From 04aedc7f296dbaf081cd87dc23d86e08fa37314e Mon Sep 17 00:00:00 2001 From: sewn Date: Wed, 10 Jul 2024 00:36:30 +0300 Subject: [PATCH] update go modules; fixes CVE-2024-24792 --- go.mod | 28 ++++++++++++++-------------- go.sum | 29 +++++++++++++++++++++++++++++ splash/dialog.go | 2 +- splash/splash.go | 13 ++++++++++--- 4 files changed, 54 insertions(+), 18 deletions(-) diff --git a/go.mod b/go.mod index a56840d..3a4aac8 100644 --- a/go.mod +++ b/go.mod @@ -3,16 +3,16 @@ module github.com/vinegarhq/vinegar go 1.22.0 require ( - github.com/BurntSushi/toml v1.3.2 - github.com/adrg/xdg v0.4.0 - github.com/otiai10/copy v1.14.1-0.20240306081555-fd3129f2faa5 + github.com/BurntSushi/toml v1.4.0 + github.com/adrg/xdg v0.5.0 + github.com/otiai10/copy v1.14.1-0.20240705051008-430a9d79b65c golang.org/x/sync v0.7.0 ) require ( - gioui.org v0.5.0 + gioui.org v0.7.0 github.com/altfoxie/drpc v0.0.0-20231214171500-0a4e3a3b1c53 - github.com/apprehensions/rbxbin v0.0.0-20240404181314-22a2e8ae7079 + github.com/apprehensions/rbxbin v0.0.0-20240407014006-bb26c002dffb github.com/apprehensions/rbxweb v0.0.0-20240329184049-0bdedc184942 github.com/apprehensions/wine v0.0.0-20240402112551-874f01f9e84d github.com/folbricht/pefile v0.1.0 @@ -20,24 +20,24 @@ require ( github.com/godbus/dbus/v5 v5.1.0 github.com/lmittmann/tint v1.0.4 github.com/nxadm/tail v1.4.11 - github.com/samber/slog-multi v1.0.2 - golang.org/x/sys v0.19.0 - golang.org/x/term v0.19.0 + github.com/samber/slog-multi v1.1.0 + golang.org/x/sys v0.22.0 + golang.org/x/term v0.22.0 ) require ( gioui.org/cpu v0.0.0-20220412190645-f1e9e8c3b1f7 // indirect gioui.org/shader v1.0.8 // indirect - github.com/go-text/typesetting v0.0.0-20231206174126-ce41cc83e028 // indirect + github.com/go-text/typesetting v0.1.1 // indirect github.com/google/uuid v1.6.0 // indirect github.com/otiai10/mint v1.6.3 // indirect github.com/robloxapi/rbxdhist v0.6.0 // indirect github.com/robloxapi/rbxver v0.3.0 // indirect - github.com/samber/lo v1.39.0 // indirect - golang.org/x/exp v0.0.0-20240325151524-a685a6edb6d8 // indirect - golang.org/x/exp/shiny v0.0.0-20240325151524-a685a6edb6d8 // indirect - golang.org/x/image v0.15.0 // indirect - golang.org/x/text v0.14.0 // indirect + github.com/samber/lo v1.44.0 // indirect + golang.org/x/exp v0.0.0-20240707233637-46b078467d37 // indirect + golang.org/x/exp/shiny v0.0.0-20240707233637-46b078467d37 // indirect + golang.org/x/image v0.18.0 // indirect + golang.org/x/text v0.16.0 // indirect gopkg.in/natefinch/npipe.v2 v2.0.0-20160621034901-c1b8fa8bdcce // indirect gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect diff --git a/go.sum b/go.sum index ea3f983..938c511 100644 --- a/go.sum +++ b/go.sum @@ -2,6 +2,8 @@ eliasnaur.com/font v0.0.0-20230308162249-dd43949cb42d h1:ARo7NCVvN2NdhLlJE9xAbKw eliasnaur.com/font v0.0.0-20230308162249-dd43949cb42d/go.mod h1:OYVuxibdk9OSLX8vAqydtRPP87PyTFcT9uH3MlEGBQA= gioui.org v0.5.0 h1:07g7/LY1MFuTncfO4A5DIKMMsQV6PkPHyx0MhDqgmYY= gioui.org v0.5.0/go.mod h1:2atiYR4upH71/6ehnh6XsUELa7JZOrOHHNMDxGBZF0Q= +gioui.org v0.7.0 h1:5I+7Uu2yjTu7W5p7HWQrgsDPO3vex+8T1DsvCLGBfuI= +gioui.org v0.7.0/go.mod h1:19wZxaNP+eHN4H2YdZwEfbkAAgoYB5rcIbDHo4BqUl4= gioui.org/cpu v0.0.0-20210808092351-bfe733dd3334/go.mod h1:A8M0Cn5o+vY5LTMlnRoK3O5kG+rH0kWfJjeKd9QpBmQ= gioui.org/cpu v0.0.0-20220412190645-f1e9e8c3b1f7 h1:tNJdnP5CgM39PRc+KWmBRRYX/zJ+rd5XaYxY5d5veqA= gioui.org/cpu v0.0.0-20220412190645-f1e9e8c3b1f7/go.mod h1:A8M0Cn5o+vY5LTMlnRoK3O5kG+rH0kWfJjeKd9QpBmQ= @@ -9,14 +11,20 @@ gioui.org/shader v1.0.8 h1:6ks0o/A+b0ne7RzEqRZK5f4Gboz2CfG+mVliciy6+qA= gioui.org/shader v1.0.8/go.mod h1:mWdiME581d/kV7/iEhLmUgUK5iZ09XR5XpduXzbePVM= github.com/BurntSushi/toml v1.3.2 h1:o7IhLm0Msx3BaB+n3Ag7L8EVlByGnpq14C4YWiu/gL8= github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= +github.com/BurntSushi/toml v1.4.0 h1:kuoIxZQy2WRRk1pttg9asf+WVv6tWQuBNVmK8+nqPr0= +github.com/BurntSushi/toml v1.4.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho= github.com/adrg/xdg v0.4.0 h1:RzRqFcjH4nE5C6oTAxhBtoE2IRyjBSa62SCbyPidvls= github.com/adrg/xdg v0.4.0/go.mod h1:N6ag73EX4wyxeaoeHctc1mas01KZgsj5tYiAIwqJE/E= +github.com/adrg/xdg v0.5.0 h1:dDaZvhMXatArP1NPHhnfaQUqWBLBsmx1h1HXQdMoFCY= +github.com/adrg/xdg v0.5.0/go.mod h1:dDdY4M4DF9Rjy4kHPeNL+ilVF+p2lK8IdM9/rTSGcI4= github.com/altfoxie/drpc v0.0.0-20231214171500-0a4e3a3b1c53 h1:NcI4SrGv7yDhMRFc6SOQnmTvkOWya6WT/eXVjQoT+TA= github.com/altfoxie/drpc v0.0.0-20231214171500-0a4e3a3b1c53/go.mod h1:vV4ApNpKIGN4PT5NYmWqw1IEIsFzqj0pspTUSltS+gk= github.com/apprehensions/rbxbin v0.0.0-20240331194455-628e3aed31ff h1:4faqIFS8+ti5Nb06j4iOj9fU4KdJrOmZQTmxIXwR8aU= github.com/apprehensions/rbxbin v0.0.0-20240331194455-628e3aed31ff/go.mod h1:xQ/kfERoO1h8tCGp8z6EafN4TdEERb0sRO5fM/3bhKo= github.com/apprehensions/rbxbin v0.0.0-20240404181314-22a2e8ae7079 h1:GdgbagnpnasaxSIDWLQXGP2gZhP7WkC+ST0cbQdYW1o= github.com/apprehensions/rbxbin v0.0.0-20240404181314-22a2e8ae7079/go.mod h1:FRJLfv2+HPYGcR7xP2VLG4O6QjkFCf05rBcdfUq1j3M= +github.com/apprehensions/rbxbin v0.0.0-20240407014006-bb26c002dffb h1:qwu/qBJJkK1R3z7+wNaWS9CZaXZbu06G7DgODIeeTDQ= +github.com/apprehensions/rbxbin v0.0.0-20240407014006-bb26c002dffb/go.mod h1:FRJLfv2+HPYGcR7xP2VLG4O6QjkFCf05rBcdfUq1j3M= github.com/apprehensions/rbxweb v0.0.0-20240329184049-0bdedc184942 h1:pNRoIKlv329La+msdHmJSPYYf1y4hY4s5ou2mEQDHqU= github.com/apprehensions/rbxweb v0.0.0-20240329184049-0bdedc184942/go.mod h1:F7WKRLrQxuRgfXxhwnlFJ059ZBMRxkXxvIhUxP4Qc5g= github.com/apprehensions/wine v0.0.0-20240312153031-d58fca03f2dc h1:JIbb+03WenrmxJn7RQwms1uUQTUGsRVauni3EzeAomE= @@ -25,6 +33,7 @@ github.com/apprehensions/wine v0.0.0-20240402112551-874f01f9e84d h1:gf4oF5BVh6GE github.com/apprehensions/wine v0.0.0-20240402112551-874f01f9e84d/go.mod h1:t54gBblDmNAdLoRNLKk/338+JQvCiyt6qS8EUpD3RYw= github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/folbricht/pefile v0.1.0 h1:y9aMwgNlPO/iyp8Izll3Au4XNp7Fi7uDH8OKZ1Nl+lw= github.com/folbricht/pefile v0.1.0/go.mod h1:QP4MiHKu0BG/jiftQCJoiH+mM1UMNncR3S+HeioLtvc= github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw= @@ -36,6 +45,7 @@ github.com/go-text/typesetting v0.1.1 h1:bGAesCuo85nXnEN5LmFMVGAGpGkCPtHrZLi//qD github.com/go-text/typesetting v0.1.1/go.mod h1:d22AnmeKq/on0HNv73UFriMKc4Ez6EqZAofLhAzpSzI= github.com/go-text/typesetting-utils v0.0.0-20231204162240-fa4dc564ba79 h1:3yBOzx29wog0i7TnUBMcp90EwIb+A5kqmr5vny1UOm8= github.com/go-text/typesetting-utils v0.0.0-20231204162240-fa4dc564ba79/go.mod h1:DDxDdQEnB70R8owOx3LVpEFvpMK9eeH1o2r0yZhFI9o= +github.com/go-text/typesetting-utils v0.0.0-20231211103740-d9332ae51f04 h1:zBx+p/W2aQYtNuyZNcTfinWvXBQwYtDfme051PR/lAY= github.com/godbus/dbus/v5 v5.1.0 h1:4KLkAxT3aOY8Li4FRJe/KvhoNFFxo0m6fNuFUO8QJUk= github.com/godbus/dbus/v5 v5.1.0/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= @@ -46,6 +56,8 @@ github.com/nxadm/tail v1.4.11 h1:8feyoE3OzPrcshW5/MJ4sGESc5cqmGkGCWlco4l0bqY= github.com/nxadm/tail v1.4.11/go.mod h1:OTaG3NK980DZzxbRq6lEuzgU+mug70nY11sMd4JXXHc= github.com/otiai10/copy v1.14.1-0.20240306081555-fd3129f2faa5 h1:CpkjK9QJTEEI5Z60lTCAq1KhJAX0LWnaQOI++ngsmmY= github.com/otiai10/copy v1.14.1-0.20240306081555-fd3129f2faa5/go.mod h1:DYbkL2ZWIhLKOwKhoy6SOPQPNwNwFnXFZ+W29arKx0c= +github.com/otiai10/copy v1.14.1-0.20240705051008-430a9d79b65c h1:imPT2bqoGfRPxO0rtj7hlQr+WNBIsB7L+74p7GkqfS0= +github.com/otiai10/copy v1.14.1-0.20240705051008-430a9d79b65c/go.mod h1:CXEC8bqi7QhymfoAaoEVteqtjPJ5UAQbidEBLxdqM6E= github.com/otiai10/mint v1.6.3 h1:87qsV/aw1F5as1eH1zS/yqHY85ANKVMgkDrf9rcxbQs= github.com/otiai10/mint v1.6.3/go.mod h1:MJm72SBthJjz8qhefc4z1PYEieWmy8Bku7CjcAqyUSM= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= @@ -56,17 +68,28 @@ github.com/robloxapi/rbxver v0.3.0 h1:ax3ndKtLiXNeYbGc56UEcPQYYMEr6heOfyRDfn+68l github.com/robloxapi/rbxver v0.3.0/go.mod h1:mpM7UdZ2YyLq4gSVtWToeRQLUHNBcOfRGRjINbOi5vM= github.com/samber/lo v1.39.0 h1:4gTz1wUhNYLhFSKl6O+8peW0v2F4BCY034GRpU9WnuA= github.com/samber/lo v1.39.0/go.mod h1:+m/ZKRl6ClXCE2Lgf3MsQlWfh4bn1bz6CXEOxnEXnEA= +github.com/samber/lo v1.44.0 h1:5il56KxRE+GHsm1IR+sZ/6J42NODigFiqCWpSc2dybA= +github.com/samber/lo v1.44.0/go.mod h1:RmDH9Ct32Qy3gduHQuKJ3gW1fMHAnE/fAzQuf6He5cU= github.com/samber/slog-multi v1.0.2 h1:6BVH9uHGAsiGkbbtQgAOQJMpKgV8unMrHhhJaw+X1EQ= github.com/samber/slog-multi v1.0.2/go.mod h1:uLAvHpGqbYgX4FSL0p1ZwoLuveIAJvBECtE07XmYvFo= +github.com/samber/slog-multi v1.1.0 h1:m5wfpXE8Qu2gCiR/JnhFGsLcWDOmTxnso32EMffVAY0= +github.com/samber/slog-multi v1.1.0/go.mod h1:uLAvHpGqbYgX4FSL0p1ZwoLuveIAJvBECtE07XmYvFo= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= golang.org/x/exp v0.0.0-20240325151524-a685a6edb6d8 h1:aAcj0Da7eBAtrTp03QXWvm88pSyOt+UgdZw2BFZ+lEw= golang.org/x/exp v0.0.0-20240325151524-a685a6edb6d8/go.mod h1:CQ1k9gNrJ50XIzaKCRR2hssIjF07kZFEiieALBM/ARQ= +golang.org/x/exp v0.0.0-20240707233637-46b078467d37 h1:uLDX+AfeFCct3a2C7uIWBKMJIR3CJMhcgfrUAqjRK6w= +golang.org/x/exp v0.0.0-20240707233637-46b078467d37/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY= golang.org/x/exp/shiny v0.0.0-20240325151524-a685a6edb6d8 h1:GYlVE/zmuKm+XvR3nYWXZF0SaO2vvPX1Djy2LVOf+TU= golang.org/x/exp/shiny v0.0.0-20240325151524-a685a6edb6d8/go.mod h1:3F+MieQB7dRYLTmnncoFbb1crS5lfQoTfDgQy6K4N0o= +golang.org/x/exp/shiny v0.0.0-20240707233637-46b078467d37 h1:SOSg7+sueresE4IbmmGM60GmlIys+zNX63d6/J4CMtU= +golang.org/x/exp/shiny v0.0.0-20240707233637-46b078467d37/go.mod h1:3F+MieQB7dRYLTmnncoFbb1crS5lfQoTfDgQy6K4N0o= golang.org/x/image v0.15.0 h1:kOELfmgrmJlw4Cdb7g/QGuB3CvDrXbqEIww/pNtNBm8= golang.org/x/image v0.15.0/go.mod h1:HUYqC05R2ZcZ3ejNQsIHQDQiwWM4JBqmm6MKANTp4LE= +golang.org/x/image v0.18.0 h1:jGzIakQa/ZXI1I0Fxvaa9W7yP25TqT6cHIHn+6CqvSQ= +golang.org/x/image v0.18.0/go.mod h1:4yyo5vMFQjVjUcVk4jEQcU9MGy/rulF5WvUILseCM2E= golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ= golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= @@ -77,12 +100,18 @@ golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o= golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI= +golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8= golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= golang.org/x/term v0.19.0 h1:+ThwsDv+tYfnJFhF4L8jITxu1tdTWRTZpdsWgEgjL6Q= golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk= +golang.org/x/term v0.22.0 h1:BbsgPEJULsl2fV/AT3v15Mjva5yXKQDyKf+TbDz7QJk= +golang.org/x/term v0.22.0/go.mod h1:F3qCibpT5AMpCRfhfT53vVJwhLtIVHhB9XDjfFvnMI4= golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4= +golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/natefinch/npipe.v2 v2.0.0-20160621034901-c1b8fa8bdcce h1:+JknDZhAj8YMt7GC73Ei8pv4MzjDUNPHgQWJdtMAaDU= gopkg.in/natefinch/npipe.v2 v2.0.0-20160621034901-c1b8fa8bdcce/go.mod h1:5AcXVHNjg+BDxry382+8OKon8SEWiKktQR07RKPsv1c= diff --git a/splash/dialog.go b/splash/dialog.go index aa68c08..da5b9bf 100644 --- a/splash/dialog.go +++ b/splash/dialog.go @@ -67,7 +67,7 @@ func (ui *Splash) Dialog(txt string, user bool) (r bool) { var noButton widget.Clickable for { - switch e := w.NextEvent().(type) { + switch e := w.Event().(type) { case app.DestroyEvent: return r case app.FrameEvent: diff --git a/splash/splash.go b/splash/splash.go index 27deabd..85d2f98 100644 --- a/splash/splash.go +++ b/splash/splash.go @@ -99,13 +99,15 @@ func (ui *Splash) IsClosed() bool { } func window(width, height unit.Dp) *app.Window { - return app.NewWindow( + w := new(app.Window) + w.Option( app.Decorated(false), app.Size(width, height), app.MinSize(width, height), app.MaxSize(width, height), app.Title("Vinegar"), ) + return w } func New(cfg *Config) *Splash { @@ -123,7 +125,7 @@ func New(cfg *Config) *Splash { } w := window(s.Size()) - w.Perform(system.ActionCenter) + th := material.NewTheme() th.Shaper = text.NewShaper(text.WithCollection(gofont.Collection())) @@ -190,9 +192,10 @@ func (ui *Splash) Run() error { } ui.closed = false + post := false var ops op.Ops for { - switch e := ui.NextEvent().(type) { + switch e := ui.Event().(type) { case app.DestroyEvent: if ui.closed && e.Err == nil { return nil @@ -205,6 +208,10 @@ func (ui *Splash) Run() error { gtx := app.NewContext(&ops, e) paint.Fill(gtx.Ops, ui.Theme.Palette.Bg) + if !post { + ui.Perform(system.ActionCenter) + } + if ui.openLogButton.Clicked(gtx) { log.Printf("Opening log file: %s", ui.LogPath) err := XDGOpen(ui.LogPath).Start()