upgrade to most recent bluemonday (#11007)

* upgrade to most recent bluemonday

* make vendor

* update tests for bluemonday

* update tests for bluemonday

* update tests for bluemonday

go.mod

@@ -75,7 +75,7 @@ require (
 	github.com/mcuadros/go-version v0.0.0-20190308113854-92cdf37c5b75
 	github.com/mgechev/dots v0.0.0-20190921121421-c36f7dcfbb81
 	github.com/mgechev/revive v1.0.2
-	github.com/microcosm-cc/bluemonday v0.0.0-20161012083705-f77f16ffc87a
+	github.com/microcosm-cc/bluemonday v1.0.3-0.20191119130333-0a75d7616912
 	github.com/mitchellh/go-homedir v1.1.0
 	github.com/msteinert/pam v0.0.0-20151204160544-02ccfbfaf0cc
 	github.com/nfnt/resize v0.0.0-20160724205520-891127d8d1b5
@@ -108,9 +108,9 @@ require (
 	github.com/yuin/goldmark v1.1.25
 	go.etcd.io/bbolt v1.3.3 // indirect
 	golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073
-	golang.org/x/net v0.0.0-20200301022130-244492dfa37a
+	golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e
 	golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45
-	golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527
+	golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd
 	golang.org/x/text v0.3.2
 	golang.org/x/tools v0.0.0-20200325010219-a49f79bcc224
 	gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect

go.sum

@@ -75,6 +75,8 @@ github.com/asaskevich/govalidator v0.0.0-20180720115003-f9ffefc3facf/go.mod h1:l
 github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a h1:idn718Q4B6AGu/h5Sxe66HYVdqdGu2l9Iebqhi/AEoA=
 github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
 github.com/aws/aws-sdk-go v1.25.25/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
+github.com/aymerick/douceur v0.2.0 h1:Mv+mAeH1Q+n9Fr+oyamOlAkUNPWPlA8PPGR0QAaYuPk=
+github.com/aymerick/douceur v0.2.0/go.mod h1:wlT5vV2O3h55X9m7iVYN0TBM0NH/MmbLnd30/FjWUq4=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
@@ -94,6 +96,8 @@ github.com/boombuler/barcode v0.0.0-20161226211916-fe0f26ff6d26/go.mod h1:paBWMc
 github.com/bradfitz/gomemcache v0.0.0-20190329173943-551aad21a668 h1:U/lr3Dgy4WK+hNk4tyD+nuGjpVLPEHuJSFXMw11/HPA=
 github.com/bradfitz/gomemcache v0.0.0-20190329173943-551aad21a668/go.mod h1:H0wQNHz2YrLsuXOZozoeDmnHXkNCRmMW0gwFWDfEZDA=
 github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
+github.com/chris-ramon/douceur v0.2.0 h1:IDMEdxlEUUBYBKE4z/mJnFyVXox+MjuEVDJNN27glkU=
+github.com/chris-ramon/douceur v0.2.0/go.mod h1:wDW5xjJdeoMm1mRt4sD4c/LbF/mWdEpRXQKjTR8nIBE=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
 github.com/corbym/gocrest v1.0.3 h1:gwEdq6RkTmq+09CTuM29DfKOCtZ7G7bcyxs3IZ6EVdU=
 github.com/corbym/gocrest v1.0.3/go.mod h1:maVFL5lbdS2PgfOQgGRWDYTeunSWQeiEgoNdTABShCs=
@@ -312,6 +316,8 @@ github.com/gopherjs/gopherjs v0.0.0-20190910122728-9d188e94fb99 h1:twflg0XRTjwKp
 github.com/gopherjs/gopherjs v0.0.0-20190910122728-9d188e94fb99/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
 github.com/gorilla/context v1.1.1 h1:AWwleXJkX/nhcU9bZSnZoi3h/qGYqQAGhq6zZe/aQW8=
 github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg=
+github.com/gorilla/css v1.0.0 h1:BQqNyPTi50JCFMTw/b67hByjMVXZRwGha6wxVGkeihY=
+github.com/gorilla/css v1.0.0/go.mod h1:Dn721qIggHpt4+EFCcTLTU/vk5ySda2ReITrtgBl60c=
 github.com/gorilla/handlers v1.4.2 h1:0QniY0USkHQ1RGCLfKxeNHK9bkDHGRYGNDFBCS+YARg=
 github.com/gorilla/handlers v1.4.2/go.mod h1:Qkdc/uu4tH4g6mTK6auzZ766c4CA0Ng8+o/OAirnOIQ=
 github.com/gorilla/mux v1.6.2 h1:Pgr17XVTNXAk3q/r4CpKzC5xBM/qW1uVLV+IhRZpIIk=
@@ -426,8 +432,8 @@ github.com/mgechev/dots v0.0.0-20190921121421-c36f7dcfbb81 h1:QASJXOGm2RZ5Ardbc8
 github.com/mgechev/dots v0.0.0-20190921121421-c36f7dcfbb81/go.mod h1:KQ7+USdGKfpPjXk4Ga+5XxQM4Lm4e3gAogrreFAYpOg=
 github.com/mgechev/revive v1.0.2 h1:v0NxxQ7fSFz/u1NQydPo6EGdq7va0J1BtsZmae6kzUg=
 github.com/mgechev/revive v1.0.2/go.mod h1:rb0dQy1LVAxW9SWy5R3LPUjevzUbUS316U5MFySA2lo=
-github.com/microcosm-cc/bluemonday v0.0.0-20161012083705-f77f16ffc87a h1:d18LCO3ctH2kugUqt0pEyKKP8L+IYrocaPqGFilhTKk=
+github.com/microcosm-cc/bluemonday v1.0.3-0.20191119130333-0a75d7616912 h1:hJde9rA24hlTcAYSwJoXpDUyGtfKQ/jsofw+WaDqGrI=
-github.com/microcosm-cc/bluemonday v0.0.0-20161012083705-f77f16ffc87a/go.mod h1:hsXNsILzKxV+sX77C5b8FSuKF00vh2OMYv+xgHpAMF4=
+github.com/microcosm-cc/bluemonday v1.0.3-0.20191119130333-0a75d7616912/go.mod h1:8iwZnFn2CDDNZ0r6UXhF4xawGvzaqzCRa1n3/lO3W2w=
 github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
 github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
 github.com/mitchellh/mapstructure v1.1.2 h1:fmNYVwqnSfB9mZU6OS2O6GsXM+wcskZDuKQzvN1EDeE=
@@ -679,6 +685,8 @@ golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLL
 golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200301022130-244492dfa37a h1:GuSPYbZzB5/dcLNCwLQLsg3obCJtX9IJhpXkvY7kzk0=
 golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e h1:3G+cUijn7XD+S4eJFddp53Pv7+slrESplyjG25HgL+k=
+golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/oauth2 v0.0.0-20180620175406-ef147856a6dd/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -718,6 +726,8 @@ golang.org/x/sys v0.0.0-20191010194322-b09406accb47/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527 h1:uYVVQ9WP/Ds2ROhcaGPeIdVq0RIXVLwsHlnvJ+cT1So=
 golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd h1:xhmwyvizuTgC2qz7ZlMluP20uW+C3Rm0FD/WLDX8884=
+golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs=

modules/markup/html_test.go

@@ -117,13 +117,13 @@ func TestRender_links(t *testing.T) {
 		`<p><a href="http://www.example.com/wpstyle/?p=364" rel="nofollow">http://www.example.com/wpstyle/?p=364</a></p>`)
 	test(
 		"https://www.example.com/foo/?bar=baz&inga=42&quux",
-		`<p><a href="https://www.example.com/foo/?bar=baz&amp;inga=42&amp;quux" rel="nofollow">https://www.example.com/foo/?bar=baz&amp;inga=42&amp;quux</a></p>`)
+		`<p><a href="https://www.example.com/foo/?bar=baz&inga=42&quux=" rel="nofollow">https://www.example.com/foo/?bar=baz&amp;inga=42&amp;quux</a></p>`)
 	test(
 		"http://142.42.1.1/",
 		`<p><a href="http://142.42.1.1/" rel="nofollow">http://142.42.1.1/</a></p>`)
 	test(
 		"https://github.com/go-gitea/gitea/?p=aaa/bbb.html#ccc-ddd",
-		`<p><a href="https://github.com/go-gitea/gitea/?p=aaa/bbb.html#ccc-ddd" rel="nofollow">https://github.com/go-gitea/gitea/?p=aaa/bbb.html#ccc-ddd</a></p>`)
+		`<p><a href="https://github.com/go-gitea/gitea/?p=aaa%2Fbbb.html#ccc-ddd" rel="nofollow">https://github.com/go-gitea/gitea/?p=aaa/bbb.html#ccc-ddd</a></p>`)
 	test(
 		"https://en.wikipedia.org/wiki/URL_(disambiguation)",
 		`<p><a href="https://en.wikipedia.org/wiki/URL_(disambiguation)" rel="nofollow">https://en.wikipedia.org/wiki/URL_(disambiguation)</a></p>`)
@@ -141,7 +141,7 @@ func TestRender_links(t *testing.T) {
 		`<p><a href="ftp://gitea.com/file.txt" rel="nofollow">ftp://gitea.com/file.txt</a></p>`)
 	test(
 		"magnet:?xt=urn:btih:5dee65101db281ac9c46344cd6b175cdcadabcde&dn=download",
-		`<p><a href="magnet:?xt=urn:btih:5dee65101db281ac9c46344cd6b175cdcadabcde&amp;dn=download" rel="nofollow">magnet:?xt=urn:btih:5dee65101db281ac9c46344cd6b175cdcadabcde&amp;dn=download</a></p>`)
+		`<p><a href="magnet:?dn=download&xt=urn%3Abtih%3A5dee65101db281ac9c46344cd6b175cdcadabcde" rel="nofollow">magnet:?xt=urn:btih:5dee65101db281ac9c46344cd6b175cdcadabcde&amp;dn=download</a></p>`)
 
 	// Test that should *not* be turned into URL
 	test(

vendor/github.com/aymerick/douceur/LICENSE

@@ -0,0 +1,22 @@
+The MIT License (MIT)
+
+Copyright (c) 2015 Aymerick JEHANNE
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+

vendor/github.com/aymerick/douceur/css/declaration.go

@@ -0,0 +1,60 @@
+package css
+
+import "fmt"
+
+// Declaration represents a parsed style property
+type Declaration struct {
+	Property  string
+	Value     string
+	Important bool
+}
+
+// NewDeclaration instanciates a new Declaration
+func NewDeclaration() *Declaration {
+	return &Declaration{}
+}
+
+// Returns string representation of the Declaration
+func (decl *Declaration) String() string {
+	return decl.StringWithImportant(true)
+}
+
+// StringWithImportant returns string representation with optional !important part
+func (decl *Declaration) StringWithImportant(option bool) string {
+	result := fmt.Sprintf("%s: %s", decl.Property, decl.Value)
+
+	if option && decl.Important {
+		result += " !important"
+	}
+
+	result += ";"
+
+	return result
+}
+
+// Equal returns true if both Declarations are equals
+func (decl *Declaration) Equal(other *Declaration) bool {
+	return (decl.Property == other.Property) && (decl.Value == other.Value) && (decl.Important == other.Important)
+}
+
+//
+// DeclarationsByProperty
+//
+
+// DeclarationsByProperty represents sortable style declarations
+type DeclarationsByProperty []*Declaration
+
+// Implements sort.Interface
+func (declarations DeclarationsByProperty) Len() int {
+	return len(declarations)
+}
+
+// Implements sort.Interface
+func (declarations DeclarationsByProperty) Swap(i, j int) {
+	declarations[i], declarations[j] = declarations[j], declarations[i]
+}
+
+// Implements sort.Interface
+func (declarations DeclarationsByProperty) Less(i, j int) bool {
+	return declarations[i].Property < declarations[j].Property
+}

vendor/github.com/aymerick/douceur/css/rule.go

@@ -0,0 +1,230 @@
+package css
+
+import (
+	"fmt"
+	"strings"
+)
+
+const (
+	indentSpace = 2
+)
+
+// RuleKind represents a Rule kind
+type RuleKind int
+
+// Rule kinds
+const (
+	QualifiedRule RuleKind = iota
+	AtRule
+)
+
+// At Rules than have Rules inside their block instead of Declarations
+var atRulesWithRulesBlock = []string{
+	"@document", "@font-feature-values", "@keyframes", "@media", "@supports",
+}
+
+// Rule represents a parsed CSS rule
+type Rule struct {
+	Kind RuleKind
+
+	// At Rule name (eg: "@media")
+	Name string
+
+	// Raw prelude
+	Prelude string
+
+	// Qualified Rule selectors parsed from prelude
+	Selectors []string
+
+	// Style properties
+	Declarations []*Declaration
+
+	// At Rule embedded rules
+	Rules []*Rule
+
+	// Current rule embedding level
+	EmbedLevel int
+}
+
+// NewRule instanciates a new Rule
+func NewRule(kind RuleKind) *Rule {
+	return &Rule{
+		Kind: kind,
+	}
+}
+
+// Returns string representation of rule kind
+func (kind RuleKind) String() string {
+	switch kind {
+	case QualifiedRule:
+		return "Qualified Rule"
+	case AtRule:
+		return "At Rule"
+	default:
+		return "WAT"
+	}
+}
+
+// EmbedsRules returns true if this rule embeds another rules
+func (rule *Rule) EmbedsRules() bool {
+	if rule.Kind == AtRule {
+		for _, atRuleName := range atRulesWithRulesBlock {
+			if rule.Name == atRuleName {
+				return true
+			}
+		}
+	}
+
+	return false
+}
+
+// Equal returns true if both rules are equals
+func (rule *Rule) Equal(other *Rule) bool {
+	if (rule.Kind != other.Kind) ||
+		(rule.Prelude != other.Prelude) ||
+		(rule.Name != other.Name) {
+		return false
+	}
+
+	if (len(rule.Selectors) != len(other.Selectors)) ||
+		(len(rule.Declarations) != len(other.Declarations)) ||
+		(len(rule.Rules) != len(other.Rules)) {
+		return false
+	}
+
+	for i, sel := range rule.Selectors {
+		if sel != other.Selectors[i] {
+			return false
+		}
+	}
+
+	for i, decl := range rule.Declarations {
+		if !decl.Equal(other.Declarations[i]) {
+			return false
+		}
+	}
+
+	for i, rule := range rule.Rules {
+		if !rule.Equal(other.Rules[i]) {
+			return false
+		}
+	}
+
+	return true
+}
+
+// Diff returns a string representation of rules differences
+func (rule *Rule) Diff(other *Rule) []string {
+	result := []string{}
+
+	if rule.Kind != other.Kind {
+		result = append(result, fmt.Sprintf("Kind: %s | %s", rule.Kind.String(), other.Kind.String()))
+	}
+
+	if rule.Prelude != other.Prelude {
+		result = append(result, fmt.Sprintf("Prelude: \"%s\" | \"%s\"", rule.Prelude, other.Prelude))
+	}
+
+	if rule.Name != other.Name {
+		result = append(result, fmt.Sprintf("Name: \"%s\" | \"%s\"", rule.Name, other.Name))
+	}
+
+	if len(rule.Selectors) != len(other.Selectors) {
+		result = append(result, fmt.Sprintf("Selectors: %v | %v", strings.Join(rule.Selectors, ", "), strings.Join(other.Selectors, ", ")))
+	} else {
+		for i, sel := range rule.Selectors {
+			if sel != other.Selectors[i] {
+				result = append(result, fmt.Sprintf("Selector: \"%s\" | \"%s\"", sel, other.Selectors[i]))
+			}
+		}
+	}
+
+	if len(rule.Declarations) != len(other.Declarations) {
+		result = append(result, fmt.Sprintf("Declarations Nb: %d | %d", len(rule.Declarations), len(other.Declarations)))
+	} else {
+		for i, decl := range rule.Declarations {
+			if !decl.Equal(other.Declarations[i]) {
+				result = append(result, fmt.Sprintf("Declaration: \"%s\" | \"%s\"", decl.String(), other.Declarations[i].String()))
+			}
+		}
+	}
+
+	if len(rule.Rules) != len(other.Rules) {
+		result = append(result, fmt.Sprintf("Rules Nb: %d | %d", len(rule.Rules), len(other.Rules)))
+	} else {
+
+		for i, rule := range rule.Rules {
+			if !rule.Equal(other.Rules[i]) {
+				result = append(result, fmt.Sprintf("Rule: \"%s\" | \"%s\"", rule.String(), other.Rules[i].String()))
+			}
+		}
+	}
+
+	return result
+}
+
+// Returns the string representation of a rule
+func (rule *Rule) String() string {
+	result := ""
+
+	if rule.Kind == QualifiedRule {
+		for i, sel := range rule.Selectors {
+			if i != 0 {
+				result += ", "
+			}
+			result += sel
+		}
+	} else {
+		// AtRule
+		result += fmt.Sprintf("%s", rule.Name)
+
+		if rule.Prelude != "" {
+			if result != "" {
+				result += " "
+			}
+			result += fmt.Sprintf("%s", rule.Prelude)
+		}
+	}
+
+	if (len(rule.Declarations) == 0) && (len(rule.Rules) == 0) {
+		result += ";"
+	} else {
+		result += " {\n"
+
+		if rule.EmbedsRules() {
+			for _, subRule := range rule.Rules {
+				result += fmt.Sprintf("%s%s\n", rule.indent(), subRule.String())
+			}
+		} else {
+			for _, decl := range rule.Declarations {
+				result += fmt.Sprintf("%s%s\n", rule.indent(), decl.String())
+			}
+		}
+
+		result += fmt.Sprintf("%s}", rule.indentEndBlock())
+	}
+
+	return result
+}
+
+// Returns identation spaces for declarations and rules
+func (rule *Rule) indent() string {
+	result := ""
+
+	for i := 0; i < ((rule.EmbedLevel + 1) * indentSpace); i++ {
+		result += " "
+	}
+
+	return result
+}
+
+// Returns identation spaces for end of block character
+func (rule *Rule) indentEndBlock() string {
+	result := ""
+
+	for i := 0; i < (rule.EmbedLevel * indentSpace); i++ {
+		result += " "
+	}
+
+	return result
+}

vendor/github.com/aymerick/douceur/css/stylesheet.go

@@ -0,0 +1,25 @@
+package css
+
+// Stylesheet represents a parsed stylesheet
+type Stylesheet struct {
+	Rules []*Rule
+}
+
+// NewStylesheet instanciate a new Stylesheet
+func NewStylesheet() *Stylesheet {
+	return &Stylesheet{}
+}
+
+// Returns string representation of the Stylesheet
+func (sheet *Stylesheet) String() string {
+	result := ""
+
+	for _, rule := range sheet.Rules {
+		if result != "" {
+			result += "\n"
+		}
+		result += rule.String()
+	}
+
+	return result
+}

vendor/github.com/chris-ramon/douceur/LICENSE

@@ -0,0 +1,22 @@
+The MIT License (MIT)
+
+Copyright (c) 2015 Aymerick JEHANNE
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+

vendor/github.com/chris-ramon/douceur/parser/parser.go

@@ -0,0 +1,409 @@
+package parser
+
+import (
+	"errors"
+	"fmt"
+	"regexp"
+	"strings"
+
+	"github.com/gorilla/css/scanner"
+
+	"github.com/aymerick/douceur/css"
+)
+
+const (
+	importantSuffixRegexp = `(?i)\s*!important\s*$`
+)
+
+var (
+	importantRegexp *regexp.Regexp
+)
+
+// Parser represents a CSS parser
+type Parser struct {
+	scan *scanner.Scanner // Tokenizer
+
+	// Tokens parsed but not consumed yet
+	tokens []*scanner.Token
+
+	// Rule embedding level
+	embedLevel int
+}
+
+func init() {
+	importantRegexp = regexp.MustCompile(importantSuffixRegexp)
+}
+
+// NewParser instanciates a new parser
+func NewParser(txt string) *Parser {
+	return &Parser{
+		scan: scanner.New(txt),
+	}
+}
+
+// Parse parses a whole stylesheet
+func Parse(text string) (*css.Stylesheet, error) {
+	result, err := NewParser(text).ParseStylesheet()
+	if err != nil {
+		return nil, err
+	}
+
+	return result, nil
+}
+
+// ParseDeclarations parses CSS declarations
+func ParseDeclarations(text string) ([]*css.Declaration, error) {
+	result, err := NewParser(text).ParseDeclarations()
+	if err != nil {
+		return nil, err
+	}
+
+	return result, nil
+}
+
+// ParseStylesheet parses a stylesheet
+func (parser *Parser) ParseStylesheet() (*css.Stylesheet, error) {
+	result := css.NewStylesheet()
+
+	// Parse BOM
+	if _, err := parser.parseBOM(); err != nil {
+		return result, err
+	}
+
+	// Parse list of rules
+	rules, err := parser.ParseRules()
+	if err != nil {
+		return result, err
+	}
+
+	result.Rules = rules
+
+	return result, nil
+}
+
+// ParseRules parses a list of rules
+func (parser *Parser) ParseRules() ([]*css.Rule, error) {
+	result := []*css.Rule{}
+
+	inBlock := false
+	if parser.tokenChar("{") {
+		// parsing a block of rules
+		inBlock = true
+		parser.embedLevel++
+
+		parser.shiftToken()
+	}
+
+	for parser.tokenParsable() {
+		if parser.tokenIgnorable() {
+			parser.shiftToken()
+		} else if parser.tokenChar("}") {
+			if !inBlock {
+				errMsg := fmt.Sprintf("Unexpected } character: %s", parser.nextToken().String())
+				return result, errors.New(errMsg)
+			}
+
+			parser.shiftToken()
+			parser.embedLevel--
+
+			// finished
+			break
+		} else {
+			rule, err := parser.ParseRule()
+			if err != nil {
+				return result, err
+			}
+
+			rule.EmbedLevel = parser.embedLevel
+			result = append(result, rule)
+		}
+	}
+
+	return result, parser.err()
+}
+
+// ParseRule parses a rule
+func (parser *Parser) ParseRule() (*css.Rule, error) {
+	if parser.tokenAtKeyword() {
+		return parser.parseAtRule()
+	}
+
+	return parser.parseQualifiedRule()
+}
+
+// ParseDeclarations parses a list of declarations
+func (parser *Parser) ParseDeclarations() ([]*css.Declaration, error) {
+	result := []*css.Declaration{}
+
+	if parser.tokenChar("{") {
+		parser.shiftToken()
+	}
+
+	for parser.tokenParsable() {
+		if parser.tokenIgnorable() {
+			parser.shiftToken()
+		} else if parser.tokenChar("}") {
+			// end of block
+			parser.shiftToken()
+			break
+		} else {
+			declaration, err := parser.ParseDeclaration()
+			if err != nil {
+				return result, err
+			}
+
+			result = append(result, declaration)
+		}
+	}
+
+	return result, parser.err()
+}
+
+// ParseDeclaration parses a declaration
+func (parser *Parser) ParseDeclaration() (*css.Declaration, error) {
+	result := css.NewDeclaration()
+	curValue := ""
+
+	for parser.tokenParsable() {
+		if parser.tokenChar(":") {
+			result.Property = strings.TrimSpace(curValue)
+			curValue = ""
+
+			parser.shiftToken()
+		} else if parser.tokenChar(";") || parser.tokenChar("}") {
+			if result.Property == "" {
+				errMsg := fmt.Sprintf("Unexpected ; character: %s", parser.nextToken().String())
+				return result, errors.New(errMsg)
+			}
+
+			if importantRegexp.MatchString(curValue) {
+				result.Important = true
+				curValue = importantRegexp.ReplaceAllString(curValue, "")
+			}
+
+			result.Value = strings.TrimSpace(curValue)
+
+			if parser.tokenChar(";") {
+				parser.shiftToken()
+			}
+
+			// finished
+			break
+		} else {
+			token := parser.shiftToken()
+			curValue += token.Value
+		}
+	}
+
+	// log.Printf("[parsed] Declaration: %s", result.String())
+
+	return result, parser.err()
+}
+
+// Parse an At Rule
+func (parser *Parser) parseAtRule() (*css.Rule, error) {
+	// parse rule name (eg: "@import")
+	token := parser.shiftToken()
+
+	result := css.NewRule(css.AtRule)
+	result.Name = token.Value
+
+	for parser.tokenParsable() {
+		if parser.tokenChar(";") {
+			parser.shiftToken()
+
+			// finished
+			break
+		} else if parser.tokenChar("{") {
+			if result.EmbedsRules() {
+				// parse rules block
+				rules, err := parser.ParseRules()
+				if err != nil {
+					return result, err
+				}
+
+				result.Rules = rules
+			} else {
+				// parse declarations block
+				declarations, err := parser.ParseDeclarations()
+				if err != nil {
+					return result, err
+				}
+
+				result.Declarations = declarations
+			}
+
+			// finished
+			break
+		} else {
+			// parse prelude
+			prelude, err := parser.parsePrelude()
+			if err != nil {
+				return result, err
+			}
+
+			result.Prelude = prelude
+		}
+	}
+
+	// log.Printf("[parsed] Rule: %s", result.String())
+
+	return result, parser.err()
+}
+
+// Parse a Qualified Rule
+func (parser *Parser) parseQualifiedRule() (*css.Rule, error) {
+	result := css.NewRule(css.QualifiedRule)
+
+	for parser.tokenParsable() {
+		if parser.tokenChar("{") {
+			if result.Prelude == "" {
+				errMsg := fmt.Sprintf("Unexpected { character: %s", parser.nextToken().String())
+				return result, errors.New(errMsg)
+			}
+
+			// parse declarations block
+			declarations, err := parser.ParseDeclarations()
+			if err != nil {
+				return result, err
+			}
+
+			result.Declarations = declarations
+
+			// finished
+			break
+		} else {
+			// parse prelude
+			prelude, err := parser.parsePrelude()
+			if err != nil {
+				return result, err
+			}
+
+			result.Prelude = prelude
+		}
+	}
+
+	result.Selectors = strings.Split(result.Prelude, ",")
+	for i, sel := range result.Selectors {
+		result.Selectors[i] = strings.TrimSpace(sel)
+	}
+
+	// log.Printf("[parsed] Rule: %s", result.String())
+
+	return result, parser.err()
+}
+
+// Parse Rule prelude
+func (parser *Parser) parsePrelude() (string, error) {
+	result := ""
+
+	for parser.tokenParsable() && !parser.tokenEndOfPrelude() {
+		token := parser.shiftToken()
+		result += token.Value
+	}
+
+	result = strings.TrimSpace(result)
+
+	// log.Printf("[parsed] prelude: %s", result)
+
+	return result, parser.err()
+}
+
+// Parse BOM
+func (parser *Parser) parseBOM() (bool, error) {
+	if parser.nextToken().Type == scanner.TokenBOM {
+		parser.shiftToken()
+		return true, nil
+	}
+
+	return false, parser.err()
+}
+
+// Returns next token without removing it from tokens buffer
+func (parser *Parser) nextToken() *scanner.Token {
+	if len(parser.tokens) == 0 {
+		// fetch next token
+		nextToken := parser.scan.Next()
+
+		// log.Printf("[token] %s => %v", nextToken.Type.String(), nextToken.Value)
+
+		// queue it
+		parser.tokens = append(parser.tokens, nextToken)
+	}
+
+	return parser.tokens[0]
+}
+
+// Returns next token and remove it from the tokens buffer
+func (parser *Parser) shiftToken() *scanner.Token {
+	var result *scanner.Token
+
+	result, parser.tokens = parser.tokens[0], parser.tokens[1:]
+	return result
+}
+
+// Returns tokenizer error, or nil if no error
+func (parser *Parser) err() error {
+	if parser.tokenError() {
+		token := parser.nextToken()
+		return fmt.Errorf("Tokenizer error: %s", token.String())
+	}
+
+	return nil
+}
+
+// Returns true if next token is Error
+func (parser *Parser) tokenError() bool {
+	return parser.nextToken().Type == scanner.TokenError
+}
+
+// Returns true if next token is EOF
+func (parser *Parser) tokenEOF() bool {
+	return parser.nextToken().Type == scanner.TokenEOF
+}
+
+// Returns true if next token is a whitespace
+func (parser *Parser) tokenWS() bool {
+	return parser.nextToken().Type == scanner.TokenS
+}
+
+// Returns true if next token is a comment
+func (parser *Parser) tokenComment() bool {
+	return parser.nextToken().Type == scanner.TokenComment
+}
+
+// Returns true if next token is a CDO or a CDC
+func (parser *Parser) tokenCDOorCDC() bool {
+	switch parser.nextToken().Type {
+	case scanner.TokenCDO, scanner.TokenCDC:
+		return true
+	default:
+		return false
+	}
+}
+
+// Returns true if next token is ignorable
+func (parser *Parser) tokenIgnorable() bool {
+	return parser.tokenWS() || parser.tokenComment() || parser.tokenCDOorCDC()
+}
+
+// Returns true if next token is parsable
+func (parser *Parser) tokenParsable() bool {
+	return !parser.tokenEOF() && !parser.tokenError()
+}
+
+// Returns true if next token is an At Rule keyword
+func (parser *Parser) tokenAtKeyword() bool {
+	return parser.nextToken().Type == scanner.TokenAtKeyword
+}
+
+// Returns true if next token is given character
+func (parser *Parser) tokenChar(value string) bool {
+	token := parser.nextToken()
+	return (token.Type == scanner.TokenChar) && (token.Value == value)
+}
+
+// Returns true if next token marks the end of a prelude
+func (parser *Parser) tokenEndOfPrelude() bool {
+	return parser.tokenChar(";") || parser.tokenChar("{")
+}

vendor/github.com/gorilla/css/LICENSE

@@ -0,0 +1,27 @@
+Copyright (c) 2013, Gorilla web toolkit
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+  Redistributions of source code must retain the above copyright notice, this
+  list of conditions and the following disclaimer.
+
+  Redistributions in binary form must reproduce the above copyright notice, this
+  list of conditions and the following disclaimer in the documentation and/or
+  other materials provided with the distribution.
+
+  Neither the name of the {organization} nor the names of its
+  contributors may be used to endorse or promote products derived from
+  this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
+ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

vendor/github.com/gorilla/css/scanner/doc.go

@@ -0,0 +1,33 @@
+// Copyright 2012 The Gorilla Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+/*
+Package gorilla/css/scanner generates tokens for a CSS3 input.
+
+It follows the CSS3 specification located at:
+
+	http://www.w3.org/TR/css3-syntax/
+
+To use it, create a new scanner for a given CSS string and call Next() until
+the token returned has type TokenEOF or TokenError:
+
+	s := scanner.New(myCSS)
+	for {
+		token := s.Next()
+		if token.Type == scanner.TokenEOF || token.Type == scanner.TokenError {
+			break
+		}
+		// Do something with the token...
+	}
+
+Following the CSS3 specification, an error can only occur when the scanner
+finds an unclosed quote or unclosed comment. In these cases the text becomes
+"untokenizable". Everything else is tokenizable and it is up to a parser
+to make sense of the token stream (or ignore nonsensical token sequences).
+
+Note: the scanner doesn't perform lexical analysis or, in other words, it
+doesn't care about the token context. It is intended to be used by a
+lexer or parser.
+*/
+package scanner

vendor/github.com/gorilla/css/scanner/scanner.go

@@ -0,0 +1,356 @@
+// Copyright 2012 The Gorilla Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package scanner
+
+import (
+	"fmt"
+	"regexp"
+	"strings"
+	"unicode"
+	"unicode/utf8"
+)
+
+// tokenType identifies the type of lexical tokens.
+type tokenType int
+
+// String returns a string representation of the token type.
+func (t tokenType) String() string {
+	return tokenNames[t]
+}
+
+// Token represents a token and the corresponding string.
+type Token struct {
+	Type   tokenType
+	Value  string
+	Line   int
+	Column int
+}
+
+// String returns a string representation of the token.
+func (t *Token) String() string {
+	if len(t.Value) > 10 {
+		return fmt.Sprintf("%s (line: %d, column: %d): %.10q...",
+			t.Type, t.Line, t.Column, t.Value)
+	}
+	return fmt.Sprintf("%s (line: %d, column: %d): %q",
+		t.Type, t.Line, t.Column, t.Value)
+}
+
+// All tokens -----------------------------------------------------------------
+
+// The complete list of tokens in CSS3.
+const (
+	// Scanner flags.
+	TokenError tokenType = iota
+	TokenEOF
+	// From now on, only tokens from the CSS specification.
+	TokenIdent
+	TokenAtKeyword
+	TokenString
+	TokenHash
+	TokenNumber
+	TokenPercentage
+	TokenDimension
+	TokenURI
+	TokenUnicodeRange
+	TokenCDO
+	TokenCDC
+	TokenS
+	TokenComment
+	TokenFunction
+	TokenIncludes
+	TokenDashMatch
+	TokenPrefixMatch
+	TokenSuffixMatch
+	TokenSubstringMatch
+	TokenChar
+	TokenBOM
+)
+
+// tokenNames maps tokenType's to their names. Used for conversion to string.
+var tokenNames = map[tokenType]string{
+	TokenError:          "error",
+	TokenEOF:            "EOF",
+	TokenIdent:          "IDENT",
+	TokenAtKeyword:      "ATKEYWORD",
+	TokenString:         "STRING",
+	TokenHash:           "HASH",
+	TokenNumber:         "NUMBER",
+	TokenPercentage:     "PERCENTAGE",
+	TokenDimension:      "DIMENSION",
+	TokenURI:            "URI",
+	TokenUnicodeRange:   "UNICODE-RANGE",
+	TokenCDO:            "CDO",
+	TokenCDC:            "CDC",
+	TokenS:              "S",
+	TokenComment:        "COMMENT",
+	TokenFunction:       "FUNCTION",
+	TokenIncludes:       "INCLUDES",
+	TokenDashMatch:      "DASHMATCH",
+	TokenPrefixMatch:    "PREFIXMATCH",
+	TokenSuffixMatch:    "SUFFIXMATCH",
+	TokenSubstringMatch: "SUBSTRINGMATCH",
+	TokenChar:           "CHAR",
+	TokenBOM:            "BOM",
+}
+
+// Macros and productions -----------------------------------------------------
+// http://www.w3.org/TR/css3-syntax/#tokenization
+
+var macroRegexp = regexp.MustCompile(`\{[a-z]+\}`)
+
+// macros maps macro names to patterns to be expanded.
+var macros = map[string]string{
+	// must be escaped: `\.+*?()|[]{}^$`
+	"ident":      `-?{nmstart}{nmchar}*`,
+	"name":       `{nmchar}+`,
+	"nmstart":    `[a-zA-Z_]|{nonascii}|{escape}`,
+	"nonascii":   "[\u0080-\uD7FF\uE000-\uFFFD\U00010000-\U0010FFFF]",
+	"unicode":    `\\[0-9a-fA-F]{1,6}{wc}?`,
+	"escape":     "{unicode}|\\\\[\u0020-\u007E\u0080-\uD7FF\uE000-\uFFFD\U00010000-\U0010FFFF]",
+	"nmchar":     `[a-zA-Z0-9_-]|{nonascii}|{escape}`,
+	"num":        `[0-9]*\.[0-9]+|[0-9]+`,
+	"string":     `"(?:{stringchar}|')*"|'(?:{stringchar}|")*'`,
+	"stringchar": `{urlchar}|[ ]|\\{nl}`,
+	"nl":         `[\n\r\f]|\r\n`,
+	"w":          `{wc}*`,
+	"wc":         `[\t\n\f\r ]`,
+
+	// urlchar should accept [(ascii characters minus those that need escaping)|{nonascii}|{escape}]
+	// ASCII characters range = `[\u0020-\u007e]`
+	// Skip space \u0020 = `[\u0021-\u007e]`
+	// Skip quotation mark \0022 = `[\u0021\u0023-\u007e]`
+	// Skip apostrophe \u0027 = `[\u0021\u0023-\u0026\u0028-\u007e]`
+	// Skip reverse solidus \u005c = `[\u0021\u0023-\u0026\u0028-\u005b\u005d\u007e]`
+	// Finally, the left square bracket (\u005b) and right (\u005d) needs escaping themselves
+	"urlchar": "[\u0021\u0023-\u0026\u0028-\\\u005b\\\u005d-\u007E]|{nonascii}|{escape}",
+}
+
+// productions maps the list of tokens to patterns to be expanded.
+var productions = map[tokenType]string{
+	// Unused regexps (matched using other methods) are commented out.
+	TokenIdent:        `{ident}`,
+	TokenAtKeyword:    `@{ident}`,
+	TokenString:       `{string}`,
+	TokenHash:         `#{name}`,
+	TokenNumber:       `{num}`,
+	TokenPercentage:   `{num}%`,
+	TokenDimension:    `{num}{ident}`,
+	TokenURI:          `url\({w}(?:{string}|{urlchar}*?){w}\)`,
+	TokenUnicodeRange: `U\+[0-9A-F\?]{1,6}(?:-[0-9A-F]{1,6})?`,
+	//TokenCDO:            `<!--`,
+	TokenCDC:      `-->`,
+	TokenS:        `{wc}+`,
+	TokenComment:  `/\*[^\*]*[\*]+(?:[^/][^\*]*[\*]+)*/`,
+	TokenFunction: `{ident}\(`,
+	//TokenIncludes:       `~=`,
+	//TokenDashMatch:      `\|=`,
+	//TokenPrefixMatch:    `\^=`,
+	//TokenSuffixMatch:    `\$=`,
+	//TokenSubstringMatch: `\*=`,
+	//TokenChar:           `[^"']`,
+	//TokenBOM:            "\uFEFF",
+}
+
+// matchers maps the list of tokens to compiled regular expressions.
+//
+// The map is filled on init() using the macros and productions defined in
+// the CSS specification.
+var matchers = map[tokenType]*regexp.Regexp{}
+
+// matchOrder is the order to test regexps when first-char shortcuts
+// can't be used.
+var matchOrder = []tokenType{
+	TokenURI,
+	TokenFunction,
+	TokenUnicodeRange,
+	TokenIdent,
+	TokenDimension,
+	TokenPercentage,
+	TokenNumber,
+	TokenCDC,
+}
+
+func init() {
+	// replace macros and compile regexps for productions.
+	replaceMacro := func(s string) string {
+		return "(?:" + macros[s[1:len(s)-1]] + ")"
+	}
+	for t, s := range productions {
+		for macroRegexp.MatchString(s) {
+			s = macroRegexp.ReplaceAllStringFunc(s, replaceMacro)
+		}
+		matchers[t] = regexp.MustCompile("^(?:" + s + ")")
+	}
+}
+
+// Scanner --------------------------------------------------------------------
+
+// New returns a new CSS scanner for the given input.
+func New(input string) *Scanner {
+	// Normalize newlines.
+	input = strings.Replace(input, "\r\n", "\n", -1)
+	return &Scanner{
+		input: input,
+		row:   1,
+		col:   1,
+	}
+}
+
+// Scanner scans an input and emits tokens following the CSS3 specification.
+type Scanner struct {
+	input string
+	pos   int
+	row   int
+	col   int
+	err   *Token
+}
+
+// Next returns the next token from the input.
+//
+// At the end of the input the token type is TokenEOF.
+//
+// If the input can't be tokenized the token type is TokenError. This occurs
+// in case of unclosed quotation marks or comments.
+func (s *Scanner) Next() *Token {
+	if s.err != nil {
+		return s.err
+	}
+	if s.pos >= len(s.input) {
+		s.err = &Token{TokenEOF, "", s.row, s.col}
+		return s.err
+	}
+	if s.pos == 0 {
+		// Test BOM only once, at the beginning of the file.
+		if strings.HasPrefix(s.input, "\uFEFF") {
+			return s.emitSimple(TokenBOM, "\uFEFF")
+		}
+	}
+	// There's a lot we can guess based on the first byte so we'll take a
+	// shortcut before testing multiple regexps.
+	input := s.input[s.pos:]
+	switch input[0] {
+	case '\t', '\n', '\f', '\r', ' ':
+		// Whitespace.
+		return s.emitToken(TokenS, matchers[TokenS].FindString(input))
+	case '.':
+		// Dot is too common to not have a quick check.
+		// We'll test if this is a Char; if it is followed by a number it is a
+		// dimension/percentage/number, and this will be matched later.
+		if len(input) > 1 && !unicode.IsDigit(rune(input[1])) {
+			return s.emitSimple(TokenChar, ".")
+		}
+	case '#':
+		// Another common one: Hash or Char.
+		if match := matchers[TokenHash].FindString(input); match != "" {
+			return s.emitToken(TokenHash, match)
+		}
+		return s.emitSimple(TokenChar, "#")
+	case '@':
+		// Another common one: AtKeyword or Char.
+		if match := matchers[TokenAtKeyword].FindString(input); match != "" {
+			return s.emitSimple(TokenAtKeyword, match)
+		}
+		return s.emitSimple(TokenChar, "@")
+	case ':', ',', ';', '%', '&', '+', '=', '>', '(', ')', '[', ']', '{', '}':
+		// More common chars.
+		return s.emitSimple(TokenChar, string(input[0]))
+	case '"', '\'':
+		// String or error.
+		match := matchers[TokenString].FindString(input)
+		if match != "" {
+			return s.emitToken(TokenString, match)
+		}
+
+		s.err = &Token{TokenError, "unclosed quotation mark", s.row, s.col}
+		return s.err
+	case '/':
+		// Comment, error or Char.
+		if len(input) > 1 && input[1] == '*' {
+			match := matchers[TokenComment].FindString(input)
+			if match != "" {
+				return s.emitToken(TokenComment, match)
+			} else {
+				s.err = &Token{TokenError, "unclosed comment", s.row, s.col}
+				return s.err
+			}
+		}
+		return s.emitSimple(TokenChar, "/")
+	case '~':
+		// Includes or Char.
+		return s.emitPrefixOrChar(TokenIncludes, "~=")
+	case '|':
+		// DashMatch or Char.
+		return s.emitPrefixOrChar(TokenDashMatch, "|=")
+	case '^':
+		// PrefixMatch or Char.
+		return s.emitPrefixOrChar(TokenPrefixMatch, "^=")
+	case '$':
+		// SuffixMatch or Char.
+		return s.emitPrefixOrChar(TokenSuffixMatch, "$=")
+	case '*':
+		// SubstringMatch or Char.
+		return s.emitPrefixOrChar(TokenSubstringMatch, "*=")
+	case '<':
+		// CDO or Char.
+		return s.emitPrefixOrChar(TokenCDO, "<!--")
+	}
+	// Test all regexps, in order.
+	for _, token := range matchOrder {
+		if match := matchers[token].FindString(input); match != "" {
+			return s.emitToken(token, match)
+		}
+	}
+	// We already handled unclosed quotation marks and comments,
+	// so this can only be a Char.
+	r, width := utf8.DecodeRuneInString(input)
+	token := &Token{TokenChar, string(r), s.row, s.col}
+	s.col += width
+	s.pos += width
+	return token
+}
+
+// updatePosition updates input coordinates based on the consumed text.
+func (s *Scanner) updatePosition(text string) {
+	width := utf8.RuneCountInString(text)
+	lines := strings.Count(text, "\n")
+	s.row += lines
+	if lines == 0 {
+		s.col += width
+	} else {
+		s.col = utf8.RuneCountInString(text[strings.LastIndex(text, "\n"):])
+	}
+	s.pos += len(text) // while col is a rune index, pos is a byte index
+}
+
+// emitToken returns a Token for the string v and updates the scanner position.
+func (s *Scanner) emitToken(t tokenType, v string) *Token {
+	token := &Token{t, v, s.row, s.col}
+	s.updatePosition(v)
+	return token
+}
+
+// emitSimple returns a Token for the string v and updates the scanner
+// position in a simplified manner.
+//
+// The string is known to have only ASCII characters and to not have a newline.
+func (s *Scanner) emitSimple(t tokenType, v string) *Token {
+	token := &Token{t, v, s.row, s.col}
+	s.col += len(v)
+	s.pos += len(v)
+	return token
+}
+
+// emitPrefixOrChar returns a Token for type t if the current position
+// matches the given prefix. Otherwise it returns a Char token using the
+// first character from the prefix.
+//
+// The prefix is known to have only ASCII characters and to not have a newline.
+func (s *Scanner) emitPrefixOrChar(t tokenType, prefix string) *Token {
+	if strings.HasPrefix(s.input[s.pos:], prefix) {
+		return s.emitSimple(t, prefix)
+	}
+	return s.emitSimple(TokenChar, string(prefix[0]))
+}

vendor/github.com/microcosm-cc/bluemonday/.gitignore

@@ -1,22 +1,15 @@
-# Compiled Object files, Static and Dynamic libs (Shared Objects)
+ # Binaries for programs and plugins
-*.o
-*.a
-*.so
-
-# Folders
-_obj
-_test
-
-# Architecture specific extensions/prefixes
-*.[568vq]
-[568vq].out
-
-*.cgo1.go
-*.cgo2.c
-_cgo_defun.c
-_cgo_gotypes.go
-_cgo_export.*
-
-_testmain.go
-
 *.exe
+*.exe~
+*.dll
+*.so
+*.dylib
+
+# Test binary, built with `go test -c`
+*.test
+
+# Output of the go coverage tool, specifically when used with LiteIDE
+*.out
+
+# goland idea folder
+*.idea

vendor/github.com/microcosm-cc/bluemonday/.travis.yml

@@ -1,18 +1,22 @@
 language: go
 go:
-  - 1.1
+  - 1.2.x
-  - 1.2
+  - 1.3.x
-  - 1.3
+  - 1.4.x
-  - 1.4
+  - 1.5.x
-  - 1.5
+  - 1.6.x
-  - 1.6
+  - 1.7.x
-  - 1.7
+  - 1.8.x
+  - 1.9.x
+  - 1.10.x
+  - 1.11.x
+  - 1.12.x
   - tip
 matrix:
   allow_failures:
     - go: tip
   fast_finish: true
 install:
-  - go get golang.org/x/net/html
+  - go get .
 script:
   - go test -v ./...

vendor/github.com/microcosm-cc/bluemonday/CONTRIBUTING.md

@@ -6,6 +6,10 @@ Third-party patches are essential for keeping bluemonday secure and offering the
 
 * Make sure you have a [Github account](https://github.com/signup/free)
 
+## Guidelines
+
+1. Do not vendor dependencies. As a security package, were we to vendor dependencies the projects that then vendor bluemonday may not receive the latest security updates to the dependencies. By not vendoring dependencies the project that implements bluemonday will vendor the latest version of any dependent packages. Vendoring is a project problem, not a package problem. bluemonday will be tested against the latest version of dependencies periodically and during any PR/merge.
+
 ## Submitting an Issue
 
 * Submit a ticket for your issue, assuming one does not already exist

vendor/github.com/microcosm-cc/bluemonday/CREDITS.md

@@ -1,6 +1,7 @@
-
 1. John Graham-Cumming http://jgc.org/
+1. Mohammad Gufran https://github.com/Gufran
+1. Steven Gutzwiller https://github.com/StevenGutzwiller
+1. Andrew Krasichkov @buglloc https://github.com/buglloc
 1. Mike Samuel mikesamuel@gmail.com
 1. Dmitri Shuralyov shurcooL@gmail.com
 1. https://github.com/opennota
-1. https://github.com/Gufran

vendor/github.com/microcosm-cc/bluemonday/README.md

@@ -1,4 +1,4 @@
-# bluemonday [![Build Status](https://travis-ci.org/microcosm-cc/bluemonday.svg?branch=master)](https://travis-ci.org/microcosm-cc/bluemonday) [![GoDoc](https://godoc.org/github.com/microcosm-cc/bluemonday?status.png)](https://godoc.org/github.com/microcosm-cc/bluemonday)
+# bluemonday [![Build Status](https://travis-ci.org/microcosm-cc/bluemonday.svg?branch=master)](https://travis-ci.org/microcosm-cc/bluemonday) [![GoDoc](https://godoc.org/github.com/microcosm-cc/bluemonday?status.png)](https://godoc.org/github.com/microcosm-cc/bluemonday) [![Sourcegraph](https://sourcegraph.com/github.com/microcosm-cc/bluemonday/-/badge.svg)](https://sourcegraph.com/github.com/microcosm-cc/bluemonday?badge)
 
 bluemonday is a HTML sanitizer implemented in Go. It is fast and highly configurable.
 
@@ -58,10 +58,12 @@ We expect to be supplied with well-formatted HTML (closing elements for every ap
 
 ### Supported Go Versions
 
-bluemonday is regularly tested against Go 1.1, 1.2, 1.3, 1.4, 1.5, 1.6, 1.7 and tip.
+bluemonday is tested against Go 1.2, 1.3, 1.4, 1.5, 1.6, 1.7, 1.8, 1.9, 1.10, 1.11, 1.12, and tip.
 
 We do not support Go 1.0 as we depend on `golang.org/x/net/html` which includes a reference to `io.ErrNoProgress` which did not exist in Go 1.0.
 
+We support Go 1.1 but Travis no longer tests against it.
+
 ## Is it production ready?
 
 *Yes*
@@ -87,7 +89,11 @@ import (
 )
 
 func main() {
+	// Do this once for each unique policy, and use the policy for the life of the program
+	// Policy creation/editing is not safe to use in multiple goroutines
 	p := bluemonday.UGCPolicy()
+
+	// The policy can then be used to sanitize lots of input and it is safe to use the policy in multiple goroutines
 	html := p.Sanitize(
 		`<a onblur="alert(secret)" href="http://www.google.com">Google</a>`,
 	)
@@ -140,7 +146,7 @@ func main() {
 
 We ship two default policies:
 
-1. `bluemonday.StrictPolicy()` which can be thought of as equivalent to stripping all HTML elements and their attributes as it has nothing on it's whitelist. An example usage scenario would be blog post titles where HTML tags are not expected at all and if they are then the elements *and* the content of the elements should be stripped. This is a *very* strict policy.
+1. `bluemonday.StrictPolicy()` which can be thought of as equivalent to stripping all HTML elements and their attributes as it has nothing on its whitelist. An example usage scenario would be blog post titles where HTML tags are not expected at all and if they are then the elements *and* the content of the elements should be stripped. This is a *very* strict policy.
 2. `bluemonday.UGCPolicy()` which allows a broad selection of HTML elements and attributes that are safe for user generated content. Note that this policy does *not* whitelist iframes, object, embed, styles, script, etc. An example usage scenario would be blog post bodies where a variety of formatting is expected along with the potential for TABLEs and IMGs.
 
 ## Policy Building
@@ -163,12 +169,26 @@ To add elements to a policy either add just the elements:
 p.AllowElements("b", "strong")
 ```
 
+Or using a regex:
+
+_Note: if an element is added by name as shown above, any matching regex will be ignored_
+
+It is also recommended to ensure multiple patterns don't overlap as order of execution is not guaranteed and can result in some rules being missed.
+```go
+p.AllowElementsMatching(regex.MustCompile(`^my-element-`))
+```
+
 Or add elements as a virtue of adding an attribute:
 ```go
 // Not the recommended pattern, see the recommendation on using .Matching() below
 p.AllowAttrs("nowrap").OnElements("td", "th")
 ```
 
+Again, this also supports a regex pattern match alternative:
+```go
+p.AllowAttrs("nowrap").OnElementsMatching(regex.MustCompile(`^my-element-`))
+```
+
 Attributes can either be added to all elements:
 ```go
 p.AllowAttrs("dir").Matching(regexp.MustCompile("(?i)rtl|ltr")).Globally()
@@ -198,6 +218,49 @@ p := bluemonday.UGCPolicy()
 p.AllowElements("fieldset", "select", "option")
 ```
 
+### Inline CSS
+
+Although it's possible to handle inline CSS using `AllowAttrs` with a `Matching` rule, writing a single monolithic regular expression to safely process all inline CSS which you wish to allow is not a trivial task.  Instead of attempting to do so, you can whitelist the `style` attribute on whichever element(s) you desire and use style policies to control and sanitize inline styles.
+
+It is suggested that you use `Matching` (with a suitable regular expression)
+`MatchingEnum`, or `MatchingHandler` to ensure each style matches your needs,
+but default handlers are supplied for most widely used styles.
+
+Similar to attributes, you can allow specific CSS properties to be set inline:
+```go
+p.AllowAttrs("style").OnElements("span", "p")
+// Allow the 'color' property with valid RGB(A) hex values only (on any element allowed a 'style' attribute)
+p.AllowStyles("color").Matching(regexp.MustCompile("(?i)^#([0-9a-f]{3,4}|[0-9a-f]{6}|[0-9a-f]{8})$")).Globally()
+```
+
+Additionally, you can allow a CSS property to be set only to an allowed value:
+```go
+p.AllowAttrs("style").OnElements("span", "p")
+// Allow the 'text-decoration' property to be set to 'underline', 'line-through' or 'none'
+// on 'span' elements only
+p.AllowStyles("text-decoration").MatchingEnum("underline", "line-through", "none").OnElements("span")
+```
+
+Or you can specify elements based on a regex patterm match:
+```go
+p.AllowAttrs("style").OnElementsMatching(regex.MustCompile(`^my-element-`))
+// Allow the 'text-decoration' property to be set to 'underline', 'line-through' or 'none'
+// on 'span' elements only
+p.AllowStyles("text-decoration").MatchingEnum("underline", "line-through", "none").OnElementsMatching(regex.MustCompile(`^my-element-`))
+```
+
+If you need more specific checking, you can create a handler that takes in a string and returns a bool to
+validate the values for a given property. The string parameter has been
+converted to lowercase and unicode code points have been converted.
+```go
+myHandler := func(value string) bool{
+	return true
+}
+p.AllowAttrs("style").OnElements("span", "p")
+// Allow the 'color' property with values validated by the handler (on any element allowed a 'style' attribute)
+p.AllowStyles("color").MatchingHandler(myHandler).Globally()
+```
+
 ### Links
 
 Links are difficult beasts to sanitise safely and also one of the biggest attack vectors for malicious content.
@@ -232,6 +295,13 @@ Regardless of whether you have enabled parseable URLs, you can force all URLs to
 p.RequireNoFollowOnLinks(true)
 ```
 
+Similarly, you can force all URLs to have "noreferrer" in their rel attribute.
+```go
+// This applies to "a" "area" "link" elements that have a "href" attribute
+p.RequireNoReferrerOnLinks(true)
+```
+
+
 We provide a convenience method that applies all of the above, but you will still need to whitelist the linkable elements for the URL rules to be applied to:
 ```go
 p.AllowStandardURLs()
@@ -273,7 +343,7 @@ We also bundle some helpers to simplify policy building:
 // Permits the "dir", "id", "lang", "title" attributes globally
 p.AllowStandardAttributes()
 
-// Permits the "img" element and it's standard attributes
+// Permits the "img" element and its standard attributes
 p.AllowImages()
 
 // Permits ordered and unordered lists, and also definition lists
@@ -312,7 +382,6 @@ It is not the job of bluemonday to fix your bad HTML, it is merely the job of bl
 
 ## TODO
 
-* Add support for CSS sanitisation to allow some CSS properties based on a whitelist, possibly using the [Gorilla CSS3 scanner](http://www.gorillatoolkit.org/pkg/css/scanner)
 * Investigate whether devs want to blacklist elements and attributes. This would allow devs to take an existing policy (such as the `bluemonday.UGCPolicy()` ) that encapsulates 90% of what they're looking for but does more than they need, and to remove the extra things they do not want to make it 100% what they want
 * Investigate whether devs want a validating HTML mode, in which the HTML elements are not just transformed into a balanced tree (every start tag has a closing tag at the correct depth) but also that elements and character data appear only in their allowed context (i.e. that a `table` element isn't a descendent of a `caption`, that `colgroup`, `thead`, `tbody`, `tfoot` and `tr` are permitted, and that character data is not permitted)
 

vendor/github.com/microcosm-cc/bluemonday/doc.go

@@ -84,7 +84,7 @@ bluemonday is heavily inspired by both the OWASP Java HTML Sanitizer
 
 We ship two default policies, one is bluemonday.StrictPolicy() and can be
 thought of as equivalent to stripping all HTML elements and their attributes as
-it has nothing on it's whitelist.
+it has nothing on its whitelist.
 
 The other is bluemonday.UGCPolicy() and allows a broad selection of HTML
 elements and attributes that are safe for user generated content. Note that

vendor/github.com/microcosm-cc/bluemonday/go.mod

@@ -0,0 +1,10 @@
+module github.com/microcosm-cc/bluemonday
+
+go 1.9
+
+require (
+	github.com/aymerick/douceur v0.2.0 // indirect
+	github.com/chris-ramon/douceur v0.2.0
+	github.com/gorilla/css v1.0.0 // indirect
+	golang.org/x/net v0.0.0-20181220203305-927f97764cc3
+)

vendor/github.com/microcosm-cc/bluemonday/go.sum

@@ -0,0 +1,8 @@
+github.com/aymerick/douceur v0.2.0 h1:Mv+mAeH1Q+n9Fr+oyamOlAkUNPWPlA8PPGR0QAaYuPk=
+github.com/aymerick/douceur v0.2.0/go.mod h1:wlT5vV2O3h55X9m7iVYN0TBM0NH/MmbLnd30/FjWUq4=
+github.com/chris-ramon/douceur v0.2.0 h1:IDMEdxlEUUBYBKE4z/mJnFyVXox+MjuEVDJNN27glkU=
+github.com/chris-ramon/douceur v0.2.0/go.mod h1:wDW5xjJdeoMm1mRt4sD4c/LbF/mWdEpRXQKjTR8nIBE=
+github.com/gorilla/css v1.0.0 h1:BQqNyPTi50JCFMTw/b67hByjMVXZRwGha6wxVGkeihY=
+github.com/gorilla/css v1.0.0/go.mod h1:Dn721qIggHpt4+EFCcTLTU/vk5ySda2ReITrtgBl60c=
+golang.org/x/net v0.0.0-20181220203305-927f97764cc3 h1:eH6Eip3UpmR+yM/qI9Ijluzb1bNv/cAU/n+6l8tRSis=
+golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=

vendor/github.com/microcosm-cc/bluemonday/helpers.go

@@ -135,7 +135,7 @@ func (p *Policy) AllowStandardURLs() {
 	// Most common URL schemes only
 	p.AllowURLSchemes("mailto", "http", "https")
 
-	// For all anchors we will add rel="nofollow" if it does not already exist
+	// For linking elements we will add rel="nofollow" if it does not already exist
 	// This applies to "a" "area" "link"
 	p.RequireNoFollowOnLinks(true)
 }

vendor/github.com/microcosm-cc/bluemonday/policy.go

@@ -29,6 +29,8 @@
 
 package bluemonday
 
+//TODO sgutzwiller create map of styles to default handlers
+//TODO sgutzwiller create handlers for various attributes
 import (
 	"net/url"
 	"regexp"
@@ -47,21 +49,26 @@ type Policy struct {
 	// exceptions
 	initialized bool
 
-	// Allows the <!DOCTYPE > tag to exist in the sanitized document
-	allowDocType bool
-
 	// If true then we add spaces when stripping tags, specifically the closing
 	// tag is replaced by a space character.
 	addSpaces bool
 
-	// When true, add rel="nofollow" to HTML anchors
+	// When true, add rel="nofollow" to HTML a, area, and link tags
 	requireNoFollow bool
 
-	// When true, add rel="nofollow" to HTML anchors
+	// When true, add rel="nofollow" to HTML a, area, and link tags
 	// Will add for href="http://foo"
 	// Will skip for href="/foo" or href="foo"
 	requireNoFollowFullyQualifiedLinks bool
 
+	// When true, add rel="noreferrer" to HTML a, area, and link tags
+	requireNoReferrer bool
+
+	// When true, add rel="noreferrer" to HTML a, area, and link tags
+	// Will add for href="http://foo"
+	// Will skip for href="/foo" or href="foo"
+	requireNoReferrerFullyQualifiedLinks bool
+
 	// When true add target="_blank" to fully qualified links
 	// Will add for href="http://foo"
 	// Will skip for href="/foo" or href="foo"
@@ -73,12 +80,27 @@ type Policy struct {
 	// When true, u, _ := url.Parse("url"); !u.IsAbs() is permitted
 	allowRelativeURLs bool
 
+	// When true, allow data attributes.
+	allowDataAttributes bool
+
 	// map[htmlElementName]map[htmlAttributeName]attrPolicy
 	elsAndAttrs map[string]map[string]attrPolicy
 
+	// elsMatchingAndAttrs stores regex based element matches along with attributes
+	elsMatchingAndAttrs map[*regexp.Regexp]map[string]attrPolicy
+
 	// map[htmlAttributeName]attrPolicy
 	globalAttrs map[string]attrPolicy
 
+	// map[htmlElementName]map[cssPropertyName]stylePolicy
+	elsAndStyles map[string]map[string]stylePolicy
+
+	// map[regex]map[cssPropertyName]stylePolicy
+	elsMatchingAndStyles map[*regexp.Regexp]map[string]stylePolicy
+
+	// map[cssPropertyName]stylePolicy
+	globalStyles map[string]stylePolicy
+
 	// If urlPolicy is nil, all URLs with matching schema are allowed.
 	// Otherwise, only the URLs with matching schema and urlPolicy(url)
 	// returning true are allowed.
@@ -93,6 +115,16 @@ type Policy struct {
 	// be maintained in the output HTML.
 	setOfElementsAllowedWithoutAttrs map[string]struct{}
 
+	// If an element has had all attributes removed as a result of a policy
+	// being applied, then the element would be removed from the output.
+	//
+	// However some elements are valid and have strong layout meaning without
+	// any attributes, i.e. <table>.
+	//
+	// In this case, any element matching a regular expression will be accepted without
+	// attributes added.
+	setOfElementsMatchingAllowedWithoutAttrs []*regexp.Regexp
+
 	setOfElementsToSkipContent map[string]struct{}
 }
 
@@ -103,6 +135,20 @@ type attrPolicy struct {
 	regexp *regexp.Regexp
 }
 
+type stylePolicy struct {
+	// handler to validate
+	handler func(string) bool
+
+	// optional pattern to match, when not nil the regexp needs to match
+	// otherwise the property is removed
+	regexp *regexp.Regexp
+
+	// optional list of allowed property values, for properties which
+	// have a defined list of allowed values; property will be removed
+	// if the value is not allowed
+	enum []string
+}
+
 type attrPolicyBuilder struct {
 	p *Policy
 
@@ -111,13 +157,26 @@ type attrPolicyBuilder struct {
 	allowEmpty bool
 }
 
+type stylePolicyBuilder struct {
+	p *Policy
+
+	propertyNames []string
+	regexp        *regexp.Regexp
+	enum          []string
+	handler       func(string) bool
+}
+
 type urlPolicy func(url *url.URL) (allowUrl bool)
 
 // init initializes the maps if this has not been done already
 func (p *Policy) init() {
 	if !p.initialized {
 		p.elsAndAttrs = make(map[string]map[string]attrPolicy)
+		p.elsMatchingAndAttrs = make(map[*regexp.Regexp]map[string]attrPolicy)
 		p.globalAttrs = make(map[string]attrPolicy)
+		p.elsAndStyles = make(map[string]map[string]stylePolicy)
+		p.elsMatchingAndStyles = make(map[*regexp.Regexp]map[string]stylePolicy)
+		p.globalStyles = make(map[string]stylePolicy)
 		p.allowURLSchemes = make(map[string]urlPolicy)
 		p.setOfElementsAllowedWithoutAttrs = make(map[string]struct{})
 		p.setOfElementsToSkipContent = make(map[string]struct{})
@@ -161,6 +220,21 @@ func (p *Policy) AllowAttrs(attrNames ...string) *attrPolicyBuilder {
 	return &abp
 }
 
+// AllowDataAttributes whitelists all data attributes. We can't specify the name
+// of each attribute exactly as they are customized.
+//
+// NOTE: These values are not sanitized and applications that evaluate or process
+// them without checking and verification of the input may be at risk if this option
+// is enabled. This is a 'caveat emptor' option and the person enabling this option
+// needs to fully understand the potential impact with regards to whatever application
+// will be consuming the sanitized HTML afterwards, i.e. if you know you put a link in a
+// data attribute and use that to automatically load some new window then you're giving
+// the author of a HTML fragment the means to open a malicious destination automatically.
+// Use with care!
+func (p *Policy) AllowDataAttributes() {
+	p.allowDataAttributes = true
+}
+
 // AllowNoAttrs says that attributes on element are optional.
 //
 // The attribute policy is only added to the core policy when OnElements(...)
@@ -230,6 +304,30 @@ func (abp *attrPolicyBuilder) OnElements(elements ...string) *Policy {
 	return abp.p
 }
 
+// OnElementsMatching will bind an attribute policy to all elements matching a given regex
+// and return the updated policy
+func (abp *attrPolicyBuilder) OnElementsMatching(regex *regexp.Regexp) *Policy {
+	for _, attr := range abp.attrNames {
+		if _, ok := abp.p.elsMatchingAndAttrs[regex]; !ok {
+			abp.p.elsMatchingAndAttrs[regex] = make(map[string]attrPolicy)
+		}
+		ap := attrPolicy{}
+		if abp.regexp != nil {
+			ap.regexp = abp.regexp
+		}
+		abp.p.elsMatchingAndAttrs[regex][attr] = ap
+	}
+
+	if abp.allowEmpty {
+		abp.p.setOfElementsMatchingAllowedWithoutAttrs = append(abp.p.setOfElementsMatchingAllowedWithoutAttrs, regex)
+		if _, ok := abp.p.elsMatchingAndAttrs[regex]; !ok {
+			abp.p.elsMatchingAndAttrs[regex] = make(map[string]attrPolicy)
+		}
+	}
+
+	return abp.p
+}
+
 // Globally will bind an attribute policy to all HTML elements and return the
 // updated policy
 func (abp *attrPolicyBuilder) Globally() *Policy {
@@ -250,6 +348,139 @@ func (abp *attrPolicyBuilder) Globally() *Policy {
 	return abp.p
 }
 
+// AllowStyles takes a range of CSS property names and returns a
+// style policy builder that allows you to specify the pattern and scope of
+// the whitelisted property.
+//
+// The style policy is only added to the core policy when either Globally()
+// or OnElements(...) are called.
+func (p *Policy) AllowStyles(propertyNames ...string) *stylePolicyBuilder {
+
+	p.init()
+
+	abp := stylePolicyBuilder{
+		p: p,
+	}
+
+	for _, propertyName := range propertyNames {
+		abp.propertyNames = append(abp.propertyNames, strings.ToLower(propertyName))
+	}
+
+	return &abp
+}
+
+// Matching allows a regular expression to be applied to a nascent style
+// policy, and returns the style policy. Calling this more than once will
+// replace the existing regexp.
+func (spb *stylePolicyBuilder) Matching(regex *regexp.Regexp) *stylePolicyBuilder {
+
+	spb.regexp = regex
+
+	return spb
+}
+
+// MatchingEnum allows a list of allowed values to be applied to a nascent style
+// policy, and returns the style policy. Calling this more than once will
+// replace the existing list of allowed values.
+func (spb *stylePolicyBuilder) MatchingEnum(enum ...string) *stylePolicyBuilder {
+
+	spb.enum = enum
+
+	return spb
+}
+
+// MatchingHandler allows a handler to be applied to a nascent style
+// policy, and returns the style policy. Calling this more than once will
+// replace the existing handler.
+func (spb *stylePolicyBuilder) MatchingHandler(handler func(string) bool) *stylePolicyBuilder {
+
+	spb.handler = handler
+
+	return spb
+}
+
+// OnElements will bind a style policy to a given range of HTML elements
+// and return the updated policy
+func (spb *stylePolicyBuilder) OnElements(elements ...string) *Policy {
+
+	for _, element := range elements {
+		element = strings.ToLower(element)
+
+		for _, attr := range spb.propertyNames {
+
+			if _, ok := spb.p.elsAndStyles[element]; !ok {
+				spb.p.elsAndStyles[element] = make(map[string]stylePolicy)
+			}
+
+			sp := stylePolicy{}
+			if spb.handler != nil {
+				sp.handler = spb.handler
+			} else if len(spb.enum) > 0 {
+				sp.enum = spb.enum
+			} else if spb.regexp != nil {
+				sp.regexp = spb.regexp
+			} else {
+				sp.handler = getDefaultHandler(attr)
+			}
+			spb.p.elsAndStyles[element][attr] = sp
+		}
+	}
+
+	return spb.p
+}
+
+// OnElementsMatching will bind a style policy to any HTML elements matching the pattern
+// and return the updated policy
+func (spb *stylePolicyBuilder) OnElementsMatching(regex *regexp.Regexp) *Policy {
+
+		for _, attr := range spb.propertyNames {
+
+			if _, ok := spb.p.elsMatchingAndStyles[regex]; !ok {
+				spb.p.elsMatchingAndStyles[regex] = make(map[string]stylePolicy)
+			}
+
+			sp := stylePolicy{}
+			if spb.handler != nil {
+				sp.handler = spb.handler
+			} else if len(spb.enum) > 0 {
+				sp.enum = spb.enum
+			} else if spb.regexp != nil {
+				sp.regexp = spb.regexp
+			} else {
+				sp.handler = getDefaultHandler(attr)
+			}
+			spb.p.elsMatchingAndStyles[regex][attr] = sp
+		}
+
+	return spb.p
+}
+
+// Globally will bind a style policy to all HTML elements and return the
+// updated policy
+func (spb *stylePolicyBuilder) Globally() *Policy {
+
+	for _, attr := range spb.propertyNames {
+		if _, ok := spb.p.globalStyles[attr]; !ok {
+			spb.p.globalStyles[attr] = stylePolicy{}
+		}
+
+		// Use only one strategy for validating styles, fallback to default
+		sp := stylePolicy{}
+		if spb.handler != nil {
+			sp.handler = spb.handler
+		} else if len(spb.enum) > 0 {
+			sp.enum = spb.enum
+		} else if spb.regexp != nil {
+			sp.regexp = spb.regexp
+		} else {
+			sp.handler = getDefaultHandler(attr)
+		}
+		spb.p.globalStyles[attr] = sp
+	}
+
+	return spb.p
+}
+
 // AllowElements will append HTML elements to the whitelist without applying an
 // attribute policy to those elements (the elements are permitted
 // sans-attributes)
@@ -267,8 +498,16 @@ func (p *Policy) AllowElements(names ...string) *Policy {
 	return p
 }
 
-// RequireNoFollowOnLinks will result in all <a> tags having a rel="nofollow"
+func (p *Policy) AllowElementsMatching(regex *regexp.Regexp) *Policy {
-// added to them if one does not already exist
+	p.init()
+	if _, ok := p.elsMatchingAndAttrs[regex]; !ok {
+		p.elsMatchingAndAttrs[regex] = make(map[string]attrPolicy)
+	}
+	return p
+}
+
+// RequireNoFollowOnLinks will result in all a, area, link tags having a
+// rel="nofollow"added to them if one does not already exist
 //
 // Note: This requires p.RequireParseableURLs(true) and will enable it.
 func (p *Policy) RequireNoFollowOnLinks(require bool) *Policy {
@@ -279,9 +518,10 @@ func (p *Policy) RequireNoFollowOnLinks(require bool) *Policy {
 	return p
 }
 
-// RequireNoFollowOnFullyQualifiedLinks will result in all <a> tags that point
+// RequireNoFollowOnFullyQualifiedLinks will result in all a, area, and link
-// to a non-local destination (i.e. starts with a protocol and has a host)
+// tags that point to a non-local destination (i.e. starts with a protocol and
-// having a rel="nofollow" added to them if one does not already exist
+// has a host) having a rel="nofollow" added to them if one does not already
+// exist
 //
 // Note: This requires p.RequireParseableURLs(true) and will enable it.
 func (p *Policy) RequireNoFollowOnFullyQualifiedLinks(require bool) *Policy {
@@ -292,9 +532,35 @@ func (p *Policy) RequireNoFollowOnFullyQualifiedLinks(require bool) *Policy {
 	return p
 }
 
-// AddTargetBlankToFullyQualifiedLinks will result in all <a> tags that point
+// RequireNoReferrerOnLinks will result in all a, area, and link tags having a
-// to a non-local destination (i.e. starts with a protocol and has a host)
+// rel="noreferrrer" added to them if one does not already exist
-// having a target="_blank" added to them if one does not already exist
+//
+// Note: This requires p.RequireParseableURLs(true) and will enable it.
+func (p *Policy) RequireNoReferrerOnLinks(require bool) *Policy {
+
+	p.requireNoReferrer = require
+	p.requireParseableURLs = true
+
+	return p
+}
+
+// RequireNoReferrerOnFullyQualifiedLinks will result in all a, area, and link
+// tags that point to a non-local destination (i.e. starts with a protocol and
+// has a host) having a rel="noreferrer" added to them if one does not already
+// exist
+//
+// Note: This requires p.RequireParseableURLs(true) and will enable it.
+func (p *Policy) RequireNoReferrerOnFullyQualifiedLinks(require bool) *Policy {
+
+	p.requireNoReferrerFullyQualifiedLinks = require
+	p.requireParseableURLs = true
+
+	return p
+}
+
+// AddTargetBlankToFullyQualifiedLinks will result in all a, area and link tags
+// that point to a non-local destination (i.e. starts with a protocol and has a
+// host) having a target="_blank" added to them if one does not already exist
 //
 // Note: This requires p.RequireParseableURLs(true) and will enable it.
 func (p *Policy) AddTargetBlankToFullyQualifiedLinks(require bool) *Policy {
@@ -369,21 +635,6 @@ func (p *Policy) AllowURLSchemeWithCustomPolicy(
 	return p
 }
 
-// AllowDocType states whether the HTML sanitised by the sanitizer is allowed to
-// contain the HTML DocType tag: <!DOCTYPE HTML> or one of it's variants.
-//
-// The HTML spec only permits one doctype per document, and as you know how you
-// are using the output of this, you know best as to whether we should ignore it
-// (default) or not.
-//
-// If you are sanitizing a HTML fragment the default (false) is fine.
-func (p *Policy) AllowDocType(allow bool) *Policy {
-
-	p.allowDocType = allow
-
-	return p
-}
-
 // AddSpaceWhenStrippingTag states whether to add a single space " " when
 // removing tags that are not whitelisted by the policy.
 //
@@ -402,7 +653,7 @@ func (p *Policy) AddSpaceWhenStrippingTag(allow bool) *Policy {
 }
 
 // SkipElementsContent adds the HTML elements whose tags is needed to be removed
-// with it's content.
+// with its content.
 func (p *Policy) SkipElementsContent(names ...string) *Policy {
 
 	p.init()
@@ -440,6 +691,7 @@ func (p *Policy) addDefaultElementsWithoutAttrs() {
 
 	p.setOfElementsAllowedWithoutAttrs["abbr"] = struct{}{}
 	p.setOfElementsAllowedWithoutAttrs["acronym"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["address"] = struct{}{}
 	p.setOfElementsAllowedWithoutAttrs["article"] = struct{}{}
 	p.setOfElementsAllowedWithoutAttrs["aside"] = struct{}{}
 	p.setOfElementsAllowedWithoutAttrs["audio"] = struct{}{}
@@ -451,6 +703,7 @@ func (p *Policy) addDefaultElementsWithoutAttrs() {
 	p.setOfElementsAllowedWithoutAttrs["button"] = struct{}{}
 	p.setOfElementsAllowedWithoutAttrs["canvas"] = struct{}{}
 	p.setOfElementsAllowedWithoutAttrs["caption"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["center"] = struct{}{}
 	p.setOfElementsAllowedWithoutAttrs["cite"] = struct{}{}
 	p.setOfElementsAllowedWithoutAttrs["code"] = struct{}{}
 	p.setOfElementsAllowedWithoutAttrs["col"] = struct{}{}
@@ -484,6 +737,7 @@ func (p *Policy) addDefaultElementsWithoutAttrs() {
 	p.setOfElementsAllowedWithoutAttrs["kbd"] = struct{}{}
 	p.setOfElementsAllowedWithoutAttrs["li"] = struct{}{}
 	p.setOfElementsAllowedWithoutAttrs["mark"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["marquee"] = struct{}{}
 	p.setOfElementsAllowedWithoutAttrs["nav"] = struct{}{}
 	p.setOfElementsAllowedWithoutAttrs["ol"] = struct{}{}
 	p.setOfElementsAllowedWithoutAttrs["optgroup"] = struct{}{}
@@ -496,6 +750,7 @@ func (p *Policy) addDefaultElementsWithoutAttrs() {
 	p.setOfElementsAllowedWithoutAttrs["ruby"] = struct{}{}
 	p.setOfElementsAllowedWithoutAttrs["s"] = struct{}{}
 	p.setOfElementsAllowedWithoutAttrs["samp"] = struct{}{}
+	p.setOfElementsAllowedWithoutAttrs["script"] = struct{}{}
 	p.setOfElementsAllowedWithoutAttrs["section"] = struct{}{}
 	p.setOfElementsAllowedWithoutAttrs["select"] = struct{}{}
 	p.setOfElementsAllowedWithoutAttrs["small"] = struct{}{}

vendor/github.com/microcosm-cc/bluemonday/sanitize.go

@@ -33,9 +33,20 @@ import (
 	"bytes"
 	"io"
 	"net/url"
+	"regexp"
+	"strconv"
 	"strings"
 
 	"golang.org/x/net/html"
+
+	cssparser "github.com/chris-ramon/douceur/parser"
+)
+
+var (
+	dataAttribute             = regexp.MustCompile("^data-.+")
+	dataAttributeXMLPrefix    = regexp.MustCompile("^xml.+")
+	dataAttributeInvalidChars = regexp.MustCompile("[A-Z;]+")
+	cssUnicodeChar            = regexp.MustCompile(`\\[0-9a-f]{1,6} ?`)
 )
 
 // Sanitize takes a string that contains a HTML fragment or document and applies
@@ -75,6 +86,98 @@ func (p *Policy) SanitizeReader(r io.Reader) *bytes.Buffer {
 	return p.sanitize(r)
 }
 
+const escapedURLChars = "'<>\"\r"
+
+func escapeUrlComponent(val string) string {
+	w := bytes.NewBufferString("")
+	i := strings.IndexAny(val, escapedURLChars)
+	for i != -1 {
+		if _, err := w.WriteString(val[:i]); err != nil {
+			return w.String()
+		}
+		var esc string
+		switch val[i] {
+		case '\'':
+			// "&#39;" is shorter than "&apos;" and apos was not in HTML until HTML5.
+			esc = "&#39;"
+		case '<':
+			esc = "&lt;"
+		case '>':
+			esc = "&gt;"
+		case '"':
+			// "&#34;" is shorter than "&quot;".
+			esc = "&#34;"
+		case '\r':
+			esc = "&#13;"
+		default:
+			panic("unrecognized escape character")
+		}
+		val = val[i+1:]
+		if _, err := w.WriteString(esc); err != nil {
+			return w.String()
+		}
+		i = strings.IndexAny(val, escapedURLChars)
+	}
+	w.WriteString(val)
+	return w.String()
+}
+
+func sanitizedUrl(val string) (string, error) {
+	u, err := url.Parse(val)
+	if err != nil {
+		return "", err
+	}
+	// sanitize the url query params
+	sanitizedQueryValues := make(url.Values, 0)
+	queryValues := u.Query()
+	for k, vals := range queryValues {
+		sk := html.EscapeString(k)
+		for _, v := range vals {
+			sv := escapeUrlComponent(v)
+			sanitizedQueryValues.Set(sk, sv)
+		}
+	}
+	u.RawQuery = sanitizedQueryValues.Encode()
+	// u.String() will also sanitize host/scheme/user/pass
+	return u.String(), nil
+}
+
+func (p *Policy) writeLinkableBuf(buff *bytes.Buffer, token *html.Token) {
+	// do not escape multiple query parameters
+	tokenBuff := bytes.NewBufferString("")
+	tokenBuff.WriteString("<")
+	tokenBuff.WriteString(token.Data)
+	for _, attr := range token.Attr {
+		tokenBuff.WriteByte(' ')
+		tokenBuff.WriteString(attr.Key)
+		tokenBuff.WriteString(`="`)
+		switch attr.Key {
+		case "href", "src":
+			u, ok := p.validURL(attr.Val)
+			if !ok {
+				tokenBuff.WriteString(html.EscapeString(attr.Val))
+				continue
+			}
+			u, err := sanitizedUrl(u)
+			if err == nil {
+				tokenBuff.WriteString(u)
+			} else {
+				// fallthrough
+				tokenBuff.WriteString(html.EscapeString(attr.Val))
+			}
+		default:
+			// re-apply
+			tokenBuff.WriteString(html.EscapeString(attr.Val))
+		}
+		tokenBuff.WriteByte('"')
+	}
+	if token.Type == html.SelfClosingTagToken {
+		tokenBuff.WriteString("/")
+	}
+	tokenBuff.WriteString(">")
+	buff.WriteString(tokenBuff.String())
+}
+
 // Performs the actual sanitization process.
 func (p *Policy) sanitize(r io.Reader) *bytes.Buffer {
 
@@ -112,9 +215,13 @@ func (p *Policy) sanitize(r io.Reader) *bytes.Buffer {
 		switch token.Type {
 		case html.DoctypeToken:
 
-			if p.allowDocType {
+			// DocType is not handled as there is no safe parsing mechanism
-				buff.WriteString(token.String())
+			// provided by golang.org/x/net/html for the content, and this can
-			}
+			// be misused to insert HTML tags that are not then sanitized
+			//
+			// One might wish to recursively sanitize here using the same policy
+			// but I will need to do some further testing before considering
+			// this.
 
 		case html.CommentToken:
 
@@ -122,10 +229,12 @@ func (p *Policy) sanitize(r io.Reader) *bytes.Buffer {
 
 		case html.StartTagToken:
 
-			mostRecentlyStartedToken = token.Data
+			mostRecentlyStartedToken = strings.ToLower(token.Data)
 
 			aps, ok := p.elsAndAttrs[token.Data]
 			if !ok {
+				aa, matched := p.matchRegex(token.Data)
+				if !matched {
 					if _, ok := p.setOfElementsToSkipContent[token.Data]; ok {
 						skipElementContent = true
 						skippingElementsCount++
@@ -135,7 +244,8 @@ func (p *Policy) sanitize(r io.Reader) *bytes.Buffer {
 					}
 					break
 				}
-
+				aps = aa
+			}
 			if len(token.Attr) != 0 {
 				token.Attr = p.sanitizeAttrs(token.Data, token.Attr, aps)
 			}
@@ -152,11 +262,20 @@ func (p *Policy) sanitize(r io.Reader) *bytes.Buffer {
 			}
 
 			if !skipElementContent {
+				// do not escape multiple query parameters
+				if linkable(token.Data) {
+					p.writeLinkableBuf(&buff, &token)
+				} else {
 					buff.WriteString(token.String())
 				}
+			}
 
 		case html.EndTagToken:
 
+			if mostRecentlyStartedToken == strings.ToLower(token.Data) {
+				mostRecentlyStartedToken = ""
+			}
+
 			if skipClosingTag && closingTagToSkipStack[len(closingTagToSkipStack)-1] == token.Data {
 				closingTagToSkipStack = closingTagToSkipStack[:len(closingTagToSkipStack)-1]
 				if len(closingTagToSkipStack) == 0 {
@@ -167,19 +286,28 @@ func (p *Policy) sanitize(r io.Reader) *bytes.Buffer {
 				}
 				break
 			}
-
 			if _, ok := p.elsAndAttrs[token.Data]; !ok {
-				if _, ok := p.setOfElementsToSkipContent[token.Data]; ok {
+				match := false
+				for regex := range p.elsMatchingAndAttrs {
+					if regex.MatchString(token.Data) {
+						skipElementContent = false
+						match = true
+						break
+					}
+				}
+				if _, ok := p.setOfElementsToSkipContent[token.Data]; ok && !match {
 					skippingElementsCount--
 					if skippingElementsCount == 0 {
 						skipElementContent = false
 					}
 				}
+				if !match {
 					if p.addSpaces {
 						buff.WriteString(" ")
 					}
 					break
 				}
+			}
 
 			if !skipElementContent {
 				buff.WriteString(token.String())
@@ -189,11 +317,15 @@ func (p *Policy) sanitize(r io.Reader) *bytes.Buffer {
 
 			aps, ok := p.elsAndAttrs[token.Data]
 			if !ok {
-				if p.addSpaces {
+				aa, matched := p.matchRegex(token.Data)
+				if !matched {
+					if p.addSpaces && !matched {
 						buff.WriteString(" ")
 					}
 					break
 				}
+				aps = aa
+			}
 
 			if len(token.Attr) != 0 {
 				token.Attr = p.sanitizeAttrs(token.Data, token.Attr, aps)
@@ -202,19 +334,23 @@ func (p *Policy) sanitize(r io.Reader) *bytes.Buffer {
 			if len(token.Attr) == 0 && !p.allowNoAttrs(token.Data) {
 				if p.addSpaces {
 					buff.WriteString(" ")
-				}
 					break
 				}
-
+			}
 			if !skipElementContent {
+				// do not escape multiple query parameters
+				if linkable(token.Data) {
+					p.writeLinkableBuf(&buff, &token)
+				} else {
 					buff.WriteString(token.String())
 				}
+			}
 
 		case html.TextToken:
 
 			if !skipElementContent {
-				switch strings.ToLower(mostRecentlyStartedToken) {
+				switch mostRecentlyStartedToken {
-				case "javascript":
+				case "script":
 					// not encouraged, but if a policy allows JavaScript we
 					// should not HTML escape it as that would break the output
 					buff.WriteString(token.Data)
@@ -248,10 +384,47 @@ func (p *Policy) sanitizeAttrs(
 		return attrs
 	}
 
+	hasStylePolicies := false
+	sps, elementHasStylePolicies := p.elsAndStyles[elementName]
+	if len(p.globalStyles) > 0 || (elementHasStylePolicies && len(sps) > 0) {
+		hasStylePolicies = true
+	}
+	// no specific element policy found, look for a pattern match
+	if !hasStylePolicies{
+		for k, v := range p.elsMatchingAndStyles{
+			if k.MatchString(elementName) {
+				if len(v) > 0{
+					hasStylePolicies = true
+					break
+				}
+			}
+		}
+	}
+
 	// Builds a new attribute slice based on the whether the attribute has been
 	// whitelisted explicitly or globally.
 	cleanAttrs := []html.Attribute{}
 	for _, htmlAttr := range attrs {
+		if p.allowDataAttributes {
+			// If we see a data attribute, let it through.
+			if isDataAttribute(htmlAttr.Key) {
+				cleanAttrs = append(cleanAttrs, htmlAttr)
+				continue
+			}
+		}
+		// Is this a "style" attribute, and if so, do we need to sanitize it?
+		if htmlAttr.Key == "style" && hasStylePolicies {
+			htmlAttr = p.sanitizeStyles(htmlAttr, elementName)
+			if htmlAttr.Val == "" {
+				// We've sanitized away any and all styles; don't bother to
+				// output the style attribute (even if it's allowed)
+				continue
+			} else {
+				cleanAttrs = append(cleanAttrs, htmlAttr)
+				continue
+			}
+		}
+
 		// Is there an element specific attribute policy that applies?
 		if ap, ok := aps[htmlAttr.Key]; ok {
 			if ap.regexp != nil {
@@ -267,6 +440,7 @@ func (p *Policy) sanitizeAttrs(
 
 		// Is there a global attribute policy that applies?
 		if ap, ok := p.globalAttrs[htmlAttr.Key]; ok {
+
 			if ap.regexp != nil {
 				if ap.regexp.MatchString(htmlAttr.Val) {
 					cleanAttrs = append(cleanAttrs, htmlAttr)
@@ -332,6 +506,8 @@ func (p *Policy) sanitizeAttrs(
 
 		if (p.requireNoFollow ||
 			p.requireNoFollowFullyQualifiedLinks ||
+			p.requireNoReferrer ||
+			p.requireNoReferrerFullyQualifiedLinks ||
 			p.addTargetBlankToFullyQualifiedLinks) &&
 			len(cleanAttrs) > 0 {
 
@@ -359,12 +535,16 @@ func (p *Policy) sanitizeAttrs(
 				if hrefFound {
 					var (
 						noFollowFound    bool
+						noReferrerFound  bool
 						targetBlankFound bool
 					)
 
 					addNoFollow := (p.requireNoFollow ||
 						externalLink && p.requireNoFollowFullyQualifiedLinks)
 
+					addNoReferrer := (p.requireNoReferrer ||
+						externalLink && p.requireNoReferrerFullyQualifiedLinks)
+
 					addTargetBlank := (externalLink &&
 						p.addTargetBlankToFullyQualifiedLinks)
 
@@ -372,19 +552,19 @@ func (p *Policy) sanitizeAttrs(
 					for _, htmlAttr := range cleanAttrs {
 
 						var appended bool
-						if htmlAttr.Key == "rel" && addNoFollow {
+						if htmlAttr.Key == "rel" && (addNoFollow || addNoReferrer) {
 
-							if strings.Contains(htmlAttr.Val, "nofollow") {
+							if addNoFollow && !strings.Contains(htmlAttr.Val, "nofollow") {
-								noFollowFound = true
-								tmpAttrs = append(tmpAttrs, htmlAttr)
-								appended = true
-							} else {
 								htmlAttr.Val += " nofollow"
-								noFollowFound = true
+							}
+							if addNoReferrer && !strings.Contains(htmlAttr.Val, "noreferrer") {
+								htmlAttr.Val += " noreferrer"
+							}
+							noFollowFound = addNoFollow
+							noReferrerFound = addNoReferrer
 							tmpAttrs = append(tmpAttrs, htmlAttr)
 							appended = true
 						}
-						}
 
 						if elementName == "a" && htmlAttr.Key == "target" {
 							if htmlAttr.Val == "_blank" {
@@ -402,14 +582,22 @@ func (p *Policy) sanitizeAttrs(
 							tmpAttrs = append(tmpAttrs, htmlAttr)
 						}
 					}
-					if noFollowFound || targetBlankFound {
+					if noFollowFound || noReferrerFound || targetBlankFound {
 						cleanAttrs = tmpAttrs
 					}
 
-					if addNoFollow && !noFollowFound {
+					if (addNoFollow && !noFollowFound) || (addNoReferrer && !noReferrerFound) {
 						rel := html.Attribute{}
 						rel.Key = "rel"
+						if addNoFollow {
 							rel.Val = "nofollow"
+						}
+						if addNoReferrer {
+							if rel.Val != "" {
+								rel.Val += " "
+							}
+							rel.Val += "noreferrer"
+						}
 						cleanAttrs = append(cleanAttrs, rel)
 					}
 
@@ -479,20 +667,112 @@ func (p *Policy) sanitizeAttrs(
 	return cleanAttrs
 }
 
+func (p *Policy) sanitizeStyles(attr html.Attribute, elementName string) html.Attribute {
+	sps := p.elsAndStyles[elementName]
+	if len(sps) == 0{
+		sps = map[string]stylePolicy{}
+		// check for any matching elements, if we don't already have a policy found
+		// if multiple matches are found they will be overwritten, it's best
+		// to not have overlapping matchers
+		for regex, policies :=range p.elsMatchingAndStyles{
+			if regex.MatchString(elementName){
+				for k, v := range policies{
+					sps[k] = v
+				}
+			}
+		}
+	}
+
+	//Add semi-colon to end to fix parsing issue
+	if len(attr.Val) > 0 && attr.Val[len(attr.Val)-1] != ';' {
+		attr.Val = attr.Val + ";"
+	}
+	decs, err := cssparser.ParseDeclarations(attr.Val)
+	if err != nil {
+		attr.Val = ""
+		return attr
+	}
+	clean := []string{}
+	prefixes := []string{"-webkit-", "-moz-", "-ms-", "-o-", "mso-", "-xv-", "-atsc-", "-wap-", "-khtml-", "prince-", "-ah-", "-hp-", "-ro-", "-rim-", "-tc-"}
+
+	for _, dec := range decs {
+		addedProperty := false
+		tempProperty := strings.ToLower(dec.Property)
+		tempValue := removeUnicode(strings.ToLower(dec.Value))
+		for _, i := range prefixes {
+			tempProperty = strings.TrimPrefix(tempProperty, i)
+		}
+		if sp, ok := sps[tempProperty]; ok {
+			if sp.handler != nil {
+				if sp.handler(tempValue) {
+					clean = append(clean, dec.Property+": "+dec.Value)
+					addedProperty = true
+				}
+			} else if len(sp.enum) > 0 {
+				if stringInSlice(tempValue, sp.enum) {
+					clean = append(clean, dec.Property+": "+dec.Value)
+					addedProperty = true
+				}
+			} else if sp.regexp != nil {
+				if sp.regexp.MatchString(tempValue) {
+					clean = append(clean, dec.Property+": "+dec.Value)
+					addedProperty = true
+				}
+				continue
+			}
+		}
+		if sp, ok := p.globalStyles[tempProperty]; ok && !addedProperty {
+			if sp.handler != nil {
+				if sp.handler(tempValue) {
+					clean = append(clean, dec.Property+": "+dec.Value)
+				}
+			} else if len(sp.enum) > 0 {
+				if stringInSlice(tempValue, sp.enum) {
+					clean = append(clean, dec.Property+": "+dec.Value)
+				}
+			} else if sp.regexp != nil {
+				if sp.regexp.MatchString(tempValue) {
+					clean = append(clean, dec.Property+": "+dec.Value)
+				}
+				continue
+			}
+		}
+	}
+	if len(clean) > 0 {
+		attr.Val = strings.Join(clean, "; ")
+	} else {
+		attr.Val = ""
+	}
+	return attr
+}
+
 func (p *Policy) allowNoAttrs(elementName string) bool {
 	_, ok := p.setOfElementsAllowedWithoutAttrs[elementName]
+	if !ok {
+		for _, r := range p.setOfElementsMatchingAllowedWithoutAttrs {
+			if r.MatchString(elementName) {
+				ok = true
+				break
+			}
+		}
+	}
 	return ok
 }
 
 func (p *Policy) validURL(rawurl string) (string, bool) {
 	if p.requireParseableURLs {
-		// URLs do not contain whitespace
+		// URLs are valid if when space is trimmed the URL is valid
-		if strings.Contains(rawurl, " ") ||
+		rawurl = strings.TrimSpace(rawurl)
+
+		// URLs cannot contain whitespace, unless it is a data-uri
+		if (strings.Contains(rawurl, " ") ||
 			strings.Contains(rawurl, "\t") ||
-			strings.Contains(rawurl, "\n") {
+			strings.Contains(rawurl, "\n")) &&
+			!strings.HasPrefix(rawurl, `data:`) {
 			return "", false
 		}
 
+		// URLs are valid if they parse
 		u, err := url.Parse(rawurl)
 		if err != nil {
 			return "", false
@@ -533,3 +813,77 @@ func linkable(elementName string) bool {
 		return false
 	}
 }
+
+// stringInSlice returns true if needle exists in haystack
+func stringInSlice(needle string, haystack []string) bool {
+	for _, straw := range haystack {
+		if strings.ToLower(straw) == strings.ToLower(needle) {
+			return true
+		}
+	}
+	return false
+}
+
+func isDataAttribute(val string) bool {
+	if !dataAttribute.MatchString(val) {
+		return false
+	}
+	rest := strings.Split(val, "data-")
+	if len(rest) == 1 {
+		return false
+	}
+	// data-xml* is invalid.
+	if dataAttributeXMLPrefix.MatchString(rest[1]) {
+		return false
+	}
+	// no uppercase or semi-colons allowed.
+	if dataAttributeInvalidChars.MatchString(rest[1]) {
+		return false
+	}
+	return true
+}
+
+func removeUnicode(value string) string {
+	substitutedValue := value
+	currentLoc := cssUnicodeChar.FindStringIndex(substitutedValue)
+	for currentLoc != nil {
+
+		character := substitutedValue[currentLoc[0]+1 : currentLoc[1]]
+		character = strings.TrimSpace(character)
+		if len(character) < 4 {
+			character = strings.Repeat("0", 4-len(character)) + character
+		} else {
+			for len(character) > 4 {
+				if character[0] != '0' {
+					character = ""
+					break
+				} else {
+					character = character[1:]
+				}
+			}
+		}
+		character = "\\u" + character
+		translatedChar, err := strconv.Unquote(`"` + character + `"`)
+		translatedChar = strings.TrimSpace(translatedChar)
+		if err != nil {
+			return ""
+		}
+		substitutedValue = substitutedValue[0:currentLoc[0]] + translatedChar + substitutedValue[currentLoc[1]:]
+		currentLoc = cssUnicodeChar.FindStringIndex(substitutedValue)
+	}
+	return substitutedValue
+}
+
+func (p *Policy) matchRegex(elementName string ) (map[string]attrPolicy, bool) {
+	aps := make(map[string]attrPolicy, 0)
+	matched := false
+	for regex, attrs := range p.elsMatchingAndAttrs {
+		if regex.MatchString(elementName) {
+			matched = true
+			for k, v := range attrs {
+				aps[k] = v
+			}
+		}
+	}
+	return aps, matched
+}

vendor/golang.org/x/sys/unix/errors_freebsd_386.go

@@ -8,6 +8,7 @@
 package unix
 
 const (
+	DLT_HHDLC                         = 0x79
 	IFF_SMART                         = 0x20
 	IFT_1822                          = 0x2
 	IFT_A12MPPSWITCH                  = 0x82
@@ -210,13 +211,18 @@ const (
 	IFT_XETHER                        = 0x1a
 	IPPROTO_MAXID                     = 0x34
 	IPV6_FAITH                        = 0x1d
+	IPV6_MIN_MEMBERSHIPS              = 0x1f
 	IP_FAITH                          = 0x16
+	IP_MAX_SOURCE_FILTER              = 0x400
+	IP_MIN_MEMBERSHIPS                = 0x1f
 	MAP_NORESERVE                     = 0x40
 	MAP_RENAME                        = 0x20
 	NET_RT_MAXID                      = 0x6
 	RTF_PRCLONING                     = 0x10000
 	RTM_OLDADD                        = 0x9
 	RTM_OLDDEL                        = 0xa
+	RT_CACHING_CONTEXT                = 0x1
+	RT_NORTREF                        = 0x2
 	SIOCADDRT                         = 0x8030720a
 	SIOCALIFADDR                      = 0x8118691b
 	SIOCDELRT                         = 0x8030720b

vendor/golang.org/x/sys/unix/errors_freebsd_amd64.go

@@ -8,6 +8,7 @@
 package unix
 
 const (
+	DLT_HHDLC                         = 0x79
 	IFF_SMART                         = 0x20
 	IFT_1822                          = 0x2
 	IFT_A12MPPSWITCH                  = 0x82
@@ -210,13 +211,18 @@ const (
 	IFT_XETHER                        = 0x1a
 	IPPROTO_MAXID                     = 0x34
 	IPV6_FAITH                        = 0x1d
+	IPV6_MIN_MEMBERSHIPS              = 0x1f
 	IP_FAITH                          = 0x16
+	IP_MAX_SOURCE_FILTER              = 0x400
+	IP_MIN_MEMBERSHIPS                = 0x1f
 	MAP_NORESERVE                     = 0x40
 	MAP_RENAME                        = 0x20
 	NET_RT_MAXID                      = 0x6
 	RTF_PRCLONING                     = 0x10000
 	RTM_OLDADD                        = 0x9
 	RTM_OLDDEL                        = 0xa
+	RT_CACHING_CONTEXT                = 0x1
+	RT_NORTREF                        = 0x2
 	SIOCADDRT                         = 0x8040720a
 	SIOCALIFADDR                      = 0x8118691b
 	SIOCDELRT                         = 0x8040720b

vendor/golang.org/x/sys/unix/errors_freebsd_arm64.go

@@ -0,0 +1,17 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Constants that were deprecated or moved to enums in the FreeBSD headers. Keep
+// them here for backwards compatibility.
+
+package unix
+
+const (
+	DLT_HHDLC            = 0x79
+	IPV6_MIN_MEMBERSHIPS = 0x1f
+	IP_MAX_SOURCE_FILTER = 0x400
+	IP_MIN_MEMBERSHIPS   = 0x1f
+	RT_CACHING_CONTEXT   = 0x1
+	RT_NORTREF           = 0x2
+)

vendor/golang.org/x/sys/unix/mkall.sh

@@ -124,7 +124,7 @@ freebsd_arm)
 freebsd_arm64)
 	mkerrors="$mkerrors -m64"
 	mksysnum="go run mksysnum.go 'https://svn.freebsd.org/base/stable/11/sys/kern/syscalls.master'"
-	mktypes="GOARCH=$GOARCH go tool cgo -godefs"
+	mktypes="GOARCH=$GOARCH go tool cgo -godefs -- -fsigned-char"
 	;;
 netbsd_386)
 	mkerrors="$mkerrors -m32"
@@ -190,6 +190,12 @@ solaris_amd64)
 	mksysnum=
 	mktypes="GOARCH=$GOARCH go tool cgo -godefs"
 	;;
+illumos_amd64)
+        mksyscall="go run mksyscall_solaris.go"
+	mkerrors=
+	mksysnum=
+	mktypes=
+	;;
 *)
 	echo 'unrecognized $GOOS_$GOARCH: ' "$GOOSARCH" 1>&2
 	exit 1
@@ -217,6 +223,11 @@ esac
 				echo "$mksyscall -tags $GOOS,$GOARCH,go1.12 $syscall_goos $GOOSARCH_in |gofmt >zsyscall_$GOOSARCH.go";
 				# 1.13 and later, syscalls via libSystem (including syscallPtr)
 				echo "$mksyscall -tags $GOOS,$GOARCH,go1.13 syscall_darwin.1_13.go |gofmt >zsyscall_$GOOSARCH.1_13.go";
+			elif [ "$GOOS" == "illumos" ]; then
+			        # illumos code generation requires a --illumos switch
+			        echo "$mksyscall -illumos -tags illumos,$GOARCH syscall_illumos.go |gofmt > zsyscall_illumos_$GOARCH.go";
+			        # illumos implies solaris, so solaris code generation is also required
+				echo "$mksyscall -tags solaris,$GOARCH syscall_solaris.go syscall_solaris_$GOARCH.go |gofmt >zsyscall_solaris_$GOARCH.go";
 			else
 				echo "$mksyscall -tags $GOOS,$GOARCH $syscall_goos $GOOSARCH_in |gofmt >zsyscall_$GOOSARCH.go";
 			fi

vendor/golang.org/x/sys/unix/mkerrors.sh

@@ -105,6 +105,7 @@ includes_FreeBSD='
 #include <sys/capsicum.h>
 #include <sys/param.h>
 #include <sys/types.h>
+#include <sys/disk.h>
 #include <sys/event.h>
 #include <sys/select.h>
 #include <sys/socket.h>
@@ -280,6 +281,11 @@ struct ltchars {
 // for the tipc_subscr timeout __u32 field.
 #undef TIPC_WAIT_FOREVER
 #define TIPC_WAIT_FOREVER 0xffffffff
+
+// Copied from linux/l2tp.h
+// Including linux/l2tp.h here causes conflicts between linux/in.h
+// and netinet/in.h included via net/route.h above.
+#define IPPROTO_L2TP		115
 '
 
 includes_NetBSD='
@@ -488,6 +494,7 @@ ccflags="$@"
 		$2 !~ "RTF_BITS" &&
 		$2 ~ /^(IFF|IFT|NET_RT|RTM(GRP)?|RTF|RTV|RTA|RTAX)_/ ||
 		$2 ~ /^BIOC/ ||
+		$2 ~ /^DIOC/ ||
 		$2 ~ /^RUSAGE_(SELF|CHILDREN|THREAD)/ ||
 		$2 ~ /^RLIMIT_(AS|CORE|CPU|DATA|FSIZE|LOCKS|MEMLOCK|MSGQUEUE|NICE|NOFILE|NPROC|RSS|RTPRIO|RTTIME|SIGPENDING|STACK)|RLIM_INFINITY/ ||
 		$2 ~ /^PRIO_(PROCESS|PGRP|USER)/ ||

vendor/golang.org/x/sys/unix/syscall_freebsd.go

@@ -521,10 +521,6 @@ func PtraceGetFpRegs(pid int, fpregsout *FpReg) (err error) {
 	return ptrace(PTRACE_GETFPREGS, pid, uintptr(unsafe.Pointer(fpregsout)), 0)
 }
 
-func PtraceGetFsBase(pid int, fsbase *int64) (err error) {
-	return ptrace(PTRACE_GETFSBASE, pid, uintptr(unsafe.Pointer(fsbase)), 0)
-}
-
 func PtraceGetRegs(pid int, regsout *Reg) (err error) {
 	return ptrace(PTRACE_GETREGS, pid, uintptr(unsafe.Pointer(regsout)), 0)
 }

vendor/golang.org/x/sys/unix/syscall_freebsd_386.go

@@ -55,6 +55,10 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e
 
 func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno)
 
+func PtraceGetFsBase(pid int, fsbase *int64) (err error) {
+	return ptrace(PTRACE_GETFSBASE, pid, uintptr(unsafe.Pointer(fsbase)), 0)
+}
+
 func PtraceIO(req int, pid int, addr uintptr, out []byte, countin int) (count int, err error) {
 	ioDesc := PtraceIoDesc{Op: int32(req), Offs: (*byte)(unsafe.Pointer(addr)), Addr: (*byte)(unsafe.Pointer(&out[0])), Len: uint32(countin)}
 	err = ptrace(PTRACE_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0)

vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go

@@ -55,6 +55,10 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e
 
 func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno)
 
+func PtraceGetFsBase(pid int, fsbase *int64) (err error) {
+	return ptrace(PTRACE_GETFSBASE, pid, uintptr(unsafe.Pointer(fsbase)), 0)
+}
+
 func PtraceIO(req int, pid int, addr uintptr, out []byte, countin int) (count int, err error) {
 	ioDesc := PtraceIoDesc{Op: int32(req), Offs: (*byte)(unsafe.Pointer(addr)), Addr: (*byte)(unsafe.Pointer(&out[0])), Len: uint64(countin)}
 	err = ptrace(PTRACE_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0)

vendor/golang.org/x/sys/unix/syscall_illumos.go

@@ -0,0 +1,57 @@
+// Copyright 2009 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// illumos system calls not present on Solaris.
+
+// +build amd64,illumos
+
+package unix
+
+import "unsafe"
+
+func bytes2iovec(bs [][]byte) []Iovec {
+	iovecs := make([]Iovec, len(bs))
+	for i, b := range bs {
+		iovecs[i].SetLen(len(b))
+		if len(b) > 0 {
+			// somehow Iovec.Base on illumos is (*int8), not (*byte)
+			iovecs[i].Base = (*int8)(unsafe.Pointer(&b[0]))
+		} else {
+			iovecs[i].Base = (*int8)(unsafe.Pointer(&_zero))
+		}
+	}
+	return iovecs
+}
+
+//sys   readv(fd int, iovs []Iovec) (n int, err error)
+
+func Readv(fd int, iovs [][]byte) (n int, err error) {
+	iovecs := bytes2iovec(iovs)
+	n, err = readv(fd, iovecs)
+	return n, err
+}
+
+//sys   preadv(fd int, iovs []Iovec, off int64) (n int, err error)
+
+func Preadv(fd int, iovs [][]byte, off int64) (n int, err error) {
+	iovecs := bytes2iovec(iovs)
+	n, err = preadv(fd, iovecs, off)
+	return n, err
+}
+
+//sys   writev(fd int, iovs []Iovec) (n int, err error)
+
+func Writev(fd int, iovs [][]byte) (n int, err error) {
+	iovecs := bytes2iovec(iovs)
+	n, err = writev(fd, iovecs)
+	return n, err
+}
+
+//sys   pwritev(fd int, iovs []Iovec, off int64) (n int, err error)
+
+func Pwritev(fd int, iovs [][]byte, off int64) (n int, err error) {
+	iovecs := bytes2iovec(iovs)
+	n, err = pwritev(fd, iovecs, off)
+	return n, err
+}

vendor/golang.org/x/sys/unix/syscall_linux.go

@@ -839,6 +839,40 @@ func (sa *SockaddrTIPC) sockaddr() (unsafe.Pointer, _Socklen, error) {
 	return unsafe.Pointer(&sa.raw), SizeofSockaddrTIPC, nil
 }
 
+// SockaddrL2TPIP implements the Sockaddr interface for IPPROTO_L2TP/AF_INET sockets.
+type SockaddrL2TPIP struct {
+	Addr   [4]byte
+	ConnId uint32
+	raw    RawSockaddrL2TPIP
+}
+
+func (sa *SockaddrL2TPIP) sockaddr() (unsafe.Pointer, _Socklen, error) {
+	sa.raw.Family = AF_INET
+	sa.raw.Conn_id = sa.ConnId
+	for i := 0; i < len(sa.Addr); i++ {
+		sa.raw.Addr[i] = sa.Addr[i]
+	}
+	return unsafe.Pointer(&sa.raw), SizeofSockaddrL2TPIP, nil
+}
+
+// SockaddrL2TPIP6 implements the Sockaddr interface for IPPROTO_L2TP/AF_INET6 sockets.
+type SockaddrL2TPIP6 struct {
+	Addr   [16]byte
+	ZoneId uint32
+	ConnId uint32
+	raw    RawSockaddrL2TPIP6
+}
+
+func (sa *SockaddrL2TPIP6) sockaddr() (unsafe.Pointer, _Socklen, error) {
+	sa.raw.Family = AF_INET6
+	sa.raw.Conn_id = sa.ConnId
+	sa.raw.Scope_id = sa.ZoneId
+	for i := 0; i < len(sa.Addr); i++ {
+		sa.raw.Addr[i] = sa.Addr[i]
+	}
+	return unsafe.Pointer(&sa.raw), SizeofSockaddrL2TPIP6, nil
+}
+
 func anyToSockaddr(fd int, rsa *RawSockaddrAny) (Sockaddr, error) {
 	switch rsa.Addr.Family {
 	case AF_NETLINK:
@@ -889,6 +923,21 @@ func anyToSockaddr(fd int, rsa *RawSockaddrAny) (Sockaddr, error) {
 		return sa, nil
 
 	case AF_INET:
+		proto, err := GetsockoptInt(fd, SOL_SOCKET, SO_PROTOCOL)
+		if err != nil {
+			return nil, err
+		}
+
+		switch proto {
+		case IPPROTO_L2TP:
+			pp := (*RawSockaddrL2TPIP)(unsafe.Pointer(rsa))
+			sa := new(SockaddrL2TPIP)
+			sa.ConnId = pp.Conn_id
+			for i := 0; i < len(sa.Addr); i++ {
+				sa.Addr[i] = pp.Addr[i]
+			}
+			return sa, nil
+		default:
 			pp := (*RawSockaddrInet4)(unsafe.Pointer(rsa))
 			sa := new(SockaddrInet4)
 			p := (*[2]byte)(unsafe.Pointer(&pp.Port))
@@ -897,8 +946,25 @@ func anyToSockaddr(fd int, rsa *RawSockaddrAny) (Sockaddr, error) {
 				sa.Addr[i] = pp.Addr[i]
 			}
 			return sa, nil
+		}
 
 	case AF_INET6:
+		proto, err := GetsockoptInt(fd, SOL_SOCKET, SO_PROTOCOL)
+		if err != nil {
+			return nil, err
+		}
+
+		switch proto {
+		case IPPROTO_L2TP:
+			pp := (*RawSockaddrL2TPIP6)(unsafe.Pointer(rsa))
+			sa := new(SockaddrL2TPIP6)
+			sa.ConnId = pp.Conn_id
+			sa.ZoneId = pp.Scope_id
+			for i := 0; i < len(sa.Addr); i++ {
+				sa.Addr[i] = pp.Addr[i]
+			}
+			return sa, nil
+		default:
 			pp := (*RawSockaddrInet6)(unsafe.Pointer(rsa))
 			sa := new(SockaddrInet6)
 			p := (*[2]byte)(unsafe.Pointer(&pp.Port))
@@ -908,6 +974,7 @@ func anyToSockaddr(fd int, rsa *RawSockaddrAny) (Sockaddr, error) {
 				sa.Addr[i] = pp.Addr[i]
 			}
 			return sa, nil
+		}
 
 	case AF_VSOCK:
 		pp := (*RawSockaddrVM)(unsafe.Pointer(rsa))

vendor/golang.org/x/sys/unix/syscall_unix.go

@@ -76,7 +76,7 @@ func SignalName(s syscall.Signal) string {
 // The signal name should start with "SIG".
 func SignalNum(s string) syscall.Signal {
 	signalNameMapOnce.Do(func() {
-		signalNameMap = make(map[string]syscall.Signal)
+		signalNameMap = make(map[string]syscall.Signal, len(signalList))
 		for _, signal := range signalList {
 			signalNameMap[signal.name] = signal.num
 		}

vendor/golang.org/x/sys/unix/zerrors_freebsd_386.go

@@ -355,6 +355,22 @@ const (
 	CTL_KERN                       = 0x1
 	CTL_MAXNAME                    = 0x18
 	CTL_NET                        = 0x4
+	DIOCGATTR                      = 0xc144648e
+	DIOCGDELETE                    = 0x80106488
+	DIOCGFLUSH                     = 0x20006487
+	DIOCGFRONTSTUFF                = 0x40086486
+	DIOCGFWHEADS                   = 0x40046483
+	DIOCGFWSECTORS                 = 0x40046482
+	DIOCGIDENT                     = 0x41006489
+	DIOCGMEDIASIZE                 = 0x40086481
+	DIOCGPHYSPATH                  = 0x4400648d
+	DIOCGPROVIDERNAME              = 0x4400648a
+	DIOCGSECTORSIZE                = 0x40046480
+	DIOCGSTRIPEOFFSET              = 0x4008648c
+	DIOCGSTRIPESIZE                = 0x4008648b
+	DIOCSKERNELDUMP                = 0x804c6490
+	DIOCSKERNELDUMP_FREEBSD11      = 0x80046485
+	DIOCZONECMD                    = 0xc06c648f
 	DLT_A429                       = 0xb8
 	DLT_A653_ICM                   = 0xb9
 	DLT_AIRONET_HEADER             = 0x78
@@ -379,11 +395,14 @@ const (
 	DLT_CHAOS                      = 0x5
 	DLT_CHDLC                      = 0x68
 	DLT_CISCO_IOS                  = 0x76
+	DLT_CLASS_NETBSD_RAWAF         = 0x2240000
 	DLT_C_HDLC                     = 0x68
 	DLT_C_HDLC_WITH_DIR            = 0xcd
 	DLT_DBUS                       = 0xe7
 	DLT_DECT                       = 0xdd
+	DLT_DISPLAYPORT_AUX            = 0x113
 	DLT_DOCSIS                     = 0x8f
+	DLT_DOCSIS31_XRA31             = 0x111
 	DLT_DVB_CI                     = 0xeb
 	DLT_ECONET                     = 0x73
 	DLT_EN10MB                     = 0x1
@@ -393,6 +412,7 @@ const (
 	DLT_ERF                        = 0xc5
 	DLT_ERF_ETH                    = 0xaf
 	DLT_ERF_POS                    = 0xb0
+	DLT_ETHERNET_MPACKET           = 0x112
 	DLT_FC_2                       = 0xe0
 	DLT_FC_2_WITH_FRAME_DELIMS     = 0xe1
 	DLT_FDDI                       = 0xa
@@ -406,7 +426,6 @@ const (
 	DLT_GPRS_LLC                   = 0xa9
 	DLT_GSMTAP_ABIS                = 0xda
 	DLT_GSMTAP_UM                  = 0xd9
-	DLT_HHDLC                      = 0x79
 	DLT_IBM_SN                     = 0x92
 	DLT_IBM_SP                     = 0x91
 	DLT_IEEE802                    = 0x6
@@ -429,6 +448,7 @@ const (
 	DLT_IPV4                       = 0xe4
 	DLT_IPV6                       = 0xe5
 	DLT_IP_OVER_FC                 = 0x7a
+	DLT_ISO_14443                  = 0x108
 	DLT_JUNIPER_ATM1               = 0x89
 	DLT_JUNIPER_ATM2               = 0x87
 	DLT_JUNIPER_ATM_CEMIC          = 0xee
@@ -461,8 +481,9 @@ const (
 	DLT_LINUX_PPP_WITHDIRECTION    = 0xa6
 	DLT_LINUX_SLL                  = 0x71
 	DLT_LOOP                       = 0x6c
+	DLT_LORATAP                    = 0x10e
 	DLT_LTALK                      = 0x72
-	DLT_MATCHING_MAX               = 0x104
+	DLT_MATCHING_MAX               = 0x113
 	DLT_MATCHING_MIN               = 0x68
 	DLT_MFR                        = 0xb6
 	DLT_MOST                       = 0xd3
@@ -478,14 +499,16 @@ const (
 	DLT_NFC_LLCP                   = 0xf5
 	DLT_NFLOG                      = 0xef
 	DLT_NG40                       = 0xf4
+	DLT_NORDIC_BLE                 = 0x110
 	DLT_NULL                       = 0x0
+	DLT_OPENFLOW                   = 0x10b
 	DLT_PCI_EXP                    = 0x7d
 	DLT_PFLOG                      = 0x75
 	DLT_PFSYNC                     = 0x79
 	DLT_PKTAP                      = 0x102
 	DLT_PPI                        = 0xc0
 	DLT_PPP                        = 0x9
-	DLT_PPP_BSDOS                  = 0x10
+	DLT_PPP_BSDOS                  = 0xe
 	DLT_PPP_ETHER                  = 0x33
 	DLT_PPP_PPPD                   = 0xa6
 	DLT_PPP_SERIAL                 = 0x32
@@ -496,19 +519,25 @@ const (
 	DLT_PRONET                     = 0x4
 	DLT_RAIF1                      = 0xc6
 	DLT_RAW                        = 0xc
+	DLT_RDS                        = 0x109
+	DLT_REDBACK_SMARTEDGE          = 0x20
 	DLT_RIO                        = 0x7c
 	DLT_RTAC_SERIAL                = 0xfa
 	DLT_SCCP                       = 0x8e
 	DLT_SCTP                       = 0xf8
+	DLT_SDLC                       = 0x10c
 	DLT_SITA                       = 0xc4
 	DLT_SLIP                       = 0x8
-	DLT_SLIP_BSDOS                 = 0xf
+	DLT_SLIP_BSDOS                 = 0xd
 	DLT_STANAG_5066_D_PDU          = 0xed
 	DLT_SUNATM                     = 0x7b
 	DLT_SYMANTEC_FIREWALL          = 0x63
+	DLT_TI_LLN_SNIFFER             = 0x10d
 	DLT_TZSP                       = 0x80
 	DLT_USB                        = 0xba
 	DLT_USBPCAP                    = 0xf9
+	DLT_USB_DARWIN                 = 0x10a
+	DLT_USB_FREEBSD                = 0xba
 	DLT_USB_LINUX                  = 0xbd
 	DLT_USB_LINUX_MMAPPED          = 0xdc
 	DLT_USER0                      = 0x93
@@ -527,10 +556,14 @@ const (
 	DLT_USER7                      = 0x9a
 	DLT_USER8                      = 0x9b
 	DLT_USER9                      = 0x9c
+	DLT_VSOCK                      = 0x10f
+	DLT_WATTSTOPPER_DLM            = 0x107
 	DLT_WIHART                     = 0xdf
 	DLT_WIRESHARK_UPPER_PDU        = 0xfc
 	DLT_X2E_SERIAL                 = 0xd5
 	DLT_X2E_XORAYA                 = 0xd6
+	DLT_ZWAVE_R1_R2                = 0x105
+	DLT_ZWAVE_R3                   = 0x106
 	DT_BLK                         = 0x6
 	DT_CHR                         = 0x2
 	DT_DIR                         = 0x4
@@ -548,6 +581,7 @@ const (
 	ECHONL                         = 0x10
 	ECHOPRT                        = 0x20
 	EVFILT_AIO                     = -0x3
+	EVFILT_EMPTY                   = -0xd
 	EVFILT_FS                      = -0x9
 	EVFILT_LIO                     = -0xa
 	EVFILT_PROC                    = -0x5
@@ -555,11 +589,12 @@ const (
 	EVFILT_READ                    = -0x1
 	EVFILT_SENDFILE                = -0xc
 	EVFILT_SIGNAL                  = -0x6
-	EVFILT_SYSCOUNT                = 0xc
+	EVFILT_SYSCOUNT                = 0xd
 	EVFILT_TIMER                   = -0x7
 	EVFILT_USER                    = -0xb
 	EVFILT_VNODE                   = -0x4
 	EVFILT_WRITE                   = -0x2
+	EVNAMEMAP_NAME_SIZE            = 0x40
 	EV_ADD                         = 0x1
 	EV_CLEAR                       = 0x20
 	EV_DELETE                      = 0x2
@@ -576,6 +611,7 @@ const (
 	EV_RECEIPT                     = 0x40
 	EV_SYSFLAGS                    = 0xf000
 	EXTA                           = 0x4b00
+	EXTATTR_MAXNAMELEN             = 0xff
 	EXTATTR_NAMESPACE_EMPTY        = 0x0
 	EXTATTR_NAMESPACE_SYSTEM       = 0x2
 	EXTATTR_NAMESPACE_USER         = 0x1
@@ -617,6 +653,7 @@ const (
 	IEXTEN                         = 0x400
 	IFAN_ARRIVAL                   = 0x0
 	IFAN_DEPARTURE                 = 0x1
+	IFCAP_WOL_MAGIC                = 0x2000
 	IFF_ALLMULTI                   = 0x200
 	IFF_ALTPHYS                    = 0x4000
 	IFF_BROADCAST                  = 0x2
@@ -633,6 +670,7 @@ const (
 	IFF_MONITOR                    = 0x40000
 	IFF_MULTICAST                  = 0x8000
 	IFF_NOARP                      = 0x80
+	IFF_NOGROUP                    = 0x800000
 	IFF_OACTIVE                    = 0x400
 	IFF_POINTOPOINT                = 0x10
 	IFF_PPROMISC                   = 0x20000
@@ -807,6 +845,7 @@ const (
 	IPV6_DSTOPTS                   = 0x32
 	IPV6_FLOWID                    = 0x43
 	IPV6_FLOWINFO_MASK             = 0xffffff0f
+	IPV6_FLOWLABEL_LEN             = 0x14
 	IPV6_FLOWLABEL_MASK            = 0xffff0f00
 	IPV6_FLOWTYPE                  = 0x44
 	IPV6_FRAGTTL                   = 0x78
@@ -827,13 +866,13 @@ const (
 	IPV6_MAX_GROUP_SRC_FILTER      = 0x200
 	IPV6_MAX_MEMBERSHIPS           = 0xfff
 	IPV6_MAX_SOCK_SRC_FILTER       = 0x80
-	IPV6_MIN_MEMBERSHIPS           = 0x1f
 	IPV6_MMTU                      = 0x500
 	IPV6_MSFILTER                  = 0x4a
 	IPV6_MULTICAST_HOPS            = 0xa
 	IPV6_MULTICAST_IF              = 0x9
 	IPV6_MULTICAST_LOOP            = 0xb
 	IPV6_NEXTHOP                   = 0x30
+	IPV6_ORIGDSTADDR               = 0x48
 	IPV6_PATHMTU                   = 0x2c
 	IPV6_PKTINFO                   = 0x2e
 	IPV6_PORTRANGE                 = 0xe
@@ -845,6 +884,7 @@ const (
 	IPV6_RECVFLOWID                = 0x46
 	IPV6_RECVHOPLIMIT              = 0x25
 	IPV6_RECVHOPOPTS               = 0x27
+	IPV6_RECVORIGDSTADDR           = 0x48
 	IPV6_RECVPATHMTU               = 0x2b
 	IPV6_RECVPKTINFO               = 0x24
 	IPV6_RECVRSSBUCKETID           = 0x47
@@ -905,10 +945,8 @@ const (
 	IP_MAX_MEMBERSHIPS             = 0xfff
 	IP_MAX_SOCK_MUTE_FILTER        = 0x80
 	IP_MAX_SOCK_SRC_FILTER         = 0x80
-	IP_MAX_SOURCE_FILTER           = 0x400
 	IP_MF                          = 0x2000
 	IP_MINTTL                      = 0x42
-	IP_MIN_MEMBERSHIPS             = 0x1f
 	IP_MSFILTER                    = 0x4a
 	IP_MSS                         = 0x240
 	IP_MULTICAST_IF                = 0x9
@@ -918,6 +956,7 @@ const (
 	IP_OFFMASK                     = 0x1fff
 	IP_ONESBCAST                   = 0x17
 	IP_OPTIONS                     = 0x1
+	IP_ORIGDSTADDR                 = 0x1b
 	IP_PORTRANGE                   = 0x13
 	IP_PORTRANGE_DEFAULT           = 0x0
 	IP_PORTRANGE_HIGH              = 0x1
@@ -926,6 +965,7 @@ const (
 	IP_RECVFLOWID                  = 0x5d
 	IP_RECVIF                      = 0x14
 	IP_RECVOPTS                    = 0x5
+	IP_RECVORIGDSTADDR             = 0x1b
 	IP_RECVRETOPTS                 = 0x6
 	IP_RECVRSSBUCKETID             = 0x5e
 	IP_RECVTOS                     = 0x44
@@ -975,6 +1015,7 @@ const (
 	MAP_EXCL                       = 0x4000
 	MAP_FILE                       = 0x0
 	MAP_FIXED                      = 0x10
+	MAP_GUARD                      = 0x2000
 	MAP_HASSEMAPHORE               = 0x200
 	MAP_NOCORE                     = 0x20000
 	MAP_NOSYNC                     = 0x800
@@ -986,6 +1027,15 @@ const (
 	MAP_RESERVED0100               = 0x100
 	MAP_SHARED                     = 0x1
 	MAP_STACK                      = 0x400
+	MCAST_BLOCK_SOURCE             = 0x54
+	MCAST_EXCLUDE                  = 0x2
+	MCAST_INCLUDE                  = 0x1
+	MCAST_JOIN_GROUP               = 0x50
+	MCAST_JOIN_SOURCE_GROUP        = 0x52
+	MCAST_LEAVE_GROUP              = 0x51
+	MCAST_LEAVE_SOURCE_GROUP       = 0x53
+	MCAST_UNBLOCK_SOURCE           = 0x55
+	MCAST_UNDEFINED                = 0x0
 	MCL_CURRENT                    = 0x1
 	MCL_FUTURE                     = 0x2
 	MNT_ACLS                       = 0x8000000
@@ -1026,10 +1076,12 @@ const (
 	MNT_SUSPEND                    = 0x4
 	MNT_SYNCHRONOUS                = 0x2
 	MNT_UNION                      = 0x20
+	MNT_UNTRUSTED                  = 0x800000000
 	MNT_UPDATE                     = 0x10000
-	MNT_UPDATEMASK                 = 0x2d8d0807e
+	MNT_UPDATEMASK                 = 0xad8d0807e
 	MNT_USER                       = 0x8000
-	MNT_VISFLAGMASK                = 0x3fef0ffff
+	MNT_VERIFIED                   = 0x400000000
+	MNT_VISFLAGMASK                = 0xffef0ffff
 	MNT_WAIT                       = 0x1
 	MSG_CMSG_CLOEXEC               = 0x40000
 	MSG_COMPAT                     = 0x8000
@@ -1058,6 +1110,7 @@ const (
 	NFDBITS                        = 0x20
 	NOFLSH                         = 0x80000000
 	NOKERNINFO                     = 0x2000000
+	NOTE_ABSTIME                   = 0x10
 	NOTE_ATTRIB                    = 0x8
 	NOTE_CHILD                     = 0x4
 	NOTE_CLOSE                     = 0x100
@@ -1212,7 +1265,6 @@ const (
 	RTV_WEIGHT                     = 0x100
 	RT_ALL_FIBS                    = -0x1
 	RT_BLACKHOLE                   = 0x40
-	RT_CACHING_CONTEXT             = 0x1
 	RT_DEFAULT_FIB                 = 0x0
 	RT_HAS_GW                      = 0x80
 	RT_HAS_HEADER                  = 0x10
@@ -1222,15 +1274,17 @@ const (
 	RT_LLE_CACHE                   = 0x100
 	RT_MAY_LOOP                    = 0x8
 	RT_MAY_LOOP_BIT                = 0x3
-	RT_NORTREF                     = 0x2
 	RT_REJECT                      = 0x20
 	RUSAGE_CHILDREN                = -0x1
 	RUSAGE_SELF                    = 0x0
 	RUSAGE_THREAD                  = 0x1
 	SCM_BINTIME                    = 0x4
 	SCM_CREDS                      = 0x3
+	SCM_MONOTONIC                  = 0x6
+	SCM_REALTIME                   = 0x5
 	SCM_RIGHTS                     = 0x1
 	SCM_TIMESTAMP                  = 0x2
+	SCM_TIME_INFO                  = 0x7
 	SHUT_RD                        = 0x0
 	SHUT_RDWR                      = 0x2
 	SHUT_WR                        = 0x1
@@ -1246,6 +1300,7 @@ const (
 	SIOCGETSGCNT                   = 0xc0147210
 	SIOCGETVIFCNT                  = 0xc014720f
 	SIOCGHIWAT                     = 0x40047301
+	SIOCGHWADDR                    = 0xc020693e
 	SIOCGI2C                       = 0xc020693d
 	SIOCGIFADDR                    = 0xc0206921
 	SIOCGIFBRDADDR                 = 0xc0206923
@@ -1267,8 +1322,11 @@ const (
 	SIOCGIFPDSTADDR                = 0xc0206948
 	SIOCGIFPHYS                    = 0xc0206935
 	SIOCGIFPSRCADDR                = 0xc0206947
+	SIOCGIFRSSHASH                 = 0xc0186997
+	SIOCGIFRSSKEY                  = 0xc0946996
 	SIOCGIFSTATUS                  = 0xc331693b
 	SIOCGIFXMEDIA                  = 0xc028698b
+	SIOCGLANPCP                    = 0xc0206998
 	SIOCGLOWAT                     = 0x40047303
 	SIOCGPGRP                      = 0x40047309
 	SIOCGPRIVATE_0                 = 0xc0206950
@@ -1299,6 +1357,7 @@ const (
 	SIOCSIFPHYS                    = 0x80206936
 	SIOCSIFRVNET                   = 0xc020695b
 	SIOCSIFVNET                    = 0xc020695a
+	SIOCSLANPCP                    = 0x80206999
 	SIOCSLOWAT                     = 0x80047302
 	SIOCSPGRP                      = 0x80047308
 	SIOCSTUNFIB                    = 0x8020695f
@@ -1317,6 +1376,7 @@ const (
 	SO_BINTIME                     = 0x2000
 	SO_BROADCAST                   = 0x20
 	SO_DEBUG                       = 0x1
+	SO_DOMAIN                      = 0x1019
 	SO_DONTROUTE                   = 0x10
 	SO_ERROR                       = 0x1007
 	SO_KEEPALIVE                   = 0x8
@@ -1325,6 +1385,7 @@ const (
 	SO_LISTENINCQLEN               = 0x1013
 	SO_LISTENQLEN                  = 0x1012
 	SO_LISTENQLIMIT                = 0x1011
+	SO_MAX_PACING_RATE             = 0x1018
 	SO_NOSIGPIPE                   = 0x800
 	SO_NO_DDP                      = 0x8000
 	SO_NO_OFFLOAD                  = 0x4000
@@ -1337,11 +1398,19 @@ const (
 	SO_RCVTIMEO                    = 0x1006
 	SO_REUSEADDR                   = 0x4
 	SO_REUSEPORT                   = 0x200
+	SO_REUSEPORT_LB                = 0x10000
 	SO_SETFIB                      = 0x1014
 	SO_SNDBUF                      = 0x1001
 	SO_SNDLOWAT                    = 0x1003
 	SO_SNDTIMEO                    = 0x1005
 	SO_TIMESTAMP                   = 0x400
+	SO_TS_BINTIME                  = 0x1
+	SO_TS_CLOCK                    = 0x1017
+	SO_TS_CLOCK_MAX                = 0x3
+	SO_TS_DEFAULT                  = 0x0
+	SO_TS_MONOTONIC                = 0x3
+	SO_TS_REALTIME                 = 0x2
+	SO_TS_REALTIME_MICRO           = 0x0
 	SO_TYPE                        = 0x1008
 	SO_USELOOPBACK                 = 0x40
 	SO_USER_COOKIE                 = 0x1015
@@ -1385,10 +1454,45 @@ const (
 	TCOFLUSH                       = 0x2
 	TCOOFF                         = 0x1
 	TCOON                          = 0x2
+	TCP_BBR_ACK_COMP_ALG           = 0x448
+	TCP_BBR_DRAIN_INC_EXTRA        = 0x43c
+	TCP_BBR_DRAIN_PG               = 0x42e
+	TCP_BBR_EXTRA_GAIN             = 0x449
+	TCP_BBR_IWINTSO                = 0x42b
+	TCP_BBR_LOWGAIN_FD             = 0x436
+	TCP_BBR_LOWGAIN_HALF           = 0x435
+	TCP_BBR_LOWGAIN_THRESH         = 0x434
+	TCP_BBR_MAX_RTO                = 0x439
+	TCP_BBR_MIN_RTO                = 0x438
+	TCP_BBR_ONE_RETRAN             = 0x431
+	TCP_BBR_PACE_CROSS             = 0x442
+	TCP_BBR_PACE_DEL_TAR           = 0x43f
+	TCP_BBR_PACE_PER_SEC           = 0x43e
+	TCP_BBR_PACE_SEG_MAX           = 0x440
+	TCP_BBR_PACE_SEG_MIN           = 0x441
+	TCP_BBR_PROBE_RTT_GAIN         = 0x44d
+	TCP_BBR_PROBE_RTT_INT          = 0x430
+	TCP_BBR_PROBE_RTT_LEN          = 0x44e
+	TCP_BBR_RACK_RTT_USE           = 0x44a
+	TCP_BBR_RECFORCE               = 0x42c
+	TCP_BBR_REC_OVER_HPTS          = 0x43a
+	TCP_BBR_RETRAN_WTSO            = 0x44b
+	TCP_BBR_RWND_IS_APP            = 0x42f
+	TCP_BBR_STARTUP_EXIT_EPOCH     = 0x43d
+	TCP_BBR_STARTUP_LOSS_EXIT      = 0x432
+	TCP_BBR_STARTUP_PG             = 0x42d
+	TCP_BBR_UNLIMITED              = 0x43b
+	TCP_BBR_USEDEL_RATE            = 0x437
+	TCP_BBR_USE_LOWGAIN            = 0x433
 	TCP_CA_NAME_MAX                = 0x10
 	TCP_CCALGOOPT                  = 0x41
 	TCP_CONGESTION                 = 0x40
+	TCP_DATA_AFTER_CLOSE           = 0x44c
+	TCP_DELACK                     = 0x48
 	TCP_FASTOPEN                   = 0x401
+	TCP_FASTOPEN_MAX_COOKIE_LEN    = 0x10
+	TCP_FASTOPEN_MIN_COOKIE_LEN    = 0x4
+	TCP_FASTOPEN_PSK_LEN           = 0x10
 	TCP_FUNCTION_BLK               = 0x2000
 	TCP_FUNCTION_NAME_LEN_MAX      = 0x20
 	TCP_INFO                       = 0x20
@@ -1396,6 +1500,12 @@ const (
 	TCP_KEEPIDLE                   = 0x100
 	TCP_KEEPINIT                   = 0x80
 	TCP_KEEPINTVL                  = 0x200
+	TCP_LOG                        = 0x22
+	TCP_LOGBUF                     = 0x23
+	TCP_LOGDUMP                    = 0x25
+	TCP_LOGDUMPID                  = 0x26
+	TCP_LOGID                      = 0x24
+	TCP_LOG_ID_LEN                 = 0x40
 	TCP_MAXBURST                   = 0x4
 	TCP_MAXHLEN                    = 0x3c
 	TCP_MAXOLEN                    = 0x28
@@ -1411,8 +1521,30 @@ const (
 	TCP_NOPUSH                     = 0x4
 	TCP_PCAP_IN                    = 0x1000
 	TCP_PCAP_OUT                   = 0x800
+	TCP_RACK_EARLY_RECOV           = 0x423
+	TCP_RACK_EARLY_SEG             = 0x424
+	TCP_RACK_IDLE_REDUCE_HIGH      = 0x444
+	TCP_RACK_MIN_PACE              = 0x445
+	TCP_RACK_MIN_PACE_SEG          = 0x446
+	TCP_RACK_MIN_TO                = 0x422
+	TCP_RACK_PACE_ALWAYS           = 0x41f
+	TCP_RACK_PACE_MAX_SEG          = 0x41e
+	TCP_RACK_PACE_REDUCE           = 0x41d
+	TCP_RACK_PKT_DELAY             = 0x428
+	TCP_RACK_PROP                  = 0x41b
+	TCP_RACK_PROP_RATE             = 0x420
+	TCP_RACK_PRR_SENDALOT          = 0x421
+	TCP_RACK_REORD_FADE            = 0x426
+	TCP_RACK_REORD_THRESH          = 0x425
+	TCP_RACK_SESS_CWV              = 0x42a
+	TCP_RACK_TLP_INC_VAR           = 0x429
+	TCP_RACK_TLP_REDUCE            = 0x41c
+	TCP_RACK_TLP_THRESH            = 0x427
+	TCP_RACK_TLP_USE               = 0x447
 	TCP_VENDOR                     = 0x80000000
 	TCSAFLUSH                      = 0x2
+	TIMER_ABSTIME                  = 0x1
+	TIMER_RELTIME                  = 0x0
 	TIOCCBRK                       = 0x2000747a
 	TIOCCDTR                       = 0x20007478
 	TIOCCONS                       = 0x80047462
@@ -1476,6 +1608,8 @@ const (
 	TIOCTIMESTAMP                  = 0x40087459
 	TIOCUCNTL                      = 0x80047466
 	TOSTOP                         = 0x400000
+	UTIME_NOW                      = -0x1
+	UTIME_OMIT                     = -0x2
 	VDISCARD                       = 0xf
 	VDSUSP                         = 0xb
 	VEOF                           = 0x0
@@ -1487,6 +1621,8 @@ const (
 	VKILL                          = 0x5
 	VLNEXT                         = 0xe
 	VMIN                           = 0x10
+	VM_BCACHE_SIZE_MAX             = 0x70e0000
+	VM_SWZONE_SIZE_MAX             = 0x2280000
 	VQUIT                          = 0x9
 	VREPRINT                       = 0x6
 	VSTART                         = 0xc

vendor/golang.org/x/sys/unix/zerrors_freebsd_amd64.go

@@ -355,6 +355,22 @@ const (
 	CTL_KERN                       = 0x1
 	CTL_MAXNAME                    = 0x18
 	CTL_NET                        = 0x4
+	DIOCGATTR                      = 0xc148648e
+	DIOCGDELETE                    = 0x80106488
+	DIOCGFLUSH                     = 0x20006487
+	DIOCGFRONTSTUFF                = 0x40086486
+	DIOCGFWHEADS                   = 0x40046483
+	DIOCGFWSECTORS                 = 0x40046482
+	DIOCGIDENT                     = 0x41006489
+	DIOCGMEDIASIZE                 = 0x40086481
+	DIOCGPHYSPATH                  = 0x4400648d
+	DIOCGPROVIDERNAME              = 0x4400648a
+	DIOCGSECTORSIZE                = 0x40046480
+	DIOCGSTRIPEOFFSET              = 0x4008648c
+	DIOCGSTRIPESIZE                = 0x4008648b
+	DIOCSKERNELDUMP                = 0x80506490
+	DIOCSKERNELDUMP_FREEBSD11      = 0x80046485
+	DIOCZONECMD                    = 0xc080648f
 	DLT_A429                       = 0xb8
 	DLT_A653_ICM                   = 0xb9
 	DLT_AIRONET_HEADER             = 0x78
@@ -379,11 +395,14 @@ const (
 	DLT_CHAOS                      = 0x5
 	DLT_CHDLC                      = 0x68
 	DLT_CISCO_IOS                  = 0x76
+	DLT_CLASS_NETBSD_RAWAF         = 0x2240000
 	DLT_C_HDLC                     = 0x68
 	DLT_C_HDLC_WITH_DIR            = 0xcd
 	DLT_DBUS                       = 0xe7
 	DLT_DECT                       = 0xdd
+	DLT_DISPLAYPORT_AUX            = 0x113
 	DLT_DOCSIS                     = 0x8f
+	DLT_DOCSIS31_XRA31             = 0x111
 	DLT_DVB_CI                     = 0xeb
 	DLT_ECONET                     = 0x73
 	DLT_EN10MB                     = 0x1
@@ -393,6 +412,7 @@ const (
 	DLT_ERF                        = 0xc5
 	DLT_ERF_ETH                    = 0xaf
 	DLT_ERF_POS                    = 0xb0
+	DLT_ETHERNET_MPACKET           = 0x112
 	DLT_FC_2                       = 0xe0
 	DLT_FC_2_WITH_FRAME_DELIMS     = 0xe1
 	DLT_FDDI                       = 0xa
@@ -406,7 +426,6 @@ const (
 	DLT_GPRS_LLC                   = 0xa9
 	DLT_GSMTAP_ABIS                = 0xda
 	DLT_GSMTAP_UM                  = 0xd9
-	DLT_HHDLC                      = 0x79
 	DLT_IBM_SN                     = 0x92
 	DLT_IBM_SP                     = 0x91
 	DLT_IEEE802                    = 0x6
@@ -429,6 +448,7 @@ const (
 	DLT_IPV4                       = 0xe4
 	DLT_IPV6                       = 0xe5
 	DLT_IP_OVER_FC                 = 0x7a
+	DLT_ISO_14443                  = 0x108
 	DLT_JUNIPER_ATM1               = 0x89
 	DLT_JUNIPER_ATM2               = 0x87
 	DLT_JUNIPER_ATM_CEMIC          = 0xee
@@ -461,8 +481,9 @@ const (
 	DLT_LINUX_PPP_WITHDIRECTION    = 0xa6
 	DLT_LINUX_SLL                  = 0x71
 	DLT_LOOP                       = 0x6c
+	DLT_LORATAP                    = 0x10e
 	DLT_LTALK                      = 0x72
-	DLT_MATCHING_MAX               = 0x104
+	DLT_MATCHING_MAX               = 0x113
 	DLT_MATCHING_MIN               = 0x68
 	DLT_MFR                        = 0xb6
 	DLT_MOST                       = 0xd3
@@ -478,14 +499,16 @@ const (
 	DLT_NFC_LLCP                   = 0xf5
 	DLT_NFLOG                      = 0xef
 	DLT_NG40                       = 0xf4
+	DLT_NORDIC_BLE                 = 0x110
 	DLT_NULL                       = 0x0
+	DLT_OPENFLOW                   = 0x10b
 	DLT_PCI_EXP                    = 0x7d
 	DLT_PFLOG                      = 0x75
 	DLT_PFSYNC                     = 0x79
 	DLT_PKTAP                      = 0x102
 	DLT_PPI                        = 0xc0
 	DLT_PPP                        = 0x9
-	DLT_PPP_BSDOS                  = 0x10
+	DLT_PPP_BSDOS                  = 0xe
 	DLT_PPP_ETHER                  = 0x33
 	DLT_PPP_PPPD                   = 0xa6
 	DLT_PPP_SERIAL                 = 0x32
@@ -496,19 +519,25 @@ const (
 	DLT_PRONET                     = 0x4
 	DLT_RAIF1                      = 0xc6
 	DLT_RAW                        = 0xc
+	DLT_RDS                        = 0x109
+	DLT_REDBACK_SMARTEDGE          = 0x20
 	DLT_RIO                        = 0x7c
 	DLT_RTAC_SERIAL                = 0xfa
 	DLT_SCCP                       = 0x8e
 	DLT_SCTP                       = 0xf8
+	DLT_SDLC                       = 0x10c
 	DLT_SITA                       = 0xc4
 	DLT_SLIP                       = 0x8
-	DLT_SLIP_BSDOS                 = 0xf
+	DLT_SLIP_BSDOS                 = 0xd
 	DLT_STANAG_5066_D_PDU          = 0xed
 	DLT_SUNATM                     = 0x7b
 	DLT_SYMANTEC_FIREWALL          = 0x63
+	DLT_TI_LLN_SNIFFER             = 0x10d
 	DLT_TZSP                       = 0x80
 	DLT_USB                        = 0xba
 	DLT_USBPCAP                    = 0xf9
+	DLT_USB_DARWIN                 = 0x10a
+	DLT_USB_FREEBSD                = 0xba
 	DLT_USB_LINUX                  = 0xbd
 	DLT_USB_LINUX_MMAPPED          = 0xdc
 	DLT_USER0                      = 0x93
@@ -527,10 +556,14 @@ const (
 	DLT_USER7                      = 0x9a
 	DLT_USER8                      = 0x9b
 	DLT_USER9                      = 0x9c
+	DLT_VSOCK                      = 0x10f
+	DLT_WATTSTOPPER_DLM            = 0x107
 	DLT_WIHART                     = 0xdf
 	DLT_WIRESHARK_UPPER_PDU        = 0xfc
 	DLT_X2E_SERIAL                 = 0xd5
 	DLT_X2E_XORAYA                 = 0xd6
+	DLT_ZWAVE_R1_R2                = 0x105
+	DLT_ZWAVE_R3                   = 0x106
 	DT_BLK                         = 0x6
 	DT_CHR                         = 0x2
 	DT_DIR                         = 0x4
@@ -548,6 +581,7 @@ const (
 	ECHONL                         = 0x10
 	ECHOPRT                        = 0x20
 	EVFILT_AIO                     = -0x3
+	EVFILT_EMPTY                   = -0xd
 	EVFILT_FS                      = -0x9
 	EVFILT_LIO                     = -0xa
 	EVFILT_PROC                    = -0x5
@@ -555,11 +589,12 @@ const (
 	EVFILT_READ                    = -0x1
 	EVFILT_SENDFILE                = -0xc
 	EVFILT_SIGNAL                  = -0x6
-	EVFILT_SYSCOUNT                = 0xc
+	EVFILT_SYSCOUNT                = 0xd
 	EVFILT_TIMER                   = -0x7
 	EVFILT_USER                    = -0xb
 	EVFILT_VNODE                   = -0x4
 	EVFILT_WRITE                   = -0x2
+	EVNAMEMAP_NAME_SIZE            = 0x40
 	EV_ADD                         = 0x1
 	EV_CLEAR                       = 0x20
 	EV_DELETE                      = 0x2
@@ -576,6 +611,7 @@ const (
 	EV_RECEIPT                     = 0x40
 	EV_SYSFLAGS                    = 0xf000
 	EXTA                           = 0x4b00
+	EXTATTR_MAXNAMELEN             = 0xff
 	EXTATTR_NAMESPACE_EMPTY        = 0x0
 	EXTATTR_NAMESPACE_SYSTEM       = 0x2
 	EXTATTR_NAMESPACE_USER         = 0x1
@@ -617,6 +653,7 @@ const (
 	IEXTEN                         = 0x400
 	IFAN_ARRIVAL                   = 0x0
 	IFAN_DEPARTURE                 = 0x1
+	IFCAP_WOL_MAGIC                = 0x2000
 	IFF_ALLMULTI                   = 0x200
 	IFF_ALTPHYS                    = 0x4000
 	IFF_BROADCAST                  = 0x2
@@ -633,6 +670,7 @@ const (
 	IFF_MONITOR                    = 0x40000
 	IFF_MULTICAST                  = 0x8000
 	IFF_NOARP                      = 0x80
+	IFF_NOGROUP                    = 0x800000
 	IFF_OACTIVE                    = 0x400
 	IFF_POINTOPOINT                = 0x10
 	IFF_PPROMISC                   = 0x20000
@@ -807,6 +845,7 @@ const (
 	IPV6_DSTOPTS                   = 0x32
 	IPV6_FLOWID                    = 0x43
 	IPV6_FLOWINFO_MASK             = 0xffffff0f
+	IPV6_FLOWLABEL_LEN             = 0x14
 	IPV6_FLOWLABEL_MASK            = 0xffff0f00
 	IPV6_FLOWTYPE                  = 0x44
 	IPV6_FRAGTTL                   = 0x78
@@ -827,13 +866,13 @@ const (
 	IPV6_MAX_GROUP_SRC_FILTER      = 0x200
 	IPV6_MAX_MEMBERSHIPS           = 0xfff
 	IPV6_MAX_SOCK_SRC_FILTER       = 0x80
-	IPV6_MIN_MEMBERSHIPS           = 0x1f
 	IPV6_MMTU                      = 0x500
 	IPV6_MSFILTER                  = 0x4a
 	IPV6_MULTICAST_HOPS            = 0xa
 	IPV6_MULTICAST_IF              = 0x9
 	IPV6_MULTICAST_LOOP            = 0xb
 	IPV6_NEXTHOP                   = 0x30
+	IPV6_ORIGDSTADDR               = 0x48
 	IPV6_PATHMTU                   = 0x2c
 	IPV6_PKTINFO                   = 0x2e
 	IPV6_PORTRANGE                 = 0xe
@@ -845,6 +884,7 @@ const (
 	IPV6_RECVFLOWID                = 0x46
 	IPV6_RECVHOPLIMIT              = 0x25
 	IPV6_RECVHOPOPTS               = 0x27
+	IPV6_RECVORIGDSTADDR           = 0x48
 	IPV6_RECVPATHMTU               = 0x2b
 	IPV6_RECVPKTINFO               = 0x24
 	IPV6_RECVRSSBUCKETID           = 0x47
@@ -905,10 +945,8 @@ const (
 	IP_MAX_MEMBERSHIPS             = 0xfff
 	IP_MAX_SOCK_MUTE_FILTER        = 0x80
 	IP_MAX_SOCK_SRC_FILTER         = 0x80
-	IP_MAX_SOURCE_FILTER           = 0x400
 	IP_MF                          = 0x2000
 	IP_MINTTL                      = 0x42
-	IP_MIN_MEMBERSHIPS             = 0x1f
 	IP_MSFILTER                    = 0x4a
 	IP_MSS                         = 0x240
 	IP_MULTICAST_IF                = 0x9
@@ -918,6 +956,7 @@ const (
 	IP_OFFMASK                     = 0x1fff
 	IP_ONESBCAST                   = 0x17
 	IP_OPTIONS                     = 0x1
+	IP_ORIGDSTADDR                 = 0x1b
 	IP_PORTRANGE                   = 0x13
 	IP_PORTRANGE_DEFAULT           = 0x0
 	IP_PORTRANGE_HIGH              = 0x1
@@ -926,6 +965,7 @@ const (
 	IP_RECVFLOWID                  = 0x5d
 	IP_RECVIF                      = 0x14
 	IP_RECVOPTS                    = 0x5
+	IP_RECVORIGDSTADDR             = 0x1b
 	IP_RECVRETOPTS                 = 0x6
 	IP_RECVRSSBUCKETID             = 0x5e
 	IP_RECVTOS                     = 0x44
@@ -976,6 +1016,7 @@ const (
 	MAP_EXCL                       = 0x4000
 	MAP_FILE                       = 0x0
 	MAP_FIXED                      = 0x10
+	MAP_GUARD                      = 0x2000
 	MAP_HASSEMAPHORE               = 0x200
 	MAP_NOCORE                     = 0x20000
 	MAP_NOSYNC                     = 0x800
@@ -987,6 +1028,15 @@ const (
 	MAP_RESERVED0100               = 0x100
 	MAP_SHARED                     = 0x1
 	MAP_STACK                      = 0x400
+	MCAST_BLOCK_SOURCE             = 0x54
+	MCAST_EXCLUDE                  = 0x2
+	MCAST_INCLUDE                  = 0x1
+	MCAST_JOIN_GROUP               = 0x50
+	MCAST_JOIN_SOURCE_GROUP        = 0x52
+	MCAST_LEAVE_GROUP              = 0x51
+	MCAST_LEAVE_SOURCE_GROUP       = 0x53
+	MCAST_UNBLOCK_SOURCE           = 0x55
+	MCAST_UNDEFINED                = 0x0
 	MCL_CURRENT                    = 0x1
 	MCL_FUTURE                     = 0x2
 	MNT_ACLS                       = 0x8000000
@@ -1027,10 +1077,12 @@ const (
 	MNT_SUSPEND                    = 0x4
 	MNT_SYNCHRONOUS                = 0x2
 	MNT_UNION                      = 0x20
+	MNT_UNTRUSTED                  = 0x800000000
 	MNT_UPDATE                     = 0x10000
-	MNT_UPDATEMASK                 = 0x2d8d0807e
+	MNT_UPDATEMASK                 = 0xad8d0807e
 	MNT_USER                       = 0x8000
-	MNT_VISFLAGMASK                = 0x3fef0ffff
+	MNT_VERIFIED                   = 0x400000000
+	MNT_VISFLAGMASK                = 0xffef0ffff
 	MNT_WAIT                       = 0x1
 	MSG_CMSG_CLOEXEC               = 0x40000
 	MSG_COMPAT                     = 0x8000
@@ -1059,6 +1111,7 @@ const (
 	NFDBITS                        = 0x40
 	NOFLSH                         = 0x80000000
 	NOKERNINFO                     = 0x2000000
+	NOTE_ABSTIME                   = 0x10
 	NOTE_ATTRIB                    = 0x8
 	NOTE_CHILD                     = 0x4
 	NOTE_CLOSE                     = 0x100
@@ -1213,7 +1266,6 @@ const (
 	RTV_WEIGHT                     = 0x100
 	RT_ALL_FIBS                    = -0x1
 	RT_BLACKHOLE                   = 0x40
-	RT_CACHING_CONTEXT             = 0x1
 	RT_DEFAULT_FIB                 = 0x0
 	RT_HAS_GW                      = 0x80
 	RT_HAS_HEADER                  = 0x10
@@ -1223,15 +1275,17 @@ const (
 	RT_LLE_CACHE                   = 0x100
 	RT_MAY_LOOP                    = 0x8
 	RT_MAY_LOOP_BIT                = 0x3
-	RT_NORTREF                     = 0x2
 	RT_REJECT                      = 0x20
 	RUSAGE_CHILDREN                = -0x1
 	RUSAGE_SELF                    = 0x0
 	RUSAGE_THREAD                  = 0x1
 	SCM_BINTIME                    = 0x4
 	SCM_CREDS                      = 0x3
+	SCM_MONOTONIC                  = 0x6
+	SCM_REALTIME                   = 0x5
 	SCM_RIGHTS                     = 0x1
 	SCM_TIMESTAMP                  = 0x2
+	SCM_TIME_INFO                  = 0x7
 	SHUT_RD                        = 0x0
 	SHUT_RDWR                      = 0x2
 	SHUT_WR                        = 0x1
@@ -1247,6 +1301,7 @@ const (
 	SIOCGETSGCNT                   = 0xc0207210
 	SIOCGETVIFCNT                  = 0xc028720f
 	SIOCGHIWAT                     = 0x40047301
+	SIOCGHWADDR                    = 0xc020693e
 	SIOCGI2C                       = 0xc020693d
 	SIOCGIFADDR                    = 0xc0206921
 	SIOCGIFBRDADDR                 = 0xc0206923
@@ -1268,8 +1323,11 @@ const (
 	SIOCGIFPDSTADDR                = 0xc0206948
 	SIOCGIFPHYS                    = 0xc0206935
 	SIOCGIFPSRCADDR                = 0xc0206947
+	SIOCGIFRSSHASH                 = 0xc0186997
+	SIOCGIFRSSKEY                  = 0xc0946996
 	SIOCGIFSTATUS                  = 0xc331693b
 	SIOCGIFXMEDIA                  = 0xc030698b
+	SIOCGLANPCP                    = 0xc0206998
 	SIOCGLOWAT                     = 0x40047303
 	SIOCGPGRP                      = 0x40047309
 	SIOCGPRIVATE_0                 = 0xc0206950
@@ -1300,6 +1358,7 @@ const (
 	SIOCSIFPHYS                    = 0x80206936
 	SIOCSIFRVNET                   = 0xc020695b
 	SIOCSIFVNET                    = 0xc020695a
+	SIOCSLANPCP                    = 0x80206999
 	SIOCSLOWAT                     = 0x80047302
 	SIOCSPGRP                      = 0x80047308
 	SIOCSTUNFIB                    = 0x8020695f
@@ -1318,6 +1377,7 @@ const (
 	SO_BINTIME                     = 0x2000
 	SO_BROADCAST                   = 0x20
 	SO_DEBUG                       = 0x1
+	SO_DOMAIN                      = 0x1019
 	SO_DONTROUTE                   = 0x10
 	SO_ERROR                       = 0x1007
 	SO_KEEPALIVE                   = 0x8
@@ -1326,6 +1386,7 @@ const (
 	SO_LISTENINCQLEN               = 0x1013
 	SO_LISTENQLEN                  = 0x1012
 	SO_LISTENQLIMIT                = 0x1011
+	SO_MAX_PACING_RATE             = 0x1018
 	SO_NOSIGPIPE                   = 0x800
 	SO_NO_DDP                      = 0x8000
 	SO_NO_OFFLOAD                  = 0x4000
@@ -1338,11 +1399,19 @@ const (
 	SO_RCVTIMEO                    = 0x1006
 	SO_REUSEADDR                   = 0x4
 	SO_REUSEPORT                   = 0x200
+	SO_REUSEPORT_LB                = 0x10000
 	SO_SETFIB                      = 0x1014
 	SO_SNDBUF                      = 0x1001
 	SO_SNDLOWAT                    = 0x1003
 	SO_SNDTIMEO                    = 0x1005
 	SO_TIMESTAMP                   = 0x400
+	SO_TS_BINTIME                  = 0x1
+	SO_TS_CLOCK                    = 0x1017
+	SO_TS_CLOCK_MAX                = 0x3
+	SO_TS_DEFAULT                  = 0x0
+	SO_TS_MONOTONIC                = 0x3
+	SO_TS_REALTIME                 = 0x2
+	SO_TS_REALTIME_MICRO           = 0x0
 	SO_TYPE                        = 0x1008
 	SO_USELOOPBACK                 = 0x40
 	SO_USER_COOKIE                 = 0x1015
@@ -1386,10 +1455,45 @@ const (
 	TCOFLUSH                       = 0x2
 	TCOOFF                         = 0x1
 	TCOON                          = 0x2
+	TCP_BBR_ACK_COMP_ALG           = 0x448
+	TCP_BBR_DRAIN_INC_EXTRA        = 0x43c
+	TCP_BBR_DRAIN_PG               = 0x42e
+	TCP_BBR_EXTRA_GAIN             = 0x449
+	TCP_BBR_IWINTSO                = 0x42b
+	TCP_BBR_LOWGAIN_FD             = 0x436
+	TCP_BBR_LOWGAIN_HALF           = 0x435
+	TCP_BBR_LOWGAIN_THRESH         = 0x434
+	TCP_BBR_MAX_RTO                = 0x439
+	TCP_BBR_MIN_RTO                = 0x438
+	TCP_BBR_ONE_RETRAN             = 0x431
+	TCP_BBR_PACE_CROSS             = 0x442
+	TCP_BBR_PACE_DEL_TAR           = 0x43f
+	TCP_BBR_PACE_PER_SEC           = 0x43e
+	TCP_BBR_PACE_SEG_MAX           = 0x440
+	TCP_BBR_PACE_SEG_MIN           = 0x441
+	TCP_BBR_PROBE_RTT_GAIN         = 0x44d
+	TCP_BBR_PROBE_RTT_INT          = 0x430
+	TCP_BBR_PROBE_RTT_LEN          = 0x44e
+	TCP_BBR_RACK_RTT_USE           = 0x44a
+	TCP_BBR_RECFORCE               = 0x42c
+	TCP_BBR_REC_OVER_HPTS          = 0x43a
+	TCP_BBR_RETRAN_WTSO            = 0x44b
+	TCP_BBR_RWND_IS_APP            = 0x42f
+	TCP_BBR_STARTUP_EXIT_EPOCH     = 0x43d
+	TCP_BBR_STARTUP_LOSS_EXIT      = 0x432
+	TCP_BBR_STARTUP_PG             = 0x42d
+	TCP_BBR_UNLIMITED              = 0x43b
+	TCP_BBR_USEDEL_RATE            = 0x437
+	TCP_BBR_USE_LOWGAIN            = 0x433
 	TCP_CA_NAME_MAX                = 0x10
 	TCP_CCALGOOPT                  = 0x41
 	TCP_CONGESTION                 = 0x40
+	TCP_DATA_AFTER_CLOSE           = 0x44c
+	TCP_DELACK                     = 0x48
 	TCP_FASTOPEN                   = 0x401
+	TCP_FASTOPEN_MAX_COOKIE_LEN    = 0x10
+	TCP_FASTOPEN_MIN_COOKIE_LEN    = 0x4
+	TCP_FASTOPEN_PSK_LEN           = 0x10
 	TCP_FUNCTION_BLK               = 0x2000
 	TCP_FUNCTION_NAME_LEN_MAX      = 0x20
 	TCP_INFO                       = 0x20
@@ -1397,6 +1501,12 @@ const (
 	TCP_KEEPIDLE                   = 0x100
 	TCP_KEEPINIT                   = 0x80
 	TCP_KEEPINTVL                  = 0x200
+	TCP_LOG                        = 0x22
+	TCP_LOGBUF                     = 0x23
+	TCP_LOGDUMP                    = 0x25
+	TCP_LOGDUMPID                  = 0x26
+	TCP_LOGID                      = 0x24
+	TCP_LOG_ID_LEN                 = 0x40
 	TCP_MAXBURST                   = 0x4
 	TCP_MAXHLEN                    = 0x3c
 	TCP_MAXOLEN                    = 0x28
@@ -1412,8 +1522,30 @@ const (
 	TCP_NOPUSH                     = 0x4
 	TCP_PCAP_IN                    = 0x1000
 	TCP_PCAP_OUT                   = 0x800
+	TCP_RACK_EARLY_RECOV           = 0x423
+	TCP_RACK_EARLY_SEG             = 0x424
+	TCP_RACK_IDLE_REDUCE_HIGH      = 0x444
+	TCP_RACK_MIN_PACE              = 0x445
+	TCP_RACK_MIN_PACE_SEG          = 0x446
+	TCP_RACK_MIN_TO                = 0x422
+	TCP_RACK_PACE_ALWAYS           = 0x41f
+	TCP_RACK_PACE_MAX_SEG          = 0x41e
+	TCP_RACK_PACE_REDUCE           = 0x41d
+	TCP_RACK_PKT_DELAY             = 0x428
+	TCP_RACK_PROP                  = 0x41b
+	TCP_RACK_PROP_RATE             = 0x420
+	TCP_RACK_PRR_SENDALOT          = 0x421
+	TCP_RACK_REORD_FADE            = 0x426
+	TCP_RACK_REORD_THRESH          = 0x425
+	TCP_RACK_SESS_CWV              = 0x42a
+	TCP_RACK_TLP_INC_VAR           = 0x429
+	TCP_RACK_TLP_REDUCE            = 0x41c
+	TCP_RACK_TLP_THRESH            = 0x427
+	TCP_RACK_TLP_USE               = 0x447
 	TCP_VENDOR                     = 0x80000000
 	TCSAFLUSH                      = 0x2
+	TIMER_ABSTIME                  = 0x1
+	TIMER_RELTIME                  = 0x0
 	TIOCCBRK                       = 0x2000747a
 	TIOCCDTR                       = 0x20007478
 	TIOCCONS                       = 0x80047462
@@ -1477,6 +1609,8 @@ const (
 	TIOCTIMESTAMP                  = 0x40107459
 	TIOCUCNTL                      = 0x80047466
 	TOSTOP                         = 0x400000
+	UTIME_NOW                      = -0x1
+	UTIME_OMIT                     = -0x2
 	VDISCARD                       = 0xf
 	VDSUSP                         = 0xb
 	VEOF                           = 0x0

vendor/golang.org/x/sys/unix/zerrors_freebsd_arm.go

@@ -355,6 +355,22 @@ const (
 	CTL_KERN                       = 0x1
 	CTL_MAXNAME                    = 0x18
 	CTL_NET                        = 0x4
+	DIOCGATTR                      = 0xc144648e
+	DIOCGDELETE                    = 0x80106488
+	DIOCGFLUSH                     = 0x20006487
+	DIOCGFRONTSTUFF                = 0x40086486
+	DIOCGFWHEADS                   = 0x40046483
+	DIOCGFWSECTORS                 = 0x40046482
+	DIOCGIDENT                     = 0x41006489
+	DIOCGMEDIASIZE                 = 0x40086481
+	DIOCGPHYSPATH                  = 0x4400648d
+	DIOCGPROVIDERNAME              = 0x4400648a
+	DIOCGSECTORSIZE                = 0x40046480
+	DIOCGSTRIPEOFFSET              = 0x4008648c
+	DIOCGSTRIPESIZE                = 0x4008648b
+	DIOCSKERNELDUMP                = 0x804c6490
+	DIOCSKERNELDUMP_FREEBSD11      = 0x80046485
+	DIOCZONECMD                    = 0xc06c648f
 	DLT_A429                       = 0xb8
 	DLT_A653_ICM                   = 0xb9
 	DLT_AIRONET_HEADER             = 0x78

vendor/golang.org/x/sys/unix/zerrors_freebsd_arm64.go

@@ -355,6 +355,22 @@ const (
 	CTL_KERN                       = 0x1
 	CTL_MAXNAME                    = 0x18
 	CTL_NET                        = 0x4
+	DIOCGATTR                      = 0xc148648e
+	DIOCGDELETE                    = 0x80106488
+	DIOCGFLUSH                     = 0x20006487
+	DIOCGFRONTSTUFF                = 0x40086486
+	DIOCGFWHEADS                   = 0x40046483
+	DIOCGFWSECTORS                 = 0x40046482
+	DIOCGIDENT                     = 0x41006489
+	DIOCGMEDIASIZE                 = 0x40086481
+	DIOCGPHYSPATH                  = 0x4400648d
+	DIOCGPROVIDERNAME              = 0x4400648a
+	DIOCGSECTORSIZE                = 0x40046480
+	DIOCGSTRIPEOFFSET              = 0x4008648c
+	DIOCGSTRIPESIZE                = 0x4008648b
+	DIOCSKERNELDUMP                = 0x80506490
+	DIOCSKERNELDUMP_FREEBSD11      = 0x80046485
+	DIOCZONECMD                    = 0xc080648f
 	DLT_A429                       = 0xb8
 	DLT_A653_ICM                   = 0xb9
 	DLT_AIRONET_HEADER             = 0x78
@@ -379,11 +395,14 @@ const (
 	DLT_CHAOS                      = 0x5
 	DLT_CHDLC                      = 0x68
 	DLT_CISCO_IOS                  = 0x76
+	DLT_CLASS_NETBSD_RAWAF         = 0x2240000
 	DLT_C_HDLC                     = 0x68
 	DLT_C_HDLC_WITH_DIR            = 0xcd
 	DLT_DBUS                       = 0xe7
 	DLT_DECT                       = 0xdd
+	DLT_DISPLAYPORT_AUX            = 0x113
 	DLT_DOCSIS                     = 0x8f
+	DLT_DOCSIS31_XRA31             = 0x111
 	DLT_DVB_CI                     = 0xeb
 	DLT_ECONET                     = 0x73
 	DLT_EN10MB                     = 0x1
@@ -393,6 +412,7 @@ const (
 	DLT_ERF                        = 0xc5
 	DLT_ERF_ETH                    = 0xaf
 	DLT_ERF_POS                    = 0xb0
+	DLT_ETHERNET_MPACKET           = 0x112
 	DLT_FC_2                       = 0xe0
 	DLT_FC_2_WITH_FRAME_DELIMS     = 0xe1
 	DLT_FDDI                       = 0xa
@@ -406,7 +426,6 @@ const (
 	DLT_GPRS_LLC                   = 0xa9
 	DLT_GSMTAP_ABIS                = 0xda
 	DLT_GSMTAP_UM                  = 0xd9
-	DLT_HHDLC                      = 0x79
 	DLT_IBM_SN                     = 0x92
 	DLT_IBM_SP                     = 0x91
 	DLT_IEEE802                    = 0x6
@@ -429,6 +448,7 @@ const (
 	DLT_IPV4                       = 0xe4
 	DLT_IPV6                       = 0xe5
 	DLT_IP_OVER_FC                 = 0x7a
+	DLT_ISO_14443                  = 0x108
 	DLT_JUNIPER_ATM1               = 0x89
 	DLT_JUNIPER_ATM2               = 0x87
 	DLT_JUNIPER_ATM_CEMIC          = 0xee
@@ -461,8 +481,9 @@ const (
 	DLT_LINUX_PPP_WITHDIRECTION    = 0xa6
 	DLT_LINUX_SLL                  = 0x71
 	DLT_LOOP                       = 0x6c
+	DLT_LORATAP                    = 0x10e
 	DLT_LTALK                      = 0x72
-	DLT_MATCHING_MAX               = 0x104
+	DLT_MATCHING_MAX               = 0x113
 	DLT_MATCHING_MIN               = 0x68
 	DLT_MFR                        = 0xb6
 	DLT_MOST                       = 0xd3
@@ -478,14 +499,16 @@ const (
 	DLT_NFC_LLCP                   = 0xf5
 	DLT_NFLOG                      = 0xef
 	DLT_NG40                       = 0xf4
+	DLT_NORDIC_BLE                 = 0x110
 	DLT_NULL                       = 0x0
+	DLT_OPENFLOW                   = 0x10b
 	DLT_PCI_EXP                    = 0x7d
 	DLT_PFLOG                      = 0x75
 	DLT_PFSYNC                     = 0x79
 	DLT_PKTAP                      = 0x102
 	DLT_PPI                        = 0xc0
 	DLT_PPP                        = 0x9
-	DLT_PPP_BSDOS                  = 0x10
+	DLT_PPP_BSDOS                  = 0xe
 	DLT_PPP_ETHER                  = 0x33
 	DLT_PPP_PPPD                   = 0xa6
 	DLT_PPP_SERIAL                 = 0x32
@@ -496,19 +519,25 @@ const (
 	DLT_PRONET                     = 0x4
 	DLT_RAIF1                      = 0xc6
 	DLT_RAW                        = 0xc
+	DLT_RDS                        = 0x109
+	DLT_REDBACK_SMARTEDGE          = 0x20
 	DLT_RIO                        = 0x7c
 	DLT_RTAC_SERIAL                = 0xfa
 	DLT_SCCP                       = 0x8e
 	DLT_SCTP                       = 0xf8
+	DLT_SDLC                       = 0x10c
 	DLT_SITA                       = 0xc4
 	DLT_SLIP                       = 0x8
-	DLT_SLIP_BSDOS                 = 0xf
+	DLT_SLIP_BSDOS                 = 0xd
 	DLT_STANAG_5066_D_PDU          = 0xed
 	DLT_SUNATM                     = 0x7b
 	DLT_SYMANTEC_FIREWALL          = 0x63
+	DLT_TI_LLN_SNIFFER             = 0x10d
 	DLT_TZSP                       = 0x80
 	DLT_USB                        = 0xba
 	DLT_USBPCAP                    = 0xf9
+	DLT_USB_DARWIN                 = 0x10a
+	DLT_USB_FREEBSD                = 0xba
 	DLT_USB_LINUX                  = 0xbd
 	DLT_USB_LINUX_MMAPPED          = 0xdc
 	DLT_USER0                      = 0x93
@@ -527,10 +556,14 @@ const (
 	DLT_USER7                      = 0x9a
 	DLT_USER8                      = 0x9b
 	DLT_USER9                      = 0x9c
+	DLT_VSOCK                      = 0x10f
+	DLT_WATTSTOPPER_DLM            = 0x107
 	DLT_WIHART                     = 0xdf
 	DLT_WIRESHARK_UPPER_PDU        = 0xfc
 	DLT_X2E_SERIAL                 = 0xd5
 	DLT_X2E_XORAYA                 = 0xd6
+	DLT_ZWAVE_R1_R2                = 0x105
+	DLT_ZWAVE_R3                   = 0x106
 	DT_BLK                         = 0x6
 	DT_CHR                         = 0x2
 	DT_DIR                         = 0x4
@@ -548,6 +581,7 @@ const (
 	ECHONL                         = 0x10
 	ECHOPRT                        = 0x20
 	EVFILT_AIO                     = -0x3
+	EVFILT_EMPTY                   = -0xd
 	EVFILT_FS                      = -0x9
 	EVFILT_LIO                     = -0xa
 	EVFILT_PROC                    = -0x5
@@ -555,11 +589,12 @@ const (
 	EVFILT_READ                    = -0x1
 	EVFILT_SENDFILE                = -0xc
 	EVFILT_SIGNAL                  = -0x6
-	EVFILT_SYSCOUNT                = 0xc
+	EVFILT_SYSCOUNT                = 0xd
 	EVFILT_TIMER                   = -0x7
 	EVFILT_USER                    = -0xb
 	EVFILT_VNODE                   = -0x4
 	EVFILT_WRITE                   = -0x2
+	EVNAMEMAP_NAME_SIZE            = 0x40
 	EV_ADD                         = 0x1
 	EV_CLEAR                       = 0x20
 	EV_DELETE                      = 0x2
@@ -576,6 +611,7 @@ const (
 	EV_RECEIPT                     = 0x40
 	EV_SYSFLAGS                    = 0xf000
 	EXTA                           = 0x4b00
+	EXTATTR_MAXNAMELEN             = 0xff
 	EXTATTR_NAMESPACE_EMPTY        = 0x0
 	EXTATTR_NAMESPACE_SYSTEM       = 0x2
 	EXTATTR_NAMESPACE_USER         = 0x1
@@ -617,6 +653,7 @@ const (
 	IEXTEN                         = 0x400
 	IFAN_ARRIVAL                   = 0x0
 	IFAN_DEPARTURE                 = 0x1
+	IFCAP_WOL_MAGIC                = 0x2000
 	IFF_ALLMULTI                   = 0x200
 	IFF_ALTPHYS                    = 0x4000
 	IFF_BROADCAST                  = 0x2
@@ -633,6 +670,7 @@ const (
 	IFF_MONITOR                    = 0x40000
 	IFF_MULTICAST                  = 0x8000
 	IFF_NOARP                      = 0x80
+	IFF_NOGROUP                    = 0x800000
 	IFF_OACTIVE                    = 0x400
 	IFF_POINTOPOINT                = 0x10
 	IFF_PPROMISC                   = 0x20000
@@ -807,6 +845,7 @@ const (
 	IPV6_DSTOPTS                   = 0x32
 	IPV6_FLOWID                    = 0x43
 	IPV6_FLOWINFO_MASK             = 0xffffff0f
+	IPV6_FLOWLABEL_LEN             = 0x14
 	IPV6_FLOWLABEL_MASK            = 0xffff0f00
 	IPV6_FLOWTYPE                  = 0x44
 	IPV6_FRAGTTL                   = 0x78
@@ -827,13 +866,13 @@ const (
 	IPV6_MAX_GROUP_SRC_FILTER      = 0x200
 	IPV6_MAX_MEMBERSHIPS           = 0xfff
 	IPV6_MAX_SOCK_SRC_FILTER       = 0x80
-	IPV6_MIN_MEMBERSHIPS           = 0x1f
 	IPV6_MMTU                      = 0x500
 	IPV6_MSFILTER                  = 0x4a
 	IPV6_MULTICAST_HOPS            = 0xa
 	IPV6_MULTICAST_IF              = 0x9
 	IPV6_MULTICAST_LOOP            = 0xb
 	IPV6_NEXTHOP                   = 0x30
+	IPV6_ORIGDSTADDR               = 0x48
 	IPV6_PATHMTU                   = 0x2c
 	IPV6_PKTINFO                   = 0x2e
 	IPV6_PORTRANGE                 = 0xe
@@ -845,6 +884,7 @@ const (
 	IPV6_RECVFLOWID                = 0x46
 	IPV6_RECVHOPLIMIT              = 0x25
 	IPV6_RECVHOPOPTS               = 0x27
+	IPV6_RECVORIGDSTADDR           = 0x48
 	IPV6_RECVPATHMTU               = 0x2b
 	IPV6_RECVPKTINFO               = 0x24
 	IPV6_RECVRSSBUCKETID           = 0x47
@@ -905,10 +945,8 @@ const (
 	IP_MAX_MEMBERSHIPS             = 0xfff
 	IP_MAX_SOCK_MUTE_FILTER        = 0x80
 	IP_MAX_SOCK_SRC_FILTER         = 0x80
-	IP_MAX_SOURCE_FILTER           = 0x400
 	IP_MF                          = 0x2000
 	IP_MINTTL                      = 0x42
-	IP_MIN_MEMBERSHIPS             = 0x1f
 	IP_MSFILTER                    = 0x4a
 	IP_MSS                         = 0x240
 	IP_MULTICAST_IF                = 0x9
@@ -918,6 +956,7 @@ const (
 	IP_OFFMASK                     = 0x1fff
 	IP_ONESBCAST                   = 0x17
 	IP_OPTIONS                     = 0x1
+	IP_ORIGDSTADDR                 = 0x1b
 	IP_PORTRANGE                   = 0x13
 	IP_PORTRANGE_DEFAULT           = 0x0
 	IP_PORTRANGE_HIGH              = 0x1
@@ -926,6 +965,7 @@ const (
 	IP_RECVFLOWID                  = 0x5d
 	IP_RECVIF                      = 0x14
 	IP_RECVOPTS                    = 0x5
+	IP_RECVORIGDSTADDR             = 0x1b
 	IP_RECVRETOPTS                 = 0x6
 	IP_RECVRSSBUCKETID             = 0x5e
 	IP_RECVTOS                     = 0x44
@@ -976,6 +1016,7 @@ const (
 	MAP_EXCL                       = 0x4000
 	MAP_FILE                       = 0x0
 	MAP_FIXED                      = 0x10
+	MAP_GUARD                      = 0x2000
 	MAP_HASSEMAPHORE               = 0x200
 	MAP_NOCORE                     = 0x20000
 	MAP_NOSYNC                     = 0x800
@@ -987,6 +1028,15 @@ const (
 	MAP_RESERVED0100               = 0x100
 	MAP_SHARED                     = 0x1
 	MAP_STACK                      = 0x400
+	MCAST_BLOCK_SOURCE             = 0x54
+	MCAST_EXCLUDE                  = 0x2
+	MCAST_INCLUDE                  = 0x1
+	MCAST_JOIN_GROUP               = 0x50
+	MCAST_JOIN_SOURCE_GROUP        = 0x52
+	MCAST_LEAVE_GROUP              = 0x51
+	MCAST_LEAVE_SOURCE_GROUP       = 0x53
+	MCAST_UNBLOCK_SOURCE           = 0x55
+	MCAST_UNDEFINED                = 0x0
 	MCL_CURRENT                    = 0x1
 	MCL_FUTURE                     = 0x2
 	MNT_ACLS                       = 0x8000000
@@ -1027,10 +1077,12 @@ const (
 	MNT_SUSPEND                    = 0x4
 	MNT_SYNCHRONOUS                = 0x2
 	MNT_UNION                      = 0x20
+	MNT_UNTRUSTED                  = 0x800000000
 	MNT_UPDATE                     = 0x10000
-	MNT_UPDATEMASK                 = 0x2d8d0807e
+	MNT_UPDATEMASK                 = 0xad8d0807e
 	MNT_USER                       = 0x8000
-	MNT_VISFLAGMASK                = 0x3fef0ffff
+	MNT_VERIFIED                   = 0x400000000
+	MNT_VISFLAGMASK                = 0xffef0ffff
 	MNT_WAIT                       = 0x1
 	MSG_CMSG_CLOEXEC               = 0x40000
 	MSG_COMPAT                     = 0x8000
@@ -1059,6 +1111,7 @@ const (
 	NFDBITS                        = 0x40
 	NOFLSH                         = 0x80000000
 	NOKERNINFO                     = 0x2000000
+	NOTE_ABSTIME                   = 0x10
 	NOTE_ATTRIB                    = 0x8
 	NOTE_CHILD                     = 0x4
 	NOTE_CLOSE                     = 0x100
@@ -1213,7 +1266,6 @@ const (
 	RTV_WEIGHT                     = 0x100
 	RT_ALL_FIBS                    = -0x1
 	RT_BLACKHOLE                   = 0x40
-	RT_CACHING_CONTEXT             = 0x1
 	RT_DEFAULT_FIB                 = 0x0
 	RT_HAS_GW                      = 0x80
 	RT_HAS_HEADER                  = 0x10
@@ -1223,15 +1275,17 @@ const (
 	RT_LLE_CACHE                   = 0x100
 	RT_MAY_LOOP                    = 0x8
 	RT_MAY_LOOP_BIT                = 0x3
-	RT_NORTREF                     = 0x2
 	RT_REJECT                      = 0x20
 	RUSAGE_CHILDREN                = -0x1
 	RUSAGE_SELF                    = 0x0
 	RUSAGE_THREAD                  = 0x1
 	SCM_BINTIME                    = 0x4
 	SCM_CREDS                      = 0x3
+	SCM_MONOTONIC                  = 0x6
+	SCM_REALTIME                   = 0x5
 	SCM_RIGHTS                     = 0x1
 	SCM_TIMESTAMP                  = 0x2
+	SCM_TIME_INFO                  = 0x7
 	SHUT_RD                        = 0x0
 	SHUT_RDWR                      = 0x2
 	SHUT_WR                        = 0x1
@@ -1247,6 +1301,7 @@ const (
 	SIOCGETSGCNT                   = 0xc0207210
 	SIOCGETVIFCNT                  = 0xc028720f
 	SIOCGHIWAT                     = 0x40047301
+	SIOCGHWADDR                    = 0xc020693e
 	SIOCGI2C                       = 0xc020693d
 	SIOCGIFADDR                    = 0xc0206921
 	SIOCGIFBRDADDR                 = 0xc0206923
@@ -1268,8 +1323,11 @@ const (
 	SIOCGIFPDSTADDR                = 0xc0206948
 	SIOCGIFPHYS                    = 0xc0206935
 	SIOCGIFPSRCADDR                = 0xc0206947
+	SIOCGIFRSSHASH                 = 0xc0186997
+	SIOCGIFRSSKEY                  = 0xc0946996
 	SIOCGIFSTATUS                  = 0xc331693b
 	SIOCGIFXMEDIA                  = 0xc030698b
+	SIOCGLANPCP                    = 0xc0206998
 	SIOCGLOWAT                     = 0x40047303
 	SIOCGPGRP                      = 0x40047309
 	SIOCGPRIVATE_0                 = 0xc0206950
@@ -1300,6 +1358,7 @@ const (
 	SIOCSIFPHYS                    = 0x80206936
 	SIOCSIFRVNET                   = 0xc020695b
 	SIOCSIFVNET                    = 0xc020695a
+	SIOCSLANPCP                    = 0x80206999
 	SIOCSLOWAT                     = 0x80047302
 	SIOCSPGRP                      = 0x80047308
 	SIOCSTUNFIB                    = 0x8020695f
@@ -1318,6 +1377,7 @@ const (
 	SO_BINTIME                     = 0x2000
 	SO_BROADCAST                   = 0x20
 	SO_DEBUG                       = 0x1
+	SO_DOMAIN                      = 0x1019
 	SO_DONTROUTE                   = 0x10
 	SO_ERROR                       = 0x1007
 	SO_KEEPALIVE                   = 0x8
@@ -1326,6 +1386,7 @@ const (
 	SO_LISTENINCQLEN               = 0x1013
 	SO_LISTENQLEN                  = 0x1012
 	SO_LISTENQLIMIT                = 0x1011
+	SO_MAX_PACING_RATE             = 0x1018
 	SO_NOSIGPIPE                   = 0x800
 	SO_NO_DDP                      = 0x8000
 	SO_NO_OFFLOAD                  = 0x4000
@@ -1338,11 +1399,19 @@ const (
 	SO_RCVTIMEO                    = 0x1006
 	SO_REUSEADDR                   = 0x4
 	SO_REUSEPORT                   = 0x200
+	SO_REUSEPORT_LB                = 0x10000
 	SO_SETFIB                      = 0x1014
 	SO_SNDBUF                      = 0x1001
 	SO_SNDLOWAT                    = 0x1003
 	SO_SNDTIMEO                    = 0x1005
 	SO_TIMESTAMP                   = 0x400
+	SO_TS_BINTIME                  = 0x1
+	SO_TS_CLOCK                    = 0x1017
+	SO_TS_CLOCK_MAX                = 0x3
+	SO_TS_DEFAULT                  = 0x0
+	SO_TS_MONOTONIC                = 0x3
+	SO_TS_REALTIME                 = 0x2
+	SO_TS_REALTIME_MICRO           = 0x0
 	SO_TYPE                        = 0x1008
 	SO_USELOOPBACK                 = 0x40
 	SO_USER_COOKIE                 = 0x1015
@@ -1386,10 +1455,45 @@ const (
 	TCOFLUSH                       = 0x2
 	TCOOFF                         = 0x1
 	TCOON                          = 0x2
+	TCP_BBR_ACK_COMP_ALG           = 0x448
+	TCP_BBR_DRAIN_INC_EXTRA        = 0x43c
+	TCP_BBR_DRAIN_PG               = 0x42e
+	TCP_BBR_EXTRA_GAIN             = 0x449
+	TCP_BBR_IWINTSO                = 0x42b
+	TCP_BBR_LOWGAIN_FD             = 0x436
+	TCP_BBR_LOWGAIN_HALF           = 0x435
+	TCP_BBR_LOWGAIN_THRESH         = 0x434
+	TCP_BBR_MAX_RTO                = 0x439
+	TCP_BBR_MIN_RTO                = 0x438
+	TCP_BBR_ONE_RETRAN             = 0x431
+	TCP_BBR_PACE_CROSS             = 0x442
+	TCP_BBR_PACE_DEL_TAR           = 0x43f
+	TCP_BBR_PACE_PER_SEC           = 0x43e
+	TCP_BBR_PACE_SEG_MAX           = 0x440
+	TCP_BBR_PACE_SEG_MIN           = 0x441
+	TCP_BBR_PROBE_RTT_GAIN         = 0x44d
+	TCP_BBR_PROBE_RTT_INT          = 0x430
+	TCP_BBR_PROBE_RTT_LEN          = 0x44e
+	TCP_BBR_RACK_RTT_USE           = 0x44a
+	TCP_BBR_RECFORCE               = 0x42c
+	TCP_BBR_REC_OVER_HPTS          = 0x43a
+	TCP_BBR_RETRAN_WTSO            = 0x44b
+	TCP_BBR_RWND_IS_APP            = 0x42f
+	TCP_BBR_STARTUP_EXIT_EPOCH     = 0x43d
+	TCP_BBR_STARTUP_LOSS_EXIT      = 0x432
+	TCP_BBR_STARTUP_PG             = 0x42d
+	TCP_BBR_UNLIMITED              = 0x43b
+	TCP_BBR_USEDEL_RATE            = 0x437
+	TCP_BBR_USE_LOWGAIN            = 0x433
 	TCP_CA_NAME_MAX                = 0x10
 	TCP_CCALGOOPT                  = 0x41
 	TCP_CONGESTION                 = 0x40
+	TCP_DATA_AFTER_CLOSE           = 0x44c
+	TCP_DELACK                     = 0x48
 	TCP_FASTOPEN                   = 0x401
+	TCP_FASTOPEN_MAX_COOKIE_LEN    = 0x10
+	TCP_FASTOPEN_MIN_COOKIE_LEN    = 0x4
+	TCP_FASTOPEN_PSK_LEN           = 0x10
 	TCP_FUNCTION_BLK               = 0x2000
 	TCP_FUNCTION_NAME_LEN_MAX      = 0x20
 	TCP_INFO                       = 0x20
@@ -1397,6 +1501,12 @@ const (
 	TCP_KEEPIDLE                   = 0x100
 	TCP_KEEPINIT                   = 0x80
 	TCP_KEEPINTVL                  = 0x200
+	TCP_LOG                        = 0x22
+	TCP_LOGBUF                     = 0x23
+	TCP_LOGDUMP                    = 0x25
+	TCP_LOGDUMPID                  = 0x26
+	TCP_LOGID                      = 0x24
+	TCP_LOG_ID_LEN                 = 0x40
 	TCP_MAXBURST                   = 0x4
 	TCP_MAXHLEN                    = 0x3c
 	TCP_MAXOLEN                    = 0x28
@@ -1412,8 +1522,30 @@ const (
 	TCP_NOPUSH                     = 0x4
 	TCP_PCAP_IN                    = 0x1000
 	TCP_PCAP_OUT                   = 0x800
+	TCP_RACK_EARLY_RECOV           = 0x423
+	TCP_RACK_EARLY_SEG             = 0x424
+	TCP_RACK_IDLE_REDUCE_HIGH      = 0x444
+	TCP_RACK_MIN_PACE              = 0x445
+	TCP_RACK_MIN_PACE_SEG          = 0x446
+	TCP_RACK_MIN_TO                = 0x422
+	TCP_RACK_PACE_ALWAYS           = 0x41f
+	TCP_RACK_PACE_MAX_SEG          = 0x41e
+	TCP_RACK_PACE_REDUCE           = 0x41d
+	TCP_RACK_PKT_DELAY             = 0x428
+	TCP_RACK_PROP                  = 0x41b
+	TCP_RACK_PROP_RATE             = 0x420
+	TCP_RACK_PRR_SENDALOT          = 0x421
+	TCP_RACK_REORD_FADE            = 0x426
+	TCP_RACK_REORD_THRESH          = 0x425
+	TCP_RACK_SESS_CWV              = 0x42a
+	TCP_RACK_TLP_INC_VAR           = 0x429
+	TCP_RACK_TLP_REDUCE            = 0x41c
+	TCP_RACK_TLP_THRESH            = 0x427
+	TCP_RACK_TLP_USE               = 0x447
 	TCP_VENDOR                     = 0x80000000
 	TCSAFLUSH                      = 0x2
+	TIMER_ABSTIME                  = 0x1
+	TIMER_RELTIME                  = 0x0
 	TIOCCBRK                       = 0x2000747a
 	TIOCCDTR                       = 0x20007478
 	TIOCCONS                       = 0x80047462
@@ -1477,6 +1609,8 @@ const (
 	TIOCTIMESTAMP                  = 0x40107459
 	TIOCUCNTL                      = 0x80047466
 	TOSTOP                         = 0x400000
+	UTIME_NOW                      = -0x1
+	UTIME_OMIT                     = -0x2
 	VDISCARD                       = 0xf
 	VDSUSP                         = 0xb
 	VEOF                           = 0x0
@@ -1488,6 +1622,7 @@ const (
 	VKILL                          = 0x5
 	VLNEXT                         = 0xe
 	VMIN                           = 0x10
+	VM_BCACHE_SIZE_MAX             = 0x19000000
 	VQUIT                          = 0x9
 	VREPRINT                       = 0x6
 	VSTART                         = 0xc

vendor/golang.org/x/sys/unix/zerrors_linux.go

@@ -890,6 +890,7 @@ const (
 	IPPROTO_IP                                  = 0x0
 	IPPROTO_IPIP                                = 0x4
 	IPPROTO_IPV6                                = 0x29
+	IPPROTO_L2TP                                = 0x73
 	IPPROTO_MH                                  = 0x87
 	IPPROTO_MPLS                                = 0x89
 	IPPROTO_MTP                                 = 0x5c

vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go

@@ -214,22 +214,6 @@ func kevent(kq int, change unsafe.Pointer, nchange int, event unsafe.Pointer, ne
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
-	var _p0 unsafe.Pointer
-	if len(mib) > 0 {
-		_p0 = unsafe.Pointer(&mib[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall6(SYS___SYSCTL, uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func utimes(path string, timeval *[2]Timeval) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -376,16 +360,6 @@ func pipe2(p *[2]_C_int, flags int) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func ptrace(request int, pid int, addr uintptr, data int) (err error) {
-	_, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func Getcwd(buf []byte) (n int, err error) {
 	var _p0 unsafe.Pointer
 	if len(buf) > 0 {
@@ -413,6 +387,32 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
+	var _p0 unsafe.Pointer
+	if len(mib) > 0 {
+		_p0 = unsafe.Pointer(&mib[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall6(SYS___SYSCTL, uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ptrace(request int, pid int, addr uintptr, data int) (err error) {
+	_, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Access(path string, mode uint32) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -1352,7 +1352,7 @@ func mknodat_freebsd12(fd int, path string, mode uint32, dev uint64) (err error)
 	if err != nil {
 		return
 	}
-	_, _, e1 := Syscall6(SYS_MKNODAT_FREEBSD12, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), 0, 0)
+	_, _, e1 := Syscall6(SYS_MKNODAT_FREEBSD12, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), uintptr(dev>>32), 0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}

vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go

@@ -350,22 +350,6 @@ func Munlockall() (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
-	var _p0 unsafe.Pointer
-	if len(mib) > 0 {
-		_p0 = unsafe.Pointer(&mib[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall6(SYS___SYSCTL, uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func pipe2(p *[2]_C_int, flags int) (err error) {
 	_, _, e1 := RawSyscall(SYS_PIPE2, uintptr(unsafe.Pointer(p)), uintptr(flags), 0)
 	if e1 != 0 {
@@ -403,6 +387,22 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
+	var _p0 unsafe.Pointer
+	if len(mib) > 0 {
+		_p0 = unsafe.Pointer(&mib[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall6(SYS___SYSCTL, uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func ptrace(request int, pid int, addr uintptr, data int) (err error) {
 	_, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0)
 	if e1 != 0 {

vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go

@@ -1,4 +1,4 @@
-// go run mksyscall.go -tags freebsd,arm64 -- syscall_bsd.go syscall_freebsd.go syscall_freebsd_arm64.go
+// go run mksyscall.go -tags freebsd,arm64 syscall_bsd.go syscall_freebsd.go syscall_freebsd_arm64.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 // +build freebsd,arm64
@@ -350,22 +350,6 @@ func Munlockall() (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
-	var _p0 unsafe.Pointer
-	if len(mib) > 0 {
-		_p0 = unsafe.Pointer(&mib[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall6(SYS___SYSCTL, uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func pipe2(p *[2]_C_int, flags int) (err error) {
 	_, _, e1 := RawSyscall(SYS_PIPE2, uintptr(unsafe.Pointer(p)), uintptr(flags), 0)
 	if e1 != 0 {
@@ -403,6 +387,22 @@ func ioctl(fd int, req uint, arg uintptr) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
+	var _p0 unsafe.Pointer
+	if len(mib) > 0 {
+		_p0 = unsafe.Pointer(&mib[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall6(SYS___SYSCTL, uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func ptrace(request int, pid int, addr uintptr, data int) (err error) {
 	_, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0)
 	if e1 != 0 {

vendor/golang.org/x/sys/unix/zsyscall_illumos_amd64.go

@@ -0,0 +1,87 @@
+// go run mksyscall_solaris.go -illumos -tags illumos,amd64 syscall_illumos.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build illumos,amd64
+
+package unix
+
+import (
+	"unsafe"
+)
+
+//go:cgo_import_dynamic libc_readv readv "libc.so"
+//go:cgo_import_dynamic libc_preadv preadv "libc.so"
+//go:cgo_import_dynamic libc_writev writev "libc.so"
+//go:cgo_import_dynamic libc_pwritev pwritev "libc.so"
+
+//go:linkname procreadv libc_readv
+//go:linkname procpreadv libc_preadv
+//go:linkname procwritev libc_writev
+//go:linkname procpwritev libc_pwritev
+
+var (
+	procreadv,
+	procpreadv,
+	procwritev,
+	procpwritev syscallFunc
+)
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func readv(fd int, iovs []Iovec) (n int, err error) {
+	var _p0 *Iovec
+	if len(iovs) > 0 {
+		_p0 = &iovs[0]
+	}
+	r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procreadv)), 3, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(len(iovs)), 0, 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func preadv(fd int, iovs []Iovec, off int64) (n int, err error) {
+	var _p0 *Iovec
+	if len(iovs) > 0 {
+		_p0 = &iovs[0]
+	}
+	r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procpreadv)), 4, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(len(iovs)), uintptr(off), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func writev(fd int, iovs []Iovec) (n int, err error) {
+	var _p0 *Iovec
+	if len(iovs) > 0 {
+		_p0 = &iovs[0]
+	}
+	r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procwritev)), 3, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(len(iovs)), 0, 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pwritev(fd int, iovs []Iovec, off int64) (n int, err error) {
+	var _p0 *Iovec
+	if len(iovs) > 0 {
+		_p0 = &iovs[0]
+	}
+	r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procpwritev)), 4, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(len(iovs)), uintptr(off), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = e1
+	}
+	return
+}

vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go

@@ -128,9 +128,9 @@ type Statfs_t struct {
 	Owner       uint32
 	Fsid        Fsid
 	Charspare   [80]int8
-	Fstypename  [16]int8
+	Fstypename  [16]byte
-	Mntfromname [1024]int8
+	Mntfromname [1024]byte
-	Mntonname   [1024]int8
+	Mntonname   [1024]byte
 }
 
 type statfs_freebsd11_t struct {
@@ -153,9 +153,9 @@ type statfs_freebsd11_t struct {
 	Owner       uint32
 	Fsid        Fsid
 	Charspare   [80]int8
-	Fstypename  [16]int8
+	Fstypename  [16]byte
-	Mntfromname [88]int8
+	Mntfromname [88]byte
-	Mntonname   [88]int8
+	Mntonname   [88]byte
 }
 
 type Flock_t struct {
@@ -383,7 +383,7 @@ type __Siginfo struct {
 	Status int32
 	Addr   *byte
 	Value  [4]byte
-	X_reason [32]byte
+	_      [32]byte
 }
 
 type Sigset_t struct {
@@ -458,7 +458,7 @@ type ifMsghdr struct {
 	Addrs   int32
 	Flags   int32
 	Index   uint16
-	_       [2]byte
+	_       uint16
 	Data    ifData
 }
 
@@ -469,7 +469,6 @@ type IfMsghdr struct {
 	Addrs   int32
 	Flags   int32
 	Index   uint16
-	_       [2]byte
 	Data    IfData
 }
 
@@ -536,7 +535,7 @@ type IfaMsghdr struct {
 	Addrs   int32
 	Flags   int32
 	Index   uint16
-	_       [2]byte
+	_       uint16
 	Metric  int32
 }
 
@@ -547,7 +546,7 @@ type IfmaMsghdr struct {
 	Addrs   int32
 	Flags   int32
 	Index   uint16
-	_       [2]byte
+	_       uint16
 }
 
 type IfAnnounceMsghdr struct {
@@ -564,7 +563,7 @@ type RtMsghdr struct {
 	Version uint8
 	Type    uint8
 	Index   uint16
-	_       [2]byte
+	_       uint16
 	Flags   int32
 	Addrs   int32
 	Pid     int32

vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go

@@ -123,9 +123,9 @@ type Statfs_t struct {
 	Owner       uint32
 	Fsid        Fsid
 	Charspare   [80]int8
-	Fstypename  [16]int8
+	Fstypename  [16]byte
-	Mntfromname [1024]int8
+	Mntfromname [1024]byte
-	Mntonname   [1024]int8
+	Mntonname   [1024]byte
 }
 
 type statfs_freebsd11_t struct {
@@ -148,9 +148,9 @@ type statfs_freebsd11_t struct {
 	Owner       uint32
 	Fsid        Fsid
 	Charspare   [80]int8
-	Fstypename  [16]int8
+	Fstypename  [16]byte
-	Mntfromname [88]int8
+	Mntfromname [88]byte
-	Mntonname   [88]int8
+	Mntonname   [88]byte
 }
 
 type Flock_t struct {
@@ -275,10 +275,8 @@ type IPv6Mreq struct {
 type Msghdr struct {
 	Name       *byte
 	Namelen    uint32
-	_          [4]byte
 	Iov        *Iovec
 	Iovlen     int32
-	_          [4]byte
 	Control    *byte
 	Controllen uint32
 	Flags      int32
@@ -463,7 +461,7 @@ type ifMsghdr struct {
 	Addrs   int32
 	Flags   int32
 	Index   uint16
-	_       [2]byte
+	_       uint16
 	Data    ifData
 }
 
@@ -474,7 +472,6 @@ type IfMsghdr struct {
 	Addrs   int32
 	Flags   int32
 	Index   uint16
-	_       [2]byte
 	Data    IfData
 }
 
@@ -541,7 +538,7 @@ type IfaMsghdr struct {
 	Addrs   int32
 	Flags   int32
 	Index   uint16
-	_       [2]byte
+	_       uint16
 	Metric  int32
 }
 
@@ -552,7 +549,7 @@ type IfmaMsghdr struct {
 	Addrs   int32
 	Flags   int32
 	Index   uint16
-	_       [2]byte
+	_       uint16
 }
 
 type IfAnnounceMsghdr struct {
@@ -569,7 +566,7 @@ type RtMsghdr struct {
 	Version uint8
 	Type    uint8
 	Index   uint16
-	_       [2]byte
+	_       uint16
 	Flags   int32
 	Addrs   int32
 	Pid     int32
@@ -623,7 +620,6 @@ type BpfZbuf struct {
 
 type BpfProgram struct {
 	Len   uint32
-	_     [4]byte
 	Insns *BpfInsn
 }
 

vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go

@@ -1,4 +1,4 @@
-// cgo -godefs types_freebsd.go | go run mkpost.go
+// cgo -godefs -- -fsigned-char types_freebsd.go | go run mkpost.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 // +build arm64,freebsd
@@ -123,9 +123,9 @@ type Statfs_t struct {
 	Owner       uint32
 	Fsid        Fsid
 	Charspare   [80]int8
-	Fstypename  [16]int8
+	Fstypename  [16]byte
-	Mntfromname [1024]int8
+	Mntfromname [1024]byte
-	Mntonname   [1024]int8
+	Mntonname   [1024]byte
 }
 
 type statfs_freebsd11_t struct {
@@ -148,9 +148,9 @@ type statfs_freebsd11_t struct {
 	Owner       uint32
 	Fsid        Fsid
 	Charspare   [80]int8
-	Fstypename  [16]int8
+	Fstypename  [16]byte
-	Mntfromname [88]int8
+	Mntfromname [88]byte
-	Mntonname   [88]int8
+	Mntonname   [88]byte
 }
 
 type Flock_t struct {
@@ -275,10 +275,8 @@ type IPv6Mreq struct {
 type Msghdr struct {
 	Name       *byte
 	Namelen    uint32
-	_          [4]byte
 	Iov        *Iovec
 	Iovlen     int32
-	_          [4]byte
 	Control    *byte
 	Controllen uint32
 	Flags      int32
@@ -326,11 +324,9 @@ const (
 	PTRACE_CONT       = 0x7
 	PTRACE_DETACH     = 0xb
 	PTRACE_GETFPREGS  = 0x23
-	PTRACE_GETFSBASE  = 0x47
 	PTRACE_GETLWPLIST = 0xf
 	PTRACE_GETNUMLWPS = 0xe
 	PTRACE_GETREGS    = 0x21
-	PTRACE_GETXSTATE  = 0x45
 	PTRACE_IO         = 0xc
 	PTRACE_KILL       = 0x8
 	PTRACE_LWPEVENTS  = 0x18
@@ -381,7 +377,7 @@ type __Siginfo struct {
 	Status int32
 	Addr   *byte
 	Value  [8]byte
-	X_reason [40]byte
+	_      [40]byte
 }
 
 type Sigset_t struct {
@@ -394,12 +390,14 @@ type Reg struct {
 	Sp   uint64
 	Elr  uint64
 	Spsr uint32
+	_    [4]byte
 }
 
 type FpReg struct {
-	Fp_q  [512]uint8
+	Q  [32][16]uint8
-	Fp_sr uint32
+	Sr uint32
-	Fp_cr uint32
+	Cr uint32
+	_  [8]byte
 }
 
 type PtraceIoDesc struct {
@@ -441,7 +439,7 @@ type ifMsghdr struct {
 	Addrs   int32
 	Flags   int32
 	Index   uint16
-	_       [2]byte
+	_       uint16
 	Data    ifData
 }
 
@@ -452,7 +450,6 @@ type IfMsghdr struct {
 	Addrs   int32
 	Flags   int32
 	Index   uint16
-	_       [2]byte
 	Data    IfData
 }
 
@@ -519,7 +516,7 @@ type IfaMsghdr struct {
 	Addrs   int32
 	Flags   int32
 	Index   uint16
-	_       [2]byte
+	_       uint16
 	Metric  int32
 }
 
@@ -530,7 +527,7 @@ type IfmaMsghdr struct {
 	Addrs   int32
 	Flags   int32
 	Index   uint16
-	_       [2]byte
+	_       uint16
 }
 
 type IfAnnounceMsghdr struct {
@@ -547,7 +544,7 @@ type RtMsghdr struct {
 	Version uint8
 	Type    uint8
 	Index   uint16
-	_       [2]byte
+	_       uint16
 	Flags   int32
 	Addrs   int32
 	Pid     int32
@@ -601,7 +598,6 @@ type BpfZbuf struct {
 
 type BpfProgram struct {
 	Len   uint32
-	_     [4]byte
 	Insns *BpfInsn
 }
 

vendor/golang.org/x/sys/unix/ztypes_linux.go

@@ -243,6 +243,23 @@ type RawSockaddrTIPC struct {
 	Addr     [12]byte
 }
 
+type RawSockaddrL2TPIP struct {
+	Family  uint16
+	Unused  uint16
+	Addr    [4]byte /* in_addr */
+	Conn_id uint32
+	_       [4]uint8
+}
+
+type RawSockaddrL2TPIP6 struct {
+	Family   uint16
+	Unused   uint16
+	Flowinfo uint32
+	Addr     [16]byte /* in6_addr */
+	Scope_id uint32
+	Conn_id  uint32
+}
+
 type _Socklen uint32
 
 type Linger struct {
@@ -353,6 +370,8 @@ const (
 	SizeofSockaddrXDP       = 0x10
 	SizeofSockaddrPPPoX     = 0x1e
 	SizeofSockaddrTIPC      = 0x10
+	SizeofSockaddrL2TPIP    = 0x10
+	SizeofSockaddrL2TPIP6   = 0x20
 	SizeofLinger            = 0x8
 	SizeofIPMreq            = 0x8
 	SizeofIPMreqn           = 0xc

vendor/modules.txt

@@ -68,6 +68,8 @@ github.com/andybalholm/cascadia
 github.com/anmitsu/go-shlex
 # github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a
 github.com/asaskevich/govalidator
+# github.com/aymerick/douceur v0.2.0
+github.com/aymerick/douceur/css
 # github.com/beorn7/perks v1.0.1
 github.com/beorn7/perks/quantile
 # github.com/bgentry/speakeasy v0.1.0
@@ -129,6 +131,8 @@ github.com/boombuler/barcode/qr
 github.com/boombuler/barcode/utils
 # github.com/bradfitz/gomemcache v0.0.0-20190329173943-551aad21a668
 github.com/bradfitz/gomemcache/memcache
+# github.com/chris-ramon/douceur v0.2.0
+github.com/chris-ramon/douceur/parser
 # github.com/couchbase/gomemcached v0.0.0-20191004160342-7b5da2ec40b2
 ## explicit
 github.com/couchbase/gomemcached
@@ -344,6 +348,8 @@ github.com/google/go-querystring/query
 # github.com/gorilla/context v1.1.1
 ## explicit
 github.com/gorilla/context
+# github.com/gorilla/css v1.0.0
+github.com/gorilla/css/scanner
 # github.com/gorilla/handlers v1.4.2
 github.com/gorilla/handlers
 # github.com/gorilla/mux v1.6.2
@@ -479,7 +485,7 @@ github.com/mgechev/dots
 github.com/mgechev/revive/formatter
 github.com/mgechev/revive/lint
 github.com/mgechev/revive/rule
-# github.com/microcosm-cc/bluemonday v0.0.0-20161012083705-f77f16ffc87a
+# github.com/microcosm-cc/bluemonday v1.0.3-0.20191119130333-0a75d7616912
 ## explicit
 github.com/microcosm-cc/bluemonday
 # github.com/mitchellh/go-homedir v1.1.0
@@ -688,7 +694,7 @@ golang.org/x/crypto/ssh/knownhosts
 # golang.org/x/mod v0.2.0
 golang.org/x/mod/module
 golang.org/x/mod/semver
-# golang.org/x/net v0.0.0-20200301022130-244492dfa37a
+# golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e
 ## explicit
 golang.org/x/net/context
 golang.org/x/net/context/ctxhttp
@@ -705,7 +711,7 @@ golang.org/x/oauth2/google
 golang.org/x/oauth2/internal
 golang.org/x/oauth2/jws
 golang.org/x/oauth2/jwt
-# golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527
+# golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd
 ## explicit
 golang.org/x/sys/cpu
 golang.org/x/sys/unix