From 2bcf66394f81ebdd93432ee1c04c953a6a95dd8b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rn=20Friedrich=20Dreyer?= Date: Tue, 25 Nov 2025 08:33:12 +0100 Subject: [PATCH] bump reva v2.39.3 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jörn Friedrich Dreyer --- go.mod | 4 +- go.sum | 8 +- .../github.com/coreos/go-oidc/v3/oidc/oidc.go | 4 +- .../storage/fs/posix/blobstore/blobstore.go | 8 +- .../reva/v2/pkg/utils/ldap/identity.go | 83 ++++++++++--------- vendor/modules.txt | 4 +- 6 files changed, 62 insertions(+), 49 deletions(-) diff --git a/go.mod b/go.mod index 1ffd714788..26a60b9fc2 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/beevik/etree v1.6.0 github.com/blevesearch/bleve/v2 v2.5.5 github.com/cenkalti/backoff v2.2.1+incompatible - github.com/coreos/go-oidc/v3 v3.16.0 + github.com/coreos/go-oidc/v3 v3.17.0 github.com/cs3org/go-cs3apis v0.0.0-20250908152307-4ca807afe54e github.com/davidbyttow/govips/v2 v2.16.0 github.com/dhowden/tag v0.0.0-20240417053706-3d75831295e8 @@ -64,7 +64,7 @@ require ( github.com/open-policy-agent/opa v1.10.1 github.com/opencloud-eu/icap-client v0.0.0-20250930132611-28a2afe62d89 github.com/opencloud-eu/libre-graph-api-go v1.0.8-0.20250724122329-41ba6b191e76 - github.com/opencloud-eu/reva/v2 v2.39.3-0.20251121093521-c51ed14c8397 + github.com/opencloud-eu/reva/v2 v2.39.3 github.com/opensearch-project/opensearch-go/v4 v4.5.0 github.com/orcaman/concurrent-map v1.0.0 github.com/pkg/errors v0.9.1 diff --git a/go.sum b/go.sum index 5d593b627f..b1a8014979 100644 --- a/go.sum +++ b/go.sum @@ -243,8 +243,8 @@ github.com/containerd/platforms v1.0.0-rc.1 h1:83KIq4yy1erSRgOVHNk1HYdPvzdJ5CnsW github.com/containerd/platforms v1.0.0-rc.1/go.mod h1:J71L7B+aiM5SdIEqmd9wp6THLVRzJGXfNuWCZCllLA4= github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= -github.com/coreos/go-oidc/v3 v3.16.0 h1:qRQUCFstKpXwmEjDQTIbyY/5jF00+asXzSkmkoa/mow= -github.com/coreos/go-oidc/v3 v3.16.0/go.mod h1:wqPbKFrVnE90vty060SB40FCJ8fTHTxSwyXJqZH+sI8= +github.com/coreos/go-oidc/v3 v3.17.0 h1:hWBGaQfbi0iVviX4ibC7bk8OKT5qNr4klBaCHVNvehc= +github.com/coreos/go-oidc/v3 v3.17.0/go.mod h1:wqPbKFrVnE90vty060SB40FCJ8fTHTxSwyXJqZH+sI8= github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= github.com/coreos/go-semver v0.3.1 h1:yi21YpKnrx1gt5R+la8n5WgS0kCrsPp33dmEyHReZr4= github.com/coreos/go-semver v0.3.1/go.mod h1:irMmmIw/7yzSRPWryHsK7EYSg09caPQL03VsM8rvUec= @@ -961,8 +961,8 @@ github.com/opencloud-eu/inotifywaitgo v0.0.0-20251111171128-a390bae3c5e9 h1:dIft github.com/opencloud-eu/inotifywaitgo v0.0.0-20251111171128-a390bae3c5e9/go.mod h1:JWyDC6H+5oZRdUJUgKuaye+8Ph5hEs6HVzVoPKzWSGI= github.com/opencloud-eu/libre-graph-api-go v1.0.8-0.20250724122329-41ba6b191e76 h1:vD/EdfDUrv4omSFjrinT8Mvf+8D7f9g4vgQ2oiDrVUI= github.com/opencloud-eu/libre-graph-api-go v1.0.8-0.20250724122329-41ba6b191e76/go.mod h1:pzatilMEHZFT3qV7C/X3MqOa3NlRQuYhlRhZTL+hN6Q= -github.com/opencloud-eu/reva/v2 v2.39.3-0.20251121093521-c51ed14c8397 h1:69kNapq4vaOfe6+KNF7Q7BibUjluCnK8VuS2UXigkjU= -github.com/opencloud-eu/reva/v2 v2.39.3-0.20251121093521-c51ed14c8397/go.mod h1:iB6Z8rgsbVMYMvicUm00ZwkwJHQow38K/GUSJgAPgEo= +github.com/opencloud-eu/reva/v2 v2.39.3 h1:/9NW08Bpy1GaNAPo8HrlyT21Flj8uNnOUyWLud1ehGc= +github.com/opencloud-eu/reva/v2 v2.39.3/go.mod h1:kkGiMeEVR59VjDsmWIczWqRcwK8cy9ogTd/u802U3NI= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040= diff --git a/vendor/github.com/coreos/go-oidc/v3/oidc/oidc.go b/vendor/github.com/coreos/go-oidc/v3/oidc/oidc.go index f6a7ea8a58..2659518cc4 100644 --- a/vendor/github.com/coreos/go-oidc/v3/oidc/oidc.go +++ b/vendor/github.com/coreos/go-oidc/v3/oidc/oidc.go @@ -162,7 +162,7 @@ var supportedAlgorithms = map[string]bool{ // parsing. // // // Directly fetch the metadata document. -// resp, err := http.Get("https://login.example.com/custom-metadata-path") +// resp, err := http.Get("https://login.example.com/custom-metadata-path") // if err != nil { // // ... // } @@ -267,7 +267,7 @@ func NewProvider(ctx context.Context, issuer string) (*Provider, error) { issuerURL = issuer } if p.Issuer != issuerURL && !skipIssuerValidation { - return nil, fmt.Errorf("oidc: issuer did not match the issuer returned by provider, expected %q got %q", issuer, p.Issuer) + return nil, fmt.Errorf("oidc: issuer URL provided to client (%q) did not match the issuer URL returned by provider (%q)", issuer, p.Issuer) } var algs []string for _, a := range p.Algorithms { diff --git a/vendor/github.com/opencloud-eu/reva/v2/pkg/storage/fs/posix/blobstore/blobstore.go b/vendor/github.com/opencloud-eu/reva/v2/pkg/storage/fs/posix/blobstore/blobstore.go index 71a969bce8..598725f536 100644 --- a/vendor/github.com/opencloud-eu/reva/v2/pkg/storage/fs/posix/blobstore/blobstore.go +++ b/vendor/github.com/opencloud-eu/reva/v2/pkg/storage/fs/posix/blobstore/blobstore.go @@ -25,11 +25,13 @@ import ( "io" "os" "path/filepath" + "strings" "time" "github.com/pkg/errors" "github.com/pkg/xattr" + "github.com/opencloud-eu/reva/v2/pkg/storage/pkg/decomposedfs/metadata/prefixes" "github.com/opencloud-eu/reva/v2/pkg/storage/pkg/decomposedfs/node" ) @@ -91,11 +93,15 @@ func (bs *Blobstore) Upload(n *node.Node, source, copyTarget string) error { var mtime *time.Time for k, v := range nodeAttributes { + if !strings.HasPrefix(k, prefixes.OcPrefix) { + continue + } + if err := xattr.Set(tempName, k, v); err != nil { return fmt.Errorf("failed to set xattr '%s' on temp file '%s' - %v", k, tempName, err) } - if k == "user.oc.mtime" { + if k == prefixes.MTimeAttr { tv, err := time.Parse(time.RFC3339Nano, string(v)) if err == nil { mtime = &tv diff --git a/vendor/github.com/opencloud-eu/reva/v2/pkg/utils/ldap/identity.go b/vendor/github.com/opencloud-eu/reva/v2/pkg/utils/ldap/identity.go index b6e9572894..a310a8ff6e 100644 --- a/vendor/github.com/opencloud-eu/reva/v2/pkg/utils/ldap/identity.go +++ b/vendor/github.com/opencloud-eu/reva/v2/pkg/utils/ldap/identity.go @@ -541,24 +541,47 @@ func (i *Identity) GetLDAPGroupMembers(ctx context.Context, lc ldap.Client, grou return memberEntries, nil } -func filterEscapeBinaryUUID(value uuid.UUID) string { - filtered := "" - for _, b := range value { - filtered = fmt.Sprintf("%s\\%02x", filtered, b) +func filterEscapeAttribute(attribute string, binary bool, id string) (string, error) { + var escaped string + if binary { + pid, err := uuid.Parse(id) + if err != nil { + err := fmt.Errorf("error parsing id '%s' as UUID: %w", id, err) + return "", err + } + escaped = filterEscapeBinaryUUID(attribute, pid) + } else { + escaped = ldap.EscapeFilter(id) } - return filtered + return escaped, nil +} + +func filterEscapeBinaryUUID(attribute string, value uuid.UUID) string { + bytes := value[:] + + // AD stores objectGUID with mixed endianness 🤪 - swap first 3 components + if strings.EqualFold(attribute, "objectguid") { + bytes = []byte{ + value[3], value[2], value[1], value[0], // First component (4 bytes) - reverse + value[5], value[4], // Second component (2 bytes) - reverse + value[7], value[6], // Third component (2 bytes) - reverse + value[8], value[9], value[10], value[11], value[12], value[13], value[14], value[15], // Last 8 bytes - keep as-is + } + } + + var filtered strings.Builder + filtered.Grow(len(bytes) * 3) // Pre-allocate: each byte becomes "\xx" + for _, b := range bytes { + fmt.Fprintf(&filtered, "\\%02x", b) + } + return filtered.String() } func (i *Identity) getUserFilter(uid *identityUser.UserId) (string, error) { var escapedUUID string - if i.User.Schema.IDIsOctetString { - id, err := uuid.Parse(uid.GetOpaqueId()) - if err != nil { - return "", fmt.Errorf("error parsing OpaqueID '%s' as UUID: %w", uid, err) - } - escapedUUID = filterEscapeBinaryUUID(id) - } else { - escapedUUID = ldap.EscapeFilter(uid.GetOpaqueId()) + escapedUUID, err := filterEscapeAttribute(i.User.Schema.ID, i.User.Schema.IDIsOctetString, uid.GetOpaqueId()) + if err != nil { + return "", fmt.Errorf("error parsing OpaqueID '%s' as UUID: %w", uid, err) } return fmt.Sprintf("(&%s(objectclass=%s)%s(%s=%s))", i.User.Filter, @@ -586,14 +609,9 @@ func (i *Identity) getUserAttributeFilter(attribute, value, tenantID string) (st default: return "", errors.New("ldap: invalid field " + attribute) } - if attribute == i.User.Schema.ID && i.User.Schema.IDIsOctetString { - id, err := uuid.Parse(value) - if err != nil { - return "", fmt.Errorf("error parsing OpaqueID '%s' as UUID: %w", value, err) - } - value = filterEscapeBinaryUUID(id) - } else { - value = ldap.EscapeFilter(value) + value, err := filterEscapeAttribute(i.User.Schema.ID, i.User.Schema.IDIsOctetString, value) + if err != nil { + return "", fmt.Errorf("error parsing attribute '%s' value '%s' as UUID: %w", attribute, value, err) } return fmt.Sprintf("(&%s(objectclass=%s)(%s=%s)%s%s)", i.User.Filter, @@ -719,15 +737,9 @@ func (i *Identity) getGroupMemberFilter(memberName string) string { } func (i *Identity) getGroupFilter(id string) (string, error) { - var escapedUUID string - if i.Group.Schema.IDIsOctetString { - id, err := uuid.Parse(id) - if err != nil { - return "", fmt.Errorf("error parsing OpaqueID '%s' as UUID: %w", id, err) - } - escapedUUID = filterEscapeBinaryUUID(id) - } else { - escapedUUID = ldap.EscapeFilter(id) + escapedUUID, err := filterEscapeAttribute(i.Group.Schema.ID, i.Group.Schema.IDIsOctetString, id) + if err != nil { + return "", fmt.Errorf("error parsing attribute '%s' value '%s' as UUID: %w", i.Group.Schema.ID, id, err) } return fmt.Sprintf("(&%s(objectclass=%s)(%s=%s))", @@ -753,14 +765,9 @@ func (i *Identity) getGroupAttributeFilter(attribute, value string) (string, err default: return "", errors.New("ldap: invalid field " + attribute) } - if attribute == i.Group.Schema.ID && i.Group.Schema.IDIsOctetString { - id, err := uuid.Parse(value) - if err != nil { - return "", fmt.Errorf("error parsing OpaqueID '%s' as UUID: %w", value, err) - } - value = filterEscapeBinaryUUID(id) - } else { - value = ldap.EscapeFilter(value) + value, err := filterEscapeAttribute(i.Group.Schema.ID, i.Group.Schema.IDIsOctetString, value) + if err != nil { + return "", fmt.Errorf("error parsing attribute '%s' value '%s' as UUID: %w", attribute, value, err) } return fmt.Sprintf("(&%s(objectclass=%s)(%s=%s))", i.Group.Filter, diff --git a/vendor/modules.txt b/vendor/modules.txt index 8330f2794f..cac70b766f 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -291,7 +291,7 @@ github.com/containerd/log # github.com/containerd/platforms v1.0.0-rc.1 ## explicit; go 1.20 github.com/containerd/platforms -# github.com/coreos/go-oidc/v3 v3.16.0 +# github.com/coreos/go-oidc/v3 v3.17.0 ## explicit; go 1.24.0 github.com/coreos/go-oidc/v3/oidc # github.com/coreos/go-semver v0.3.1 @@ -1355,7 +1355,7 @@ github.com/opencloud-eu/icap-client # github.com/opencloud-eu/libre-graph-api-go v1.0.8-0.20250724122329-41ba6b191e76 ## explicit; go 1.18 github.com/opencloud-eu/libre-graph-api-go -# github.com/opencloud-eu/reva/v2 v2.39.3-0.20251121093521-c51ed14c8397 +# github.com/opencloud-eu/reva/v2 v2.39.3 ## explicit; go 1.24.1 github.com/opencloud-eu/reva/v2/cmd/revad/internal/grace github.com/opencloud-eu/reva/v2/cmd/revad/runtime