@ -125,5 +125,5 @@ index 3618b5a..47f6c26 100644 exit(1); } -- -2.49.0 +2.52.0 diff --git a/SOURCES/0110-pccsadmin-remove-leftover-debugging-print-args-state.patch b/SOURCES/0110-pccsadmin-remove-leftover-debugging-print-args-state.patch index 473cfd6..8c8c09c 100644 --- a/SOURCES/0110-pccsadmin-remove-leftover-debugging-print-args-state.patch +++ b/SOURCES/0110-pccsadmin-remove-leftover-debugging-print-args-state.patch @@ -1,7 +1,7 @@ -From d375ba770975e565850ac12392bbc44807f28f75 Mon Sep 17 00:00:00 2001 +From 64c49b04e7e22358f3afee834a434a6cfdff4a9b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Tue, 8 Oct 2024 10:13:02 +0100 -Subject: [PATCH 110/117] pccsadmin: remove leftover debugging 'print(args)' +Subject: [PATCH 110/136] pccsadmin: remove leftover debugging 'print(args)' statement MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 @@ -17,7 +17,7 @@ Signed-off-by: Daniel P. Berrangé 1 file changed, 1 deletion(-) diff --git a/tools/PccsAdminTool/pccsadmin.py b/tools/PccsAdminTool/pccsadmin.py -index ffee326..8e447c5 100755 +index ffee326d..8e447c50 100755 --- a/tools/PccsAdminTool/pccsadmin.py +++ b/tools/PccsAdminTool/pccsadmin.py @@ -92,7 +92,6 @@ def main(): @@ -29,5 +29,5 @@ index ffee326..8e447c5 100755 if args.command == 'put' and args.url and args.url.endswith("/appraisalpolicy"): if not args.fmspc or not args.input_file: -- -2.49.0 +2.52.0 diff --git a/SOURCES/0111-Fix-soname-version-for-libsgx_qe3_logic.so-library.patch b/SOURCES/0111-Fix-soname-version-for-libsgx_qe3_logic.so-library.patch index bf66d08..941ed89 100644 --- a/SOURCES/0111-Fix-soname-version-for-libsgx_qe3_logic.so-library.patch +++ b/SOURCES/0111-Fix-soname-version-for-libsgx_qe3_logic.so-library.patch @@ -1,7 +1,7 @@ -From 1db2f71aead55201fcd82efa7d1ee99c9fa006b9 Mon Sep 17 00:00:00 2001 +From 32ac12f933e813b80348840821e1deaedf797a00 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Fri, 17 Jan 2025 15:39:39 +0000 -Subject: [PATCH 111/117] Fix soname version for libsgx_qe3_logic.so library +Subject: [PATCH 111/136] Fix soname version for libsgx_qe3_logic.so library MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -13,23 +13,23 @@ Signed-off-by: Daniel P. Berrangé 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/QuoteGeneration/common/inc/internal/se_version.h b/QuoteGeneration/common/inc/internal/se_version.h -index 471784d..22e0dff 100644 +index 93f60cb9..9ee51c0c 100644 --- a/QuoteGeneration/common/inc/internal/se_version.h +++ b/QuoteGeneration/common/inc/internal/se_version.h @@ -41,6 +41,11 @@ - #define QUOTE_LOADER_VERSION "1.11.109.1" - #define TDQE_WRAPPER_VERSION "1.14.109.1" - #define PCE_WRAPPER_VERSION "1.14.109.1" + #define QUOTE_LOADER_VERSION "1.11.110.0" + #define TDQE_WRAPPER_VERSION "1.14.110.0" + #define PCE_WRAPPER_VERSION "1.14.110.0" +/* + * XXX: downstream hack based on version declared + * in linux-sgx.git/linux/installer/common/psw/Makefile + */ +#define QE3_WRAPPER_VERSION "1.0.0" - #define QE3_VERSION "1.19.100.1" - #define QVE_VERSION "1.21.100.1" + #define QE3_VERSION "1.22.100.1" + #define QVE_VERSION "1.22.100.1" diff --git a/QuoteGeneration/quote_wrapper/quote/linux/Makefile b/QuoteGeneration/quote_wrapper/quote/linux/Makefile -index 9b8c936..c92d782 100644 +index 9b8c936c..c92d7827 100644 --- a/QuoteGeneration/quote_wrapper/quote/linux/Makefile +++ b/QuoteGeneration/quote_wrapper/quote/linux/Makefile @@ -65,6 +65,8 @@ Quote_C_Objects := $(Quote_C_Files:.c=.o) @@ -51,5 +51,5 @@ index 9b8c936..c92d782 100644 $(BUILD_DIR): -- -2.49.0 +2.52.0 diff --git a/SOURCES/0112-Workaround-broken-GCC-15.patch b/SOURCES/0112-Workaround-broken-GCC-15.patch index 54cfd14..ea9fdec 100644 --- a/SOURCES/0112-Workaround-broken-GCC-15.patch +++ b/SOURCES/0112-Workaround-broken-GCC-15.patch @@ -1,7 +1,7 @@ -From 9c8155bb1b2928390a21408944fd876f40c281e6 Mon Sep 17 00:00:00 2001 +From ac446d8943858e6dccec924451b8a8a3be4d9c4a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Thu, 6 Feb 2025 20:08:59 +0000 -Subject: [PATCH 112/117] Workaround broken GCC 15 +Subject: [PATCH 112/136] Workaround broken GCC 15 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -20,7 +20,7 @@ Signed-off-by: Daniel P. Berrangé 1 file changed, 4 insertions(+) diff --git a/QuoteGeneration/common/inc/internal/linux/sgx_random_buffers.h b/QuoteGeneration/common/inc/internal/linux/sgx_random_buffers.h -index 15fbdd4..4400544 100644 +index 15fbdd42..4400544b 100644 --- a/QuoteGeneration/common/inc/internal/linux/sgx_random_buffers.h +++ b/QuoteGeneration/common/inc/internal/linux/sgx_random_buffers.h @@ -258,7 +258,11 @@ struct alignas(A)randomly_placed_buffer @@ -36,5 +36,5 @@ index 15fbdd4..4400544 100644 private: struct alignas(A)_T_instantiator_ -- -2.49.0 +2.52.0 diff --git a/SOURCES/0113-Don-t-disable-cf-protection-for-qgs.patch b/SOURCES/0113-Don-t-disable-cf-protection-for-qgs.patch index 40e1c88..81776f8 100644 --- a/SOURCES/0113-Don-t-disable-cf-protection-for-qgs.patch +++ b/SOURCES/0113-Don-t-disable-cf-protection-for-qgs.patch @@ -1,7 +1,7 @@ -From c4a2855d01b06e1da960a677379c55a5b31b427c Mon Sep 17 00:00:00 2001 +From fa8c4f150fe32dafd875c5f45a9e588775235e35 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Wed, 2 Apr 2025 18:39:31 +0100 -Subject: [PATCH 113/117] Don't disable cf-protection for qgs +Subject: [PATCH 113/136] Don't disable cf-protection for qgs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -12,7 +12,7 @@ Signed-off-by: Daniel P. Berrangé 1 file changed, 4 deletions(-) diff --git a/QuoteGeneration/quote_wrapper/qgs/Makefile b/QuoteGeneration/quote_wrapper/qgs/Makefile -index 8228bdf..5116d85 100644 +index 8228bdfc..5116d85e 100644 --- a/QuoteGeneration/quote_wrapper/qgs/Makefile +++ b/QuoteGeneration/quote_wrapper/qgs/Makefile @@ -43,10 +43,6 @@ QGS_INC = -I$(SGX_SDK)/include \ @@ -27,5 +27,5 @@ index 8228bdf..5116d85 100644 DEPENDS = ${QGS_OBJS test_client.o:.o=.d} -- -2.49.0 +2.52.0 diff --git a/SOURCES/0114-Delete-broken-checks-for-GCC-version-that-break-fsta.patch b/SOURCES/0114-Delete-broken-checks-for-GCC-version-that-break-fsta.patch index 05b2090..10cf13d 100644 --- a/SOURCES/0114-Delete-broken-checks-for-GCC-version-that-break-fsta.patch +++ b/SOURCES/0114-Delete-broken-checks-for-GCC-version-that-break-fsta.patch @@ -1,7 +1,7 @@ -From 3bcde80a8e81c6f9992085f5a924544fb6082d79 Mon Sep 17 00:00:00 2001 +From 2d83da9d5f5fb7399b0d7ec6ac410a6bf52b2add Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Thu, 3 Apr 2025 17:44:48 +0100 -Subject: [PATCH 114/117] Delete broken checks for GCC version that break +Subject: [PATCH 114/136] Delete broken checks for GCC version that break -fstack-protector-strong MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 @@ -25,7 +25,7 @@ Signed-off-by: Daniel P. Berrangé 10 files changed, 11 insertions(+), 52 deletions(-) diff --git a/QuoteGeneration/buildenv.mk b/QuoteGeneration/buildenv.mk -index 0b677db..3fba935 100644 +index 0b677db8..3fba9359 100644 --- a/QuoteGeneration/buildenv.mk +++ b/QuoteGeneration/buildenv.mk @@ -128,12 +128,7 @@ ifeq ($(CC_NO_LESS_THAN_8), 1) @@ -43,7 +43,7 @@ index 0b677db..3fba935 100644 ifdef DEBUG COMMON_FLAGS += -O0 -ggdb -DDEBUG -UNDEBUG diff --git a/QuoteGeneration/quote_wrapper/qgs_msg_lib/linux/Makefile b/QuoteGeneration/quote_wrapper/qgs_msg_lib/linux/Makefile -index dff0af2..9ece3cc 100644 +index dff0af23..9ece3cc4 100644 --- a/QuoteGeneration/quote_wrapper/qgs_msg_lib/linux/Makefile +++ b/QuoteGeneration/quote_wrapper/qgs_msg_lib/linux/Makefile @@ -33,7 +33,7 @@ @@ -56,7 +56,7 @@ index dff0af2..9ece3cc 100644 -Wsequence-point -Wformat-security -Wmissing-include-dirs -Wfloat-equal -Wundef -Wshadow -Wcast-align \ -Wconversion -Wredundant-decls -DITT_ARCH_IA64 -fcf-protection diff --git a/QuoteGeneration/quote_wrapper/tdx_attest/linux/Makefile b/QuoteGeneration/quote_wrapper/tdx_attest/linux/Makefile -index f0a5e36..20f3022 100644 +index f0a5e364..20f30221 100644 --- a/QuoteGeneration/quote_wrapper/tdx_attest/linux/Makefile +++ b/QuoteGeneration/quote_wrapper/tdx_attest/linux/Makefile @@ -33,11 +33,11 @@ @@ -74,7 +74,7 @@ index f0a5e36..20f3022 100644 -Wsequence-point -Wformat-security -Wmissing-include-dirs -Wfloat-equal -Wundef -Wshadow -Wcast-align \ -Wconversion -Wredundant-decls -DITT_ARCH_IA64 -fcf-protection diff --git a/QuoteVerification/QvE/Makefile b/QuoteVerification/QvE/Makefile -index 6532e8f..e5045dd 100644 +index cdac5ff9..73e0c65b 100644 --- a/QuoteVerification/QvE/Makefile +++ b/QuoteVerification/QvE/Makefile @@ -101,12 +101,7 @@ endif @@ -92,7 +92,7 @@ index 6532e8f..e5045dd 100644 ENCLAVE_CXXFLAGS += $(ENCLAVE_CFLAGS) -std=c++17 -DSGX_TRUSTED -DSGX_JWT -DPICOJSON_USE_LOCALE=0 diff --git a/QuoteVerification/dcap_tvl/Makefile b/QuoteVerification/dcap_tvl/Makefile -index 2d62f28..49b4b68 100644 +index 2d62f283..49b4b686 100644 --- a/QuoteVerification/dcap_tvl/Makefile +++ b/QuoteVerification/dcap_tvl/Makefile @@ -56,12 +56,7 @@ endif @@ -110,7 +110,7 @@ index 2d62f28..49b4b68 100644 ENCLAVE_CXXFLAGS += $(SGX_COMMON_CXXFLAGS) $(COMMON_FLAGS) -fPIC -std=c++11 diff --git a/QuoteVerification/dcap_tvl/Makefile.standalone b/QuoteVerification/dcap_tvl/Makefile.standalone -index 8a1cb73..713d8af 100644 +index 8a1cb730..713d8afc 100644 --- a/QuoteVerification/dcap_tvl/Makefile.standalone +++ b/QuoteVerification/dcap_tvl/Makefile.standalone @@ -45,12 +45,7 @@ COMMON_LDFLAGS := -Wl,-z,relro,-z,now,-z,noexecstack @@ -128,7 +128,7 @@ index 8a1cb73..713d8af 100644 ENCLAVE_CFLAGS = -ffreestanding -nostdinc -fvisibility=hidden -fpie -fno-strict-overflow -fno-delete-null-pointer-checks ENCLAVE_CXXFLAGS = $(ENCLAVE_CFLAGS) -nostdinc++ diff --git a/SampleCode/QuoteAppraisalSample/QAEAppraisal/Makefile b/SampleCode/QuoteAppraisalSample/QAEAppraisal/Makefile -index 662ac3e..868d72d 100644 +index 662ac3e5..868d72df 100644 --- a/SampleCode/QuoteAppraisalSample/QAEAppraisal/Makefile +++ b/SampleCode/QuoteAppraisalSample/QAEAppraisal/Makefile @@ -87,13 +87,7 @@ Crypto_Library_Name := sgx_tcrypto @@ -147,7 +147,7 @@ index 662ac3e..868d72d 100644 Enclave_Cpp_Flags := $(Enclave_C_Flags) -std=c++11 -nostdinc++ diff --git a/SampleCode/QuoteGenerationSample/Makefile b/SampleCode/QuoteGenerationSample/Makefile -index 4fdbb36..fd5b4e2 100644 +index 4fdbb36e..fd5b4e25 100644 --- a/SampleCode/QuoteGenerationSample/Makefile +++ b/SampleCode/QuoteGenerationSample/Makefile @@ -104,11 +104,7 @@ Enclave_Cpp_Files := Enclave/Enclave.cpp @@ -164,7 +164,7 @@ index 4fdbb36..fd5b4e2 100644 Enclave_Cpp_Flags := $(Enclave_C_Flags) -std=c++11 -nostdinc++ diff --git a/SampleCode/QuoteVerificationSample/Makefile b/SampleCode/QuoteVerificationSample/Makefile -index d534615..6164587 100644 +index d5346152..61645871 100644 --- a/SampleCode/QuoteVerificationSample/Makefile +++ b/SampleCode/QuoteVerificationSample/Makefile @@ -130,13 +130,7 @@ DCAP_DIR ?= ../../ @@ -183,7 +183,7 @@ index d534615..6164587 100644 Enclave_Cpp_Flags := $(Enclave_C_Flags) -nostdinc++ diff --git a/tools/PCKRetrievalTool/Makefile b/tools/PCKRetrievalTool/Makefile -index b6968c6..1d2106b 100644 +index b6968c6d..1d2106b7 100644 --- a/tools/PCKRetrievalTool/Makefile +++ b/tools/PCKRetrievalTool/Makefile @@ -59,12 +59,7 @@ else @@ -201,5 +201,5 @@ index b6968c6..1d2106b 100644 ifdef DEBUG COMMON_FLAGS += -O0 -ggdb -DDEBUG -UNDEBUG -- -2.49.0 +2.52.0 diff --git a/SOURCES/0116-Don-t-stomp-on-VERBOSE-variable.patch b/SOURCES/0116-Don-t-stomp-on-VERBOSE-variable.patch index 281ae8d..25a6add 100644 --- a/SOURCES/0116-Don-t-stomp-on-VERBOSE-variable.patch +++ b/SOURCES/0116-Don-t-stomp-on-VERBOSE-variable.patch @@ -1,7 +1,7 @@ -From 224d1fe828bc4fcaa0861c3b59ddcc0c979fc2d6 Mon Sep 17 00:00:00 2001 +From 605d9bcc0003c869e785376bbc3dbecc670c934d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Wed, 16 Apr 2025 11:48:52 +0100 -Subject: [PATCH 116/117] Don't stomp on "VERBOSE" variable +Subject: [PATCH 116/136] Don't stomp on "VERBOSE" variable MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -16,7 +16,7 @@ Signed-off-by: Daniel P. Berrangé 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/driver/win/PLE/Makefile b/driver/win/PLE/Makefile -index 3d474bb..0f593f5 100644 +index 3d474bbc..0f593f5e 100644 --- a/driver/win/PLE/Makefile +++ b/driver/win/PLE/Makefile @@ -75,9 +75,9 @@ ifneq ($(PUBKEY_FILE),) @@ -97,5 +97,5 @@ index 3d474bb..0f593f5 100644 - $(VERBOSE) rm -vrf $(TARGET) $(SIGNING_MATERIAL) + $(CMD_VERBOSE) rm -vrf $(TARGET) $(SIGNING_MATERIAL) -- -2.49.0 +2.52.0 diff --git a/SOURCES/0117-qgs-add-m-MODE-parameter-for-UNIX-socket-mode.patch b/SOURCES/0117-qgs-add-m-MODE-parameter-for-UNIX-socket-mode.patch index 399e653..43c67d8 100644 --- a/SOURCES/0117-qgs-add-m-MODE-parameter-for-UNIX-socket-mode.patch +++ b/SOURCES/0117-qgs-add-m-MODE-parameter-for-UNIX-socket-mode.patch @@ -1,7 +1,7 @@ -From 8ded27dcf0c5a02c7869568bd1cafd5c2d15c0b0 Mon Sep 17 00:00:00 2001 +From d7299915f42cd068744ce02e358865085f2f12bf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Fri, 2 May 2025 14:48:24 +0100 -Subject: [PATCH 117/117] qgs: add -m=MODE parameter for UNIX socket mode +Subject: [PATCH 117/136] qgs: add -m=MODE parameter for UNIX socket mode MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -16,7 +16,7 @@ Signed-off-by: Daniel P. Berrangé 1 file changed, 32 insertions(+), 3 deletions(-) diff --git a/QuoteGeneration/quote_wrapper/qgs/server_main.cpp b/QuoteGeneration/quote_wrapper/qgs/server_main.cpp -index 47f6c26..4628b18 100644 +index 47f6c264..4628b182 100644 --- a/QuoteGeneration/quote_wrapper/qgs/server_main.cpp +++ b/QuoteGeneration/quote_wrapper/qgs/server_main.cpp @@ -73,9 +73,10 @@ int main(int argc, const char* argv[]) @@ -99,5 +99,5 @@ index 47f6c26..4628b18 100644 io_service.run(); QGS_LOG_INFO("Quit main loop\n"); -- -2.49.0 +2.52.0 diff --git a/SOURCES/0118-pccs-sanitize-paths-to-all-resources.patch b/SOURCES/0118-pccs-sanitize-paths-to-all-resources.patch new file mode 100644 index 0000000..e0508cd --- /dev/null +++ b/SOURCES/0118-pccs-sanitize-paths-to-all-resources.patch @@ -0,0 +1,108 @@ +From b108e8c9a0c9143e8fd930186c21d34d9cddaea7 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= +Date: Tue, 27 Feb 2024 13:38:49 +0000 +Subject: [PATCH 118/136] pccs: sanitize paths to all resources +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Look for libPCKCertSelection.so in /lib64 +Look for SSL cert config in /etc/pccs/ssl +Look for DB migrations in /usr/share/pccs +Use log file in /var/log/pccs + +Signed-off-by: Daniel P. Berrangé +--- + QuoteGeneration/pccs/lib_wrapper/pcklib_wrapper.js | 4 ++-- + QuoteGeneration/pccs/pccs_server.js | 8 ++++---- + QuoteGeneration/pccs/utils/Logger.js | 2 +- + QuoteGeneration/pccs/utils/apputil.js | 6 +++--- + 4 files changed, 10 insertions(+), 10 deletions(-) + +diff --git a/QuoteGeneration/pccs/lib_wrapper/pcklib_wrapper.js b/QuoteGeneration/pccs/lib_wrapper/pcklib_wrapper.js +index 17cdf9a9..1f7567b5 100644 +--- a/QuoteGeneration/pccs/lib_wrapper/pcklib_wrapper.js ++++ b/QuoteGeneration/pccs/lib_wrapper/pcklib_wrapper.js +@@ -37,7 +37,7 @@ import { load, DataType, open, close, createPointer, arrayConstructor, restorePo + const __dirname = path.dirname(fileURLToPath(import.meta.url)); + let libpath = 'PCKCertSelectionLib.dll'; + if (process.platform === 'linux') { +- libpath = path.join(__dirname, '../lib/libPCKCertSelection.so'); ++ libpath = '/lib64/libPCKCertSelection.so.1'; + } + open({ + library: 'libPCKCertSelection', // key +@@ -84,4 +84,4 @@ export function pck_cert_select( + // Ensure the library is closed before the process exits + process.on('exit', () => { + close('libPCKCertSelection'); +-}); +\ No newline at end of file ++}); +diff --git a/QuoteGeneration/pccs/pccs_server.js b/QuoteGeneration/pccs/pccs_server.js +index b41d871e..57c1cee9 100644 +--- a/QuoteGeneration/pccs/pccs_server.js ++++ b/QuoteGeneration/pccs/pccs_server.js +@@ -61,9 +61,9 @@ process.on('SIGINT', () => { + }); + + // Create ./logs if it doesn't exist +-fs.mkdir('./logs', (err) => { ++//fs.mkdir('./logs', (err) => { + /* do nothing */ +-}); ++//}); + + const app = express(); + +@@ -141,8 +141,8 @@ function startHttpsServer() { + let privateKey; + let certificate; + try { +- privateKey = fs.readFileSync('./ssl_key/private.pem', 'utf8'); +- certificate = fs.readFileSync('./ssl_key/file.crt', 'utf8'); ++ privateKey = fs.readFileSync('/etc/pccs/ssl/server-key.pem', 'utf8'); ++ certificate = fs.readFileSync('/etc/pccs/ssl/server-cert.pem', 'utf8'); + } catch (err) { + logger.error('The private key or certificate for HTTPS server is missing.'); + logger.endAndExitProcess(); +diff --git a/QuoteGeneration/pccs/utils/Logger.js b/QuoteGeneration/pccs/utils/Logger.js +index 5ac7a488..c774ac40 100644 +--- a/QuoteGeneration/pccs/utils/Logger.js ++++ b/QuoteGeneration/pccs/utils/Logger.js +@@ -40,7 +40,7 @@ const { createLogger, format, transports } = winston; + const options = { + file: { + level: Config.has('LogLevel') ? Config.get('LogLevel') : 'info', +- filename: __dirname + `/../logs/pccs_server.log`, ++ filename: `/var/log/pccs/pccs_server.log`, + handleExceptions: true, + json: false, + colorize: true, +diff --git a/QuoteGeneration/pccs/utils/apputil.js b/QuoteGeneration/pccs/utils/apputil.js +index 6f910eea..6eb9d153 100644 +--- a/QuoteGeneration/pccs/utils/apputil.js ++++ b/QuoteGeneration/pccs/utils/apputil.js +@@ -84,8 +84,8 @@ async function test_db_status() { + } + + async function db_migration() { +- const migrations = fs.readdirSync('./migrations').map(name => { +- const path = `./migrations/${name}`; ++ const migrations = fs.readdirSync('/usr/lib/node_modules/pccs/migrations').map(name => { ++ const path = `/usr/lib/node_modules/pccs/migrations/${name}`; + + return { + name, +@@ -126,7 +126,7 @@ async function db_migration() { + + const umzug = new Umzug({ + migrations: { +- glob: './migrations/*.{js,up.sql}', ++ glob: '/usr/lib/node_modules/pccs/migrations/*.{js,up.sql}', + resolve: ({ name }) => { + const migration = migrations.find(migration => migration.name === name); + logger.debug(`Resolving migration: ${name}, found: ${migration ? migration.name : 'none'}`); +-- +2.52.0 + diff --git a/SOURCES/0119-pccs-only-pass-ApiKey-if-it-is-set.patch b/SOURCES/0119-pccs-only-pass-ApiKey-if-it-is-set.patch new file mode 100644 index 0000000..a6fd2f9 --- /dev/null +++ b/SOURCES/0119-pccs-only-pass-ApiKey-if-it-is-set.patch @@ -0,0 +1,71 @@ +From 6c6e7427cf14455a56828db5c39f26ca8658a18d Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= +Date: Wed, 9 Jul 2025 16:41:59 +0100 +Subject: [PATCH 119/136] pccs: only pass ApiKey if it is set +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Some endpoints on the api.trustedservices.intel.com site do not +require an API token. The pcs_client code, however, will always +set the Ocp-Apim-Subscription-Key HTTP header, even if it is +the empty string. The server will reject the empty string +as invalid, rather than prcessing it as an non-authenticated +request. + +This leads to PCCS being unable to fetch PCK certs in an out of +the box config unless the admin sets the API token, which should +not be required for "LAZY" caching. + +Signed-off-by: Daniel P. Berrangé +--- + QuoteGeneration/pccs/pcs_client/pcs_client.js | 14 +++++++++++--- + 1 file changed, 11 insertions(+), 3 deletions(-) + +diff --git a/QuoteGeneration/pccs/pcs_client/pcs_client.js b/QuoteGeneration/pccs/pcs_client/pcs_client.js +index 99ccea69..4f6c903b 100644 +--- a/QuoteGeneration/pccs/pcs_client/pcs_client.js ++++ b/QuoteGeneration/pccs/pcs_client/pcs_client.js +@@ -66,7 +66,9 @@ async function do_request(url, options) { + if (!options.headers) { + options.headers = {}; + } +- options.headers['Ocp-Apim-Subscription-Key'] = Config.get('ApiKey'); ++ if (Config.get('ApiKey') != "") { ++ options.headers['Ocp-Apim-Subscription-Key'] = Config.get('ApiKey'); ++ } + } + + // global opitons ( proxy, timeout, etc) +@@ -128,8 +130,11 @@ export async function getCerts(enc_ppid, pceid) { + pceid: pceid, + }, + method: 'GET', +- headers: { 'Ocp-Apim-Subscription-Key': Config.get('ApiKey') }, ++ headers: {} + }; ++ if (Config.get('ApiKey') != "") { ++ options.headers['Ocp-Apim-Subscription-Key'] = Config.get('ApiKey'); ++ } + + return do_request(Config.get('uri') + 'pckcerts', options); + } +@@ -142,11 +147,14 @@ export async function getCertsWithManifest(platform_manifest, pceid) { + }, + method: 'POST', + headers: { +- 'Ocp-Apim-Subscription-Key': Config.get('ApiKey'), + 'Content-Type': 'application/json', + }, + }; + ++ if (Config.get('ApiKey') != "") { ++ options.headers['Ocp-Apim-Subscription-Key'] = Config.get('ApiKey'); ++ } ++ + return do_request(Config.get('uri') + 'pckcerts', options); + } + +-- +2.52.0 + diff --git a/SOURCES/0120-pccsadmin-make-keyring-module-optional.patch b/SOURCES/0120-pccsadmin-make-keyring-module-optional.patch new file mode 100644 index 0000000..bc5204d --- /dev/null +++ b/SOURCES/0120-pccsadmin-make-keyring-module-optional.patch @@ -0,0 +1,104 @@ +From 2b540452538b12a47340b03d6118d3df281a6638 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= +Date: Thu, 4 Dec 2025 13:31:54 +0000 +Subject: [PATCH 120/136] pccsadmin: make 'keyring' module optional +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This is not available in some distros, and since it is merely a +convenience to avoid repeated password entry, it can be made +optional. + +Signed-off-by: Daniel P. Berrangé +--- + .../PccsAdminTool/lib/intelsgx/credential.py | 53 +++++++++++-------- + 1 file changed, 30 insertions(+), 23 deletions(-) + +diff --git a/tools/PccsAdminTool/lib/intelsgx/credential.py b/tools/PccsAdminTool/lib/intelsgx/credential.py +index 638cd88e..cebecade 100644 +--- a/tools/PccsAdminTool/lib/intelsgx/credential.py ++++ b/tools/PccsAdminTool/lib/intelsgx/credential.py +@@ -1,4 +1,7 @@ +-import keyring ++try: ++ import keyring ++except: ++ keyring = None + import getpass + + class Credentials: +@@ -8,11 +11,12 @@ class Credentials: + + def get_admin_token(self): + admin_token = "" +- try: +- print("Please note: A prompt may appear asking for your keyring password to access stored credentials.") +- admin_token = keyring.get_password(self.APPNAME, self.KEY_ADMINTOKEN) +- except keyring.errors.KeyringError as ke: +- admin_token = "" ++ if keyring is not None: ++ try: ++ print("Please note: A prompt may appear asking for your keyring password to access stored credentials.") ++ admin_token = keyring.get_password(self.APPNAME, self.KEY_ADMINTOKEN) ++ except keyring.errors.KeyringError as ke: ++ admin_token = "" + + while admin_token is None or admin_token == '': + admin_token = getpass.getpass(prompt="Please input your administrator password for PCCS service:") +@@ -25,21 +29,23 @@ class Credentials: + return admin_token + + def set_admin_token(self, token): +- try: +- print("Please note: A prompt may appear asking for your keyring password to access stored credentials.") +- keyring.set_password(self.APPNAME, self.KEY_ADMINTOKEN, token) +- except keyring.errors.PasswordSetError as ke: +- print("Failed to store admin token.") +- return False ++ if keyring is not None: ++ try: ++ print("Please note: A prompt may appear asking for your keyring password to access stored credentials.") ++ keyring.set_password(self.APPNAME, self.KEY_ADMINTOKEN, token) ++ except keyring.errors.PasswordSetError as ke: ++ print("Failed to store admin token.") ++ return False + return True + + def get_pcs_api_key(self): + pcs_api_key = "" +- try: +- print("Please note: A prompt may appear asking for your keyring password to access stored credentials.") +- pcs_api_key = keyring.get_password(self.APPNAME, self.KEY_PCS_APIKEY) +- except keyring.errors.KeyringError as ke: +- pcs_api_key = "" ++ if keyring is not None: ++ try: ++ print("Please note: A prompt may appear asking for your keyring password to access stored credentials.") ++ pcs_api_key = keyring.get_password(self.APPNAME, self.KEY_PCS_APIKEY) ++ except keyring.errors.KeyringError as ke: ++ pcs_api_key = "" + + while pcs_api_key is None or pcs_api_key == '': + pcs_api_key = getpass.getpass(prompt="Please input ApiKey for Intel PCS:") +@@ -52,10 +58,11 @@ class Credentials: + return pcs_api_key + + def set_pcs_api_key(self, apikey): +- try: +- print("Please note: A prompt may appear asking for your keyring password to access stored credentials.") +- keyring.set_password(self.APPNAME, self.KEY_PCS_APIKEY, apikey) +- except keyring.errors.PasswordSetError as ke: +- print("Failed to store PCS API key.") +- return False ++ if keyring is not None: ++ try: ++ print("Please note: A prompt may appear asking for your keyring password to access stored credentials.") ++ keyring.set_password(self.APPNAME, self.KEY_PCS_APIKEY, apikey) ++ except keyring.errors.PasswordSetError as ke: ++ print("Failed to store PCS API key.") ++ return False + return True +-- +2.52.0 + diff --git a/SOURCES/0121-pccsadmin-convert-from-asn1-to-pyasn1-python-module.patch b/SOURCES/0121-pccsadmin-convert-from-asn1-to-pyasn1-python-module.patch new file mode 100644 index 0000000..b0bfd52 --- /dev/null +++ b/SOURCES/0121-pccsadmin-convert-from-asn1-to-pyasn1-python-module.patch @@ -0,0 +1,341 @@ +From b9954581944446455876728bdab816090d773715 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= +Date: Thu, 4 Dec 2025 13:54:19 +0000 +Subject: [PATCH 121/136] pccsadmin: convert from asn1 to pyasn1 python module +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The pyasn1 module decodes using a formal object model so is more robust, +as well as being more widely available in distros. + +Signed-off-by: Daniel P. Berrangé +--- + tools/PccsAdminTool/lib/intelsgx/pckcert.py | 267 +++++++++++++------- + 1 file changed, 177 insertions(+), 90 deletions(-) + +diff --git a/tools/PccsAdminTool/lib/intelsgx/pckcert.py b/tools/PccsAdminTool/lib/intelsgx/pckcert.py +index 97aa2783..eaed331b 100644 +--- a/tools/PccsAdminTool/lib/intelsgx/pckcert.py ++++ b/tools/PccsAdminTool/lib/intelsgx/pckcert.py +@@ -1,76 +1,171 @@ + from cryptography import x509 + from cryptography.x509.oid import ObjectIdentifier + from cryptography.hazmat.backends import default_backend +-import asn1 +-import struct ++import pyasn1 ++from pyasn1.codec.der.decoder import decode as der_decoder ++from pyasn1.type import namedtype ++from pyasn1.type import namedval ++from pyasn1.type import opentype ++from pyasn1.type import univ ++ ++ ++id_cdp_extensionStr = '2.5.29.31' ++id_ce_sGXExtensionsStr = '1.2.840.113741.1.13.1' ++ ++id_ce_sGXExtensions = univ.ObjectIdentifier(id_ce_sGXExtensionsStr) ++ ++id_ce_sGXExtensions_pPID = univ.ObjectIdentifier(id_ce_sGXExtensionsStr + ".1") ++id_ce_sGXExtensions_tCB = univ.ObjectIdentifier(id_ce_sGXExtensionsStr + ".2") ++id_ce_sGXExtensions_pCE_ID = univ.ObjectIdentifier(id_ce_sGXExtensionsStr + ".3") ++id_ce_sGXExtensions_fMSPC = univ.ObjectIdentifier(id_ce_sGXExtensionsStr + ".4") ++id_ce_sGXExtensions_sGXType = univ.ObjectIdentifier(id_ce_sGXExtensionsStr + ".5") ++id_ce_sGXExtensions_platformInstanceID = univ.ObjectIdentifier(id_ce_sGXExtensionsStr + ".6") ++id_ce_sGXExtensions_configuration = univ.ObjectIdentifier(id_ce_sGXExtensionsStr + ".7") ++ ++id_ce_tCB_sGXTCBComp01SVN = univ.ObjectIdentifier(id_ce_sGXExtensionsStr + ".2.1") ++id_ce_tCB_sGXTCBComp02SVN = univ.ObjectIdentifier(id_ce_sGXExtensionsStr + ".2.2") ++id_ce_tCB_sGXTCBComp03SVN = univ.ObjectIdentifier(id_ce_sGXExtensionsStr + ".2.3") ++id_ce_tCB_sGXTCBComp04SVN = univ.ObjectIdentifier(id_ce_sGXExtensionsStr + ".2.4") ++id_ce_tCB_sGXTCBComp05SVN = univ.ObjectIdentifier(id_ce_sGXExtensionsStr + ".2.5") ++id_ce_tCB_sGXTCBComp06SVN = univ.ObjectIdentifier(id_ce_sGXExtensionsStr + ".2.6") ++id_ce_tCB_sGXTCBComp07SVN = univ.ObjectIdentifier(id_ce_sGXExtensionsStr + ".2.7") ++id_ce_tCB_sGXTCBComp08SVN = univ.ObjectIdentifier(id_ce_sGXExtensionsStr + ".2.8") ++id_ce_tCB_sGXTCBComp09SVN = univ.ObjectIdentifier(id_ce_sGXExtensionsStr + ".2.9") ++id_ce_tCB_sGXTCBComp10SVN = univ.ObjectIdentifier(id_ce_sGXExtensionsStr + ".2.10") ++id_ce_tCB_sGXTCBComp11SVN = univ.ObjectIdentifier(id_ce_sGXExtensionsStr + ".2.11") ++id_ce_tCB_sGXTCBComp12SVN = univ.ObjectIdentifier(id_ce_sGXExtensionsStr + ".2.12") ++id_ce_tCB_sGXTCBComp13SVN = univ.ObjectIdentifier(id_ce_sGXExtensionsStr + ".2.13") ++id_ce_tCB_sGXTCBComp14SVN = univ.ObjectIdentifier(id_ce_sGXExtensionsStr + ".2.14") ++id_ce_tCB_sGXTCBComp15SVN = univ.ObjectIdentifier(id_ce_sGXExtensionsStr + ".2.15") ++id_ce_tCB_sGXTCBComp16SVN = univ.ObjectIdentifier(id_ce_sGXExtensionsStr + ".2.16") ++id_ce_tCB_pCESVN = univ.ObjectIdentifier(id_ce_sGXExtensionsStr + ".2.17") ++id_ce_tCB_cPUSVN = univ.ObjectIdentifier(id_ce_sGXExtensionsStr + ".2.18") ++ ++id_ce_configuration_dynamicPlatform = univ.ObjectIdentifier(id_ce_sGXExtensionsStr + ".7.1") ++id_ce_configuration_cachedKeys = univ.ObjectIdentifier(id_ce_sGXExtensionsStr + ".7.2") ++id_ce_configuration_sMTEnabled = univ.ObjectIdentifier(id_ce_sGXExtensionsStr + ".7.3") ++ ++ ++class SgxExtensionPPID(univ.OctetString): ++ pass ++ ++ ++class SgxCPUSVN(univ.OctetString): ++ pass ++ ++ ++tcbAttributeMap = { ++ id_ce_tCB_sGXTCBComp01SVN: univ.Integer(), ++ id_ce_tCB_sGXTCBComp02SVN: univ.Integer(), ++ id_ce_tCB_sGXTCBComp03SVN: univ.Integer(), ++ id_ce_tCB_sGXTCBComp04SVN: univ.Integer(), ++ id_ce_tCB_sGXTCBComp05SVN: univ.Integer(), ++ id_ce_tCB_sGXTCBComp06SVN: univ.Integer(), ++ id_ce_tCB_sGXTCBComp07SVN: univ.Integer(), ++ id_ce_tCB_sGXTCBComp08SVN: univ.Integer(), ++ id_ce_tCB_sGXTCBComp09SVN: univ.Integer(), ++ id_ce_tCB_sGXTCBComp10SVN: univ.Integer(), ++ id_ce_tCB_sGXTCBComp11SVN: univ.Integer(), ++ id_ce_tCB_sGXTCBComp12SVN: univ.Integer(), ++ id_ce_tCB_sGXTCBComp13SVN: univ.Integer(), ++ id_ce_tCB_sGXTCBComp14SVN: univ.Integer(), ++ id_ce_tCB_sGXTCBComp15SVN: univ.Integer(), ++ id_ce_tCB_sGXTCBComp16SVN: univ.Integer(), ++ id_ce_tCB_pCESVN: univ.Integer(), ++ id_ce_tCB_cPUSVN: SgxCPUSVN(), ++} ++ ++ ++class SgxExtensionTCBEntry(univ.Sequence): ++ componentType = namedtype.NamedTypes( ++ namedtype.NamedType('tCBId', univ.ObjectIdentifier()), ++ namedtype.NamedType('tCBValue', univ.Any(), ++ openType=opentype.OpenType('tCBId', ++ tcbAttributeMap)) ++ ) ++ ++ ++class SgxExtensionTCB(univ.SequenceOf): ++ componentType = SgxExtensionTCBEntry() ++ ++ ++class SgxExtensionPCEID(univ.OctetString): ++ pass ++ ++ ++class SgxExtensionFMSPC(univ.OctetString): ++ pass ++ ++ ++class SgxExtensionSGXType(univ.Enumerated): ++ namedValues = namedval.NamedValues( ++ ('standard', 0), ++ ('scalable', 1), ++ ('scalableWithIntegrity', 2) ++ ) ++ ++ ++class SgxExtensionPlatformInstanceID(univ.OctetString): ++ pass ++ ++ ++configurationAttributeMap = { ++ id_ce_configuration_dynamicPlatform: univ.Boolean(), ++ id_ce_configuration_cachedKeys: univ.Boolean(), ++ id_ce_configuration_sMTEnabled: univ.Boolean(), ++} ++ ++ ++class SgxExtensionConfigurationEntry(univ.Sequence): ++ componentType = namedtype.NamedTypes( ++ namedtype.NamedType('configurationId', univ.ObjectIdentifier()), ++ namedtype.NamedType('configurationValue', univ.Any(), ++ openType=opentype.OpenType('configurationId', ++ configurationAttributeMap)) ++ ) ++ ++ ++class SgxExtensionConfiguration(univ.SequenceOf): ++ componentType = SgxExtensionConfigurationEntry() ++ ++ ++extensionAttributeMap = { ++ id_ce_sGXExtensions_pPID: SgxExtensionPPID(), ++ id_ce_sGXExtensions_tCB: SgxExtensionTCB(), ++ id_ce_sGXExtensions_pCE_ID: SgxExtensionPCEID(), ++ id_ce_sGXExtensions_fMSPC: SgxExtensionFMSPC(), ++ id_ce_sGXExtensions_sGXType: SgxExtensionSGXType(), ++ id_ce_sGXExtensions_platformInstanceID: SgxExtensionPlatformInstanceID(), ++ id_ce_sGXExtensions_configuration: SgxExtensionConfiguration(), ++} ++ ++ ++class SgxExtensionEntry(univ.Sequence): ++ componentType = namedtype.NamedTypes( ++ namedtype.NamedType('sGXExtensionId', univ.ObjectIdentifier()), ++ namedtype.NamedType('sGXExtensionValue', univ.Any(), ++ openType=opentype.OpenType('sGXExtensionId', ++ extensionAttributeMap)) ++ ) ++ ++ ++class SgxExtension(univ.SequenceOf): ++ componentType = SgxExtensionEntry() + +-# This is a very simplistic ASN1 parser. Production code should use +-# something like ans1c to build a parser from the ASN1 spec file so +-# that it can check and enforce data validity. + + class SgxPckCertificateExtensions: +- id_ce_sGXExtensions = '1.2.840.113741.1.13.1' +- id_ce_sGXExtensions_tCB= id_ce_sGXExtensions+".2" +- id_ce_sGXExtensions_configuration= id_ce_sGXExtensions+".7" +- id_cdp_extension = '2.5.29.31' +- decoder= asn1.Decoder() +- _data= {} +- ca= '' +- oids= { +- id_ce_sGXExtensions: 'sGXExtensions', +- id_ce_sGXExtensions+".1": 'pPID', +- id_ce_sGXExtensions_tCB: 'tCB', +- id_ce_sGXExtensions_tCB+".1": 'tCB-sGXTCBComp01SVN', +- id_ce_sGXExtensions_tCB+".2": 'tCB-sGXTCBComp02SVN', +- id_ce_sGXExtensions_tCB+".3": 'tCB-sGXTCBComp03SVN', +- id_ce_sGXExtensions_tCB+".4": 'tCB-sGXTCBComp04SVN', +- id_ce_sGXExtensions_tCB+".5": 'tCB-sGXTCBComp05SVN', +- id_ce_sGXExtensions_tCB+".6": 'tCB-sGXTCBComp06SVN', +- id_ce_sGXExtensions_tCB+".7": 'tCB-sGXTCBComp07SVN', +- id_ce_sGXExtensions_tCB+".8": 'tCB-sGXTCBComp08SVN', +- id_ce_sGXExtensions_tCB+".9": 'tCB-sGXTCBComp09SVN', +- id_ce_sGXExtensions_tCB+".10": 'tCB-sGXTCBComp10SVN', +- id_ce_sGXExtensions_tCB+".11": 'tCB-sGXTCBComp11SVN', +- id_ce_sGXExtensions_tCB+".12": 'tCB-sGXTCBComp12SVN', +- id_ce_sGXExtensions_tCB+".13": 'tCB-sGXTCBComp13SVN', +- id_ce_sGXExtensions_tCB+".14": 'tCB-sGXTCBComp14SVN', +- id_ce_sGXExtensions_tCB+".15": 'tCB-sGXTCBComp15SVN', +- id_ce_sGXExtensions_tCB+".16": 'tCB-sGXTCBComp16SVN', +- id_ce_sGXExtensions_tCB+".17": 'tCB-pCESVN', +- id_ce_sGXExtensions_tCB+".18": 'tCB-cPUSVN', +- id_ce_sGXExtensions+".3": 'pCE-ID', +- id_ce_sGXExtensions+".4": 'fMSPC', +- id_ce_sGXExtensions+".5": 'sGXType', +- id_ce_sGXExtensions+".6": 'platformInstanceID', +- id_ce_sGXExtensions_configuration: 'configuration', +- id_ce_sGXExtensions_configuration+".1": 'dynamicPlatform', +- id_ce_sGXExtensions_configuration+".2": 'cachedKeys', +- id_ce_sGXExtensions_configuration+".3": 'sMTEnabled' +- } +- +- def _parse_asn1(self, d, oid, lnr=asn1.Numbers.ObjectIdentifier): +- tag= self.decoder.peek() +- while tag: +- if tag.typ == asn1.Types.Constructed: +- self.decoder.enter() +- if ( lnr == asn1.Numbers.ObjectIdentifier ): +- d[self.oids[oid]]= {} +- self._parse_asn1(d[self.oids[oid]], oid, tag.nr) +- else: +- self._parse_asn1(d, oid, tag.nr) +- self.decoder.leave() +- elif tag.typ == asn1.Types.Primitive: +- tag, value= self.decoder.read() +- if ( tag.nr == asn1.Numbers.ObjectIdentifier ): +- oid= value +- else: +- d[self.oids[oid]]= value +- lnr= tag.nr +- tag= self.decoder.peek() +- return ++ ++ def __init__(self): ++ self.ca= '' ++ self._data= None ++ ++ def _parse_asn1(self, extensionData): ++ parsed, extra= der_decoder(extensionData, ++ asn1Spec=SgxExtension(), ++ decodeOpenTypes=True) ++ return parsed + + def parse_pem_certificate(self, pem): +- self._data= {} + cert= x509.load_pem_x509_certificate(pem, default_backend()) + issuerCN = cert.issuer.rfc4514_string() + if (issuerCN.find('Processor') != -1) : +@@ -81,63 +176,55 @@ class SgxPckCertificateExtensions: + self.ca = None + + sgxext= cert.extensions.get_extension_for_oid( +- ObjectIdentifier(self.id_ce_sGXExtensions) ++ ObjectIdentifier(id_ce_sGXExtensionsStr) + ) + +- self.decoder.start(sgxext.value.value) +- self._parse_asn1(self._data, self.id_ce_sGXExtensions) ++ self._data= self._parse_asn1(sgxext.value.value) + + def get_root_ca_crl(self, pem): +- self._data= {} + cert= x509.load_pem_x509_certificate(pem, default_backend()) + cdpext= cert.extensions.get_extension_for_oid( +- ObjectIdentifier(self.id_cdp_extension) ++ ObjectIdentifier(id_cdp_extensionStr) + ) + + return getattr(getattr(cdpext.value[0], "_full_name")[0], "value") + +- def data(self, field=None): +- if 'sGXExtensions' not in self._data: +- return None +- +- d= self._data['sGXExtensions'] +- +- if field: +- if field in d: +- return d[field] ++ def data(self, field): ++ if self._data is None: + return None + +- return d ++ ent = list(filter(lambda e: e['sGXExtensionId'] == field, self._data))[0] ++ return ent['sGXExtensionValue'] + + def _hex_data(self, field): + val= self.data(field) + if val is None: + return None +- return val.hex() ++ return bytes(val).hex() + + # Commonly-needed data fields + #------------------------------ + + def get_fmspc(self): +- return self._hex_data('fMSPC') ++ return self._hex_data(id_ce_sGXExtensions_fMSPC) + + def get_ca(self): + return self.ca + + def get_tcbm(self): +- tcb= self.data('tCB') ++ tcb= self.data(id_ce_sGXExtensions_tCB) + if tcb is None: + return None +- return tcb['tCB-cPUSVN'].hex() + self.get_pcesvn() ++ ent= list(filter(lambda e: e['tCBId'] == id_ce_tCB_cPUSVN, tcb))[0] ++ return bytes(ent["tCBValue"]).hex() + self.get_pcesvn() + + def get_pceid(self): +- return self._hex_data('pCE-ID') ++ return self._hex_data(id_ce_sGXExtensions_pCE_ID) + + def get_ppid(self): +- return self._hex_data('pPID') ++ return self._hex_data(id_ce_sGXExtensions_pPID) + + def get_pcesvn(self): +- tcb= self.data('tCB') +- # pCESVN should be packed little-endian +- pcesvn= struct.pack(' +Date: Mon, 8 Dec 2025 17:47:01 +0000 +Subject: [PATCH 122/136] pccsadmin: fully switch to pycryptography for CRL + verification +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The pyopenssl 24.3.0 removed the CRL object and its related +methods. pccsadmin was already using the pycryptography CRL +object for the verification task, so fully switch to use it +for loading the CRL to begin with. + +Signed-off-by: Daniel P. Berrangé +--- + tools/PccsAdminTool/lib/intelsgx/pcs.py | 13 ++++--------- + 1 file changed, 4 insertions(+), 9 deletions(-) + +diff --git a/tools/PccsAdminTool/lib/intelsgx/pcs.py b/tools/PccsAdminTool/lib/intelsgx/pcs.py +index 046c781d..e68864d2 100644 +--- a/tools/PccsAdminTool/lib/intelsgx/pcs.py ++++ b/tools/PccsAdminTool/lib/intelsgx/pcs.py +@@ -101,11 +101,6 @@ class PCS: + # Copy our list so we don't modify the original + pychain= pychain_in[:] + +- # PyOpenSSL doesn't have methods for verifying a CRL issuer, +- # so we need to translate from it to cryptography. +- +- crl= pycrl.to_cryptography() +- + # The chain_pem is our CRL issuer and the CA for the issuer. + # Verify that first. + +@@ -118,13 +113,13 @@ class PCS: + + signer_key= pycert.get_pubkey().to_cryptography_key() + +- if not crl.is_signature_valid(signer_key): ++ if not pycrl.is_signature_valid(signer_key): + self.error("Could not verify CRL signature") + return False + + # Check the crl issuer + +- if pycrl.get_issuer() != pycert.get_subject(): ++ if pycrl.issuer != pycert.get_subject(): + self.error("CRL issuer doesn't match issuer chain") + return False + +@@ -516,10 +511,10 @@ class PCS: + crl= response.content + if self.ApiVersion<3: + crl_str= str(crl, dec) +- pycrl= crypto.load_crl(crypto.FILETYPE_PEM, crl) ++ pycrl= x509.load_pem_x509_crl(crl) + else: + crl_str= binascii.hexlify(crl).decode(dec) +- pycrl= crypto.load_crl(crypto.FILETYPE_ASN1, crl) ++ pycrl= x509.load_der_x509_crl(crl) + + if not self.verify_crl_trust(pychain, pycrl): + self.error("Could not validate certificate using trust chain") +-- +2.52.0 + diff --git a/SOURCES/0123-pccsadmin-use-more-of-pycryptography-instead-of-pyop.patch b/SOURCES/0123-pccsadmin-use-more-of-pycryptography-instead-of-pyop.patch new file mode 100644 index 0000000..1f6867c --- /dev/null +++ b/SOURCES/0123-pccsadmin-use-more-of-pycryptography-instead-of-pyop.patch @@ -0,0 +1,178 @@ +From d14f914ea644d7c1b2312780688d55fbb13892bc Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= +Date: Mon, 8 Dec 2025 17:48:11 +0000 +Subject: [PATCH 123/136] pccsadmin: use more of pycryptography instead of + pyopenssl +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +pyopenssl docs are indicating that the 'crypto' module is liable to +see further deprecation, suggesting use of pycryptography instead. +pccsadmin code already uses pycryptography for CRLs, so extend this +to use it for loading certificates too. They are converted back to +pyopenssl objects for verification. + +Signed-off-by: Daniel P. Berrangé +--- + tools/PccsAdminTool/lib/intelsgx/pcs.py | 49 ++++++++++++++----------- + 1 file changed, 28 insertions(+), 21 deletions(-) + +diff --git a/tools/PccsAdminTool/lib/intelsgx/pcs.py b/tools/PccsAdminTool/lib/intelsgx/pcs.py +index e68864d2..f6b58a6b 100644 +--- a/tools/PccsAdminTool/lib/intelsgx/pcs.py ++++ b/tools/PccsAdminTool/lib/intelsgx/pcs.py +@@ -5,6 +5,10 @@ import json + import binascii + from urllib import parse + from OpenSSL import crypto ++from cryptography import x509 ++from cryptography.exceptions import InvalidSignature ++from cryptography.hazmat.primitives import hashes ++from cryptography.hazmat.primitives.asymmetric import ec + from platform import system + if system() == 'Windows': + from pypac import PACSession +@@ -17,6 +21,9 @@ certBegin= '-----BEGIN CERTIFICATE-----' + certEnd= '-----END CERTIFICATE-----' + certEndOffset= len(certEnd) + ++def CN(name): ++ return name.get_attributes_for_oid(x509.NameOID.COMON_NAME)[0].value ++ + class PCS: + BaseUrl= '' + ApiVersion= 3 +@@ -93,7 +100,7 @@ class PCS: + store= crypto.X509Store() + + for tcert in pychain: +- store.add_cert(tcert) ++ store.add_cert(crypto.X509.from_cryptography(tcert)) + + return store + +@@ -111,7 +118,7 @@ class PCS: + + # Now verify the CRL signature + +- signer_key= pycert.get_pubkey().to_cryptography_key() ++ signer_key= pycert.public_key() + + if not pycrl.is_signature_valid(signer_key): + self.error("Could not verify CRL signature") +@@ -119,7 +126,7 @@ class PCS: + + # Check the crl issuer + +- if pycrl.issuer != pycert.get_subject(): ++ if pycrl.issuer != pycert.subject: + self.error("CRL issuer doesn't match issuer chain") + return False + +@@ -129,7 +136,8 @@ class PCS: + store= self.init_cert_store(pychain) + + for pycert in pycerts: +- store_ctx= crypto.X509StoreContext(store, pycert) ++ store_ctx= crypto.X509StoreContext( ++ store, crypto.X509.from_cryptography(pycert)) + try: + store_ctx.verify_certificate() + except crypto.X509StoreContextError as e: +@@ -161,22 +169,21 @@ class PCS: + sig= bytes([0x30,len(r)+len(s)+4,2,len(r)]) + r + bytes([2,len(s)]) + s + + try: +- crypto.verify(pycert, sig, msg, "sha256") +- except crypto.Error as e: ++ pycert.public_key().verify( ++ sig, msg, ec.ECDSA(hashes.SHA256())) ++ except InvalidSignature as e: + self.error('Signature verification failed: {:s}'.format(str(e))) + return False + + return True + + def pem_to_pycert(self, cert_pem): +- return crypto.load_certificate(crypto.FILETYPE_PEM, cert_pem) ++ return x509.load_pem_x509_certificate(cert_pem.encode("utf-8")) + + def pems_to_pycerts(self, certs_pem): + pycerts= [] + for cert_pem in certs_pem: +- pycerts.append( +- crypto.load_certificate(crypto.FILETYPE_PEM, cert_pem) +- ) ++ pycerts.append(self.pem_to_pycert(cert_pem)) + return pycerts + + def parse_chain_pem(self, chain_pem): +@@ -209,9 +216,9 @@ class PCS: + cert0= chain_in[0] + cert1= chain_in[1] + +- if cert0.get_subject() == cert1.get_issuer(): ++ if cert0.subject == cert1.issuer: + return chain_in +- elif cert1.get_subject() == cert0.get_issuer(): ++ elif cert1.subject == cert0.issuer: + chain_in.reverse() + return chain_in + else: +@@ -224,7 +231,7 @@ class PCS: + for i in range(1, len(chain_in)): + cert= chain_in[i] + pcert= chain_in[i-1] +- if cert.get_issuer() != pcert.get_subject(): ++ if cert.issuer != pcert.subject: + sorted= False + break + +@@ -240,10 +247,10 @@ class PCS: + rootidx= -1 + for i in range(0, len(chain)): + cert= chain[i] +- subject= cert.get_subject() +- issuer= cert.get_issuer() +- cert_subjects[subject.CN]= cert +- print("cert: {:s} <- {:s}" . format(subject.CN, issuer.CN)) ++ subject= cert.subject ++ issuer= cert.issuer ++ cert_subjects[CN(subject)]= cert ++ print("cert: {:s} <- {:s}" . format(CN(subject), CN(issuer))) + + if subject == issuer: + if len(sorted_chain) > 0: +@@ -262,8 +269,8 @@ class PCS: + issuer_to= {} + + for cert in chain: +- issuer= cert.get_issuer().CN +- subject= cert.get_subject().CN ++ issuer= CN(cert.issuer) ++ subject= CN(cert.subject) + + if issuer in issued_by: + self.error('multiple certs issued by same cert in chain') +@@ -280,7 +287,7 @@ class PCS: + + if len(sorted_chain) > 0: + for cert in chain: +- issuer= cert.get_issuer().CN ++ issuer= CN(cert.issuer) + if issuer not in issued_by: + if len(sorted_chain) > 0: + self.error('multiple certs with no issuer') +@@ -296,7 +303,7 @@ class PCS: + cert= sorted_chain[0] + + while len(sorted_chain) < lchain: +- issuer_subject= cert.get_subject().der() ++ issuer_subject= CN(cert.subject) + + if issuer_subject not in issuer_to: + self.error('cert in chain with no issuer') +-- +2.52.0 + diff --git a/SOURCES/0124-pccsadmin-prefer-pycryptography-over-pyopenssl.patch b/SOURCES/0124-pccsadmin-prefer-pycryptography-over-pyopenssl.patch new file mode 100644 index 0000000..724184c --- /dev/null +++ b/SOURCES/0124-pccsadmin-prefer-pycryptography-over-pyopenssl.patch @@ -0,0 +1,104 @@ +From 9d3da2fd99ba2832fcaa4067dd5db3f7f349c306 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= +Date: Wed, 3 Dec 2025 17:59:09 +0000 +Subject: [PATCH 124/136] pccsadmin: prefer pycryptography over pyopenssl +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The only part of pccsadmin that still needs pyopenssl is certificate +verification. As of pycryptography 45.0.0, there are sufficient APIs +available to replace the remaining usage of pyopenssl. + +Since new pycryptography is still not widely available in distros, +keep pyopenssl code as a fallback. + +Signed-off-by: Daniel P. Berrangé +--- + tools/PccsAdminTool/lib/intelsgx/pcs.py | 60 +++++++++++++++++++------ + 1 file changed, 47 insertions(+), 13 deletions(-) + +diff --git a/tools/PccsAdminTool/lib/intelsgx/pcs.py b/tools/PccsAdminTool/lib/intelsgx/pcs.py +index f6b58a6b..eeb29697 100644 +--- a/tools/PccsAdminTool/lib/intelsgx/pcs.py ++++ b/tools/PccsAdminTool/lib/intelsgx/pcs.py +@@ -4,11 +4,28 @@ import requests + import json + import binascii + from urllib import parse +-from OpenSSL import crypto ++ + from cryptography import x509 + from cryptography.exceptions import InvalidSignature +-from cryptography.hazmat.primitives import hashes ++from cryptography.hazmat.primitives import hashes, serialization + from cryptography.hazmat.primitives.asymmetric import ec ++ ++# Prefer pycryptography for cert verification if new ++# enough, but fallback to pyopenssl ++try: ++ # 'verification' module available from >= 42.0.0, but ++ # the required 'ExtensionPolicy' API is from >= 45.0.0 ++ from cryptography.x509 import verification ++ if not hasattr(verification, 'ExtensionPolicy'): ++ verification = None ++ else: ++ crypto = None ++except ImportError: ++ verification = None ++ ++if verification is None: ++ from OpenSSL import crypto ++ + from platform import system + if system() == 'Windows': + from pypac import PACSession +@@ -133,17 +150,34 @@ class PCS: + return True + + def verify_cert_trust(self, pychain, pycerts): +- store= self.init_cert_store(pychain) +- +- for pycert in pycerts: +- store_ctx= crypto.X509StoreContext( +- store, crypto.X509.from_cryptography(pycert)) +- try: +- store_ctx.verify_certificate() +- except crypto.X509StoreContextError as e: +- # Printing or logging the error details +- print(e) +- return False ++ if verification is not None: ++ store= verification.Store(pychain) ++ ++ builder= verification.PolicyBuilder().store(store) ++ builder= builder.extension_policies( ++ ee_policy=verification.ExtensionPolicy.permit_all(), ++ ca_policy=verification.ExtensionPolicy.webpki_defaults_ca()) ++ ++ verifier= builder.build_client_verifier() ++ for pycert in pycerts: ++ try: ++ verifier.verify(pycert,[]) ++ except verification.VerificationError as e: ++ # Printing or logging the error details ++ print(e) ++ return False ++ else: ++ store= self.init_cert_store(pychain) ++ ++ for pycert in pycerts: ++ store_ctx= crypto.X509StoreContext( ++ store, crypto.X509.from_cryptography(pycert)) ++ try: ++ store_ctx.verify_certificate() ++ except crypto.X509StoreContextError as e: ++ # Printing or logging the error details ++ print(e) ++ return False + + return True + +-- +2.52.0 + diff --git a/SOURCES/0125-pccsadmin-add-fallback-for-when-pyopenssl-is-not-ava.patch b/SOURCES/0125-pccsadmin-add-fallback-for-when-pyopenssl-is-not-ava.patch new file mode 100644 index 0000000..8426487 --- /dev/null +++ b/SOURCES/0125-pccsadmin-add-fallback-for-when-pyopenssl-is-not-ava.patch @@ -0,0 +1,75 @@ +From 262c1cb978d31130d3558d2a29690b1eace52c64 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= +Date: Mon, 8 Dec 2025 17:56:59 +0000 +Subject: [PATCH 125/136] pccsadmin: add fallback for when pyopenssl is not + available +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RHEL does not ship pyopenssl, however, the pycryptography that is +included is also too old to support certificate verification. Add +a further fallback that can invoke the 'openssl' command line tool +to verify certificates. + +Signed-off-by: Daniel P. Berrangé +--- + tools/PccsAdminTool/lib/intelsgx/pcs.py | 28 +++++++++++++++++++++++-- + 1 file changed, 26 insertions(+), 2 deletions(-) + +diff --git a/tools/PccsAdminTool/lib/intelsgx/pcs.py b/tools/PccsAdminTool/lib/intelsgx/pcs.py +index eeb29697..1368b57b 100644 +--- a/tools/PccsAdminTool/lib/intelsgx/pcs.py ++++ b/tools/PccsAdminTool/lib/intelsgx/pcs.py +@@ -24,7 +24,14 @@ except ImportError: + verification = None + + if verification is None: +- from OpenSSL import crypto ++ try: ++ from OpenSSL import crypto ++ except ModuleNotFoundError: ++ # Fallback to spawning 'openssl' binary if ++ # pyopenssl is not available ++ crypto = None ++ import tempfile ++ import subprocess + + from platform import system + if system() == 'Windows': +@@ -166,7 +173,7 @@ class PCS: + # Printing or logging the error details + print(e) + return False +- else: ++ elif crypto is not None: + store= self.init_cert_store(pychain) + + for pycert in pycerts: +@@ -178,6 +185,23 @@ class PCS: + # Printing or logging the error details + print(e) + return False ++ else: ++ with tempfile.NamedTemporaryFile("wb") as chainfile: ++ for cert in pychain: ++ chainfile.write(cert.public_bytes(serialization.Encoding.PEM)) ++ chainfile.flush() ++ ++ for cert in pycerts: ++ with tempfile.NamedTemporaryFile("wb") as certfile: ++ certfile.write(cert.public_bytes(serialization.Encoding.PEM)) ++ certfile.flush() ++ ++ try: ++ subprocess.check_call(["openssl", "verify", ++ "-CAfile", chainfile.name, certfile.name], ++ stdout=subprocess.DEVNULL) ++ except subprocess.CalledProcessError as e: ++ return False + + return True + +-- +2.52.0 + diff --git a/SOURCES/0126-pccsadmin-ignore-errors-trying-to-clear-the-keyring.patch b/SOURCES/0126-pccsadmin-ignore-errors-trying-to-clear-the-keyring.patch new file mode 100644 index 0000000..c2f0aeb --- /dev/null +++ b/SOURCES/0126-pccsadmin-ignore-errors-trying-to-clear-the-keyring.patch @@ -0,0 +1,120 @@ +From 48f3dc21602f2f11f054c740c5efd4c34d5efae6 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= +Date: Thu, 4 Dec 2025 18:05:14 +0000 +Subject: [PATCH 126/136] pccsadmin: ignore errors trying to clear the keyring +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +On authentication errors with PCS, an attempt is made to clear the +keyring. This may fail if the user's login environment has no keyring +configured. The user would have declined to store the key when first +prompted, so there would be nothing to clear either in this case. + +Signed-off-by: Daniel P. Berrangé +--- + tools/PccsAdminTool/lib/intelsgx/pcs.py | 16 +++++++++++-- + tools/PccsAdminTool/pccsadmin.py | 32 +++++++++++++++++++++---- + 2 files changed, 42 insertions(+), 6 deletions(-) + +diff --git a/tools/PccsAdminTool/lib/intelsgx/pcs.py b/tools/PccsAdminTool/lib/intelsgx/pcs.py +index 1368b57b..dd4eba40 100644 +--- a/tools/PccsAdminTool/lib/intelsgx/pcs.py ++++ b/tools/PccsAdminTool/lib/intelsgx/pcs.py +@@ -404,7 +404,13 @@ class PCS: + if response.status_code != 200: + print(str(response.content, 'utf-8')) + if response.status_code == 401: +- Credentials().set_pcs_api_key('') #reset ApiKey ++ try: ++ Credentials().set_pcs_api_key('') #reset ApiKey ++ except: ++ # If keyring is unavailable, we don't want to trigger ++ # traceback, as the user may have declined to save ++ # the key in the keyring earlier ++ pass + return None + + # Verify expected headers +@@ -479,7 +485,13 @@ class PCS: + if response.status_code != 200: + print(str(response.content, 'utf-8')) + if response.status_code == 401: +- Credentials().set_pcs_api_key('') #reset ApiKey ++ try: ++ Credentials().set_pcs_api_key('') #reset ApiKey ++ except: ++ # If keyring is unavailable, we don't want to trigger ++ # traceback, as the user may have declined to save ++ # the key in the keyring earlier ++ pass + return None + + # Verify expected headers +diff --git a/tools/PccsAdminTool/pccsadmin.py b/tools/PccsAdminTool/pccsadmin.py +index 8e447c50..dc5253bb 100755 +--- a/tools/PccsAdminTool/pccsadmin.py ++++ b/tools/PccsAdminTool/pccsadmin.py +@@ -166,7 +166,13 @@ class PccsClient: + if response.status_code == 200: + self._write_output_file(output_file, response) + elif response.status_code == 401: # Authentication error +- self.credentials.set_admin_token('') ++ try: ++ self.credentials.set_admin_token('') ++ except: ++ # If keyring is unavailable, we don't want to trigger ++ # traceback, as the user may have declined to save ++ # the key in the keyring earlier ++ pass + print("Authentication failed.") + else: + self._handle_error(response) +@@ -196,7 +202,13 @@ class PccsClient: + if response.status_code == 200: + print("Collaterals uploaded successfully.") + elif response.status_code == 401: # Authentication error +- self.credentials.set_admin_token('') ++ try: ++ self.credentials.set_admin_token('') ++ except: ++ # If keyring is unavailable, we don't want to trigger ++ # traceback, as the user may have declined to save ++ # the key in the keyring earlier ++ pass + print("Authentication failed.") + else: + self._handle_error(response) +@@ -212,7 +224,13 @@ class PccsClient: + if response.status_code == 200: + print("Policy uploaded successfully with policy ID :" + response.text) + elif response.status_code == 401: # Authentication error +- self.credentials.set_admin_token('') ++ try: ++ self.credentials.set_admin_token('') ++ except: ++ # If keyring is unavailable, we don't want to trigger ++ # traceback, as the user may have declined to save ++ # the key in the keyring earlier ++ pass + print("Authentication failed.") + else: + self._handle_error(response) +@@ -245,7 +263,13 @@ class PccsClient: + if response.status_code == 200: + print("The cache database was refreshed successfully.") + elif response.status_code == 401: # Authentication error +- self.credentials.set_admin_token('') ++ try: ++ self.credentials.set_admin_token('') ++ except: ++ # If keyring is unavailable, we don't want to trigger ++ # traceback, as the user may have declined to save ++ # the key in the keyring earlier ++ pass + print("Authentication failed.") + else: + self._handle_error(response) +-- +2.52.0 + diff --git a/SOURCES/0127-PCS-Client-Tool-Migrate-from-deprecated-pkg_resource.patch b/SOURCES/0127-PCS-Client-Tool-Migrate-from-deprecated-pkg_resource.patch new file mode 100644 index 0000000..def600b --- /dev/null +++ b/SOURCES/0127-PCS-Client-Tool-Migrate-from-deprecated-pkg_resource.patch @@ -0,0 +1,51 @@ +From f0222324f5896d08457ed0ffb3951081d66e0cf0 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= +Date: Tue, 6 Jan 2026 18:03:36 +0100 +Subject: [PATCH 127/136] [PCS Client Tool] Migrate from deprecated + pkg_resources to packaging +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Miro Hrončok + +Version 14.0 is the first version that had the Version class. + +Ref: https://setuptools.pypa.io/en/latest/pkg_resources.html + +Signed-off-by: Miro Hrončok +--- + tools/PccsAdminTool/lib/intelsgx/pcs.py | 2 +- + tools/PccsAdminTool/requirements.txt | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/tools/PccsAdminTool/lib/intelsgx/pcs.py b/tools/PccsAdminTool/lib/intelsgx/pcs.py +index dd4eba40..7596708c 100644 +--- a/tools/PccsAdminTool/lib/intelsgx/pcs.py ++++ b/tools/PccsAdminTool/lib/intelsgx/pcs.py +@@ -39,7 +39,7 @@ if system() == 'Windows': + from lib.intelsgx.credential import Credentials + from requests.adapters import HTTPAdapter + from urllib3.util import Retry +-from pkg_resources import parse_version ++from packaging.version import Version as parse_version + + certBegin= '-----BEGIN CERTIFICATE-----' + certEnd= '-----END CERTIFICATE-----' +diff --git a/tools/PccsAdminTool/requirements.txt b/tools/PccsAdminTool/requirements.txt +index 8a73667f..65f6bf50 100644 +--- a/tools/PccsAdminTool/requirements.txt ++++ b/tools/PccsAdminTool/requirements.txt +@@ -1,8 +1,8 @@ + asn1>=2.4.1 + cryptography>=41.0.7 + keyring>=23.0.0 ++packaging>=14.0 + pyOpenSSL>=23.2.0,<24.3.0 + pypac>=0.14.0 + Requests>=2.31.0 +-setuptools>=65.5.1 + urllib3>=1.26.18 +-- +2.52.0 + diff --git a/SOURCES/0128-qgs-add-compat-for-boost-1.87-which-drops-asio-io_se.patch b/SOURCES/0128-qgs-add-compat-for-boost-1.87-which-drops-asio-io_se.patch new file mode 100644 index 0000000..0900264 --- /dev/null +++ b/SOURCES/0128-qgs-add-compat-for-boost-1.87-which-drops-asio-io_se.patch @@ -0,0 +1,44 @@ +From a3633a45f16aa80e9be8542ea8702ec32dbf93cd Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= +Date: Thu, 15 Jan 2026 11:23:35 +0000 +Subject: [PATCH 128/136] qgs: add compat for boost 1.87 which drops + asio::io_service +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Jonathan Wakely + +The asio::io_service type was deprecated since 1.66 in 2017, +with asio::io_context being its drop-in replacement. + +Release 1.87 finally dropped the back-compat support for +asio::io_service entirely. + +To retain compat with old boost this change conditionally +re-adds the compat definition for asio::io_service. + +Signed-off-by: Daniel P. Berrangé +--- + QuoteGeneration/quote_wrapper/qgs/qgs_server.h | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/QuoteGeneration/quote_wrapper/qgs/qgs_server.h b/QuoteGeneration/quote_wrapper/qgs/qgs_server.h +index f3f5b9f9..91eb41a4 100644 +--- a/QuoteGeneration/quote_wrapper/qgs/qgs_server.h ++++ b/QuoteGeneration/quote_wrapper/qgs/qgs_server.h +@@ -36,6 +36,11 @@ + #include + #include + ++#if BOOST_VERSION >= 108700 ++// Asio no longer defines the deprecated io_service alias. ++namespace boost { namespace asio { using io_service = io_context; } } ++#endif ++ + namespace intel { namespace sgx { namespace dcap { namespace qgs { + + namespace asio = boost::asio; +-- +2.52.0 + diff --git a/SOURCES/0129-qgs-add-compat-for-boost-1.89-which-deprecated-deadl.patch b/SOURCES/0129-qgs-add-compat-for-boost-1.89-which-deprecated-deadl.patch new file mode 100644 index 0000000..0ecc674 --- /dev/null +++ b/SOURCES/0129-qgs-add-compat-for-boost-1.89-which-deprecated-deadl.patch @@ -0,0 +1,36 @@ +From 3c73dad4bdab6d3c29f58ca5ca34628c7ef952b0 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= +Date: Thu, 15 Jan 2026 12:48:19 +0000 +Subject: [PATCH 129/136] qgs: add compat for boost 1.89 which deprecated + deadline_timer.hpp +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The asio::deadline_timer was deprecated in 1.89 and as a result +the deadline_timer.hpp file is no longer implicitly included by +asio.hpp. + +To retain compat with old and new boost the code must explicitly +include the deadline_timer.hpp + +Signed-off-by: Daniel P. Berrangé +--- + QuoteGeneration/quote_wrapper/qgs/qgs_server.h | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/QuoteGeneration/quote_wrapper/qgs/qgs_server.h b/QuoteGeneration/quote_wrapper/qgs/qgs_server.h +index 91eb41a4..b56b2633 100644 +--- a/QuoteGeneration/quote_wrapper/qgs/qgs_server.h ++++ b/QuoteGeneration/quote_wrapper/qgs/qgs_server.h +@@ -34,6 +34,7 @@ + + #include + #include ++#include + #include + + #if BOOST_VERSION >= 108700 +-- +2.52.0 + diff --git a/SOURCES/0130-Bump-tar-fs-from-2.1.2-to-2.1.3-in-QuoteGeneration-p.patch b/SOURCES/0130-Bump-tar-fs-from-2.1.2-to-2.1.3-in-QuoteGeneration-p.patch new file mode 100644 index 0000000..16d31d8 --- /dev/null +++ b/SOURCES/0130-Bump-tar-fs-from-2.1.2-to-2.1.3-in-QuoteGeneration-p.patch @@ -0,0 +1,46 @@ +From 64ceff38879265a1844ae1410fa117b8e2745eed Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= +Date: Wed, 27 Aug 2025 08:50:27 -0400 +Subject: [PATCH 130/136] Bump tar-fs from 2.1.2 to 2.1.3 in + /QuoteGeneration/pccs (#452) + +From: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> + +Bumps [tar-fs](https://github.com/mafintosh/tar-fs) from 2.1.2 to 2.1.3. +- [Commits](https://github.com/mafintosh/tar-fs/commits) + +--- +updated-dependencies: +- dependency-name: tar-fs + dependency-version: 2.1.3 + dependency-type: indirect +... + +Signed-off-by: dependabot[bot] +Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> +(cherry picked from commit be740fc70414b27bbe94398fb77a3d0738569e75) +--- + QuoteGeneration/pccs/package-lock.json | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/QuoteGeneration/pccs/package-lock.json b/QuoteGeneration/pccs/package-lock.json +index 8eb75a13..d979ab1c 100644 +--- a/QuoteGeneration/pccs/package-lock.json ++++ b/QuoteGeneration/pccs/package-lock.json +@@ -3437,9 +3437,10 @@ + } + }, + "node_modules/tar-fs": { +- "version": "2.1.2", +- "resolved": "https://registry.npmjs.org/tar-fs/-/tar-fs-2.1.2.tgz", +- "integrity": "sha512-EsaAXwxmx8UB7FRKqeozqEPop69DXcmYwTQwXvyAPF352HJsPdkVhvTaDPYqfNgruveJIJy3TA2l+2zj8LJIJA==", ++ "version": "2.1.3", ++ "resolved": "https://registry.npmjs.org/tar-fs/-/tar-fs-2.1.3.tgz", ++ "integrity": "sha512-090nwYJDmlhwFwEW3QQl+vaNnxsO2yVsd45eTKRBzSzu+hlb1w2K9inVq5b0ngXuLVqQ4ApvsUHHnu/zQNkWAg==", ++ "license": "MIT", + "dependencies": { + "chownr": "^1.1.1", + "mkdirp-classic": "^0.5.2", +-- +2.52.0 + diff --git a/SOURCES/0131-Bump-on-headers-and-morgan-in-QuoteGeneration-pccs-4.patch b/SOURCES/0131-Bump-on-headers-and-morgan-in-QuoteGeneration-pccs-4.patch new file mode 100644 index 0000000..d5be0f9 --- /dev/null +++ b/SOURCES/0131-Bump-on-headers-and-morgan-in-QuoteGeneration-pccs-4.patch @@ -0,0 +1,102 @@ +From 3b4b10d4d979a6241309dd9eda790759f3f642ef Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= +Date: Wed, 27 Aug 2025 08:51:38 -0400 +Subject: [PATCH 131/136] Bump on-headers and morgan in /QuoteGeneration/pccs + (#455) + +From: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> + +Bumps [on-headers](https://github.com/jshttp/on-headers) to 1.1.0 and updates ancestor dependency [morgan](https://github.com/expressjs/morgan). These dependencies need to be updated together. + +Updates `on-headers` from 1.0.2 to 1.1.0 +- [Release notes](https://github.com/jshttp/on-headers/releases) +- [Changelog](https://github.com/jshttp/on-headers/blob/master/HISTORY.md) +- [Commits](https://github.com/jshttp/on-headers/compare/v1.0.2...v1.1.0) + +Updates `morgan` from 1.10.0 to 1.10.1 +- [Release notes](https://github.com/expressjs/morgan/releases) +- [Changelog](https://github.com/expressjs/morgan/blob/master/HISTORY.md) +- [Commits](https://github.com/expressjs/morgan/compare/1.10.0...1.10.1) + +--- +updated-dependencies: +- dependency-name: on-headers + dependency-version: 1.1.0 + dependency-type: indirect +- dependency-name: morgan + dependency-version: 1.10.1 + dependency-type: direct:production +... + +Signed-off-by: dependabot[bot] +Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> +(cherry picked from commit e195a67362971db869b7f9fa8a16b5d688e797b8) +--- + QuoteGeneration/pccs/package-lock.json | 18 ++++++++++-------- + QuoteGeneration/pccs/package.json | 2 +- + 2 files changed, 11 insertions(+), 9 deletions(-) + +diff --git a/QuoteGeneration/pccs/package-lock.json b/QuoteGeneration/pccs/package-lock.json +index d979ab1c..7dfcb6be 100644 +--- a/QuoteGeneration/pccs/package-lock.json ++++ b/QuoteGeneration/pccs/package-lock.json +@@ -18,7 +18,7 @@ + "express": "^4.21.2", + "ffi-rs": "^1.0.64", + "got": "^11.8.6", +- "morgan": "^1.10.0", ++ "morgan": "^1.10.1", + "mysql2": "^3.10.1", + "node-schedule": "^2.1.1", + "sequelize": "^6.37.3", +@@ -2376,15 +2376,16 @@ + } + }, + "node_modules/morgan": { +- "version": "1.10.0", +- "resolved": "https://registry.npmjs.org/morgan/-/morgan-1.10.0.tgz", +- "integrity": "sha512-AbegBVI4sh6El+1gNwvD5YIck7nSA36weD7xvIxG4in80j/UoK8AEGaWnnz8v1GxonMCltmlNs5ZKbGvl9b1XQ==", ++ "version": "1.10.1", ++ "resolved": "https://registry.npmjs.org/morgan/-/morgan-1.10.1.tgz", ++ "integrity": "sha512-223dMRJtI/l25dJKWpgij2cMtywuG/WiUKXdvwfbhGKBhy1puASqXwFzmWZ7+K73vUPoR7SS2Qz2cI/g9MKw0A==", ++ "license": "MIT", + "dependencies": { + "basic-auth": "~2.0.1", + "debug": "2.6.9", + "depd": "~2.0.0", + "on-finished": "~2.3.0", +- "on-headers": "~1.0.2" ++ "on-headers": "~1.1.0" + }, + "engines": { + "node": ">= 0.8.0" +@@ -2607,9 +2608,10 @@ + } + }, + "node_modules/on-headers": { +- "version": "1.0.2", +- "resolved": "https://registry.npmjs.org/on-headers/-/on-headers-1.0.2.tgz", +- "integrity": "sha512-pZAE+FJLoyITytdqK0U5s+FIpjN0JP3OzFi/u8Rx+EV5/W+JTWGXG8xFzevE7AjBfDqHv/8vL8qQsIhHnqRkrA==", ++ "version": "1.1.0", ++ "resolved": "https://registry.npmjs.org/on-headers/-/on-headers-1.1.0.tgz", ++ "integrity": "sha512-737ZY3yNnXy37FHkQxPzt4UZ2UWPWiCZWLvFZ4fu5cueciegX0zGPnrlY6bwRg4FdQOe9YU8MkmJwGhoMybl8A==", ++ "license": "MIT", + "engines": { + "node": ">= 0.8" + } +diff --git a/QuoteGeneration/pccs/package.json b/QuoteGeneration/pccs/package.json +index ea6d29a9..7c498083 100644 +--- a/QuoteGeneration/pccs/package.json ++++ b/QuoteGeneration/pccs/package.json +@@ -14,7 +14,7 @@ + "express": "^4.21.2", + "ffi-rs": "^1.0.64", + "got": "^11.8.6", +- "morgan": "^1.10.0", ++ "morgan": "^1.10.1", + "mysql2": "^3.10.1", + "node-schedule": "^2.1.1", + "sequelize": "^6.37.3", +-- +2.52.0 + diff --git a/SOURCES/0132-Bump-brace-expansion-from-1.1.11-to-1.1.12-in-QuoteG.patch b/SOURCES/0132-Bump-brace-expansion-from-1.1.11-to-1.1.12-in-QuoteG.patch new file mode 100644 index 0000000..76ffbb4 --- /dev/null +++ b/SOURCES/0132-Bump-brace-expansion-from-1.1.11-to-1.1.12-in-QuoteG.patch @@ -0,0 +1,47 @@ +From 39c83bdcf585187cb41c4698b0b2a24679ce3af2 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= +Date: Wed, 27 Aug 2025 08:52:37 -0400 +Subject: [PATCH 132/136] Bump brace-expansion from 1.1.11 to 1.1.12 in + /QuoteGeneration/pccs (#459) + +From: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> + +Bumps [brace-expansion](https://github.com/juliangruber/brace-expansion) from 1.1.11 to 1.1.12. +- [Release notes](https://github.com/juliangruber/brace-expansion/releases) +- [Commits](https://github.com/juliangruber/brace-expansion/compare/1.1.11...v1.1.12) + +--- +updated-dependencies: +- dependency-name: brace-expansion + dependency-version: 1.1.12 + dependency-type: indirect +... + +Signed-off-by: dependabot[bot] +Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> +(cherry picked from commit a46ee8ab10569962c5cd7397b4babd4a47431976) +--- + QuoteGeneration/pccs/package-lock.json | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/QuoteGeneration/pccs/package-lock.json b/QuoteGeneration/pccs/package-lock.json +index 7dfcb6be..c946788f 100644 +--- a/QuoteGeneration/pccs/package-lock.json ++++ b/QuoteGeneration/pccs/package-lock.json +@@ -750,9 +750,10 @@ + } + }, + "node_modules/brace-expansion": { +- "version": "1.1.11", +- "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", +- "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==", ++ "version": "1.1.12", ++ "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz", ++ "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==", ++ "license": "MIT", + "optional": true, + "dependencies": { + "balanced-match": "^1.0.0", +-- +2.52.0 + diff --git a/SOURCES/0133-Bump-tar-fs-from-2.1.3-to-2.1.4-in-QuoteGeneration-p.patch b/SOURCES/0133-Bump-tar-fs-from-2.1.3-to-2.1.4-in-QuoteGeneration-p.patch new file mode 100644 index 0000000..8ee48f5 --- /dev/null +++ b/SOURCES/0133-Bump-tar-fs-from-2.1.3-to-2.1.4-in-QuoteGeneration-p.patch @@ -0,0 +1,45 @@ +From d91e8d59ccf4c15ebfa4e4760839f41e19107c04 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= +Date: Tue, 7 Oct 2025 09:14:30 -0400 +Subject: [PATCH 133/136] Bump tar-fs from 2.1.3 to 2.1.4 in + /QuoteGeneration/pccs (#463) + +From: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> + +Bumps [tar-fs](https://github.com/mafintosh/tar-fs) from 2.1.3 to 2.1.4. +- [Commits](https://github.com/mafintosh/tar-fs/compare/v2.1.3...v2.1.4) + +--- +updated-dependencies: +- dependency-name: tar-fs + dependency-version: 2.1.4 + dependency-type: indirect +... + +Signed-off-by: dependabot[bot] +Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> +(cherry picked from commit 66726e154c6d9e6ffeea3d3035241805cb82bfed) +--- + QuoteGeneration/pccs/package-lock.json | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/QuoteGeneration/pccs/package-lock.json b/QuoteGeneration/pccs/package-lock.json +index c946788f..e383c219 100644 +--- a/QuoteGeneration/pccs/package-lock.json ++++ b/QuoteGeneration/pccs/package-lock.json +@@ -3440,9 +3440,9 @@ + } + }, + "node_modules/tar-fs": { +- "version": "2.1.3", +- "resolved": "https://registry.npmjs.org/tar-fs/-/tar-fs-2.1.3.tgz", +- "integrity": "sha512-090nwYJDmlhwFwEW3QQl+vaNnxsO2yVsd45eTKRBzSzu+hlb1w2K9inVq5b0ngXuLVqQ4ApvsUHHnu/zQNkWAg==", ++ "version": "2.1.4", ++ "resolved": "https://registry.npmjs.org/tar-fs/-/tar-fs-2.1.4.tgz", ++ "integrity": "sha512-mDAjwmZdh7LTT6pNleZ05Yt65HC3E+NiQzl672vQG38jIrehtJk/J3mNwIg+vShQPcLF/LV7CMnDW6vjj6sfYQ==", + "license": "MIT", + "dependencies": { + "chownr": "^1.1.1", +-- +2.52.0 + diff --git a/SOURCES/0134-PCCS-dependencies-updated-to-latest-minor.patch b/SOURCES/0134-PCCS-dependencies-updated-to-latest-minor.patch new file mode 100644 index 0000000..8fad676 --- /dev/null +++ b/SOURCES/0134-PCCS-dependencies-updated-to-latest-minor.patch @@ -0,0 +1,4122 @@ +From 2207cd826c3380d88e2e16e0f9c59eb61f93d521 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= +Date: Mon, 15 Dec 2025 14:33:37 +0100 +Subject: [PATCH 134/136] PCCS dependencies updated to latest minor + +From: Bartosz Gotowalski + +package-lock.json file will be now included in release packages for PCCS service +PCCS version bumped to 1.23.101.0 +Bumped minor/patch versions of PCCS dependencies: +- ajv from 8.12.0 to 8.17.1 +- config from 3.3.9 to 3.3.12 +- ffi-rs from 1.0.64 to 1.3.1, +- mysql12 from 3.10.1 to 3.15.3 +- sequelize from 6.37.3 to 6.37.7 +- umzug from 3.8.0 to 3.8.2 +- winston from 3.10.0 to 3.18.3 +PCCS version and tag updated to 1.23.101 + +--------- + +Signed-off-by: Bartosz Gotowalski +(cherry picked from commit 9e1b57478f6e04936b9089d0f163120ed86f1828) +--- + .../common/inc/internal/se_version.h | 8 +- + .../sgx-dcap-pccs/BOMs/sgx-dcap-pccs.txt | 1 + + .../DCAP_Components/DCAP_Components.nuspec | 2 +- + QuoteGeneration/pccs/container/Dockerfile | 2 +- + QuoteGeneration/pccs/package-lock.json | 1492 ++++++++++++----- + QuoteGeneration/pccs/package.json | 16 +- + 6 files changed, 1092 insertions(+), 429 deletions(-) + +diff --git a/QuoteGeneration/common/inc/internal/se_version.h b/QuoteGeneration/common/inc/internal/se_version.h +index 9ee51c0c..7574f528 100644 +--- a/QuoteGeneration/common/inc/internal/se_version.h ++++ b/QuoteGeneration/common/inc/internal/se_version.h +@@ -28,11 +28,11 @@ + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ +-#define STRFILEVER "1.23.100.0" ++#define STRFILEVER "1.23.101.0" + #define COPYRIGHT "Copyright (C) 2025 Intel Corporation" +-#define FILEVER 1,23,100,0 +-#define PRODUCTVER 1,23,100,0 +-#define STRPRODUCTVER "1.23.100.0" ++#define FILEVER 1,23,101,0 ++#define PRODUCTVER 1,23,101,0 ++#define STRPRODUCTVER "1.23.101.0" + #define COMPANYNAME "Intel Corporation" + #define PRODUCTNAME "Intel® Software Guard Extensions" + +diff --git a/QuoteGeneration/installer/linux/common/sgx-dcap-pccs/BOMs/sgx-dcap-pccs.txt b/QuoteGeneration/installer/linux/common/sgx-dcap-pccs/BOMs/sgx-dcap-pccs.txt +index f738996b..e722cf84 100644 +--- a/QuoteGeneration/installer/linux/common/sgx-dcap-pccs/BOMs/sgx-dcap-pccs.txt ++++ b/QuoteGeneration/installer/linux/common/sgx-dcap-pccs/BOMs/sgx-dcap-pccs.txt +@@ -75,6 +75,7 @@ DeliveryName InstallName FileCheckSum FileFeature FileOwner + /pccs/x509/x509.js /x509/x509.js 0 main STP + /pccs/install.sh /install.sh 0 main STP + /pccs/package.json /package.json 0 main STP ++/pccs/package-lock.json /package-lock.json 0 main STP + /pccs/pccs_server.js /pccs_server.js 0 main STP + /pccs/pccs.service /pccs.service 0 main STP + /pccs/startup.sh /startup.sh 0 main STP +diff --git a/QuoteGeneration/installer/win/DCAP_Components/DCAP_Components.nuspec b/QuoteGeneration/installer/win/DCAP_Components/DCAP_Components.nuspec +index 13dabf3f..3323d9b7 100644 +--- a/QuoteGeneration/installer/win/DCAP_Components/DCAP_Components.nuspec ++++ b/QuoteGeneration/installer/win/DCAP_Components/DCAP_Components.nuspec +@@ -2,7 +2,7 @@ + + + DCAP_Components +- 1.23.100.0 ++ 1.23.101.0 + DCAP Components + Intel(R) SGX + Intel +diff --git a/QuoteGeneration/pccs/container/Dockerfile b/QuoteGeneration/pccs/container/Dockerfile +index b9820a2e..64cccd99 100644 +--- a/QuoteGeneration/pccs/container/Dockerfile ++++ b/QuoteGeneration/pccs/container/Dockerfile +@@ -7,7 +7,7 @@ ARG NODE_VERSION=20.12.2 + FROM docker.io/library/debian AS builder + + # Define arguments used across multiple stages +-ARG DCAP_VERSION=DCAP_1.23 ++ARG DCAP_VERSION=DCAP_1.23.101 + ARG NODE_VERSION + + # update and install packages, nodejs +diff --git a/QuoteGeneration/pccs/package-lock.json b/QuoteGeneration/pccs/package-lock.json +index e383c219..e01fde2f 100644 +--- a/QuoteGeneration/pccs/package-lock.json ++++ b/QuoteGeneration/pccs/package-lock.json +@@ -1,30 +1,30 @@ + { + "name": "PCCS", +- "version": "1.23.0", ++ "version": "1.23.101", + "lockfileVersion": 3, + "requires": true, + "packages": { + "": { + "name": "PCCS", +- "version": "1.23.0", ++ "version": "1.23.101", + "dependencies": { + "@fidm/x509": "^1.2.1", +- "ajv": "^8.12.0", ++ "ajv": "^8.17.1", + "ajv-formats": "^2.1.1", + "body-parser": "^1.20.3", + "caw": "^2.0.1", + "cls-hooked": "^4.2.2", +- "config": "^3.3.9", ++ "config": "^3.3.12", + "express": "^4.21.2", +- "ffi-rs": "^1.0.64", ++ "ffi-rs": "^1.3.1", + "got": "^11.8.6", + "morgan": "^1.10.1", +- "mysql2": "^3.10.1", ++ "mysql2": "^3.15.3", + "node-schedule": "^2.1.1", +- "sequelize": "^6.37.3", ++ "sequelize": "^6.37.7", + "sqlite3": "^5.1.7", +- "umzug": "^3.8.0", +- "winston": "^3.10.0" ++ "umzug": "^3.8.2", ++ "winston": "^3.18.3" + }, + "engines": { + "node": ">= 18.17.0" +@@ -34,16 +34,18 @@ + "version": "1.6.0", + "resolved": "https://registry.npmjs.org/@colors/colors/-/colors-1.6.0.tgz", + "integrity": "sha512-Ir+AOibqzrIsL6ajt3Rz3LskB7OiMVHqltZmspbW/TJuTVuyOMirVqAkjfY6JISiLHgyNqicAC8AyHHGzNd/dA==", ++ "license": "MIT", + "engines": { + "node": ">=0.1.90" + } + }, + "node_modules/@dabh/diagnostics": { +- "version": "2.0.3", +- "resolved": "https://registry.npmjs.org/@dabh/diagnostics/-/diagnostics-2.0.3.tgz", +- "integrity": "sha512-hrlQOIi7hAfzsMqlGSFyVucrx38O+j6wiGOf//H2ecvIEqYN4ADBSS2iLMh5UFyDunCNniUIPk/q3riFv45xRA==", ++ "version": "2.0.8", ++ "resolved": "https://registry.npmjs.org/@dabh/diagnostics/-/diagnostics-2.0.8.tgz", ++ "integrity": "sha512-R4MSXTVnuMzGD7bzHdW2ZhhdPC/igELENcq5IjEverBvq5hn1SXCWcsi6eSsdWP0/Ur+SItRRjAktmdoX/8R/Q==", ++ "license": "MIT", + "dependencies": { +- "colorspace": "1.1.x", ++ "@so-ric/colorspace": "^1.1.6", + "enabled": "2.0.x", + "kuler": "^2.0.0" + } +@@ -52,6 +54,7 @@ + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/@fidm/asn1/-/asn1-1.0.4.tgz", + "integrity": "sha512-esd1jyNvRb2HVaQGq2Gg8Z0kbQPXzV9Tq5Z14KNIov6KfFD6PTaRIO8UpcsYiTNzOqJpmyzWgVTrUwFV3UF4TQ==", ++ "license": "MIT", + "engines": { + "node": ">= 8" + } +@@ -60,6 +63,7 @@ + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/@fidm/x509/-/x509-1.2.1.tgz", + "integrity": "sha512-nwc2iesjyc9hkuzcrMCBXQRn653XuAUKorfWM8PZyJawiy1QzLj4vahwzaI25+pfpwOLvMzbJ0uKpWLDNmo16w==", ++ "license": "MIT", + "dependencies": { + "@fidm/asn1": "^1.0.4", + "tweetnacl": "^1.0.1" +@@ -72,12 +76,14 @@ + "version": "1.1.3", + "resolved": "https://registry.npmjs.org/@gar/promisify/-/promisify-1.1.3.tgz", + "integrity": "sha512-k2Ty1JcVojjJFwrg/ThKi2ujJ7XNLYaFGNB/bWT9wGR+oSMJHMa5w+CUq6p/pVrKeNNgA7pCqEcjSnHVoqJQFw==", ++ "license": "MIT", + "optional": true + }, + "node_modules/@nodelib/fs.scandir": { + "version": "2.1.5", + "resolved": "https://registry.npmjs.org/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz", + "integrity": "sha512-vq24Bq3ym5HEQm2NKCr3yXDwjc7vTsEThRDnkp2DK9p1uqLR+DHurm/NOTo0KG7HYHU7eppKZj3MyqYuMBf62g==", ++ "license": "MIT", + "dependencies": { + "@nodelib/fs.stat": "2.0.5", + "run-parallel": "^1.1.9" +@@ -90,6 +96,7 @@ + "version": "2.0.5", + "resolved": "https://registry.npmjs.org/@nodelib/fs.stat/-/fs.stat-2.0.5.tgz", + "integrity": "sha512-RkhPPp2zrqDAQA/2jNhnztcPAlv64XdhIp7a7454A5ovI7Bukxgt7MX7udwAu3zg1DcpPU0rz3VV1SeaqvY4+A==", ++ "license": "MIT", + "engines": { + "node": ">= 8" + } +@@ -98,6 +105,7 @@ + "version": "1.2.8", + "resolved": "https://registry.npmjs.org/@nodelib/fs.walk/-/fs.walk-1.2.8.tgz", + "integrity": "sha512-oGB+UxlgWcgQkgwo8GcEGwemoTFt3FIO9ababBmaGwXIoBKZ+GTy0pP185beGg7Llih/NSHSV2XAs1lnznocSg==", ++ "license": "MIT", + "dependencies": { + "@nodelib/fs.scandir": "2.1.5", + "fastq": "^1.6.0" +@@ -110,6 +118,7 @@ + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/@npmcli/fs/-/fs-1.1.1.tgz", + "integrity": "sha512-8KG5RD0GVP4ydEzRn/I4BNDuxDtqVbOdm8675T49OIG/NGhaK0pjPX7ZcDlvKYbA+ulvVK3ztfcF4uBdOxuJbQ==", ++ "license": "ISC", + "optional": true, + "dependencies": { + "@gar/promisify": "^1.0.1", +@@ -117,9 +126,10 @@ + } + }, + "node_modules/@npmcli/fs/node_modules/semver": { +- "version": "7.7.1", +- "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.1.tgz", +- "integrity": "sha512-hlq8tAfn0m/61p4BVRcPzIGr6LKiMwo4VM6dGi6pt4qcRkmNzTcWq6eCEjEh+qXjkMDvPlOFFSGwQjoEa6gyMA==", ++ "version": "7.7.3", ++ "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.3.tgz", ++ "integrity": "sha512-SdsKMrI9TdgjdweUSR9MweHA4EJ8YxHn8DFaDisvhVlUOe4BF1tLD7GAj0lIqWVl+dPb/rExr0Btby5loQm20Q==", ++ "license": "ISC", + "optional": true, + "bin": { + "semver": "bin/semver.js" +@@ -133,6 +143,7 @@ + "resolved": "https://registry.npmjs.org/@npmcli/move-file/-/move-file-1.1.2.tgz", + "integrity": "sha512-1SUf/Cg2GzGDyaf15aR9St9TWlb+XvbZXWpDx8YKs7MLzMH/BCeopv+y9vzrzgkfykCGuWOlSu3mZhj2+FQcrg==", + "deprecated": "This functionality has been moved to @npmcli/fs", ++ "license": "MIT", + "optional": true, + "dependencies": { + "mkdirp": "^1.0.4", +@@ -143,9 +154,10 @@ + } + }, + "node_modules/@rushstack/node-core-library": { +- "version": "5.11.0", +- "resolved": "https://registry.npmjs.org/@rushstack/node-core-library/-/node-core-library-5.11.0.tgz", +- "integrity": "sha512-I8+VzG9A0F3nH2rLpPd7hF8F7l5Xb7D+ldrWVZYegXM6CsKkvWc670RlgK3WX8/AseZfXA/vVrh0bpXe2Y2UDQ==", ++ "version": "5.13.0", ++ "resolved": "https://registry.npmjs.org/@rushstack/node-core-library/-/node-core-library-5.13.0.tgz", ++ "integrity": "sha512-IGVhy+JgUacAdCGXKUrRhwHMTzqhWwZUI+qEPcdzsb80heOw0QPbhhoVsoiMF7Klp8eYsp7hzpScMXmOa3Uhfg==", ++ "license": "MIT", + "dependencies": { + "ajv": "~8.13.0", + "ajv-draft-04": "~1.0.0", +@@ -169,17 +181,23 @@ + "version": "8.13.0", + "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.13.0.tgz", + "integrity": "sha512-PRA911Blj99jR5RMeTunVbNXMF6Lp4vZXnk5GQjcnUWUTsrXtekg/pnmFFI2u/I36Y/2bITGS30GZCXei6uNkA==", ++ "license": "MIT", + "dependencies": { + "fast-deep-equal": "^3.1.3", + "json-schema-traverse": "^1.0.0", + "require-from-string": "^2.0.2", + "uri-js": "^4.4.1" ++ }, ++ "funding": { ++ "type": "github", ++ "url": "https://github.com/sponsors/epoberezkin" + } + }, + "node_modules/@rushstack/node-core-library/node_modules/ajv-formats": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/ajv-formats/-/ajv-formats-3.0.1.tgz", + "integrity": "sha512-8iUql50EUR+uUcdRQ3HDqa6EVyo3docL8g5WJ3FNcWmu62IbkGUue/pEyLBW8VGKKucTPgqeks4fIU1DA4yowQ==", ++ "license": "MIT", + "dependencies": { + "ajv": "^8.0.0" + }, +@@ -192,21 +210,11 @@ + } + } + }, +- "node_modules/@rushstack/node-core-library/node_modules/lru-cache": { +- "version": "6.0.0", +- "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz", +- "integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==", +- "dependencies": { +- "yallist": "^4.0.0" +- }, +- "engines": { +- "node": ">=10" +- } +- }, + "node_modules/@rushstack/node-core-library/node_modules/semver": { + "version": "7.5.4", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.5.4.tgz", + "integrity": "sha512-1bCSESV6Pv+i21Hvpxp3Dx+pSD8lIPt8uVjRrxAUt/nbswYc+tK6Y2btiULjd4+fnq15PX+nqQDC7Oft7WkwcA==", ++ "license": "ISC", + "dependencies": { + "lru-cache": "^6.0.0" + }, +@@ -218,11 +226,12 @@ + } + }, + "node_modules/@rushstack/terminal": { +- "version": "0.15.0", +- "resolved": "https://registry.npmjs.org/@rushstack/terminal/-/terminal-0.15.0.tgz", +- "integrity": "sha512-vXQPRQ+vJJn4GVqxkwRe+UGgzNxdV8xuJZY2zem46Y0p3tlahucH9/hPmLGj2i9dQnUBFiRnoM9/KW7PYw8F4Q==", ++ "version": "0.15.2", ++ "resolved": "https://registry.npmjs.org/@rushstack/terminal/-/terminal-0.15.2.tgz", ++ "integrity": "sha512-7Hmc0ysK5077R/IkLS9hYu0QuNafm+TbZbtYVzCMbeOdMjaRboLKrhryjwZSRJGJzu+TV1ON7qZHeqf58XfLpA==", ++ "license": "MIT", + "dependencies": { +- "@rushstack/node-core-library": "5.11.0", ++ "@rushstack/node-core-library": "5.13.0", + "supports-color": "~8.1.1" + }, + "peerDependencies": { +@@ -235,11 +244,12 @@ + } + }, + "node_modules/@rushstack/ts-command-line": { +- "version": "4.23.5", +- "resolved": "https://registry.npmjs.org/@rushstack/ts-command-line/-/ts-command-line-4.23.5.tgz", +- "integrity": "sha512-jg70HfoK44KfSP3MTiL5rxsZH7X1ktX3cZs9Sl8eDu1/LxJSbPsh0MOFRC710lIuYYSgxWjI5AjbCBAl7u3RxA==", ++ "version": "4.23.7", ++ "resolved": "https://registry.npmjs.org/@rushstack/ts-command-line/-/ts-command-line-4.23.7.tgz", ++ "integrity": "sha512-Gr9cB7DGe6uz5vq2wdr89WbVDKz0UeuFEn5H2CfWDe7JvjFFaiV15gi6mqDBTbHhHCWS7w8mF1h3BnIfUndqdA==", ++ "license": "MIT", + "dependencies": { +- "@rushstack/terminal": "0.15.0", ++ "@rushstack/terminal": "0.15.2", + "@types/argparse": "1.0.38", + "argparse": "~1.0.9", + "string-argv": "~0.3.1" +@@ -249,14 +259,29 @@ + "version": "4.6.0", + "resolved": "https://registry.npmjs.org/@sindresorhus/is/-/is-4.6.0.tgz", + "integrity": "sha512-t09vSN3MdfsyCHoFcTRCH/iUtG7OJ0CsjzB8cjAmKc/va/kIgeDI/TxsigdncE/4be734m0cvIYwNaV4i2XqAw==", ++ "license": "MIT", + "engines": { + "node": ">=10" ++ }, ++ "funding": { ++ "url": "https://github.com/sindresorhus/is?sponsor=1" ++ } ++ }, ++ "node_modules/@so-ric/colorspace": { ++ "version": "1.1.6", ++ "resolved": "https://registry.npmjs.org/@so-ric/colorspace/-/colorspace-1.1.6.tgz", ++ "integrity": "sha512-/KiKkpHNOBgkFJwu9sh48LkHSMYGyuTcSFK/qMBdnOAlrRJzRSXAOFB5qwzaVQuDl8wAvHVMkaASQDReTahxuw==", ++ "license": "MIT", ++ "dependencies": { ++ "color": "^5.0.2", ++ "text-hex": "1.0.x" + } + }, + "node_modules/@szmarczak/http-timer": { + "version": "4.0.6", + "resolved": "https://registry.npmjs.org/@szmarczak/http-timer/-/http-timer-4.0.6.tgz", + "integrity": "sha512-4BAffykYOgO+5nzBWYwE3W90sBgLJoUPRWWcL8wlyiM8IB8ipJz3UMJ9KXQd1RKQXpKp8Tutn80HZtWsu2u76w==", ++ "license": "MIT", + "dependencies": { + "defer-to-connect": "^2.0.0" + }, +@@ -268,6 +293,7 @@ + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/@tootallnate/once/-/once-1.1.2.tgz", + "integrity": "sha512-RbzJvlNzmRq5c3O09UipeuXno4tA1FE6ikOjxZK0tuxVv3412l64l5t1W5pj4+rJq9vpkm/kwiR07aZXnsKPxw==", ++ "license": "MIT", + "optional": true, + "engines": { + "node": ">= 6" +@@ -276,12 +302,14 @@ + "node_modules/@types/argparse": { + "version": "1.0.38", + "resolved": "https://registry.npmjs.org/@types/argparse/-/argparse-1.0.38.tgz", +- "integrity": "sha512-ebDJ9b0e702Yr7pWgB0jzm+CX4Srzz8RcXtLJDJB+BSccqMa36uyH/zUsSYao5+BD1ytv3k3rPYCq4mAE1hsXA==" ++ "integrity": "sha512-ebDJ9b0e702Yr7pWgB0jzm+CX4Srzz8RcXtLJDJB+BSccqMa36uyH/zUsSYao5+BD1ytv3k3rPYCq4mAE1hsXA==", ++ "license": "MIT" + }, + "node_modules/@types/cacheable-request": { + "version": "6.0.3", + "resolved": "https://registry.npmjs.org/@types/cacheable-request/-/cacheable-request-6.0.3.tgz", + "integrity": "sha512-IQ3EbTzGxIigb1I3qPZc1rWJnH0BmSKv5QYTalEwweFvyBDLSAe24zP0le/hyi7ecGfZVlIVAg4BZqb8WBwKqw==", ++ "license": "MIT", + "dependencies": { + "@types/http-cache-semantics": "*", + "@types/keyv": "^3.1.4", +@@ -293,6 +321,7 @@ + "version": "4.1.12", + "resolved": "https://registry.npmjs.org/@types/debug/-/debug-4.1.12.tgz", + "integrity": "sha512-vIChWdVG3LG1SMxEvI/AK+FWJthlrqlTu7fbrlywTkkaONwk/UAGaULXRlf8vkzFBLVm0zkMdCquhL5aOjhXPQ==", ++ "license": "MIT", + "dependencies": { + "@types/ms": "*" + } +@@ -300,12 +329,14 @@ + "node_modules/@types/http-cache-semantics": { + "version": "4.0.4", + "resolved": "https://registry.npmjs.org/@types/http-cache-semantics/-/http-cache-semantics-4.0.4.tgz", +- "integrity": "sha512-1m0bIFVc7eJWyve9S0RnuRgcQqF/Xd5QsUZAZeQFr1Q3/p9JWoQQEqmVy+DPTNpGXwhgIetAoYF8JSc33q29QA==" ++ "integrity": "sha512-1m0bIFVc7eJWyve9S0RnuRgcQqF/Xd5QsUZAZeQFr1Q3/p9JWoQQEqmVy+DPTNpGXwhgIetAoYF8JSc33q29QA==", ++ "license": "MIT" + }, + "node_modules/@types/keyv": { + "version": "3.1.4", + "resolved": "https://registry.npmjs.org/@types/keyv/-/keyv-3.1.4.tgz", + "integrity": "sha512-BQ5aZNSCpj7D6K2ksrRCTmKRLEpnPvWDiLPfoGyhZ++8YtiK9d/3DBKPJgry359X/P1PfruyYwvnvwFjuEiEIg==", ++ "license": "MIT", + "dependencies": { + "@types/node": "*" + } +@@ -313,20 +344,23 @@ + "node_modules/@types/ms": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/@types/ms/-/ms-2.1.0.tgz", +- "integrity": "sha512-GsCCIZDE/p3i96vtEqx+7dBUGXrc7zeSK3wwPHIaRThS+9OhWIXRqzs4d6k1SVU8g91DrNRWxWUGhp5KXQb2VA==" ++ "integrity": "sha512-GsCCIZDE/p3i96vtEqx+7dBUGXrc7zeSK3wwPHIaRThS+9OhWIXRqzs4d6k1SVU8g91DrNRWxWUGhp5KXQb2VA==", ++ "license": "MIT" + }, + "node_modules/@types/node": { +- "version": "22.13.5", +- "resolved": "https://registry.npmjs.org/@types/node/-/node-22.13.5.tgz", +- "integrity": "sha512-+lTU0PxZXn0Dr1NBtC7Y8cR21AJr87dLLU953CWA6pMxxv/UDc7jYAY90upcrie1nRcD6XNG5HOYEDtgW5TxAg==", ++ "version": "25.0.1", ++ "resolved": "https://registry.npmjs.org/@types/node/-/node-25.0.1.tgz", ++ "integrity": "sha512-czWPzKIAXucn9PtsttxmumiQ9N0ok9FrBwgRWrwmVLlp86BrMExzvXRLFYRJ+Ex3g6yqj+KuaxfX1JTgV2lpfg==", ++ "license": "MIT", + "dependencies": { +- "undici-types": "~6.20.0" ++ "undici-types": "~7.16.0" + } + }, + "node_modules/@types/responselike": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/@types/responselike/-/responselike-1.0.3.tgz", + "integrity": "sha512-H/+L+UkTV33uf49PH5pCAUBVPNj2nDBXTN+qS1dOwyyg24l3CcicicCA7ca+HMvJBZcFgl5r8e+RR6elsb4Lyw==", ++ "license": "MIT", + "dependencies": { + "@types/node": "*" + } +@@ -334,20 +368,39 @@ + "node_modules/@types/triple-beam": { + "version": "1.3.5", + "resolved": "https://registry.npmjs.org/@types/triple-beam/-/triple-beam-1.3.5.tgz", +- "integrity": "sha512-6WaYesThRMCl19iryMYP7/x2OVgCtbIVflDGFpWnb9irXI3UjYE4AzmYuiUKY1AJstGijoY+MgUszMgRxIYTYw==" ++ "integrity": "sha512-6WaYesThRMCl19iryMYP7/x2OVgCtbIVflDGFpWnb9irXI3UjYE4AzmYuiUKY1AJstGijoY+MgUszMgRxIYTYw==", ++ "license": "MIT" + }, + "node_modules/@types/validator": { +- "version": "13.12.2", +- "resolved": "https://registry.npmjs.org/@types/validator/-/validator-13.12.2.tgz", +- "integrity": "sha512-6SlHBzUW8Jhf3liqrGGXyTJSIFe4nqlJ5A5KaMZ2l/vbM3Wh3KSybots/wfWVzNLK4D1NZluDlSQIbIEPx6oyA==" ++ "version": "13.15.10", ++ "resolved": "https://registry.npmjs.org/@types/validator/-/validator-13.15.10.tgz", ++ "integrity": "sha512-T8L6i7wCuyoK8A/ZeLYt1+q0ty3Zb9+qbSSvrIVitzT3YjZqkTZ40IbRsPanlB4h1QB3JVL1SYCdR6ngtFYcuA==", ++ "license": "MIT" ++ }, ++ "node_modules/@yuuang/ffi-rs-android-arm64": { ++ "version": "1.3.1", ++ "resolved": "https://registry.npmjs.org/@yuuang/ffi-rs-android-arm64/-/ffi-rs-android-arm64-1.3.1.tgz", ++ "integrity": "sha512-V4nmlXdOYZEa7GOxSExVG95SLp8FE0iTq2yKeN54UlfNMr3Sik+1Ff57LcCv7qYcn4TBqnBAt5rT3FAM6T6caQ==", ++ "cpu": [ ++ "arm64" ++ ], ++ "license": "MIT", ++ "optional": true, ++ "os": [ ++ "android" ++ ], ++ "engines": { ++ "node": ">= 12" ++ } + }, + "node_modules/@yuuang/ffi-rs-darwin-arm64": { +- "version": "1.2.6", +- "resolved": "https://registry.npmjs.org/@yuuang/ffi-rs-darwin-arm64/-/ffi-rs-darwin-arm64-1.2.6.tgz", +- "integrity": "sha512-5FaKDdROz6ajbcdYiMZSmTR/Kr6Rg6YSn870cTSLG2BboTD+1BAeyjXvjQVdUuWMtsxDAl09RS23359JrlxNAg==", ++ "version": "1.3.1", ++ "resolved": "https://registry.npmjs.org/@yuuang/ffi-rs-darwin-arm64/-/ffi-rs-darwin-arm64-1.3.1.tgz", ++ "integrity": "sha512-YlnTMIyzfW3mAULC5ZA774nzQfFlYXM0rrfq/8ZzWt+IMbYk55a++jrI+6JeKV+1EqlDS3TFBEFtjdBNG94KzQ==", + "cpu": [ + "arm64" + ], ++ "license": "MIT", + "optional": true, + "os": [ + "darwin" +@@ -357,12 +410,13 @@ + } + }, + "node_modules/@yuuang/ffi-rs-darwin-x64": { +- "version": "1.2.6", +- "resolved": "https://registry.npmjs.org/@yuuang/ffi-rs-darwin-x64/-/ffi-rs-darwin-x64-1.2.6.tgz", +- "integrity": "sha512-9gi39Ud3uVbs8z0nYVIk7b6a0z2sZq67G9XS90MRfEH48bNAGBi8sJ5TyP9LbbWdU9sK84VPEpOXFuNfBgw7iA==", ++ "version": "1.3.1", ++ "resolved": "https://registry.npmjs.org/@yuuang/ffi-rs-darwin-x64/-/ffi-rs-darwin-x64-1.3.1.tgz", ++ "integrity": "sha512-sI3LpQQ34SX4nyOHc5yxA7FSqs9qPEUMqW/y/wWo9cuyPpaHMFsi/BeOVYsnC0syp3FrY7gzn6RnD6PlXCktXg==", + "cpu": [ + "x64" + ], ++ "license": "MIT", + "optional": true, + "os": [ + "darwin" +@@ -372,12 +426,13 @@ + } + }, + "node_modules/@yuuang/ffi-rs-linux-arm-gnueabihf": { +- "version": "1.2.6", +- "resolved": "https://registry.npmjs.org/@yuuang/ffi-rs-linux-arm-gnueabihf/-/ffi-rs-linux-arm-gnueabihf-1.2.6.tgz", +- "integrity": "sha512-n5v5yyWIpjrVVVc3qVukkrINYbtTqTUBESun9EPi0y+zrXIUJhb3kFV5yA2y121ZOiLW2U+SdbcEbgt3TTjYgg==", ++ "version": "1.3.1", ++ "resolved": "https://registry.npmjs.org/@yuuang/ffi-rs-linux-arm-gnueabihf/-/ffi-rs-linux-arm-gnueabihf-1.3.1.tgz", ++ "integrity": "sha512-1WkcGkJTlwh4ZA59htKI+RXhiL3oKiYwLv7PO8LUf6FuADK73s5GcXp67iakKu243uYu+qGYr4RHco4ySddYhQ==", + "cpu": [ + "arm" + ], ++ "license": "MIT", + "optional": true, + "os": [ + "linux" +@@ -387,12 +442,13 @@ + } + }, + "node_modules/@yuuang/ffi-rs-linux-arm64-gnu": { +- "version": "1.2.6", +- "resolved": "https://registry.npmjs.org/@yuuang/ffi-rs-linux-arm64-gnu/-/ffi-rs-linux-arm64-gnu-1.2.6.tgz", +- "integrity": "sha512-WZ+xmk2uKW3W5BkQKCpOxXrz00Z6M3RwQ0BYoCXwyEXZryiiOHW/NHqI1E90u7P2FGRtJrXt9V7OLeR3N0j8lg==", ++ "version": "1.3.1", ++ "resolved": "https://registry.npmjs.org/@yuuang/ffi-rs-linux-arm64-gnu/-/ffi-rs-linux-arm64-gnu-1.3.1.tgz", ++ "integrity": "sha512-J2PwqviycZxaEVA0Bwv38LqGDGSB9A1DPN4iYginYJZSvTvKW8kh7Tis0HbZrX1YDKnY8hi3lt0N0tCTNPDH5Q==", + "cpu": [ + "arm64" + ], ++ "license": "MIT", + "optional": true, + "os": [ + "linux" +@@ -402,12 +458,13 @@ + } + }, + "node_modules/@yuuang/ffi-rs-linux-arm64-musl": { +- "version": "1.2.6", +- "resolved": "https://registry.npmjs.org/@yuuang/ffi-rs-linux-arm64-musl/-/ffi-rs-linux-arm64-musl-1.2.6.tgz", +- "integrity": "sha512-ec4x/PSLvXdgBNJx+zD5hBTBT7sYcn49RRT3sC7LfYxZf+FpPCHdHlctgbG5IzUF5vgye/i0q9NkBp4E7O0BdQ==", ++ "version": "1.3.1", ++ "resolved": "https://registry.npmjs.org/@yuuang/ffi-rs-linux-arm64-musl/-/ffi-rs-linux-arm64-musl-1.3.1.tgz", ++ "integrity": "sha512-Hn1W1hBPssTaqikU1Bqp1XUdDdOgbnYVIOtR++LVx66hhrtjf/xrIUQOhTm+NmOFDG16JUKXe1skfM4gpaqYwg==", + "cpu": [ + "arm64" + ], ++ "license": "MIT", + "optional": true, + "os": [ + "linux" +@@ -417,12 +474,13 @@ + } + }, + "node_modules/@yuuang/ffi-rs-linux-x64-gnu": { +- "version": "1.2.6", +- "resolved": "https://registry.npmjs.org/@yuuang/ffi-rs-linux-x64-gnu/-/ffi-rs-linux-x64-gnu-1.2.6.tgz", +- "integrity": "sha512-3C6+kex14DGaRtTTJx5jINlREVhg2U5iveoFvxvI9H1TcFjeTyzk1JvF/edrMz65LNGJgP/z44HeBgJ+k0GIXw==", ++ "version": "1.3.1", ++ "resolved": "https://registry.npmjs.org/@yuuang/ffi-rs-linux-x64-gnu/-/ffi-rs-linux-x64-gnu-1.3.1.tgz", ++ "integrity": "sha512-kW6e+oCYZPvpH2ppPsffA18e1aLowtmWTRjVlyHtY04g/nQDepQvDUkkcvInh9fW5jLna7PjHvktW1tVgYIj2A==", + "cpu": [ + "x64" + ], ++ "license": "MIT", + "optional": true, + "os": [ + "linux" +@@ -432,12 +490,13 @@ + } + }, + "node_modules/@yuuang/ffi-rs-linux-x64-musl": { +- "version": "1.2.6", +- "resolved": "https://registry.npmjs.org/@yuuang/ffi-rs-linux-x64-musl/-/ffi-rs-linux-x64-musl-1.2.6.tgz", +- "integrity": "sha512-Ap0icItMyCUW7CUig/Nx7qPRZtXs2gEjGFCunceoFUs+ZiXo3/PwYXGGLEJUWqGtUDIs3k20S+cjIIcYpEKi3g==", ++ "version": "1.3.1", ++ "resolved": "https://registry.npmjs.org/@yuuang/ffi-rs-linux-x64-musl/-/ffi-rs-linux-x64-musl-1.3.1.tgz", ++ "integrity": "sha512-HTwblAzruUS16nQPrez3ozvEHm1Xxh8J8w7rZYrpmAcNl1hzyOT8z/hY70M9Rt9fOqQ4Ovgor9qVy/U3ZJo0ZA==", + "cpu": [ + "x64" + ], ++ "license": "MIT", + "optional": true, + "os": [ + "linux" +@@ -447,12 +506,13 @@ + } + }, + "node_modules/@yuuang/ffi-rs-win32-arm64-msvc": { +- "version": "1.2.6", +- "resolved": "https://registry.npmjs.org/@yuuang/ffi-rs-win32-arm64-msvc/-/ffi-rs-win32-arm64-msvc-1.2.6.tgz", +- "integrity": "sha512-J8FQXcWiFOxJqYpsp97log0vr8sGA8KeuALwuPHEMvW/fiJtiN/ZOK8CwEHMcuDuS8U+IKDj05bQ4LuHeGEIKw==", ++ "version": "1.3.1", ++ "resolved": "https://registry.npmjs.org/@yuuang/ffi-rs-win32-arm64-msvc/-/ffi-rs-win32-arm64-msvc-1.3.1.tgz", ++ "integrity": "sha512-WeZkGl2BP1U4tRhEQH+FXLQS52N8obp74smK5AAGOfzPAT1pHkq6+dVkC1QCSIt7dHJs7SPtlnQw+5DkdZYlWA==", + "cpu": [ + "arm64" + ], ++ "license": "MIT", + "optional": true, + "os": [ + "win32" +@@ -462,13 +522,14 @@ + } + }, + "node_modules/@yuuang/ffi-rs-win32-ia32-msvc": { +- "version": "1.2.6", +- "resolved": "https://registry.npmjs.org/@yuuang/ffi-rs-win32-ia32-msvc/-/ffi-rs-win32-ia32-msvc-1.2.6.tgz", +- "integrity": "sha512-bQGNOlPUhMlrWT+XWPVSR2tItMgoWcrq8TxIaJOXWdqjAhDGySF2abyqeH3COw8CPn6Aebg6ptY1EHRfLH6LIQ==", ++ "version": "1.3.1", ++ "resolved": "https://registry.npmjs.org/@yuuang/ffi-rs-win32-ia32-msvc/-/ffi-rs-win32-ia32-msvc-1.3.1.tgz", ++ "integrity": "sha512-rNGgMeCH5mdeHiMiJgt7wWXovZ+FHEfXhU9p4zZBH4n8M1/QnEsRUwlapISPLpILSGpoYS6iBuq9/fUlZY8Mhg==", + "cpu": [ + "x64", + "ia32" + ], ++ "license": "MIT", + "optional": true, + "os": [ + "win32" +@@ -478,12 +539,13 @@ + } + }, + "node_modules/@yuuang/ffi-rs-win32-x64-msvc": { +- "version": "1.2.6", +- "resolved": "https://registry.npmjs.org/@yuuang/ffi-rs-win32-x64-msvc/-/ffi-rs-win32-x64-msvc-1.2.6.tgz", +- "integrity": "sha512-iSsA9K3z/UQk9WBJ82bPdDDy0017AspWuI3W601sR+UYn4tSGM3hB9Il7PN4D0fGaQarjdLa/Lq3WQOiBDi9eg==", ++ "version": "1.3.1", ++ "resolved": "https://registry.npmjs.org/@yuuang/ffi-rs-win32-x64-msvc/-/ffi-rs-win32-x64-msvc-1.3.1.tgz", ++ "integrity": "sha512-dr2LcLD2CXo2a7BktlOpV68QhayqiI112KxIJC9tBgQO/Dkdg4CPsdqmvzzLhFo64iC5RLl2BT7M5lJImrfUWw==", + "cpu": [ + "x64" + ], ++ "license": "MIT", + "optional": true, + "os": [ + "win32" +@@ -496,12 +558,14 @@ + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/abbrev/-/abbrev-1.1.1.tgz", + "integrity": "sha512-nne9/IiQ/hzIhY6pdDnbBtz7DjPTKrY00P/zvPSm5pOFkl6xuGrGnXn/VtTNNfNtAfZ9/1RtehkszU9qcTii0Q==", ++ "license": "ISC", + "optional": true + }, + "node_modules/accepts": { + "version": "1.3.8", + "resolved": "https://registry.npmjs.org/accepts/-/accepts-1.3.8.tgz", + "integrity": "sha512-PYAthTa2m2VKxuvSD3DPC/Gy+U+sOA1LAuT8mkmRuvw+NACSaeXEQ+NHcVF7rONl6qcaxV3Uuemwawk+7+SJLw==", ++ "license": "MIT", + "dependencies": { + "mime-types": "~2.1.34", + "negotiator": "0.6.3" +@@ -514,6 +578,7 @@ + "version": "6.0.2", + "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-6.0.2.tgz", + "integrity": "sha512-RZNwNclF7+MS/8bDg70amg32dyeZGZxiDuQmZxKLAlQjr3jGyLx+4Kkk58UO7D2QdgFIQCovuSuZESne6RG6XQ==", ++ "license": "MIT", + "optional": true, + "dependencies": { + "debug": "4" +@@ -523,9 +588,10 @@ + } + }, + "node_modules/agent-base/node_modules/debug": { +- "version": "4.4.0", +- "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.0.tgz", +- "integrity": "sha512-6WTZ/IxCY/T6BALoZHaE4ctp9xm+Z5kY/pzYaCHRFeyVhojxlrm+46y68HA6hr0TcwEssoxNiDEUJQjfPZ/RYA==", ++ "version": "4.4.3", ++ "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.3.tgz", ++ "integrity": "sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA==", ++ "license": "MIT", + "optional": true, + "dependencies": { + "ms": "^2.1.3" +@@ -543,12 +609,14 @@ + "version": "2.1.3", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", + "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==", ++ "license": "MIT", + "optional": true + }, + "node_modules/agentkeepalive": { + "version": "4.6.0", + "resolved": "https://registry.npmjs.org/agentkeepalive/-/agentkeepalive-4.6.0.tgz", + "integrity": "sha512-kja8j7PjmncONqaTsB8fQ+wE2mSU2DJ9D4XKoJ5PFWIdRMa6SLSN1ff4mOr4jCbfRSsxR4keIiySJU0N9T5hIQ==", ++ "license": "MIT", + "optional": true, + "dependencies": { + "humanize-ms": "^1.2.1" +@@ -561,6 +629,7 @@ + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/aggregate-error/-/aggregate-error-3.1.0.tgz", + "integrity": "sha512-4I7Td01quW/RpocfNayFdFVk1qSuoh0E7JrbRJ16nH01HhKFQ88INq9Sd+nd72zqRySlr9BmDA8xlEJ6vJMrYA==", ++ "license": "MIT", + "optional": true, + "dependencies": { + "clean-stack": "^2.0.0", +@@ -574,17 +643,23 @@ + "version": "8.17.1", + "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.17.1.tgz", + "integrity": "sha512-B/gBuNg5SiMTrPkC+A2+cW0RszwxYmn6VYxB/inlBStS5nx6xHIt/ehKRhIMhqusl7a8LjQoZnjCs5vhwxOQ1g==", ++ "license": "MIT", + "dependencies": { + "fast-deep-equal": "^3.1.3", + "fast-uri": "^3.0.1", + "json-schema-traverse": "^1.0.0", + "require-from-string": "^2.0.2" ++ }, ++ "funding": { ++ "type": "github", ++ "url": "https://github.com/sponsors/epoberezkin" + } + }, + "node_modules/ajv-draft-04": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/ajv-draft-04/-/ajv-draft-04-1.0.0.tgz", + "integrity": "sha512-mv00Te6nmYbRp5DCwclxtt7yV/joXJPGS7nM+97GdxvuttCOfgI3K4U25zboyeX0O+myI8ERluxQe5wljMmVIw==", ++ "license": "MIT", + "peerDependencies": { + "ajv": "^8.5.0" + }, +@@ -598,6 +673,7 @@ + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/ajv-formats/-/ajv-formats-2.1.1.tgz", + "integrity": "sha512-Wx0Kx52hxE7C18hkMEggYlEifqWZtYaRgouJor+WMdPnQyEK13vgEWyVNup7SoeeoLMsr4kf5h6dOW11I15MUA==", ++ "license": "MIT", + "dependencies": { + "ajv": "^8.0.0" + }, +@@ -614,15 +690,17 @@ + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz", + "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==", ++ "license": "MIT", + "optional": true, + "engines": { + "node": ">=8" + } + }, + "node_modules/aproba": { +- "version": "2.0.0", +- "resolved": "https://registry.npmjs.org/aproba/-/aproba-2.0.0.tgz", +- "integrity": "sha512-lYe4Gx7QT+MKGbDsA+Z+he/Wtef0BiwDOlK/XkBrdfsh9J/jPPXbX0tE9x9cl27Tmu5gg3QUbUrQYa/y+KOHPQ==", ++ "version": "2.1.0", ++ "resolved": "https://registry.npmjs.org/aproba/-/aproba-2.1.0.tgz", ++ "integrity": "sha512-tLIEcj5GuR2RSTnxNKdkK0dJ/GrC7P38sUkiDmDuHfsHmbagTFAxDVIBltoklXEVIQ/f14IL8IMJ5pn9Hez1Ew==", ++ "license": "ISC", + "optional": true + }, + "node_modules/are-we-there-yet": { +@@ -630,6 +708,7 @@ + "resolved": "https://registry.npmjs.org/are-we-there-yet/-/are-we-there-yet-3.0.1.tgz", + "integrity": "sha512-QZW4EDmGwlYur0Yyf/b2uGucHQMa8aFUP7eu9ddR73vvhFyt4V0Vl3QHPcTNJ8l6qYOBdxgXdnBXQrHilfRQBg==", + "deprecated": "This package is no longer supported.", ++ "license": "ISC", + "optional": true, + "dependencies": { + "delegates": "^1.0.0", +@@ -643,29 +722,28 @@ + "version": "1.0.10", + "resolved": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz", + "integrity": "sha512-o5Roy6tNG4SL/FOkCAN6RzjiakZS25RLYFrcMttJqbdd8BWrnA+fGz57iN5Pb06pvBGvl5gQ0B48dJlslXvoTg==", ++ "license": "MIT", + "dependencies": { + "sprintf-js": "~1.0.2" + } + }, +- "node_modules/argparse/node_modules/sprintf-js": { +- "version": "1.0.3", +- "resolved": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz", +- "integrity": "sha512-D9cPgkvLlV3t3IzL0D0YLvGA9Ahk4PcvVwUbN0dSGr1aP0Nrt4AEnTUbuGvquEC0mA64Gqt1fzirlRs5ibXx8g==" +- }, + "node_modules/array-flatten": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz", +- "integrity": "sha512-PCVAQswWemu6UdxsDFFX/+gVeYqKAod3D3UVm91jHwynguOwAvYPhx8nNlM++NqRcK6CxxpUafjmhIdKiHibqg==" ++ "integrity": "sha512-PCVAQswWemu6UdxsDFFX/+gVeYqKAod3D3UVm91jHwynguOwAvYPhx8nNlM++NqRcK6CxxpUafjmhIdKiHibqg==", ++ "license": "MIT" + }, + "node_modules/async": { + "version": "3.2.6", + "resolved": "https://registry.npmjs.org/async/-/async-3.2.6.tgz", +- "integrity": "sha512-htCUDlxyyCLMgaM3xXg0C0LW2xqfuQ6p05pCEIsXuyQ+a1koYKTuBMzRNwmybfLgvJDMd0r1LTn4+E0Ti6C2AA==" ++ "integrity": "sha512-htCUDlxyyCLMgaM3xXg0C0LW2xqfuQ6p05pCEIsXuyQ+a1koYKTuBMzRNwmybfLgvJDMd0r1LTn4+E0Ti6C2AA==", ++ "license": "MIT" + }, + "node_modules/async-hook-jl": { + "version": "1.7.6", + "resolved": "https://registry.npmjs.org/async-hook-jl/-/async-hook-jl-1.7.6.tgz", + "integrity": "sha512-gFaHkFfSxTjvoxDMYqDuGHlcRyUuamF8s+ZTtJdDzqjws4mCt7v0vuV79/E2Wr2/riMQgtG4/yUtXWs1gZ7JMg==", ++ "license": "MIT", + "dependencies": { + "stack-chain": "^1.3.7" + }, +@@ -677,6 +755,7 @@ + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/aws-ssl-profiles/-/aws-ssl-profiles-1.1.2.tgz", + "integrity": "sha512-NZKeq9AfyQvEeNlN0zSYAaWrmBffJh3IELMZfRpJVWgrpEbtEpnjvzqBPf+mxoI287JohRDoa+/nsfqqiZmF6g==", ++ "license": "MIT", + "engines": { + "node": ">= 6.0.0" + } +@@ -685,17 +764,34 @@ + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz", + "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==", ++ "license": "MIT", + "optional": true + }, + "node_modules/base64-js": { + "version": "1.5.1", + "resolved": "https://registry.npmjs.org/base64-js/-/base64-js-1.5.1.tgz", +- "integrity": "sha512-AKpaYlHn8t4SVbOHCy+b5+KKgvR4vrsD8vbvrbiQJps7fKDTkjkDry6ji0rUJjC0kzbNePLwzxq8iypo41qeWA==" ++ "integrity": "sha512-AKpaYlHn8t4SVbOHCy+b5+KKgvR4vrsD8vbvrbiQJps7fKDTkjkDry6ji0rUJjC0kzbNePLwzxq8iypo41qeWA==", ++ "funding": [ ++ { ++ "type": "github", ++ "url": "https://github.com/sponsors/feross" ++ }, ++ { ++ "type": "patreon", ++ "url": "https://www.patreon.com/feross" ++ }, ++ { ++ "type": "consulting", ++ "url": "https://feross.org/support" ++ } ++ ], ++ "license": "MIT" + }, + "node_modules/basic-auth": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/basic-auth/-/basic-auth-2.0.1.tgz", + "integrity": "sha512-NF+epuEdnUYVlGuhaxbbq+dvJttwLnGY+YixlXlME5KpQ5W3CnXA5cVTneY3SPbPDRkcjMbifrwmFYcClgOZeg==", ++ "license": "MIT", + "dependencies": { + "safe-buffer": "5.1.2" + }, +@@ -706,12 +802,14 @@ + "node_modules/basic-auth/node_modules/safe-buffer": { + "version": "5.1.2", + "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz", +- "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==" ++ "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==", ++ "license": "MIT" + }, + "node_modules/bindings": { + "version": "1.5.0", + "resolved": "https://registry.npmjs.org/bindings/-/bindings-1.5.0.tgz", + "integrity": "sha512-p2q/t/mhvuOj/UeLlV6566GD/guowlr0hHxClI0W9m7MWYkL1F0hLo+0Aexs9HSPCtR1SXQ0TD3MMKrXZajbiQ==", ++ "license": "MIT", + "dependencies": { + "file-uri-to-path": "1.0.0" + } +@@ -720,6 +818,7 @@ + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/bl/-/bl-4.1.0.tgz", + "integrity": "sha512-1W07cM9gS6DcLperZfFSj+bWLtaPGSOHWhPiGzXmvVJbRLdG82sH/Kn8EtW1VqWVA54AKf2h5k5BbnIbwF3h6w==", ++ "license": "MIT", + "dependencies": { + "buffer": "^5.5.0", + "inherits": "^2.0.4", +@@ -727,22 +826,23 @@ + } + }, + "node_modules/body-parser": { +- "version": "1.20.3", +- "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.3.tgz", +- "integrity": "sha512-7rAxByjUMqQ3/bHJy7D6OGXvx/MMc4IqBn/X0fcM1QUcAItpZrBEYhWGem+tzXH90c+G01ypMcYJBO9Y30203g==", ++ "version": "1.20.4", ++ "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.4.tgz", ++ "integrity": "sha512-ZTgYYLMOXY9qKU/57FAo8F+HA2dGX7bqGc71txDRC1rS4frdFI5R7NhluHxH6M0YItAP0sHB4uqAOcYKxO6uGA==", ++ "license": "MIT", + "dependencies": { +- "bytes": "3.1.2", ++ "bytes": "~3.1.2", + "content-type": "~1.0.5", + "debug": "2.6.9", + "depd": "2.0.0", +- "destroy": "1.2.0", +- "http-errors": "2.0.0", +- "iconv-lite": "0.4.24", +- "on-finished": "2.4.1", +- "qs": "6.13.0", +- "raw-body": "2.5.2", ++ "destroy": "~1.2.0", ++ "http-errors": "~2.0.1", ++ "iconv-lite": "~0.4.24", ++ "on-finished": "~2.4.1", ++ "qs": "~6.14.0", ++ "raw-body": "~2.5.3", + "type-is": "~1.6.18", +- "unpipe": "1.0.0" ++ "unpipe": "~1.0.0" + }, + "engines": { + "node": ">= 0.8", +@@ -764,6 +864,7 @@ + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz", + "integrity": "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==", ++ "license": "MIT", + "dependencies": { + "fill-range": "^7.1.1" + }, +@@ -775,6 +876,21 @@ + "version": "5.7.1", + "resolved": "https://registry.npmjs.org/buffer/-/buffer-5.7.1.tgz", + "integrity": "sha512-EHcyIPBQ4BSGlvjB16k5KgAJ27CIsHY/2JBmCRReo48y9rQ3MaUzWX3KVlBa4U7MyX02HdVj0K7C3WaB3ju7FQ==", ++ "funding": [ ++ { ++ "type": "github", ++ "url": "https://github.com/sponsors/feross" ++ }, ++ { ++ "type": "patreon", ++ "url": "https://www.patreon.com/feross" ++ }, ++ { ++ "type": "consulting", ++ "url": "https://feross.org/support" ++ } ++ ], ++ "license": "MIT", + "dependencies": { + "base64-js": "^1.3.1", + "ieee754": "^1.1.13" +@@ -784,6 +900,7 @@ + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/bytes/-/bytes-3.1.2.tgz", + "integrity": "sha512-/Nf7TyzTx6S3yRJObOAV7956r8cr2+Oj8AC5dt8wSP3BQAoeX58NoHyCU8P8zGkNXStjTSi6fzO6F0pBdcYbEg==", ++ "license": "MIT", + "engines": { + "node": ">= 0.8" + } +@@ -792,6 +909,7 @@ + "version": "15.3.0", + "resolved": "https://registry.npmjs.org/cacache/-/cacache-15.3.0.tgz", + "integrity": "sha512-VVdYzXEn+cnbXpFgWs5hTT7OScegHVmLhJIR8Ufqk3iFD6A6j5iSX1KuBTfNEv4tdJWE2PzA6IVFtcLC7fN9wQ==", ++ "license": "ISC", + "optional": true, + "dependencies": { + "@npmcli/fs": "^1.0.0", +@@ -817,22 +935,11 @@ + "node": ">= 10" + } + }, +- "node_modules/cacache/node_modules/lru-cache": { +- "version": "6.0.0", +- "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz", +- "integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==", +- "optional": true, +- "dependencies": { +- "yallist": "^4.0.0" +- }, +- "engines": { +- "node": ">=10" +- } +- }, + "node_modules/cacheable-lookup": { + "version": "5.0.4", + "resolved": "https://registry.npmjs.org/cacheable-lookup/-/cacheable-lookup-5.0.4.tgz", + "integrity": "sha512-2/kNscPhpcxrOigMZzbiWF7dz8ilhb/nIHU3EyZiXWXpeq/au8qJ8VhdftMkty3n7Gj6HIGalQG8oiBNB3AJgA==", ++ "license": "MIT", + "engines": { + "node": ">=10.6.0" + } +@@ -841,6 +948,7 @@ + "version": "7.0.4", + "resolved": "https://registry.npmjs.org/cacheable-request/-/cacheable-request-7.0.4.tgz", + "integrity": "sha512-v+p6ongsrp0yTGbJXjgxPow2+DL93DASP4kXCDKb8/bwRtt9OEF3whggkkDkGNzgcWy2XaF4a8nZglC7uElscg==", ++ "license": "MIT", + "dependencies": { + "clone-response": "^1.0.2", + "get-stream": "^5.1.0", +@@ -858,6 +966,7 @@ + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/call-bind-apply-helpers/-/call-bind-apply-helpers-1.0.2.tgz", + "integrity": "sha512-Sp1ablJ0ivDkSzjcaJdxEunN5/XvksFJ2sMBFfq6x0ryhQV/2b/KwFe21cMpmHtPOSij8K99/wSfoEuTObmuMQ==", ++ "license": "MIT", + "dependencies": { + "es-errors": "^1.3.0", + "function-bind": "^1.1.2" +@@ -867,21 +976,26 @@ + } + }, + "node_modules/call-bound": { +- "version": "1.0.3", +- "resolved": "https://registry.npmjs.org/call-bound/-/call-bound-1.0.3.tgz", +- "integrity": "sha512-YTd+6wGlNlPxSuri7Y6X8tY2dmm12UMH66RpKMhiX6rsk5wXXnYgbUcOt8kiS31/AjfoTOvCsE+w8nZQLQnzHA==", ++ "version": "1.0.4", ++ "resolved": "https://registry.npmjs.org/call-bound/-/call-bound-1.0.4.tgz", ++ "integrity": "sha512-+ys997U96po4Kx/ABpBCqhA9EuxJaQWDQg7295H4hBphv3IZg0boBKuwYpt4YXp6MZ5AmZQnU/tyMTlRpaSejg==", ++ "license": "MIT", + "dependencies": { +- "call-bind-apply-helpers": "^1.0.1", +- "get-intrinsic": "^1.2.6" ++ "call-bind-apply-helpers": "^1.0.2", ++ "get-intrinsic": "^1.3.0" + }, + "engines": { + "node": ">= 0.4" ++ }, ++ "funding": { ++ "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/caw": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/caw/-/caw-2.0.1.tgz", + "integrity": "sha512-Cg8/ZSBEa8ZVY9HspcGUYaK63d/bN7rqS3CYCzEGUxuYv6UlmcjzDUz2fCFFHyTvUW5Pk0I+3hkA3iXlIj6guA==", ++ "license": "MIT", + "dependencies": { + "get-proxy": "^2.0.0", + "isurl": "^1.0.0-alpha5", +@@ -896,6 +1010,7 @@ + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/chownr/-/chownr-2.0.0.tgz", + "integrity": "sha512-bIomtDF5KGpdogkLd9VspvFzk9KfpyyGlS8YFVZl7TGPBHL5snIOnxeshwVgPteQ9b4Eydl+pVbIyE1DcvCWgQ==", ++ "license": "ISC", + "engines": { + "node": ">=10" + } +@@ -904,6 +1019,7 @@ + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/clean-stack/-/clean-stack-2.2.0.tgz", + "integrity": "sha512-4diC9HaTE+KRAMWhDhrGOECgWZxoevMc5TlkObMqNSsVU62PYzXZ/SMTjzyGAFF1YusgxGcSWTEXBhp0CPwQ1A==", ++ "license": "MIT", + "optional": true, + "engines": { + "node": ">=6" +@@ -913,14 +1029,19 @@ + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/clone-response/-/clone-response-1.0.3.tgz", + "integrity": "sha512-ROoL94jJH2dUVML2Y/5PEDNaSHgeOdSDicUyS7izcF63G6sTc/FTjLub4b8Il9S8S0beOfYt0TaA5qvFK+w0wA==", ++ "license": "MIT", + "dependencies": { + "mimic-response": "^1.0.0" ++ }, ++ "funding": { ++ "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/cls-hooked": { + "version": "4.2.2", + "resolved": "https://registry.npmjs.org/cls-hooked/-/cls-hooked-4.2.2.tgz", + "integrity": "sha512-J4Xj5f5wq/4jAvcdgoGsL3G103BtWpZrMo8NEinRltN+xpTZdI+M38pyQqhuFU/P792xkMFvnKSf+Lm81U1bxw==", ++ "license": "BSD-2-Clause", + "dependencies": { + "async-hook-jl": "^1.7.6", + "emitter-listener": "^1.0.1", +@@ -931,64 +1052,73 @@ + } + }, + "node_modules/color": { +- "version": "3.2.1", +- "resolved": "https://registry.npmjs.org/color/-/color-3.2.1.tgz", +- "integrity": "sha512-aBl7dZI9ENN6fUGC7mWpMTPNHmWUSNan9tuWN6ahh5ZLNk9baLJOnSMlrQkHcrfFgz2/RigjUVAjdx36VcemKA==", ++ "version": "5.0.3", ++ "resolved": "https://registry.npmjs.org/color/-/color-5.0.3.tgz", ++ "integrity": "sha512-ezmVcLR3xAVp8kYOm4GS45ZLLgIE6SPAFoduLr6hTDajwb3KZ2F46gulK3XpcwRFb5KKGCSezCBAY4Dw4HsyXA==", ++ "license": "MIT", + "dependencies": { +- "color-convert": "^1.9.3", +- "color-string": "^1.6.0" ++ "color-convert": "^3.1.3", ++ "color-string": "^2.1.3" ++ }, ++ "engines": { ++ "node": ">=18" + } + }, + "node_modules/color-convert": { +- "version": "1.9.3", +- "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz", +- "integrity": "sha512-QfAUtd+vFdAtFQcC8CCyYt1fYWxSqAiK2cSD6zDB8N3cpsEBAvRxp9zOGg6G/SHHJYAT88/az/IuDGALsNVbGg==", ++ "version": "3.1.3", ++ "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-3.1.3.tgz", ++ "integrity": "sha512-fasDH2ont2GqF5HpyO4w0+BcewlhHEZOFn9c1ckZdHpJ56Qb7MHhH/IcJZbBGgvdtwdwNbLvxiBEdg336iA9Sg==", ++ "license": "MIT", + "dependencies": { +- "color-name": "1.1.3" ++ "color-name": "^2.0.0" ++ }, ++ "engines": { ++ "node": ">=14.6" + } + }, + "node_modules/color-name": { +- "version": "1.1.3", +- "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz", +- "integrity": "sha512-72fSenhMw2HZMTVHeCA9KCmpEIbzWiQsjN+BHcBbS9vr1mtt+vJjPdksIBNUmKAW8TFUDPJK5SUU3QhE9NEXDw==" ++ "version": "2.1.0", ++ "resolved": "https://registry.npmjs.org/color-name/-/color-name-2.1.0.tgz", ++ "integrity": "sha512-1bPaDNFm0axzE4MEAzKPuqKWeRaT43U/hyxKPBdqTfmPF+d6n7FSoTFxLVULUJOmiLp01KjhIPPH+HrXZJN4Rg==", ++ "license": "MIT", ++ "engines": { ++ "node": ">=12.20" ++ } + }, + "node_modules/color-string": { +- "version": "1.9.1", +- "resolved": "https://registry.npmjs.org/color-string/-/color-string-1.9.1.tgz", +- "integrity": "sha512-shrVawQFojnZv6xM40anx4CkoDP+fZsw/ZerEMsW/pyzsRbElpsL/DBVW7q3ExxwusdNXI3lXpuhEZkzs8p5Eg==", ++ "version": "2.1.4", ++ "resolved": "https://registry.npmjs.org/color-string/-/color-string-2.1.4.tgz", ++ "integrity": "sha512-Bb6Cq8oq0IjDOe8wJmi4JeNn763Xs9cfrBcaylK1tPypWzyoy2G3l90v9k64kjphl/ZJjPIShFztenRomi8WTg==", ++ "license": "MIT", + "dependencies": { +- "color-name": "^1.0.0", +- "simple-swizzle": "^0.2.2" ++ "color-name": "^2.0.0" ++ }, ++ "engines": { ++ "node": ">=18" + } + }, + "node_modules/color-support": { + "version": "1.1.3", + "resolved": "https://registry.npmjs.org/color-support/-/color-support-1.1.3.tgz", + "integrity": "sha512-qiBjkpbMLO/HL68y+lh4q0/O1MZFj2RX6X/KmMa3+gJD3z+WwI1ZzDHysvqHGS3mP6mznPckpXmw1nI9cJjyRg==", ++ "license": "ISC", + "optional": true, + "bin": { + "color-support": "bin.js" + } + }, +- "node_modules/colorspace": { +- "version": "1.1.4", +- "resolved": "https://registry.npmjs.org/colorspace/-/colorspace-1.1.4.tgz", +- "integrity": "sha512-BgvKJiuVu1igBUF2kEjRCZXol6wiiGbY5ipL/oVPwm0BL9sIpMIzM8IK7vwuxIIzOXMV3Ey5w+vxhm0rR/TN8w==", +- "dependencies": { +- "color": "^3.1.3", +- "text-hex": "1.0.x" +- } +- }, + "node_modules/concat-map": { + "version": "0.0.1", + "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz", + "integrity": "sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg==", ++ "license": "MIT", + "optional": true + }, + "node_modules/config": { + "version": "3.3.12", + "resolved": "https://registry.npmjs.org/config/-/config-3.3.12.tgz", + "integrity": "sha512-Vmx389R/QVM3foxqBzXO8t2tUikYZP64Q6vQxGrsMpREeJc/aWRnPRERXWsYzOHAumx/AOoILWe6nU3ZJL+6Sw==", ++ "license": "MIT", + "dependencies": { + "json5": "^2.2.3" + }, +@@ -1000,6 +1130,7 @@ + "version": "1.1.13", + "resolved": "https://registry.npmjs.org/config-chain/-/config-chain-1.1.13.tgz", + "integrity": "sha512-qj+f8APARXHrM0hraqXYb2/bOVSV4PvJQlNZ/DVj0QrmNM2q2euizkeuVckQ57J+W0mRH6Hvi+k50M4Jul2VRQ==", ++ "license": "MIT", + "dependencies": { + "ini": "^1.3.4", + "proto-list": "~1.2.1" +@@ -1009,12 +1140,14 @@ + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/console-control-strings/-/console-control-strings-1.1.0.tgz", + "integrity": "sha512-ty/fTekppD2fIwRvnZAVdeOiGd1c7YXEixbgJTNzqcxJWKQnjJ/V1bNEEE6hygpM3WjwHFUVK6HTjWSzV4a8sQ==", ++ "license": "ISC", + "optional": true + }, + "node_modules/content-disposition": { + "version": "0.5.4", + "resolved": "https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.4.tgz", + "integrity": "sha512-FveZTNuGw04cxlAiWbzi6zTAL/lhehaWbTtgluJh4/E95DqMwTmha3KZN1aAWA8cFIhHzMZUvLevkw5Rqk+tSQ==", ++ "license": "MIT", + "dependencies": { + "safe-buffer": "5.2.1" + }, +@@ -1026,27 +1159,31 @@ + "version": "1.0.5", + "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.5.tgz", + "integrity": "sha512-nTjqfcBFEipKdXCv4YDQWCfmcLZKm81ldF0pAopTvyrFGVbcR6P/VAAd5G7N+0tTr8QqiU0tFadD6FK4NtJwOA==", ++ "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/cookie": { +- "version": "0.7.1", +- "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.7.1.tgz", +- "integrity": "sha512-6DnInpx7SJ2AK3+CTUE/ZM0vWTUboZCegxhC2xiIydHR9jNuTAASBrfEpHhiGOZw/nX51bHt6YQl8jsGo4y/0w==", ++ "version": "0.7.2", ++ "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.7.2.tgz", ++ "integrity": "sha512-yki5XnKuf750l50uGTllt6kKILY4nQ1eNIQatoXEByZ5dWgnKqbnqmTrBE5B4N7lrMJKQ2ytWMiTO2o0v6Ew/w==", ++ "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/cookie-signature": { +- "version": "1.0.6", +- "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz", +- "integrity": "sha512-QADzlaHc8icV8I7vbaJXJwod9HWYp8uCqf1xa4OfNu1T7JVxQIrUgOWtHdNDtPiywmFbiS12VjotIXLrKM3orQ==" ++ "version": "1.0.7", ++ "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.7.tgz", ++ "integrity": "sha512-NXdYc3dLr47pBkpUCHtKSwIOQXLVn8dZEuywboCOJY/osA0wFSLlSawr3KN8qXJEyX66FcONTH8EIlVuK0yyFA==", ++ "license": "MIT" + }, + "node_modules/cron-parser": { + "version": "4.9.0", + "resolved": "https://registry.npmjs.org/cron-parser/-/cron-parser-4.9.0.tgz", + "integrity": "sha512-p0SaNjrHOnQeR8/VnfGbmg9te2kfyYSQ7Sc/j/6DtPL3JQvKxmjO9TSjNFpujqV3vEYYBvNNvXSxzyksBWAx1Q==", ++ "license": "MIT", + "dependencies": { + "luxon": "^3.2.1" + }, +@@ -1058,6 +1195,7 @@ + "version": "2.6.9", + "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", ++ "license": "MIT", + "dependencies": { + "ms": "2.0.0" + } +@@ -1066,25 +1204,34 @@ + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/decompress-response/-/decompress-response-6.0.0.tgz", + "integrity": "sha512-aW35yZM6Bb/4oJlZncMH2LCoZtJXTRxES17vE3hoRiowU2kWHaJKFkSBDnDR+cm9J+9QhXmREyIfv0pji9ejCQ==", ++ "license": "MIT", + "dependencies": { + "mimic-response": "^3.1.0" + }, + "engines": { + "node": ">=10" ++ }, ++ "funding": { ++ "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/decompress-response/node_modules/mimic-response": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/mimic-response/-/mimic-response-3.1.0.tgz", + "integrity": "sha512-z0yWI+4FDrrweS8Zmt4Ej5HdJmky15+L2e6Wgn3+iK5fWzb6T3fhNFq2+MeTRb064c6Wr4N/wv0DzQTjNzHNGQ==", ++ "license": "MIT", + "engines": { + "node": ">=10" ++ }, ++ "funding": { ++ "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/deep-extend": { + "version": "0.6.0", + "resolved": "https://registry.npmjs.org/deep-extend/-/deep-extend-0.6.0.tgz", + "integrity": "sha512-LOHxIOaPYdHlJRtCQfDIVZtfw/ufM8+rVj649RIHzcm/vGwQRXFt6OPqIFWsm2XEMrNIEtWR64sY1LEKD2vAOA==", ++ "license": "MIT", + "engines": { + "node": ">=4.0.0" + } +@@ -1093,6 +1240,7 @@ + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/defer-to-connect/-/defer-to-connect-2.0.1.tgz", + "integrity": "sha512-4tvttepXG1VaYGrRibk5EwJd1t4udunSOVMdLSAL6mId1ix438oPwPZMALY41FCijukO1L0twNcGsdzS7dHgDg==", ++ "license": "MIT", + "engines": { + "node": ">=10" + } +@@ -1101,12 +1249,14 @@ + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/delegates/-/delegates-1.0.0.tgz", + "integrity": "sha512-bd2L678uiWATM6m5Z1VzNCErI3jiGzt6HGY8OVICs40JQq/HALfbyNJmp0UDakEY4pMMaN0Ly5om/B1VI/+xfQ==", ++ "license": "MIT", + "optional": true + }, + "node_modules/denque": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/denque/-/denque-2.1.0.tgz", + "integrity": "sha512-HVQE3AAb/pxF8fQAoiqpvg9i3evqug3hoiwakOyZAwJm+6vZehbkYXZ0l4JxS+I3QxM97v5aaRNhj8v5oBhekw==", ++ "license": "Apache-2.0", + "engines": { + "node": ">=0.10" + } +@@ -1115,6 +1265,7 @@ + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/depd/-/depd-2.0.0.tgz", + "integrity": "sha512-g7nH6P6dyDioJogAAGprGpCtVImJhpPk/roCzdb3fIh61/s/nPsfR6onyMwkCAR/OlC3yBC0lESvUoQEAssIrw==", ++ "license": "MIT", + "engines": { + "node": ">= 0.8" + } +@@ -1123,15 +1274,17 @@ + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/destroy/-/destroy-1.2.0.tgz", + "integrity": "sha512-2sJGJTaXIIaR1w4iJSNoN0hnMY7Gpc/n8D4qSCJw8QqFWXf7cuAgnEHxBpweaVcPevC2l3KpjYCx3NypQQgaJg==", ++ "license": "MIT", + "engines": { + "node": ">= 0.8", + "npm": "1.2.8000 || >= 1.4.16" + } + }, + "node_modules/detect-libc": { +- "version": "2.0.3", +- "resolved": "https://registry.npmjs.org/detect-libc/-/detect-libc-2.0.3.tgz", +- "integrity": "sha512-bwy0MGW55bG41VqxxypOsdSdGqLwXPI/focwgTYCFMbdUiBAxLg9CFzG08sz2aqzknwiX7Hkl0bQENjg8iLByw==", ++ "version": "2.1.2", ++ "resolved": "https://registry.npmjs.org/detect-libc/-/detect-libc-2.1.2.tgz", ++ "integrity": "sha512-Btj2BOOO83o3WyH59e8MgXsxEQVcarkUOpEYrubB0urwnN10yQ364rsiByU11nZlqWYZm05i/of7io4mzihBtQ==", ++ "license": "Apache-2.0", + "engines": { + "node": ">=8" + } +@@ -1139,12 +1292,14 @@ + "node_modules/dottie": { + "version": "2.0.6", + "resolved": "https://registry.npmjs.org/dottie/-/dottie-2.0.6.tgz", +- "integrity": "sha512-iGCHkfUc5kFekGiqhe8B/mdaurD+lakO9txNnTvKtA6PISrw86LgqHvRzWYPyoE2Ph5aMIrCw9/uko6XHTKCwA==" ++ "integrity": "sha512-iGCHkfUc5kFekGiqhe8B/mdaurD+lakO9txNnTvKtA6PISrw86LgqHvRzWYPyoE2Ph5aMIrCw9/uko6XHTKCwA==", ++ "license": "MIT" + }, + "node_modules/dunder-proto": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/dunder-proto/-/dunder-proto-1.0.1.tgz", + "integrity": "sha512-KIN/nDJBQRcXw0MLVhZE9iQHmG68qAVIBg9CqmUYjmQIhgij9U5MFvrqkUL5FbtyyzZuOeOt0zdeRe4UY7ct+A==", ++ "license": "MIT", + "dependencies": { + "call-bind-apply-helpers": "^1.0.1", + "es-errors": "^1.3.0", +@@ -1157,12 +1312,14 @@ + "node_modules/ee-first": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz", +- "integrity": "sha512-WMwm9LhRUo+WUaRN+vRuETqG89IgZphVSNkdFgeb6sS/E4OrDIN7t48CAewSHXc6C8lefD8KKfr5vY61brQlow==" ++ "integrity": "sha512-WMwm9LhRUo+WUaRN+vRuETqG89IgZphVSNkdFgeb6sS/E4OrDIN7t48CAewSHXc6C8lefD8KKfr5vY61brQlow==", ++ "license": "MIT" + }, + "node_modules/emitter-listener": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/emitter-listener/-/emitter-listener-1.1.2.tgz", + "integrity": "sha512-Bt1sBAGFHY9DKY+4/2cV6izcKJUf5T7/gkdmkxzX/qv9CcGH8xSwVRW5mtX03SWJtRTWSOpzCuWN9rBFYZepZQ==", ++ "license": "BSD-2-Clause", + "dependencies": { + "shimmer": "^1.2.0" + } +@@ -1171,25 +1328,32 @@ + "version": "0.13.1", + "resolved": "https://registry.npmjs.org/emittery/-/emittery-0.13.1.tgz", + "integrity": "sha512-DeWwawk6r5yR9jFgnDKYt4sLS0LmHJJi3ZOnb5/JdbYwj3nW+FxQnHIjhBKz8YLC7oRNPVM9NQ47I3CVx34eqQ==", ++ "license": "MIT", + "engines": { + "node": ">=12" ++ }, ++ "funding": { ++ "url": "https://github.com/sindresorhus/emittery?sponsor=1" + } + }, + "node_modules/emoji-regex": { + "version": "8.0.0", + "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz", + "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==", ++ "license": "MIT", + "optional": true + }, + "node_modules/enabled": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/enabled/-/enabled-2.0.0.tgz", +- "integrity": "sha512-AKrN98kuwOzMIdAizXGI86UFBoo26CL21UM763y1h/GMSJ4/OHU9k2YlsmBpyScFo/wbLzWQJBMCW4+IO3/+OQ==" ++ "integrity": "sha512-AKrN98kuwOzMIdAizXGI86UFBoo26CL21UM763y1h/GMSJ4/OHU9k2YlsmBpyScFo/wbLzWQJBMCW4+IO3/+OQ==", ++ "license": "MIT" + }, + "node_modules/encodeurl": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-2.0.0.tgz", + "integrity": "sha512-Q0n9HRi4m6JuGIV1eFlmvJB7ZEVxu93IrMyiMsGC0lrMJMWzRgx6WGquyfQgZVb31vhGgXnfmPNNXmxnOkRBrg==", ++ "license": "MIT", + "engines": { + "node": ">= 0.8" + } +@@ -1198,6 +1362,7 @@ + "version": "0.1.13", + "resolved": "https://registry.npmjs.org/encoding/-/encoding-0.1.13.tgz", + "integrity": "sha512-ETBauow1T35Y/WZMkio9jiM0Z5xjHHmJ4XmjZOq1l/dXz3lr2sRn87nJy20RupqSh1F2m3HHPSp8ShIPQJrJ3A==", ++ "license": "MIT", + "optional": true, + "dependencies": { + "iconv-lite": "^0.6.2" +@@ -1207,6 +1372,7 @@ + "version": "0.6.3", + "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.6.3.tgz", + "integrity": "sha512-4fCk79wshMdzMp2rH06qWrJE4iolqLhCUH+OiuIgU++RB0+94NlDL81atO7GX55uUKueo0txHNtvEyI6D7WdMw==", ++ "license": "MIT", + "optional": true, + "dependencies": { + "safer-buffer": ">= 2.1.2 < 3.0.0" +@@ -1216,9 +1382,10 @@ + } + }, + "node_modules/end-of-stream": { +- "version": "1.4.4", +- "resolved": "https://registry.npmjs.org/end-of-stream/-/end-of-stream-1.4.4.tgz", +- "integrity": "sha512-+uw1inIHVPQoaVuHzRyXd21icM+cnt4CzD5rW+NC1wjOUSTOs+Te7FOv7AhN7vS9x/oIyhLP5PR1H+phQAHu5Q==", ++ "version": "1.4.5", ++ "resolved": "https://registry.npmjs.org/end-of-stream/-/end-of-stream-1.4.5.tgz", ++ "integrity": "sha512-ooEGc6HP26xXq/N+GCGOT0JKCLDGrq2bQUZrQ7gyrJiZANJ/8YDTxTpQBXGMn+WbIQXNVpyWymm7KYVICQnyOg==", ++ "license": "MIT", + "dependencies": { + "once": "^1.4.0" + } +@@ -1227,6 +1394,7 @@ + "version": "2.2.1", + "resolved": "https://registry.npmjs.org/env-paths/-/env-paths-2.2.1.tgz", + "integrity": "sha512-+h1lkLKhZMTYjog1VEpJNG7NZJWcuc2DDk/qsqSTRRCOXiLjeQ1d1/udrUGhqMxUgAlwKNZ0cf2uqan5GLuS2A==", ++ "license": "MIT", + "optional": true, + "engines": { + "node": ">=6" +@@ -1236,12 +1404,14 @@ + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/err-code/-/err-code-2.0.3.tgz", + "integrity": "sha512-2bmlRpNKBxT/CRmPOlyISQpNj+qSeYvcym/uT0Jx2bMOlKLtSy1ZmLuVxSEKKyor/N5yhvp/ZiG1oE3DEYMSFA==", ++ "license": "MIT", + "optional": true + }, + "node_modules/es-define-property": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/es-define-property/-/es-define-property-1.0.1.tgz", + "integrity": "sha512-e3nRfgfUZ4rNGL232gUgX06QNyyez04KdjFrF+LTRoOXmrOgFKDg4BCdsjW8EnT69eqdYGmRpJwiPVYNrCaW3g==", ++ "license": "MIT", + "engines": { + "node": ">= 0.4" + } +@@ -1250,6 +1420,7 @@ + "version": "1.3.0", + "resolved": "https://registry.npmjs.org/es-errors/-/es-errors-1.3.0.tgz", + "integrity": "sha512-Zf5H2Kxt2xjTvbJvP2ZWLEICxA6j+hAmMzIlypy4xcBg1vKVnx89Wy0GbS+kf5cwCVFFzdCFh2XSCFNULS6csw==", ++ "license": "MIT", + "engines": { + "node": ">= 0.4" + } +@@ -1258,6 +1429,7 @@ + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/es-object-atoms/-/es-object-atoms-1.1.1.tgz", + "integrity": "sha512-FGgH2h8zKNim9ljj7dankFPcICIK9Cp5bm+c2gQSYePhpaG5+esrLODihIorn+Pe6FGJzWhXQotPv73jTaldXA==", ++ "license": "MIT", + "dependencies": { + "es-errors": "^1.3.0" + }, +@@ -1268,12 +1440,14 @@ + "node_modules/escape-html": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz", +- "integrity": "sha512-NiSupZ4OeuGwr68lGIeym/ksIZMJodUGOSCZ/FSnTxcrekbvqrgdUxlJOMpijaKZVjAJrWrGs/6Jy8OMuyj9ow==" ++ "integrity": "sha512-NiSupZ4OeuGwr68lGIeym/ksIZMJodUGOSCZ/FSnTxcrekbvqrgdUxlJOMpijaKZVjAJrWrGs/6Jy8OMuyj9ow==", ++ "license": "MIT" + }, + "node_modules/etag": { + "version": "1.8.1", + "resolved": "https://registry.npmjs.org/etag/-/etag-1.8.1.tgz", + "integrity": "sha512-aIL5Fx7mawVa300al2BnEE4iNvo1qETxLrPI/o05L7z6go7fCw1J6EQmbK4FmJ2AS7kgVF/KEZWufBfdClMcPg==", ++ "license": "MIT", + "engines": { + "node": ">= 0.6" + } +@@ -1282,60 +1456,68 @@ + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/expand-template/-/expand-template-2.0.3.tgz", + "integrity": "sha512-XYfuKMvj4O35f/pOXLObndIRvyQ+/+6AhODh+OKWj9S9498pHHn/IMszH+gt0fBCRWMNfk1ZSp5x3AifmnI2vg==", ++ "license": "(MIT OR WTFPL)", + "engines": { + "node": ">=6" + } + }, + "node_modules/express": { +- "version": "4.21.2", +- "resolved": "https://registry.npmjs.org/express/-/express-4.21.2.tgz", +- "integrity": "sha512-28HqgMZAmih1Czt9ny7qr6ek2qddF4FclbMzwhCREB6OFfH+rXAnuNCwo1/wFvrtbgsQDb4kSbX9de9lFbrXnA==", ++ "version": "4.22.1", ++ "resolved": "https://registry.npmjs.org/express/-/express-4.22.1.tgz", ++ "integrity": "sha512-F2X8g9P1X7uCPZMA3MVf9wcTqlyNp7IhH5qPCI0izhaOIYXaW9L535tGA3qmjRzpH+bZczqq7hVKxTR4NWnu+g==", ++ "license": "MIT", + "dependencies": { + "accepts": "~1.3.8", + "array-flatten": "1.1.1", +- "body-parser": "1.20.3", +- "content-disposition": "0.5.4", ++ "body-parser": "~1.20.3", ++ "content-disposition": "~0.5.4", + "content-type": "~1.0.4", +- "cookie": "0.7.1", +- "cookie-signature": "1.0.6", ++ "cookie": "~0.7.1", ++ "cookie-signature": "~1.0.6", + "debug": "2.6.9", + "depd": "2.0.0", + "encodeurl": "~2.0.0", + "escape-html": "~1.0.3", + "etag": "~1.8.1", +- "finalhandler": "1.3.1", +- "fresh": "0.5.2", +- "http-errors": "2.0.0", ++ "finalhandler": "~1.3.1", ++ "fresh": "~0.5.2", ++ "http-errors": "~2.0.0", + "merge-descriptors": "1.0.3", + "methods": "~1.1.2", +- "on-finished": "2.4.1", ++ "on-finished": "~2.4.1", + "parseurl": "~1.3.3", +- "path-to-regexp": "0.1.12", ++ "path-to-regexp": "~0.1.12", + "proxy-addr": "~2.0.7", +- "qs": "6.13.0", ++ "qs": "~6.14.0", + "range-parser": "~1.2.1", + "safe-buffer": "5.2.1", +- "send": "0.19.0", +- "serve-static": "1.16.2", ++ "send": "~0.19.0", ++ "serve-static": "~1.16.2", + "setprototypeof": "1.2.0", +- "statuses": "2.0.1", ++ "statuses": "~2.0.1", + "type-is": "~1.6.18", + "utils-merge": "1.0.1", + "vary": "~1.1.2" + }, + "engines": { + "node": ">= 0.10.0" ++ }, ++ "funding": { ++ "type": "opencollective", ++ "url": "https://opencollective.com/express" + } + }, + "node_modules/fast-deep-equal": { + "version": "3.1.3", + "resolved": "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz", +- "integrity": "sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q==" ++ "integrity": "sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q==", ++ "license": "MIT" + }, + "node_modules/fast-glob": { + "version": "3.3.3", + "resolved": "https://registry.npmjs.org/fast-glob/-/fast-glob-3.3.3.tgz", + "integrity": "sha512-7MptL8U0cqcFdzIzwOTHoilX9x5BrNqye7Z/LuC7kCMRio1EMSyqRK3BEAUD7sXRq4iT4AzTVuZdhgQ2TCvYLg==", ++ "license": "MIT", + "dependencies": { + "@nodelib/fs.stat": "^2.0.2", + "@nodelib/fs.walk": "^1.2.3", +@@ -1348,14 +1530,26 @@ + } + }, + "node_modules/fast-uri": { +- "version": "3.0.6", +- "resolved": "https://registry.npmjs.org/fast-uri/-/fast-uri-3.0.6.tgz", +- "integrity": "sha512-Atfo14OibSv5wAp4VWNsFYE1AchQRTv9cBGWET4pZWHzYshFSS9NQI6I57rdKn9croWVMbYFbLhJ+yJvmZIIHw==" ++ "version": "3.1.0", ++ "resolved": "https://registry.npmjs.org/fast-uri/-/fast-uri-3.1.0.tgz", ++ "integrity": "sha512-iPeeDKJSWf4IEOasVVrknXpaBV0IApz/gp7S2bb7Z4Lljbl2MGJRqInZiUrQwV16cpzw/D3S5j5Julj/gT52AA==", ++ "funding": [ ++ { ++ "type": "github", ++ "url": "https://github.com/sponsors/fastify" ++ }, ++ { ++ "type": "opencollective", ++ "url": "https://opencollective.com/fastify" ++ } ++ ], ++ "license": "BSD-3-Clause" + }, + "node_modules/fastq": { + "version": "1.19.1", + "resolved": "https://registry.npmjs.org/fastq/-/fastq-1.19.1.tgz", + "integrity": "sha512-GwLTyxkCXjXbxqIhTsMI2Nui8huMPtnxg7krajPJAjnEG/iiOS7i+zCtWGZR9G0NBKbXKh6X9m9UIsYX/N6vvQ==", ++ "license": "ISC", + "dependencies": { + "reusify": "^1.0.4" + } +@@ -1363,34 +1557,39 @@ + "node_modules/fecha": { + "version": "4.2.3", + "resolved": "https://registry.npmjs.org/fecha/-/fecha-4.2.3.tgz", +- "integrity": "sha512-OP2IUU6HeYKJi3i0z4A19kHMQoLVs4Hc+DPqqxI2h/DPZHTm/vjsfC6P0b4jCMy14XizLBqvndQ+UilD7707Jw==" ++ "integrity": "sha512-OP2IUU6HeYKJi3i0z4A19kHMQoLVs4Hc+DPqqxI2h/DPZHTm/vjsfC6P0b4jCMy14XizLBqvndQ+UilD7707Jw==", ++ "license": "MIT" + }, + "node_modules/ffi-rs": { +- "version": "1.2.6", +- "resolved": "https://registry.npmjs.org/ffi-rs/-/ffi-rs-1.2.6.tgz", +- "integrity": "sha512-YQN2NbBxcCOSUu3CtRU8QctSWxDppfCaCmGZqFV65RlCTacLmHS5xUuAX7cl+8iI+XNz6zTCxk2m2/n5RY4w7g==", ++ "version": "1.3.1", ++ "resolved": "https://registry.npmjs.org/ffi-rs/-/ffi-rs-1.3.1.tgz", ++ "integrity": "sha512-ZyNXL9fnclnZV+waQmWB9JrfbIEyxQa1OWtMrHOrAgcC04PgP5hBMG5TdhVN8N4uT/eul8zCFMVnJUukAFFlXA==", ++ "license": "MIT", + "optionalDependencies": { +- "@yuuang/ffi-rs-darwin-arm64": "1.2.6", +- "@yuuang/ffi-rs-darwin-x64": "1.2.6", +- "@yuuang/ffi-rs-linux-arm-gnueabihf": "1.2.6", +- "@yuuang/ffi-rs-linux-arm64-gnu": "1.2.6", +- "@yuuang/ffi-rs-linux-arm64-musl": "1.2.6", +- "@yuuang/ffi-rs-linux-x64-gnu": "1.2.6", +- "@yuuang/ffi-rs-linux-x64-musl": "1.2.6", +- "@yuuang/ffi-rs-win32-arm64-msvc": "1.2.6", +- "@yuuang/ffi-rs-win32-ia32-msvc": "1.2.6", +- "@yuuang/ffi-rs-win32-x64-msvc": "1.2.6" ++ "@yuuang/ffi-rs-android-arm64": "1.3.1", ++ "@yuuang/ffi-rs-darwin-arm64": "1.3.1", ++ "@yuuang/ffi-rs-darwin-x64": "1.3.1", ++ "@yuuang/ffi-rs-linux-arm-gnueabihf": "1.3.1", ++ "@yuuang/ffi-rs-linux-arm64-gnu": "1.3.1", ++ "@yuuang/ffi-rs-linux-arm64-musl": "1.3.1", ++ "@yuuang/ffi-rs-linux-x64-gnu": "1.3.1", ++ "@yuuang/ffi-rs-linux-x64-musl": "1.3.1", ++ "@yuuang/ffi-rs-win32-arm64-msvc": "1.3.1", ++ "@yuuang/ffi-rs-win32-ia32-msvc": "1.3.1", ++ "@yuuang/ffi-rs-win32-x64-msvc": "1.3.1" + } + }, + "node_modules/file-uri-to-path": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/file-uri-to-path/-/file-uri-to-path-1.0.0.tgz", +- "integrity": "sha512-0Zt+s3L7Vf1biwWZ29aARiVYLx7iMGnEUl9x33fbB/j3jR81u/O2LbqK+Bm1CDSNDKVtJ/YjwY7TUd5SkeLQLw==" ++ "integrity": "sha512-0Zt+s3L7Vf1biwWZ29aARiVYLx7iMGnEUl9x33fbB/j3jR81u/O2LbqK+Bm1CDSNDKVtJ/YjwY7TUd5SkeLQLw==", ++ "license": "MIT" + }, + "node_modules/fill-range": { + "version": "7.1.1", + "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz", + "integrity": "sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==", ++ "license": "MIT", + "dependencies": { + "to-regex-range": "^5.0.1" + }, +@@ -1399,16 +1598,17 @@ + } + }, + "node_modules/finalhandler": { +- "version": "1.3.1", +- "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.3.1.tgz", +- "integrity": "sha512-6BN9trH7bp3qvnrRyzsBz+g3lZxTNZTbVO2EV1CS0WIcDbawYVdYvGflME/9QP0h0pYlCDBCTjYa9nZzMDpyxQ==", ++ "version": "1.3.2", ++ "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.3.2.tgz", ++ "integrity": "sha512-aA4RyPcd3badbdABGDuTXCMTtOneUCAYH/gxoYRTZlIJdF0YPWuGqiAsIrhNnnqdXGswYk6dGujem4w80UJFhg==", ++ "license": "MIT", + "dependencies": { + "debug": "2.6.9", + "encodeurl": "~2.0.0", + "escape-html": "~1.0.3", +- "on-finished": "2.4.1", ++ "on-finished": "~2.4.1", + "parseurl": "~1.3.3", +- "statuses": "2.0.1", ++ "statuses": "~2.0.2", + "unpipe": "~1.0.0" + }, + "engines": { +@@ -1418,12 +1618,14 @@ + "node_modules/fn.name": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/fn.name/-/fn.name-1.1.0.tgz", +- "integrity": "sha512-GRnmB5gPyJpAhTQdSZTSp9uaPSvl09KoYcMQtsB9rQoOmzs9dH6ffeccH+Z+cv6P68Hu5bC6JjRh4Ah/mHSNRw==" ++ "integrity": "sha512-GRnmB5gPyJpAhTQdSZTSp9uaPSvl09KoYcMQtsB9rQoOmzs9dH6ffeccH+Z+cv6P68Hu5bC6JjRh4Ah/mHSNRw==", ++ "license": "MIT" + }, + "node_modules/forwarded": { + "version": "0.2.0", + "resolved": "https://registry.npmjs.org/forwarded/-/forwarded-0.2.0.tgz", + "integrity": "sha512-buRG0fpBtRHSTCOASe6hD258tEubFoRLb4ZNA6NxMVHNw2gOcwHo9wyablzMzOA5z9xA9L1KNjk/Nt6MT9aYow==", ++ "license": "MIT", + "engines": { + "node": ">= 0.6" + } +@@ -1432,6 +1634,7 @@ + "version": "0.5.2", + "resolved": "https://registry.npmjs.org/fresh/-/fresh-0.5.2.tgz", + "integrity": "sha512-zJ2mQYM18rEFOudeV4GShTGIQ7RbzA7ozbU9I/XBpm7kqgMywgmylMwXHxZJmkVoYkna9d2pVXVXPdYTP9ej8Q==", ++ "license": "MIT", + "engines": { + "node": ">= 0.6" + } +@@ -1439,12 +1642,14 @@ + "node_modules/fs-constants": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/fs-constants/-/fs-constants-1.0.0.tgz", +- "integrity": "sha512-y6OAwoSIf7FyjMIv94u+b5rdheZEjzR63GTyZJm5qh4Bi+2YgwLCcI/fPFZkL5PSixOt6ZNKm+w+Hfp/Bciwow==" ++ "integrity": "sha512-y6OAwoSIf7FyjMIv94u+b5rdheZEjzR63GTyZJm5qh4Bi+2YgwLCcI/fPFZkL5PSixOt6ZNKm+w+Hfp/Bciwow==", ++ "license": "MIT" + }, + "node_modules/fs-extra": { +- "version": "11.3.0", +- "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-11.3.0.tgz", +- "integrity": "sha512-Z4XaCL6dUDHfP/jT25jJKMmtxvuwbkrD1vNSMFlo9lNLY2c5FHYSQgHPRZUjAB26TpDEoW9HCOgplrdbaPV/ew==", ++ "version": "11.3.2", ++ "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-11.3.2.tgz", ++ "integrity": "sha512-Xr9F6z6up6Ws+NjzMCZc6WXg2YFRlrLP9NQDO3VQrWrfiojdhS56TzueT88ze0uBdCTwEIhQ3ptnmKeWGFAe0A==", ++ "license": "MIT", + "dependencies": { + "graceful-fs": "^4.2.0", + "jsonfile": "^6.0.1", +@@ -1458,6 +1663,7 @@ + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/fs-minipass/-/fs-minipass-2.1.0.tgz", + "integrity": "sha512-V/JgOLFCS+R6Vcq0slCuaeWEdNC3ouDlJMNIsacH2VtALiu9mV4LPrHc5cDl8k5aw6J8jwgWWpiTo5RYhmIzvg==", ++ "license": "ISC", + "dependencies": { + "minipass": "^3.0.0" + }, +@@ -1469,18 +1675,24 @@ + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz", + "integrity": "sha512-OO0pH2lK6a0hZnAdau5ItzHPI6pUlvI7jMVnxUQRtw4owF2wk8lOSabtGDCTP4Ggrg2MbGnWO9X8K1t4+fGMDw==", ++ "license": "ISC", + "optional": true + }, + "node_modules/function-bind": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz", +- "integrity": "sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA==" ++ "integrity": "sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA==", ++ "license": "MIT", ++ "funding": { ++ "url": "https://github.com/sponsors/ljharb" ++ } + }, + "node_modules/gauge": { + "version": "4.0.4", + "resolved": "https://registry.npmjs.org/gauge/-/gauge-4.0.4.tgz", + "integrity": "sha512-f9m+BEN5jkg6a0fZjleidjN51VE1X+mPFQ2DJ0uv1V39oCLCbsGe6yjbBnp7eK7z/+GAon99a3nHuqbuuthyPg==", + "deprecated": "This package is no longer supported.", ++ "license": "ISC", + "optional": true, + "dependencies": { + "aproba": "^1.0.3 || ^2.0.0", +@@ -1500,6 +1712,7 @@ + "version": "2.3.1", + "resolved": "https://registry.npmjs.org/generate-function/-/generate-function-2.3.1.tgz", + "integrity": "sha512-eeB5GfMNeevm/GRYq20ShmsaGcmI81kIX2K9XQx5miC8KdHaC6Jm0qQ8ZNeGOi7wYB8OsdxKs+Y2oVuTFuVwKQ==", ++ "license": "MIT", + "dependencies": { + "is-property": "^1.0.2" + } +@@ -1508,6 +1721,7 @@ + "version": "1.3.0", + "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.3.0.tgz", + "integrity": "sha512-9fSjSaos/fRIVIp+xSJlE6lfwhES7LNtKaCBIamHsjr2na1BiABJPo0mOjjz8GJDURarmCPGqaiVg5mfjb98CQ==", ++ "license": "MIT", + "dependencies": { + "call-bind-apply-helpers": "^1.0.2", + "es-define-property": "^1.0.1", +@@ -1522,12 +1736,16 @@ + }, + "engines": { + "node": ">= 0.4" ++ }, ++ "funding": { ++ "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/get-proto": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/get-proto/-/get-proto-1.0.1.tgz", + "integrity": "sha512-sTSfBjoXBp89JvIKIefqw7U2CCebsc74kiY6awiGogKtoSGbgjYE/G/+l9sF3MWFPNc9IcoOC4ODfKHfxFmp0g==", ++ "license": "MIT", + "dependencies": { + "dunder-proto": "^1.0.1", + "es-object-atoms": "^1.0.0" +@@ -1540,6 +1758,7 @@ + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/get-proxy/-/get-proxy-2.1.0.tgz", + "integrity": "sha512-zmZIaQTWnNQb4R4fJUEp/FC51eZsc6EkErspy3xtIYStaq8EB/hDIWipxsal+E8rz0qD7f2sL/NA9Xee4RInJw==", ++ "license": "MIT", + "dependencies": { + "npm-conf": "^1.1.0" + }, +@@ -1551,23 +1770,29 @@ + "version": "5.2.0", + "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-5.2.0.tgz", + "integrity": "sha512-nBF+F1rAZVCu/p7rjzgA+Yb4lfYXrpl7a6VmJrU8wF9I1CKvP/QwPNZHnOlwbTkY6dvtFIzFMSyQXbLoTQPRpA==", ++ "license": "MIT", + "dependencies": { + "pump": "^3.0.0" + }, + "engines": { + "node": ">=8" ++ }, ++ "funding": { ++ "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/github-from-package": { + "version": "0.0.0", + "resolved": "https://registry.npmjs.org/github-from-package/-/github-from-package-0.0.0.tgz", +- "integrity": "sha512-SyHy3T1v2NUXn29OsWdxmK6RwHD+vkj3v8en8AOBZ1wBQ/hCAQ5bAQTD02kW4W9tUp/3Qh6J8r9EvntiyCmOOw==" ++ "integrity": "sha512-SyHy3T1v2NUXn29OsWdxmK6RwHD+vkj3v8en8AOBZ1wBQ/hCAQ5bAQTD02kW4W9tUp/3Qh6J8r9EvntiyCmOOw==", ++ "license": "MIT" + }, + "node_modules/glob": { + "version": "7.2.3", + "resolved": "https://registry.npmjs.org/glob/-/glob-7.2.3.tgz", + "integrity": "sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q==", + "deprecated": "Glob versions prior to v9 are no longer supported", ++ "license": "ISC", + "optional": true, + "dependencies": { + "fs.realpath": "^1.0.0", +@@ -1579,12 +1804,16 @@ + }, + "engines": { + "node": "*" ++ }, ++ "funding": { ++ "url": "https://github.com/sponsors/isaacs" + } + }, + "node_modules/glob-parent": { + "version": "5.1.2", + "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz", + "integrity": "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==", ++ "license": "ISC", + "dependencies": { + "is-glob": "^4.0.1" + }, +@@ -1596,14 +1825,19 @@ + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/gopd/-/gopd-1.2.0.tgz", + "integrity": "sha512-ZUKRh6/kUFoAiTAtTYPZJ3hw9wNxx+BIBOijnlG9PnrJsCcSjs1wyyD6vJpaYtgnzDrKYRSqf3OO6Rfa93xsRg==", ++ "license": "MIT", + "engines": { + "node": ">= 0.4" ++ }, ++ "funding": { ++ "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/got": { + "version": "11.8.6", + "resolved": "https://registry.npmjs.org/got/-/got-11.8.6.tgz", + "integrity": "sha512-6tfZ91bOr7bOXnK7PRDCGBLa1H4U080YHNaAQ2KsMGlLEzRbk44nsZF2E1IeRc3vtJHPVbKCYgdFbaGO2ljd8g==", ++ "license": "MIT", + "dependencies": { + "@sindresorhus/is": "^4.0.0", + "@szmarczak/http-timer": "^4.0.5", +@@ -1619,17 +1853,22 @@ + }, + "engines": { + "node": ">=10.19.0" ++ }, ++ "funding": { ++ "url": "https://github.com/sindresorhus/got?sponsor=1" + } + }, + "node_modules/graceful-fs": { + "version": "4.2.11", + "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.11.tgz", +- "integrity": "sha512-RbJ5/jmFcNNCcDV5o9eTnBLJ/HszWV0P73bc+Ff4nS/rJj+YaS6IGyiOL0VoBYX+l1Wrl3k63h/KrH+nhJ0XvQ==" ++ "integrity": "sha512-RbJ5/jmFcNNCcDV5o9eTnBLJ/HszWV0P73bc+Ff4nS/rJj+YaS6IGyiOL0VoBYX+l1Wrl3k63h/KrH+nhJ0XvQ==", ++ "license": "ISC" + }, + "node_modules/has-flag": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz", + "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==", ++ "license": "MIT", + "engines": { + "node": ">=8" + } +@@ -1638,6 +1877,7 @@ + "version": "1.4.2", + "resolved": "https://registry.npmjs.org/has-symbol-support-x/-/has-symbol-support-x-1.4.2.tgz", + "integrity": "sha512-3ToOva++HaW+eCpgqZrCfN51IPB+7bJNVT6CUATzueB5Heb8o6Nam0V3HG5dlDvZU1Gn5QLcbahiKw/XVk5JJw==", ++ "license": "MIT", + "engines": { + "node": "*" + } +@@ -1646,14 +1886,19 @@ + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.1.0.tgz", + "integrity": "sha512-1cDNdwJ2Jaohmb3sg4OmKaMBwuC48sYni5HUw2DvsC8LjGTLK9h+eb1X6RyuOHe4hT0ULCW68iomhjUoKUqlPQ==", ++ "license": "MIT", + "engines": { + "node": ">= 0.4" ++ }, ++ "funding": { ++ "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/has-to-string-tag-x": { + "version": "1.4.1", + "resolved": "https://registry.npmjs.org/has-to-string-tag-x/-/has-to-string-tag-x-1.4.1.tgz", + "integrity": "sha512-vdbKfmw+3LoOYVr+mtxHaX5a96+0f3DljYd8JOqvOLsf5mw2Otda2qCDT9qRqLAhrjyQ0h7ual5nOiASpsGNFw==", ++ "license": "MIT", + "dependencies": { + "has-symbol-support-x": "^1.4.1" + }, +@@ -1665,12 +1910,14 @@ + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/has-unicode/-/has-unicode-2.0.1.tgz", + "integrity": "sha512-8Rf9Y83NBReMnx0gFzA8JImQACstCYWUplepDa9xprwwtmgEZUF0h/i5xSA625zB/I37EtrswSST6OXxwaaIJQ==", ++ "license": "ISC", + "optional": true + }, + "node_modules/hasown": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.2.tgz", + "integrity": "sha512-0hJU9SCPvmMzIBdZFqNPXWa6dqh7WdH0cII9y+CyS8rG3nL48Bclra9HmKhVVUHyPWNH5Y7xDwAB7bfgSjkUMQ==", ++ "license": "MIT", + "dependencies": { + "function-bind": "^1.1.2" + }, +@@ -1679,29 +1926,36 @@ + } + }, + "node_modules/http-cache-semantics": { +- "version": "4.1.1", +- "resolved": "https://registry.npmjs.org/http-cache-semantics/-/http-cache-semantics-4.1.1.tgz", +- "integrity": "sha512-er295DKPVsV82j5kw1Gjt+ADA/XYHsajl82cGNQG2eyoPkvgUhX+nDIyelzhIWbbsXP39EHcI6l5tYs2FYqYXQ==" ++ "version": "4.2.0", ++ "resolved": "https://registry.npmjs.org/http-cache-semantics/-/http-cache-semantics-4.2.0.tgz", ++ "integrity": "sha512-dTxcvPXqPvXBQpq5dUr6mEMJX4oIEFv6bwom3FDwKRDsuIjjJGANqhBuoAn9c1RQJIdAKav33ED65E2ys+87QQ==", ++ "license": "BSD-2-Clause" + }, + "node_modules/http-errors": { +- "version": "2.0.0", +- "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-2.0.0.tgz", +- "integrity": "sha512-FtwrG/euBzaEjYeRqOgly7G0qviiXoJWnvEH2Z1plBdXgbyjv34pHTSb9zoeHMyDy33+DWy5Wt9Wo+TURtOYSQ==", ++ "version": "2.0.1", ++ "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-2.0.1.tgz", ++ "integrity": "sha512-4FbRdAX+bSdmo4AUFuS0WNiPz8NgFt+r8ThgNWmlrjQjt1Q7ZR9+zTlce2859x4KSXrwIsaeTqDoKQmtP8pLmQ==", ++ "license": "MIT", + "dependencies": { +- "depd": "2.0.0", +- "inherits": "2.0.4", +- "setprototypeof": "1.2.0", +- "statuses": "2.0.1", +- "toidentifier": "1.0.1" ++ "depd": "~2.0.0", ++ "inherits": "~2.0.4", ++ "setprototypeof": "~1.2.0", ++ "statuses": "~2.0.2", ++ "toidentifier": "~1.0.1" + }, + "engines": { + "node": ">= 0.8" ++ }, ++ "funding": { ++ "type": "opencollective", ++ "url": "https://opencollective.com/express" + } + }, + "node_modules/http-proxy-agent": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/http-proxy-agent/-/http-proxy-agent-4.0.1.tgz", + "integrity": "sha512-k0zdNgqWTGA6aeIRVpvfVob4fL52dTfaehylg0Y4UvSySvOq/Y+BOyPrgpUrA7HylqvU8vIZGsRuXmspskV0Tg==", ++ "license": "MIT", + "optional": true, + "dependencies": { + "@tootallnate/once": "1", +@@ -1713,9 +1967,10 @@ + } + }, + "node_modules/http-proxy-agent/node_modules/debug": { +- "version": "4.4.0", +- "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.0.tgz", +- "integrity": "sha512-6WTZ/IxCY/T6BALoZHaE4ctp9xm+Z5kY/pzYaCHRFeyVhojxlrm+46y68HA6hr0TcwEssoxNiDEUJQjfPZ/RYA==", ++ "version": "4.4.3", ++ "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.3.tgz", ++ "integrity": "sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA==", ++ "license": "MIT", + "optional": true, + "dependencies": { + "ms": "^2.1.3" +@@ -1733,12 +1988,14 @@ + "version": "2.1.3", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", + "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==", ++ "license": "MIT", + "optional": true + }, + "node_modules/http2-wrapper": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/http2-wrapper/-/http2-wrapper-1.0.3.tgz", + "integrity": "sha512-V+23sDMr12Wnz7iTcDeJr3O6AIxlnvT/bmaAAAP/Xda35C90p9599p0F1eHR/N1KILWSoWVAiOMFjBBXaXSMxg==", ++ "license": "MIT", + "dependencies": { + "quick-lru": "^5.1.1", + "resolve-alpn": "^1.0.0" +@@ -1751,6 +2008,7 @@ + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-5.0.1.tgz", + "integrity": "sha512-dFcAjpTQFgoLMzC2VwU+C/CbS7uRL0lWmxDITmqm7C+7F0Odmj6s9l6alZc6AELXhrnggM2CeWSXHGOdX2YtwA==", ++ "license": "MIT", + "optional": true, + "dependencies": { + "agent-base": "6", +@@ -1761,9 +2019,10 @@ + } + }, + "node_modules/https-proxy-agent/node_modules/debug": { +- "version": "4.4.0", +- "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.0.tgz", +- "integrity": "sha512-6WTZ/IxCY/T6BALoZHaE4ctp9xm+Z5kY/pzYaCHRFeyVhojxlrm+46y68HA6hr0TcwEssoxNiDEUJQjfPZ/RYA==", ++ "version": "4.4.3", ++ "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.3.tgz", ++ "integrity": "sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA==", ++ "license": "MIT", + "optional": true, + "dependencies": { + "ms": "^2.1.3" +@@ -1781,12 +2040,14 @@ + "version": "2.1.3", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", + "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==", ++ "license": "MIT", + "optional": true + }, + "node_modules/humanize-ms": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/humanize-ms/-/humanize-ms-1.2.1.tgz", + "integrity": "sha512-Fl70vYtsAFb/C06PTS9dZBo7ihau+Tu/DNCk/OyHhea07S+aeMWpFFkUaXRa8fI+ScZbEI8dfSxwY7gxZ9SAVQ==", ++ "license": "MIT", + "optional": true, + "dependencies": { + "ms": "^2.0.0" +@@ -1796,6 +2057,7 @@ + "version": "0.4.24", + "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.24.tgz", + "integrity": "sha512-v3MXnZAcvnywkTUEZomIActle7RXXeedOR31wwl7VlyoXO4Qi9arvSenNQWne1TcRwhCL1HwLI21bEqdpj8/rA==", ++ "license": "MIT", + "dependencies": { + "safer-buffer": ">= 2.1.2 < 3" + }, +@@ -1806,12 +2068,28 @@ + "node_modules/ieee754": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/ieee754/-/ieee754-1.2.1.tgz", +- "integrity": "sha512-dcyqhDvX1C46lXZcVqCpK+FtMRQVdIMN6/Df5js2zouUsqG7I6sFxitIC+7KYK29KdXOLHdu9zL4sFnoVQnqaA==" ++ "integrity": "sha512-dcyqhDvX1C46lXZcVqCpK+FtMRQVdIMN6/Df5js2zouUsqG7I6sFxitIC+7KYK29KdXOLHdu9zL4sFnoVQnqaA==", ++ "funding": [ ++ { ++ "type": "github", ++ "url": "https://github.com/sponsors/feross" ++ }, ++ { ++ "type": "patreon", ++ "url": "https://www.patreon.com/feross" ++ }, ++ { ++ "type": "consulting", ++ "url": "https://feross.org/support" ++ } ++ ], ++ "license": "BSD-3-Clause" + }, + "node_modules/import-lazy": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/import-lazy/-/import-lazy-4.0.0.tgz", + "integrity": "sha512-rKtvo6a868b5Hu3heneU+L4yEQ4jYKLtjpnPeUdK7h0yzXGmyBTypknlkCvHFBqfX9YlorEiMM6Dnq/5atfHkw==", ++ "license": "MIT", + "engines": { + "node": ">=8" + } +@@ -1820,6 +2098,7 @@ + "version": "0.1.4", + "resolved": "https://registry.npmjs.org/imurmurhash/-/imurmurhash-0.1.4.tgz", + "integrity": "sha512-JmXMZ6wuvDmLiHEml9ykzqO6lwFbof0GG4IkcGaENdCRDDmMVnny7s5HsIgHCbaq0w2MyPhDqkhTUgS2LU2PHA==", ++ "license": "MIT", + "optional": true, + "engines": { + "node": ">=0.8.19" +@@ -1829,6 +2108,7 @@ + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/indent-string/-/indent-string-4.0.0.tgz", + "integrity": "sha512-EdDDZu4A2OyIK7Lr/2zG+w5jmbuk1DVBnEwREQvBzspBJkCEbRa8GxU1lghYcaGJCnRWibjDXlq779X1/y5xwg==", ++ "license": "MIT", + "optional": true, + "engines": { + "node": ">=8" +@@ -1838,6 +2118,7 @@ + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/infer-owner/-/infer-owner-1.0.4.tgz", + "integrity": "sha512-IClj+Xz94+d7irH5qRyfJonOdfTzuDaifE6ZPWfx0N0+/ATZCbuTPq2prFl526urkQd90WyUKIh1DfBQ2hMz9A==", ++ "license": "ISC", + "optional": true + }, + "node_modules/inflection": { +@@ -1846,13 +2127,15 @@ + "integrity": "sha512-6I/HUDeYFfuNCVS3td055BaXBwKYuzw7K3ExVMStBowKo9oOAMJIXIHvdyR3iboTCp1b+1i5DSkIZTcwIktuDw==", + "engines": [ + "node >= 0.4.0" +- ] ++ ], ++ "license": "MIT" + }, + "node_modules/inflight": { + "version": "1.0.6", + "resolved": "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz", + "integrity": "sha512-k92I/b08q4wvFscXCLvqfsHCrjrF7yiXsQuIVvVE7N82W3+aqpzuUdBbfhWcy/FZR3/4IgflMgKLOsvPDrGCJA==", + "deprecated": "This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.", ++ "license": "ISC", + "optional": true, + "dependencies": { + "once": "^1.3.0", +@@ -1862,22 +2145,21 @@ + "node_modules/inherits": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz", +- "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==" ++ "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==", ++ "license": "ISC" + }, + "node_modules/ini": { + "version": "1.3.8", + "resolved": "https://registry.npmjs.org/ini/-/ini-1.3.8.tgz", +- "integrity": "sha512-JV/yugV2uzW5iMRSiZAyDtQd+nxtUnjeLt0acNdw98kKLrvuRVyB80tsREOE7yvGVgalhZ6RNXCmEHkUKBKxew==" ++ "integrity": "sha512-JV/yugV2uzW5iMRSiZAyDtQd+nxtUnjeLt0acNdw98kKLrvuRVyB80tsREOE7yvGVgalhZ6RNXCmEHkUKBKxew==", ++ "license": "ISC" + }, + "node_modules/ip-address": { +- "version": "9.0.5", +- "resolved": "https://registry.npmjs.org/ip-address/-/ip-address-9.0.5.tgz", +- "integrity": "sha512-zHtQzGojZXTwZTHQqra+ETKd4Sn3vgi7uBmlPoXVWZqYvuKmtI0l/VZTjqGmJY9x88GGOaZ9+G9ES8hC4T4X8g==", ++ "version": "10.1.0", ++ "resolved": "https://registry.npmjs.org/ip-address/-/ip-address-10.1.0.tgz", ++ "integrity": "sha512-XXADHxXmvT9+CRxhXg56LJovE+bmWnEWB78LB83VZTprKTmaC5QfruXocxzTZ2Kl0DNwKuBdlIhjL8LeY8Sf8Q==", ++ "license": "MIT", + "optional": true, +- "dependencies": { +- "jsbn": "1.1.0", +- "sprintf-js": "^1.1.3" +- }, + "engines": { + "node": ">= 12" + } +@@ -1886,30 +2168,31 @@ + "version": "1.9.1", + "resolved": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.1.tgz", + "integrity": "sha512-0KI/607xoxSToH7GjN1FfSbLoU0+btTicjsQSWQlh/hZykN8KpmMf7uYwPW3R+akZ6R/w18ZlXSHBYXiYUPO3g==", ++ "license": "MIT", + "engines": { + "node": ">= 0.10" + } + }, +- "node_modules/is-arrayish": { +- "version": "0.3.2", +- "resolved": "https://registry.npmjs.org/is-arrayish/-/is-arrayish-0.3.2.tgz", +- "integrity": "sha512-eVRqCvVlZbuw3GrM63ovNSNAeA1K16kaR/LRY/92w0zxQ5/1YzwblUX652i4Xs9RwAGjW9d9y6X88t8OaAJfWQ==" +- }, + "node_modules/is-core-module": { + "version": "2.16.1", + "resolved": "https://registry.npmjs.org/is-core-module/-/is-core-module-2.16.1.tgz", + "integrity": "sha512-UfoeMA6fIJ8wTYFEUjelnaGI67v6+N7qXJEvQuIGa99l4xsCruSYOVSQ0uPANn4dAzm8lkYPaKLrrijLq7x23w==", ++ "license": "MIT", + "dependencies": { + "hasown": "^2.0.2" + }, + "engines": { + "node": ">= 0.4" ++ }, ++ "funding": { ++ "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/is-extglob": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz", + "integrity": "sha512-SbKbANkN603Vi4jEZv49LeVJMn4yGwsbzZworEoyEiutsN3nJYdbO36zfhGJ6QEDpOZIFkDtnq5JRxmvl3jsoQ==", ++ "license": "MIT", + "engines": { + "node": ">=0.10.0" + } +@@ -1918,6 +2201,7 @@ + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz", + "integrity": "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==", ++ "license": "MIT", + "optional": true, + "engines": { + "node": ">=8" +@@ -1927,6 +2211,7 @@ + "version": "4.0.3", + "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.3.tgz", + "integrity": "sha512-xelSayHH36ZgE7ZWhli7pW34hNbNl8Ojv5KVmkJD4hBdD3th8Tfk9vYasLM+mXWOZhFkgZfxhLSnrwRr4elSSg==", ++ "license": "MIT", + "dependencies": { + "is-extglob": "^2.1.1" + }, +@@ -1938,12 +2223,14 @@ + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/is-lambda/-/is-lambda-1.0.1.tgz", + "integrity": "sha512-z7CMFGNrENq5iFB9Bqo64Xk6Y9sg+epq1myIcdHaGnbMTYOxvzsEtdYqQUylB7LxfkvgrrjP32T6Ywciio9UIQ==", ++ "license": "MIT", + "optional": true + }, + "node_modules/is-number": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz", + "integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==", ++ "license": "MIT", + "engines": { + "node": ">=0.12.0" + } +@@ -1951,31 +2238,42 @@ + "node_modules/is-object": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/is-object/-/is-object-1.0.2.tgz", +- "integrity": "sha512-2rRIahhZr2UWb45fIOuvZGpFtz0TyOZLf32KxBbSoUCeZR495zCKlWUKKUByk3geS2eAs7ZAABt0Y/Rx0GiQGA==" ++ "integrity": "sha512-2rRIahhZr2UWb45fIOuvZGpFtz0TyOZLf32KxBbSoUCeZR495zCKlWUKKUByk3geS2eAs7ZAABt0Y/Rx0GiQGA==", ++ "license": "MIT", ++ "funding": { ++ "url": "https://github.com/sponsors/ljharb" ++ } + }, + "node_modules/is-property": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/is-property/-/is-property-1.0.2.tgz", +- "integrity": "sha512-Ks/IoX00TtClbGQr4TWXemAnktAQvYB7HzcCxDGqEZU6oCmb2INHuOoKxbtR+HFkmYWBKv/dOZtGRiAjDhj92g==" ++ "integrity": "sha512-Ks/IoX00TtClbGQr4TWXemAnktAQvYB7HzcCxDGqEZU6oCmb2INHuOoKxbtR+HFkmYWBKv/dOZtGRiAjDhj92g==", ++ "license": "MIT" + }, + "node_modules/is-stream": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/is-stream/-/is-stream-2.0.1.tgz", + "integrity": "sha512-hFoiJiTl63nn+kstHGBtewWSKnQLpyb155KHheA1l39uvtO9nWIop1p3udqPcUd/xbF1VLMO4n7OI6p7RbngDg==", ++ "license": "MIT", + "engines": { + "node": ">=8" ++ }, ++ "funding": { ++ "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/isexe": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz", + "integrity": "sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw==", ++ "license": "ISC", + "optional": true + }, + "node_modules/isurl": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/isurl/-/isurl-1.0.0.tgz", + "integrity": "sha512-1P/yWsxPlDtn7QeRD+ULKQPaIaN6yF368GZ2vDfv0AL0NwpStafjWCDDdn0k8wgFMWpVAqG7oJhxHnlud42i9w==", ++ "license": "MIT", + "dependencies": { + "has-to-string-tag-x": "^1.2.0", + "is-object": "^1.0.1" +@@ -1987,28 +2285,26 @@ + "node_modules/jju": { + "version": "1.4.0", + "resolved": "https://registry.npmjs.org/jju/-/jju-1.4.0.tgz", +- "integrity": "sha512-8wb9Yw966OSxApiCt0K3yNJL8pnNeIv+OEq2YMidz4FKP6nonSRoOXc80iXY4JaN2FC11B9qsNmDsm+ZOfMROA==" +- }, +- "node_modules/jsbn": { +- "version": "1.1.0", +- "resolved": "https://registry.npmjs.org/jsbn/-/jsbn-1.1.0.tgz", +- "integrity": "sha512-4bYVV3aAMtDTTu4+xsDYa6sy9GyJ69/amsu9sYF2zqjiEoZA5xJi3BrfX3uY+/IekIu7MwdObdbDWpoZdBv3/A==", +- "optional": true ++ "integrity": "sha512-8wb9Yw966OSxApiCt0K3yNJL8pnNeIv+OEq2YMidz4FKP6nonSRoOXc80iXY4JaN2FC11B9qsNmDsm+ZOfMROA==", ++ "license": "MIT" + }, + "node_modules/json-buffer": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/json-buffer/-/json-buffer-3.0.1.tgz", +- "integrity": "sha512-4bV5BfR2mqfQTJm+V5tPPdf+ZpuhiIvTuAB5g8kcrXOZpTT/QwwVRWBywX1ozr6lEuPdbHxwaJlm9G6mI2sfSQ==" ++ "integrity": "sha512-4bV5BfR2mqfQTJm+V5tPPdf+ZpuhiIvTuAB5g8kcrXOZpTT/QwwVRWBywX1ozr6lEuPdbHxwaJlm9G6mI2sfSQ==", ++ "license": "MIT" + }, + "node_modules/json-schema-traverse": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-1.0.0.tgz", +- "integrity": "sha512-NM8/P9n3XjXhIZn1lLhkFaACTOURQXjWhV4BA/RnOv8xvgqtqpAX9IO4mRQxSx1Rlo4tqzeqb0sOlruaOy3dug==" ++ "integrity": "sha512-NM8/P9n3XjXhIZn1lLhkFaACTOURQXjWhV4BA/RnOv8xvgqtqpAX9IO4mRQxSx1Rlo4tqzeqb0sOlruaOy3dug==", ++ "license": "MIT" + }, + "node_modules/json5": { + "version": "2.2.3", + "resolved": "https://registry.npmjs.org/json5/-/json5-2.2.3.tgz", + "integrity": "sha512-XmOWe7eyHYH14cLdVPoyg+GOH3rYX++KpzrylJwSW98t3Nk+U8XOl8FWKOgwtzdb8lXGf6zYwDUzeHMWfxasyg==", ++ "license": "MIT", + "bin": { + "json5": "lib/cli.js" + }, +@@ -2017,9 +2313,10 @@ + } + }, + "node_modules/jsonfile": { +- "version": "6.1.0", +- "resolved": "https://registry.npmjs.org/jsonfile/-/jsonfile-6.1.0.tgz", +- "integrity": "sha512-5dgndWOriYSm5cnYaJNhalLNDKOqFwyDB/rr1E9ZsGciGvKPs8R2xYGCacuf3z6K1YKDz182fd+fY3cn3pMqXQ==", ++ "version": "6.2.0", ++ "resolved": "https://registry.npmjs.org/jsonfile/-/jsonfile-6.2.0.tgz", ++ "integrity": "sha512-FGuPw30AdOIUTRMC2OMRtQV+jkVj2cfPqSeWXv1NEAJ1qZ5zb1X6z1mFhbfOB/iy3ssJCD+3KuZ8r8C3uVFlAg==", ++ "license": "MIT", + "dependencies": { + "universalify": "^2.0.0" + }, +@@ -2031,6 +2328,7 @@ + "version": "4.5.4", + "resolved": "https://registry.npmjs.org/keyv/-/keyv-4.5.4.tgz", + "integrity": "sha512-oxVHkHR/EJf2CNXnWxRLW6mg7JyCCUcG0DtEGmL2ctUo1PNTin1PUil+r/+4r5MpVgC/fn1kjsx7mjSujKqIpw==", ++ "license": "MIT", + "dependencies": { + "json-buffer": "3.0.1" + } +@@ -2038,17 +2336,20 @@ + "node_modules/kuler": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/kuler/-/kuler-2.0.0.tgz", +- "integrity": "sha512-Xq9nH7KlWZmXAtodXDDRE7vs6DU1gTU8zYDHDiWLSip45Egwq3plLHzPn27NgvzL2r1LMPC1vdqh98sQxtqj4A==" ++ "integrity": "sha512-Xq9nH7KlWZmXAtodXDDRE7vs6DU1gTU8zYDHDiWLSip45Egwq3plLHzPn27NgvzL2r1LMPC1vdqh98sQxtqj4A==", ++ "license": "MIT" + }, + "node_modules/lodash": { + "version": "4.17.21", + "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", +- "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==" ++ "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==", ++ "license": "MIT" + }, + "node_modules/logform": { + "version": "2.7.0", + "resolved": "https://registry.npmjs.org/logform/-/logform-2.7.0.tgz", + "integrity": "sha512-TFYA4jnP7PVbmlBIfhlSe+WKxs9dklXMTEGcBCIvLhE/Tn3H6Gk1norupVW7m5Cnd4bLcr08AytbyV/xj7f/kQ==", ++ "license": "MIT", + "dependencies": { + "@colors/colors": "1.6.0", + "@types/triple-beam": "^1.3.2", +@@ -2064,48 +2365,62 @@ + "node_modules/logform/node_modules/ms": { + "version": "2.1.3", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", +- "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==" ++ "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==", ++ "license": "MIT" + }, + "node_modules/long": { +- "version": "5.3.1", +- "resolved": "https://registry.npmjs.org/long/-/long-5.3.1.tgz", +- "integrity": "sha512-ka87Jz3gcx/I7Hal94xaN2tZEOPoUOEVftkQqZx2EeQRN7LGdfLlI3FvZ+7WDplm+vK2Urx9ULrvSowtdCieng==" ++ "version": "5.3.2", ++ "resolved": "https://registry.npmjs.org/long/-/long-5.3.2.tgz", ++ "integrity": "sha512-mNAgZ1GmyNhD7AuqnTG3/VQ26o760+ZYBPKjPvugO8+nLbYfX6TVpJPseBvopbdY+qpZ/lKUnmEc1LeZYS3QAA==", ++ "license": "Apache-2.0" + }, + "node_modules/long-timeout": { + "version": "0.1.1", + "resolved": "https://registry.npmjs.org/long-timeout/-/long-timeout-0.1.1.tgz", +- "integrity": "sha512-BFRuQUqc7x2NWxfJBCyUrN8iYUYznzL9JROmRz1gZ6KlOIgmoD+njPVbb+VNn2nGMKggMsK79iUNErillsrx7w==" ++ "integrity": "sha512-BFRuQUqc7x2NWxfJBCyUrN8iYUYznzL9JROmRz1gZ6KlOIgmoD+njPVbb+VNn2nGMKggMsK79iUNErillsrx7w==", ++ "license": "MIT" + }, + "node_modules/lowercase-keys": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/lowercase-keys/-/lowercase-keys-2.0.0.tgz", + "integrity": "sha512-tqNXrS78oMOE73NMxK4EMLQsQowWf8jKooH9g7xPavRT706R6bkQJ6DY2Te7QukaZsulxa30wQ7bk0pm4XiHmA==", ++ "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/lru-cache": { +- "version": "7.18.3", +- "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-7.18.3.tgz", +- "integrity": "sha512-jumlc0BIUrS3qJGgIkWZsyfAM7NCWiBcCDhnd+3NNM5KbBmLTgHVfWBcg6W+rLUsIpzpERPsvwUP7CckAQSOoA==", ++ "version": "6.0.0", ++ "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz", ++ "integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==", ++ "license": "ISC", ++ "dependencies": { ++ "yallist": "^4.0.0" ++ }, + "engines": { +- "node": ">=12" ++ "node": ">=10" + } + }, + "node_modules/lru.min": { +- "version": "1.1.1", +- "resolved": "https://registry.npmjs.org/lru.min/-/lru.min-1.1.1.tgz", +- "integrity": "sha512-FbAj6lXil6t8z4z3j0E5mfRlPzxkySotzUHwRXjlpRh10vc6AI6WN62ehZj82VG7M20rqogJ0GLwar2Xa05a8Q==", ++ "version": "1.1.3", ++ "resolved": "https://registry.npmjs.org/lru.min/-/lru.min-1.1.3.tgz", ++ "integrity": "sha512-Lkk/vx6ak3rYkRR0Nhu4lFUT2VDnQSxBe8Hbl7f36358p6ow8Bnvr8lrLt98H8J1aGxfhbX4Fs5tYg2+FTwr5Q==", ++ "license": "MIT", + "engines": { + "bun": ">=1.0.0", + "deno": ">=1.30.0", + "node": ">=8.0.0" ++ }, ++ "funding": { ++ "type": "github", ++ "url": "https://github.com/sponsors/wellwelwel" + } + }, + "node_modules/luxon": { +- "version": "3.5.0", +- "resolved": "https://registry.npmjs.org/luxon/-/luxon-3.5.0.tgz", +- "integrity": "sha512-rh+Zjr6DNfUYR3bPwJEnuwDdqMbxZW7LOQfUN4B54+Cl+0o5zaU9RJ6bcidfDtC1cWCZXQ+nvX8bf6bAji37QQ==", ++ "version": "3.7.2", ++ "resolved": "https://registry.npmjs.org/luxon/-/luxon-3.7.2.tgz", ++ "integrity": "sha512-vtEhXh/gNjI9Yg1u4jX/0YVPMvxzHuGgCm6tC5kZyb08yjGWGnqAjGJvcXbqQR2P3MyMEFnRbpcdFS6PBcLqew==", ++ "license": "MIT", + "engines": { + "node": ">=12" + } +@@ -2114,6 +2429,7 @@ + "version": "9.1.0", + "resolved": "https://registry.npmjs.org/make-fetch-happen/-/make-fetch-happen-9.1.0.tgz", + "integrity": "sha512-+zopwDy7DNknmwPQplem5lAZX/eCOzSvSNNcSKm5eVwTkOBzoktEfXsa9L23J/GIRhxRsaxzkPEhrJEpE2F4Gg==", ++ "license": "ISC", + "optional": true, + "dependencies": { + "agentkeepalive": "^4.1.3", +@@ -2137,22 +2453,11 @@ + "node": ">= 10" + } + }, +- "node_modules/make-fetch-happen/node_modules/lru-cache": { +- "version": "6.0.0", +- "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz", +- "integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==", +- "optional": true, +- "dependencies": { +- "yallist": "^4.0.0" +- }, +- "engines": { +- "node": ">=10" +- } +- }, + "node_modules/math-intrinsics": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/math-intrinsics/-/math-intrinsics-1.1.0.tgz", + "integrity": "sha512-/IXtbwEk5HTPyEwyKX6hGkYXxM9nbj64B+ilVJnC/R6B0pH5G4V3b0pVbL7DBj4tkhBAppbQUlf6F6Xl9LHu1g==", ++ "license": "MIT", + "engines": { + "node": ">= 0.4" + } +@@ -2161,6 +2466,7 @@ + "version": "0.3.0", + "resolved": "https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz", + "integrity": "sha512-dq+qelQ9akHpcOl/gUVRTxVIOkAJ1wR3QAvb4RsVjS8oVoFjDGTc679wJYmUmknUF5HwMLOgb5O+a3KxfWapPQ==", ++ "license": "MIT", + "engines": { + "node": ">= 0.6" + } +@@ -2168,12 +2474,17 @@ + "node_modules/merge-descriptors": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-1.0.3.tgz", +- "integrity": "sha512-gaNvAS7TZ897/rVaZ0nMtAyxNyi/pdbjbAwUpFQpN70GqnVfOiXpeUUMKRBmzXaSQ8DdTX4/0ms62r2K+hE6mQ==" ++ "integrity": "sha512-gaNvAS7TZ897/rVaZ0nMtAyxNyi/pdbjbAwUpFQpN70GqnVfOiXpeUUMKRBmzXaSQ8DdTX4/0ms62r2K+hE6mQ==", ++ "license": "MIT", ++ "funding": { ++ "url": "https://github.com/sponsors/sindresorhus" ++ } + }, + "node_modules/merge2": { + "version": "1.4.1", + "resolved": "https://registry.npmjs.org/merge2/-/merge2-1.4.1.tgz", + "integrity": "sha512-8q7VEgMJW4J8tcfVPy8g09NcQwZdbwFEqhe/WZkoIzjn/3TGDwtOCYtXGxA3O8tPzpczCCDgv+P2P5y00ZJOOg==", ++ "license": "MIT", + "engines": { + "node": ">= 8" + } +@@ -2182,6 +2493,7 @@ + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/methods/-/methods-1.1.2.tgz", + "integrity": "sha512-iclAHeNqNm68zFtnZ0e+1L2yUIdvzNoauKU4WBA3VvH/vPFieF7qfRlwUZU+DA9P9bPXIS90ulxoUoCH23sV2w==", ++ "license": "MIT", + "engines": { + "node": ">= 0.6" + } +@@ -2190,6 +2502,7 @@ + "version": "4.0.8", + "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.8.tgz", + "integrity": "sha512-PXwfBhYu0hBCPw8Dn0E+WDYb7af3dSLVWKi3HGv84IdF4TyFoC0ysxFd0Goxw7nSv4T/PzEJQxsYsEiFCKo2BA==", ++ "license": "MIT", + "dependencies": { + "braces": "^3.0.3", + "picomatch": "^2.3.1" +@@ -2202,6 +2515,7 @@ + "version": "1.6.0", + "resolved": "https://registry.npmjs.org/mime/-/mime-1.6.0.tgz", + "integrity": "sha512-x0Vn8spI+wuJ1O6S7gnbaQg8Pxh4NNHb7KSINmEWKiPE4RKOplvijn+NkmYmmRgP68mc70j2EbeTFRsrswaQeg==", ++ "license": "MIT", + "bin": { + "mime": "cli.js" + }, +@@ -2213,6 +2527,7 @@ + "version": "1.52.0", + "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz", + "integrity": "sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==", ++ "license": "MIT", + "engines": { + "node": ">= 0.6" + } +@@ -2221,6 +2536,7 @@ + "version": "2.1.35", + "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz", + "integrity": "sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==", ++ "license": "MIT", + "dependencies": { + "mime-db": "1.52.0" + }, +@@ -2232,6 +2548,7 @@ + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/mimic-response/-/mimic-response-1.0.1.tgz", + "integrity": "sha512-j5EctnkH7amfV/q5Hgmoal1g2QHFJRraOtmx0JpIqkxhBhI/lJSl1nMpQ45hVarwNETOoWEimndZ4QK0RHxuxQ==", ++ "license": "MIT", + "engines": { + "node": ">=4" + } +@@ -2240,6 +2557,7 @@ + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==", ++ "license": "ISC", + "optional": true, + "dependencies": { + "brace-expansion": "^1.1.7" +@@ -2251,12 +2569,17 @@ + "node_modules/minimist": { + "version": "1.2.8", + "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.8.tgz", +- "integrity": "sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA==" ++ "integrity": "sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA==", ++ "license": "MIT", ++ "funding": { ++ "url": "https://github.com/sponsors/ljharb" ++ } + }, + "node_modules/minipass": { + "version": "3.3.6", + "resolved": "https://registry.npmjs.org/minipass/-/minipass-3.3.6.tgz", + "integrity": "sha512-DxiNidxSEK+tHG6zOIklvNOwm3hvCrbUrdtzY74U6HKTJxvIDfOUL5W5P2Ghd3DTkhhKPYGqeNUIh5qcM4YBfw==", ++ "license": "ISC", + "dependencies": { + "yallist": "^4.0.0" + }, +@@ -2268,6 +2591,7 @@ + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/minipass-collect/-/minipass-collect-1.0.2.tgz", + "integrity": "sha512-6T6lH0H8OG9kITm/Jm6tdooIbogG9e0tLgpY6mphXSm/A9u8Nq1ryBG+Qspiub9LjWlBPsPS3tWQ/Botq4FdxA==", ++ "license": "ISC", + "optional": true, + "dependencies": { + "minipass": "^3.0.0" +@@ -2280,6 +2604,7 @@ + "version": "1.4.1", + "resolved": "https://registry.npmjs.org/minipass-fetch/-/minipass-fetch-1.4.1.tgz", + "integrity": "sha512-CGH1eblLq26Y15+Azk7ey4xh0J/XfJfrCox5LDJiKqI2Q2iwOLOKrlmIaODiSQS8d18jalF6y2K2ePUm0CmShw==", ++ "license": "MIT", + "optional": true, + "dependencies": { + "minipass": "^3.1.0", +@@ -2297,6 +2622,7 @@ + "version": "1.0.5", + "resolved": "https://registry.npmjs.org/minipass-flush/-/minipass-flush-1.0.5.tgz", + "integrity": "sha512-JmQSYYpPUqX5Jyn1mXaRwOda1uQ8HP5KAT/oDSLCzt1BYRhQU0/hDtsB1ufZfEEzMZ9aAVmsBw8+FWsIXlClWw==", ++ "license": "ISC", + "optional": true, + "dependencies": { + "minipass": "^3.0.0" +@@ -2309,6 +2635,7 @@ + "version": "1.2.4", + "resolved": "https://registry.npmjs.org/minipass-pipeline/-/minipass-pipeline-1.2.4.tgz", + "integrity": "sha512-xuIq7cIOt09RPRJ19gdi4b+RiNvDFYe5JH+ggNvBqGqpQXcru3PcRmOZuHBKWK1Txf9+cQ+HMVN4d6z46LZP7A==", ++ "license": "ISC", + "optional": true, + "dependencies": { + "minipass": "^3.0.0" +@@ -2321,6 +2648,7 @@ + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/minipass-sized/-/minipass-sized-1.0.3.tgz", + "integrity": "sha512-MbkQQ2CTiBMlA2Dm/5cY+9SWFEN8pzzOXi6rlM5Xxq0Yqbda5ZQy9sU75a673FE9ZK0Zsbr6Y5iP6u9nktfg2g==", ++ "license": "ISC", + "optional": true, + "dependencies": { + "minipass": "^3.0.0" +@@ -2333,6 +2661,7 @@ + "version": "2.1.2", + "resolved": "https://registry.npmjs.org/minizlib/-/minizlib-2.1.2.tgz", + "integrity": "sha512-bAxsR8BVfj60DWXHE3u30oHzfl4G7khkSuPW+qvpd7jFRHm7dLxOjUk1EHACJ/hxLY8phGJ0YhYHZo7jil7Qdg==", ++ "license": "MIT", + "dependencies": { + "minipass": "^3.0.0", + "yallist": "^4.0.0" +@@ -2345,6 +2674,7 @@ + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-1.0.4.tgz", + "integrity": "sha512-vVqVZQyf3WLx2Shd0qJ9xuvqgAyKPLAiqITEtqW0oIUjzo3PePDd6fW9iFz30ef7Ysp/oiWqbhszeGWW2T6Gzw==", ++ "license": "MIT", + "bin": { + "mkdirp": "bin/cmd.js" + }, +@@ -2355,20 +2685,23 @@ + "node_modules/mkdirp-classic": { + "version": "0.5.3", + "resolved": "https://registry.npmjs.org/mkdirp-classic/-/mkdirp-classic-0.5.3.tgz", +- "integrity": "sha512-gKLcREMhtuZRwRAfqP3RFW+TK4JqApVBtOIftVgjuABpAtpxhPGaDcfvbhNvD0B8iD1oUr/txX35NjcaY6Ns/A==" ++ "integrity": "sha512-gKLcREMhtuZRwRAfqP3RFW+TK4JqApVBtOIftVgjuABpAtpxhPGaDcfvbhNvD0B8iD1oUr/txX35NjcaY6Ns/A==", ++ "license": "MIT" + }, + "node_modules/moment": { + "version": "2.30.1", + "resolved": "https://registry.npmjs.org/moment/-/moment-2.30.1.tgz", + "integrity": "sha512-uEmtNhbDOrWPFS+hdjFCBfy9f2YoyzRpwcl+DqpC6taX21FzsTLQVbMV/W7PzNSX6x/bhC1zA3c2UQ5NzH6how==", ++ "license": "MIT", + "engines": { + "node": "*" + } + }, + "node_modules/moment-timezone": { +- "version": "0.5.47", +- "resolved": "https://registry.npmjs.org/moment-timezone/-/moment-timezone-0.5.47.tgz", +- "integrity": "sha512-UbNt/JAWS0m/NJOebR0QMRHBk0hu03r5dx9GK8Cs0AS3I81yDcOc9k+DytPItgVvBP7J6Mf6U2n3BPAacAV9oA==", ++ "version": "0.5.48", ++ "resolved": "https://registry.npmjs.org/moment-timezone/-/moment-timezone-0.5.48.tgz", ++ "integrity": "sha512-f22b8LV1gbTO2ms2j2z13MuPogNoh5UzxL3nzNAYKGraILnbGc9NEE6dyiiiLv46DGRb8A4kg8UKWLjPthxBHw==", ++ "license": "MIT", + "dependencies": { + "moment": "^2.29.4" + }, +@@ -2396,6 +2729,7 @@ + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.3.0.tgz", + "integrity": "sha512-ikqdkGAAyf/X/gPhXGvfgAytDZtDbr+bkNUJ0N9h5MI/dmdgCs3l6hoHrcUv41sRKew3jIwrp4qQDXiK99Utww==", ++ "license": "MIT", + "dependencies": { + "ee-first": "1.1.1" + }, +@@ -2406,17 +2740,19 @@ + "node_modules/ms": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", +- "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==" ++ "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==", ++ "license": "MIT" + }, + "node_modules/mysql2": { +- "version": "3.12.0", +- "resolved": "https://registry.npmjs.org/mysql2/-/mysql2-3.12.0.tgz", +- "integrity": "sha512-C8fWhVysZoH63tJbX8d10IAoYCyXy4fdRFz2Ihrt9jtPILYynFEKUUzpp1U7qxzDc3tMbotvaBH+sl6bFnGZiw==", ++ "version": "3.15.3", ++ "resolved": "https://registry.npmjs.org/mysql2/-/mysql2-3.15.3.tgz", ++ "integrity": "sha512-FBrGau0IXmuqg4haEZRBfHNWB5mUARw6hNwPDXXGg0XzVJ50mr/9hb267lvpVMnhZ1FON3qNd4Xfcez1rbFwSg==", ++ "license": "MIT", + "dependencies": { + "aws-ssl-profiles": "^1.1.1", + "denque": "^2.1.0", + "generate-function": "^2.3.1", +- "iconv-lite": "^0.6.3", ++ "iconv-lite": "^0.7.0", + "long": "^5.2.1", + "lru.min": "^1.0.0", + "named-placeholders": "^1.1.3", +@@ -2428,44 +2764,53 @@ + } + }, + "node_modules/mysql2/node_modules/iconv-lite": { +- "version": "0.6.3", +- "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.6.3.tgz", +- "integrity": "sha512-4fCk79wshMdzMp2rH06qWrJE4iolqLhCUH+OiuIgU++RB0+94NlDL81atO7GX55uUKueo0txHNtvEyI6D7WdMw==", ++ "version": "0.7.1", ++ "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.7.1.tgz", ++ "integrity": "sha512-2Tth85cXwGFHfvRgZWszZSvdo+0Xsqmw8k8ZwxScfcBneNUraK+dxRxRm24nszx80Y0TVio8kKLt5sLE7ZCLlw==", ++ "license": "MIT", + "dependencies": { + "safer-buffer": ">= 2.1.2 < 3.0.0" + }, + "engines": { + "node": ">=0.10.0" ++ }, ++ "funding": { ++ "type": "opencollective", ++ "url": "https://opencollective.com/express" + } + }, + "node_modules/named-placeholders": { +- "version": "1.1.3", +- "resolved": "https://registry.npmjs.org/named-placeholders/-/named-placeholders-1.1.3.tgz", +- "integrity": "sha512-eLoBxg6wE/rZkJPhU/xRX1WTpkFEwDJEN96oxFrTsqBdbT5ec295Q+CoHrL9IT0DipqKhmGcaZmwOt8OON5x1w==", ++ "version": "1.1.4", ++ "resolved": "https://registry.npmjs.org/named-placeholders/-/named-placeholders-1.1.4.tgz", ++ "integrity": "sha512-/qfG0Kk/bLJIvej4FcPQ2KYUJP8iQdU1CTxysNb/U2wUNb+/4K485yeio8iNoiwfqJnsTInXoRPTza0dZWHVJQ==", ++ "license": "MIT", + "dependencies": { +- "lru-cache": "^7.14.1" ++ "lru.min": "^1.1.0" + }, + "engines": { +- "node": ">=12.0.0" ++ "node": ">=8.0.0" + } + }, + "node_modules/napi-build-utils": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/napi-build-utils/-/napi-build-utils-2.0.0.tgz", +- "integrity": "sha512-GEbrYkbfF7MoNaoh2iGG84Mnf/WZfB0GdGEsM8wz7Expx/LlWf5U8t9nvJKXSp3qr5IsEbK04cBGhol/KwOsWA==" ++ "integrity": "sha512-GEbrYkbfF7MoNaoh2iGG84Mnf/WZfB0GdGEsM8wz7Expx/LlWf5U8t9nvJKXSp3qr5IsEbK04cBGhol/KwOsWA==", ++ "license": "MIT" + }, + "node_modules/negotiator": { + "version": "0.6.3", + "resolved": "https://registry.npmjs.org/negotiator/-/negotiator-0.6.3.tgz", + "integrity": "sha512-+EUsqGPLsM+j/zdChZjsnX51g4XrHFOIXwfnCVPGlQk/k5giakcKsuxCObBRu6DSm9opw/O6slWbJdghQM4bBg==", ++ "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/node-abi": { +- "version": "3.74.0", +- "resolved": "https://registry.npmjs.org/node-abi/-/node-abi-3.74.0.tgz", +- "integrity": "sha512-c5XK0MjkGBrQPGYG24GBADZud0NCbznxNx0ZkS+ebUTrmV1qTDxPxSL8zEAPURXSbLRWVexxmP4986BziahL5w==", ++ "version": "3.85.0", ++ "resolved": "https://registry.npmjs.org/node-abi/-/node-abi-3.85.0.tgz", ++ "integrity": "sha512-zsFhmbkAzwhTft6nd3VxcG0cvJsT70rL+BIGHWVq5fi6MwGrHwzqKaxXE+Hl2GmnGItnDKPPkO5/LQqjVkIdFg==", ++ "license": "MIT", + "dependencies": { + "semver": "^7.3.5" + }, +@@ -2474,9 +2819,10 @@ + } + }, + "node_modules/node-abi/node_modules/semver": { +- "version": "7.7.1", +- "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.1.tgz", +- "integrity": "sha512-hlq8tAfn0m/61p4BVRcPzIGr6LKiMwo4VM6dGi6pt4qcRkmNzTcWq6eCEjEh+qXjkMDvPlOFFSGwQjoEa6gyMA==", ++ "version": "7.7.3", ++ "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.3.tgz", ++ "integrity": "sha512-SdsKMrI9TdgjdweUSR9MweHA4EJ8YxHn8DFaDisvhVlUOe4BF1tLD7GAj0lIqWVl+dPb/rExr0Btby5loQm20Q==", ++ "license": "ISC", + "bin": { + "semver": "bin/semver.js" + }, +@@ -2487,12 +2833,14 @@ + "node_modules/node-addon-api": { + "version": "7.1.1", + "resolved": "https://registry.npmjs.org/node-addon-api/-/node-addon-api-7.1.1.tgz", +- "integrity": "sha512-5m3bsyrjFWE1xf7nz7YXdN4udnVtXK6/Yfgn5qnahL6bCkf2yKt4k3nuTKAtT4r3IG8JNR2ncsIMdZuAzJjHQQ==" ++ "integrity": "sha512-5m3bsyrjFWE1xf7nz7YXdN4udnVtXK6/Yfgn5qnahL6bCkf2yKt4k3nuTKAtT4r3IG8JNR2ncsIMdZuAzJjHQQ==", ++ "license": "MIT" + }, + "node_modules/node-gyp": { + "version": "8.4.1", + "resolved": "https://registry.npmjs.org/node-gyp/-/node-gyp-8.4.1.tgz", + "integrity": "sha512-olTJRgUtAb/hOXG0E93wZDs5YiJlgbXxTwQAFHyNlRsXQnYzUaF2aGgujZbw+hR8aF4ZG/rST57bWMWD16jr9w==", ++ "license": "MIT", + "optional": true, + "dependencies": { + "env-paths": "^2.2.0", +@@ -2514,9 +2862,10 @@ + } + }, + "node_modules/node-gyp/node_modules/semver": { +- "version": "7.7.1", +- "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.1.tgz", +- "integrity": "sha512-hlq8tAfn0m/61p4BVRcPzIGr6LKiMwo4VM6dGi6pt4qcRkmNzTcWq6eCEjEh+qXjkMDvPlOFFSGwQjoEa6gyMA==", ++ "version": "7.7.3", ++ "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.3.tgz", ++ "integrity": "sha512-SdsKMrI9TdgjdweUSR9MweHA4EJ8YxHn8DFaDisvhVlUOe4BF1tLD7GAj0lIqWVl+dPb/rExr0Btby5loQm20Q==", ++ "license": "ISC", + "optional": true, + "bin": { + "semver": "bin/semver.js" +@@ -2529,6 +2878,7 @@ + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/node-schedule/-/node-schedule-2.1.1.tgz", + "integrity": "sha512-OXdegQq03OmXEjt2hZP33W2YPs/E5BcFQks46+G2gAxs4gHOIVD1u7EqlYLYSKsaIpyKCK9Gbk0ta1/gjRSMRQ==", ++ "license": "MIT", + "dependencies": { + "cron-parser": "^4.2.0", + "long-timeout": "0.1.1", +@@ -2542,6 +2892,7 @@ + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/nopt/-/nopt-5.0.0.tgz", + "integrity": "sha512-Tbj67rffqceeLpcRXrT7vKAN8CwfPeIBgM7E6iBkmKLV7bEMwpGgYLGv0jACUsECaa/vuxP0IjEont6umdMgtQ==", ++ "license": "ISC", + "optional": true, + "dependencies": { + "abbrev": "1" +@@ -2557,14 +2908,19 @@ + "version": "6.1.0", + "resolved": "https://registry.npmjs.org/normalize-url/-/normalize-url-6.1.0.tgz", + "integrity": "sha512-DlL+XwOy3NxAQ8xuC0okPgK46iuVNAK01YN7RueYBqqFeGsBjV9XmCAzAdgt+667bCl5kPh9EqKKDwnaPG1I7A==", ++ "license": "MIT", + "engines": { + "node": ">=10" ++ }, ++ "funding": { ++ "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/npm-conf": { + "version": "1.1.3", + "resolved": "https://registry.npmjs.org/npm-conf/-/npm-conf-1.1.3.tgz", + "integrity": "sha512-Yic4bZHJOt9RCFbRP3GgpqhScOY4HH3V2P8yBj6CeYq118Qr+BLXqT2JvpJ00mryLESpgOxf5XlFv4ZjXxLScw==", ++ "license": "MIT", + "dependencies": { + "config-chain": "^1.1.11", + "pify": "^3.0.0" +@@ -2578,6 +2934,7 @@ + "resolved": "https://registry.npmjs.org/npmlog/-/npmlog-6.0.2.tgz", + "integrity": "sha512-/vBvz5Jfr9dT/aFWd0FIRf+T/Q2WBsLENygUaFUqstqsycmZAP/t5BvFJTK0viFmSUxiUKTUplWy5vt+rvKIxg==", + "deprecated": "This package is no longer supported.", ++ "license": "ISC", + "optional": true, + "dependencies": { + "are-we-there-yet": "^3.0.0", +@@ -2593,14 +2950,19 @@ + "version": "1.13.4", + "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.4.tgz", + "integrity": "sha512-W67iLl4J2EXEGTbfeHCffrjDfitvLANg0UlX3wFUUSTx92KXRFegMHUVgSqE+wvhAbi4WqjGg9czysTV2Epbew==", ++ "license": "MIT", + "engines": { + "node": ">= 0.4" ++ }, ++ "funding": { ++ "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/on-finished": { + "version": "2.4.1", + "resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.4.1.tgz", + "integrity": "sha512-oVlzkg3ENAhCk2zdv7IJwd/QUD4z2RxRwpkcGY8psCVcCYZNq4wYnVWALHM+brtuJjePWiYF/ClmuDr8Ch5+kg==", ++ "license": "MIT", + "dependencies": { + "ee-first": "1.1.1" + }, +@@ -2621,6 +2983,7 @@ + "version": "1.4.0", + "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz", + "integrity": "sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w==", ++ "license": "ISC", + "dependencies": { + "wrappy": "1" + } +@@ -2629,6 +2992,7 @@ + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/one-time/-/one-time-1.0.0.tgz", + "integrity": "sha512-5DXOiRKwuSEcQ/l0kGCF6Q3jcADFv5tSmRaJck/OqkVFcOzutB134KRSfF0xDrL39MNnqxbHBbUUcjZIhTgb2g==", ++ "license": "MIT", + "dependencies": { + "fn.name": "1.x.x" + } +@@ -2637,6 +3001,7 @@ + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/p-cancelable/-/p-cancelable-2.1.1.tgz", + "integrity": "sha512-BZOr3nRQHOntUjTrH8+Lh54smKHoHyur8We1V8DSMVrl5A2malOOwuJRnKRDjSnkoeBh4at6BwEnb5I7Jl31wg==", ++ "license": "MIT", + "engines": { + "node": ">=8" + } +@@ -2645,18 +3010,23 @@ + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/p-map/-/p-map-4.0.0.tgz", + "integrity": "sha512-/bjOqmgETBYB5BoEeGVea8dmvHb2m9GLy1E9W43yeyfP6QQCZGFNa+XRceJEuDB6zqr+gKpIAmlLebMpykw/MQ==", ++ "license": "MIT", + "optional": true, + "dependencies": { + "aggregate-error": "^3.0.0" + }, + "engines": { + "node": ">=10" ++ }, ++ "funding": { ++ "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/parseurl": { + "version": "1.3.3", + "resolved": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz", + "integrity": "sha512-CiyeOxFT/JZyN5m0z9PfXw4SCBJ6Sygz1Dpl0wqjlhDEGGBP1GnsUVEL0p63hoG1fcj3fHynXi9NYO4nWOL+qQ==", ++ "license": "MIT", + "engines": { + "node": ">= 0.8" + } +@@ -2665,6 +3035,7 @@ + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz", + "integrity": "sha512-AVbw3UJ2e9bq64vSaS9Am0fje1Pa8pbGqTTsmXfaIiMpnr5DlDhfJOuLj9Sf95ZPVDAUerDfEk88MPmPe7UCQg==", ++ "license": "MIT", + "optional": true, + "engines": { + "node": ">=0.10.0" +@@ -2673,30 +3044,38 @@ + "node_modules/path-parse": { + "version": "1.0.7", + "resolved": "https://registry.npmjs.org/path-parse/-/path-parse-1.0.7.tgz", +- "integrity": "sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw==" ++ "integrity": "sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw==", ++ "license": "MIT" + }, + "node_modules/path-to-regexp": { + "version": "0.1.12", + "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.12.tgz", +- "integrity": "sha512-RA1GjUVMnvYFxuqovrEqZoxxW5NUZqbwKtYz/Tt7nXerk0LbLblQmrsgdeOxV5SFHf0UDggjS/bSeOZwt1pmEQ==" ++ "integrity": "sha512-RA1GjUVMnvYFxuqovrEqZoxxW5NUZqbwKtYz/Tt7nXerk0LbLblQmrsgdeOxV5SFHf0UDggjS/bSeOZwt1pmEQ==", ++ "license": "MIT" + }, + "node_modules/pg-connection-string": { +- "version": "2.7.0", +- "resolved": "https://registry.npmjs.org/pg-connection-string/-/pg-connection-string-2.7.0.tgz", +- "integrity": "sha512-PI2W9mv53rXJQEOb8xNR8lH7Hr+EKa6oJa38zsK0S/ky2er16ios1wLKhZyxzD7jUReiWokc9WK5nxSnC7W1TA==" ++ "version": "2.9.1", ++ "resolved": "https://registry.npmjs.org/pg-connection-string/-/pg-connection-string-2.9.1.tgz", ++ "integrity": "sha512-nkc6NpDcvPVpZXxrreI/FOtX3XemeLl8E0qFr6F2Lrm/I8WOnaWNhIPK2Z7OHpw7gh5XJThi6j6ppgNoaT1w4w==", ++ "license": "MIT" + }, + "node_modules/picomatch": { + "version": "2.3.1", + "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz", + "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==", ++ "license": "MIT", + "engines": { + "node": ">=8.6" ++ }, ++ "funding": { ++ "url": "https://github.com/sponsors/jonschlinkert" + } + }, + "node_modules/pify": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/pify/-/pify-3.0.0.tgz", + "integrity": "sha512-C3FsVNH1udSEX48gGX1xfvwTWfsYWj5U+8/uK15BGzIGrKoUpghX8hWZwa/OFnakBiiVNmBvemTJR5mcy7iPcg==", ++ "license": "MIT", + "engines": { + "node": ">=4" + } +@@ -2705,6 +3084,7 @@ + "version": "2.1.11", + "resolved": "https://registry.npmjs.org/pony-cause/-/pony-cause-2.1.11.tgz", + "integrity": "sha512-M7LhCsdNbNgiLYiP4WjsfLUuFmCfnjdF6jKe2R9NKl4WFN+HZPGHJZ9lnLP7f9ZnKe3U9nuWD0szirmj+migUg==", ++ "license": "0BSD", + "engines": { + "node": ">=12.0.0" + } +@@ -2713,6 +3093,7 @@ + "version": "7.1.3", + "resolved": "https://registry.npmjs.org/prebuild-install/-/prebuild-install-7.1.3.tgz", + "integrity": "sha512-8Mf2cbV7x1cXPUILADGI3wuhfqWvtiLA1iclTDbFRZkgRQS0NqsPZphna9V+HyTEadheuPmjaJMsbzKQFOzLug==", ++ "license": "MIT", + "dependencies": { + "detect-libc": "^2.0.0", + "expand-template": "^2.0.3", +@@ -2738,12 +3119,14 @@ + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/promise-inflight/-/promise-inflight-1.0.1.tgz", + "integrity": "sha512-6zWPyEOFaQBJYcGMHBKTKJ3u6TBsnMFOIZSa6ce1e/ZrrsOlnHRHbabMjLiBYKp+n44X9eUI6VUPaukCXHuG4g==", ++ "license": "ISC", + "optional": true + }, + "node_modules/promise-retry": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/promise-retry/-/promise-retry-2.0.1.tgz", + "integrity": "sha512-y+WKFlBR8BGXnsNlIHFGPZmyDf3DFMoLhaflAnyZgV6rG6xu+JwesTo2Q9R6XwYmtmwAFCkAk3e35jEdoeh/3g==", ++ "license": "MIT", + "optional": true, + "dependencies": { + "err-code": "^2.0.2", +@@ -2756,12 +3139,14 @@ + "node_modules/proto-list": { + "version": "1.2.4", + "resolved": "https://registry.npmjs.org/proto-list/-/proto-list-1.2.4.tgz", +- "integrity": "sha512-vtK/94akxsTMhe0/cbfpR+syPuszcuwhqVjJq26CuNDgFGj682oRBXOP5MJpv2r7JtE8MsiepGIqvvOTBwn2vA==" ++ "integrity": "sha512-vtK/94akxsTMhe0/cbfpR+syPuszcuwhqVjJq26CuNDgFGj682oRBXOP5MJpv2r7JtE8MsiepGIqvvOTBwn2vA==", ++ "license": "ISC" + }, + "node_modules/proxy-addr": { + "version": "2.0.7", + "resolved": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.7.tgz", + "integrity": "sha512-llQsMLSUDUPT44jdrU/O37qlnifitDP+ZwrmmZcoSKyLKvtZxpyV0n2/bD/N4tBAAZ/gJEdZU7KMraoK1+XYAg==", ++ "license": "MIT", + "dependencies": { + "forwarded": "0.2.0", + "ipaddr.js": "1.9.1" +@@ -2771,9 +3156,10 @@ + } + }, + "node_modules/pump": { +- "version": "3.0.2", +- "resolved": "https://registry.npmjs.org/pump/-/pump-3.0.2.tgz", +- "integrity": "sha512-tUPXtzlGM8FE3P0ZL6DVs/3P58k9nk8/jZeQCurTJylQA8qFYzHFfhBJkuqyE0FifOsQ0uKWekiZ5g8wtr28cw==", ++ "version": "3.0.3", ++ "resolved": "https://registry.npmjs.org/pump/-/pump-3.0.3.tgz", ++ "integrity": "sha512-todwxLMY7/heScKmntwQG8CXVkWUOdYxIvY2s0VWAAMh/nd8SoYiRaKjlr7+iCs984f2P8zvrfWcDDYVb73NfA==", ++ "license": "MIT", + "dependencies": { + "end-of-stream": "^1.1.0", + "once": "^1.3.1" +@@ -2783,51 +3169,77 @@ + "version": "2.3.1", + "resolved": "https://registry.npmjs.org/punycode/-/punycode-2.3.1.tgz", + "integrity": "sha512-vYt7UD1U9Wg6138shLtLOvdAu+8DsC/ilFtEVHcH+wydcSpNE20AfSOduf6MkRFahL5FY7X1oU7nKVZFtfq8Fg==", ++ "license": "MIT", + "engines": { + "node": ">=6" + } + }, + "node_modules/qs": { +- "version": "6.13.0", +- "resolved": "https://registry.npmjs.org/qs/-/qs-6.13.0.tgz", +- "integrity": "sha512-+38qI9SOr8tfZ4QmJNplMUxqjbe7LKvvZgWdExBOmd+egZTtjLB67Gu0HRX3u/XOq7UU2Nx6nsjvS16Z9uwfpg==", ++ "version": "6.14.0", ++ "resolved": "https://registry.npmjs.org/qs/-/qs-6.14.0.tgz", ++ "integrity": "sha512-YWWTjgABSKcvs/nWBi9PycY/JiPJqOD4JA6o9Sej2AtvSGarXxKC3OQSk4pAarbdQlKAh5D4FCQkJNkW+GAn3w==", ++ "license": "BSD-3-Clause", + "dependencies": { +- "side-channel": "^1.0.6" ++ "side-channel": "^1.1.0" + }, + "engines": { + "node": ">=0.6" ++ }, ++ "funding": { ++ "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/queue-microtask": { + "version": "1.2.3", + "resolved": "https://registry.npmjs.org/queue-microtask/-/queue-microtask-1.2.3.tgz", +- "integrity": "sha512-NuaNSa6flKT5JaSYQzJok04JzTL1CA6aGhv5rfLW3PgqA+M2ChpZQnAC8h8i4ZFkBS8X5RqkDBHA7r4hej3K9A==" ++ "integrity": "sha512-NuaNSa6flKT5JaSYQzJok04JzTL1CA6aGhv5rfLW3PgqA+M2ChpZQnAC8h8i4ZFkBS8X5RqkDBHA7r4hej3K9A==", ++ "funding": [ ++ { ++ "type": "github", ++ "url": "https://github.com/sponsors/feross" ++ }, ++ { ++ "type": "patreon", ++ "url": "https://www.patreon.com/feross" ++ }, ++ { ++ "type": "consulting", ++ "url": "https://feross.org/support" ++ } ++ ], ++ "license": "MIT" + }, + "node_modules/quick-lru": { + "version": "5.1.1", + "resolved": "https://registry.npmjs.org/quick-lru/-/quick-lru-5.1.1.tgz", + "integrity": "sha512-WuyALRjWPDGtt/wzJiadO5AXY+8hZ80hVpe6MyivgraREW751X3SbhRvG3eLKOYN+8VEvqLcf3wdnt44Z4S4SA==", ++ "license": "MIT", + "engines": { + "node": ">=10" ++ }, ++ "funding": { ++ "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/range-parser": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz", + "integrity": "sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg==", ++ "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/raw-body": { +- "version": "2.5.2", +- "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.2.tgz", +- "integrity": "sha512-8zGqypfENjCIqGhgXToC8aB2r7YrBX+AQAfIPs/Mlk+BtPTztOvTS01NRW/3Eh60J+a48lt8qsCzirQ6loCVfA==", ++ "version": "2.5.3", ++ "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.3.tgz", ++ "integrity": "sha512-s4VSOf6yN0rvbRZGxs8Om5CWj6seneMwK3oDb4lWDH0UPhWcxwOWw5+qk24bxq87szX1ydrwylIOp2uG1ojUpA==", ++ "license": "MIT", + "dependencies": { +- "bytes": "3.1.2", +- "http-errors": "2.0.0", +- "iconv-lite": "0.4.24", +- "unpipe": "1.0.0" ++ "bytes": "~3.1.2", ++ "http-errors": "~2.0.1", ++ "iconv-lite": "~0.4.24", ++ "unpipe": "~1.0.0" + }, + "engines": { + "node": ">= 0.8" +@@ -2837,6 +3249,7 @@ + "version": "1.2.8", + "resolved": "https://registry.npmjs.org/rc/-/rc-1.2.8.tgz", + "integrity": "sha512-y3bGgqKj3QBdxLbLkomlohkvsA8gdAiUQlSBJnBhfn+BPxg4bc62d8TcBW15wavDfgexCgccckhcZvywyQYPOw==", ++ "license": "(BSD-2-Clause OR MIT OR Apache-2.0)", + "dependencies": { + "deep-extend": "^0.6.0", + "ini": "~1.3.0", +@@ -2851,6 +3264,7 @@ + "version": "3.6.2", + "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-3.6.2.tgz", + "integrity": "sha512-9u/sniCrY3D5WdsERHzHE4G2YCXqoG5FTHUiCC4SIbr6XcLZBY05ya9EKjYek9O5xOAwjGq+1JdGBAS7Q9ScoA==", ++ "license": "MIT", + "dependencies": { + "inherits": "^2.0.3", + "string_decoder": "^1.1.1", +@@ -2864,16 +3278,18 @@ + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/require-from-string/-/require-from-string-2.0.2.tgz", + "integrity": "sha512-Xf0nWe6RseziFMu+Ap9biiUbmplq6S9/p+7w7YXP/JBHhrUDDUhwa+vANyubuqfZWTveU//DYVGsDG7RKL/vEw==", ++ "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/resolve": { +- "version": "1.22.10", +- "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.22.10.tgz", +- "integrity": "sha512-NPRy+/ncIMeDlTAsuqwKIiferiawhefFJtkNSW0qZJEqMEb+qBt/77B/jGeeek+F0uOeN05CDa6HXbbIgtVX4w==", ++ "version": "1.22.11", ++ "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.22.11.tgz", ++ "integrity": "sha512-RfqAvLnMl313r7c9oclB1HhUEAezcpLjz95wFH4LVuhk9JF/r22qmVP9AMmOU4vMX7Q8pN8jwNg/CSpdFnMjTQ==", ++ "license": "MIT", + "dependencies": { +- "is-core-module": "^2.16.0", ++ "is-core-module": "^2.16.1", + "path-parse": "^1.0.7", + "supports-preserve-symlinks-flag": "^1.0.0" + }, +@@ -2882,39 +3298,50 @@ + }, + "engines": { + "node": ">= 0.4" ++ }, ++ "funding": { ++ "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/resolve-alpn": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/resolve-alpn/-/resolve-alpn-1.2.1.tgz", +- "integrity": "sha512-0a1F4l73/ZFZOakJnQ3FvkJ2+gSTQWz/r2KE5OdDY0TxPm5h4GkqkWWfM47T7HsbnOtcJVEF4epCVy6u7Q3K+g==" ++ "integrity": "sha512-0a1F4l73/ZFZOakJnQ3FvkJ2+gSTQWz/r2KE5OdDY0TxPm5h4GkqkWWfM47T7HsbnOtcJVEF4epCVy6u7Q3K+g==", ++ "license": "MIT" + }, + "node_modules/responselike": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/responselike/-/responselike-2.0.1.tgz", + "integrity": "sha512-4gl03wn3hj1HP3yzgdI7d3lCkF95F21Pz4BPGvKHinyQzALR5CapwC8yIi0Rh58DEMQ/SguC03wFj2k0M/mHhw==", ++ "license": "MIT", + "dependencies": { + "lowercase-keys": "^2.0.0" ++ }, ++ "funding": { ++ "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/retry": { + "version": "0.12.0", + "resolved": "https://registry.npmjs.org/retry/-/retry-0.12.0.tgz", + "integrity": "sha512-9LkiTwjUh6rT555DtE9rTX+BKByPfrMzEAtnlEtdEwr3Nkffwiihqe2bWADg+OQRjt9gl6ICdmB/ZFDCGAtSow==", ++ "license": "MIT", + "optional": true, + "engines": { + "node": ">= 4" + } + }, + "node_modules/retry-as-promised": { +- "version": "7.1.0", +- "resolved": "https://registry.npmjs.org/retry-as-promised/-/retry-as-promised-7.1.0.tgz", +- "integrity": "sha512-LXCQasDZ+bwxs0+iqxy2Q2jfpLs/vkdP5kTAICCIxwhno8Abjcmy7aAIVx6aunJgbiqreWGoapX8guMWwRGajA==" ++ "version": "7.1.1", ++ "resolved": "https://registry.npmjs.org/retry-as-promised/-/retry-as-promised-7.1.1.tgz", ++ "integrity": "sha512-hMD7odLOt3LkTjcif8aRZqi/hybjpLNgSk5oF5FCowfCjok6LukpN2bDX7R5wDmbgBQFn7YoBxSagmtXHaJYJw==", ++ "license": "MIT" + }, + "node_modules/reusify": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/reusify/-/reusify-1.1.0.tgz", + "integrity": "sha512-g6QUff04oZpHs0eG5p83rFLhHeV00ug/Yf9nZM6fLeUrPguBTkTQOdpAWWspMh55TZfVQDPaN3NQJfbVRAxdIw==", ++ "license": "MIT", + "engines": { + "iojs": ">=1.0.0", + "node": ">=0.10.0" +@@ -2925,18 +3352,37 @@ + "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-3.0.2.tgz", + "integrity": "sha512-JZkJMZkAGFFPP2YqXZXPbMlMBgsxzE8ILs4lMIX/2o0L9UBw9O/Y3o6wFw/i9YLapcUJWwqbi3kdxIPdC62TIA==", + "deprecated": "Rimraf versions prior to v4 are no longer supported", ++ "license": "ISC", + "optional": true, + "dependencies": { + "glob": "^7.1.3" + }, + "bin": { + "rimraf": "bin.js" ++ }, ++ "funding": { ++ "url": "https://github.com/sponsors/isaacs" + } + }, + "node_modules/run-parallel": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/run-parallel/-/run-parallel-1.2.0.tgz", + "integrity": "sha512-5l4VyZR86LZ/lDxZTR6jqL8AFE2S0IFLMP26AbjsLVADxHdhB/c0GUsH+y39UfCi3dzz8OlQuPmnaJOMoDHQBA==", ++ "funding": [ ++ { ++ "type": "github", ++ "url": "https://github.com/sponsors/feross" ++ }, ++ { ++ "type": "patreon", ++ "url": "https://www.patreon.com/feross" ++ }, ++ { ++ "type": "consulting", ++ "url": "https://feross.org/support" ++ } ++ ], ++ "license": "MIT", + "dependencies": { + "queue-microtask": "^1.2.2" + } +@@ -2944,12 +3390,28 @@ + "node_modules/safe-buffer": { + "version": "5.2.1", + "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz", +- "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==" ++ "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==", ++ "funding": [ ++ { ++ "type": "github", ++ "url": "https://github.com/sponsors/feross" ++ }, ++ { ++ "type": "patreon", ++ "url": "https://www.patreon.com/feross" ++ }, ++ { ++ "type": "consulting", ++ "url": "https://feross.org/support" ++ } ++ ], ++ "license": "MIT" + }, + "node_modules/safe-stable-stringify": { + "version": "2.5.0", + "resolved": "https://registry.npmjs.org/safe-stable-stringify/-/safe-stable-stringify-2.5.0.tgz", + "integrity": "sha512-b3rppTKm9T+PsVCBEOUR46GWI7fdOs00VKZ1+9c1EWDaDMvjQc6tUwuFyIprgGgTcWoVHSKrU8H31ZHA2e0RHA==", ++ "license": "MIT", + "engines": { + "node": ">=10" + } +@@ -2957,25 +3419,28 @@ + "node_modules/safer-buffer": { + "version": "2.1.2", + "resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz", +- "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==" ++ "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==", ++ "license": "MIT" + }, + "node_modules/semver": { + "version": "5.7.2", + "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.2.tgz", + "integrity": "sha512-cBznnQ9KjJqU67B52RMC65CMarK2600WFnbkcaiwWq3xy/5haFJlshgnpjovMVJ+Hff49d8GEn0b87C5pDQ10g==", ++ "license": "ISC", + "bin": { + "semver": "bin/semver" + } + }, + "node_modules/send": { +- "version": "0.19.0", +- "resolved": "https://registry.npmjs.org/send/-/send-0.19.0.tgz", +- "integrity": "sha512-dW41u5VfLXu8SJh5bwRmyYUbAoSB3c9uQh6L8h/KtsFREPWpbX1lrljJo186Jc4nmci/sGUZ9a0a0J2zgfq2hw==", ++ "version": "0.19.1", ++ "resolved": "https://registry.npmjs.org/send/-/send-0.19.1.tgz", ++ "integrity": "sha512-p4rRk4f23ynFEfcD9LA0xRYngj+IyGiEYyqqOak8kaN0TvNmuxC2dcVeBn62GpCeR2CpWqyHCNScTP91QbAVFg==", ++ "license": "MIT", + "dependencies": { + "debug": "2.6.9", + "depd": "2.0.0", + "destroy": "1.2.0", +- "encodeurl": "~1.0.2", ++ "encodeurl": "~2.0.0", + "escape-html": "~1.0.3", + "etag": "~1.8.1", + "fresh": "0.5.2", +@@ -2990,10 +3455,18 @@ + "node": ">= 0.8.0" + } + }, +- "node_modules/send/node_modules/encodeurl": { +- "version": "1.0.2", +- "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-1.0.2.tgz", +- "integrity": "sha512-TPJXq8JqFaVYm2CWmPvnP2Iyo4ZSM7/QKcSmuMLDObfpH5fi7RUGmd/rTDf+rut/saiDiQEeVTNgAmJEdAOx0w==", ++ "node_modules/send/node_modules/http-errors": { ++ "version": "2.0.0", ++ "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-2.0.0.tgz", ++ "integrity": "sha512-FtwrG/euBzaEjYeRqOgly7G0qviiXoJWnvEH2Z1plBdXgbyjv34pHTSb9zoeHMyDy33+DWy5Wt9Wo+TURtOYSQ==", ++ "license": "MIT", ++ "dependencies": { ++ "depd": "2.0.0", ++ "inherits": "2.0.4", ++ "setprototypeof": "1.2.0", ++ "statuses": "2.0.1", ++ "toidentifier": "1.0.1" ++ }, + "engines": { + "node": ">= 0.8" + } +@@ -3001,7 +3474,17 @@ + "node_modules/send/node_modules/ms": { + "version": "2.1.3", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", +- "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==" ++ "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==", ++ "license": "MIT" ++ }, ++ "node_modules/send/node_modules/statuses": { ++ "version": "2.0.1", ++ "resolved": "https://registry.npmjs.org/statuses/-/statuses-2.0.1.tgz", ++ "integrity": "sha512-RwNA9Z/7PrK06rYLIzFMlaF+l73iwpzsqRIFgbMLbTcLD6cOao82TaWefPXQvB2fOC4AjuYSEndS7N/mTCbkdQ==", ++ "license": "MIT", ++ "engines": { ++ "node": ">= 0.8" ++ } + }, + "node_modules/seq-queue": { + "version": "0.0.5", +@@ -3009,9 +3492,16 @@ + "integrity": "sha512-hr3Wtp/GZIc/6DAGPDcV4/9WoZhjrkXsi5B/07QgX8tsdc6ilr7BFM6PM6rbdAX1kFSDYeZGLipIZZKyQP0O5Q==" + }, + "node_modules/sequelize": { +- "version": "6.37.5", +- "resolved": "https://registry.npmjs.org/sequelize/-/sequelize-6.37.5.tgz", +- "integrity": "sha512-10WA4poUb3XWnUROThqL2Apq9C2NhyV1xHPMZuybNMCucDsbbFuKg51jhmyvvAUyUqCiimwTZamc3AHhMoBr2Q==", ++ "version": "6.37.7", ++ "resolved": "https://registry.npmjs.org/sequelize/-/sequelize-6.37.7.tgz", ++ "integrity": "sha512-mCnh83zuz7kQxxJirtFD7q6Huy6liPanI67BSlbzSYgVNl5eXVdE2CN1FuAeZwG1SNpGsNRCV+bJAVVnykZAFA==", ++ "funding": [ ++ { ++ "type": "opencollective", ++ "url": "https://opencollective.com/sequelize" ++ } ++ ], ++ "license": "MIT", + "dependencies": { + "@types/debug": "^4.1.8", + "@types/validator": "^13.7.17", +@@ -3067,14 +3557,16 @@ + "version": "7.1.0", + "resolved": "https://registry.npmjs.org/sequelize-pool/-/sequelize-pool-7.1.0.tgz", + "integrity": "sha512-G9c0qlIWQSK29pR/5U2JF5dDQeqqHRragoyahj/Nx4KOOQ3CPPfzxnfqFPCSB7x5UgjOgnZ61nSxz+fjDpRlJg==", ++ "license": "MIT", + "engines": { + "node": ">= 10.0.0" + } + }, + "node_modules/sequelize/node_modules/debug": { +- "version": "4.4.0", +- "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.0.tgz", +- "integrity": "sha512-6WTZ/IxCY/T6BALoZHaE4ctp9xm+Z5kY/pzYaCHRFeyVhojxlrm+46y68HA6hr0TcwEssoxNiDEUJQjfPZ/RYA==", ++ "version": "4.4.3", ++ "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.3.tgz", ++ "integrity": "sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA==", ++ "license": "MIT", + "dependencies": { + "ms": "^2.1.3" + }, +@@ -3090,12 +3582,14 @@ + "node_modules/sequelize/node_modules/ms": { + "version": "2.1.3", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", +- "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==" ++ "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==", ++ "license": "MIT" + }, + "node_modules/sequelize/node_modules/semver": { +- "version": "7.7.1", +- "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.1.tgz", +- "integrity": "sha512-hlq8tAfn0m/61p4BVRcPzIGr6LKiMwo4VM6dGi6pt4qcRkmNzTcWq6eCEjEh+qXjkMDvPlOFFSGwQjoEa6gyMA==", ++ "version": "7.7.3", ++ "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.3.tgz", ++ "integrity": "sha512-SdsKMrI9TdgjdweUSR9MweHA4EJ8YxHn8DFaDisvhVlUOe4BF1tLD7GAj0lIqWVl+dPb/rExr0Btby5loQm20Q==", ++ "license": "ISC", + "bin": { + "semver": "bin/semver.js" + }, +@@ -3107,6 +3601,7 @@ + "version": "1.16.2", + "resolved": "https://registry.npmjs.org/serve-static/-/serve-static-1.16.2.tgz", + "integrity": "sha512-VqpjJZKadQB/PEbEwvFdO43Ax5dFBZ2UECszz8bQ7pi7wt//PWe1P6MN7eCnjsatYtBT6EuiClbjSWP2WrIoTw==", ++ "license": "MIT", + "dependencies": { + "encodeurl": "~2.0.0", + "escape-html": "~1.0.3", +@@ -3117,26 +3612,94 @@ + "node": ">= 0.8.0" + } + }, ++ "node_modules/serve-static/node_modules/http-errors": { ++ "version": "2.0.0", ++ "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-2.0.0.tgz", ++ "integrity": "sha512-FtwrG/euBzaEjYeRqOgly7G0qviiXoJWnvEH2Z1plBdXgbyjv34pHTSb9zoeHMyDy33+DWy5Wt9Wo+TURtOYSQ==", ++ "license": "MIT", ++ "dependencies": { ++ "depd": "2.0.0", ++ "inherits": "2.0.4", ++ "setprototypeof": "1.2.0", ++ "statuses": "2.0.1", ++ "toidentifier": "1.0.1" ++ }, ++ "engines": { ++ "node": ">= 0.8" ++ } ++ }, ++ "node_modules/serve-static/node_modules/ms": { ++ "version": "2.1.3", ++ "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", ++ "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==", ++ "license": "MIT" ++ }, ++ "node_modules/serve-static/node_modules/send": { ++ "version": "0.19.0", ++ "resolved": "https://registry.npmjs.org/send/-/send-0.19.0.tgz", ++ "integrity": "sha512-dW41u5VfLXu8SJh5bwRmyYUbAoSB3c9uQh6L8h/KtsFREPWpbX1lrljJo186Jc4nmci/sGUZ9a0a0J2zgfq2hw==", ++ "license": "MIT", ++ "dependencies": { ++ "debug": "2.6.9", ++ "depd": "2.0.0", ++ "destroy": "1.2.0", ++ "encodeurl": "~1.0.2", ++ "escape-html": "~1.0.3", ++ "etag": "~1.8.1", ++ "fresh": "0.5.2", ++ "http-errors": "2.0.0", ++ "mime": "1.6.0", ++ "ms": "2.1.3", ++ "on-finished": "2.4.1", ++ "range-parser": "~1.2.1", ++ "statuses": "2.0.1" ++ }, ++ "engines": { ++ "node": ">= 0.8.0" ++ } ++ }, ++ "node_modules/serve-static/node_modules/send/node_modules/encodeurl": { ++ "version": "1.0.2", ++ "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-1.0.2.tgz", ++ "integrity": "sha512-TPJXq8JqFaVYm2CWmPvnP2Iyo4ZSM7/QKcSmuMLDObfpH5fi7RUGmd/rTDf+rut/saiDiQEeVTNgAmJEdAOx0w==", ++ "license": "MIT", ++ "engines": { ++ "node": ">= 0.8" ++ } ++ }, ++ "node_modules/serve-static/node_modules/statuses": { ++ "version": "2.0.1", ++ "resolved": "https://registry.npmjs.org/statuses/-/statuses-2.0.1.tgz", ++ "integrity": "sha512-RwNA9Z/7PrK06rYLIzFMlaF+l73iwpzsqRIFgbMLbTcLD6cOao82TaWefPXQvB2fOC4AjuYSEndS7N/mTCbkdQ==", ++ "license": "MIT", ++ "engines": { ++ "node": ">= 0.8" ++ } ++ }, + "node_modules/set-blocking": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/set-blocking/-/set-blocking-2.0.0.tgz", + "integrity": "sha512-KiKBS8AnWGEyLzofFfmvKwpdPzqiy16LvQfK3yv/fVH7Bj13/wl3JSR1J+rfgRE9q7xUJK4qvgS8raSOeLUehw==", ++ "license": "ISC", + "optional": true + }, + "node_modules/setprototypeof": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.2.0.tgz", +- "integrity": "sha512-E5LDX7Wrp85Kil5bhZv46j8jOeboKq5JMmYM3gVGdGH8xFpPWXUMsNrlODCrkoxMEeNi/XZIwuRvY4XNwYMJpw==" ++ "integrity": "sha512-E5LDX7Wrp85Kil5bhZv46j8jOeboKq5JMmYM3gVGdGH8xFpPWXUMsNrlODCrkoxMEeNi/XZIwuRvY4XNwYMJpw==", ++ "license": "ISC" + }, + "node_modules/shimmer": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/shimmer/-/shimmer-1.2.1.tgz", +- "integrity": "sha512-sQTKC1Re/rM6XyFM6fIAGHRPVGvyXfgzIDvzoq608vM+jeyVD0Tu1E6Np0Kc2zAIFWIj963V2800iF/9LPieQw==" ++ "integrity": "sha512-sQTKC1Re/rM6XyFM6fIAGHRPVGvyXfgzIDvzoq608vM+jeyVD0Tu1E6Np0Kc2zAIFWIj963V2800iF/9LPieQw==", ++ "license": "BSD-2-Clause" + }, + "node_modules/side-channel": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/side-channel/-/side-channel-1.1.0.tgz", + "integrity": "sha512-ZX99e6tRweoUXqR+VBrslhda51Nh5MTQwou5tnUDgbtyM0dBgmhEDtWGP/xbKn6hqfPRHujUNwz5fy/wbbhnpw==", ++ "license": "MIT", + "dependencies": { + "es-errors": "^1.3.0", + "object-inspect": "^1.13.3", +@@ -3146,24 +3709,32 @@ + }, + "engines": { + "node": ">= 0.4" ++ }, ++ "funding": { ++ "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/side-channel-list": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/side-channel-list/-/side-channel-list-1.0.0.tgz", + "integrity": "sha512-FCLHtRD/gnpCiCHEiJLOwdmFP+wzCmDEkc9y7NsYxeF4u7Btsn1ZuwgwJGxImImHicJArLP4R0yX4c2KCrMrTA==", ++ "license": "MIT", + "dependencies": { + "es-errors": "^1.3.0", + "object-inspect": "^1.13.3" + }, + "engines": { + "node": ">= 0.4" ++ }, ++ "funding": { ++ "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/side-channel-map": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/side-channel-map/-/side-channel-map-1.0.1.tgz", + "integrity": "sha512-VCjCNfgMsby3tTdo02nbjtM/ewra6jPHmpThenkTYh8pG9ucZ/1P8So4u4FGBek/BjpOVsDCMoLA/iuBKIFXRA==", ++ "license": "MIT", + "dependencies": { + "call-bound": "^1.0.2", + "es-errors": "^1.3.0", +@@ -3172,12 +3743,16 @@ + }, + "engines": { + "node": ">= 0.4" ++ }, ++ "funding": { ++ "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/side-channel-weakmap": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/side-channel-weakmap/-/side-channel-weakmap-1.0.2.tgz", + "integrity": "sha512-WPS/HvHQTYnHisLo9McqBHOJk2FkHO/tlpvldyrnem4aeQp4hai3gythswg6p01oSoTl58rcpiFAjF2br2Ak2A==", ++ "license": "MIT", + "dependencies": { + "call-bound": "^1.0.2", + "es-errors": "^1.3.0", +@@ -3187,41 +3762,68 @@ + }, + "engines": { + "node": ">= 0.4" ++ }, ++ "funding": { ++ "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/signal-exit": { + "version": "3.0.7", + "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.7.tgz", + "integrity": "sha512-wnD2ZE+l+SPC/uoS0vXeE9L1+0wuaMqKlfz9AMUo38JsyLSBWSFcHR1Rri62LZc12vLr1gb3jl7iwQhgwpAbGQ==", ++ "license": "ISC", + "optional": true + }, + "node_modules/simple-concat": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/simple-concat/-/simple-concat-1.0.1.tgz", +- "integrity": "sha512-cSFtAPtRhljv69IK0hTVZQ+OfE9nePi/rtJmw5UjHeVyVroEqJXP1sFztKUy1qU+xvz3u/sfYJLa947b7nAN2Q==" ++ "integrity": "sha512-cSFtAPtRhljv69IK0hTVZQ+OfE9nePi/rtJmw5UjHeVyVroEqJXP1sFztKUy1qU+xvz3u/sfYJLa947b7nAN2Q==", ++ "funding": [ ++ { ++ "type": "github", ++ "url": "https://github.com/sponsors/feross" ++ }, ++ { ++ "type": "patreon", ++ "url": "https://www.patreon.com/feross" ++ }, ++ { ++ "type": "consulting", ++ "url": "https://feross.org/support" ++ } ++ ], ++ "license": "MIT" + }, + "node_modules/simple-get": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/simple-get/-/simple-get-4.0.1.tgz", + "integrity": "sha512-brv7p5WgH0jmQJr1ZDDfKDOSeWWg+OVypG99A/5vYGPqJ6pxiaHLy8nxtFjBA7oMa01ebA9gfh1uMCFqOuXxvA==", ++ "funding": [ ++ { ++ "type": "github", ++ "url": "https://github.com/sponsors/feross" ++ }, ++ { ++ "type": "patreon", ++ "url": "https://www.patreon.com/feross" ++ }, ++ { ++ "type": "consulting", ++ "url": "https://feross.org/support" ++ } ++ ], ++ "license": "MIT", + "dependencies": { + "decompress-response": "^6.0.0", + "once": "^1.3.1", + "simple-concat": "^1.0.0" + } + }, +- "node_modules/simple-swizzle": { +- "version": "0.2.2", +- "resolved": "https://registry.npmjs.org/simple-swizzle/-/simple-swizzle-0.2.2.tgz", +- "integrity": "sha512-JA//kQgZtbuY83m+xT+tXJkmJncGMTFT+C+g2h2R9uxkYIrE2yy9sgmcLhCnw57/WSD+Eh3J97FPEDFnbXnDUg==", +- "dependencies": { +- "is-arrayish": "^0.3.1" +- } +- }, + "node_modules/smart-buffer": { + "version": "4.2.0", + "resolved": "https://registry.npmjs.org/smart-buffer/-/smart-buffer-4.2.0.tgz", + "integrity": "sha512-94hK0Hh8rPqQl2xXc3HsaBoOXKV20MToPkcXvwbISWLEs+64sBq5kFgn2kJDHb1Pry9yrP0dxrCI9RRci7RXKg==", ++ "license": "MIT", + "optional": true, + "engines": { + "node": ">= 6.0.0", +@@ -3229,12 +3831,13 @@ + } + }, + "node_modules/socks": { +- "version": "2.8.4", +- "resolved": "https://registry.npmjs.org/socks/-/socks-2.8.4.tgz", +- "integrity": "sha512-D3YaD0aRxR3mEcqnidIs7ReYJFVzWdd6fXJYUM8ixcQcJRGTka/b3saV0KflYhyVJXKhb947GndU35SxYNResQ==", ++ "version": "2.8.7", ++ "resolved": "https://registry.npmjs.org/socks/-/socks-2.8.7.tgz", ++ "integrity": "sha512-HLpt+uLy/pxB+bum/9DzAgiKS8CX1EvbWxI4zlmgGCExImLdiad2iCwXT5Z4c9c3Eq8rP2318mPW2c+QbtjK8A==", ++ "license": "MIT", + "optional": true, + "dependencies": { +- "ip-address": "^9.0.5", ++ "ip-address": "^10.0.1", + "smart-buffer": "^4.2.0" + }, + "engines": { +@@ -3246,6 +3849,7 @@ + "version": "6.2.1", + "resolved": "https://registry.npmjs.org/socks-proxy-agent/-/socks-proxy-agent-6.2.1.tgz", + "integrity": "sha512-a6KW9G+6B3nWZ1yB8G7pJwL3ggLy1uTzKAgCb7ttblwqdz9fMGJUuTy3uFzEP48FAs9FLILlmzDlE2JJhVQaXQ==", ++ "license": "MIT", + "optional": true, + "dependencies": { + "agent-base": "^6.0.2", +@@ -3257,9 +3861,10 @@ + } + }, + "node_modules/socks-proxy-agent/node_modules/debug": { +- "version": "4.4.0", +- "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.0.tgz", +- "integrity": "sha512-6WTZ/IxCY/T6BALoZHaE4ctp9xm+Z5kY/pzYaCHRFeyVhojxlrm+46y68HA6hr0TcwEssoxNiDEUJQjfPZ/RYA==", ++ "version": "4.4.3", ++ "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.3.tgz", ++ "integrity": "sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA==", ++ "license": "MIT", + "optional": true, + "dependencies": { + "ms": "^2.1.3" +@@ -3277,24 +3882,27 @@ + "version": "2.1.3", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", + "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==", ++ "license": "MIT", + "optional": true + }, + "node_modules/sorted-array-functions": { + "version": "1.3.0", + "resolved": "https://registry.npmjs.org/sorted-array-functions/-/sorted-array-functions-1.3.0.tgz", +- "integrity": "sha512-2sqgzeFlid6N4Z2fUQ1cvFmTOLRi/sEDzSQ0OKYchqgoPmQBVyM3959qYx3fpS6Esef80KjmpgPeEr028dP3OA==" ++ "integrity": "sha512-2sqgzeFlid6N4Z2fUQ1cvFmTOLRi/sEDzSQ0OKYchqgoPmQBVyM3959qYx3fpS6Esef80KjmpgPeEr028dP3OA==", ++ "license": "MIT" + }, + "node_modules/sprintf-js": { +- "version": "1.1.3", +- "resolved": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.1.3.tgz", +- "integrity": "sha512-Oo+0REFV59/rz3gfJNKQiBlwfHaSESl1pcGyABQsnnIfWOFt6JNj5gCog2U6MLZ//IGYD+nA8nI+mTShREReaA==", +- "optional": true ++ "version": "1.0.3", ++ "resolved": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz", ++ "integrity": "sha512-D9cPgkvLlV3t3IzL0D0YLvGA9Ahk4PcvVwUbN0dSGr1aP0Nrt4AEnTUbuGvquEC0mA64Gqt1fzirlRs5ibXx8g==", ++ "license": "BSD-3-Clause" + }, + "node_modules/sqlite3": { + "version": "5.1.7", + "resolved": "https://registry.npmjs.org/sqlite3/-/sqlite3-5.1.7.tgz", + "integrity": "sha512-GGIyOiFaG+TUra3JIfkI/zGP8yZYLPQ0pl1bH+ODjiX57sPhrLU5sQJn1y9bDKZUFYkX1crlrPfSYt0BKKdkog==", + "hasInstallScript": true, ++ "license": "BSD-3-Clause", + "dependencies": { + "bindings": "^1.5.0", + "node-addon-api": "^7.0.0", +@@ -3317,6 +3925,7 @@ + "version": "2.3.3", + "resolved": "https://registry.npmjs.org/sqlstring/-/sqlstring-2.3.3.tgz", + "integrity": "sha512-qC9iz2FlN7DQl3+wjwn3802RTyjCx7sDvfQEXchwa6CWOx07/WVfh91gBmQ9fahw8snwGEWU3xGzOt4tFyHLxg==", ++ "license": "MIT", + "engines": { + "node": ">= 0.6" + } +@@ -3325,6 +3934,7 @@ + "version": "8.0.1", + "resolved": "https://registry.npmjs.org/ssri/-/ssri-8.0.1.tgz", + "integrity": "sha512-97qShzy1AiyxvPNIkLWoGua7xoQzzPjQ0HAH4B0rWKo7SZ6USuPcrUiAFrws0UH8RrbWmgq3LMTObhPIHbbBeQ==", ++ "license": "ISC", + "optional": true, + "dependencies": { + "minipass": "^3.1.1" +@@ -3336,20 +3946,23 @@ + "node_modules/stack-chain": { + "version": "1.3.7", + "resolved": "https://registry.npmjs.org/stack-chain/-/stack-chain-1.3.7.tgz", +- "integrity": "sha512-D8cWtWVdIe/jBA7v5p5Hwl5yOSOrmZPWDPe2KxQ5UAGD+nxbxU0lKXA4h85Ta6+qgdKVL3vUxsbIZjc1kBG7ug==" ++ "integrity": "sha512-D8cWtWVdIe/jBA7v5p5Hwl5yOSOrmZPWDPe2KxQ5UAGD+nxbxU0lKXA4h85Ta6+qgdKVL3vUxsbIZjc1kBG7ug==", ++ "license": "MIT" + }, + "node_modules/stack-trace": { + "version": "0.0.10", + "resolved": "https://registry.npmjs.org/stack-trace/-/stack-trace-0.0.10.tgz", + "integrity": "sha512-KGzahc7puUKkzyMt+IqAep+TVNbKP+k2Lmwhub39m1AsTSkaDutx56aDCo+HLDzf/D26BIHTJWNiTG1KAJiQCg==", ++ "license": "MIT", + "engines": { + "node": "*" + } + }, + "node_modules/statuses": { +- "version": "2.0.1", +- "resolved": "https://registry.npmjs.org/statuses/-/statuses-2.0.1.tgz", +- "integrity": "sha512-RwNA9Z/7PrK06rYLIzFMlaF+l73iwpzsqRIFgbMLbTcLD6cOao82TaWefPXQvB2fOC4AjuYSEndS7N/mTCbkdQ==", ++ "version": "2.0.2", ++ "resolved": "https://registry.npmjs.org/statuses/-/statuses-2.0.2.tgz", ++ "integrity": "sha512-DvEy55V3DB7uknRo+4iOGT5fP1slR8wQohVdknigZPMpMstaKJQWhwiYBACJE3Ul2pTnATihhBYnRhZQHGBiRw==", ++ "license": "MIT", + "engines": { + "node": ">= 0.8" + } +@@ -3358,6 +3971,7 @@ + "version": "1.3.0", + "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.3.0.tgz", + "integrity": "sha512-hkRX8U1WjJFd8LsDJ2yQ/wWWxaopEsABU1XfkM8A+j0+85JAGppt16cr1Whg6KIbb4okU6Mql6BOj+uup/wKeA==", ++ "license": "MIT", + "dependencies": { + "safe-buffer": "~5.2.0" + } +@@ -3366,6 +3980,7 @@ + "version": "0.3.2", + "resolved": "https://registry.npmjs.org/string-argv/-/string-argv-0.3.2.tgz", + "integrity": "sha512-aqD2Q0144Z+/RqG52NeHEkZauTAUWJO8c6yTftGJKO3Tja5tUgIfmIl6kExvhtxSDP7fXB6DvzkfMpCd/F3G+Q==", ++ "license": "MIT", + "engines": { + "node": ">=0.6.19" + } +@@ -3374,6 +3989,7 @@ + "version": "4.2.3", + "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", + "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==", ++ "license": "MIT", + "optional": true, + "dependencies": { + "emoji-regex": "^8.0.0", +@@ -3388,6 +4004,7 @@ + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", + "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==", ++ "license": "MIT", + "optional": true, + "dependencies": { + "ansi-regex": "^5.0.1" +@@ -3400,6 +4017,7 @@ + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-2.0.1.tgz", + "integrity": "sha512-4gB8na07fecVVkOI6Rs4e7T6NOTki5EmL7TUduTs6bu3EdnSycntVJ4re8kgZA+wx9IueI2Y11bfbgwtzuE0KQ==", ++ "license": "MIT", + "engines": { + "node": ">=0.10.0" + } +@@ -3408,25 +4026,34 @@ + "version": "8.1.1", + "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-8.1.1.tgz", + "integrity": "sha512-MpUEN2OodtUzxvKQl72cUF7RQ5EiHsGvSsVG0ia9c5RbWGL2CI4C7EpPS8UTBIplnlzZiNuV56w+FuNxy3ty2Q==", ++ "license": "MIT", + "dependencies": { + "has-flag": "^4.0.0" + }, + "engines": { + "node": ">=10" ++ }, ++ "funding": { ++ "url": "https://github.com/chalk/supports-color?sponsor=1" + } + }, + "node_modules/supports-preserve-symlinks-flag": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/supports-preserve-symlinks-flag/-/supports-preserve-symlinks-flag-1.0.0.tgz", + "integrity": "sha512-ot0WnXS9fgdkgIcePe6RHNk1WA8+muPa6cSjeR3V8K27q9BB1rTE3R1p7Hv0z1ZyAc8s6Vvv8DIyWf681MAt0w==", ++ "license": "MIT", + "engines": { + "node": ">= 0.4" ++ }, ++ "funding": { ++ "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/tar": { + "version": "6.2.1", + "resolved": "https://registry.npmjs.org/tar/-/tar-6.2.1.tgz", + "integrity": "sha512-DZ4yORTwrbTj/7MZYq2w+/ZFdI6OZ/f9SFHR+71gIVUZhOQPHzVCLpvRnPgyaMpfWxxk/4ONva3GQSyNIKRv6A==", ++ "license": "ISC", + "dependencies": { + "chownr": "^2.0.0", + "fs-minipass": "^2.0.0", +@@ -3454,12 +4081,14 @@ + "node_modules/tar-fs/node_modules/chownr": { + "version": "1.1.4", + "resolved": "https://registry.npmjs.org/chownr/-/chownr-1.1.4.tgz", +- "integrity": "sha512-jJ0bqzaylmJtVnNgzTeSOs8DPavpbYgEr/b0YL8/2GO3xJEhInFmhKMUnEJQjZumK7KXGFhUy89PrsJWlakBVg==" ++ "integrity": "sha512-jJ0bqzaylmJtVnNgzTeSOs8DPavpbYgEr/b0YL8/2GO3xJEhInFmhKMUnEJQjZumK7KXGFhUy89PrsJWlakBVg==", ++ "license": "ISC" + }, + "node_modules/tar-stream": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/tar-stream/-/tar-stream-2.2.0.tgz", + "integrity": "sha512-ujeqbceABgwMZxEJnk2HDY2DlnUZ+9oEcb1KzTVfYHio0UE6dG71n60d8D2I4qNvleWrrXpmjpt7vZeF1LnMZQ==", ++ "license": "MIT", + "dependencies": { + "bl": "^4.0.3", + "end-of-stream": "^1.4.1", +@@ -3475,6 +4104,7 @@ + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/minipass/-/minipass-5.0.0.tgz", + "integrity": "sha512-3FnjYuehv9k6ovOEbyOswadCDPX1piCfhV8ncmYtHOjuPwylVWsghTLo7rabjC3Rx5xD4HDx8Wm1xnMF7S5qFQ==", ++ "license": "ISC", + "engines": { + "node": ">=8" + } +@@ -3482,12 +4112,14 @@ + "node_modules/text-hex": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/text-hex/-/text-hex-1.0.0.tgz", +- "integrity": "sha512-uuVGNWzgJ4yhRaNSiubPY7OjISw4sw4E5Uv0wbjp+OzcbmVU/rsT8ujgcXJhn9ypzsgr5vlzpPqP+MBBKcGvbg==" ++ "integrity": "sha512-uuVGNWzgJ4yhRaNSiubPY7OjISw4sw4E5Uv0wbjp+OzcbmVU/rsT8ujgcXJhn9ypzsgr5vlzpPqP+MBBKcGvbg==", ++ "license": "MIT" + }, + "node_modules/to-regex-range": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz", + "integrity": "sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==", ++ "license": "MIT", + "dependencies": { + "is-number": "^7.0.0" + }, +@@ -3499,6 +4131,7 @@ + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/toidentifier/-/toidentifier-1.0.1.tgz", + "integrity": "sha512-o5sSPKEkg/DIQNmH43V0/uerLrpzVedkUh8tGNvaeXpfpuwjKenlSox/2O/BTlZUtEe+JG7s5YhEz608PlAHRA==", ++ "license": "MIT", + "engines": { + "node": ">=0.6" + } +@@ -3506,12 +4139,14 @@ + "node_modules/toposort-class": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/toposort-class/-/toposort-class-1.0.1.tgz", +- "integrity": "sha512-OsLcGGbYF3rMjPUf8oKktyvCiUxSbqMMS39m33MAjLTC1DVIH6x3WSt63/M77ihI09+Sdfk1AXvfhCEeUmC7mg==" ++ "integrity": "sha512-OsLcGGbYF3rMjPUf8oKktyvCiUxSbqMMS39m33MAjLTC1DVIH6x3WSt63/M77ihI09+Sdfk1AXvfhCEeUmC7mg==", ++ "license": "MIT" + }, + "node_modules/triple-beam": { + "version": "1.4.1", + "resolved": "https://registry.npmjs.org/triple-beam/-/triple-beam-1.4.1.tgz", + "integrity": "sha512-aZbgViZrg1QNcG+LULa7nhZpJTZSLm/mXnHXnbAbjmN5aSa0y7V+wvv6+4WaBtpISJzThKy+PIPxc1Nq1EJ9mg==", ++ "license": "MIT", + "engines": { + "node": ">= 14.0.0" + } +@@ -3520,6 +4155,7 @@ + "version": "0.6.0", + "resolved": "https://registry.npmjs.org/tunnel-agent/-/tunnel-agent-0.6.0.tgz", + "integrity": "sha512-McnNiV1l8RYeY8tBgEpuodCC1mLUdbSN+CYBL7kJsJNInOP8UjDDEwdk6Mw60vdLLrr5NHKZhMAOSrR2NZuQ+w==", ++ "license": "Apache-2.0", + "dependencies": { + "safe-buffer": "^5.0.1" + }, +@@ -3530,20 +4166,26 @@ + "node_modules/tweetnacl": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/tweetnacl/-/tweetnacl-1.0.3.tgz", +- "integrity": "sha512-6rt+RN7aOi1nGMyC4Xa5DdYiukl2UWCbcJft7YhxReBGQD7OAM8Pbxw6YMo4r2diNEA8FEmu32YOn9rhaiE5yw==" ++ "integrity": "sha512-6rt+RN7aOi1nGMyC4Xa5DdYiukl2UWCbcJft7YhxReBGQD7OAM8Pbxw6YMo4r2diNEA8FEmu32YOn9rhaiE5yw==", ++ "license": "Unlicense" + }, + "node_modules/type-fest": { +- "version": "4.35.0", +- "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-4.35.0.tgz", +- "integrity": "sha512-2/AwEFQDFEy30iOLjrvHDIH7e4HEWH+f1Yl1bI5XMqzuoCUqwYCdxachgsgv0og/JdVZUhbfjcJAoHj5L1753A==", ++ "version": "4.41.0", ++ "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-4.41.0.tgz", ++ "integrity": "sha512-TeTSQ6H5YHvpqVwBRcnLDCBnDOHWYu7IvGbHT6N8AOymcr9PJGjc1GTtiWZTYg0NCgYwvnYWEkVChQAr9bjfwA==", ++ "license": "(MIT OR CC0-1.0)", + "engines": { + "node": ">=16" ++ }, ++ "funding": { ++ "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/type-is": { + "version": "1.6.18", + "resolved": "https://registry.npmjs.org/type-is/-/type-is-1.6.18.tgz", + "integrity": "sha512-TkRKr9sUTxEH8MdfuCSP7VizJyzRNMjj2J2do2Jr3Kym598JVdEksuzPQCnlFPW4ky9Q+iA+ma9BGm06XQBy8g==", ++ "license": "MIT", + "dependencies": { + "media-typer": "0.3.0", + "mime-types": "~2.1.24" +@@ -3556,6 +4198,7 @@ + "version": "3.8.2", + "resolved": "https://registry.npmjs.org/umzug/-/umzug-3.8.2.tgz", + "integrity": "sha512-BEWEF8OJjTYVC56GjELeHl/1XjFejrD7aHzn+HldRJTx+pL1siBrKHZC8n4K/xL3bEzVA9o++qD1tK2CpZu4KA==", ++ "license": "MIT", + "dependencies": { + "@rushstack/ts-command-line": "^4.12.2", + "emittery": "^0.13.0", +@@ -3568,14 +4211,16 @@ + } + }, + "node_modules/undici-types": { +- "version": "6.20.0", +- "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-6.20.0.tgz", +- "integrity": "sha512-Ny6QZ2Nju20vw1SRHe3d9jVu6gJ+4e3+MMpqu7pqE5HT6WsTSlce++GQmK5UXS8mzV8DSYHrQH+Xrf2jVcuKNg==" ++ "version": "7.16.0", ++ "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.16.0.tgz", ++ "integrity": "sha512-Zz+aZWSj8LE6zoxD+xrjh4VfkIG8Ya6LvYkZqtUQGJPZjYl53ypCaUwWqo7eI0x66KBGeRo+mlBEkMSeSZ38Nw==", ++ "license": "MIT" + }, + "node_modules/unique-filename": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/unique-filename/-/unique-filename-1.1.1.tgz", + "integrity": "sha512-Vmp0jIp2ln35UTXuryvjzkjGdRyf9b2lTXuSYUiPmzRcl3FDtYqAwOnTJkAngD9SWhnoJzDbTKwaOrZ+STtxNQ==", ++ "license": "ISC", + "optional": true, + "dependencies": { + "unique-slug": "^2.0.0" +@@ -3585,6 +4230,7 @@ + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/unique-slug/-/unique-slug-2.0.2.tgz", + "integrity": "sha512-zoWr9ObaxALD3DOPfjPSqxt4fnZiWblxHIgeWqW8x7UqDzEtHEQLzji2cuJYQFCU6KmoJikOYAZlrTHHebjx2w==", ++ "license": "ISC", + "optional": true, + "dependencies": { + "imurmurhash": "^0.1.4" +@@ -3594,6 +4240,7 @@ + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/universalify/-/universalify-2.0.1.tgz", + "integrity": "sha512-gptHNQghINnc/vTGIk0SOFGFNXw7JVrlRUtConJRlvaw6DuX0wO5Jeko9sWrMBhh+PsYAZ7oXAiOnf/UKogyiw==", ++ "license": "MIT", + "engines": { + "node": ">= 10.0.0" + } +@@ -3602,6 +4249,7 @@ + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz", + "integrity": "sha512-pjy2bYhSsufwWlKwPc+l3cN7+wuJlK6uz0YdJEOlQDbl6jo/YlPi4mb8agUkVC8BF7V8NuzeyPNqRksA3hztKQ==", ++ "license": "MIT", + "engines": { + "node": ">= 0.8" + } +@@ -3610,6 +4258,7 @@ + "version": "4.4.1", + "resolved": "https://registry.npmjs.org/uri-js/-/uri-js-4.4.1.tgz", + "integrity": "sha512-7rKUyy33Q1yc98pQ1DAmLtwX109F7TIfWlW1Ydo8Wl1ii1SeHieeh0HHfPeL2fMXK6z0s8ecKs9frCuLJvndBg==", ++ "license": "BSD-2-Clause", + "dependencies": { + "punycode": "^2.1.0" + } +@@ -3618,6 +4267,7 @@ + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/url-to-options/-/url-to-options-1.0.1.tgz", + "integrity": "sha512-0kQLIzG4fdk/G5NONku64rSH/x32NOA39LVQqlK8Le6lvTF6GGRJpqaQFGgU+CLwySIqBSMdwYM0sYcW9f6P4A==", ++ "license": "MIT", + "engines": { + "node": ">= 4" + } +@@ -3625,12 +4275,14 @@ + "node_modules/util-deprecate": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz", +- "integrity": "sha512-EPD5q1uXyFxJpCrLnCc1nHnq3gOa6DZBocAIiI2TaSCA7VCJ1UJDMagCzIkXNsUYfD1daK//LTEQ8xiIbrHtcw==" ++ "integrity": "sha512-EPD5q1uXyFxJpCrLnCc1nHnq3gOa6DZBocAIiI2TaSCA7VCJ1UJDMagCzIkXNsUYfD1daK//LTEQ8xiIbrHtcw==", ++ "license": "MIT" + }, + "node_modules/utils-merge": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.1.tgz", + "integrity": "sha512-pMZTvIkT1d+TFGvDOqodOclx0QWkkgi6Tdoa8gC8ffGAAqz9pzPTZWAybbsHHoED/ztMtkv/VoYTYyShUn81hA==", ++ "license": "MIT", + "engines": { + "node": ">= 0.4.0" + } +@@ -3639,14 +4291,16 @@ + "version": "8.3.2", + "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz", + "integrity": "sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==", ++ "license": "MIT", + "bin": { + "uuid": "dist/bin/uuid" + } + }, + "node_modules/validator": { +- "version": "13.12.0", +- "resolved": "https://registry.npmjs.org/validator/-/validator-13.12.0.tgz", +- "integrity": "sha512-c1Q0mCiPlgdTVVVIJIrBuxNicYE+t/7oKeI9MWLj3fh/uq2Pxh/3eeWbVZ4OcGW1TUf53At0njHw5SMdA3tmMg==", ++ "version": "13.15.23", ++ "resolved": "https://registry.npmjs.org/validator/-/validator-13.15.23.tgz", ++ "integrity": "sha512-4yoz1kEWqUjzi5zsPbAS/903QXSYp0UOtHsPpp7p9rHAw/W+dkInskAE386Fat3oKRROwO98d9ZB0G4cObgUyw==", ++ "license": "MIT", + "engines": { + "node": ">= 0.10" + } +@@ -3655,6 +4309,7 @@ + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz", + "integrity": "sha512-BNGbWLfd0eUPabhkXUVm0j8uuvREyTh5ovRa/dyow/BqAbZJyC+5fU+IzQOzmAKzYqYRAISoRhdQr3eIZ/PXqg==", ++ "license": "MIT", + "engines": { + "node": ">= 0.8" + } +@@ -3663,6 +4318,7 @@ + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/which/-/which-2.0.2.tgz", + "integrity": "sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA==", ++ "license": "ISC", + "optional": true, + "dependencies": { + "isexe": "^2.0.0" +@@ -3678,18 +4334,20 @@ + "version": "1.1.5", + "resolved": "https://registry.npmjs.org/wide-align/-/wide-align-1.1.5.tgz", + "integrity": "sha512-eDMORYaPNZ4sQIuuYPDHdQvf4gyCF9rEEV/yPxGfwPkRodwEgiMUUXTx/dex+Me0wxx53S+NgUHaP7y3MGlDmg==", ++ "license": "ISC", + "optional": true, + "dependencies": { + "string-width": "^1.0.2 || 2 || 3 || 4" + } + }, + "node_modules/winston": { +- "version": "3.17.0", +- "resolved": "https://registry.npmjs.org/winston/-/winston-3.17.0.tgz", +- "integrity": "sha512-DLiFIXYC5fMPxaRg832S6F5mJYvePtmO5G9v9IgUFPhXm9/GkXarH/TUrBAVzhTCzAj9anE/+GjrgXp/54nOgw==", ++ "version": "3.19.0", ++ "resolved": "https://registry.npmjs.org/winston/-/winston-3.19.0.tgz", ++ "integrity": "sha512-LZNJgPzfKR+/J3cHkxcpHKpKKvGfDZVPS4hfJCc4cCG0CgYzvlD6yE/S3CIL/Yt91ak327YCpiF/0MyeZHEHKA==", ++ "license": "MIT", + "dependencies": { + "@colors/colors": "^1.6.0", +- "@dabh/diagnostics": "^2.0.2", ++ "@dabh/diagnostics": "^2.0.8", + "async": "^3.2.3", + "is-stream": "^2.0.0", + "logform": "^2.7.0", +@@ -3708,6 +4366,7 @@ + "version": "4.9.0", + "resolved": "https://registry.npmjs.org/winston-transport/-/winston-transport-4.9.0.tgz", + "integrity": "sha512-8drMJ4rkgaPo1Me4zD/3WLfI/zPdA9o2IipKODunnGDcuqbHwjsbB79ylv04LCGGzU0xQ6vTznOMpQGaLhhm6A==", ++ "license": "MIT", + "dependencies": { + "logform": "^2.7.0", + "readable-stream": "^3.6.2", +@@ -3721,6 +4380,7 @@ + "version": "0.5.0", + "resolved": "https://registry.npmjs.org/wkx/-/wkx-0.5.0.tgz", + "integrity": "sha512-Xng/d4Ichh8uN4l0FToV/258EjMGU9MGcA0HV2d9B/ZpZB3lqQm7nkOdZdm5GhKtLLhAE7PiVQwN4eN+2YJJUg==", ++ "license": "MIT", + "dependencies": { + "@types/node": "*" + } +@@ -3728,12 +4388,14 @@ + "node_modules/wrappy": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz", +- "integrity": "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==" ++ "integrity": "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==", ++ "license": "ISC" + }, + "node_modules/yallist": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz", +- "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==" ++ "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==", ++ "license": "ISC" + } + } + } +diff --git a/QuoteGeneration/pccs/package.json b/QuoteGeneration/pccs/package.json +index 7c498083..6d0569f4 100644 +--- a/QuoteGeneration/pccs/package.json ++++ b/QuoteGeneration/pccs/package.json +@@ -1,26 +1,26 @@ + { + "name": "PCCS", + "description": "Provisioning Certificate Caching Service", +- "version": "1.23.0", ++ "version": "1.23.101", + "type": "module", + "dependencies": { + "@fidm/x509": "^1.2.1", +- "ajv": "^8.12.0", ++ "ajv": "^8.17.1", + "ajv-formats": "^2.1.1", + "body-parser": "^1.20.3", + "caw": "^2.0.1", + "cls-hooked": "^4.2.2", +- "config": "^3.3.9", ++ "config": "^3.3.12", + "express": "^4.21.2", +- "ffi-rs": "^1.0.64", ++ "ffi-rs": "^1.3.1", + "got": "^11.8.6", + "morgan": "^1.10.1", +- "mysql2": "^3.10.1", ++ "mysql2": "^3.15.3", + "node-schedule": "^2.1.1", +- "sequelize": "^6.37.3", ++ "sequelize": "^6.37.7", + "sqlite3": "^5.1.7", +- "umzug": "^3.8.0", +- "winston": "^3.10.0" ++ "umzug": "^3.8.2", ++ "winston": "^3.18.3" + }, + "engines": { + "node": ">= 18.17.0" +-- +2.52.0 + diff --git a/SOURCES/0135-pccs-force-override-tar-module-to-7.0.0-series.patch b/SOURCES/0135-pccs-force-override-tar-module-to-7.0.0-series.patch new file mode 100644 index 0000000..472589f --- /dev/null +++ b/SOURCES/0135-pccs-force-override-tar-module-to-7.0.0-series.patch @@ -0,0 +1,217 @@ +From 416a5f3338e4f3709eb647d56a78a6e22724a284 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= +Date: Thu, 29 Jan 2026 16:09:15 +0000 +Subject: [PATCH 135/136] pccs: force override "tar" module to 7.0.0 series +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The 6.x series is vulnerable to multiple flaws, however, it is a +depedency of sqlite3. The latter has not been updated in several +years. The new tar 7.x series appears largely back-compatible +despite the major version change, so can override it to force +the new release. + +The 'npm audit fix' command was run to update pacakge-lock.json +with new deps for tar 7.x and eliminate other outdated/vunlerable +deps. + +Signed-off-by: Daniel P. Berrangé +--- + QuoteGeneration/pccs/package-lock.json | 97 ++++++++++++++++++++------ + QuoteGeneration/pccs/package.json | 3 + + 2 files changed, 79 insertions(+), 21 deletions(-) + +diff --git a/QuoteGeneration/pccs/package-lock.json b/QuoteGeneration/pccs/package-lock.json +index e01fde2f..7536872b 100644 +--- a/QuoteGeneration/pccs/package-lock.json ++++ b/QuoteGeneration/pccs/package-lock.json +@@ -79,6 +79,27 @@ + "license": "MIT", + "optional": true + }, ++ "node_modules/@isaacs/fs-minipass": { ++ "version": "4.0.1", ++ "resolved": "https://registry.npmjs.org/@isaacs/fs-minipass/-/fs-minipass-4.0.1.tgz", ++ "integrity": "sha512-wgm9Ehl2jpeqP3zw/7mo3kRHFp5MEDhqAdwy1fTGkHAwnkGOVsgpvQhL8B5n1qlb01jV3n/bI0ZfZp5lWA1k4w==", ++ "license": "ISC", ++ "dependencies": { ++ "minipass": "^7.0.4" ++ }, ++ "engines": { ++ "node": ">=18.0.0" ++ } ++ }, ++ "node_modules/@isaacs/fs-minipass/node_modules/minipass": { ++ "version": "7.1.2", ++ "resolved": "https://registry.npmjs.org/minipass/-/minipass-7.1.2.tgz", ++ "integrity": "sha512-qOOzS1cBTWYF4BH8fVePDBOO9iptMnGUEZwNc/cMWnTV2nVLZ7VoNWEPHkYczZA0pdoA7dl6e7FL659nX9S2aw==", ++ "license": "ISC", ++ "engines": { ++ "node": ">=16 || 14 >=14.17" ++ } ++ }, + "node_modules/@nodelib/fs.scandir": { + "version": "2.1.5", + "resolved": "https://registry.npmjs.org/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz", +@@ -1011,6 +1032,7 @@ + "resolved": "https://registry.npmjs.org/chownr/-/chownr-2.0.0.tgz", + "integrity": "sha512-bIomtDF5KGpdogkLd9VspvFzk9KfpyyGlS8YFVZl7TGPBHL5snIOnxeshwVgPteQ9b4Eydl+pVbIyE1DcvCWgQ==", + "license": "ISC", ++ "optional": true, + "engines": { + "node": ">=10" + } +@@ -1664,6 +1686,7 @@ + "resolved": "https://registry.npmjs.org/fs-minipass/-/fs-minipass-2.1.0.tgz", + "integrity": "sha512-V/JgOLFCS+R6Vcq0slCuaeWEdNC3ouDlJMNIsacH2VtALiu9mV4LPrHc5cDl8k5aw6J8jwgWWpiTo5RYhmIzvg==", + "license": "ISC", ++ "optional": true, + "dependencies": { + "minipass": "^3.0.0" + }, +@@ -2340,9 +2363,9 @@ + "license": "MIT" + }, + "node_modules/lodash": { +- "version": "4.17.21", +- "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", +- "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==", ++ "version": "4.17.23", ++ "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.23.tgz", ++ "integrity": "sha512-LgVTMpQtIopCi79SJeDiP0TfWi5CNEc/L/aRdTh3yIvmZXTnheWpKjSZhnvMl8iXbC1tFg9gdHHDMLoV7CnG+w==", + "license": "MIT" + }, + "node_modules/logform": { +@@ -2580,6 +2603,7 @@ + "resolved": "https://registry.npmjs.org/minipass/-/minipass-3.3.6.tgz", + "integrity": "sha512-DxiNidxSEK+tHG6zOIklvNOwm3hvCrbUrdtzY74U6HKTJxvIDfOUL5W5P2Ghd3DTkhhKPYGqeNUIh5qcM4YBfw==", + "license": "ISC", ++ "optional": true, + "dependencies": { + "yallist": "^4.0.0" + }, +@@ -2662,6 +2686,7 @@ + "resolved": "https://registry.npmjs.org/minizlib/-/minizlib-2.1.2.tgz", + "integrity": "sha512-bAxsR8BVfj60DWXHE3u30oHzfl4G7khkSuPW+qvpd7jFRHm7dLxOjUk1EHACJ/hxLY8phGJ0YhYHZo7jil7Qdg==", + "license": "MIT", ++ "optional": true, + "dependencies": { + "minipass": "^3.0.0", + "yallist": "^4.0.0" +@@ -2675,6 +2700,7 @@ + "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-1.0.4.tgz", + "integrity": "sha512-vVqVZQyf3WLx2Shd0qJ9xuvqgAyKPLAiqITEtqW0oIUjzo3PePDd6fW9iFz30ef7Ysp/oiWqbhszeGWW2T6Gzw==", + "license": "MIT", ++ "optional": true, + "bin": { + "mkdirp": "bin/cmd.js" + }, +@@ -3175,9 +3201,9 @@ + } + }, + "node_modules/qs": { +- "version": "6.14.0", +- "resolved": "https://registry.npmjs.org/qs/-/qs-6.14.0.tgz", +- "integrity": "sha512-YWWTjgABSKcvs/nWBi9PycY/JiPJqOD4JA6o9Sej2AtvSGarXxKC3OQSk4pAarbdQlKAh5D4FCQkJNkW+GAn3w==", ++ "version": "6.14.1", ++ "resolved": "https://registry.npmjs.org/qs/-/qs-6.14.1.tgz", ++ "integrity": "sha512-4EK3+xJl8Ts67nLYNwqw/dsFVnCf+qR7RgXSK9jEEm9unao3njwMDdmsdvoKBKHzxd7tCYz5e5M+SnMjdtXGQQ==", + "license": "BSD-3-Clause", + "dependencies": { + "side-channel": "^1.1.0" +@@ -4050,20 +4076,19 @@ + } + }, + "node_modules/tar": { +- "version": "6.2.1", +- "resolved": "https://registry.npmjs.org/tar/-/tar-6.2.1.tgz", +- "integrity": "sha512-DZ4yORTwrbTj/7MZYq2w+/ZFdI6OZ/f9SFHR+71gIVUZhOQPHzVCLpvRnPgyaMpfWxxk/4ONva3GQSyNIKRv6A==", +- "license": "ISC", ++ "version": "7.5.7", ++ "resolved": "https://registry.npmjs.org/tar/-/tar-7.5.7.tgz", ++ "integrity": "sha512-fov56fJiRuThVFXD6o6/Q354S7pnWMJIVlDBYijsTNx6jKSE4pvrDTs6lUnmGvNyfJwFQQwWy3owKz1ucIhveQ==", ++ "license": "BlueOak-1.0.0", + "dependencies": { +- "chownr": "^2.0.0", +- "fs-minipass": "^2.0.0", +- "minipass": "^5.0.0", +- "minizlib": "^2.1.1", +- "mkdirp": "^1.0.3", +- "yallist": "^4.0.0" ++ "@isaacs/fs-minipass": "^4.0.0", ++ "chownr": "^3.0.0", ++ "minipass": "^7.1.2", ++ "minizlib": "^3.1.0", ++ "yallist": "^5.0.0" + }, + "engines": { +- "node": ">=10" ++ "node": ">=18" + } + }, + "node_modules/tar-fs": { +@@ -4100,13 +4125,43 @@ + "node": ">=6" + } + }, ++ "node_modules/tar/node_modules/chownr": { ++ "version": "3.0.0", ++ "resolved": "https://registry.npmjs.org/chownr/-/chownr-3.0.0.tgz", ++ "integrity": "sha512-+IxzY9BZOQd/XuYPRmrvEVjF/nqj5kgT4kEq7VofrDoM1MxoRjEWkrCC3EtLi59TVawxTAn+orJwFQcrqEN1+g==", ++ "license": "BlueOak-1.0.0", ++ "engines": { ++ "node": ">=18" ++ } ++ }, + "node_modules/tar/node_modules/minipass": { +- "version": "5.0.0", +- "resolved": "https://registry.npmjs.org/minipass/-/minipass-5.0.0.tgz", +- "integrity": "sha512-3FnjYuehv9k6ovOEbyOswadCDPX1piCfhV8ncmYtHOjuPwylVWsghTLo7rabjC3Rx5xD4HDx8Wm1xnMF7S5qFQ==", ++ "version": "7.1.2", ++ "resolved": "https://registry.npmjs.org/minipass/-/minipass-7.1.2.tgz", ++ "integrity": "sha512-qOOzS1cBTWYF4BH8fVePDBOO9iptMnGUEZwNc/cMWnTV2nVLZ7VoNWEPHkYczZA0pdoA7dl6e7FL659nX9S2aw==", + "license": "ISC", + "engines": { +- "node": ">=8" ++ "node": ">=16 || 14 >=14.17" ++ } ++ }, ++ "node_modules/tar/node_modules/minizlib": { ++ "version": "3.1.0", ++ "resolved": "https://registry.npmjs.org/minizlib/-/minizlib-3.1.0.tgz", ++ "integrity": "sha512-KZxYo1BUkWD2TVFLr0MQoM8vUUigWD3LlD83a/75BqC+4qE0Hb1Vo5v1FgcfaNXvfXzr+5EhQ6ing/CaBijTlw==", ++ "license": "MIT", ++ "dependencies": { ++ "minipass": "^7.1.2" ++ }, ++ "engines": { ++ "node": ">= 18" ++ } ++ }, ++ "node_modules/tar/node_modules/yallist": { ++ "version": "5.0.0", ++ "resolved": "https://registry.npmjs.org/yallist/-/yallist-5.0.0.tgz", ++ "integrity": "sha512-YgvUTfwqyc7UXVMrB+SImsVYSmTS8X/tSrtdNZMImM+n7+QTriRXyXim0mBrTXNeqzVF0KWGgHPeiyViFFrNDw==", ++ "license": "BlueOak-1.0.0", ++ "engines": { ++ "node": ">=18" + } + }, + "node_modules/text-hex": { +diff --git a/QuoteGeneration/pccs/package.json b/QuoteGeneration/pccs/package.json +index 6d0569f4..e5b470be 100644 +--- a/QuoteGeneration/pccs/package.json ++++ b/QuoteGeneration/pccs/package.json +@@ -30,5 +30,8 @@ + "test": "NODE_ENV=test mocha ../../../unittests/psw/pccs_ut/test.js --timeout 120000 --exit", + "offline": "NODE_ENV=test_offline mocha ../../../unittests/psw/pccs_ut/test_offline.js --timeout 120000 --exit", + "req": "NODE_ENV=test_req mocha ../../../unittests/psw/pccs_ut/test_req.js --timeout 120000 --exit" ++ }, ++ "overrides": { ++ "tar": "^7.0.0" + } + } +-- +2.52.0 + diff --git a/SOURCES/0136-pccsadmin-fix-name-of-input-file-for-cache-command-i.patch b/SOURCES/0136-pccsadmin-fix-name-of-input-file-for-cache-command-i.patch new file mode 100644 index 0000000..6c406eb --- /dev/null +++ b/SOURCES/0136-pccsadmin-fix-name-of-input-file-for-cache-command-i.patch @@ -0,0 +1,30 @@ +From 911260b974b5fdbb44e81c95d47bd447a09c4d3d Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= +Date: Wed, 4 Feb 2026 15:07:30 +0000 +Subject: [PATCH 136/136] pccsadmin: fix name of input file for 'cache' command + in help text +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Daniel P. Berrangé +--- + tools/PccsAdminTool/pccsadmin.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tools/PccsAdminTool/pccsadmin.py b/tools/PccsAdminTool/pccsadmin.py +index dc5253bb..4d6b6c7b 100755 +--- a/tools/PccsAdminTool/pccsadmin.py ++++ b/tools/PccsAdminTool/pccsadmin.py +@@ -79,7 +79,7 @@ def main(): + parser_cache = subparsers.add_parser('cache') + # add optional arguments for cache + parser_cache.add_argument("-u", "--url", help="The URL of the Intel PCS service; default: https://api.trustedservices.intel.com/sgx/certification/v4/") +- parser_cache.add_argument("-i", "--input_file", help="The input file name for platform list; default: platform_list.csv") ++ parser_cache.add_argument("-i", "--input_file", help="The input file name for platform list; default: platform_list.json") + parser_cache.add_argument("-o", "--output_dir", help="The destination directory for storing the generated cache files") + parser_cache.add_argument("-s", "--sub_dir", help="Store output cache files in subdirectories named according to QE ID or Platform ID", action="store_true") + parser_cache.add_argument("-e", "--expire", type=Utils.check_expire_hours, help="How many hours the cache files will be valid for. Default is 2160 hours (90 days).") +-- +2.52.0 + diff --git a/SOURCES/0200-Enable-pointing-sgxssl-build-to-alternative-glibc-he.patch b/SOURCES/0200-Enable-pointing-sgxssl-build-to-alternative-glibc-he.patch index 1d94f3b..a7485ec 100644 --- a/SOURCES/0200-Enable-pointing-sgxssl-build-to-alternative-glibc-he.patch +++ b/SOURCES/0200-Enable-pointing-sgxssl-build-to-alternative-glibc-he.patch @@ -1,7 +1,7 @@ -From aaf1277c7c0aa37d387e8a7983da607498335757 Mon Sep 17 00:00:00 2001 +From 89d2bacc8b67eca8decae7b7508080582fc2c60d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Thu, 29 Aug 2024 12:23:30 +0100 -Subject: [PATCH 200/201] Enable pointing sgxssl build to alternative glibc +Subject: [PATCH 200/203] Enable pointing sgxssl build to alternative glibc headers MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 @@ -20,10 +20,10 @@ Signed-off-by: Daniel P. Berrangé 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/Linux/build_openssl.sh b/Linux/build_openssl.sh -index cd76872..f1c39b6 100755 +index 0a99917..4e4a81e 100755 --- a/Linux/build_openssl.sh +++ b/Linux/build_openssl.sh -@@ -83,6 +83,7 @@ fi +@@ -89,6 +89,7 @@ fi # Mitigation flags MITIGATION_OPT="" MITIGATION_FLAGS="" @@ -31,7 +31,7 @@ index cd76872..f1c39b6 100755 CC_VERSION=`gcc -dumpversion` CC_VERSION_MAJOR=`echo "$CC_VERSION" | cut -f1 -d.` for arg in "$@" -@@ -123,6 +124,10 @@ do +@@ -129,6 +130,10 @@ do MITIGATION_FLAGS+=" $arg" shift ;; @@ -42,7 +42,7 @@ index cd76872..f1c39b6 100755 *) # Unknown option shift -@@ -131,6 +136,7 @@ do +@@ -137,6 +142,7 @@ do done echo $MITIGATION_OPT echo $MITIGATION_FLAGS @@ -50,20 +50,20 @@ index cd76872..f1c39b6 100755 echo $SPACE_OPT sed -i -- 's/OPENSSL_issetugid/OPENSSLd_issetugid/g' $OPENSSL_VERSION/crypto/uid.c || exit 1 -@@ -139,7 +145,7 @@ cp sgx_config.conf $OPENSSL_VERSION/ || exit 1 +@@ -145,7 +151,7 @@ cp sgx_config.conf $OPENSSL_VERSION/ || exit 1 cp x86_64-xlate.pl $OPENSSL_VERSION/crypto/perlasm/ || exit 1 cd $SGXSSL_ROOT/../openssl_source/$OPENSSL_VERSION || exit 1 --perl Configure --config=sgx_config.conf sgx-linux-x86_64 --with-rand-seed=none $ADDITIONAL_CONF $SPACE_OPT $MITIGATION_FLAGS no-idea no-mdc2 no-rc5 no-rc4 no-bf no-ec2m no-camellia no-cast no-srp no-async no-padlockeng no-dso no-shared no-ssl3 no-md2 no-md4 no-ui-console no-stdio no-afalgeng -D_FORTIFY_SOURCE=2 -DGETPID_IS_MEANINGLESS -include$SGXSSL_ROOT/../openssl_source/bypass_to_sgxssl.h || exit 1 -+perl Configure --config=sgx_config.conf sgx-linux-x86_64 --with-rand-seed=none $ADDITIONAL_CONF $SPACE_OPT $MITIGATION_FLAGS $ENCLAVE_CFLAGS no-idea no-mdc2 no-rc5 no-rc4 no-bf no-ec2m no-camellia no-cast no-srp no-async no-padlockeng no-dso no-shared no-ssl3 no-md2 no-md4 no-ui-console no-stdio no-afalgeng -D_FORTIFY_SOURCE=2 -DGETPID_IS_MEANINGLESS -include$SGXSSL_ROOT/../openssl_source/bypass_to_sgxssl.h || exit 1 +-perl Configure --config=sgx_config.conf sgx-linux-x86_64 --with-rand-seed=none $ADDITIONAL_CONF $SPACE_OPT $MITIGATION_FLAGS no-idea no-mdc2 no-rc5 no-rc4 no-bf no-ec2m no-camellia no-cast no-srp no-async no-padlockeng no-dso no-shared no-ssl3 no-md2 no-md4 no-ui-console no-stdio no-afalgeng -D_FORTIFY_SOURCE=2 -DGETPID_IS_MEANINGLESS -DOPENSSL_NO_POSIX_IO -include$SGXSSL_ROOT/../openssl_source/bypass_to_sgxssl.h || exit 1 ++perl Configure --config=sgx_config.conf sgx-linux-x86_64 --with-rand-seed=none $ADDITIONAL_CONF $SPACE_OPT $MITIGATION_FLAGS $ENCLAVE_CFLAGS no-idea no-mdc2 no-rc5 no-rc4 no-bf no-ec2m no-camellia no-cast no-srp no-async no-padlockeng no-dso no-shared no-ssl3 no-md2 no-md4 no-ui-console no-stdio no-afalgeng -D_FORTIFY_SOURCE=2 -DGETPID_IS_MEANINGLESS -DOPENSSL_NO_POSIX_IO -include$SGXSSL_ROOT/../openssl_source/bypass_to_sgxssl.h || exit 1 sed -i 's/ENGINE_set_default_RAND/dummy_ENGINE_set_default_RAND/' crypto/engine/tb_rand.c || exit 1 sed -i 's/return RUN_ONCE(&locale_base, ossl_init_locale_base);/return 1;/' crypto/ctype.c || exit 1 diff --git a/Linux/sgx/Makefile b/Linux/sgx/Makefile -index d08eff7..6555d28 100644 +index e4f3f92..ec1a0c3 100644 --- a/Linux/sgx/Makefile +++ b/Linux/sgx/Makefile -@@ -76,7 +76,7 @@ endif +@@ -85,7 +85,7 @@ endif endif $(PACKAGE_LIB)/$(OPENSSL_LIB): @@ -73,5 +73,5 @@ index d08eff7..6555d28 100644 clean: $(MAKE) -C $(TRUSTED_LIB_DIR) clean -- -2.46.0 +2.49.0 diff --git a/SOURCES/0201-Workaround-missing-output-directory.patch b/SOURCES/0201-Workaround-missing-output-directory.patch index 884374c..fca630c 100644 --- a/SOURCES/0201-Workaround-missing-output-directory.patch +++ b/SOURCES/0201-Workaround-missing-output-directory.patch @@ -1,7 +1,7 @@ -From 63f4368171ee5bf78f956c429c37d43618a881e7 Mon Sep 17 00:00:00 2001 +From d823d7a67291d51d8b3c57c36f059e1d1d84c2e6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Thu, 29 Aug 2024 12:50:32 +0100 -Subject: [PATCH 201/201] Workaround missing output directory +Subject: [PATCH 201/203] Workaround missing output directory MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -16,10 +16,10 @@ Signed-off-by: Daniel P. Berrangé 1 file changed, 1 insertion(+) diff --git a/Linux/build_openssl.sh b/Linux/build_openssl.sh -index f1c39b6..f2cf0b1 100755 +index 4e4a81e..d0518e5 100755 --- a/Linux/build_openssl.sh +++ b/Linux/build_openssl.sh -@@ -168,6 +168,7 @@ fi +@@ -174,6 +174,7 @@ fi make libcrypto.a || exit 1 cp libcrypto.a $SGXSSL_ROOT/package/lib64/$OUTPUT_LIB || exit 1 objcopy --rename-section .init=Q6A8dc14f40efc4288a03b32cba4e $SGXSSL_ROOT/package/lib64/$OUTPUT_LIB || exit 1 @@ -28,5 +28,5 @@ index f1c39b6..f2cf0b1 100755 grep OPENSSL_VERSION_STR include/openssl/opensslv.h > $SGXSSL_ROOT/sgx/osslverstr.h || exit 1 cp -r include/crypto $SGXSSL_ROOT/sgx/test_app/enclave/ || exit 1 -- -2.46.0 +2.49.0 diff --git a/SOURCES/0202-Disable-various-EC-crypto-features.patch b/SOURCES/0202-Disable-various-EC-crypto-features.patch index 90815e5..13f7de2 100644 --- a/SOURCES/0202-Disable-various-EC-crypto-features.patch +++ b/SOURCES/0202-Disable-various-EC-crypto-features.patch @@ -1,4 +1,4 @@ -From 6cf74b032bc9f120a7c4924a0394d22f6ed4767b Mon Sep 17 00:00:00 2001 +From 3aea585cfbe4691fea3c584981e36ee06d945bf4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Fri, 1 Mar 2024 13:24:26 +0000 Subject: [PATCH 202/203] Disable various EC crypto features @@ -20,12 +20,12 @@ Signed-off-by: Daniel P. Berrangé create mode 100644 openssl_source/0012-Disable-explicit-ec.patch diff --git a/Linux/build_openssl.sh b/Linux/build_openssl.sh -index f2cf0b1..7470479 100755 +index d0518e5..cf8394b 100755 --- a/Linux/build_openssl.sh +++ b/Linux/build_openssl.sh -@@ -55,6 +55,17 @@ cd $SGXSSL_ROOT/../openssl_source || exit 1 +@@ -54,6 +54,17 @@ cd $SGXSSL_ROOT/../openssl_source || exit 1 rm -rf $OPENSSL_VERSION - tar xvf $OPENSSL_VERSION.tar.gz || exit 1 + tar xvf $OPENSSL_VERSION.tar.gz > /dev/null || exit 1 +# Disable forbidden EC +( @@ -1631,5 +1631,5 @@ index 0000000..0cae2fa + + err: -- -2.46.0 +2.49.0 diff --git a/SOURCES/0203-Disable-sm2-and-sm4-crypto-algorithms.patch b/SOURCES/0203-Disable-sm2-and-sm4-crypto-algorithms.patch index b4c32ee..99ff250 100644 --- a/SOURCES/0203-Disable-sm2-and-sm4-crypto-algorithms.patch +++ b/SOURCES/0203-Disable-sm2-and-sm4-crypto-algorithms.patch @@ -1,4 +1,4 @@ -From f429bf3ffd992c678f7d1a041f6a6b5df9a4b6fb Mon Sep 17 00:00:00 2001 +From 1c3da2baf4cc84aecd2f6610777d28ac69a47039 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Fri, 1 Mar 2024 13:25:14 +0000 Subject: [PATCH 203/203] Disable sm2 and sm4 crypto algorithms @@ -11,45 +11,45 @@ Policy copied from Fedora 39 openssl package Signed-off-by: Daniel P. Berrangé --- Linux/build_openssl.sh | 2 +- - Linux/sgx/test_app/enclave/TestEnclave.cpp | 5 ++++- + Linux/sgx/test_app/enclave/TestEnclave.cpp | 4 ++++ Linux/sgx/test_app/enclave/TestEnclave.h | 4 ++++ Linux/sgx/test_app/enclave/tests/evp_smx.c | 4 ++++ - 4 files changed, 13 insertions(+), 2 deletions(-) + 4 files changed, 13 insertions(+), 1 deletion(-) diff --git a/Linux/build_openssl.sh b/Linux/build_openssl.sh -index 7470479..e214ccb 100755 +index cf8394b..fea2232 100755 --- a/Linux/build_openssl.sh +++ b/Linux/build_openssl.sh -@@ -156,7 +156,7 @@ cp sgx_config.conf $OPENSSL_VERSION/ || exit 1 +@@ -162,7 +162,7 @@ cp sgx_config.conf $OPENSSL_VERSION/ || exit 1 cp x86_64-xlate.pl $OPENSSL_VERSION/crypto/perlasm/ || exit 1 cd $SGXSSL_ROOT/../openssl_source/$OPENSSL_VERSION || exit 1 --perl Configure --config=sgx_config.conf sgx-linux-x86_64 --with-rand-seed=none $ADDITIONAL_CONF $SPACE_OPT $MITIGATION_FLAGS $ENCLAVE_CFLAGS no-idea no-mdc2 no-rc5 no-rc4 no-bf no-ec2m no-camellia no-cast no-srp no-async no-padlockeng no-dso no-shared no-ssl3 no-md2 no-md4 no-ui-console no-stdio no-afalgeng -D_FORTIFY_SOURCE=2 -DGETPID_IS_MEANINGLESS -include$SGXSSL_ROOT/../openssl_source/bypass_to_sgxssl.h || exit 1 -+perl Configure --config=sgx_config.conf sgx-linux-x86_64 --with-rand-seed=none $ADDITIONAL_CONF $SPACE_OPT $MITIGATION_FLAGS $ENCLAVE_CFLAGS no-idea no-mdc2 no-rc5 no-rc4 no-bf no-ec2m no-camellia no-cast no-srp no-async no-padlockeng no-dso no-shared no-ssl3 no-md2 no-md4 no-sm2 no-sm4 no-ui-console no-stdio no-afalgeng -D_FORTIFY_SOURCE=2 -DGETPID_IS_MEANINGLESS -include$SGXSSL_ROOT/../openssl_source/bypass_to_sgxssl.h || exit 1 +-perl Configure --config=sgx_config.conf sgx-linux-x86_64 --with-rand-seed=none $ADDITIONAL_CONF $SPACE_OPT $MITIGATION_FLAGS $ENCLAVE_CFLAGS no-idea no-mdc2 no-rc5 no-rc4 no-bf no-ec2m no-camellia no-cast no-srp no-async no-padlockeng no-dso no-shared no-ssl3 no-md2 no-md4 no-ui-console no-stdio no-afalgeng -D_FORTIFY_SOURCE=2 -DGETPID_IS_MEANINGLESS -DOPENSSL_NO_POSIX_IO -include$SGXSSL_ROOT/../openssl_source/bypass_to_sgxssl.h || exit 1 ++perl Configure --config=sgx_config.conf sgx-linux-x86_64 --with-rand-seed=none $ADDITIONAL_CONF $SPACE_OPT $MITIGATION_FLAGS $ENCLAVE_CFLAGS no-idea no-mdc2 no-rc5 no-rc4 no-bf no-ec2m no-camellia no-cast no-srp no-async no-padlockeng no-dso no-shared no-ssl3 no-md2 no-md4 no-sm2 no-sm4 no-ui-console no-stdio no-afalgeng -D_FORTIFY_SOURCE=2 -DGETPID_IS_MEANINGLESS -DOPENSSL_NO_POSIX_IO -include$SGXSSL_ROOT/../openssl_source/bypass_to_sgxssl.h || exit 1 sed -i 's/ENGINE_set_default_RAND/dummy_ENGINE_set_default_RAND/' crypto/engine/tb_rand.c || exit 1 sed -i 's/return RUN_ONCE(&locale_base, ossl_init_locale_base);/return 1;/' crypto/ctype.c || exit 1 diff --git a/Linux/sgx/test_app/enclave/TestEnclave.cpp b/Linux/sgx/test_app/enclave/TestEnclave.cpp -index dac620a..b219e74 100644 +index 7b21dd2..65330d5 100644 --- a/Linux/sgx/test_app/enclave/TestEnclave.cpp +++ b/Linux/sgx/test_app/enclave/TestEnclave.cpp -@@ -413,6 +413,7 @@ void t_sgxssl_call_apis() +@@ -469,6 +469,7 @@ void t_sgxssl_call_apis() } printf("test threads_test completed\n"); - + #ifndef SGXSSL_FIPS +#if 0 //GM SM2 - sign and verify ret = ecall_sm2_sign_verify(); if (ret != 0) -@@ -430,6 +431,7 @@ void t_sgxssl_call_apis() - exit(ret); +@@ -486,6 +487,7 @@ void t_sgxssl_call_apis() + goto end; } printf("test evp_sm2_encrypt_decrypt completed\n"); +#endif //GM SM3 - compute digest of message ret = ecall_sm3(); -@@ -440,6 +442,7 @@ void t_sgxssl_call_apis() +@@ -496,6 +498,7 @@ void t_sgxssl_call_apis() } printf("test evp_sm3 completed\n"); @@ -57,13 +57,14 @@ index dac620a..b219e74 100644 //GM SM4 - cbc encrypt and decrypt ret = ecall_sm4_cbc(); if (ret != 0) -@@ -457,5 +460,5 @@ void t_sgxssl_call_apis() - exit(ret); +@@ -513,6 +516,7 @@ void t_sgxssl_call_apis() + goto end; } printf("test evp_sm4_ctr completed\n"); -- +#endif - } + #endif + printf("ALL tests in t_sgxssl_call_apis passed!\n"); + end: diff --git a/Linux/sgx/test_app/enclave/TestEnclave.h b/Linux/sgx/test_app/enclave/TestEnclave.h index c2ca854..a989735 100644 --- a/Linux/sgx/test_app/enclave/TestEnclave.h @@ -118,5 +119,5 @@ index a395ce8..f49e5b7 100644 } +#endif -- -2.46.0 +2.49.0 diff --git a/SOURCES/pccs-node-ffi-rs-bundler b/SOURCES/pccs-node-ffi-rs-bundler new file mode 100755 index 0000000..6515ce2 --- /dev/null +++ b/SOURCES/pccs-node-ffi-rs-bundler @@ -0,0 +1,33 @@ +#!/bin/sh + +set -v +set -e + +if test -z "$1" +then + echo "syntax: $0 VERSION" + exit 1 +fi + +VERSION=$1 +PACKAGE=node-ffi-rs +AUTHOR=zhangyuang +GITURL=https://github.com/${AUTHOR}/${PACKAGE} + +if ! test -d $PACKAGE +then + git clone $GITURL +fi + +cd $PACKAGE +git checkout master +git reset --hard +git clean -f -x -d +git pull + +git archive v${VERSION} -o ../node-ffi-rs-${VERSION}.tar.gz --prefix "node-ffi-rs-${VERSION}/" + +git checkout v${VERSION} + +cargo vendor-filterer --platform x86_64-unknown-linux-gnu +tar zcvf ../node-ffi-rs-${VERSION}-vendor.tar.gz vendor diff --git a/SOURCES/pccs-nodejs-bundler b/SOURCES/pccs-nodejs-bundler new file mode 100755 index 0000000..0e11964 --- /dev/null +++ b/SOURCES/pccs-nodejs-bundler @@ -0,0 +1,55 @@ +#!/bin/sh + +set -v +set -e + +if test -z "$1" +then + echo "syntax: $0 VERSION" + exit 1 +fi + +VERSION=$1 + +TARBALL=DCAP_${VERSION}.tar.gz + +if ! test -f $TARBALL +then + echo "error: $0 missing $TARBALL" + exit 1 +fi +tar xfz $TARBALL +DIRNAME=SGXDataCenterAttestationPrimitives-DCAP_${VERSION} +pushd $DIRNAME + +pushd QuoteGeneration/pccs +echo " Downloading prod dependencies" +npm install --omit=dev --omit=optional --ignore-scripts +rm -rf node_modules/*/prebuilds +rm -f node_modules/sqlite3/deps/sqlite-autoconf-*.tar.gz +popd + +echo "LICENSES IN BUNDLE:" +find . -name "package.json" -exec jq '.license | strings' {} \; >> ../dcap-${VERSION}-pccs-nodejs-licenses.txt +find . -name "package.json" -exec jq '.license | objects | .type' {} \; >> ../dcap-${VERSION}-pccs-nodejs-licenses.txt 2>/dev/null +find . -name "package.json" -exec jq '.licenses[] .type' {} \; >> ../dcap-${VERSION}-pccs-nodejs-licenses.txt 2>/dev/null +sort -u -o ../dcap-${VERSION}-pccs-nodejs-licenses.txt ../dcap-${VERSION}-pccs-nodejs-licenses.txt + +# Locate any dependencies without a provided license +find . -type f -name package.json -execdir jq 'if .license==null and .licenses==null then .name else null end' '{}' '+' \ + | grep -vE '^null$' | sort -u > ../nolicense.txt + +if [ -s ../nolicense.txt ]; then + echo -e "\e[5m\e[41mSome dependencies do not list a license. Manual verification required!\e[0m" + cat ../nolicense.txt + echo -e "\e[5m\e[41m======================================================================\e[0m" +fi + + +if [ -d QuoteGeneration/pccs/node_modules ] ; then + tar cJf ../dcap-${VERSION}-pccs-node-modules.tar.xz --sort=name $(find QuoteGeneration/pccs -type d -name node_modules) +fi + +popd + +rm -rf $DIRNAME diff --git a/SOURCES/pccs.service b/SOURCES/pccs.service new file mode 100644 index 0000000..8bd8ff4 --- /dev/null +++ b/SOURCES/pccs.service @@ -0,0 +1,23 @@ +[Unit] +Description=Provisioning Certificate Caching Service (PCCS) +Documentation=https://github.com/intel/SGXDataCenterAttestationPrimitives/blob/master/QuoteGeneration/pccs/README.md +After=syslog.target network.target auditd.service mpa_registration.service +ConditionPathExists=/dev/sgx_enclave +Requires=mpa_registration.service + +[Service] +Type=simple +User=pccs +ExecStart=/usr/sbin/pccs +Restart=on-failure +RestartSec=15s + +Environment=NODE_CONFIG_DIR=/etc/pccs +WorkingDirectory=/var/lib/pccs +InaccessibleDirectories=/home +DevicePolicy=closed +DeviceAllow=/dev/sgx_enclave rw +DeviceAllow=/dev/sgx_provision rw + +[Install] +WantedBy=multi-user.target diff --git a/SOURCES/pccs.sysusers.conf b/SOURCES/pccs.sysusers.conf new file mode 100644 index 0000000..7f9623c --- /dev/null +++ b/SOURCES/pccs.sysusers.conf @@ -0,0 +1 @@ +u pccs - "SGX PCCS Server" /var/lib/pccs diff --git a/SPECS/linux-sgx.spec b/SPECS/linux-sgx.spec index 84b7416..032d725 100644 --- a/SPECS/linux-sgx.spec +++ b/SPECS/linux-sgx.spec @@ -2,7 +2,7 @@ ## (rpmautospec version 0.6.5) ## RPMAUTOSPEC: autorelease, autochangelog %define autorelease(e:s:pb:n) %{?-p:0.}%{lua: - release_number = 6; + release_number = 7; base_release_number = tonumber(rpm.expand("%{?-b*}%{!?-b:1}")); print(release_number + base_release_number - 1); }%{?-e:.%{-e*}}%{?-s:.%{-s*}}%{!?-n:%{?dist}} @@ -57,11 +57,10 @@ %global with_aesm 0 %global with_host_tinyxml2 0 -%global with_pccsadmin 0 +%global with_pccsadmin 1 %if 0%{?fedora} %global with_aesm 1 %global with_host_tinyxml2 1 -%global with_pccsadmin 1 %endif %global with_sysusers_scripts 0 @@ -69,6 +68,9 @@ %global with_sysusers_scripts 1 %endif +# Change after running pccs-nodejs-bundler +%define node_modules_date 20260204 + ############################################################ # # A note about versions @@ -77,22 +79,22 @@ # versions based on what the new release depends on (see various # git submodule tags and code files). # -%global linux_sgx_version 2.25 +%global linux_sgx_version 2.26 # From SGX git submodule -%global dcap_version 1.22 +%global dcap_version 1.23 # From DCAP git submodule %global dcap_qvl_version 1.21 # From DCAP git submodule %global dcap_qvs_version 1.1.0-2885 # From SGX external/sgxssl/prepare_sgxssl.sh -%global sgx_ssl_version 3.0_Rev4 +%global sgx_ssl_version 3.1.6_Rev1 # From SGX git submodule %global ipp_crypto_version 2021.12.1 # From SGX git submodule %global sgx_emm_version 1.0.3 # From SGX external/sgxssl/prepare_sgxssl.sh -%global openssl_version 3.0.14 +%global openssl_version 3.1.6 # From SGX git submodule %global libcbor_version 0.10.2 # From protobuf third_party/abseil-cpp @@ -100,7 +102,7 @@ # From DCAP git submodule %global jwt_cpp_version 0.6.0 # From DCAP git submodule -%global wamr_version 1.3.3 +%global wamr_version 1.0.0 # From SGX external/tinyxml2 %global tinyxml2_version 10.0.0 @@ -110,6 +112,10 @@ %global rdrand_version 1.1 %global vtune_version 2018 +# From SGX external/dcap_source/QuoteGeneration/pccs/package_lock.json +# NB: node_modules/@yuuang/ffi-rs-linux-x64-gnu will likely pull the +# version higher than what is declared for 'ffi-rs' itself. +%global node_ffi_rs_version 1.2.6 # enclaves from prebuilt_dcap_NNN.tar.gz - DCAP version numbers, # except for pce, which is actually an SGX enclave just bundled @@ -169,13 +175,19 @@ Summary: Intel Linux SGX SDK and Platform Software # so while the license of the combined work is declared to be # BSD-3-Clause, there is actually a huge set of licenses to track License: %{shrink: - %dnl sdk/tlibcxx, external/ippcp_internal, external/epid-sdk + %dnl node_modules + 0BSD AND + + %dnl sdk/tlibcxx, external/ippcp_internal, external/epid-sdk, node_modules, node-ffi-rs vendor Apache-2.0 AND - %dnl sdk/cpprt, sdk/tlibc + %dnl node_modules + BlueOak-1.0.0 AND + + %dnl sdk/cpprt, sdk/tlibc, node_modules BSD-2-Clause AND - %dnl external/dcap_source, sdk/* + %dnl external/dcap_source, sdk/*, node_modules BSD-3-Clause AND %dnl sdk/tlibc @@ -187,10 +199,10 @@ License: %{shrink: %dnl psd/urts/linux/isgx_user.h GPL-2.0-only AND - %dnl sdk/tlibc, sdk/pthread + %dnl sdk/tlibc, sdk/pthread, node_modules, node-ffi-rs vendor ISC AND - %dnl external/cbor/libcbor, sdk/* + %dnl external/cbor/libcbor, sdk/*, node_modules, node-ffi-rs vendor MIT AND %dnl sdk/tlibc/stdlib/malloc.c @@ -208,6 +220,15 @@ License: %{shrink: %dnl sdk/tlibc/math SunPro AND + %dnl node-ffi-rs vendor + Unicode-3.0 AND + + %dnl node_modules, node-ffi-rs vendor + Unlicense AND + + %dnl node_modules + WTFPL AND + %dnl sdk/tlibc LicenseRef-Fedora-Public-Domain } @@ -218,14 +239,14 @@ URL: https://github.com/intel/linux-sgx ############################################################ # SGX related projects SourceN for N in (0..9) -Source0: https://github.com/intel/linux-sgx/archive/refs/tags/sgx_%{linux_sgx_version}_reproducible.tar.gz#/linux-sgx-%{linux_sgx_version}-reproducible.tar.gz +Source0: https://github.com/intel/linux-sgx/archive/refs/tags/sgx_%{linux_sgx_version}.tar.gz#/linux-sgx-%{linux_sgx_version}.tar.gz # repack.sh purges all the prebuilt AE's that we ship in a different RPM # as well as 'prebuilt/' content (openssl / OPA binaries) that we must # not distribute. Source1: repack.sh -Source2: https://github.com/intel/SGXDataCenterAttestationPrimitives/archive/refs/tags/dcap_%{dcap_version}_reproducible.tar.gz +Source2: https://github.com/intel/SGXDataCenterAttestationPrimitives/archive/refs/tags/DCAP_%{dcap_version}.tar.gz Provides: bundled(dcap) = %{dcap_version} # Upload tarball is: @@ -288,6 +309,20 @@ Source46: qgs.sysconfig Source48: mpa_registration.service +Source50: pccs.sysusers.conf +Source51: pccs.service +# RPM build doesn't run this, but we want it in the src.rpm +# as record of what was used to create Source54 +Source52: pccs-nodejs-bundler +# Pre-created using Source53 +Source53: dcap-%{dcap_version}-%{node_modules_date}-pccs-node-modules.tar.xz + +# RPM build doesn't run this, but we want it in the src.rpm +# as record of what was used to create Source55 & Source56 +Source54: pccs-node-ffi-rs-bundler +Source55: node-ffi-rs-%{node_ffi_rs_version}.tar.gz +Source56: node-ffi-rs-%{node_ffi_rs_version}-vendor.tar.gz + ############################################################ # External projects that have been copied in tarballs as bundles @@ -303,33 +338,37 @@ Provides: bundled(vtune) = 2018 # Distro integration patches # 0000-0099 -> against linux-sgx.git +# +# Maintained in: https://github.com/berrange/linux-sgx/tree/dist-git-%{linux_sgx_version}-hostsw +# Patch0000: 0000-Add-support-for-building-against-host-openssl-crypto.patch Patch0001: 0001-Add-support-for-building-against-host-tinyxml2-lib.patch Patch0002: 0002-Add-support-for-building-against-host-CppMicroServic.patch # https://github.com/intel/linux-sgx/pull/1055 Patch0003: 0003-Improve-make-debuggability.patch Patch0004: 0004-Support-disabling-use-of-git-for-ippcp-code.patch -Patch0005: 0005-disable-openmp-protobuf-mbedtls-sample_crypto-builds.patch +Patch0005: 0005-disable-openmp-protobuf-sample_crypto-builds.patch # https://github.com/intel/linux-sgx/pull/1063 Patch0006: 0006-Fix-compat-with-gcc-14.patch # https://github.com/intel/linux-sgx/pull/1056 Patch0007: 0007-Fix-escaping-of-regexes-in-sgx-asm-pp.patch -# https://github.com/intel/linux-sgx/pull/1058 -Patch0008: 0008-Disable-use-of-bogus-DEF_WEAK-macro.patch -# https://github.com/intel/linux-sgx/pull/1057 -Patch0009: 0009-Remove-all-references-to-pccs-service.patch # https://github.com/intel/linux-sgx/pull/1064 -Patch0010: 0010-psw-prefer-dev-sgx_provision-dev-sgx_enclave.patch -Patch0011: 0011-psw-fix-soname-for-libuae_service.so-library.patch -Patch0012: 0012-pcl-remove-redundant-use-of-bool-type.patch -Patch0013: 0013-sdk-honour-CFLAGS-LDFLAGS-set-from-environment.patch -Patch0014: 0014-psw-make-aesm_service-build-verbose.patch -Patch0015: 0015-Fix-modern-C-function-prototype-compliance.patch -Patch0016: 0016-Add-wrapper-for-nasm-to-fix-cmake-compat.patch +Patch0008: 0008-psw-prefer-dev-sgx_provision-dev-sgx_enclave.patch +Patch0009: 0009-psw-fix-soname-for-libuae_service.so-library.patch +Patch0010: 0010-pcl-remove-redundant-use-of-bool-type.patch +Patch0011: 0011-sdk-honour-CFLAGS-LDFLAGS-set-from-environment.patch +Patch0012: 0012-psw-make-aesm_service-build-verbose.patch +Patch0013: 0013-Fix-modern-C-function-prototype-compliance.patch +Patch0014: 0014-Add-wrapper-for-nasm-to-fix-cmake-compat.patch +Patch0015: 0015-fix-BOM-for-pccs-with-DCAP-1.23.patch # Optional patches Patch0050: 0050-Disable-inclusion-of-AESM-in-installer.patch + # 0100-0199 -> against SGXDataCenterAttestationPrimitives.git +# +# Maintained in https://github.com/berrange/SGXDataCenterAttestationPrimitives/tree/dist-git-%{dcap_version}-hostsw +# Patch0100: 0100-Drop-use-of-bundled-pre-built-openssl.patch Patch0101: 0101-Improve-debuggability-of-build-system.patch # https://github.com/intel/SGXDataCenterAttestationPrimitives/pull/437 @@ -337,7 +376,7 @@ Patch0102: 0102-Support-build-time-setting-of-enclave-load-directory.patch # https://github.com/intel/SGXDataCenterAttestationPrimitives/pull/434 Patch0103: 0103-Look-for-versioned-sgx_urts-library-in-PCKRetrievalT.patch # https://github.com/intel/SGXDataCenterAttestationPrimitives/pull/429 -Patch0104: 0104-Don-t-import-pypac-in-pccsadmin.patch +Patch0104: 0104-pccsadmin-only-import-pypac-module-on-Windows.patch Patch0105: 0105-Look-for-PCKRetrievalTool-config-file-in-etc.patch Patch0106: 0106-Honour-CFLAGS-CXXFLAGS-LDFLAGS-for-various-tools-and.patch # https://github.com/intel/SGXDataCenterAttestationPrimitives/pull/428 @@ -352,14 +391,49 @@ Patch0114: 0114-Delete-broken-checks-for-GCC-version-that-break-fsta.patch #Patch0115: 0115-Use-distro-provided-rapidjson-package.patch Patch0116: 0116-Don-t-stomp-on-VERBOSE-variable.patch Patch0117: 0117-qgs-add-m-MODE-parameter-for-UNIX-socket-mode.patch +Patch0118: 0118-pccs-sanitize-paths-to-all-resources.patch +Patch0119: 0119-pccs-only-pass-ApiKey-if-it-is-set.patch +Patch0120: 0120-pccsadmin-make-keyring-module-optional.patch +Patch0121: 0121-pccsadmin-convert-from-asn1-to-pyasn1-python-module.patch +Patch0122: 0122-pccsadmin-fully-switch-to-pycryptography-for-CRL-ver.patch +Patch0123: 0123-pccsadmin-use-more-of-pycryptography-instead-of-pyop.patch +Patch0124: 0124-pccsadmin-prefer-pycryptography-over-pyopenssl.patch +Patch0125: 0125-pccsadmin-add-fallback-for-when-pyopenssl-is-not-ava.patch +Patch0126: 0126-pccsadmin-ignore-errors-trying-to-clear-the-keyring.patch +# https://github.com/intel/confidential-computing.tee.dcap/pull/485 +Patch0127: 0127-PCS-Client-Tool-Migrate-from-deprecated-pkg_resource.patch +# https://github.com/intel/confidential-computing.tee.dcap/pull/487 +Patch0128: 0128-qgs-add-compat-for-boost-1.87-which-drops-asio-io_se.patch +Patch0129: 0129-qgs-add-compat-for-boost-1.89-which-deprecated-deadl.patch +# Patches 0130->0135 collectively fix: +# CVE-2026-23745: node-tar +# CVE-2026-23950: node-tar +# CVE-2026-24842: node-tar +# CVE-2025-13465: lodash +# CVE-2025-15284: qs +Patch0130: 0130-Bump-tar-fs-from-2.1.2-to-2.1.3-in-QuoteGeneration-p.patch +Patch0131: 0131-Bump-on-headers-and-morgan-in-QuoteGeneration-pccs-4.patch +Patch0132: 0132-Bump-brace-expansion-from-1.1.11-to-1.1.12-in-QuoteG.patch +Patch0133: 0133-Bump-tar-fs-from-2.1.3-to-2.1.4-in-QuoteGeneration-p.patch +Patch0134: 0134-PCCS-dependencies-updated-to-latest-minor.patch +Patch0135: 0135-pccs-force-override-tar-module-to-7.0.0-series.patch +# https://github.com/intel/confidential-computing.tee.dcap/pull/489 +Patch0136: 0136-pccsadmin-fix-name-of-input-file-for-cache-command-i.patch # 0200-0299 -> against intel-sgx-ssl.git +# +# Maintained in https://github.com/berrange/intel-sgx-ssl/tree/dist-git-%{sgx_ssl_version} +# Patch0200: 0200-Enable-pointing-sgxssl-build-to-alternative-glibc-he.patch Patch0201: 0201-Workaround-missing-output-directory.patch Patch0202: 0202-Disable-various-EC-crypto-features.patch Patch0203: 0203-Disable-sm2-and-sm4-crypto-algorithms.patch + # 0300-0399 -> against ipp-crypto.git +# +# Maintained in https://github.com/berrange/ipp-crypto/tree/dist-git-%{ipp_crypto_version} +# Patch0300: 0300-Drop-min-openssl-from-3.0.8-to-3.0.7.patch Patch0301: 0301-Drop-Werror-from-build-flags.patch @@ -367,6 +441,7 @@ BuildRequires: sgx-rpm-macros BuildRequires: autoconf BuildRequires: automake BuildRequires: binutils +BuildRequires: chrpath BuildRequires: libtool BuildRequires: gcc BuildRequires: gcc-c++ @@ -385,7 +460,16 @@ BuildRequires: perl(FindBin) BuildRequires: perl(lib) BuildRequires: perl(IPC::Cmd) BuildRequires: nasm +BuildRequires: nodejs +BuildRequires: nodejs-devel +%if 0%{?rhel} == 9 +BuildRequires: npm +%else +BuildRequires: nodejs-npm +%endif +BuildRequires: nodejs-packaging BuildRequires: python-unversioned-command +BuildRequires: sqlite-devel BuildRequires: systemd-rpm-macros %if %{with_host_tinyxml2} BuildRequires: tinyxml2-devel @@ -397,6 +481,11 @@ BuildRequires: CppMicroServices-devel BuildRequires: protobuf-compiler BuildRequires: protobuf-devel BuildRequires: boost-devel +%if 0%{?rhel} +BuildRequires: rust-toolset +%else +BuildRequires: cargo-rpm-macros +%endif # If dpkg-architecture exists in $PATH, the Makefile # will change all the install paths, breaking this @@ -467,6 +556,7 @@ Requires: sgx-common = %{version}-%{release} This package contains the runtime libraries and tools required to run applications that interact with SGX enclaves on the platform. + %if %{with_aesm} %package -n sgx-aesm Summary: SGX platform Architectural Enclave Service Manager @@ -484,15 +574,33 @@ This package contains the Architectural Enclave Service Manager (AESM) daemon. %endif + +%package -n sgx-pccs +Summary: SGX Provisioning Certificate Caching Service +Requires: nodejs +Requires: sgx-common = %{version}-%{release} + +%description -n sgx-pccs +SGX Provisioning Certificate Caching Service + + %package -n sgx-pccs-admin Summary: SGX Provisioning Certificate Caching Service Admin Tool -Requires: python3-asn1 -Requires: python3-pyOpenSSL +Requires: python3-pyasn1 Requires: python3-cryptography +%if 0%{?fedora} Requires: python3-keyring +%endif Requires: python3-requests Requires: python3-urllib3 +Requires: python3-packaging +%if 0%{?rhel} +Requires: openssl +%endif Requires: sgx-libs = %{version}-%{release} +# pccs admin tool can be used against a remote pccs +# so don't force a hard dep +Recommends: sgx-pccs = %{version}-%{release} %description -n sgx-pccs-admin SGX Provisioning Certificate Caching Service Admin Tool @@ -519,8 +627,20 @@ SGX Multi-package Registration Agent %package -n tdx-qgs Summary: TDX Quoting Generation Service Requires: sgx-libs = %{version}-%{release} -Recommends: sgx-mpa sgx-pckid-tool -Suggests: sgx-pckid-tool +# mpa provides auto-registration of the platform, if it +# is enabled in EFI. If not enabled, it is a no-op so +# safe to have installed by default regardless, but use +# weak dep to allow skipping for optimized installs +Recommends: sgx-mpa = %{version}-%{release} +# If auto-registration is not enabled, the pckid-tool +# is needed for manual registration; it is also useful +# misc admin tasks +Recommends: sgx-pckid-tool = %{version}-%{release} +# In internet isolated hosts pccs can be used to +# provide pre-cached certs, either running it on +# localhost or on the LAN. Weak dep though as it +# is expected that LAN deployment is more common +Suggests: sgx-pccs = %{version}-%{release} %enclave_requires ide %{enclave_ide_version} %enclave_requires pce %{enclave_pce_version} @@ -554,7 +674,7 @@ in applications %prep -%setup -q -n linux-sgx-sgx_%{linux_sgx_version}_reproducible +%setup -q -n linux-sgx-sgx_%{linux_sgx_version} %autopatch -m 0 -M 49 -p1 %if !%{with_aesm} @@ -582,7 +702,7 @@ rm -rf external/tinyxml2 # Don't intend to package these optional bits since none of # the required enclaves need this, and thus we can cut down # on bundling some 3rd party code -rm -rf external/{dnnl,openmp,protobuf,mbedtls} sdk/sample_libcrypto +rm -rf external/{dnnl,openmp,protobuf} sdk/sample_libcrypto ############################################################ # dcap @@ -715,8 +835,9 @@ touch psw/ae/data/prebuilt/libsgx_{le,qe,pve,pce}.signed.so touch ../prebuilt/opa_bin/policy.wasm ) -# Sanity check that upstream hasn't include more prebult -# files that we've not expected. +# Sanity check that upstream hasn't include more prebuilt +# files that we're not expecting and thus failed to purge +# in the repack.sh script. find -name '*.a' -o -name '*.o' > prebuilt.txt if test -s prebuilt.txt then @@ -840,10 +961,15 @@ done ############################################################ # Fourth, build the Platform Software +# XXX temp override -j1 due to race conditions that have not yet been diagnosed +# +# Perhaps 20% of the time it will fail with error like: +# +# /usr/bin/ld: /builddir/build/BUILD/linux-sgx-2.26-build/linux-sgx-sgx_2.26/common/se_wrapper_psw/libwrapper.a: error adding symbols: file format not recognized CFLAGS="%{build_cflags}" \ CXXFLAGS="%{build_cxxflags}" \ LDFLAGS="%{build_ldflags}" \ -%__make %{?_smp_mflags} \ +%__make %{?_smp_mflags} -j1 \ -C psw/ V=1 VERBOSE=1 \ SGX_SDK=$(pwd)/%{vroot}/sgxsdk \ SGX_ENCLAVE_PATH=%{sgx_libdir} \ @@ -859,6 +985,40 @@ LDFLAGS="%{build_ldflags}" \ SGX_SDK=$(pwd)/%{vroot}/sgxsdk \ SGX_ENCLAVE_PATH=%{sgx_libdir} +( + # PCCS NodeJS deps bundle + + cd external/dcap_source + tar Jxvf %{SOURCE53} + + cd QuoteGeneration/pccs + + perl -i -p -e 's,"sqlite%":"internal","sqlite%":"/usr",' node_modules/sqlite3/binding.gyp + perl -i -p -e 's,\(sqlite\)/lib,(sqlite)/lib64,' node_modules/sqlite3/binding.gyp + + for pkg in node_modules/* + do + ( + cd $pkg + npm run install --if-present --nodedir=/usr + ) + done + + # Keep brp-mangle-shebangs happy + find node_modules -type f -exec chmod -x {} \; + + chrpath --delete node_modules/sqlite3/build/Release/node_sqlite3.node + + tar zxvf %{SOURCE55} + ( + cd node-ffi-rs-%{node_ffi_rs_version} + tar zxvf %{SOURCE56} + %cargo_prep -v vendor + %cargo_build + mv target/rpm/libffi_rs.so ../node_modules/ffi-rs/ffi-rs.linux-x64-gnu.node + ) +) + # SDK provides dummy stub libraries to deal with a circular # build dependancy problem where the PSW wants these libs @@ -872,24 +1032,10 @@ done rm -f %{vroot}/sgxsdk/lib64/libsgx_urts.so.2 -# Pull together all license files relevant to the code -# that is known to be built into the enclaves +# Pull together all license files relevant to the code that is shipped +# Err on the side of pulling in much too much, rather than miss something mkdir licenses -for f in License.txt \ - external/epid-sdk/LICENSE.txt \ - external/epid-sdk/ext/argtable3/LICENSE \ - sdk/compiler-rt/LICENSE.TXT \ - sdk/cpprt/linux/libunwind/LICENSE \ - sdk/gperftools/gperftools-2.7/COPYING \ - sdk/tlibcxx/LICENSE.TXT \ - external/dcap_source/License.txt \ - external/dcap_source/QuoteGeneration/ThirdPartyLicenses.txt \ - external/dcap_source/tools/PCKRetrievalTool/License.txt \ - external/dcap_source/tools/PCKRetrievalTool/ThirdPartyLicenseIndex.txt \ - external/dcap_source/tools/PccsAdminTool/License.txt \ - external/dcap_source/tools/SGXPlatformRegistration/inf/MPA_Network_Components/License.txt \ - external/dcap_source/tools/SGXPlatformRegistration/inf/MPA_UEFI_Components/License.txt \ - external/dcap_source/tools/SGXPlatformRegistration/license.txt +for f in $(find -type f | grep -v '\.pdf' | grep -E -i '(license|copying)') do d=$(dirname $f) mkdir -p licenses/$d @@ -987,6 +1133,7 @@ do done cp -a %{vroot}/root/ %{buildroot}/root + # Second, re-arrange the content to match the normal tree # layout Fedora expects. We rm/rmdir any bits we don't # want, such that RPM will warn about any files left in @@ -1054,6 +1201,51 @@ rmdir %{buildroot}/root/opt/intel/sgx-aesm-service %endif +############################################################ +# Host PCCS service + +# Home dir for 'pccs' user +%__install -d %{buildroot}%{_sharedstatedir}/pccs +%__install -d %{buildroot}%{_localstatedir}/log/pccs +%__install -d %{buildroot}%{_sysconfdir}/pccs +%__install -d %{buildroot}%{_sysconfdir}/pccs/ssl +%__install -d %{buildroot}%{nodejs_sitearch}/pccs + +mv %{buildroot}/root/opt/intel/sgx-dcap-pccs/lib/libPCKCertSelection.so \ + %{buildroot}%{_libdir}/libPCKCertSelection.so.1 +ln -s libPCKCertSelection.so.1 %{buildroot}%{_libdir}/libPCKCertSelection.so + +mv %{buildroot}/root/opt/intel/sgx-dcap-pccs/config/default.json \ + %{buildroot}%{_sysconfdir}/pccs/default.json +rmdir %{buildroot}/root/opt/intel/sgx-dcap-pccs/config +rm -f %{buildroot}/root/lib/systemd/system/pccs.service + +mv %{buildroot}/root/opt/intel/sgx-dcap-pccs/* \ + %{buildroot}%{nodejs_sitearch}/pccs +rmdir %{buildroot}/root/opt/intel/sgx-dcap-pccs + +( + # Node JS deps bundle + cd external/dcap_source/QuoteGeneration/pccs + rm -f install.sh README.md + + # So find-debuginfo processes it + chmod +x node_modules/sqlite3/build/Release/node_sqlite3.node + + cp -a node_modules %{buildroot}%{nodejs_sitearch}/pccs/node_modules +) + +cat >>%{buildroot}%{_sbindir}/pccs < - 2.26-7 +- Fix pccs npm security flaws + +* Wed Dec 10 2025 Daniel P. Berrangé - 2.26-6 +- Port to pycryptography and pyasn1 and make keyring optional + +* Wed Dec 10 2025 Daniel P. Berrangé - 2.26-5 +- Sync specfile changes from Fedora + +* Wed Dec 10 2025 Daniel P. Berrangé - 2.26-4 +- Drop sgx-mpa dep from sgx-pccs + +* Wed Dec 10 2025 Daniel P. Berrangé - 2.26-3 +- Add scriptlets for PCCS + +* Wed Dec 10 2025 Daniel P. Berrangé - 2.26-2 +- Enable pccsadmin everywhere + +* Tue Nov 18 2025 Daniel P. Berrangé - 2.26-1 +- Update to SGX 2.26 / DCAP 1.23, adding PCCS service + +* Mon Nov 17 2025 Daniel P. Berrangé - 2.25-7 +- Trigger udev to set perms on /dev/sgx_provision + * Mon Jun 16 2025 Daniel P. Berrangé - 2.25-6 - Temporarily disable automatic tier1 gating