diff --git a/cmd/web_letsencrypt.go b/cmd/web_letsencrypt.go
index 7754393729..387aacce2c 100644
--- a/cmd/web_letsencrypt.go
+++ b/cmd/web_letsencrypt.go
@@ -32,7 +32,7 @@ func runLetsEncrypt(listenAddr, domain, directory, email string, m http.Handler)
 		DisableTLSALPNChallenge: !enableTLSALPNChallenge,
 	})
 
-	magic.Issuer = myACME
+	magic.Issuers = []certmagic.Issuer{myACME}
 
 	// this obtains certificates or renews them if necessary
 	err := magic.ManageSync([]string{domain})
diff --git a/go.mod b/go.mod
index f834d36e7a..ad748b8273 100644
--- a/go.mod
+++ b/go.mod
@@ -21,7 +21,7 @@ require (
 	github.com/blevesearch/bleve/v2 v2.0.2
 	github.com/boombuler/barcode v1.0.1 // indirect
 	github.com/bradfitz/gomemcache v0.0.0-20190913173617-a41fca850d0b // indirect
-	github.com/caddyserver/certmagic v0.12.0
+	github.com/caddyserver/certmagic v0.13.0
 	github.com/chi-middleware/proxy v1.1.1
 	github.com/couchbase/go-couchbase v0.0.0-20210224140812-5740cd35f448 // indirect
 	github.com/couchbase/gomemcached v0.1.2 // indirect
@@ -75,7 +75,6 @@ require (
 	github.com/klauspost/pgzip v1.2.5 // indirect
 	github.com/lafriks/xormstore v1.4.0
 	github.com/lib/pq v1.9.0
-	github.com/libdns/libdns v0.2.0 // indirect
 	github.com/lunny/dingtalk_webhook v0.0.0-20171025031554-e3534c89ef96
 	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/markbates/goth v1.67.1
@@ -84,10 +83,9 @@ require (
 	github.com/mattn/go-sqlite3 v1.14.6
 	github.com/mgechev/dots v0.0.0-20190921121421-c36f7dcfbb81
 	github.com/mgechev/revive v1.0.3
-	github.com/mholt/acmez v0.1.3 // indirect
 	github.com/mholt/archiver/v3 v3.5.0
 	github.com/microcosm-cc/bluemonday v1.0.7
-	github.com/miekg/dns v1.1.40 // indirect
+	github.com/miekg/dns v1.1.41 // indirect
 	github.com/minio/md5-simd v1.1.2 // indirect
 	github.com/minio/minio-go/v7 v7.0.10
 	github.com/minio/sha256-simd v1.0.0 // indirect
@@ -135,11 +133,11 @@ require (
 	go.jolheiser.com/pwn v0.0.3
 	go.uber.org/multierr v1.6.0 // indirect
 	go.uber.org/zap v1.16.0 // indirect
-	golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83
-	golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4
+	golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b
+	golang.org/x/net v0.0.0-20210421230115-4e50805a0758
 	golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93
-	golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44
-	golang.org/x/text v0.3.5
+	golang.org/x/sys v0.0.0-20210421221651-33663a62ff08
+	golang.org/x/text v0.3.6
 	golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba // indirect
 	golang.org/x/tools v0.1.0
 	gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect
diff --git a/go.sum b/go.sum
index 9cae17759f..8f2755867e 100644
--- a/go.sum
+++ b/go.sum
@@ -185,8 +185,8 @@ github.com/boombuler/barcode v1.0.1/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl
 github.com/bradfitz/gomemcache v0.0.0-20190329173943-551aad21a668/go.mod h1:H0wQNHz2YrLsuXOZozoeDmnHXkNCRmMW0gwFWDfEZDA=
 github.com/bradfitz/gomemcache v0.0.0-20190913173617-a41fca850d0b h1:L/QXpzIa3pOvUGt1D1lA5KjYhPBAN/3iWdP7xeFS9F0=
 github.com/bradfitz/gomemcache v0.0.0-20190913173617-a41fca850d0b/go.mod h1:H0wQNHz2YrLsuXOZozoeDmnHXkNCRmMW0gwFWDfEZDA=
-github.com/caddyserver/certmagic v0.12.0 h1:1f7kxykaJkOVVpXJ8ZrC6RAO5F6+kKm9U7dBFbLNeug=
-github.com/caddyserver/certmagic v0.12.0/go.mod h1:tr26xh+9fY5dN0J6IPAlMj07qpog22PJKa7Nw7j835U=
+github.com/caddyserver/certmagic v0.13.0 h1:ky0rntZvIFiUKFdIikYxj31WN+Ts0Od6Wjz83iTzxfc=
+github.com/caddyserver/certmagic v0.13.0/go.mod h1:dNOzF4iOB7H9E51xTooMB90vs+2XNVtpnx0liQNsQY4=
 github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ=
 github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
@@ -769,7 +769,6 @@ github.com/lib/pq v1.3.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
 github.com/lib/pq v1.7.0/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
 github.com/lib/pq v1.9.0 h1:L8nSXQQzAYByakOFMTwpjRoHsMJklur4Gi59b6VivR8=
 github.com/lib/pq v1.9.0/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
-github.com/libdns/libdns v0.1.0/go.mod h1:yQCXzk1lEZmmCPa857bnk4TsOiqYasqpyOEeSObbb40=
 github.com/libdns/libdns v0.2.0 h1:ewg3ByWrdUrxrje8ChPVMBNcotg7H9LQYg+u5De2RzI=
 github.com/libdns/libdns v0.2.0/go.mod h1:yQCXzk1lEZmmCPa857bnk4TsOiqYasqpyOEeSObbb40=
 github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-bc2310a04743/go.mod h1:qklhhLq1aX+mtWk9cPHPzaBjWImj5ULL6C7HFJtXQMM=
@@ -825,7 +824,6 @@ github.com/mgechev/dots v0.0.0-20190921121421-c36f7dcfbb81 h1:QASJXOGm2RZ5Ardbc8
 github.com/mgechev/dots v0.0.0-20190921121421-c36f7dcfbb81/go.mod h1:KQ7+USdGKfpPjXk4Ga+5XxQM4Lm4e3gAogrreFAYpOg=
 github.com/mgechev/revive v1.0.3 h1:z3FL6IFFN3JKzHYHD8O1ExH9g/4lAGJ5x1+9rPZgsFg=
 github.com/mgechev/revive v1.0.3/go.mod h1:POGGZagSo/0frdr7VeAifzS5Uka0d0GPiM35MsTO8nE=
-github.com/mholt/acmez v0.1.1/go.mod h1:8qnn8QA/Ewx8E3ZSsmscqsIjhhpxuy9vqdgbX2ceceM=
 github.com/mholt/acmez v0.1.3 h1:J7MmNIk4Qf9b8mAGqAh4XkNeowv3f1zW816yf4zt7Qk=
 github.com/mholt/acmez v0.1.3/go.mod h1:8qnn8QA/Ewx8E3ZSsmscqsIjhhpxuy9vqdgbX2ceceM=
 github.com/mholt/archiver/v3 v3.5.0 h1:nE8gZIrw66cu4osS/U7UW7YDuGMHssxKutU8IfWxwWE=
@@ -834,8 +832,8 @@ github.com/microcosm-cc/bluemonday v1.0.7 h1:6yAQfk4XT+PI/dk1ZeBp1gr3Q2Hd1DR0O3a
 github.com/microcosm-cc/bluemonday v1.0.7/go.mod h1:HOT/6NaBlR0f9XlxD3zolN6Z3N8Lp4pvhp+jLS5ihnI=
 github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
 github.com/miekg/dns v1.1.30/go.mod h1:KNUDUusw/aVsxyTYZM1oqvCicbwhgbNgztCETuNZ7xM=
-github.com/miekg/dns v1.1.40 h1:pyyPFfGMnciYUk/mXpKkVmeMQjfXqt3FAJ2hy7tPiLA=
-github.com/miekg/dns v1.1.40/go.mod h1:KNUDUusw/aVsxyTYZM1oqvCicbwhgbNgztCETuNZ7xM=
+github.com/miekg/dns v1.1.41 h1:WMszZWJG0XmzbK9FEmzH2TVcqYzFesusSIB41b8KHxY=
+github.com/miekg/dns v1.1.41/go.mod h1:p6aan82bvRIyn+zDIv9xYNUpwa73JcSh9BKwknJysuI=
 github.com/minio/md5-simd v1.1.0/go.mod h1:XpBqgZULrMYD3R+M28PcmP0CkI7PEMzB3U77ZrKZ0Gw=
 github.com/minio/md5-simd v1.1.2 h1:Gdi1DZK69+ZVMoNHRXJyNcxrMA4dSxoYHZSQbirFg34=
 github.com/minio/md5-simd v1.1.2/go.mod h1:MzdKDxYpY2BT9XQFocsiZf/NKVtR7nkE4RoEpN+20RM=
@@ -1113,8 +1111,6 @@ github.com/unknwon/i18n v0.0.0-20210321134014-0ebbf2df1c44 h1:7bSo/vjZKVYUoZfxpY
 github.com/unknwon/i18n v0.0.0-20210321134014-0ebbf2df1c44/go.mod h1:+5rDk6sDGpl3azws3O+f+GpFSyN9GVr0K8cvQLQM2ZQ=
 github.com/unknwon/paginater v0.0.0-20200328080006-042474bd0eae h1:ihaXiJkaca54IaCSnEXtE/uSZOmPxKZhDfVLrzZLFDs=
 github.com/unknwon/paginater v0.0.0-20200328080006-042474bd0eae/go.mod h1:1fdkY6xxl6ExVs2QFv7R0F5IRZHKA8RahhB9fMC9RvM=
-github.com/unrolled/render v1.0.3 h1:baO+NG1bZSF2WR4zwh+0bMWauWky7DVrTOfvE2w+aFo=
-github.com/unrolled/render v1.0.3/go.mod h1:gN9T0NhL4Bfbwu8ann7Ry/TGHYfosul+J0obPf6NBdM=
 github.com/unrolled/render v1.1.0 h1:gvpR9hHxTt6DcGqRYuVVFcfd8rtK+nyEPUJN06KB57Q=
 github.com/unrolled/render v1.1.0/go.mod h1:gN9T0NhL4Bfbwu8ann7Ry/TGHYfosul+J0obPf6NBdM=
 github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA=
@@ -1231,8 +1227,8 @@ golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPh
 golang.org/x/crypto v0.0.0-20200709230013-948cd5f35899/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20201124201722-c8d3bf9c5392/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
-golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83 h1:/ZScEX8SfEmUGRHs0gxpqteO5nfNW6axyZbBdw9A12g=
-golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
+golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b h1:7mWr3k41Qtv8XlltBkDkl8LoP3mpSgBW8BUoxtEdbXg=
+golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -1321,9 +1317,10 @@ golang.org/x/net v0.0.0-20201202161906-c7110b5ffcbb/go.mod h1:sp8m0HH+o8qH0wwXwY
 golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210331212208-0fccb6fa2b5c/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
-golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4 h1:4nGaVu0QrbjT/AK2PRLuQfQuh6DJve+pELhqTdAj3x0=
-golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
+golang.org/x/net v0.0.0-20210421230115-4e50805a0758 h1:aEpZnXcAmXkd6AvLb2OPt+EN1Zu/8Ne3pCqPjja5PXY=
+golang.org/x/net v0.0.0-20210421230115-4e50805a0758/go.mod h1:72T/g9IO56b78aLF+1Kcs5dz7/ng1VjMUvfKvpfy+jM=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20181106182150-f42d05182288/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -1346,8 +1343,9 @@ golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20201207232520-09787c993a3a h1:DcqTD9SDLc+1P/r1EmRBwnVsrOwW+kk2vWf9n+1sGhs=
 golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20210220032951-036812b2e83c h1:5KslGYwFpkhGh+Q16bwMP3cOontH8FOep7tGV86Y7SQ=
+golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -1419,8 +1417,11 @@ golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44 h1:Bli41pIlzTzf3KEY06n+xnzK/BESIg2ze4Pgfh/aI8c=
+golang.org/x/sys v0.0.0-20210303074136-134d130e1a04/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210420072515-93ed5bcd2bfe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210421221651-33663a62ff08 h1:qyN5bV+96OX8pL78eXDuz6YlDPzCYgdW74H5yE9BoSU=
+golang.org/x/sys v0.0.0-20210421221651-33663a62ff08/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 h1:v+OssWQX+hTHEmOBgwxdZxK4zHq3yOs8F9J7mk0PY8E=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
@@ -1430,8 +1431,9 @@ golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.5 h1:i6eZZ+zk0SOf0xgBpEpPD18qWcJda6q1sxt3S0kzyUQ=
 golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.6 h1:aRYxNxv6iGQlyVaZmk6ZgYEDa+Jg18DxebPSrd6bg1M=
+golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
diff --git a/vendor/github.com/caddyserver/certmagic/README.md b/vendor/github.com/caddyserver/certmagic/README.md
index 0bd6c55678..19aa9f8919 100644
--- a/vendor/github.com/caddyserver/certmagic/README.md
+++ b/vendor/github.com/caddyserver/certmagic/README.md
@@ -260,7 +260,7 @@ magic := certmagic.New(cache, certmagic.Config{
 	// any customizations you need go here
 })
 
-myACME := certmagic.NewACMEManager(magic, ACMEManager{
+myACME := certmagic.NewACMEManager(magic, certmagic.ACMEManager{
 	CA:     certmagic.LetsEncryptStagingCA,
 	Email:  "you@yours.com",
 	Agreed: true,
@@ -285,7 +285,7 @@ tlsConfig := magic.TLSConfig()
 // we can simply set its GetCertificate field and append the
 // TLS-ALPN challenge protocol to the NextProtos
 myTLSConfig.GetCertificate = magic.GetCertificate
-myTLSConfig.NextProtos = append(myTLSConfig.NextProtos, tlsalpn01.ACMETLS1Protocol}
+myTLSConfig.NextProtos = append(myTLSConfig.NextProtos, tlsalpn01.ACMETLS1Protocol)
 
 // the HTTP challenge has to be handled by your HTTP server;
 // if you don't have one, you should have disabled it earlier
@@ -394,7 +394,7 @@ To enable it, just set the `DNS01Solver` field on a `certmagic.ACMEManager` stru
 import "github.com/libdns/cloudflare"
 
 certmagic.DefaultACME.DNS01Solver = &certmagic.DNS01Solver{
-	DNSProvider: cloudflare.Provider{
+	DNSProvider: &cloudflare.Provider{
 		APIToken: "topsecret",
 	},
 }
diff --git a/vendor/github.com/caddyserver/certmagic/account.go b/vendor/github.com/caddyserver/certmagic/account.go
index e1ebb32a04..d7c3841a7e 100644
--- a/vendor/github.com/caddyserver/certmagic/account.go
+++ b/vendor/github.com/caddyserver/certmagic/account.go
@@ -16,6 +16,8 @@ package certmagic
 
 import (
 	"bufio"
+	"bytes"
+	"context"
 	"crypto/ecdsa"
 	"crypto/elliptic"
 	"crypto/rand"
@@ -33,18 +35,24 @@ import (
 // getAccount either loads or creates a new account, depending on if
 // an account can be found in storage for the given CA + email combo.
 func (am *ACMEManager) getAccount(ca, email string) (acme.Account, error) {
-	regBytes, err := am.config.Storage.Load(am.storageKeyUserReg(ca, email))
+	acct, err := am.loadAccount(ca, email)
 	if err != nil {
 		if _, ok := err.(ErrNotExist); ok {
 			return am.newAccount(email)
 		}
+		return acct, err
+	}
+	return acct, err
+}
+
+// loadAccount loads an account from storage, but does not create a new one.
+func (am *ACMEManager) loadAccount(ca, email string) (acme.Account, error) {
+	regBytes, err := am.config.Storage.Load(am.storageKeyUserReg(ca, email))
+	if err != nil {
 		return acme.Account{}, err
 	}
 	keyBytes, err := am.config.Storage.Load(am.storageKeyUserPrivateKey(ca, email))
 	if err != nil {
-		if _, ok := err.(ErrNotExist); ok {
-			return am.newAccount(email)
-		}
 		return acme.Account{}, err
 	}
 
@@ -58,54 +66,6 @@ func (am *ACMEManager) getAccount(ca, email string) (acme.Account, error) {
 		return acct, fmt.Errorf("could not decode account's private key: %v", err)
 	}
 
-	// TODO: July 2020 - transition to new ACME lib and account structure;
-	// for a while, we will need to convert old accounts to new structure
-	acct, err = am.transitionAccountToACMEzJuly2020Format(ca, acct, regBytes)
-	if err != nil {
-		return acct, fmt.Errorf("one-time account transition: %v", err)
-	}
-
-	return acct, err
-}
-
-// TODO: this is a temporary transition helper starting July 2020.
-// It can go away when we think enough time has passed that most active assets have transitioned.
-func (am *ACMEManager) transitionAccountToACMEzJuly2020Format(ca string, acct acme.Account, regBytes []byte) (acme.Account, error) {
-	if acct.Status != "" && acct.Location != "" {
-		return acct, nil
-	}
-
-	var oldAcct struct {
-		Email        string `json:"Email"`
-		Registration struct {
-			Body struct {
-				Status                 string          `json:"status"`
-				TermsOfServiceAgreed   bool            `json:"termsOfServiceAgreed"`
-				Orders                 string          `json:"orders"`
-				ExternalAccountBinding json.RawMessage `json:"externalAccountBinding"`
-			} `json:"body"`
-			URI string `json:"uri"`
-		} `json:"Registration"`
-	}
-	err := json.Unmarshal(regBytes, &oldAcct)
-	if err != nil {
-		return acct, fmt.Errorf("decoding into old account type: %v", err)
-	}
-
-	acct.Status = oldAcct.Registration.Body.Status
-	acct.TermsOfServiceAgreed = oldAcct.Registration.Body.TermsOfServiceAgreed
-	acct.Location = oldAcct.Registration.URI
-	acct.ExternalAccountBinding = oldAcct.Registration.Body.ExternalAccountBinding
-	acct.Orders = oldAcct.Registration.Body.Orders
-	if oldAcct.Email != "" {
-		acct.Contact = []string{"mailto:" + oldAcct.Email}
-	}
-
-	err = am.saveAccount(ca, acct)
-	if err != nil {
-		return acct, fmt.Errorf("saving converted account: %v", err)
-	}
-
 	return acct, nil
 }
 
@@ -124,6 +84,71 @@ func (*ACMEManager) newAccount(email string) (acme.Account, error) {
 	return acct, nil
 }
 
+// GetAccount first tries loading the account with the associated private key from storage.
+// If it does not exist in storage, it will be retrieved from the ACME server and added to storage.
+// The account must already exist; it does not create a new account.
+func (am *ACMEManager) GetAccount(ctx context.Context, privateKeyPEM []byte) (acme.Account, error) {
+	account, err := am.loadAccountByKey(ctx, privateKeyPEM)
+	if err != nil {
+		if _, ok := err.(ErrNotExist); ok {
+			account, err = am.lookUpAccount(ctx, privateKeyPEM)
+		} else {
+			return account, err
+		}
+	}
+	return account, err
+}
+
+// loadAccountByKey loads the account with the given private key from storage, if it exists.
+// If it does not exist, an error of type ErrNotExist is returned. This is not very efficient
+// for lots of accounts.
+func (am *ACMEManager) loadAccountByKey(ctx context.Context, privateKeyPEM []byte) (acme.Account, error) {
+	accountList, err := am.config.Storage.List(am.storageKeyUsersPrefix(am.CA), false)
+	if err != nil {
+		return acme.Account{}, err
+	}
+	for _, accountFolderKey := range accountList {
+		email := path.Base(accountFolderKey)
+		keyBytes, err := am.config.Storage.Load(am.storageKeyUserPrivateKey(am.CA, email))
+		if err != nil {
+			return acme.Account{}, err
+		}
+		if bytes.Equal(bytes.TrimSpace(keyBytes), bytes.TrimSpace(privateKeyPEM)) {
+			return am.loadAccount(am.CA, email)
+		}
+	}
+	return acme.Account{}, ErrNotExist(fmt.Errorf("no account found with that key"))
+}
+
+// lookUpAccount looks up the account associated with privateKeyPEM from the ACME server.
+// If the account is found by the server, it will be saved to storage and returned.
+func (am *ACMEManager) lookUpAccount(ctx context.Context, privateKeyPEM []byte) (acme.Account, error) {
+	client, err := am.newACMEClient(false)
+	if err != nil {
+		return acme.Account{}, fmt.Errorf("creating ACME client: %v", err)
+	}
+
+	privateKey, err := decodePrivateKey([]byte(privateKeyPEM))
+	if err != nil {
+		return acme.Account{}, fmt.Errorf("decoding private key: %v", err)
+	}
+
+	// look up the account
+	account := acme.Account{PrivateKey: privateKey}
+	account, err = client.GetAccount(ctx, account)
+	if err != nil {
+		return acme.Account{}, fmt.Errorf("looking up account with server: %v", err)
+	}
+
+	// save the account details to storage
+	err = am.saveAccount(client.Directory, account)
+	if err != nil {
+		return account, fmt.Errorf("could not save account to storage: %v", err)
+	}
+
+	return account, nil
+}
+
 // saveAccount persists an ACME account's info and private key to storage.
 // It does NOT register the account via ACME or prompt the user.
 func (am *ACMEManager) saveAccount(ca string, account acme.Account) error {
@@ -242,8 +267,12 @@ func (am *ACMEManager) askUserAgreement(agreementURL string) bool {
 	return answer == "y" || answer == "yes"
 }
 
+func storageKeyACMECAPrefix(issuerKey string) string {
+	return path.Join(prefixACME, StorageKeys.Safe(issuerKey))
+}
+
 func (am *ACMEManager) storageKeyCAPrefix(caURL string) string {
-	return path.Join(prefixACME, StorageKeys.Safe(am.issuerKey(caURL)))
+	return storageKeyACMECAPrefix(am.issuerKey(caURL))
 }
 
 func (am *ACMEManager) storageKeyUsersPrefix(caURL string) string {
@@ -305,7 +334,8 @@ func (am *ACMEManager) mostRecentAccountEmail(caURL string) (string, bool) {
 	// get all the key infos ahead of sorting, because
 	// we might filter some out
 	stats := make(map[string]KeyInfo)
-	for i, u := range accountList {
+	for i := 0; i < len(accountList); i++ {
+		u := accountList[i]
 		keyInfo, err := am.config.Storage.Stat(u)
 		if err != nil {
 			continue
@@ -318,6 +348,7 @@ func (am *ACMEManager) mostRecentAccountEmail(caURL string) (string, bool) {
 			// frankly one's OS shouldn't mess with the data folder
 			// in the first place.
 			accountList = append(accountList[:i], accountList[i+1:]...)
+			i--
 			continue
 		}
 		stats[u] = keyInfo
diff --git a/vendor/github.com/caddyserver/certmagic/acmeclient.go b/vendor/github.com/caddyserver/certmagic/acmeclient.go
index 342b222d66..8a61a08255 100644
--- a/vendor/github.com/caddyserver/certmagic/acmeclient.go
+++ b/vendor/github.com/caddyserver/certmagic/acmeclient.go
@@ -37,19 +37,104 @@ func init() {
 	weakrand.Seed(time.Now().UnixNano())
 }
 
-// acmeClient holds state necessary for us to perform
-// ACME operations for certificate management. Call
-// ACMEManager.newACMEClient() to get a valid one to .
+// acmeClient holds state necessary to perform ACME operations
+// for certificate management with an ACME account. Call
+// ACMEManager.newACMEClientWithAccount() to get a valid one.
 type acmeClient struct {
 	mgr        *ACMEManager
 	acmeClient *acmez.Client
 	account    acme.Account
 }
 
-// newACMEClient creates the underlying ACME library client type.
-// If useTestCA is true, am.TestCA will be used if it is set;
-// otherwise, the primary CA will still be used.
-func (am *ACMEManager) newACMEClient(ctx context.Context, useTestCA, interactive bool) (*acmeClient, error) {
+// newACMEClientWithAccount creates an ACME client ready to use with an account, including
+// loading one from storage or registering a new account with the CA if necessary. If
+// useTestCA is true, am.TestCA will be used if set; otherwise, the primary CA will be used.
+func (am *ACMEManager) newACMEClientWithAccount(ctx context.Context, useTestCA, interactive bool) (*acmeClient, error) {
+	// first, get underlying ACME client
+	client, err := am.newACMEClient(useTestCA)
+	if err != nil {
+		return nil, err
+	}
+
+	// look up or create the ACME account
+	var account acme.Account
+	if am.AccountKeyPEM != "" {
+		account, err = am.GetAccount(ctx, []byte(am.AccountKeyPEM))
+	} else {
+		account, err = am.getAccount(client.Directory, am.Email)
+	}
+	if err != nil {
+		return nil, fmt.Errorf("getting ACME account: %v", err)
+	}
+
+	// register account if it is new
+	if account.Status == "" {
+		if am.NewAccountFunc != nil {
+			account, err = am.NewAccountFunc(ctx, am, account)
+			if err != nil {
+				return nil, fmt.Errorf("account pre-registration callback: %v", err)
+			}
+		}
+
+		// agree to terms
+		if interactive {
+			if !am.Agreed {
+				var termsURL string
+				dir, err := client.GetDirectory(ctx)
+				if err != nil {
+					return nil, fmt.Errorf("getting directory: %w", err)
+				}
+				if dir.Meta != nil {
+					termsURL = dir.Meta.TermsOfService
+				}
+				if termsURL != "" {
+					am.Agreed = am.askUserAgreement(termsURL)
+					if !am.Agreed {
+						return nil, fmt.Errorf("user must agree to CA terms")
+					}
+				}
+			}
+		} else {
+			// can't prompt a user who isn't there; they should
+			// have reviewed the terms beforehand
+			am.Agreed = true
+		}
+		account.TermsOfServiceAgreed = am.Agreed
+
+		// associate account with external binding, if configured
+		if am.ExternalAccount != nil {
+			err := account.SetExternalAccountBinding(ctx, client.Client, *am.ExternalAccount)
+			if err != nil {
+				return nil, err
+			}
+		}
+
+		// create account
+		account, err = client.NewAccount(ctx, account)
+		if err != nil {
+			return nil, fmt.Errorf("registering account %v with server: %w", account.Contact, err)
+		}
+
+		// persist the account to storage
+		err = am.saveAccount(client.Directory, account)
+		if err != nil {
+			return nil, fmt.Errorf("could not save account %v: %v", account.Contact, err)
+		}
+	}
+
+	c := &acmeClient{
+		mgr:        am,
+		acmeClient: client,
+		account:    account,
+	}
+
+	return c, nil
+}
+
+// newACMEClient creates a new underlying ACME client using the settings in am,
+// independent of any particular ACME account. If useTestCA is true, am.TestCA
+// will be used if it is set; otherwise, the primary CA will be used.
+func (am *ACMEManager) newACMEClient(useTestCA bool) (*acmez.Client, error) {
 	// ensure defaults are filled in
 	var caURL string
 	if useTestCA {
@@ -78,12 +163,6 @@ func (am *ACMEManager) newACMEClient(ctx context.Context, useTestCA, interactive
 		return nil, fmt.Errorf("%s: insecure CA URL (HTTPS required)", caURL)
 	}
 
-	// look up or create the ACME account
-	account, err := am.getAccount(caURL, am.Email)
-	if err != nil {
-		return nil, fmt.Errorf("getting ACME account: %v", err)
-	}
-
 	// set up the dialers and resolver for the ACME client's HTTP client
 	dialer := &net.Dialer{
 		Timeout:   30 * time.Second,
@@ -153,12 +232,12 @@ func (am *ACMEManager) newACMEClient(ctx context.Context, useTestCA, interactive
 				useHTTPPort = am.AltHTTPPort
 			}
 			client.ChallengeSolvers[acme.ChallengeTypeHTTP01] = distributedSolver{
-				acmeManager: am,
+				storage:                am.config.Storage,
+				storageKeyIssuerPrefix: am.storageKeyCAPrefix(client.Directory),
 				solver: &httpSolver{
 					acmeManager: am,
 					address:     net.JoinHostPort(am.ListenHost, strconv.Itoa(useHTTPPort)),
 				},
-				caURL: client.Directory,
 			}
 		}
 
@@ -172,12 +251,12 @@ func (am *ACMEManager) newACMEClient(ctx context.Context, useTestCA, interactive
 				useTLSALPNPort = am.AltTLSALPNPort
 			}
 			client.ChallengeSolvers[acme.ChallengeTypeTLSALPN01] = distributedSolver{
-				acmeManager: am,
+				storage:                am.config.Storage,
+				storageKeyIssuerPrefix: am.storageKeyCAPrefix(client.Directory),
 				solver: &tlsALPNSolver{
 					config:  am.config,
 					address: net.JoinHostPort(am.ListenHost, strconv.Itoa(useTLSALPNPort)),
 				},
-				caURL: client.Directory,
 			}
 		}
 	} else {
@@ -185,68 +264,26 @@ func (am *ACMEManager) newACMEClient(ctx context.Context, useTestCA, interactive
 		client.ChallengeSolvers[acme.ChallengeTypeDNS01] = am.DNS01Solver
 	}
 
-	// register account if it is new
-	if account.Status == "" {
-		if am.NewAccountFunc != nil {
-			err = am.NewAccountFunc(ctx, am, account)
-			if err != nil {
-				return nil, fmt.Errorf("account pre-registration callback: %v", err)
-			}
-		}
-
-		// agree to terms
-		if interactive {
-			if !am.Agreed {
-				var termsURL string
-				dir, err := client.GetDirectory(ctx)
-				if err != nil {
-					return nil, fmt.Errorf("getting directory: %w", err)
-				}
-				if dir.Meta != nil {
-					termsURL = dir.Meta.TermsOfService
-				}
-				if termsURL != "" {
-					am.Agreed = am.askUserAgreement(termsURL)
-					if !am.Agreed {
-						return nil, fmt.Errorf("user must agree to CA terms")
-					}
-				}
-			}
-		} else {
-			// can't prompt a user who isn't there; they should
-			// have reviewed the terms beforehand
-			am.Agreed = true
-		}
-		account.TermsOfServiceAgreed = am.Agreed
-
-		// associate account with external binding, if configured
-		if am.ExternalAccount != nil {
-			err := account.SetExternalAccountBinding(ctx, client.Client, *am.ExternalAccount)
-			if err != nil {
-				return nil, err
-			}
-		}
-
-		// create account
-		account, err = client.NewAccount(ctx, account)
-		if err != nil {
-			return nil, fmt.Errorf("registering account with server: %w", err)
-		}
-
-		// persist the account to storage
-		err = am.saveAccount(caURL, account)
-		if err != nil {
-			return nil, fmt.Errorf("could not save account: %v", err)
-		}
+	// wrap solvers in our wrapper so that we can keep track of challenge
+	// info: this is useful for solving challenges globally as a process;
+	// for example, usually there is only one process that can solve the
+	// HTTP and TLS-ALPN challenges, and only one server in that process
+	// that can bind the necessary port(s), so if a server listening on
+	// a different port needed a certificate, it would have to know about
+	// the other server listening on that port, and somehow convey its
+	// challenge info or share its config, but this isn't always feasible;
+	// what the wrapper does is it accesses a global challenge memory so
+	// that unrelated servers in this process can all solve each others'
+	// challenges without having to know about each other - Caddy's admin
+	// endpoint uses this functionality since it and the HTTP/TLS modules
+	// do not know about each other
+	// (doing this here in a separate loop ensures that even if we expose
+	// solver config to users later, we will even wrap their own solvers)
+	for name, solver := range client.ChallengeSolvers {
+		client.ChallengeSolvers[name] = solverWrapper{solver}
 	}
 
-	c := &acmeClient{
-		mgr:        am,
-		acmeClient: client,
-		account:    account,
-	}
-
-	return c, nil
+	return client, nil
 }
 
 func (c *acmeClient) throttle(ctx context.Context, names []string) error {
@@ -325,7 +362,7 @@ var (
 
 	// RateLimitEvents is how many new events can be allowed
 	// in RateLimitEventsWindow.
-	RateLimitEvents = 10
+	RateLimitEvents = 20
 
 	// RateLimitEventsWindow is the size of the sliding
 	// window that throttles events.
diff --git a/vendor/github.com/caddyserver/certmagic/acmemanager.go b/vendor/github.com/caddyserver/certmagic/acmemanager.go
index 6820b4f918..82b6cc12ef 100644
--- a/vendor/github.com/caddyserver/certmagic/acmemanager.go
+++ b/vendor/github.com/caddyserver/certmagic/acmemanager.go
@@ -7,6 +7,7 @@ import (
 	"fmt"
 	"net/http"
 	"net/url"
+	"sort"
 	"strings"
 	"time"
 
@@ -19,7 +20,7 @@ import (
 // Issuer, and Revoker interfaces.
 //
 // It is NOT VALID to use an ACMEManager without calling NewACMEManager().
-// It fills in default values from DefaultACME as well as setting up
+// It fills in any default values from DefaultACME as well as setting up
 // internal state that is necessary for valid use. Always call
 // NewACMEManager() to get a valid ACMEManager value.
 type ACMEManager struct {
@@ -37,6 +38,12 @@ type ACMEManager struct {
 	// selecting an existing ACME server account
 	Email string
 
+	// The PEM-encoded private key of the ACME
+	// account to use; only needed if the account
+	// is already created on the server and
+	// can be looked up with the ACME protocol
+	AccountKeyPEM string
+
 	// Set to true if agreed to the CA's
 	// subscriber agreement
 	Agreed bool
@@ -92,9 +99,13 @@ type ACMEManager struct {
 	// Callback function that is called before a
 	// new ACME account is registered with the CA;
 	// it allows for last-second config changes
-	// of the ACMEManager (TODO: this feature is
-	// still EXPERIMENTAL and subject to change)
-	NewAccountFunc func(context.Context, *ACMEManager, acme.Account) error
+	// of the ACMEManager and the Account.
+	// (TODO: this feature is still EXPERIMENTAL and subject to change)
+	NewAccountFunc func(context.Context, *ACMEManager, acme.Account) (acme.Account, error)
+
+	// Preferences for selecting alternate
+	// certificate chains
+	PreferredChains ChainPreference
 
 	// Set a logger to enable logging
 	Logger *zap.Logger
@@ -105,10 +116,12 @@ type ACMEManager struct {
 
 // NewACMEManager constructs a valid ACMEManager based on a template
 // configuration; any empty values will be filled in by defaults in
-// DefaultACME. The associated config is also required.
+// DefaultACME, and if any required values are still empty, sensible
+// defaults will be used.
 //
-// Typically, you'll create the Config first, then call NewACMEManager(),
-// then assign the return value to the Issuer/Revoker fields of the Config.
+// Typically, you'll create the Config first with New() or NewDefault(),
+// then call NewACMEManager(), then assign the return value to the Issuers
+// field of the Config.
 func NewACMEManager(cfg *Config, template ACMEManager) *ACMEManager {
 	if cfg == nil {
 		panic("cannot make valid ACMEManager without an associated CertMagic config")
@@ -126,6 +139,9 @@ func NewACMEManager(cfg *Config, template ACMEManager) *ACMEManager {
 	if template.Email == "" {
 		template.Email = DefaultACME.Email
 	}
+	if template.AccountKeyPEM == "" {
+		template.AccountKeyPEM = DefaultACME.AccountKeyPEM
+	}
 	if !template.Agreed {
 		template.Agreed = DefaultACME.Agreed
 	}
@@ -175,7 +191,7 @@ func (am *ACMEManager) IssuerKey() string {
 	return am.issuerKey(am.CA)
 }
 
-func (am *ACMEManager) issuerKey(ca string) string {
+func (*ACMEManager) issuerKey(ca string) string {
 	key := ca
 	if caURL, err := url.Parse(key); err == nil {
 		key = caURL.Host
@@ -202,11 +218,11 @@ func (am *ACMEManager) issuerKey(ca string) string {
 // batch is eligible for certificates if using Let's Encrypt.
 // It also ensures that an email address is available.
 func (am *ACMEManager) PreCheck(_ context.Context, names []string, interactive bool) error {
-	letsEncrypt := strings.Contains(am.CA, "api.letsencrypt.org")
-	if letsEncrypt {
+	publicCA := strings.Contains(am.CA, "api.letsencrypt.org") || strings.Contains(am.CA, "acme.zerossl.com")
+	if publicCA {
 		for _, name := range names {
 			if !SubjectQualifiesForPublicCert(name) {
-				return fmt.Errorf("subject does not qualify for a Let's Encrypt certificate: %s", name)
+				return fmt.Errorf("subject does not qualify for a public certificate: %s", name)
 			}
 		}
 	}
@@ -282,7 +298,7 @@ func (am *ACMEManager) Issue(ctx context.Context, csr *x509.CertificateRequest)
 }
 
 func (am *ACMEManager) doIssue(ctx context.Context, csr *x509.CertificateRequest, useTestCA bool) (*IssuedCertificate, bool, error) {
-	client, err := am.newACMEClient(ctx, useTestCA, false)
+	client, err := am.newACMEClientWithAccount(ctx, useTestCA, false)
 	if err != nil {
 		return nil, false, err
 	}
@@ -300,20 +316,103 @@ func (am *ACMEManager) doIssue(ctx context.Context, csr *x509.CertificateRequest
 	if err != nil {
 		return nil, usingTestCA, fmt.Errorf("%v %w (ca=%s)", nameSet, err, client.acmeClient.Directory)
 	}
+	if len(certChains) == 0 {
+		return nil, usingTestCA, fmt.Errorf("no certificate chains")
+	}
+
+	preferredChain := am.selectPreferredChain(certChains)
 
-	// TODO: ACME server could in theory issue a cert with multiple chains,
-	// but we don't (yet) have a way to choose one, so just use first one
 	ic := &IssuedCertificate{
-		Certificate: certChains[0].ChainPEM,
-		Metadata:    certChains[0],
+		Certificate: preferredChain.ChainPEM,
+		Metadata:    preferredChain,
 	}
 
 	return ic, usingTestCA, nil
 }
 
+// selectPreferredChain sorts and then filters the certificate chains to find the optimal
+// chain preferred by the client. If there's only one chain, that is returned without any
+// processing. If there are no matches, the first chain is returned.
+func (am *ACMEManager) selectPreferredChain(certChains []acme.Certificate) acme.Certificate {
+	if len(certChains) == 1 {
+		if am.Logger != nil && (len(am.PreferredChains.AnyCommonName) > 0 || len(am.PreferredChains.RootCommonName) > 0) {
+			am.Logger.Debug("there is only one chain offered; selecting it regardless of preferences",
+				zap.String("chain_url", certChains[0].URL))
+		}
+		return certChains[0]
+	}
+
+	if am.PreferredChains.Smallest != nil {
+		if *am.PreferredChains.Smallest {
+			sort.Slice(certChains, func(i, j int) bool {
+				return len(certChains[i].ChainPEM) < len(certChains[j].ChainPEM)
+			})
+		} else {
+			sort.Slice(certChains, func(i, j int) bool {
+				return len(certChains[i].ChainPEM) > len(certChains[j].ChainPEM)
+			})
+		}
+	}
+
+	if len(am.PreferredChains.AnyCommonName) > 0 || len(am.PreferredChains.RootCommonName) > 0 {
+		// in order to inspect, we need to decode their PEM contents
+		decodedChains := make([][]*x509.Certificate, len(certChains))
+		for i, chain := range certChains {
+			certs, err := parseCertsFromPEMBundle(chain.ChainPEM)
+			if err != nil {
+				if am.Logger != nil {
+					am.Logger.Error("unable to parse PEM certificate chain",
+						zap.Int("chain", i),
+						zap.Error(err))
+				}
+				continue
+			}
+			decodedChains[i] = certs
+		}
+
+		if len(am.PreferredChains.AnyCommonName) > 0 {
+			for _, prefAnyCN := range am.PreferredChains.AnyCommonName {
+				for i, chain := range decodedChains {
+					for _, cert := range chain {
+						if cert.Issuer.CommonName == prefAnyCN {
+							if am.Logger != nil {
+								am.Logger.Debug("found preferred certificate chain by issuer common name",
+									zap.String("preference", prefAnyCN),
+									zap.Int("chain", i))
+							}
+							return certChains[i]
+						}
+					}
+				}
+			}
+		}
+
+		if len(am.PreferredChains.RootCommonName) > 0 {
+			for _, prefRootCN := range am.PreferredChains.RootCommonName {
+				for i, chain := range decodedChains {
+					if chain[len(chain)-1].Issuer.CommonName == prefRootCN {
+						if am.Logger != nil {
+							am.Logger.Debug("found preferred certificate chain by root common name",
+								zap.String("preference", prefRootCN),
+								zap.Int("chain", i))
+						}
+						return certChains[i]
+					}
+				}
+			}
+		}
+
+		if am.Logger != nil {
+			am.Logger.Warn("did not find chain matching preferences; using first")
+		}
+	}
+
+	return certChains[0]
+}
+
 // Revoke implements the Revoker interface. It revokes the given certificate.
 func (am *ACMEManager) Revoke(ctx context.Context, cert CertificateResource, reason int) error {
-	client, err := am.newACMEClient(ctx, false, false)
+	client, err := am.newACMEClientWithAccount(ctx, false, false)
 	if err != nil {
 		return err
 	}
@@ -326,8 +425,24 @@ func (am *ACMEManager) Revoke(ctx context.Context, cert CertificateResource, rea
 	return client.revoke(ctx, certs[0], reason)
 }
 
-// DefaultACME specifies the default settings
-// to use for ACMEManagers.
+// ChainPreference describes the client's preferred certificate chain,
+// useful if the CA offers alternate chains. The first matching chain
+// will be selected.
+type ChainPreference struct {
+	// Prefer chains with the fewest number of bytes.
+	Smallest *bool
+
+	// Select first chain having a root with one of
+	// these common names.
+	RootCommonName []string
+
+	// Select first chain that has any issuer with one
+	// of these common names.
+	AnyCommonName []string
+}
+
+// DefaultACME specifies default settings to use for ACMEManagers.
+// Using this value is optional but can be convenient.
 var DefaultACME = ACMEManager{
 	CA:     LetsEncryptProductionCA,
 	TestCA: LetsEncryptStagingCA,
@@ -337,6 +452,7 @@ var DefaultACME = ACMEManager{
 const (
 	LetsEncryptStagingCA    = "https://acme-staging-v02.api.letsencrypt.org/directory"
 	LetsEncryptProductionCA = "https://acme-v02.api.letsencrypt.org/directory"
+	ZeroSSLProductionCA     = "https://acme.zerossl.com/v2/DV90"
 )
 
 // prefixACME is the storage key prefix used for ACME-specific assets.
diff --git a/vendor/github.com/caddyserver/certmagic/certificates.go b/vendor/github.com/caddyserver/certmagic/certificates.go
index ebdb61832d..09dc340d03 100644
--- a/vendor/github.com/caddyserver/certmagic/certificates.go
+++ b/vendor/github.com/caddyserver/certmagic/certificates.go
@@ -113,10 +113,11 @@ func (cfg *Config) CacheManagedCertificate(domain string) (Certificate, error) {
 	return cert, nil
 }
 
-// loadManagedCertificate loads the managed certificate for domain,
-// but it does not add it to the cache. It just loads from storage.
+// loadManagedCertificate loads the managed certificate for domain from any
+// of the configured issuers' storage locations, but it does not add it to
+// the cache. It just loads from storage and returns it.
 func (cfg *Config) loadManagedCertificate(domain string) (Certificate, error) {
-	certRes, err := cfg.loadCertResource(domain)
+	certRes, err := cfg.loadCertResourceAnyIssuer(domain)
 	if err != nil {
 		return Certificate{}, err
 	}
@@ -154,7 +155,7 @@ func (cfg *Config) CacheUnmanagedTLSCertificate(tlsCert tls.Certificate, tags []
 	if err != nil {
 		return err
 	}
-	_, err = stapleOCSP(cfg.Storage, &cert, nil)
+	_, err = stapleOCSP(cfg.OCSP, cfg.Storage, &cert, nil)
 	if err != nil && cfg.Logger != nil {
 		cfg.Logger.Warn("stapling OCSP", zap.Error(err))
 	}
@@ -202,7 +203,7 @@ func (cfg Config) makeCertificateWithOCSP(certPEMBlock, keyPEMBlock []byte) (Cer
 	if err != nil {
 		return cert, err
 	}
-	_, err = stapleOCSP(cfg.Storage, &cert, certPEMBlock)
+	_, err = stapleOCSP(cfg.OCSP, cfg.Storage, &cert, certPEMBlock)
 	if err != nil && cfg.Logger != nil {
 		cfg.Logger.Warn("stapling OCSP", zap.Error(err))
 	}
@@ -295,19 +296,12 @@ func fillCertFromLeaf(cert *Certificate, tlsCert tls.Certificate) error {
 // meantime, and it would be a good idea to simply load the cert
 // into our cache rather than repeating the renewal process again.
 func (cfg *Config) managedCertInStorageExpiresSoon(cert Certificate) (bool, error) {
-	certRes, err := cfg.loadCertResource(cert.Names[0])
+	certRes, err := cfg.loadCertResourceAnyIssuer(cert.Names[0])
 	if err != nil {
 		return false, err
 	}
-	tlsCert, err := tls.X509KeyPair(certRes.CertificatePEM, certRes.PrivateKeyPEM)
-	if err != nil {
-		return false, err
-	}
-	leaf, err := x509.ParseCertificate(tlsCert.Certificate[0])
-	if err != nil {
-		return false, err
-	}
-	return currentlyInRenewalWindow(leaf.NotBefore, leaf.NotAfter, cfg.RenewalWindowRatio), nil
+	_, needsRenew := cfg.managedCertNeedsRenewal(certRes)
+	return needsRenew, nil
 }
 
 // reloadManagedCertificate reloads the certificate corresponding to the name(s)
@@ -341,8 +335,9 @@ func SubjectQualifiesForCert(subj string) bool {
 		!strings.HasPrefix(subj, ".") &&
 		!strings.HasSuffix(subj, ".") &&
 
-		// if it has a wildcard, must be a left-most label
-		(!strings.Contains(subj, "*") || strings.HasPrefix(subj, "*.")) &&
+		// if it has a wildcard, must be a left-most label (or exactly "*"
+		// which won't be trusted by browsers but still technically works)
+		(!strings.Contains(subj, "*") || strings.HasPrefix(subj, "*.") || subj == "*") &&
 
 		// must not contain other common special characters
 		!strings.ContainsAny(subj, "()[]{}<> \t\n\"\\!@#$%^&|;'+=")
@@ -356,32 +351,45 @@ func SubjectQualifiesForCert(subj string) bool {
 // allowed, as long as they conform to CABF requirements (only
 // one wildcard label, and it must be the left-most label).
 func SubjectQualifiesForPublicCert(subj string) bool {
-	// must at least qualify for certificate
+	// must at least qualify for a certificate
 	return SubjectQualifiesForCert(subj) &&
 
-		// localhost is ineligible
-		subj != "localhost" &&
-
-		// .localhost TLD is ineligible
-		!strings.HasSuffix(subj, ".localhost") &&
-
-		// .local TLD is ineligible
-		!strings.HasSuffix(subj, ".local") &&
-
-		// only one wildcard label allowed, and it must be left-most
-		(!strings.Contains(subj, "*") ||
-			(strings.Count(subj, "*") == 1 &&
-				len(subj) > 2 &&
-				strings.HasPrefix(subj, "*."))) &&
+		// localhost, .localhost TLD, and .local TLD are ineligible
+		!SubjectIsInternal(subj) &&
 
 		// cannot be an IP address (as of yet), see
 		// https://community.letsencrypt.org/t/certificate-for-static-ip/84/2?u=mholt
-		net.ParseIP(subj) == nil
+		!SubjectIsIP(subj) &&
+
+		// only one wildcard label allowed, and it must be left-most, with 3+ labels
+		(!strings.Contains(subj, "*") ||
+			(strings.Count(subj, "*") == 1 &&
+				strings.Count(subj, ".") > 1 &&
+				len(subj) > 2 &&
+				strings.HasPrefix(subj, "*.")))
+}
+
+// SubjectIsIP returns true if subj is an IP address.
+func SubjectIsIP(subj string) bool {
+	return net.ParseIP(subj) != nil
+}
+
+// SubjectIsInternal returns true if subj is an internal-facing
+// hostname or address.
+func SubjectIsInternal(subj string) bool {
+	return subj == "localhost" ||
+		strings.HasSuffix(subj, ".localhost") ||
+		strings.HasSuffix(subj, ".local")
 }
 
 // MatchWildcard returns true if subject (a candidate DNS name)
 // matches wildcard (a reference DNS name), mostly according to
-// RFC6125-compliant wildcard rules.
+// RFC 6125-compliant wildcard rules. See also RFC 2818 which
+// states that IP addresses must match exactly, but this function
+// does not attempt to distinguish IP addresses from internal or
+// external DNS names that happen to look like IP addresses.
+// It uses DNS wildcard matching logic.
+// https://tools.ietf.org/html/rfc2818#section-3.1
 func MatchWildcard(subject, wildcard string) bool {
 	if subject == wildcard {
 		return true
diff --git a/vendor/github.com/caddyserver/certmagic/certmagic.go b/vendor/github.com/caddyserver/certmagic/certmagic.go
index d2a64151b9..03844b4ad9 100644
--- a/vendor/github.com/caddyserver/certmagic/certmagic.go
+++ b/vendor/github.com/caddyserver/certmagic/certmagic.go
@@ -125,8 +125,10 @@ func HTTPS(domainNames []string, mux http.Handler) error {
 		WriteTimeout:      5 * time.Second,
 		IdleTimeout:       5 * time.Second,
 	}
-	if am, ok := cfg.Issuer.(*ACMEManager); ok {
-		httpServer.Handler = am.HTTPChallengeHandler(http.HandlerFunc(httpRedirectHandler))
+	if len(cfg.Issuers) > 0 {
+		if am, ok := cfg.Issuers[0].(*ACMEManager); ok {
+			httpServer.Handler = am.HTTPChallengeHandler(http.HandlerFunc(httpRedirectHandler))
+		}
 	}
 	httpsServer := &http.Server{
 		ReadHeaderTimeout: 10 * time.Second,
@@ -425,9 +427,11 @@ func (cr *CertificateResource) NamesKey() string {
 
 // Default contains the package defaults for the
 // various Config fields. This is used as a template
-// when creating your own Configs with New(), and it
-// is also used as the Config by all the high-level
-// functions in this package.
+// when creating your own Configs with New() or
+// NewDefault(), and it is also used as the Config
+// by all the high-level functions in this package
+// that abstract away most configuration (HTTPS(),
+// TLS(), Listen(), etc).
 //
 // The fields of this value will be used for Config
 // fields which are unset. Feel free to modify these
@@ -436,8 +440,10 @@ func (cr *CertificateResource) NamesKey() string {
 // obtained by calling New() (if you have your own
 // certificate cache) or NewDefault() (if you only
 // need a single config and want to use the default
-// cache). This is the only Config which can access
-// the default certificate cache.
+// cache).
+//
+// Even if the Issuers or Storage fields are not set,
+// defaults will be applied in the call to New().
 var Default = Config{
 	RenewalWindowRatio: DefaultRenewalWindowRatio,
 	Storage:            defaultFileStorage,
@@ -459,12 +465,12 @@ const (
 // are set to; otherwise ACME challenges will fail.
 var (
 	// HTTPPort is the port on which to serve HTTP
-	// and, by extension, the HTTP challenge (unless
+	// and, as such, the HTTP challenge (unless
 	// Default.AltHTTPPort is set).
 	HTTPPort = 80
 
 	// HTTPSPort is the port on which to serve HTTPS
-	// and, by extension, the TLS-ALPN challenge
+	// and, as such, the TLS-ALPN challenge
 	// (unless Default.AltTLSALPNPort is set).
 	HTTPSPort = 443
 )
diff --git a/vendor/github.com/caddyserver/certmagic/config.go b/vendor/github.com/caddyserver/certmagic/config.go
index 4cab8121b2..1428a14e46 100644
--- a/vendor/github.com/caddyserver/certmagic/config.go
+++ b/vendor/github.com/caddyserver/certmagic/config.go
@@ -23,6 +23,7 @@ import (
 	"crypto/x509"
 	"crypto/x509/pkix"
 	"encoding/asn1"
+	"encoding/json"
 	"fmt"
 	weakrand "math/rand"
 	"net"
@@ -31,7 +32,9 @@ import (
 	"time"
 
 	"github.com/mholt/acmez"
+	"github.com/mholt/acmez/acme"
 	"go.uber.org/zap"
+	"golang.org/x/net/idna"
 )
 
 // Config configures a certificate manager instance.
@@ -54,45 +57,48 @@ type Config struct {
 
 	// DefaultServerName specifies a server name
 	// to use when choosing a certificate if the
-	// ClientHello's ServerName field is empty
+	// ClientHello's ServerName field is empty.
 	DefaultServerName string
 
 	// The state needed to operate on-demand TLS;
 	// if non-nil, on-demand TLS is enabled and
 	// certificate operations are deferred to
-	// TLS handshakes (or as-needed)
+	// TLS handshakes (or as-needed).
 	// TODO: Can we call this feature "Reactive/Lazy/Passive TLS" instead?
 	OnDemand *OnDemandConfig
 
-	// Add the must staple TLS extension to the CSR
+	// Adds the must staple TLS extension to the CSR.
 	MustStaple bool
 
-	// The type that issues certificates; the
-	// default Issuer is ACMEManager
-	Issuer Issuer
-
-	// The type that revokes certificates; must
-	// be configured in conjunction with the Issuer
-	// field such that both the Issuer and Revoker
-	// are related (because issuance information is
-	// required for revocation)
-	Revoker Revoker
+	// The source for getting new certificates; the
+	// default Issuer is ACMEManager. If multiple
+	// issuers are specified, they will be tried in
+	// turn until one succeeds.
+	Issuers []Issuer
 
 	// The source of new private keys for certificates;
-	// the default KeySource is StandardKeyGenerator
+	// the default KeySource is StandardKeyGenerator.
 	KeySource KeyGenerator
 
 	// CertSelection chooses one of the certificates
 	// with which the ClientHello will be completed;
 	// if not set, DefaultCertificateSelector will
-	// be used
+	// be used.
 	CertSelection CertificateSelector
 
-	// The storage to access when storing or
-	// loading TLS assets
+	// OCSP configures how OCSP is handled. By default,
+	// OCSP responses are fetched for every certificate
+	// with a responder URL, and cached on disk. Changing
+	// these defaults is STRONGLY discouraged unless you
+	// have a compelling reason to put clients at greater
+	// risk and reduce their privacy.
+	OCSP OCSPConfig
+
+	// The storage to access when storing or loading
+	// TLS assets. Default is the local file system.
 	Storage Storage
 
-	// Set a logger to enable logging
+	// Set a logger to enable logging.
 	Logger *zap.Logger
 
 	// required pointer to the in-memory cert cache
@@ -116,6 +122,9 @@ type Config struct {
 // same, default certificate cache. All configs returned
 // by NewDefault() are based on the values of the fields of
 // Default at the time it is called.
+//
+// This is the only way to get a config that uses the
+// default certificate cache.
 func NewDefault() *Config {
 	defaultCacheMu.Lock()
 	if defaultCache == nil {
@@ -153,7 +162,7 @@ func NewDefault() *Config {
 // the vast majority of cases, there will be only a
 // single Config, thus the default cache (which always
 // uses the default Config) and default config will
-// suffice, and you should use New() instead.
+// suffice, and you should use NewDefault() instead.
 func New(certCache *Cache, cfg Config) *Config {
 	if certCache == nil {
 		panic("a certificate cache is required")
@@ -196,23 +205,11 @@ func newWithCache(certCache *Cache, cfg Config) *Config {
 	if cfg.Storage == nil {
 		cfg.Storage = Default.Storage
 	}
-	if cfg.Issuer == nil {
-		cfg.Issuer = Default.Issuer
-		if cfg.Issuer == nil {
-			// okay really, we need an issuer,
-			// that's kind of the point; most
-			// people would probably want ACME
-			cfg.Issuer = NewACMEManager(&cfg, DefaultACME)
-		}
-		// issuer and revoker go together; if user
-		// specifies their own issuer, we don't want
-		// to override their revoker, hence we only
-		// do this if Issuer was also nil
-		if cfg.Revoker == nil {
-			cfg.Revoker = Default.Revoker
-			if cfg.Revoker == nil {
-				cfg.Revoker = NewACMEManager(&cfg, DefaultACME)
-			}
+	if len(cfg.Issuers) == 0 {
+		cfg.Issuers = Default.Issuers
+		if len(cfg.Issuers) == 0 {
+			// at least one issuer is absolutely required
+			cfg.Issuers = []Issuer{NewACMEManager(&cfg, DefaultACME)}
 		}
 	}
 
@@ -223,7 +220,6 @@ func newWithCache(certCache *Cache, cfg Config) *Config {
 		cfg.Storage = defaultFileStorage
 	}
 
-	// ensure the unexported fields are valid
 	cfg.certCache = certCache
 
 	return &cfg
@@ -254,6 +250,29 @@ func (cfg *Config) ManageSync(domainNames []string) error {
 	return cfg.manageAll(nil, domainNames, false)
 }
 
+// ClientCredentials returns a list of TLS client certificate chains for the given identifiers.
+// The return value can be used in a tls.Config to enable client authentication using managed certificates.
+// Any certificates that need to be obtained or renewed for these identifiers will be managed accordingly.
+func (cfg *Config) ClientCredentials(ctx context.Context, identifiers []string) ([]tls.Certificate, error) {
+	err := cfg.manageAll(ctx, identifiers, false)
+	if err != nil {
+		return nil, err
+	}
+	var chains []tls.Certificate
+	for _, id := range identifiers {
+		certRes, err := cfg.loadCertResourceAnyIssuer(id)
+		if err != nil {
+			return chains, err
+		}
+		chain, err := tls.X509KeyPair(certRes.CertificatePEM, certRes.PrivateKeyPEM)
+		if err != nil {
+			return chains, err
+		}
+		chains = append(chains, chain)
+	}
+	return chains, nil
+}
+
 // ManageAsync is the same as ManageSync, except that ACME
 // operations are performed asynchronously (in the background).
 // This method returns before certificates are ready. It is
@@ -360,6 +379,28 @@ func (cfg *Config) manageOne(ctx context.Context, domainName string, async bool)
 	return nil
 }
 
+// Unmanage causes the certificates for domainNames to stop being managed.
+// If there are certificates for the supplied domain names in the cache, they
+// are evicted from the cache.
+func (cfg *Config) Unmanage(domainNames []string) {
+	var deleteQueue []Certificate
+	for _, domainName := range domainNames {
+		certs := cfg.certCache.AllMatchingCertificates(domainName)
+		for _, cert := range certs {
+			if !cert.managed {
+				continue
+			}
+			deleteQueue = append(deleteQueue, cert)
+		}
+	}
+
+	cfg.certCache.mu.Lock()
+	for _, cert := range deleteQueue {
+		cfg.certCache.removeCertificate(cert)
+	}
+	cfg.certCache.mu.Unlock()
+}
+
 // ObtainCert obtains a certificate for name using cfg, as long
 // as a certificate does not already exist in storage for that
 // name. The name must qualify and cfg must be flagged as Managed.
@@ -372,27 +413,22 @@ func (cfg *Config) manageOne(ctx context.Context, domainName string, async bool)
 // TODO: consider moving interactive param into the Config struct,
 // and maybe retry settings into the Config struct as well? (same for RenewCert)
 func (cfg *Config) ObtainCert(ctx context.Context, name string, interactive bool) error {
-	if cfg.storageHasCertResources(name) {
+	if len(cfg.Issuers) == 0 {
+		return fmt.Errorf("no issuers configured; impossible to obtain or check for existing certificate in storage")
+	}
+	if cfg.storageHasCertResourcesAnyIssuer(name) {
 		return nil
 	}
-	issuer, err := cfg.getPrecheckedIssuer(ctx, []string{name}, interactive)
+	// ensure storage is writeable and readable
+	// TODO: this is not necessary every time; should only perform check once every so often for each storage, which may require some global state...
+	err := cfg.checkStorage()
 	if err != nil {
-		return err
+		return fmt.Errorf("failed storage check: %v - storage is probably misconfigured", err)
 	}
-	if issuer == nil {
-		return nil
-	}
-	return cfg.obtainWithIssuer(ctx, issuer, name, interactive)
+	return cfg.obtainCert(ctx, name, interactive)
 }
 
-func loggerNamed(l *zap.Logger, name string) *zap.Logger {
-	if l == nil {
-		return nil
-	}
-	return l.Named(name)
-}
-
-func (cfg *Config) obtainWithIssuer(ctx context.Context, issuer Issuer, name string, interactive bool) error {
+func (cfg *Config) obtainCert(ctx context.Context, name string, interactive bool) error {
 	log := loggerNamed(cfg.Logger, "obtain")
 
 	if log != nil {
@@ -400,10 +436,10 @@ func (cfg *Config) obtainWithIssuer(ctx context.Context, issuer Issuer, name str
 	}
 
 	// ensure idempotency of the obtain operation for this name
-	lockKey := cfg.lockKey("cert_acme", name)
+	lockKey := cfg.lockKey(certIssueLockOp, name)
 	err := acquireLock(ctx, cfg.Storage, lockKey)
 	if err != nil {
-		return err
+		return fmt.Errorf("unable to acquire lock '%s': %v", lockKey, err)
 	}
 	defer func() {
 		if log != nil {
@@ -424,7 +460,7 @@ func (cfg *Config) obtainWithIssuer(ctx context.Context, issuer Issuer, name str
 
 	f := func(ctx context.Context) error {
 		// check if obtain is still needed -- might have been obtained during lock
-		if cfg.storageHasCertResources(name) {
+		if cfg.storageHasCertResourcesAnyIssuer(name) {
 			if log != nil {
 				log.Info("certificate already exists in storage", zap.String("identifier", name))
 			}
@@ -445,8 +481,24 @@ func (cfg *Config) obtainWithIssuer(ctx context.Context, issuer Issuer, name str
 			return err
 		}
 
-		issuedCert, err := issuer.Issue(ctx, csr)
+		// try to obtain from each issuer until we succeed
+		var issuedCert *IssuedCertificate
+		var issuerUsed Issuer
+		for _, issuer := range cfg.Issuers {
+			if prechecker, ok := issuer.(PreChecker); ok {
+				err = prechecker.PreCheck(ctx, []string{name}, interactive)
+				if err != nil {
+					continue
+				}
+			}
+			issuedCert, err = issuer.Issue(ctx, csr)
+			if err == nil {
+				issuerUsed = issuer
+				break
+			}
+		}
 		if err != nil {
+			// TODO: only the error from the last issuer will be returned, oh well?
 			return fmt.Errorf("[%s] Obtain: %w", name, err)
 		}
 
@@ -457,7 +509,7 @@ func (cfg *Config) obtainWithIssuer(ctx context.Context, issuer Issuer, name str
 			PrivateKeyPEM:  privKeyPEM,
 			IssuerData:     issuedCert.Metadata,
 		}
-		err = cfg.saveCertResource(certRes)
+		err = cfg.saveCertResource(issuerUsed, certRes)
 		if err != nil {
 			return fmt.Errorf("[%s] Obtain: saving assets: %v", name, err)
 		}
@@ -480,21 +532,32 @@ func (cfg *Config) obtainWithIssuer(ctx context.Context, issuer Issuer, name str
 	return err
 }
 
+func (cfg *Config) storageHasCertResourcesAnyIssuer(name string) bool {
+	for _, iss := range cfg.Issuers {
+		if cfg.storageHasCertResources(iss, name) {
+			return true
+		}
+	}
+	return false
+}
+
 // RenewCert renews the certificate for name using cfg. It stows the
 // renewed certificate and its assets in storage if successful. It
 // DOES NOT update the in-memory cache with the new certificate.
 func (cfg *Config) RenewCert(ctx context.Context, name string, interactive bool) error {
-	issuer, err := cfg.getPrecheckedIssuer(ctx, []string{name}, interactive)
+	if len(cfg.Issuers) == 0 {
+		return fmt.Errorf("no issuers configured; impossible to renew or check existing certificate in storage")
+	}
+	// ensure storage is writeable and readable
+	// TODO: this is not necessary every time; should only perform check once every so often for each storage, which may require some global state...
+	err := cfg.checkStorage()
 	if err != nil {
-		return err
+		return fmt.Errorf("failed storage check: %v - storage is probably misconfigured", err)
 	}
-	if issuer == nil {
-		return nil
-	}
-	return cfg.renewWithIssuer(ctx, issuer, name, interactive)
+	return cfg.renewCert(ctx, name, interactive)
 }
 
-func (cfg *Config) renewWithIssuer(ctx context.Context, issuer Issuer, name string, interactive bool) error {
+func (cfg *Config) renewCert(ctx context.Context, name string, interactive bool) error {
 	log := loggerNamed(cfg.Logger, "renew")
 
 	if log != nil {
@@ -502,10 +565,10 @@ func (cfg *Config) renewWithIssuer(ctx context.Context, issuer Issuer, name stri
 	}
 
 	// ensure idempotency of the renew operation for this name
-	lockKey := cfg.lockKey("cert_acme", name)
+	lockKey := cfg.lockKey(certIssueLockOp, name)
 	err := acquireLock(ctx, cfg.Storage, lockKey)
 	if err != nil {
-		return err
+		return fmt.Errorf("unable to acquire lock '%s': %v", lockKey, err)
 	}
 	defer func() {
 		if log != nil {
@@ -526,7 +589,7 @@ func (cfg *Config) renewWithIssuer(ctx context.Context, issuer Issuer, name stri
 
 	f := func(ctx context.Context) error {
 		// prepare for renewal (load PEM cert, key, and meta)
-		certRes, err := cfg.loadCertResource(name)
+		certRes, err := cfg.loadCertResourceAnyIssuer(name)
 		if err != nil {
 			return err
 		}
@@ -556,8 +619,24 @@ func (cfg *Config) renewWithIssuer(ctx context.Context, issuer Issuer, name stri
 			return err
 		}
 
-		issuedCert, err := issuer.Issue(ctx, csr)
+		// try to obtain from each issuer until we succeed
+		var issuedCert *IssuedCertificate
+		var issuerUsed Issuer
+		for _, issuer := range cfg.Issuers {
+			if prechecker, ok := issuer.(PreChecker); ok {
+				err = prechecker.PreCheck(ctx, []string{name}, interactive)
+				if err != nil {
+					continue
+				}
+			}
+			issuedCert, err = issuer.Issue(ctx, csr)
+			if err == nil {
+				issuerUsed = issuer
+				break
+			}
+		}
 		if err != nil {
+			// TODO: only the error from the last issuer will be returned, oh well?
 			return fmt.Errorf("[%s] Renew: %w", name, err)
 		}
 
@@ -568,7 +647,7 @@ func (cfg *Config) renewWithIssuer(ctx context.Context, issuer Issuer, name stri
 			PrivateKeyPEM:  certRes.PrivateKeyPEM,
 			IssuerData:     issuedCert.Metadata,
 		}
-		err = cfg.saveCertResource(newCertRes)
+		err = cfg.saveCertResource(issuerUsed, newCertRes)
 		if err != nil {
 			return fmt.Errorf("[%s] Renew: saving assets: %v", name, err)
 		}
@@ -602,7 +681,12 @@ func (cfg *Config) generateCSR(privateKey crypto.PrivateKey, sans []string) (*x5
 		} else if u, err := url.Parse(name); err == nil && strings.Contains(name, "/") {
 			csrTemplate.URIs = append(csrTemplate.URIs, u)
 		} else {
-			csrTemplate.DNSNames = append(csrTemplate.DNSNames, name)
+			// convert IDNs to ASCII according to RFC 5280 section 7
+			normalizedName, err := idna.ToASCII(name)
+			if err != nil {
+				return nil, fmt.Errorf("converting identifier '%s' to ASCII: %v", name, err)
+			}
+			csrTemplate.DNSNames = append(csrTemplate.DNSNames, normalizedName)
 		}
 	}
 
@@ -619,43 +703,45 @@ func (cfg *Config) generateCSR(privateKey crypto.PrivateKey, sans []string) (*x5
 }
 
 // RevokeCert revokes the certificate for domain via ACME protocol. It requires
-// that cfg.Issuer is properly configured with the same issuer that issued the
+// that cfg.Issuers is properly configured with the same issuer that issued the
 // certificate being revoked. See RFC 5280 ยง5.3.1 for reason codes.
 func (cfg *Config) RevokeCert(ctx context.Context, domain string, reason int, interactive bool) error {
-	rev := cfg.Revoker
-	if rev == nil {
-		rev = Default.Revoker
-	}
+	for i, issuer := range cfg.Issuers {
+		issuerKey := issuer.IssuerKey()
 
-	certRes, err := cfg.loadCertResource(domain)
-	if err != nil {
-		return err
-	}
+		rev, ok := issuer.(Revoker)
+		if !ok {
+			return fmt.Errorf("issuer %d (%s) is not a Revoker", i, issuerKey)
+		}
 
-	issuerKey := cfg.Issuer.IssuerKey()
+		certRes, err := cfg.loadCertResource(issuer, domain)
+		if err != nil {
+			return err
+		}
 
-	if !cfg.Storage.Exists(StorageKeys.SitePrivateKey(issuerKey, domain)) {
-		return fmt.Errorf("private key not found for %s", certRes.SANs)
-	}
+		if !cfg.Storage.Exists(StorageKeys.SitePrivateKey(issuerKey, domain)) {
+			return fmt.Errorf("private key not found for %s", certRes.SANs)
+		}
 
-	err = rev.Revoke(ctx, certRes, reason)
-	if err != nil {
-		return err
-	}
+		err = rev.Revoke(ctx, certRes, reason)
+		if err != nil {
+			return fmt.Errorf("issuer %d (%s): %v", i, issuerKey, err)
+		}
 
-	cfg.emit("cert_revoked", domain)
+		cfg.emit("cert_revoked", domain)
 
-	err = cfg.Storage.Delete(StorageKeys.SiteCert(issuerKey, domain))
-	if err != nil {
-		return fmt.Errorf("certificate revoked, but unable to delete certificate file: %v", err)
-	}
-	err = cfg.Storage.Delete(StorageKeys.SitePrivateKey(issuerKey, domain))
-	if err != nil {
-		return fmt.Errorf("certificate revoked, but unable to delete private key: %v", err)
-	}
-	err = cfg.Storage.Delete(StorageKeys.SiteMeta(issuerKey, domain))
-	if err != nil {
-		return fmt.Errorf("certificate revoked, but unable to delete certificate metadata: %v", err)
+		err = cfg.Storage.Delete(StorageKeys.SiteCert(issuerKey, domain))
+		if err != nil {
+			return fmt.Errorf("certificate revoked, but unable to delete certificate file: %v", err)
+		}
+		err = cfg.Storage.Delete(StorageKeys.SitePrivateKey(issuerKey, domain))
+		if err != nil {
+			return fmt.Errorf("certificate revoked, but unable to delete private key: %v", err)
+		}
+		err = cfg.Storage.Delete(StorageKeys.SiteMeta(issuerKey, domain))
+		if err != nil {
+			return fmt.Errorf("certificate revoked, but unable to delete certificate metadata: %v", err)
+		}
 	}
 
 	return nil
@@ -692,27 +778,50 @@ func (cfg *Config) TLSConfig() *tls.Config {
 	}
 }
 
-// getPrecheckedIssuer returns an Issuer with pre-checks
-// completed, if it is also a PreChecker. It also checks
-// that storage is functioning. If a nil Issuer is returned
-// with a nil error, that means to skip this operation
-// (not an error, just a no-op).
-func (cfg *Config) getPrecheckedIssuer(ctx context.Context, names []string, interactive bool) (Issuer, error) {
-	// ensure storage is writeable and readable
-	// TODO: this is not necessary every time; should only
-	// perform check once every so often for each storage,
-	// which may require some global state...
-	err := cfg.checkStorage()
-	if err != nil {
-		return nil, fmt.Errorf("failed storage check: %v - storage is probably misconfigured", err)
+// getChallengeInfo loads the challenge info from either the internal challenge memory
+// or the external storage (implying distributed solving). The second return value
+// indicates whether challenge info was loaded from external storage. If true, the
+// challenge is being solved in a distributed fashion; if false, from internal memory.
+// If no matching challenge information can be found, an error is returned.
+func (cfg *Config) getChallengeInfo(identifier string) (Challenge, bool, error) {
+	// first, check if our process initiated this challenge; if so, just return it
+	chalData, ok := GetACMEChallenge(identifier)
+	if ok {
+		return chalData, false, nil
 	}
-	if prechecker, ok := cfg.Issuer.(PreChecker); ok {
-		err := prechecker.PreCheck(ctx, names, interactive)
-		if err != nil {
-			return nil, err
+
+	// otherwise, perhaps another instance in the cluster initiated it; check
+	// the configured storage to retrieve challenge data
+
+	var chalInfo acme.Challenge
+	var chalInfoBytes []byte
+	var tokenKey string
+	for _, issuer := range cfg.Issuers {
+		ds := distributedSolver{
+			storage:                cfg.Storage,
+			storageKeyIssuerPrefix: storageKeyACMECAPrefix(issuer.IssuerKey()),
 		}
+		tokenKey = ds.challengeTokensKey(identifier)
+		var err error
+		chalInfoBytes, err = cfg.Storage.Load(tokenKey)
+		if err == nil {
+			break
+		}
+		if _, ok := err.(ErrNotExist); ok {
+			continue
+		}
+		return Challenge{}, false, fmt.Errorf("opening distributed challenge token file %s: %v", tokenKey, err)
 	}
-	return cfg.Issuer, nil
+	if len(chalInfoBytes) == 0 {
+		return Challenge{}, false, fmt.Errorf("no information found to solve challenge for identifier: %s", identifier)
+	}
+
+	err := json.Unmarshal(chalInfoBytes, &chalInfo)
+	if err != nil {
+		return Challenge{}, false, fmt.Errorf("decoding challenge token file %s (corrupted?): %v", tokenKey, err)
+	}
+
+	return Challenge{Challenge: chalInfo}, true, nil
 }
 
 // checkStorage tests the storage by writing random bytes
@@ -758,8 +867,8 @@ func (cfg *Config) checkStorage() error {
 // associated with cfg's certificate cache has all the
 // resources related to the certificate for domain: the
 // certificate, the private key, and the metadata.
-func (cfg *Config) storageHasCertResources(domain string) bool {
-	issuerKey := cfg.Issuer.IssuerKey()
+func (cfg *Config) storageHasCertResources(issuer Issuer, domain string) bool {
+	issuerKey := issuer.IssuerKey()
 	certKey := StorageKeys.SiteCert(issuerKey, domain)
 	keyKey := StorageKeys.SitePrivateKey(issuerKey, domain)
 	metaKey := StorageKeys.SiteMeta(issuerKey, domain)
@@ -771,18 +880,19 @@ func (cfg *Config) storageHasCertResources(domain string) bool {
 // lockKey returns a key for a lock that is specific to the operation
 // named op being performed related to domainName and this config's CA.
 func (cfg *Config) lockKey(op, domainName string) string {
-	return fmt.Sprintf("%s_%s_%s", op, domainName, cfg.Issuer.IssuerKey())
+	return fmt.Sprintf("%s_%s", op, domainName)
 }
 
-// managedCertNeedsRenewal returns true if certRes is
-// expiring soon or already expired, or if the process
-// of checking the expiration returned an error.
+// managedCertNeedsRenewal returns true if certRes is expiring soon or already expired,
+// or if the process of decoding the cert and checking its expiration returned an error.
 func (cfg *Config) managedCertNeedsRenewal(certRes CertificateResource) (time.Duration, bool) {
-	cert, err := makeCertificate(certRes.CertificatePEM, certRes.PrivateKeyPEM)
+	certChain, err := parseCertsFromPEMBundle(certRes.CertificatePEM)
 	if err != nil {
 		return 0, true
 	}
-	return time.Until(cert.Leaf.NotAfter), cert.NeedsRenewal(cfg)
+	remaining := time.Until(certChain[0].NotAfter)
+	needsRenew := currentlyInRenewalWindow(certChain[0].NotBefore, certChain[0].NotAfter, cfg.RenewalWindowRatio)
+	return remaining, needsRenew
 }
 
 func (cfg *Config) emit(eventName string, data interface{}) {
@@ -792,11 +902,40 @@ func (cfg *Config) emit(eventName string, data interface{}) {
 	cfg.OnEvent(eventName, data)
 }
 
+func loggerNamed(l *zap.Logger, name string) *zap.Logger {
+	if l == nil {
+		return nil
+	}
+	return l.Named(name)
+}
+
 // CertificateSelector is a type which can select a certificate to use given multiple choices.
 type CertificateSelector interface {
 	SelectCertificate(*tls.ClientHelloInfo, []Certificate) (Certificate, error)
 }
 
+// OCSPConfig configures how OCSP is handled.
+type OCSPConfig struct {
+	// Disable automatic OCSP stapling; strongly
+	// discouraged unless you have a good reason.
+	// Disabling this puts clients at greater risk
+	// and reduces their privacy.
+	DisableStapling bool
+
+	// A map of OCSP responder domains to replacement
+	// domains for querying OCSP servers. Used for
+	// overriding the OCSP responder URL that is
+	// embedded in certificates. Mapping to an empty
+	// URL will disable OCSP from that responder.
+	ResponderOverrides map[string]string
+}
+
+// certIssueLockOp is the name of the operation used
+// when naming a lock to make it mutually exclusive
+// with other certificate issuance operations for a
+// certain name.
+const certIssueLockOp = "issue_cert"
+
 // Constants for PKIX MustStaple extension.
 var (
 	tlsFeatureExtensionOID = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 1, 24}
diff --git a/vendor/github.com/caddyserver/certmagic/crypto.go b/vendor/github.com/caddyserver/certmagic/crypto.go
index 2af3e62a00..ef60f27dc4 100644
--- a/vendor/github.com/caddyserver/certmagic/crypto.go
+++ b/vendor/github.com/caddyserver/certmagic/crypto.go
@@ -28,9 +28,12 @@ import (
 	"encoding/pem"
 	"fmt"
 	"hash/fnv"
+	"sort"
 	"strings"
 
 	"github.com/klauspost/cpuid"
+	"go.uber.org/zap"
+	"golang.org/x/net/idna"
 )
 
 // encodePrivateKey marshals a EC or RSA private key into a PEM-encoded array of bytes.
@@ -129,13 +132,13 @@ func fastHash(input []byte) string {
 // saveCertResource saves the certificate resource to disk. This
 // includes the certificate file itself, the private key, and the
 // metadata file.
-func (cfg *Config) saveCertResource(cert CertificateResource) error {
+func (cfg *Config) saveCertResource(issuer Issuer, cert CertificateResource) error {
 	metaBytes, err := json.MarshalIndent(cert, "", "\t")
 	if err != nil {
 		return fmt.Errorf("encoding certificate metadata: %v", err)
 	}
 
-	issuerKey := cfg.Issuer.IssuerKey()
+	issuerKey := issuer.IssuerKey()
 	certKey := cert.NamesKey()
 
 	all := []keyValue{
@@ -156,20 +159,95 @@ func (cfg *Config) saveCertResource(cert CertificateResource) error {
 	return storeTx(cfg.Storage, all)
 }
 
-func (cfg *Config) loadCertResource(certNamesKey string) (CertificateResource, error) {
+// loadCertResourceAnyIssuer loads and returns the certificate resource from any
+// of the configured issuers. If multiple are found (e.g. if there are 3 issuers
+// configured, and all 3 have a resource matching certNamesKey), then the newest
+// (latest NotBefore date) resource will be chosen.
+func (cfg *Config) loadCertResourceAnyIssuer(certNamesKey string) (CertificateResource, error) {
+	// we can save some extra decoding steps if there's only one issuer, since
+	// we don't need to compare potentially multiple available resources to
+	// select the best one, when there's only one choice anyway
+	if len(cfg.Issuers) == 1 {
+		return cfg.loadCertResource(cfg.Issuers[0], certNamesKey)
+	}
+
+	type decodedCertResource struct {
+		CertificateResource
+		issuer  Issuer
+		decoded *x509.Certificate
+	}
+	var certResources []decodedCertResource
+	var lastErr error
+
+	// load and decode all certificate resources found with the
+	// configured issuers so we can sort by newest
+	for _, issuer := range cfg.Issuers {
+		certRes, err := cfg.loadCertResource(issuer, certNamesKey)
+		if err != nil {
+			if _, ok := err.(ErrNotExist); ok {
+				// not a problem, but we need to remember the error
+				// in case we end up not finding any cert resources
+				// since we'll need an error to return in that case
+				lastErr = err
+				continue
+			}
+			return CertificateResource{}, err
+		}
+		certs, err := parseCertsFromPEMBundle(certRes.CertificatePEM)
+		if err != nil {
+			return CertificateResource{}, err
+		}
+		certResources = append(certResources, decodedCertResource{
+			CertificateResource: certRes,
+			issuer:              issuer,
+			decoded:             certs[0],
+		})
+	}
+	if len(certResources) == 0 {
+		if lastErr == nil {
+			lastErr = fmt.Errorf("no certificate resources found") // just in case; e.g. no Issuers configured
+		}
+		return CertificateResource{}, lastErr
+	}
+
+	// sort by date so the most recently issued comes first
+	sort.Slice(certResources, func(i, j int) bool {
+		return certResources[j].decoded.NotBefore.Before(certResources[i].decoded.NotBefore)
+	})
+
+	if cfg.Logger != nil {
+		cfg.Logger.Debug("loading managed certificate",
+			zap.String("domain", certNamesKey),
+			zap.Time("expiration", certResources[0].decoded.NotAfter),
+			zap.String("issuer_key", certResources[0].issuer.IssuerKey()),
+			zap.Any("storage", cfg.Storage),
+		)
+	}
+
+	return certResources[0].CertificateResource, nil
+}
+
+// loadCertResource loads a certificate resource from the given issuer's storage location.
+func (cfg *Config) loadCertResource(issuer Issuer, certNamesKey string) (CertificateResource, error) {
 	var certRes CertificateResource
-	issuerKey := cfg.Issuer.IssuerKey()
-	certBytes, err := cfg.Storage.Load(StorageKeys.SiteCert(issuerKey, certNamesKey))
+	issuerKey := issuer.IssuerKey()
+
+	normalizedName, err := idna.ToASCII(certNamesKey)
+	if err != nil {
+		return certRes, fmt.Errorf("converting '%s' to ASCII: %v", certNamesKey, err)
+	}
+
+	certBytes, err := cfg.Storage.Load(StorageKeys.SiteCert(issuerKey, normalizedName))
 	if err != nil {
 		return CertificateResource{}, err
 	}
 	certRes.CertificatePEM = certBytes
-	keyBytes, err := cfg.Storage.Load(StorageKeys.SitePrivateKey(issuerKey, certNamesKey))
+	keyBytes, err := cfg.Storage.Load(StorageKeys.SitePrivateKey(issuerKey, normalizedName))
 	if err != nil {
 		return CertificateResource{}, err
 	}
 	certRes.PrivateKeyPEM = keyBytes
-	metaBytes, err := cfg.Storage.Load(StorageKeys.SiteMeta(issuerKey, certNamesKey))
+	metaBytes, err := cfg.Storage.Load(StorageKeys.SiteMeta(issuerKey, normalizedName))
 	if err != nil {
 		return CertificateResource{}, err
 	}
@@ -178,50 +256,6 @@ func (cfg *Config) loadCertResource(certNamesKey string) (CertificateResource, e
 		return CertificateResource{}, fmt.Errorf("decoding certificate metadata: %v", err)
 	}
 
-	// TODO: July 2020 - transition to new ACME lib and cert resource structure;
-	// for a while, we will need to convert old cert resources to new structure
-	certRes, err = cfg.transitionCertMetaToACMEzJuly2020Format(certRes, metaBytes)
-	if err != nil {
-		return certRes, fmt.Errorf("one-time certificate resource transition: %v", err)
-	}
-
-	return certRes, nil
-}
-
-// TODO: this is a temporary transition helper starting July 2020.
-// It can go away when we think enough time has passed that most active assets have transitioned.
-func (cfg *Config) transitionCertMetaToACMEzJuly2020Format(certRes CertificateResource, metaBytes []byte) (CertificateResource, error) {
-	data, ok := certRes.IssuerData.(map[string]interface{})
-	if !ok {
-		return certRes, nil
-	}
-	if certURL, ok := data["url"].(string); ok && certURL != "" {
-		return certRes, nil
-	}
-
-	var oldCertRes struct {
-		SANs       []string `json:"sans"`
-		IssuerData struct {
-			Domain        string `json:"domain"`
-			CertURL       string `json:"certUrl"`
-			CertStableURL string `json:"certStableUrl"`
-		} `json:"issuer_data"`
-	}
-	err := json.Unmarshal(metaBytes, &oldCertRes)
-	if err != nil {
-		return certRes, fmt.Errorf("decoding into old certificate resource type: %v", err)
-	}
-
-	data = map[string]interface{}{
-		"url": oldCertRes.IssuerData.CertURL,
-	}
-	certRes.IssuerData = data
-
-	err = cfg.saveCertResource(certRes)
-	if err != nil {
-		return certRes, fmt.Errorf("saving converted certificate resource: %v", err)
-	}
-
 	return certRes, nil
 }
 
diff --git a/vendor/github.com/caddyserver/certmagic/filestorage.go b/vendor/github.com/caddyserver/certmagic/filestorage.go
index f3603d0747..8adc2ce75f 100644
--- a/vendor/github.com/caddyserver/certmagic/filestorage.go
+++ b/vendor/github.com/caddyserver/certmagic/filestorage.go
@@ -147,7 +147,7 @@ func (fs *FileStorage) Lock(ctx context.Context, key string) error {
 			err2 := json.NewDecoder(f).Decode(&meta)
 			f.Close()
 			if err2 != nil {
-				return err2
+				return fmt.Errorf("decoding lockfile contents: %w", err2)
 			}
 		}
 
@@ -306,7 +306,15 @@ func updateLockfileFreshness(filename string) (bool, error) {
 
 	// write updated timestamp
 	meta.Updated = time.Now()
-	return false, json.NewEncoder(f).Encode(meta)
+	if err = json.NewEncoder(f).Encode(meta); err != nil {
+		return false, err
+	}
+
+	// sync to device; we suspect that sometimes file systems
+	// (particularly AWS EFS) don't do this on their own,
+	// leaving the file empty when we close it; see
+	// https://github.com/caddyserver/caddy/issues/3954
+	return false, f.Sync()
 }
 
 // atomicallyCreateFile atomically creates the file
@@ -325,8 +333,11 @@ func atomicallyCreateFile(filename string, writeLockInfo bool) error {
 			Created: now,
 			Updated: now,
 		}
-		err := json.NewEncoder(f).Encode(meta)
-		if err != nil {
+		if err := json.NewEncoder(f).Encode(meta); err != nil {
+			return err
+		}
+		// see https://github.com/caddyserver/caddy/issues/3954
+		if err := f.Sync(); err != nil {
 			return err
 		}
 	}
diff --git a/vendor/github.com/caddyserver/certmagic/go.mod b/vendor/github.com/caddyserver/certmagic/go.mod
index be29ac66e1..ff8f6b916b 100644
--- a/vendor/github.com/caddyserver/certmagic/go.mod
+++ b/vendor/github.com/caddyserver/certmagic/go.mod
@@ -4,9 +4,10 @@ go 1.14
 
 require (
 	github.com/klauspost/cpuid v1.2.5
-	github.com/libdns/libdns v0.1.0
-	github.com/mholt/acmez v0.1.1
+	github.com/libdns/libdns v0.2.0
+	github.com/mholt/acmez v0.1.3
 	github.com/miekg/dns v1.1.30
 	go.uber.org/zap v1.15.0
 	golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de
+	golang.org/x/net v0.0.0-20200707034311-ab3426394381
 )
diff --git a/vendor/github.com/caddyserver/certmagic/go.sum b/vendor/github.com/caddyserver/certmagic/go.sum
index ccae0648f2..0d29850a65 100644
--- a/vendor/github.com/caddyserver/certmagic/go.sum
+++ b/vendor/github.com/caddyserver/certmagic/go.sum
@@ -12,10 +12,10 @@ github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORN
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
-github.com/libdns/libdns v0.1.0 h1:0ctCOrVJsVzj53mop1angHp/pE3hmAhP7KiHvR0HD04=
-github.com/libdns/libdns v0.1.0/go.mod h1:yQCXzk1lEZmmCPa857bnk4TsOiqYasqpyOEeSObbb40=
-github.com/mholt/acmez v0.1.1 h1:KQODCqk+hBn3O7qfCRPj6L96uG65T5BSS95FKNEqtdA=
-github.com/mholt/acmez v0.1.1/go.mod h1:8qnn8QA/Ewx8E3ZSsmscqsIjhhpxuy9vqdgbX2ceceM=
+github.com/libdns/libdns v0.2.0 h1:ewg3ByWrdUrxrje8ChPVMBNcotg7H9LQYg+u5De2RzI=
+github.com/libdns/libdns v0.2.0/go.mod h1:yQCXzk1lEZmmCPa857bnk4TsOiqYasqpyOEeSObbb40=
+github.com/mholt/acmez v0.1.3 h1:J7MmNIk4Qf9b8mAGqAh4XkNeowv3f1zW816yf4zt7Qk=
+github.com/mholt/acmez v0.1.3/go.mod h1:8qnn8QA/Ewx8E3ZSsmscqsIjhhpxuy9vqdgbX2ceceM=
 github.com/miekg/dns v1.1.30 h1:Qww6FseFn8PRfw07jueqIXqodm0JKiiKuK0DeXSqfyo=
 github.com/miekg/dns v1.1.30/go.mod h1:KNUDUusw/aVsxyTYZM1oqvCicbwhgbNgztCETuNZ7xM=
 github.com/pkg/errors v0.8.1 h1:iURUrRGxPUNPdy5/HRSm+Yj6okJ6UtLINN0Q9M4+h3I=
@@ -47,9 +47,7 @@ golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKG
 golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
 golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190620200207-3b0461eec859 h1:R/3boaszxrf1GEUWTVDzSKVwLmSJpwZ1yqXm8j0v2QI=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190923162816-aa69164e4478 h1:l5EDrHhldLYb3ZRHDUhXF7Om7MvYXnkV9/iQNo1lX6g=
 golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200707034311-ab3426394381 h1:VXak5I6aEWmAXeQjA+QSZzlgNrpq9mjcfDemuexIKsU=
 golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
@@ -57,7 +55,6 @@ golang.org/x/sync v0.0.0-20190423024810-112230192c58 h1:8gQV6CLnAEikrhgkHFbMAEha
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe h1:6fAMxZRR6sl1Uq8U61gxU+kPTs2tR8uOySCbBP7BN/M=
 golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd h1:xhmwyvizuTgC2qz7ZlMluP20uW+C3Rm0FD/WLDX8884=
 golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -66,7 +63,6 @@ golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
 golang.org/x/tools v0.0.0-20191029041327-9cc4af7d6b2c/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191029190741-b9c20aec41a5 h1:hKsoRgsbwY1NafxrwTs+k64bikrLBkAgPir1TNCj3Zs=
 golang.org/x/tools v0.0.0-20191029190741-b9c20aec41a5/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191216052735-49a3e744a425 h1:VvQyQJN0tSuecqgcIxMWnnfG5kSmgy9KZR9sW3W5QeA=
 golang.org/x/tools v0.0.0-20191216052735-49a3e744a425/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
diff --git a/vendor/github.com/caddyserver/certmagic/handshake.go b/vendor/github.com/caddyserver/certmagic/handshake.go
index 4c3228a503..beb5cc3e9f 100644
--- a/vendor/github.com/caddyserver/certmagic/handshake.go
+++ b/vendor/github.com/caddyserver/certmagic/handshake.go
@@ -17,7 +17,6 @@ package certmagic
 import (
 	"context"
 	"crypto/tls"
-	"encoding/json"
 	"fmt"
 	"net"
 	"strings"
@@ -25,7 +24,6 @@ import (
 	"time"
 
 	"github.com/mholt/acmez"
-	"github.com/mholt/acmez/acme"
 	"go.uber.org/zap"
 )
 
@@ -44,41 +42,23 @@ func (cfg *Config) GetCertificate(clientHello *tls.ClientHelloInfo) (*tls.Certif
 	// (https://tools.ietf.org/html/draft-ietf-acme-tls-alpn-05)
 	for _, proto := range clientHello.SupportedProtos {
 		if proto == acmez.ACMETLS1Protocol {
-			cfg.certCache.mu.RLock()
-			challengeCert, ok := cfg.certCache.cache[tlsALPNCertKeyName(clientHello.ServerName)]
-			cfg.certCache.mu.RUnlock()
-			if !ok {
-				// see if this challenge was started in a cluster; try distributed challenge solver
-				// (note that the tls.Config's ALPN settings must include the ACME TLS-ALPN challenge
-				// protocol string, otherwise a valid certificate will not solve the challenge; we
-				// should already have taken care of that when we made the tls.Config)
-				challengeCert, ok, err := cfg.tryDistributedChallengeSolver(clientHello)
-				if err != nil {
-					if cfg.Logger != nil {
-						cfg.Logger.Error("tls-alpn challenge",
-							zap.String("server_name", clientHello.ServerName),
-							zap.Error(err))
-					}
+			challengeCert, distributed, err := cfg.getTLSALPNChallengeCert(clientHello)
+			if err != nil {
+				if cfg.Logger != nil {
+					cfg.Logger.Error("tls-alpn challenge",
+						zap.String("server_name", clientHello.ServerName),
+						zap.Error(err))
 				}
-				if ok {
-					if cfg.Logger != nil {
-						cfg.Logger.Info("served key authentication certificate",
-							zap.String("server_name", clientHello.ServerName),
-							zap.String("challenge", "tls-alpn-01"),
-							zap.String("remote", clientHello.Conn.RemoteAddr().String()),
-							zap.Bool("distributed", true))
-					}
-					return &challengeCert.Certificate, nil
-				}
-				return nil, fmt.Errorf("no certificate to complete TLS-ALPN challenge for SNI name: %s", clientHello.ServerName)
+				return nil, err
 			}
 			if cfg.Logger != nil {
 				cfg.Logger.Info("served key authentication certificate",
 					zap.String("server_name", clientHello.ServerName),
 					zap.String("challenge", "tls-alpn-01"),
-					zap.String("remote", clientHello.Conn.RemoteAddr().String()))
+					zap.String("remote", clientHello.Conn.RemoteAddr().String()),
+					zap.Bool("distributed", distributed))
 			}
-			return &challengeCert.Certificate, nil
+			return challengeCert, nil
 		}
 	}
 
@@ -107,16 +87,12 @@ func (cfg *Config) GetCertificate(clientHello *tls.ClientHelloInfo) (*tls.Certif
 //
 // This function is safe for concurrent use.
 func (cfg *Config) getCertificate(hello *tls.ClientHelloInfo) (cert Certificate, matched, defaulted bool) {
-	name := NormalizedName(hello.ServerName)
+	name := normalizedName(hello.ServerName)
 
 	if name == "" {
 		// if SNI is empty, prefer matching IP address
 		if hello.Conn != nil {
-			addr := hello.Conn.LocalAddr().String()
-			ip, _, err := net.SplitHostPort(addr)
-			if err == nil {
-				addr = ip
-			}
+			addr := localIPFromConn(hello.Conn)
 			cert, matched = cfg.selectCert(hello, addr)
 			if matched {
 				return
@@ -125,7 +101,7 @@ func (cfg *Config) getCertificate(hello *tls.ClientHelloInfo) (cert Certificate,
 
 		// fall back to a "default" certificate, if specified
 		if cfg.DefaultServerName != "" {
-			normDefault := NormalizedName(cfg.DefaultServerName)
+			normDefault := normalizedName(cfg.DefaultServerName)
 			cert, defaulted = cfg.selectCert(hello, normDefault)
 			if defaulted {
 				return
@@ -260,6 +236,12 @@ func (cfg *Config) getCertDuringHandshake(hello *tls.ClientHelloInfo, loadIfNece
 	if cfg.OnDemand != nil && loadIfNecessary {
 		// Then check to see if we have one on disk
 		loadedCert, err := cfg.CacheManagedCertificate(name)
+		if _, ok := err.(ErrNotExist); ok {
+			// If no exact match, try a wildcard variant, which is something we can still use
+			labels := strings.Split(name, ".")
+			labels[0] = "*"
+			loadedCert, err = cfg.CacheManagedCertificate(strings.Join(labels, "."))
+		}
 		if err == nil {
 			loadedCert, err = cfg.handshakeMaintenance(hello, loadedCert)
 			if err != nil {
@@ -273,14 +255,6 @@ func (cfg *Config) getCertDuringHandshake(hello *tls.ClientHelloInfo, loadIfNece
 		}
 		if obtainIfNecessary {
 			// By this point, we need to ask the CA for a certificate
-
-			// Make sure the certificate should be obtained based on config
-			err := cfg.checkIfCertShouldBeObtained(name)
-			if err != nil {
-				return Certificate{}, err
-			}
-
-			// Obtain certificate from the CA
 			return cfg.obtainOnDemandCertificate(hello)
 		}
 	}
@@ -347,6 +321,11 @@ func (cfg *Config) obtainOnDemandCertificate(hello *tls.ClientHelloInfo) (Certif
 
 	name := cfg.getNameFromClientHello(hello)
 
+	getCertWithoutReobtaining := func() (Certificate, error) {
+		// very important to set the obtainIfNecessary argument to false, so we don't repeat this infinitely
+		return cfg.getCertDuringHandshake(hello, true, false)
+	}
+
 	// We must protect this process from happening concurrently, so synchronize.
 	obtainCertWaitChansMu.Lock()
 	wait, ok := obtainCertWaitChans[name]
@@ -354,8 +333,17 @@ func (cfg *Config) obtainOnDemandCertificate(hello *tls.ClientHelloInfo) (Certif
 		// lucky us -- another goroutine is already obtaining the certificate.
 		// wait for it to finish obtaining the cert and then we'll use it.
 		obtainCertWaitChansMu.Unlock()
-		<-wait
-		return cfg.getCertDuringHandshake(hello, true, false)
+
+		// TODO: see if we can get a proper context in here, for true cancellation
+		timeout := time.NewTimer(2 * time.Minute)
+		select {
+		case <-timeout.C:
+			return Certificate{}, fmt.Errorf("timed out waiting to obtain certificate for %s", name)
+		case <-wait:
+			timeout.Stop()
+		}
+
+		return getCertWithoutReobtaining()
 	}
 
 	// looks like it's up to us to do all the work and obtain the cert.
@@ -364,22 +352,35 @@ func (cfg *Config) obtainOnDemandCertificate(hello *tls.ClientHelloInfo) (Certif
 	obtainCertWaitChans[name] = wait
 	obtainCertWaitChansMu.Unlock()
 
-	// obtain the certificate
+	unblockWaiters := func() {
+		obtainCertWaitChansMu.Lock()
+		close(wait)
+		delete(obtainCertWaitChans, name)
+		obtainCertWaitChansMu.Unlock()
+	}
+
+	// Make sure the certificate should be obtained based on config
+	err := cfg.checkIfCertShouldBeObtained(name)
+	if err != nil {
+		unblockWaiters()
+		return Certificate{}, err
+	}
+
 	if log != nil {
 		log.Info("obtaining new certificate", zap.String("server_name", name))
 	}
+
 	// TODO: use a proper context; we use one with timeout because retries are enabled because interactive is false
 	ctx, cancel := context.WithTimeout(context.TODO(), 90*time.Second)
 	defer cancel()
-	err := cfg.ObtainCert(ctx, name, false)
+
+	// Obtain the certificate
+	err = cfg.ObtainCert(ctx, name, false)
 
 	// immediately unblock anyone waiting for it; doing this in
 	// a defer would risk deadlock because of the recursive call
 	// to getCertDuringHandshake below when we return!
-	obtainCertWaitChansMu.Lock()
-	close(wait)
-	delete(obtainCertWaitChans, name)
-	obtainCertWaitChansMu.Unlock()
+	unblockWaiters()
 
 	if err != nil {
 		// shucks; failed to solve challenge on-demand
@@ -388,7 +389,7 @@ func (cfg *Config) obtainOnDemandCertificate(hello *tls.ClientHelloInfo) (Certif
 
 	// success; certificate was just placed on disk, so
 	// we need only restart serving the certificate
-	return cfg.getCertDuringHandshake(hello, true, false)
+	return getCertWithoutReobtaining()
 }
 
 // handshakeMaintenance performs a check on cert for expiration and OCSP validity.
@@ -400,13 +401,7 @@ func (cfg *Config) handshakeMaintenance(hello *tls.ClientHelloInfo, cert Certifi
 	log := loggerNamed(cfg.Logger, "on_demand")
 
 	// Check cert expiration
-	timeLeft := cert.Leaf.NotAfter.Sub(time.Now().UTC())
 	if currentlyInRenewalWindow(cert.Leaf.NotBefore, cert.Leaf.NotAfter, cfg.RenewalWindowRatio) {
-		if log != nil {
-			log.Info("certificate expires soon; attempting renewal",
-				zap.Strings("identifiers", cert.Names),
-				zap.Duration("remaining", timeLeft))
-		}
 		return cfg.renewDynamicCertificate(hello, cert)
 	}
 
@@ -414,7 +409,7 @@ func (cfg *Config) handshakeMaintenance(hello *tls.ClientHelloInfo, cert Certifi
 	if cert.ocsp != nil {
 		refreshTime := cert.ocsp.ThisUpdate.Add(cert.ocsp.NextUpdate.Sub(cert.ocsp.ThisUpdate) / 2)
 		if time.Now().After(refreshTime) {
-			_, err := stapleOCSP(cfg.Storage, &cert, nil)
+			_, err := stapleOCSP(cfg.OCSP, cfg.Storage, &cert, nil)
 			if err != nil {
 				// An error with OCSP stapling is not the end of the world, and in fact, is
 				// quite common considering not all certs have issuer URLs that support it.
@@ -436,22 +431,59 @@ func (cfg *Config) handshakeMaintenance(hello *tls.ClientHelloInfo, cert Certifi
 // renewDynamicCertificate renews the certificate for name using cfg. It returns the
 // certificate to use and an error, if any. name should already be lower-cased before
 // calling this function. name is the name obtained directly from the handshake's
-// ClientHello.
+// ClientHello. If the certificate hasn't yet expired, currentCert will be returned
+// and the renewal will happen in the background; otherwise this blocks until the
+// certificate has been renewed, and returns the renewed certificate.
 //
 // This function is safe for use by multiple concurrent goroutines.
 func (cfg *Config) renewDynamicCertificate(hello *tls.ClientHelloInfo, currentCert Certificate) (Certificate, error) {
 	log := loggerNamed(cfg.Logger, "on_demand")
 
 	name := cfg.getNameFromClientHello(hello)
+	timeLeft := time.Until(currentCert.Leaf.NotAfter)
 
+	getCertWithoutReobtaining := func() (Certificate, error) {
+		// very important to set the obtainIfNecessary argument to false, so we don't repeat this infinitely
+		return cfg.getCertDuringHandshake(hello, true, false)
+	}
+
+	// see if another goroutine is already working on this certificate
 	obtainCertWaitChansMu.Lock()
 	wait, ok := obtainCertWaitChans[name]
 	if ok {
-		// lucky us -- another goroutine is already renewing the certificate.
-		// wait for it to finish, then we'll use the new one.
+		// lucky us -- another goroutine is already renewing the certificate
 		obtainCertWaitChansMu.Unlock()
-		<-wait
-		return cfg.getCertDuringHandshake(hello, true, false)
+
+		if timeLeft > 0 {
+			// the current certificate hasn't expired, and another goroutine is already
+			// renewing it, so we might as well serve what we have without blocking
+			if log != nil {
+				log.Debug("certificate expires soon but is already being renewed; serving current certificate",
+					zap.Strings("identifiers", currentCert.Names),
+					zap.Duration("remaining", timeLeft))
+			}
+			return currentCert, nil
+		}
+
+		// otherwise, we'll have to wait for the renewal to finish so we don't serve
+		// an expired certificate
+
+		if log != nil {
+			log.Debug("certificate has expired, but is already being renewed; waiting for renewal to complete",
+				zap.Strings("identifiers", currentCert.Names),
+				zap.Time("expired", currentCert.Leaf.NotAfter))
+		}
+
+		// TODO: see if we can get a proper context in here, for true cancellation
+		timeout := time.NewTimer(2 * time.Minute)
+		select {
+		case <-timeout.C:
+			return Certificate{}, fmt.Errorf("timed out waiting for certificate renewal of %s", name)
+		case <-wait:
+			timeout.Stop()
+		}
+
+		return getCertWithoutReobtaining()
 	}
 
 	// looks like it's up to us to do all the work and renew the cert
@@ -459,6 +491,21 @@ func (cfg *Config) renewDynamicCertificate(hello *tls.ClientHelloInfo, currentCe
 	obtainCertWaitChans[name] = wait
 	obtainCertWaitChansMu.Unlock()
 
+	unblockWaiters := func() {
+		obtainCertWaitChansMu.Lock()
+		close(wait)
+		delete(obtainCertWaitChans, name)
+		obtainCertWaitChansMu.Unlock()
+	}
+
+	if log != nil {
+		log.Info("attempting certificate renewal",
+			zap.String("server_name", name),
+			zap.Strings("identifiers", currentCert.Names),
+			zap.Time("expiration", currentCert.Leaf.NotAfter),
+			zap.Duration("remaining", timeLeft))
+	}
+
 	// Make sure a certificate for this name should be obtained on-demand
 	err := cfg.checkIfCertShouldBeObtained(name)
 	if err != nil {
@@ -466,105 +513,118 @@ func (cfg *Config) renewDynamicCertificate(hello *tls.ClientHelloInfo, currentCe
 		cfg.certCache.mu.Lock()
 		cfg.certCache.removeCertificate(currentCert)
 		cfg.certCache.mu.Unlock()
+		unblockWaiters()
 		return Certificate{}, err
 	}
 
-	// renew and reload the certificate
-	if log != nil {
-		log.Info("renewing certificate", zap.String("server_name", name))
-	}
-	// TODO: use a proper context; we use one with timeout because retries are enabled because interactive is false
-	ctx, cancel := context.WithTimeout(context.TODO(), 90*time.Second)
-	defer cancel()
-	err = cfg.RenewCert(ctx, name, false)
-	if err == nil {
-		// even though the recursive nature of the dynamic cert loading
-		// would just call this function anyway, we do it here to
-		// make the replacement as atomic as possible.
-		newCert, err := cfg.CacheManagedCertificate(name)
-		if err != nil {
-			if log != nil {
-				log.Error("loading renewed certificate", zap.String("server_name", name), zap.Error(err))
+	// Renew and reload the certificate
+	renewAndReload := func(ctx context.Context, cancel context.CancelFunc) (Certificate, error) {
+		defer cancel()
+		err = cfg.RenewCert(ctx, name, false)
+		if err == nil {
+			// even though the recursive nature of the dynamic cert loading
+			// would just call this function anyway, we do it here to
+			// make the replacement as atomic as possible.
+			newCert, err := cfg.CacheManagedCertificate(name)
+			if err != nil {
+				if log != nil {
+					log.Error("loading renewed certificate", zap.String("server_name", name), zap.Error(err))
+				}
+			} else {
+				// replace the old certificate with the new one
+				cfg.certCache.replaceCertificate(currentCert, newCert)
 			}
-		} else {
-			// replace the old certificate with the new one
-			cfg.certCache.replaceCertificate(currentCert, newCert)
 		}
+
+		// immediately unblock anyone waiting for it; doing this in
+		// a defer would risk deadlock because of the recursive call
+		// to getCertDuringHandshake below when we return!
+		unblockWaiters()
+
+		if err != nil {
+			return Certificate{}, err
+		}
+
+		return getCertWithoutReobtaining()
 	}
 
-	// immediately unblock anyone waiting for it; doing this in
-	// a defer would risk deadlock because of the recursive call
-	// to getCertDuringHandshake below when we return!
-	obtainCertWaitChansMu.Lock()
-	close(wait)
-	delete(obtainCertWaitChans, name)
-	obtainCertWaitChansMu.Unlock()
-
-	if err != nil {
-		return Certificate{}, err
+	// if the certificate hasn't expired, we can serve what we have and renew in the background
+	if timeLeft > 0 {
+		// TODO: get a proper context; we use one with timeout because retries are enabled because interactive is false
+		ctx, cancel := context.WithTimeout(context.TODO(), 5*time.Minute)
+		go renewAndReload(ctx, cancel)
+		return currentCert, nil
 	}
 
-	return cfg.getCertDuringHandshake(hello, true, false)
+	// otherwise, we have to block while we renew an expired certificate
+	ctx, cancel := context.WithTimeout(context.TODO(), 90*time.Second)
+	return renewAndReload(ctx, cancel)
 }
 
-// tryDistributedChallengeSolver is to be called when the clientHello pertains to
-// a TLS-ALPN challenge and a certificate is required to solve it. This method
-// checks the distributed store of challenge info files and, if a matching ServerName
-// is present, it makes a certificate to solve this challenge and returns it. For
-// this to succeed, it requires that cfg.Issuer is of type *ACMEManager.
-// A boolean true is returned if a valid certificate is returned.
-func (cfg *Config) tryDistributedChallengeSolver(clientHello *tls.ClientHelloInfo) (Certificate, bool, error) {
-	am, ok := cfg.Issuer.(*ACMEManager)
-	if !ok {
-		return Certificate{}, false, nil
-	}
-	tokenKey := distributedSolver{acmeManager: am, caURL: am.CA}.challengeTokensKey(clientHello.ServerName)
-	chalInfoBytes, err := cfg.Storage.Load(tokenKey)
+// getTLSALPNChallengeCert is to be called when the clientHello pertains to
+// a TLS-ALPN challenge and a certificate is required to solve it. This method gets
+// the relevant challenge info and then returns the associated certificate (if any)
+// or generates it anew if it's not available (as is the case when distributed
+// solving). True is returned if the challenge is being solved distributed (there
+// is no semantic difference with distributed solving; it is mainly for logging).
+func (cfg *Config) getTLSALPNChallengeCert(clientHello *tls.ClientHelloInfo) (*tls.Certificate, bool, error) {
+	chalData, distributed, err := cfg.getChallengeInfo(clientHello.ServerName)
 	if err != nil {
-		if _, ok := err.(ErrNotExist); ok {
-			return Certificate{}, false, nil
-		}
-		return Certificate{}, false, fmt.Errorf("opening distributed challenge token file %s: %v", tokenKey, err)
+		return nil, distributed, err
 	}
 
-	var chalInfo acme.Challenge
-	err = json.Unmarshal(chalInfoBytes, &chalInfo)
-	if err != nil {
-		return Certificate{}, false, fmt.Errorf("decoding challenge token file %s (corrupted?): %v", tokenKey, err)
+	// fast path: we already created the certificate (this avoids having to re-create
+	// it at every handshake that tries to verify, e.g. multi-perspective validation)
+	if chalData.data != nil {
+		return chalData.data.(*tls.Certificate), distributed, nil
 	}
 
-	cert, err := acmez.TLSALPN01ChallengeCert(chalInfo)
+	// otherwise, we can re-create the solution certificate, but it takes a few cycles
+	cert, err := acmez.TLSALPN01ChallengeCert(chalData.Challenge)
 	if err != nil {
-		return Certificate{}, false, fmt.Errorf("making TLS-ALPN challenge certificate: %v", err)
+		return nil, distributed, fmt.Errorf("making TLS-ALPN challenge certificate: %v", err)
 	}
 	if cert == nil {
-		return Certificate{}, false, fmt.Errorf("got nil TLS-ALPN challenge certificate but no error")
+		return nil, distributed, fmt.Errorf("got nil TLS-ALPN challenge certificate but no error")
 	}
 
-	return Certificate{Certificate: *cert}, true, nil
+	return cert, distributed, nil
 }
 
 // getNameFromClientHello returns a normalized form of hello.ServerName.
 // If hello.ServerName is empty (i.e. client did not use SNI), then the
 // associated connection's local address is used to extract an IP address.
 func (*Config) getNameFromClientHello(hello *tls.ClientHelloInfo) string {
-	name := NormalizedName(hello.ServerName)
-	if name != "" || hello.Conn == nil {
+	if name := normalizedName(hello.ServerName); name != "" {
 		return name
 	}
-
-	// if no SNI, try using IP address on the connection
-	localAddr := hello.Conn.LocalAddr().String()
-	localAddrHost, _, err := net.SplitHostPort(localAddr)
-	if err == nil {
-		return localAddrHost
-	}
-	return localAddr
+	return localIPFromConn(hello.Conn)
 }
 
-// NormalizedName returns a cleaned form of serverName that is
+// localIPFromConn returns the host portion of c's local address
+// and strips the scope ID if one exists (see RFC 4007).
+func localIPFromConn(c net.Conn) string {
+	if c == nil {
+		return ""
+	}
+	localAddr := c.LocalAddr().String()
+	ip, _, err := net.SplitHostPort(localAddr)
+	if err != nil {
+		// OK; assume there was no port
+		ip = localAddr
+	}
+	// IPv6 addresses can have scope IDs, e.g. "fe80::4c3:3cff:fe4f:7e0b%eth0",
+	// but for our purposes, these are useless (unless a valid use case proves
+	// otherwise; see issue #3911)
+	if scopeIDStart := strings.Index(ip, "%"); scopeIDStart > -1 {
+		ip = ip[:scopeIDStart]
+	}
+	return ip
+}
+
+// normalizedName returns a cleaned form of serverName that is
 // used for consistency when referring to a SNI value.
-func NormalizedName(serverName string) string {
+func normalizedName(serverName string) string {
 	return strings.ToLower(strings.TrimSpace(serverName))
 }
 
diff --git a/vendor/github.com/caddyserver/certmagic/httphandler.go b/vendor/github.com/caddyserver/certmagic/httphandler.go
index e3897217ab..d17cfaab73 100644
--- a/vendor/github.com/caddyserver/certmagic/httphandler.go
+++ b/vendor/github.com/caddyserver/certmagic/httphandler.go
@@ -15,7 +15,6 @@
 package certmagic
 
 import (
-	"encoding/json"
 	"net/http"
 	"strings"
 
@@ -71,41 +70,24 @@ func (am *ACMEManager) distributedHTTPChallengeSolver(w http.ResponseWriter, r *
 	if am == nil {
 		return false
 	}
-
 	host := hostOnly(r.Host)
-
-	tokenKey := distributedSolver{acmeManager: am, caURL: am.CA}.challengeTokensKey(host)
-	chalInfoBytes, err := am.config.Storage.Load(tokenKey)
-	if err != nil {
-		if _, ok := err.(ErrNotExist); !ok {
-			if am.Logger != nil {
-				am.Logger.Error("opening distributed HTTP challenge token file",
-					zap.String("host", host),
-					zap.Error(err))
-			}
-		}
-		return false
-	}
-
-	var challenge acme.Challenge
-	err = json.Unmarshal(chalInfoBytes, &challenge)
+	chalInfo, distributed, err := am.config.getChallengeInfo(host)
 	if err != nil {
 		if am.Logger != nil {
-			am.Logger.Error("decoding HTTP challenge token file (corrupted?)",
+			am.Logger.Error("looking up info for HTTP challenge",
 				zap.String("host", host),
-				zap.String("token_key", tokenKey),
 				zap.Error(err))
 		}
 		return false
 	}
-
-	return am.answerHTTPChallenge(w, r, challenge)
+	return solveHTTPChallenge(am.Logger, w, r, chalInfo.Challenge, distributed)
 }
 
-// answerHTTPChallenge solves the challenge with chalInfo.
-// Most of this code borrowed from xenolf's built-in HTTP-01
-// challenge solver in March 2018.
-func (am *ACMEManager) answerHTTPChallenge(w http.ResponseWriter, r *http.Request, challenge acme.Challenge) bool {
+// solveHTTPChallenge solves the HTTP challenge using the given challenge information.
+// If the challenge is being solved in a distributed fahsion, set distributed to true for logging purposes.
+// It returns true the properties of the request check out in relation to the HTTP challenge.
+// Most of this code borrowed from xenolf's built-in HTTP-01 challenge solver in March 2018.
+func solveHTTPChallenge(logger *zap.Logger, w http.ResponseWriter, r *http.Request, challenge acme.Challenge, distributed bool) bool {
 	challengeReqPath := challenge.HTTP01ResourcePath()
 	if r.URL.Path == challengeReqPath &&
 		strings.EqualFold(hostOnly(r.Host), challenge.Identifier.Value) && // mitigate DNS rebinding attacks
@@ -113,17 +95,26 @@ func (am *ACMEManager) answerHTTPChallenge(w http.ResponseWriter, r *http.Reques
 		w.Header().Add("Content-Type", "text/plain")
 		w.Write([]byte(challenge.KeyAuthorization))
 		r.Close = true
-		if am.Logger != nil {
-			am.Logger.Info("served key authentication",
+		if logger != nil {
+			logger.Info("served key authentication",
 				zap.String("identifier", challenge.Identifier.Value),
 				zap.String("challenge", "http-01"),
-				zap.String("remote", r.RemoteAddr))
+				zap.String("remote", r.RemoteAddr),
+				zap.Bool("distributed", distributed))
 		}
 		return true
 	}
 	return false
 }
 
+// SolveHTTPChallenge solves the HTTP challenge. It should be used only on HTTP requests that are
+// from ACME servers trying to validate an identifier (i.e. LooksLikeHTTPChallenge() == true). It
+// returns true if the request criteria check out and it answered with key authentication, in which
+// case no further handling of the request is necessary.
+func SolveHTTPChallenge(logger *zap.Logger, w http.ResponseWriter, r *http.Request, challenge acme.Challenge) bool {
+	return solveHTTPChallenge(logger, w, r, challenge, false)
+}
+
 // LooksLikeHTTPChallenge returns true if r looks like an ACME
 // HTTP challenge request from an ACME server.
 func LooksLikeHTTPChallenge(r *http.Request) bool {
diff --git a/vendor/github.com/caddyserver/certmagic/maintain.go b/vendor/github.com/caddyserver/certmagic/maintain.go
index 0e7acc3a09..3e5a8736a7 100644
--- a/vendor/github.com/caddyserver/certmagic/maintain.go
+++ b/vendor/github.com/caddyserver/certmagic/maintain.go
@@ -141,6 +141,9 @@ func (certCache *Cache) RenewManagedCertificates(ctx context.Context) error {
 			}
 			continue
 		}
+		if cfg.OnDemand != nil {
+			continue
+		}
 
 		// if time is up or expires soon, we need to try to renew it
 		if cert.NeedsRenewal(cfg) {
@@ -337,8 +340,8 @@ func (certCache *Cache) updateOCSPStaples(ctx context.Context) {
 			continue
 		}
 
-		ocspResp, err := stapleOCSP(cfg.Storage, &cert, nil)
-		if err != nil {
+		ocspResp, err := stapleOCSP(cfg.OCSP, cfg.Storage, &cert, nil)
+		if err != nil || ocspResp == nil {
 			if cert.ocsp != nil {
 				// if there was no staple before, that's fine; otherwise we should log the error
 				if log != nil {
diff --git a/vendor/github.com/caddyserver/certmagic/ocsp.go b/vendor/github.com/caddyserver/certmagic/ocsp.go
index fedc70e264..4a21546d22 100644
--- a/vendor/github.com/caddyserver/certmagic/ocsp.go
+++ b/vendor/github.com/caddyserver/certmagic/ocsp.go
@@ -34,11 +34,16 @@ import (
 // If you don't have the PEM blocks already, just pass in nil.
 //
 // Errors here are not necessarily fatal, it could just be that the
-// certificate doesn't have an issuer URL.
+// certificate doesn't have an issuer URL. This function may return
+// both nil values if OCSP stapling is disabled according to ocspConfig.
 //
 // If a status was received, it returns that status. Note that the
 // returned status is not always stapled to the certificate.
-func stapleOCSP(storage Storage, cert *Certificate, pemBundle []byte) (*ocsp.Response, error) {
+func stapleOCSP(ocspConfig OCSPConfig, storage Storage, cert *Certificate, pemBundle []byte) (*ocsp.Response, error) {
+	if ocspConfig.DisableStapling {
+		return nil, nil
+	}
+
 	if pemBundle == nil {
 		// we need a PEM encoding only for some function calls below
 		bundle := new(bytes.Buffer)
@@ -82,7 +87,7 @@ func stapleOCSP(storage Storage, cert *Certificate, pemBundle []byte) (*ocsp.Res
 	// If we couldn't get a fresh staple by reading the cache,
 	// then we need to request it from the OCSP responder
 	if ocspResp == nil || len(ocspBytes) == 0 {
-		ocspBytes, ocspResp, ocspErr = getOCSPForCert(pemBundle)
+		ocspBytes, ocspResp, ocspErr = getOCSPForCert(ocspConfig, pemBundle)
 		if ocspErr != nil {
 			// An error here is not a problem because a certificate may simply
 			// not contain a link to an OCSP server. But we should log it anyway.
@@ -125,7 +130,7 @@ func stapleOCSP(storage Storage, cert *Certificate, pemBundle []byte) (*ocsp.Res
 // values are nil, the OCSP status may be assumed OCSPUnknown.
 //
 // Borrowed from xenolf.
-func getOCSPForCert(bundle []byte) ([]byte, *ocsp.Response, error) {
+func getOCSPForCert(ocspConfig OCSPConfig, bundle []byte) ([]byte, *ocsp.Response, error) {
 	// TODO: Perhaps this should be synchronized too, with a Locker?
 
 	certificates, err := parseCertsFromPEMBundle(bundle)
@@ -142,6 +147,18 @@ func getOCSPForCert(bundle []byte) ([]byte, *ocsp.Response, error) {
 	if len(issuedCert.OCSPServer) == 0 {
 		return nil, nil, fmt.Errorf("no OCSP server specified in certificate")
 	}
+
+	// apply override for responder URL
+	respURL := issuedCert.OCSPServer[0]
+	if len(ocspConfig.ResponderOverrides) > 0 {
+		if override, ok := ocspConfig.ResponderOverrides[respURL]; ok {
+			respURL = override
+		}
+	}
+	if respURL == "" {
+		return nil, nil, fmt.Errorf("override disables querying OCSP responder: %v", issuedCert.OCSPServer[0])
+	}
+
 	if len(certificates) == 1 {
 		if len(issuedCert.IssuingCertificateURL) == 0 {
 			return nil, nil, fmt.Errorf("no URL to issuing certificate")
@@ -176,7 +193,7 @@ func getOCSPForCert(bundle []byte) ([]byte, *ocsp.Response, error) {
 	}
 
 	reader := bytes.NewReader(ocspReq)
-	req, err := http.Post(issuedCert.OCSPServer[0], "application/ocsp-request", reader)
+	req, err := http.Post(respURL, "application/ocsp-request", reader)
 	if err != nil {
 		return nil, nil, fmt.Errorf("making OCSP request: %v", err)
 	}
diff --git a/vendor/github.com/caddyserver/certmagic/solvers.go b/vendor/github.com/caddyserver/certmagic/solvers.go
index c0957da3e6..afd0fd28a2 100644
--- a/vendor/github.com/caddyserver/certmagic/solvers.go
+++ b/vendor/github.com/caddyserver/certmagic/solvers.go
@@ -123,22 +123,19 @@ type tlsALPNSolver struct {
 // Present adds the certificate to the certificate cache and, if
 // needed, starts a TLS server for answering TLS-ALPN challenges.
 func (s *tlsALPNSolver) Present(ctx context.Context, chal acme.Challenge) error {
-	// load the certificate into the cache; this isn't strictly necessary
-	// if we're using the distributed solver since our GetCertificate
-	// function will check storage for the keyAuth anyway, but it seems
-	// like loading it into the cache is the right thing to do
+	// we pre-generate the certificate for efficiency with multi-perspective
+	// validation, so it only has to be done once (at least, by this instance;
+	// distributed solving does not have that luxury, oh well) - update the
+	// challenge data in memory to be the generated certificate
 	cert, err := acmez.TLSALPN01ChallengeCert(chal)
 	if err != nil {
 		return err
 	}
-	certHash := hashCertificateChain(cert.Certificate)
-	s.config.certCache.mu.Lock()
-	s.config.certCache.cache[tlsALPNCertKeyName(chal.Identifier.Value)] = Certificate{
-		Certificate: *cert,
-		Names:       []string{chal.Identifier.Value},
-		hash:        certHash, // perhaps not necesssary
-	}
-	s.config.certCache.mu.Unlock()
+	activeChallengesMu.Lock()
+	chalData := activeChallenges[chal.Identifier.Value]
+	chalData.data = cert
+	activeChallenges[chal.Identifier.Value] = chalData
+	activeChallengesMu.Unlock()
 
 	// the rest of this function increments the
 	// challenge count for the solver at this
@@ -273,13 +270,6 @@ func (s *DNS01Solver) Present(ctx context.Context, challenge acme.Challenge) err
 	dnsName := challenge.DNS01TXTRecordName()
 	keyAuth := challenge.DNS01KeyAuthorization()
 
-	rec := libdns.Record{
-		Type:  "TXT",
-		Name:  dnsName,
-		Value: keyAuth,
-		TTL:   s.TTL,
-	}
-
 	// multiple identifiers can have the same ACME challenge
 	// domain (e.g. example.com and *.example.com) so we need
 	// to ensure that we don't solve those concurrently and
@@ -292,6 +282,13 @@ func (s *DNS01Solver) Present(ctx context.Context, challenge acme.Challenge) err
 		return fmt.Errorf("could not determine zone for domain %q: %v", dnsName, err)
 	}
 
+	rec := libdns.Record{
+		Type:  "TXT",
+		Name:  libdns.RelativeName(dnsName+".", zone),
+		Value: keyAuth,
+		TTL:   s.TTL,
+	}
+
 	results, err := s.DNSProvider.AppendRecords(ctx, zone, []libdns.Record{rec})
 	if err != nil {
 		return fmt.Errorf("adding temporary record for zone %s: %w", zone, err)
@@ -458,20 +455,19 @@ func (mmu *mapMutex) locked(key interface{}) (ok bool) {
 // sharing sync and storage, and using the facilities provided by
 // this package for solving the challenges.
 type distributedSolver struct {
-	// The config with a certificate cache
-	// with a reference to the storage to
-	// use which is shared among all the
-	// instances in the cluster - REQUIRED.
-	acmeManager *ACMEManager
+	// The storage backing the distributed solver. It must be
+	// the same storage configuration as what is solving the
+	// challenge in order to be effective.
+	storage Storage
+
+	// The storage key prefix, associated with the issuer
+	// that is solving the challenge.
+	storageKeyIssuerPrefix string
 
 	// Since the distributedSolver is only a
 	// wrapper over an actual solver, place
 	// the actual solver here.
 	solver acmez.Solver
-
-	// The CA endpoint URL associated with
-	// this solver.
-	caURL string
 }
 
 // Present invokes the underlying solver's Present method
@@ -483,7 +479,7 @@ func (dhs distributedSolver) Present(ctx context.Context, chal acme.Challenge) e
 		return err
 	}
 
-	err = dhs.acmeManager.config.Storage.Store(dhs.challengeTokensKey(chal.Identifier.Value), infoBytes)
+	err = dhs.storage.Store(dhs.challengeTokensKey(chal.Identifier.Value), infoBytes)
 	if err != nil {
 		return err
 	}
@@ -495,10 +491,18 @@ func (dhs distributedSolver) Present(ctx context.Context, chal acme.Challenge) e
 	return nil
 }
 
+// Wait wraps the underlying solver's Wait() method, if any. Implements acmez.Waiter.
+func (dhs distributedSolver) Wait(ctx context.Context, challenge acme.Challenge) error {
+	if waiter, ok := dhs.solver.(acmez.Waiter); ok {
+		return waiter.Wait(ctx, challenge)
+	}
+	return nil
+}
+
 // CleanUp invokes the underlying solver's CleanUp method
 // and also cleans up any assets saved to storage.
 func (dhs distributedSolver) CleanUp(ctx context.Context, chal acme.Challenge) error {
-	err := dhs.acmeManager.config.Storage.Delete(dhs.challengeTokensKey(chal.Identifier.Value))
+	err := dhs.storage.Delete(dhs.challengeTokensKey(chal.Identifier.Value))
 	if err != nil {
 		return err
 	}
@@ -511,7 +515,7 @@ func (dhs distributedSolver) CleanUp(ctx context.Context, chal acme.Challenge) e
 
 // challengeTokensPrefix returns the key prefix for challenge info.
 func (dhs distributedSolver) challengeTokensPrefix() string {
-	return path.Join(dhs.acmeManager.storageKeyCAPrefix(dhs.caURL), "challenge_tokens")
+	return path.Join(dhs.storageKeyIssuerPrefix, "challenge_tokens")
 }
 
 // challengeTokensKey returns the key to use to store and access
@@ -607,6 +611,15 @@ func dialTCPSocket(addr string) error {
 	return err
 }
 
+// GetACMEChallenge returns an active ACME challenge for the given identifier,
+// or false if no active challenge for that identifier is known.
+func GetACMEChallenge(identifier string) (Challenge, bool) {
+	activeChallengesMu.Lock()
+	chalData, ok := activeChallenges[identifier]
+	activeChallengesMu.Unlock()
+	return chalData, ok
+}
+
 // The active challenge solvers, keyed by listener address,
 // and protected by a mutex. Note that the creation of
 // solver listeners and the incrementing of their counts
@@ -616,8 +629,56 @@ var (
 	solversMu sync.Mutex
 )
 
+// activeChallenges holds information about all known, currently-active
+// ACME challenges, keyed by identifier. CertMagic guarantees that
+// challenges for the same identifier do not overlap, by its locking
+// mechanisms; thus if a challenge comes in for a certain identifier,
+// we can be confident that if this process initiated the challenge,
+// the correct information to solve it is in this map. (It may have
+// alternatively been initiated by another instance in a cluster, in
+// which case the distributed solver will take care of that.)
+var (
+	activeChallenges   = make(map[string]Challenge)
+	activeChallengesMu sync.Mutex
+)
+
+// Challenge is an ACME challenge, but optionally paired with
+// data that can make it easier or more efficient to solve.
+type Challenge struct {
+	acme.Challenge
+	data interface{}
+}
+
+// solverWrapper should be used to wrap all challenge solvers so that
+// we can add the challenge info to memory; this makes challenges globally
+// solvable by a single HTTP or TLS server even if multiple servers with
+// different configurations/scopes need to get certificates.
+type solverWrapper struct{ acmez.Solver }
+
+func (sw solverWrapper) Present(ctx context.Context, chal acme.Challenge) error {
+	activeChallengesMu.Lock()
+	activeChallenges[chal.Identifier.Value] = Challenge{Challenge: chal}
+	activeChallengesMu.Unlock()
+	return sw.Solver.Present(ctx, chal)
+}
+
+func (sw solverWrapper) Wait(ctx context.Context, chal acme.Challenge) error {
+	if waiter, ok := sw.Solver.(acmez.Waiter); ok {
+		return waiter.Wait(ctx, chal)
+	}
+	return nil
+}
+
+func (sw solverWrapper) CleanUp(ctx context.Context, chal acme.Challenge) error {
+	activeChallengesMu.Lock()
+	delete(activeChallenges, chal.Identifier.Value)
+	activeChallengesMu.Unlock()
+	return sw.Solver.CleanUp(ctx, chal)
+}
+
 // Interface guards
 var (
-	_ acmez.Solver = (*DNS01Solver)(nil)
-	_ acmez.Waiter = (*DNS01Solver)(nil)
+	_ acmez.Solver = (*solverWrapper)(nil)
+	_ acmez.Waiter = (*solverWrapper)(nil)
+	_ acmez.Waiter = (*distributedSolver)(nil)
 )
diff --git a/vendor/github.com/caddyserver/certmagic/storage.go b/vendor/github.com/caddyserver/certmagic/storage.go
index f5045a9726..804a474087 100644
--- a/vendor/github.com/caddyserver/certmagic/storage.go
+++ b/vendor/github.com/caddyserver/certmagic/storage.go
@@ -16,12 +16,13 @@ package certmagic
 
 import (
 	"context"
-	"log"
 	"path"
 	"regexp"
 	"strings"
 	"sync"
 	"time"
+
+	"go.uber.org/zap"
 )
 
 // Storage is a type that implements a key-value store.
@@ -213,16 +214,20 @@ func (keys KeyBuilder) Safe(str string) string {
 // this does not cancel the operations that
 // the locks are synchronizing, this should be
 // called only immediately before process exit.
-func CleanUpOwnLocks() {
+// Errors are only reported if a logger is given.
+func CleanUpOwnLocks(logger *zap.Logger) {
 	locksMu.Lock()
 	defer locksMu.Unlock()
 	for lockKey, storage := range locks {
 		err := storage.Unlock(lockKey)
 		if err == nil {
 			delete(locks, lockKey)
-		} else {
-			log.Printf("[ERROR] Unable to clean up lock: %v (lock=%s storage=%s)",
-				err, lockKey, storage)
+		} else if logger != nil {
+			logger.Error("unable to clean up lock in storage backend",
+				zap.Any("storage", storage),
+				zap.String("lock_key", lockKey),
+				zap.Error(err),
+			)
 		}
 	}
 }
@@ -272,6 +277,7 @@ var safeKeyRE = regexp.MustCompile(`[^\w@.-]`)
 // ErrNotExist is returned by Storage implementations when
 // a resource is not found. It is similar to os.IsNotExist
 // except this is a type, not a variable.
+// TODO: use new Go error wrapping conventions
 type ErrNotExist interface {
 	error
 }
diff --git a/vendor/github.com/miekg/dns/Makefile.release b/vendor/github.com/miekg/dns/Makefile.release
index 8fb748e8aa..a0ce9b712d 100644
--- a/vendor/github.com/miekg/dns/Makefile.release
+++ b/vendor/github.com/miekg/dns/Makefile.release
@@ -1,7 +1,7 @@
 # Makefile for releasing.
 #
 # The release is controlled from version.go. The version found there is
-# used to tag the git repo, we're not building any artifects so there is nothing
+# used to tag the git repo, we're not building any artifacts so there is nothing
 # to upload to github.
 #
 # * Up the version in version.go
diff --git a/vendor/github.com/miekg/dns/client.go b/vendor/github.com/miekg/dns/client.go
index 000dc013cf..f907698b5d 100644
--- a/vendor/github.com/miekg/dns/client.go
+++ b/vendor/github.com/miekg/dns/client.go
@@ -379,7 +379,7 @@ func Dial(network, address string) (conn *Conn, err error) {
 func ExchangeContext(ctx context.Context, m *Msg, a string) (r *Msg, err error) {
 	client := Client{Net: "udp"}
 	r, _, err = client.ExchangeContext(ctx, m, a)
-	// ignorint rtt to leave the original ExchangeContext API unchanged, but
+	// ignoring rtt to leave the original ExchangeContext API unchanged, but
 	// this function will go away
 	return r, err
 }
diff --git a/vendor/github.com/miekg/dns/defaults.go b/vendor/github.com/miekg/dns/defaults.go
index d874e3008c..d47b0b1f2b 100644
--- a/vendor/github.com/miekg/dns/defaults.go
+++ b/vendor/github.com/miekg/dns/defaults.go
@@ -349,10 +349,7 @@ func ReverseAddr(addr string) (arpa string, err error) {
 	// Add it, in reverse, to the buffer
 	for i := len(ip) - 1; i >= 0; i-- {
 		v := ip[i]
-		buf = append(buf, hexDigit[v&0xF])
-		buf = append(buf, '.')
-		buf = append(buf, hexDigit[v>>4])
-		buf = append(buf, '.')
+		buf = append(buf, hexDigit[v&0xF], '.', hexDigit[v>>4], '.')
 	}
 	// Append "ip6.arpa." and return (buf already has the final .)
 	buf = append(buf, "ip6.arpa."...)
diff --git a/vendor/github.com/miekg/dns/dnssec.go b/vendor/github.com/miekg/dns/dnssec.go
index 900f6e059d..80d2be5a89 100644
--- a/vendor/github.com/miekg/dns/dnssec.go
+++ b/vendor/github.com/miekg/dns/dnssec.go
@@ -4,6 +4,7 @@ import (
 	"bytes"
 	"crypto"
 	"crypto/ecdsa"
+	"crypto/ed25519"
 	"crypto/elliptic"
 	"crypto/rand"
 	"crypto/rsa"
@@ -17,8 +18,6 @@ import (
 	"sort"
 	"strings"
 	"time"
-
-	"golang.org/x/crypto/ed25519"
 )
 
 // DNSSEC encryption algorithm codes.
@@ -500,7 +499,7 @@ func (rr *RRSIG) ValidityPeriod(t time.Time) bool {
 	return ti <= utc && utc <= te
 }
 
-// Return the signatures base64 encodedig sigdata as a byte slice.
+// Return the signatures base64 encoding sigdata as a byte slice.
 func (rr *RRSIG) sigBuf() []byte {
 	sigbuf, err := fromBase64([]byte(rr.Signature))
 	if err != nil {
diff --git a/vendor/github.com/miekg/dns/dnssec_keygen.go b/vendor/github.com/miekg/dns/dnssec_keygen.go
index 2ab7b6d73b..b8124b5618 100644
--- a/vendor/github.com/miekg/dns/dnssec_keygen.go
+++ b/vendor/github.com/miekg/dns/dnssec_keygen.go
@@ -3,12 +3,11 @@ package dns
 import (
 	"crypto"
 	"crypto/ecdsa"
+	"crypto/ed25519"
 	"crypto/elliptic"
 	"crypto/rand"
 	"crypto/rsa"
 	"math/big"
-
-	"golang.org/x/crypto/ed25519"
 )
 
 // Generate generates a DNSKEY of the given bit size.
diff --git a/vendor/github.com/miekg/dns/dnssec_keyscan.go b/vendor/github.com/miekg/dns/dnssec_keyscan.go
index 6cbc28483f..f79658169f 100644
--- a/vendor/github.com/miekg/dns/dnssec_keyscan.go
+++ b/vendor/github.com/miekg/dns/dnssec_keyscan.go
@@ -4,13 +4,12 @@ import (
 	"bufio"
 	"crypto"
 	"crypto/ecdsa"
+	"crypto/ed25519"
 	"crypto/rsa"
 	"io"
 	"math/big"
 	"strconv"
 	"strings"
-
-	"golang.org/x/crypto/ed25519"
 )
 
 // NewPrivateKey returns a PrivateKey by parsing the string s.
diff --git a/vendor/github.com/miekg/dns/dnssec_privkey.go b/vendor/github.com/miekg/dns/dnssec_privkey.go
index 072e445dad..f160772964 100644
--- a/vendor/github.com/miekg/dns/dnssec_privkey.go
+++ b/vendor/github.com/miekg/dns/dnssec_privkey.go
@@ -3,11 +3,10 @@ package dns
 import (
 	"crypto"
 	"crypto/ecdsa"
+	"crypto/ed25519"
 	"crypto/rsa"
 	"math/big"
 	"strconv"
-
-	"golang.org/x/crypto/ed25519"
 )
 
 const format = "Private-key-format: v1.3\n"
diff --git a/vendor/github.com/miekg/dns/edns.go b/vendor/github.com/miekg/dns/edns.go
index f3fb1c6849..1a87f4cb93 100644
--- a/vendor/github.com/miekg/dns/edns.go
+++ b/vendor/github.com/miekg/dns/edns.go
@@ -525,7 +525,7 @@ func (e *EDNS0_N3U) String() string {
 }
 func (e *EDNS0_N3U) copy() EDNS0 { return &EDNS0_N3U{e.Code, e.AlgCode} }
 
-// EDNS0_EXPIRE implementes the EDNS0 option as described in RFC 7314.
+// EDNS0_EXPIRE implements the EDNS0 option as described in RFC 7314.
 type EDNS0_EXPIRE struct {
 	Code   uint16 // Always EDNS0EXPIRE
 	Expire uint32
diff --git a/vendor/github.com/miekg/dns/go.mod b/vendor/github.com/miekg/dns/go.mod
index 6003d0573c..51619b7842 100644
--- a/vendor/github.com/miekg/dns/go.mod
+++ b/vendor/github.com/miekg/dns/go.mod
@@ -1,11 +1,9 @@
 module github.com/miekg/dns
 
-go 1.12
+go 1.13
 
 require (
-	golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550
-	golang.org/x/net v0.0.0-20190923162816-aa69164e4478
-	golang.org/x/sync v0.0.0-20190423024810-112230192c58
-	golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe
-	golang.org/x/tools v0.0.0-20191216052735-49a3e744a425 // indirect
+	golang.org/x/net v0.0.0-20210226172049-e18ecbb05110
+	golang.org/x/sync v0.0.0-20210220032951-036812b2e83c
+	golang.org/x/sys v0.0.0-20210303074136-134d130e1a04
 )
diff --git a/vendor/github.com/miekg/dns/go.sum b/vendor/github.com/miekg/dns/go.sum
index 96bda3a941..3359ebea4e 100644
--- a/vendor/github.com/miekg/dns/go.sum
+++ b/vendor/github.com/miekg/dns/go.sum
@@ -1,39 +1,10 @@
-golang.org/x/crypto v0.0.0-20181001203147-e3636079e1a4 h1:Vk3wNqEZwyGyei9yq5ekj7frek2u7HUfffJ1/opblzc=
-golang.org/x/crypto v0.0.0-20181001203147-e3636079e1a4/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20190829043050-9756ffdc2472 h1:Gv7RPwsi3eZ2Fgewe3CBsuOebPwO27PoXzRpJPsvSSM=
-golang.org/x/crypto v0.0.0-20190829043050-9756ffdc2472/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392 h1:ACG4HJsFiNMf47Y4PeRoebLNy/2lXT9EtprMuTFWt1M=
-golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY=
-golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550 h1:ObdrDkeb4kJdCP557AjRjq69pTHfNouLtWZG7j9rPN8=
-golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
-golang.org/x/net v0.0.0-20180926154720-4dfa2610cdf3 h1:dgd4x4kJt7G4k4m93AYLzM8Ni6h2qLTfh9n9vXJT3/0=
-golang.org/x/net v0.0.0-20180926154720-4dfa2610cdf3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297 h1:k7pJ2yAPLPgbskkFdhRCsA77k2fySZ1zf2zCjvQCiIM=
-golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190923162816-aa69164e4478 h1:l5EDrHhldLYb3ZRHDUhXF7Om7MvYXnkV9/iQNo1lX6g=
-golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f h1:wMNYb4v58l5UBM7MYRLPG6ZhfOqbKu7X5eyFl8ZhKvA=
-golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20190423024810-112230192c58 h1:8gQV6CLnAEikrhgkHFbMAEhagSSnXWGV915qUMm9mrU=
-golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sys v0.0.0-20180928133829-e4b3c5e90611 h1:O33LKL7WyJgjN9CvxfTIomjIClbd/Kq86/iipowHQU0=
-golang.org/x/sys v0.0.0-20180928133829-e4b3c5e90611/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190904154756-749cb33beabd h1:DBH9mDw0zluJT/R+nGuV3jWFWLFaHyYZWD4tOT+cjn0=
-golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190922100055-0a153f010e69/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe h1:6fAMxZRR6sl1Uq8U61gxU+kPTs2tR8uOySCbBP7BN/M=
-golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
+golang.org/x/net v0.0.0-20210226172049-e18ecbb05110 h1:qWPm9rbaAMKs8Bq/9LRpbMqxWRVUAQwMI9fVrssnTfw=
+golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/sync v0.0.0-20210220032951-036812b2e83c h1:5KslGYwFpkhGh+Q16bwMP3cOontH8FOep7tGV86Y7SQ=
+golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210303074136-134d130e1a04 h1:cEhElsAv9LUt9ZUUocxzWe05oFLVd+AA2nstydTeI8g=
+golang.org/x/sys v0.0.0-20210303074136-134d130e1a04/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190907020128-2ca718005c18/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191216052735-49a3e744a425 h1:VvQyQJN0tSuecqgcIxMWnnfG5kSmgy9KZR9sW3W5QeA=
-golang.org/x/tools v0.0.0-20191216052735-49a3e744a425/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
diff --git a/vendor/github.com/miekg/dns/labels.go b/vendor/github.com/miekg/dns/labels.go
index df1675dfd2..f9faacfeb4 100644
--- a/vendor/github.com/miekg/dns/labels.go
+++ b/vendor/github.com/miekg/dns/labels.go
@@ -10,7 +10,7 @@ package dns
 // escaped dots (\.) for instance.
 // s must be a syntactically valid domain name, see IsDomainName.
 func SplitDomainName(s string) (labels []string) {
-	if len(s) == 0 {
+	if s == "" {
 		return nil
 	}
 	fqdnEnd := 0 // offset of the final '.' or the length of the name
diff --git a/vendor/github.com/miekg/dns/msg.go b/vendor/github.com/miekg/dns/msg.go
index 1728a98b7d..ead4b6931d 100644
--- a/vendor/github.com/miekg/dns/msg.go
+++ b/vendor/github.com/miekg/dns/msg.go
@@ -742,7 +742,7 @@ func (dns *Msg) packBufferWithCompressionMap(buf []byte, compression compression
 	}
 
 	// Set extended rcode unconditionally if we have an opt, this will allow
-	// reseting the extended rcode bits if they need to.
+	// resetting the extended rcode bits if they need to.
 	if opt := dns.IsEdns0(); opt != nil {
 		opt.SetExtendedRcode(uint16(dns.Rcode))
 	} else if dns.Rcode > 0xF {
diff --git a/vendor/github.com/miekg/dns/privaterr.go b/vendor/github.com/miekg/dns/privaterr.go
index cda6cae31e..45c7f26d85 100644
--- a/vendor/github.com/miekg/dns/privaterr.go
+++ b/vendor/github.com/miekg/dns/privaterr.go
@@ -6,7 +6,7 @@ import "strings"
 // RFC 6895. This allows one to experiment with new RR types, without requesting an
 // official type code. Also see dns.PrivateHandle and dns.PrivateHandleRemove.
 type PrivateRdata interface {
-	// String returns the text presentaton of the Rdata of the Private RR.
+	// String returns the text presentation of the Rdata of the Private RR.
 	String() string
 	// Parse parses the Rdata of the private RR.
 	Parse([]string) error
diff --git a/vendor/github.com/miekg/dns/scan.go b/vendor/github.com/miekg/dns/scan.go
index 67161de29c..39055bde31 100644
--- a/vendor/github.com/miekg/dns/scan.go
+++ b/vendor/github.com/miekg/dns/scan.go
@@ -1233,7 +1233,7 @@ func stringToCm(token string) (e, m uint8, ok bool) {
 			// 'nn.1' must be treated as 'nn-meters and 10cm, not 1cm.
 			cmeters *= 10
 		}
-		if len(s[0]) == 0 {
+		if s[0] == "" {
 			// This will allow omitting the 'meter' part, like .01 (meaning 0.01m = 1cm).
 			break
 		}
@@ -1352,7 +1352,7 @@ func stringToNodeID(l lex) (uint64, *ParseError) {
 	if len(l.token) < 19 {
 		return 0, &ParseError{l.token, "bad NID/L64 NodeID/Locator64", l}
 	}
-	// There must be three colons at fixes postitions, if not its a parse error
+	// There must be three colons at fixes positions, if not its a parse error
 	if l.token[4] != ':' && l.token[9] != ':' && l.token[14] != ':' {
 		return 0, &ParseError{l.token, "bad NID/L64 NodeID/Locator64", l}
 	}
diff --git a/vendor/github.com/miekg/dns/scan_rr.go b/vendor/github.com/miekg/dns/scan_rr.go
index 23b4043bcd..05765aed87 100644
--- a/vendor/github.com/miekg/dns/scan_rr.go
+++ b/vendor/github.com/miekg/dns/scan_rr.go
@@ -609,7 +609,7 @@ func (rr *LOC) parse(c *zlexer, o string) *ParseError {
 
 	c.Next() // zBlank
 	l, _ = c.Next()
-	if i, err := strconv.ParseFloat(l.token, 32); err != nil || l.err || i < 0 || i >= 60 {
+	if i, err := strconv.ParseFloat(l.token, 64); err != nil || l.err || i < 0 || i >= 60 {
 		return &ParseError{"", "bad LOC Latitude seconds", l}
 	} else {
 		rr.Latitude += uint32(1000 * i)
@@ -645,7 +645,7 @@ East:
 	}
 	c.Next() // zBlank
 	l, _ = c.Next()
-	if i, err := strconv.ParseFloat(l.token, 32); err != nil || l.err || i < 0 || i >= 60 {
+	if i, err := strconv.ParseFloat(l.token, 64); err != nil || l.err || i < 0 || i >= 60 {
 		return &ParseError{"", "bad LOC Longitude seconds", l}
 	} else {
 		rr.Longitude += uint32(1000 * i)
@@ -662,7 +662,7 @@ East:
 Altitude:
 	c.Next() // zBlank
 	l, _ = c.Next()
-	if len(l.token) == 0 || l.err {
+	if l.token == "" || l.err {
 		return &ParseError{"", "bad LOC Altitude", l}
 	}
 	if l.token[len(l.token)-1] == 'M' || l.token[len(l.token)-1] == 'm' {
@@ -722,7 +722,7 @@ func (rr *HIP) parse(c *zlexer, o string) *ParseError {
 
 	c.Next()        // zBlank
 	l, _ = c.Next() // zString
-	if len(l.token) == 0 || l.err {
+	if l.token == "" || l.err {
 		return &ParseError{"", "bad HIP Hit", l}
 	}
 	rr.Hit = l.token // This can not contain spaces, see RFC 5205 Section 6.
@@ -730,7 +730,7 @@ func (rr *HIP) parse(c *zlexer, o string) *ParseError {
 
 	c.Next()        // zBlank
 	l, _ = c.Next() // zString
-	if len(l.token) == 0 || l.err {
+	if l.token == "" || l.err {
 		return &ParseError{"", "bad HIP PublicKey", l}
 	}
 	rr.PublicKey = l.token // This cannot contain spaces
@@ -846,6 +846,38 @@ func (rr *CSYNC) parse(c *zlexer, o string) *ParseError {
 	return nil
 }
 
+func (rr *ZONEMD) parse(c *zlexer, o string) *ParseError {
+	l, _ := c.Next()
+	i, e := strconv.ParseUint(l.token, 10, 32)
+	if e != nil || l.err {
+		return &ParseError{"", "bad ZONEMD Serial", l}
+	}
+	rr.Serial = uint32(i)
+
+	c.Next() // zBlank
+	l, _ = c.Next()
+	i, e1 := strconv.ParseUint(l.token, 10, 8)
+	if e1 != nil || l.err {
+		return &ParseError{"", "bad ZONEMD Scheme", l}
+	}
+	rr.Scheme = uint8(i)
+
+	c.Next() // zBlank
+	l, _ = c.Next()
+	i, err := strconv.ParseUint(l.token, 10, 8)
+	if err != nil || l.err {
+		return &ParseError{"", "bad ZONEMD Hash Algorithm", l}
+	}
+	rr.Hash = uint8(i)
+
+	s, e2 := endingToString(c, "bad ZONEMD Digest")
+	if e2 != nil {
+		return e2
+	}
+	rr.Digest = s
+	return nil
+}
+
 func (rr *SIG) parse(c *zlexer, o string) *ParseError { return rr.RRSIG.parse(c, o) }
 
 func (rr *RRSIG) parse(c *zlexer, o string) *ParseError {
@@ -997,7 +1029,7 @@ func (rr *NSEC3) parse(c *zlexer, o string) *ParseError {
 	rr.Iterations = uint16(i)
 	c.Next()
 	l, _ = c.Next()
-	if len(l.token) == 0 || l.err {
+	if l.token == "" || l.err {
 		return &ParseError{"", "bad NSEC3 Salt", l}
 	}
 	if l.token != "-" {
@@ -1007,7 +1039,7 @@ func (rr *NSEC3) parse(c *zlexer, o string) *ParseError {
 
 	c.Next()
 	l, _ = c.Next()
-	if len(l.token) == 0 || l.err {
+	if l.token == "" || l.err {
 		return &ParseError{"", "bad NSEC3 NextDomain", l}
 	}
 	rr.HashLength = 20 // Fix for NSEC3 (sha1 160 bits)
diff --git a/vendor/github.com/miekg/dns/sig0.go b/vendor/github.com/miekg/dns/sig0.go
index 9ef13ccf39..e781c9bb6c 100644
--- a/vendor/github.com/miekg/dns/sig0.go
+++ b/vendor/github.com/miekg/dns/sig0.go
@@ -17,7 +17,7 @@ func (rr *SIG) Sign(k crypto.Signer, m *Msg) ([]byte, error) {
 	if k == nil {
 		return nil, ErrPrivKey
 	}
-	if rr.KeyTag == 0 || len(rr.SignerName) == 0 || rr.Algorithm == 0 {
+	if rr.KeyTag == 0 || rr.SignerName == "" || rr.Algorithm == 0 {
 		return nil, ErrKey
 	}
 
@@ -78,7 +78,7 @@ func (rr *SIG) Verify(k *KEY, buf []byte) error {
 	if k == nil {
 		return ErrKey
 	}
-	if rr.KeyTag == 0 || len(rr.SignerName) == 0 || rr.Algorithm == 0 {
+	if rr.KeyTag == 0 || rr.SignerName == "" || rr.Algorithm == 0 {
 		return ErrKey
 	}
 
diff --git a/vendor/github.com/miekg/dns/svcb.go b/vendor/github.com/miekg/dns/svcb.go
index 1373fe21b7..ec0a76f4cf 100644
--- a/vendor/github.com/miekg/dns/svcb.go
+++ b/vendor/github.com/miekg/dns/svcb.go
@@ -321,7 +321,7 @@ func (s *SVCBAlpn) pack() ([]byte, error) {
 	// Liberally estimate the size of an alpn as 10 octets
 	b := make([]byte, 0, 10*len(s.Alpn))
 	for _, e := range s.Alpn {
-		if len(e) == 0 {
+		if e == "" {
 			return nil, errors.New("dns: svcbalpn: empty alpn-id")
 		}
 		if len(e) > 255 {
@@ -390,7 +390,7 @@ func (*SVCBNoDefaultAlpn) unpack(b []byte) error {
 }
 
 func (*SVCBNoDefaultAlpn) parse(b string) error {
-	if len(b) != 0 {
+	if b != "" {
 		return errors.New("dns: svcbnodefaultalpn: no_default_alpn must have no value")
 	}
 	return nil
diff --git a/vendor/github.com/miekg/dns/types.go b/vendor/github.com/miekg/dns/types.go
index 9e379eb351..99dd315bf1 100644
--- a/vendor/github.com/miekg/dns/types.go
+++ b/vendor/github.com/miekg/dns/types.go
@@ -81,6 +81,7 @@ const (
 	TypeCDNSKEY    uint16 = 60
 	TypeOPENPGPKEY uint16 = 61
 	TypeCSYNC      uint16 = 62
+	TypeZONEMD     uint16 = 63
 	TypeSVCB       uint16 = 64
 	TypeHTTPS      uint16 = 65
 	TypeSPF        uint16 = 99
@@ -150,6 +151,17 @@ const (
 	OpcodeUpdate = 5
 )
 
+// Used in ZONEMD https://tools.ietf.org/html/rfc8976
+
+const (
+	// ZoneMD Accepted Schemes
+	ZoneMDSchemeSimple = 1
+
+	// ZoneMD Hash Algorithms
+	ZoneMDHashAlgSHA384 = 1
+	ZoneMDHashAlgSHA512 = 2
+)
+
 // Header is the wire format for the DNS packet header.
 type Header struct {
 	Id                                 uint16
@@ -1361,6 +1373,23 @@ func (rr *CSYNC) len(off int, compression map[string]struct{}) int {
 	return l
 }
 
+// ZONEMD RR, from draft-ietf-dnsop-dns-zone-digest
+type ZONEMD struct {
+	Hdr    RR_Header
+	Serial uint32
+	Scheme uint8
+	Hash   uint8
+	Digest string `dns:"hex"`
+}
+
+func (rr *ZONEMD) String() string {
+	return rr.Hdr.String() +
+		strconv.Itoa(int(rr.Serial)) +
+		" " + strconv.Itoa(int(rr.Scheme)) +
+		" " + strconv.Itoa(int(rr.Hash)) +
+		" " + rr.Digest
+}
+
 // APL RR. See RFC 3123.
 type APL struct {
 	Hdr      RR_Header
@@ -1472,7 +1501,7 @@ func StringToTime(s string) (uint32, error) {
 
 // saltToString converts a NSECX salt to uppercase and returns "-" when it is empty.
 func saltToString(s string) string {
-	if len(s) == 0 {
+	if s == "" {
 		return "-"
 	}
 	return strings.ToUpper(s)
diff --git a/vendor/github.com/miekg/dns/version.go b/vendor/github.com/miekg/dns/version.go
index 8f7cf76881..5a358acc94 100644
--- a/vendor/github.com/miekg/dns/version.go
+++ b/vendor/github.com/miekg/dns/version.go
@@ -3,7 +3,7 @@ package dns
 import "fmt"
 
 // Version is current version of this library.
-var Version = v{1, 1, 40}
+var Version = v{1, 1, 41}
 
 // v holds the version of this library.
 type v struct {
diff --git a/vendor/github.com/miekg/dns/zduplicate.go b/vendor/github.com/miekg/dns/zduplicate.go
index 0d3b34bd9b..9eb1dac299 100644
--- a/vendor/github.com/miekg/dns/zduplicate.go
+++ b/vendor/github.com/miekg/dns/zduplicate.go
@@ -1317,3 +1317,24 @@ func (r1 *X25) isDuplicate(_r2 RR) bool {
 	}
 	return true
 }
+
+func (r1 *ZONEMD) isDuplicate(_r2 RR) bool {
+	r2, ok := _r2.(*ZONEMD)
+	if !ok {
+		return false
+	}
+	_ = r2
+	if r1.Serial != r2.Serial {
+		return false
+	}
+	if r1.Scheme != r2.Scheme {
+		return false
+	}
+	if r1.Hash != r2.Hash {
+		return false
+	}
+	if r1.Digest != r2.Digest {
+		return false
+	}
+	return true
+}
diff --git a/vendor/github.com/miekg/dns/zmsg.go b/vendor/github.com/miekg/dns/zmsg.go
index d24a10fa24..fc0822f982 100644
--- a/vendor/github.com/miekg/dns/zmsg.go
+++ b/vendor/github.com/miekg/dns/zmsg.go
@@ -1118,6 +1118,26 @@ func (rr *X25) pack(msg []byte, off int, compression compressionMap, compress bo
 	return off, nil
 }
 
+func (rr *ZONEMD) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
+	off, err = packUint32(rr.Serial, msg, off)
+	if err != nil {
+		return off, err
+	}
+	off, err = packUint8(rr.Scheme, msg, off)
+	if err != nil {
+		return off, err
+	}
+	off, err = packUint8(rr.Hash, msg, off)
+	if err != nil {
+		return off, err
+	}
+	off, err = packStringHex(rr.Digest, msg, off)
+	if err != nil {
+		return off, err
+	}
+	return off, nil
+}
+
 // unpack*() functions
 
 func (rr *A) unpack(msg []byte, off int) (off1 int, err error) {
@@ -2821,3 +2841,35 @@ func (rr *X25) unpack(msg []byte, off int) (off1 int, err error) {
 	}
 	return off, nil
 }
+
+func (rr *ZONEMD) unpack(msg []byte, off int) (off1 int, err error) {
+	rdStart := off
+	_ = rdStart
+
+	rr.Serial, off, err = unpackUint32(msg, off)
+	if err != nil {
+		return off, err
+	}
+	if off == len(msg) {
+		return off, nil
+	}
+	rr.Scheme, off, err = unpackUint8(msg, off)
+	if err != nil {
+		return off, err
+	}
+	if off == len(msg) {
+		return off, nil
+	}
+	rr.Hash, off, err = unpackUint8(msg, off)
+	if err != nil {
+		return off, err
+	}
+	if off == len(msg) {
+		return off, nil
+	}
+	rr.Digest, off, err = unpackStringHex(msg, off, rdStart+int(rr.Hdr.Rdlength))
+	if err != nil {
+		return off, err
+	}
+	return off, nil
+}
diff --git a/vendor/github.com/miekg/dns/ztypes.go b/vendor/github.com/miekg/dns/ztypes.go
index 11b51bf217..5d060cfee1 100644
--- a/vendor/github.com/miekg/dns/ztypes.go
+++ b/vendor/github.com/miekg/dns/ztypes.go
@@ -82,6 +82,7 @@ var TypeToRR = map[uint16]func() RR{
 	TypeUINFO:      func() RR { return new(UINFO) },
 	TypeURI:        func() RR { return new(URI) },
 	TypeX25:        func() RR { return new(X25) },
+	TypeZONEMD:     func() RR { return new(ZONEMD) },
 }
 
 // TypeToString is a map of strings for each RR type.
@@ -168,6 +169,7 @@ var TypeToString = map[uint16]string{
 	TypeUNSPEC:     "UNSPEC",
 	TypeURI:        "URI",
 	TypeX25:        "X25",
+	TypeZONEMD:     "ZONEMD",
 	TypeNSAPPTR:    "NSAP-PTR",
 }
 
@@ -245,6 +247,7 @@ func (rr *UID) Header() *RR_Header        { return &rr.Hdr }
 func (rr *UINFO) Header() *RR_Header      { return &rr.Hdr }
 func (rr *URI) Header() *RR_Header        { return &rr.Hdr }
 func (rr *X25) Header() *RR_Header        { return &rr.Hdr }
+func (rr *ZONEMD) Header() *RR_Header     { return &rr.Hdr }
 
 // len() functions
 func (rr *A) len(off int, compression map[string]struct{}) int {
@@ -684,6 +687,14 @@ func (rr *X25) len(off int, compression map[string]struct{}) int {
 	l += len(rr.PSDNAddress) + 1
 	return l
 }
+func (rr *ZONEMD) len(off int, compression map[string]struct{}) int {
+	l := rr.Hdr.len(off, compression)
+	l += 4 // Serial
+	l++    // Scheme
+	l++    // Hash
+	l += len(rr.Digest) / 2
+	return l
+}
 
 // copy() functions
 func (rr *A) copy() RR {
@@ -936,3 +947,6 @@ func (rr *URI) copy() RR {
 func (rr *X25) copy() RR {
 	return &X25{rr.Hdr, rr.PSDNAddress}
 }
+func (rr *ZONEMD) copy() RR {
+	return &ZONEMD{rr.Hdr, rr.Serial, rr.Scheme, rr.Hash, rr.Digest}
+}
diff --git a/vendor/golang.org/x/crypto/poly1305/sum_ppc64le.s b/vendor/golang.org/x/crypto/poly1305/sum_ppc64le.s
index 5cd7494b21..3cede539dc 100644
--- a/vendor/golang.org/x/crypto/poly1305/sum_ppc64le.s
+++ b/vendor/golang.org/x/crypto/poly1305/sum_ppc64le.s
@@ -82,7 +82,7 @@ multiply:
 	BGE loop
 
 bytes_between_0_and_15:
-	CMP  $0, R5
+	CMP  R5, $0
 	BEQ  done
 	MOVD $0, R16 // h0
 	MOVD $0, R17 // h1
@@ -122,7 +122,7 @@ just1:
 	// Exactly 8
 	MOVD (R4), R16
 
-	CMP $0, R17
+	CMP R17, $0
 
 	// Check if we've already set R17; if not
 	// set 1 to indicate end of msg.
@@ -151,7 +151,7 @@ less4:
 	ADD   $2, R4
 
 less2:
-	CMP   $0, R5
+	CMP   R5, $0
 	BEQ   insert1
 	MOVBZ (R4), R21
 	SLD   R22, R21, R21
@@ -166,12 +166,12 @@ insert1:
 
 carry:
 	// Add new values to h0, h1, h2
-	ADDC R16, R8
-	ADDE R17, R9
-	ADDE $0, R10
-	MOVD $16, R5
-	ADD  R5, R4
-	BR   multiply
+	ADDC  R16, R8
+	ADDE  R17, R9
+	ADDZE R10, R10
+	MOVD  $16, R5
+	ADD   R5, R4
+	BR    multiply
 
 done:
 	// Save h0, h1, h2 in state
diff --git a/vendor/golang.org/x/crypto/scrypt/scrypt.go b/vendor/golang.org/x/crypto/scrypt/scrypt.go
index 2f81fe4148..bbe4494c6c 100644
--- a/vendor/golang.org/x/crypto/scrypt/scrypt.go
+++ b/vendor/golang.org/x/crypto/scrypt/scrypt.go
@@ -9,6 +9,7 @@ package scrypt // import "golang.org/x/crypto/scrypt"
 
 import (
 	"crypto/sha256"
+	"encoding/binary"
 	"errors"
 	"math/bits"
 
@@ -143,36 +144,34 @@ func integer(b []uint32, r int) uint64 {
 
 func smix(b []byte, r, N int, v, xy []uint32) {
 	var tmp [16]uint32
+	R := 32 * r
 	x := xy
-	y := xy[32*r:]
+	y := xy[R:]
 
 	j := 0
-	for i := 0; i < 32*r; i++ {
-		x[i] = uint32(b[j]) | uint32(b[j+1])<<8 | uint32(b[j+2])<<16 | uint32(b[j+3])<<24
+	for i := 0; i < R; i++ {
+		x[i] = binary.LittleEndian.Uint32(b[j:])
 		j += 4
 	}
 	for i := 0; i < N; i += 2 {
-		blockCopy(v[i*(32*r):], x, 32*r)
+		blockCopy(v[i*R:], x, R)
 		blockMix(&tmp, x, y, r)
 
-		blockCopy(v[(i+1)*(32*r):], y, 32*r)
+		blockCopy(v[(i+1)*R:], y, R)
 		blockMix(&tmp, y, x, r)
 	}
 	for i := 0; i < N; i += 2 {
 		j := int(integer(x, r) & uint64(N-1))
-		blockXOR(x, v[j*(32*r):], 32*r)
+		blockXOR(x, v[j*R:], R)
 		blockMix(&tmp, x, y, r)
 
 		j = int(integer(y, r) & uint64(N-1))
-		blockXOR(y, v[j*(32*r):], 32*r)
+		blockXOR(y, v[j*R:], R)
 		blockMix(&tmp, y, x, r)
 	}
 	j = 0
-	for _, v := range x[:32*r] {
-		b[j+0] = byte(v >> 0)
-		b[j+1] = byte(v >> 8)
-		b[j+2] = byte(v >> 16)
-		b[j+3] = byte(v >> 24)
+	for _, v := range x[:R] {
+		binary.LittleEndian.PutUint32(b[j:], v)
 		j += 4
 	}
 }
diff --git a/vendor/golang.org/x/net/internal/socket/sys_const_unix.go b/vendor/golang.org/x/net/internal/socket/sys_const_unix.go
index f077b2f11f..5d99f2373f 100644
--- a/vendor/golang.org/x/net/internal/socket/sys_const_unix.go
+++ b/vendor/golang.org/x/net/internal/socket/sys_const_unix.go
@@ -2,8 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris
-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris
+//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos
+// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
 
 package socket
 
@@ -15,4 +15,7 @@ const (
 	sysAF_INET6  = unix.AF_INET6
 
 	sysSOCK_RAW = unix.SOCK_RAW
+
+	sizeofSockaddrInet4 = unix.SizeofSockaddrInet4
+	sizeofSockaddrInet6 = unix.SizeofSockaddrInet6
 )
diff --git a/vendor/golang.org/x/net/internal/socket/sys_const_zos.go b/vendor/golang.org/x/net/internal/socket/sys_const_zos.go
deleted file mode 100644
index 3048629541..0000000000
--- a/vendor/golang.org/x/net/internal/socket/sys_const_zos.go
+++ /dev/null
@@ -1,18 +0,0 @@
-// Copyright 2020 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build zos
-// +build zos
-
-package socket
-
-import "syscall"
-
-const (
-	sysAF_UNSPEC = syscall.AF_UNSPEC
-	sysAF_INET   = syscall.AF_INET
-	sysAF_INET6  = syscall.AF_INET6
-
-	sysSOCK_RAW = syscall.SOCK_RAW
-)
diff --git a/vendor/golang.org/x/net/internal/socket/sys_posix.go b/vendor/golang.org/x/net/internal/socket/sys_posix.go
index 25ded21763..d8dda77b52 100644
--- a/vendor/golang.org/x/net/internal/socket/sys_posix.go
+++ b/vendor/golang.org/x/net/internal/socket/sys_posix.go
@@ -32,12 +32,12 @@ func marshalInetAddr(a net.Addr) []byte {
 
 func marshalSockaddr(ip net.IP, port int, zone string) []byte {
 	if ip4 := ip.To4(); ip4 != nil {
-		b := make([]byte, sizeofSockaddrInet)
+		b := make([]byte, sizeofSockaddrInet4)
 		switch runtime.GOOS {
 		case "android", "illumos", "linux", "solaris", "windows":
 			NativeEndian.PutUint16(b[:2], uint16(sysAF_INET))
 		default:
-			b[0] = sizeofSockaddrInet
+			b[0] = sizeofSockaddrInet4
 			b[1] = sysAF_INET
 		}
 		binary.BigEndian.PutUint16(b[2:4], uint16(port))
@@ -77,7 +77,7 @@ func parseInetAddr(b []byte, network string) (net.Addr, error) {
 	var ip net.IP
 	var zone string
 	if af == sysAF_INET {
-		if len(b) < sizeofSockaddrInet {
+		if len(b) < sizeofSockaddrInet4 {
 			return nil, errors.New("short address")
 		}
 		ip = make(net.IP, net.IPv4len)
diff --git a/vendor/golang.org/x/net/internal/socket/sys_stub.go b/vendor/golang.org/x/net/internal/socket/sys_stub.go
index dc7bb389b3..381e45e167 100644
--- a/vendor/golang.org/x/net/internal/socket/sys_stub.go
+++ b/vendor/golang.org/x/net/internal/socket/sys_stub.go
@@ -15,6 +15,9 @@ const (
 	sysAF_INET6  = 0xa
 
 	sysSOCK_RAW = 0x3
+
+	sizeofSockaddrInet4 = 0x10
+	sizeofSockaddrInet6 = 0x1c
 )
 
 func marshalInetAddr(ip net.IP, port int, zone string) []byte {
diff --git a/vendor/golang.org/x/net/internal/socket/sys_windows.go b/vendor/golang.org/x/net/internal/socket/sys_windows.go
index d556a44615..2de0d68c61 100644
--- a/vendor/golang.org/x/net/internal/socket/sys_windows.go
+++ b/vendor/golang.org/x/net/internal/socket/sys_windows.go
@@ -22,25 +22,8 @@ const (
 	sysAF_INET6  = windows.AF_INET6
 
 	sysSOCK_RAW = windows.SOCK_RAW
-)
 
-type sockaddrInet struct {
-	Family uint16
-	Port   uint16
-	Addr   [4]byte /* in_addr */
-	Zero   [8]uint8
-}
-
-type sockaddrInet6 struct {
-	Family   uint16
-	Port     uint16
-	Flowinfo uint32
-	Addr     [16]byte /* in6_addr */
-	Scope_id uint32
-}
-
-const (
-	sizeofSockaddrInet  = 0x10
+	sizeofSockaddrInet4 = 0x10
 	sizeofSockaddrInet6 = 0x1c
 )
 
diff --git a/vendor/golang.org/x/net/internal/socket/zsys_aix_ppc64.go b/vendor/golang.org/x/net/internal/socket/zsys_aix_ppc64.go
index 79f3bdd5b9..00691bd524 100644
--- a/vendor/golang.org/x/net/internal/socket/zsys_aix_ppc64.go
+++ b/vendor/golang.org/x/net/internal/socket/zsys_aix_ppc64.go
@@ -34,27 +34,7 @@ type cmsghdr struct {
 	Type  int32
 }
 
-type sockaddrInet struct {
-	Len    uint8
-	Family uint8
-	Port   uint16
-	Addr   [4]byte /* in_addr */
-	Zero   [8]uint8
-}
-
-type sockaddrInet6 struct {
-	Len      uint8
-	Family   uint8
-	Port     uint16
-	Flowinfo uint32
-	Addr     [16]byte /* in6_addr */
-	Scope_id uint32
-}
-
 const (
 	sizeofIovec  = 0x10
 	sizeofMsghdr = 0x30
-
-	sizeofSockaddrInet  = 0x10
-	sizeofSockaddrInet6 = 0x1c
 )
diff --git a/vendor/golang.org/x/net/internal/socket/zsys_darwin_386.go b/vendor/golang.org/x/net/internal/socket/zsys_darwin_386.go
index 150f980f52..5acf6db6ea 100644
--- a/vendor/golang.org/x/net/internal/socket/zsys_darwin_386.go
+++ b/vendor/golang.org/x/net/internal/socket/zsys_darwin_386.go
@@ -24,27 +24,7 @@ type cmsghdr struct {
 	Type  int32
 }
 
-type sockaddrInet struct {
-	Len    uint8
-	Family uint8
-	Port   uint16
-	Addr   [4]byte /* in_addr */
-	Zero   [8]int8
-}
-
-type sockaddrInet6 struct {
-	Len      uint8
-	Family   uint8
-	Port     uint16
-	Flowinfo uint32
-	Addr     [16]byte /* in6_addr */
-	Scope_id uint32
-}
-
 const (
 	sizeofIovec  = 0x8
 	sizeofMsghdr = 0x1c
-
-	sizeofSockaddrInet  = 0x10
-	sizeofSockaddrInet6 = 0x1c
 )
diff --git a/vendor/golang.org/x/net/internal/socket/zsys_darwin_amd64.go b/vendor/golang.org/x/net/internal/socket/zsys_darwin_amd64.go
index a686c95285..98dcfe412a 100644
--- a/vendor/golang.org/x/net/internal/socket/zsys_darwin_amd64.go
+++ b/vendor/golang.org/x/net/internal/socket/zsys_darwin_amd64.go
@@ -26,27 +26,7 @@ type cmsghdr struct {
 	Type  int32
 }
 
-type sockaddrInet struct {
-	Len    uint8
-	Family uint8
-	Port   uint16
-	Addr   [4]byte /* in_addr */
-	Zero   [8]int8
-}
-
-type sockaddrInet6 struct {
-	Len      uint8
-	Family   uint8
-	Port     uint16
-	Flowinfo uint32
-	Addr     [16]byte /* in6_addr */
-	Scope_id uint32
-}
-
 const (
 	sizeofIovec  = 0x10
 	sizeofMsghdr = 0x30
-
-	sizeofSockaddrInet  = 0x10
-	sizeofSockaddrInet6 = 0x1c
 )
diff --git a/vendor/golang.org/x/net/internal/socket/zsys_darwin_arm.go b/vendor/golang.org/x/net/internal/socket/zsys_darwin_arm.go
index 150f980f52..5acf6db6ea 100644
--- a/vendor/golang.org/x/net/internal/socket/zsys_darwin_arm.go
+++ b/vendor/golang.org/x/net/internal/socket/zsys_darwin_arm.go
@@ -24,27 +24,7 @@ type cmsghdr struct {
 	Type  int32
 }
 
-type sockaddrInet struct {
-	Len    uint8
-	Family uint8
-	Port   uint16
-	Addr   [4]byte /* in_addr */
-	Zero   [8]int8
-}
-
-type sockaddrInet6 struct {
-	Len      uint8
-	Family   uint8
-	Port     uint16
-	Flowinfo uint32
-	Addr     [16]byte /* in6_addr */
-	Scope_id uint32
-}
-
 const (
 	sizeofIovec  = 0x8
 	sizeofMsghdr = 0x1c
-
-	sizeofSockaddrInet  = 0x10
-	sizeofSockaddrInet6 = 0x1c
 )
diff --git a/vendor/golang.org/x/net/internal/socket/zsys_darwin_arm64.go b/vendor/golang.org/x/net/internal/socket/zsys_darwin_arm64.go
index a686c95285..98dcfe412a 100644
--- a/vendor/golang.org/x/net/internal/socket/zsys_darwin_arm64.go
+++ b/vendor/golang.org/x/net/internal/socket/zsys_darwin_arm64.go
@@ -26,27 +26,7 @@ type cmsghdr struct {
 	Type  int32
 }
 
-type sockaddrInet struct {
-	Len    uint8
-	Family uint8
-	Port   uint16
-	Addr   [4]byte /* in_addr */
-	Zero   [8]int8
-}
-
-type sockaddrInet6 struct {
-	Len      uint8
-	Family   uint8
-	Port     uint16
-	Flowinfo uint32
-	Addr     [16]byte /* in6_addr */
-	Scope_id uint32
-}
-
 const (
 	sizeofIovec  = 0x10
 	sizeofMsghdr = 0x30
-
-	sizeofSockaddrInet  = 0x10
-	sizeofSockaddrInet6 = 0x1c
 )
diff --git a/vendor/golang.org/x/net/internal/socket/zsys_dragonfly_amd64.go b/vendor/golang.org/x/net/internal/socket/zsys_dragonfly_amd64.go
index d45c197e26..636d129aee 100644
--- a/vendor/golang.org/x/net/internal/socket/zsys_dragonfly_amd64.go
+++ b/vendor/golang.org/x/net/internal/socket/zsys_dragonfly_amd64.go
@@ -26,27 +26,7 @@ type cmsghdr struct {
 	Type  int32
 }
 
-type sockaddrInet struct {
-	Len    uint8
-	Family uint8
-	Port   uint16
-	Addr   [4]byte /* in_addr */
-	Zero   [8]int8
-}
-
-type sockaddrInet6 struct {
-	Len      uint8
-	Family   uint8
-	Port     uint16
-	Flowinfo uint32
-	Addr     [16]byte /* in6_addr */
-	Scope_id uint32
-}
-
 const (
 	sizeofIovec  = 0x10
 	sizeofMsghdr = 0x30
-
-	sizeofSockaddrInet  = 0x10
-	sizeofSockaddrInet6 = 0x1c
 )
diff --git a/vendor/golang.org/x/net/internal/socket/zsys_freebsd_386.go b/vendor/golang.org/x/net/internal/socket/zsys_freebsd_386.go
index ffec860ea8..87707fed01 100644
--- a/vendor/golang.org/x/net/internal/socket/zsys_freebsd_386.go
+++ b/vendor/golang.org/x/net/internal/socket/zsys_freebsd_386.go
@@ -24,27 +24,7 @@ type cmsghdr struct {
 	Type  int32
 }
 
-type sockaddrInet struct {
-	Len    uint8
-	Family uint8
-	Port   uint16
-	Addr   [4]byte /* in_addr */
-	Zero   [8]int8
-}
-
-type sockaddrInet6 struct {
-	Len      uint8
-	Family   uint8
-	Port     uint16
-	Flowinfo uint32
-	Addr     [16]byte /* in6_addr */
-	Scope_id uint32
-}
-
 const (
 	sizeofIovec  = 0x8
 	sizeofMsghdr = 0x1c
-
-	sizeofSockaddrInet  = 0x10
-	sizeofSockaddrInet6 = 0x1c
 )
diff --git a/vendor/golang.org/x/net/internal/socket/zsys_freebsd_amd64.go b/vendor/golang.org/x/net/internal/socket/zsys_freebsd_amd64.go
index aa701ab676..7db7781129 100644
--- a/vendor/golang.org/x/net/internal/socket/zsys_freebsd_amd64.go
+++ b/vendor/golang.org/x/net/internal/socket/zsys_freebsd_amd64.go
@@ -26,27 +26,7 @@ type cmsghdr struct {
 	Type  int32
 }
 
-type sockaddrInet struct {
-	Len    uint8
-	Family uint8
-	Port   uint16
-	Addr   [4]byte /* in_addr */
-	Zero   [8]int8
-}
-
-type sockaddrInet6 struct {
-	Len      uint8
-	Family   uint8
-	Port     uint16
-	Flowinfo uint32
-	Addr     [16]byte /* in6_addr */
-	Scope_id uint32
-}
-
 const (
 	sizeofIovec  = 0x10
 	sizeofMsghdr = 0x30
-
-	sizeofSockaddrInet  = 0x10
-	sizeofSockaddrInet6 = 0x1c
 )
diff --git a/vendor/golang.org/x/net/internal/socket/zsys_freebsd_arm.go b/vendor/golang.org/x/net/internal/socket/zsys_freebsd_arm.go
index ffec860ea8..87707fed01 100644
--- a/vendor/golang.org/x/net/internal/socket/zsys_freebsd_arm.go
+++ b/vendor/golang.org/x/net/internal/socket/zsys_freebsd_arm.go
@@ -24,27 +24,7 @@ type cmsghdr struct {
 	Type  int32
 }
 
-type sockaddrInet struct {
-	Len    uint8
-	Family uint8
-	Port   uint16
-	Addr   [4]byte /* in_addr */
-	Zero   [8]int8
-}
-
-type sockaddrInet6 struct {
-	Len      uint8
-	Family   uint8
-	Port     uint16
-	Flowinfo uint32
-	Addr     [16]byte /* in6_addr */
-	Scope_id uint32
-}
-
 const (
 	sizeofIovec  = 0x8
 	sizeofMsghdr = 0x1c
-
-	sizeofSockaddrInet  = 0x10
-	sizeofSockaddrInet6 = 0x1c
 )
diff --git a/vendor/golang.org/x/net/internal/socket/zsys_freebsd_arm64.go b/vendor/golang.org/x/net/internal/socket/zsys_freebsd_arm64.go
index aa701ab676..7db7781129 100644
--- a/vendor/golang.org/x/net/internal/socket/zsys_freebsd_arm64.go
+++ b/vendor/golang.org/x/net/internal/socket/zsys_freebsd_arm64.go
@@ -26,27 +26,7 @@ type cmsghdr struct {
 	Type  int32
 }
 
-type sockaddrInet struct {
-	Len    uint8
-	Family uint8
-	Port   uint16
-	Addr   [4]byte /* in_addr */
-	Zero   [8]int8
-}
-
-type sockaddrInet6 struct {
-	Len      uint8
-	Family   uint8
-	Port     uint16
-	Flowinfo uint32
-	Addr     [16]byte /* in6_addr */
-	Scope_id uint32
-}
-
 const (
 	sizeofIovec  = 0x10
 	sizeofMsghdr = 0x30
-
-	sizeofSockaddrInet  = 0x10
-	sizeofSockaddrInet6 = 0x1c
 )
diff --git a/vendor/golang.org/x/net/internal/socket/zsys_linux_386.go b/vendor/golang.org/x/net/internal/socket/zsys_linux_386.go
index 0c847bee7a..4c19269bee 100644
--- a/vendor/golang.org/x/net/internal/socket/zsys_linux_386.go
+++ b/vendor/golang.org/x/net/internal/socket/zsys_linux_386.go
@@ -29,25 +29,7 @@ type cmsghdr struct {
 	Type  int32
 }
 
-type sockaddrInet struct {
-	Family uint16
-	Port   uint16
-	Addr   [4]byte /* in_addr */
-	X__pad [8]uint8
-}
-
-type sockaddrInet6 struct {
-	Family   uint16
-	Port     uint16
-	Flowinfo uint32
-	Addr     [16]byte /* in6_addr */
-	Scope_id uint32
-}
-
 const (
 	sizeofIovec  = 0x8
 	sizeofMsghdr = 0x1c
-
-	sizeofSockaddrInet  = 0x10
-	sizeofSockaddrInet6 = 0x1c
 )
diff --git a/vendor/golang.org/x/net/internal/socket/zsys_linux_amd64.go b/vendor/golang.org/x/net/internal/socket/zsys_linux_amd64.go
index 15e2aecaab..3dcd5c8eda 100644
--- a/vendor/golang.org/x/net/internal/socket/zsys_linux_amd64.go
+++ b/vendor/golang.org/x/net/internal/socket/zsys_linux_amd64.go
@@ -32,25 +32,7 @@ type cmsghdr struct {
 	Type  int32
 }
 
-type sockaddrInet struct {
-	Family uint16
-	Port   uint16
-	Addr   [4]byte /* in_addr */
-	X__pad [8]uint8
-}
-
-type sockaddrInet6 struct {
-	Family   uint16
-	Port     uint16
-	Flowinfo uint32
-	Addr     [16]byte /* in6_addr */
-	Scope_id uint32
-}
-
 const (
 	sizeofIovec  = 0x10
 	sizeofMsghdr = 0x38
-
-	sizeofSockaddrInet  = 0x10
-	sizeofSockaddrInet6 = 0x1c
 )
diff --git a/vendor/golang.org/x/net/internal/socket/zsys_linux_arm.go b/vendor/golang.org/x/net/internal/socket/zsys_linux_arm.go
index 0c847bee7a..4c19269bee 100644
--- a/vendor/golang.org/x/net/internal/socket/zsys_linux_arm.go
+++ b/vendor/golang.org/x/net/internal/socket/zsys_linux_arm.go
@@ -29,25 +29,7 @@ type cmsghdr struct {
 	Type  int32
 }
 
-type sockaddrInet struct {
-	Family uint16
-	Port   uint16
-	Addr   [4]byte /* in_addr */
-	X__pad [8]uint8
-}
-
-type sockaddrInet6 struct {
-	Family   uint16
-	Port     uint16
-	Flowinfo uint32
-	Addr     [16]byte /* in6_addr */
-	Scope_id uint32
-}
-
 const (
 	sizeofIovec  = 0x8
 	sizeofMsghdr = 0x1c
-
-	sizeofSockaddrInet  = 0x10
-	sizeofSockaddrInet6 = 0x1c
 )
diff --git a/vendor/golang.org/x/net/internal/socket/zsys_linux_arm64.go b/vendor/golang.org/x/net/internal/socket/zsys_linux_arm64.go
index 15e2aecaab..3dcd5c8eda 100644
--- a/vendor/golang.org/x/net/internal/socket/zsys_linux_arm64.go
+++ b/vendor/golang.org/x/net/internal/socket/zsys_linux_arm64.go
@@ -32,25 +32,7 @@ type cmsghdr struct {
 	Type  int32
 }
 
-type sockaddrInet struct {
-	Family uint16
-	Port   uint16
-	Addr   [4]byte /* in_addr */
-	X__pad [8]uint8
-}
-
-type sockaddrInet6 struct {
-	Family   uint16
-	Port     uint16
-	Flowinfo uint32
-	Addr     [16]byte /* in6_addr */
-	Scope_id uint32
-}
-
 const (
 	sizeofIovec  = 0x10
 	sizeofMsghdr = 0x38
-
-	sizeofSockaddrInet  = 0x10
-	sizeofSockaddrInet6 = 0x1c
 )
diff --git a/vendor/golang.org/x/net/internal/socket/zsys_linux_mips.go b/vendor/golang.org/x/net/internal/socket/zsys_linux_mips.go
index 0c847bee7a..4c19269bee 100644
--- a/vendor/golang.org/x/net/internal/socket/zsys_linux_mips.go
+++ b/vendor/golang.org/x/net/internal/socket/zsys_linux_mips.go
@@ -29,25 +29,7 @@ type cmsghdr struct {
 	Type  int32
 }
 
-type sockaddrInet struct {
-	Family uint16
-	Port   uint16
-	Addr   [4]byte /* in_addr */
-	X__pad [8]uint8
-}
-
-type sockaddrInet6 struct {
-	Family   uint16
-	Port     uint16
-	Flowinfo uint32
-	Addr     [16]byte /* in6_addr */
-	Scope_id uint32
-}
-
 const (
 	sizeofIovec  = 0x8
 	sizeofMsghdr = 0x1c
-
-	sizeofSockaddrInet  = 0x10
-	sizeofSockaddrInet6 = 0x1c
 )
diff --git a/vendor/golang.org/x/net/internal/socket/zsys_linux_mips64.go b/vendor/golang.org/x/net/internal/socket/zsys_linux_mips64.go
index 15e2aecaab..3dcd5c8eda 100644
--- a/vendor/golang.org/x/net/internal/socket/zsys_linux_mips64.go
+++ b/vendor/golang.org/x/net/internal/socket/zsys_linux_mips64.go
@@ -32,25 +32,7 @@ type cmsghdr struct {
 	Type  int32
 }
 
-type sockaddrInet struct {
-	Family uint16
-	Port   uint16
-	Addr   [4]byte /* in_addr */
-	X__pad [8]uint8
-}
-
-type sockaddrInet6 struct {
-	Family   uint16
-	Port     uint16
-	Flowinfo uint32
-	Addr     [16]byte /* in6_addr */
-	Scope_id uint32
-}
-
 const (
 	sizeofIovec  = 0x10
 	sizeofMsghdr = 0x38
-
-	sizeofSockaddrInet  = 0x10
-	sizeofSockaddrInet6 = 0x1c
 )
diff --git a/vendor/golang.org/x/net/internal/socket/zsys_linux_mips64le.go b/vendor/golang.org/x/net/internal/socket/zsys_linux_mips64le.go
index 15e2aecaab..3dcd5c8eda 100644
--- a/vendor/golang.org/x/net/internal/socket/zsys_linux_mips64le.go
+++ b/vendor/golang.org/x/net/internal/socket/zsys_linux_mips64le.go
@@ -32,25 +32,7 @@ type cmsghdr struct {
 	Type  int32
 }
 
-type sockaddrInet struct {
-	Family uint16
-	Port   uint16
-	Addr   [4]byte /* in_addr */
-	X__pad [8]uint8
-}
-
-type sockaddrInet6 struct {
-	Family   uint16
-	Port     uint16
-	Flowinfo uint32
-	Addr     [16]byte /* in6_addr */
-	Scope_id uint32
-}
-
 const (
 	sizeofIovec  = 0x10
 	sizeofMsghdr = 0x38
-
-	sizeofSockaddrInet  = 0x10
-	sizeofSockaddrInet6 = 0x1c
 )
diff --git a/vendor/golang.org/x/net/internal/socket/zsys_linux_mipsle.go b/vendor/golang.org/x/net/internal/socket/zsys_linux_mipsle.go
index 0c847bee7a..4c19269bee 100644
--- a/vendor/golang.org/x/net/internal/socket/zsys_linux_mipsle.go
+++ b/vendor/golang.org/x/net/internal/socket/zsys_linux_mipsle.go
@@ -29,25 +29,7 @@ type cmsghdr struct {
 	Type  int32
 }
 
-type sockaddrInet struct {
-	Family uint16
-	Port   uint16
-	Addr   [4]byte /* in_addr */
-	X__pad [8]uint8
-}
-
-type sockaddrInet6 struct {
-	Family   uint16
-	Port     uint16
-	Flowinfo uint32
-	Addr     [16]byte /* in6_addr */
-	Scope_id uint32
-}
-
 const (
 	sizeofIovec  = 0x8
 	sizeofMsghdr = 0x1c
-
-	sizeofSockaddrInet  = 0x10
-	sizeofSockaddrInet6 = 0x1c
 )
diff --git a/vendor/golang.org/x/net/internal/socket/zsys_linux_ppc64.go b/vendor/golang.org/x/net/internal/socket/zsys_linux_ppc64.go
index 15e2aecaab..3dcd5c8eda 100644
--- a/vendor/golang.org/x/net/internal/socket/zsys_linux_ppc64.go
+++ b/vendor/golang.org/x/net/internal/socket/zsys_linux_ppc64.go
@@ -32,25 +32,7 @@ type cmsghdr struct {
 	Type  int32
 }
 
-type sockaddrInet struct {
-	Family uint16
-	Port   uint16
-	Addr   [4]byte /* in_addr */
-	X__pad [8]uint8
-}
-
-type sockaddrInet6 struct {
-	Family   uint16
-	Port     uint16
-	Flowinfo uint32
-	Addr     [16]byte /* in6_addr */
-	Scope_id uint32
-}
-
 const (
 	sizeofIovec  = 0x10
 	sizeofMsghdr = 0x38
-
-	sizeofSockaddrInet  = 0x10
-	sizeofSockaddrInet6 = 0x1c
 )
diff --git a/vendor/golang.org/x/net/internal/socket/zsys_linux_ppc64le.go b/vendor/golang.org/x/net/internal/socket/zsys_linux_ppc64le.go
index 15e2aecaab..3dcd5c8eda 100644
--- a/vendor/golang.org/x/net/internal/socket/zsys_linux_ppc64le.go
+++ b/vendor/golang.org/x/net/internal/socket/zsys_linux_ppc64le.go
@@ -32,25 +32,7 @@ type cmsghdr struct {
 	Type  int32
 }
 
-type sockaddrInet struct {
-	Family uint16
-	Port   uint16
-	Addr   [4]byte /* in_addr */
-	X__pad [8]uint8
-}
-
-type sockaddrInet6 struct {
-	Family   uint16
-	Port     uint16
-	Flowinfo uint32
-	Addr     [16]byte /* in6_addr */
-	Scope_id uint32
-}
-
 const (
 	sizeofIovec  = 0x10
 	sizeofMsghdr = 0x38
-
-	sizeofSockaddrInet  = 0x10
-	sizeofSockaddrInet6 = 0x1c
 )
diff --git a/vendor/golang.org/x/net/internal/socket/zsys_linux_riscv64.go b/vendor/golang.org/x/net/internal/socket/zsys_linux_riscv64.go
index 12ec2e42b8..c066272ddd 100644
--- a/vendor/golang.org/x/net/internal/socket/zsys_linux_riscv64.go
+++ b/vendor/golang.org/x/net/internal/socket/zsys_linux_riscv64.go
@@ -34,25 +34,7 @@ type cmsghdr struct {
 	Type  int32
 }
 
-type sockaddrInet struct {
-	Family uint16
-	Port   uint16
-	Addr   [4]byte /* in_addr */
-	X__pad [8]uint8
-}
-
-type sockaddrInet6 struct {
-	Family   uint16
-	Port     uint16
-	Flowinfo uint32
-	Addr     [16]byte /* in6_addr */
-	Scope_id uint32
-}
-
 const (
 	sizeofIovec  = 0x10
 	sizeofMsghdr = 0x38
-
-	sizeofSockaddrInet  = 0x10
-	sizeofSockaddrInet6 = 0x1c
 )
diff --git a/vendor/golang.org/x/net/internal/socket/zsys_linux_s390x.go b/vendor/golang.org/x/net/internal/socket/zsys_linux_s390x.go
index 15e2aecaab..3dcd5c8eda 100644
--- a/vendor/golang.org/x/net/internal/socket/zsys_linux_s390x.go
+++ b/vendor/golang.org/x/net/internal/socket/zsys_linux_s390x.go
@@ -32,25 +32,7 @@ type cmsghdr struct {
 	Type  int32
 }
 
-type sockaddrInet struct {
-	Family uint16
-	Port   uint16
-	Addr   [4]byte /* in_addr */
-	X__pad [8]uint8
-}
-
-type sockaddrInet6 struct {
-	Family   uint16
-	Port     uint16
-	Flowinfo uint32
-	Addr     [16]byte /* in6_addr */
-	Scope_id uint32
-}
-
 const (
 	sizeofIovec  = 0x10
 	sizeofMsghdr = 0x38
-
-	sizeofSockaddrInet  = 0x10
-	sizeofSockaddrInet6 = 0x1c
 )
diff --git a/vendor/golang.org/x/net/internal/socket/zsys_netbsd_386.go b/vendor/golang.org/x/net/internal/socket/zsys_netbsd_386.go
index 6b72d24dd9..f95572dc00 100644
--- a/vendor/golang.org/x/net/internal/socket/zsys_netbsd_386.go
+++ b/vendor/golang.org/x/net/internal/socket/zsys_netbsd_386.go
@@ -29,27 +29,7 @@ type cmsghdr struct {
 	Type  int32
 }
 
-type sockaddrInet struct {
-	Len    uint8
-	Family uint8
-	Port   uint16
-	Addr   [4]byte /* in_addr */
-	Zero   [8]int8
-}
-
-type sockaddrInet6 struct {
-	Len      uint8
-	Family   uint8
-	Port     uint16
-	Flowinfo uint32
-	Addr     [16]byte /* in6_addr */
-	Scope_id uint32
-}
-
 const (
 	sizeofIovec  = 0x8
 	sizeofMsghdr = 0x1c
-
-	sizeofSockaddrInet  = 0x10
-	sizeofSockaddrInet6 = 0x1c
 )
diff --git a/vendor/golang.org/x/net/internal/socket/zsys_netbsd_amd64.go b/vendor/golang.org/x/net/internal/socket/zsys_netbsd_amd64.go
index 9aaa4ab1ca..a92fd60e4d 100644
--- a/vendor/golang.org/x/net/internal/socket/zsys_netbsd_amd64.go
+++ b/vendor/golang.org/x/net/internal/socket/zsys_netbsd_amd64.go
@@ -32,27 +32,7 @@ type cmsghdr struct {
 	Type  int32
 }
 
-type sockaddrInet struct {
-	Len    uint8
-	Family uint8
-	Port   uint16
-	Addr   [4]byte /* in_addr */
-	Zero   [8]int8
-}
-
-type sockaddrInet6 struct {
-	Len      uint8
-	Family   uint8
-	Port     uint16
-	Flowinfo uint32
-	Addr     [16]byte /* in6_addr */
-	Scope_id uint32
-}
-
 const (
 	sizeofIovec  = 0x10
 	sizeofMsghdr = 0x30
-
-	sizeofSockaddrInet  = 0x10
-	sizeofSockaddrInet6 = 0x1c
 )
diff --git a/vendor/golang.org/x/net/internal/socket/zsys_netbsd_arm.go b/vendor/golang.org/x/net/internal/socket/zsys_netbsd_arm.go
index 6b72d24dd9..f95572dc00 100644
--- a/vendor/golang.org/x/net/internal/socket/zsys_netbsd_arm.go
+++ b/vendor/golang.org/x/net/internal/socket/zsys_netbsd_arm.go
@@ -29,27 +29,7 @@ type cmsghdr struct {
 	Type  int32
 }
 
-type sockaddrInet struct {
-	Len    uint8
-	Family uint8
-	Port   uint16
-	Addr   [4]byte /* in_addr */
-	Zero   [8]int8
-}
-
-type sockaddrInet6 struct {
-	Len      uint8
-	Family   uint8
-	Port     uint16
-	Flowinfo uint32
-	Addr     [16]byte /* in6_addr */
-	Scope_id uint32
-}
-
 const (
 	sizeofIovec  = 0x8
 	sizeofMsghdr = 0x1c
-
-	sizeofSockaddrInet  = 0x10
-	sizeofSockaddrInet6 = 0x1c
 )
diff --git a/vendor/golang.org/x/net/internal/socket/zsys_netbsd_arm64.go b/vendor/golang.org/x/net/internal/socket/zsys_netbsd_arm64.go
index 9aaa4ab1ca..a92fd60e4d 100644
--- a/vendor/golang.org/x/net/internal/socket/zsys_netbsd_arm64.go
+++ b/vendor/golang.org/x/net/internal/socket/zsys_netbsd_arm64.go
@@ -32,27 +32,7 @@ type cmsghdr struct {
 	Type  int32
 }
 
-type sockaddrInet struct {
-	Len    uint8
-	Family uint8
-	Port   uint16
-	Addr   [4]byte /* in_addr */
-	Zero   [8]int8
-}
-
-type sockaddrInet6 struct {
-	Len      uint8
-	Family   uint8
-	Port     uint16
-	Flowinfo uint32
-	Addr     [16]byte /* in6_addr */
-	Scope_id uint32
-}
-
 const (
 	sizeofIovec  = 0x10
 	sizeofMsghdr = 0x30
-
-	sizeofSockaddrInet  = 0x10
-	sizeofSockaddrInet6 = 0x1c
 )
diff --git a/vendor/golang.org/x/net/internal/socket/zsys_openbsd_386.go b/vendor/golang.org/x/net/internal/socket/zsys_openbsd_386.go
index 3ec8d42fee..e792ec2115 100644
--- a/vendor/golang.org/x/net/internal/socket/zsys_openbsd_386.go
+++ b/vendor/golang.org/x/net/internal/socket/zsys_openbsd_386.go
@@ -24,27 +24,7 @@ type cmsghdr struct {
 	Type  int32
 }
 
-type sockaddrInet struct {
-	Len    uint8
-	Family uint8
-	Port   uint16
-	Addr   [4]byte /* in_addr */
-	Zero   [8]int8
-}
-
-type sockaddrInet6 struct {
-	Len      uint8
-	Family   uint8
-	Port     uint16
-	Flowinfo uint32
-	Addr     [16]byte /* in6_addr */
-	Scope_id uint32
-}
-
 const (
 	sizeofIovec  = 0x8
 	sizeofMsghdr = 0x1c
-
-	sizeofSockaddrInet  = 0x10
-	sizeofSockaddrInet6 = 0x1c
 )
diff --git a/vendor/golang.org/x/net/internal/socket/zsys_openbsd_amd64.go b/vendor/golang.org/x/net/internal/socket/zsys_openbsd_amd64.go
index ea0ee008d7..b68ff2d57f 100644
--- a/vendor/golang.org/x/net/internal/socket/zsys_openbsd_amd64.go
+++ b/vendor/golang.org/x/net/internal/socket/zsys_openbsd_amd64.go
@@ -26,27 +26,7 @@ type cmsghdr struct {
 	Type  int32
 }
 
-type sockaddrInet struct {
-	Len    uint8
-	Family uint8
-	Port   uint16
-	Addr   [4]byte /* in_addr */
-	Zero   [8]int8
-}
-
-type sockaddrInet6 struct {
-	Len      uint8
-	Family   uint8
-	Port     uint16
-	Flowinfo uint32
-	Addr     [16]byte /* in6_addr */
-	Scope_id uint32
-}
-
 const (
 	sizeofIovec  = 0x10
 	sizeofMsghdr = 0x30
-
-	sizeofSockaddrInet  = 0x10
-	sizeofSockaddrInet6 = 0x1c
 )
diff --git a/vendor/golang.org/x/net/internal/socket/zsys_openbsd_arm.go b/vendor/golang.org/x/net/internal/socket/zsys_openbsd_arm.go
index 3ec8d42fee..e792ec2115 100644
--- a/vendor/golang.org/x/net/internal/socket/zsys_openbsd_arm.go
+++ b/vendor/golang.org/x/net/internal/socket/zsys_openbsd_arm.go
@@ -24,27 +24,7 @@ type cmsghdr struct {
 	Type  int32
 }
 
-type sockaddrInet struct {
-	Len    uint8
-	Family uint8
-	Port   uint16
-	Addr   [4]byte /* in_addr */
-	Zero   [8]int8
-}
-
-type sockaddrInet6 struct {
-	Len      uint8
-	Family   uint8
-	Port     uint16
-	Flowinfo uint32
-	Addr     [16]byte /* in6_addr */
-	Scope_id uint32
-}
-
 const (
 	sizeofIovec  = 0x8
 	sizeofMsghdr = 0x1c
-
-	sizeofSockaddrInet  = 0x10
-	sizeofSockaddrInet6 = 0x1c
 )
diff --git a/vendor/golang.org/x/net/internal/socket/zsys_openbsd_arm64.go b/vendor/golang.org/x/net/internal/socket/zsys_openbsd_arm64.go
index ea0ee008d7..b68ff2d57f 100644
--- a/vendor/golang.org/x/net/internal/socket/zsys_openbsd_arm64.go
+++ b/vendor/golang.org/x/net/internal/socket/zsys_openbsd_arm64.go
@@ -26,27 +26,7 @@ type cmsghdr struct {
 	Type  int32
 }
 
-type sockaddrInet struct {
-	Len    uint8
-	Family uint8
-	Port   uint16
-	Addr   [4]byte /* in_addr */
-	Zero   [8]int8
-}
-
-type sockaddrInet6 struct {
-	Len      uint8
-	Family   uint8
-	Port     uint16
-	Flowinfo uint32
-	Addr     [16]byte /* in6_addr */
-	Scope_id uint32
-}
-
 const (
 	sizeofIovec  = 0x10
 	sizeofMsghdr = 0x30
-
-	sizeofSockaddrInet  = 0x10
-	sizeofSockaddrInet6 = 0x1c
 )
diff --git a/vendor/golang.org/x/net/internal/socket/zsys_openbsd_mips64.go b/vendor/golang.org/x/net/internal/socket/zsys_openbsd_mips64.go
index 0112832400..3c9576e2d8 100644
--- a/vendor/golang.org/x/net/internal/socket/zsys_openbsd_mips64.go
+++ b/vendor/golang.org/x/net/internal/socket/zsys_openbsd_mips64.go
@@ -24,27 +24,7 @@ type cmsghdr struct {
 	Type  int32
 }
 
-type sockaddrInet struct {
-	Len    uint8
-	Family uint8
-	Port   uint16
-	Addr   [4]byte /* in_addr */
-	Zero   [8]int8
-}
-
-type sockaddrInet6 struct {
-	Len      uint8
-	Family   uint8
-	Port     uint16
-	Flowinfo uint32
-	Addr     [16]byte /* in6_addr */
-	Scope_id uint32
-}
-
 const (
 	sizeofIovec  = 0x10
 	sizeofMsghdr = 0x30
-
-	sizeofSockaddrInet  = 0x10
-	sizeofSockaddrInet6 = 0x1c
 )
diff --git a/vendor/golang.org/x/net/internal/socket/zsys_solaris_amd64.go b/vendor/golang.org/x/net/internal/socket/zsys_solaris_amd64.go
index 48b2b591f6..359cfec40a 100644
--- a/vendor/golang.org/x/net/internal/socket/zsys_solaris_amd64.go
+++ b/vendor/golang.org/x/net/internal/socket/zsys_solaris_amd64.go
@@ -26,26 +26,7 @@ type cmsghdr struct {
 	Type  int32
 }
 
-type sockaddrInet struct {
-	Family uint16
-	Port   uint16
-	Addr   [4]byte /* in_addr */
-	Zero   [8]int8
-}
-
-type sockaddrInet6 struct {
-	Family         uint16
-	Port           uint16
-	Flowinfo       uint32
-	Addr           [16]byte /* in6_addr */
-	Scope_id       uint32
-	X__sin6_src_id uint32
-}
-
 const (
 	sizeofIovec  = 0x10
 	sizeofMsghdr = 0x30
-
-	sizeofSockaddrInet  = 0x10
-	sizeofSockaddrInet6 = 0x20
 )
diff --git a/vendor/golang.org/x/net/internal/socket/zsys_zos_s390x.go b/vendor/golang.org/x/net/internal/socket/zsys_zos_s390x.go
index 514ca3754d..49b62c8561 100644
--- a/vendor/golang.org/x/net/internal/socket/zsys_zos_s390x.go
+++ b/vendor/golang.org/x/net/internal/socket/zsys_zos_s390x.go
@@ -25,8 +25,4 @@ type cmsghdr struct {
 	Type  int32
 }
 
-const (
-	sizeofCmsghdr       = 12
-	sizeofSockaddrInet  = 16
-	sizeofSockaddrInet6 = 28
-)
+const sizeofCmsghdr = 12
diff --git a/vendor/golang.org/x/net/ipv4/control_bsd.go b/vendor/golang.org/x/net/ipv4/control_bsd.go
index 6fef740f2f..b7385dfd95 100644
--- a/vendor/golang.org/x/net/ipv4/control_bsd.go
+++ b/vendor/golang.org/x/net/ipv4/control_bsd.go
@@ -14,11 +14,13 @@ import (
 
 	"golang.org/x/net/internal/iana"
 	"golang.org/x/net/internal/socket"
+
+	"golang.org/x/sys/unix"
 )
 
 func marshalDst(b []byte, cm *ControlMessage) []byte {
 	m := socket.ControlMessage(b)
-	m.MarshalHeader(iana.ProtocolIP, sysIP_RECVDSTADDR, net.IPv4len)
+	m.MarshalHeader(iana.ProtocolIP, unix.IP_RECVDSTADDR, net.IPv4len)
 	return m.Next(net.IPv4len)
 }
 
@@ -31,7 +33,7 @@ func parseDst(cm *ControlMessage, b []byte) {
 
 func marshalInterface(b []byte, cm *ControlMessage) []byte {
 	m := socket.ControlMessage(b)
-	m.MarshalHeader(iana.ProtocolIP, sysIP_RECVIF, syscall.SizeofSockaddrDatalink)
+	m.MarshalHeader(iana.ProtocolIP, sockoptReceiveInterface, syscall.SizeofSockaddrDatalink)
 	return m.Next(syscall.SizeofSockaddrDatalink)
 }
 
diff --git a/vendor/golang.org/x/net/ipv4/control_unix.go b/vendor/golang.org/x/net/ipv4/control_unix.go
index edce30f126..2413e02f8f 100644
--- a/vendor/golang.org/x/net/ipv4/control_unix.go
+++ b/vendor/golang.org/x/net/ipv4/control_unix.go
@@ -12,6 +12,8 @@ import (
 
 	"golang.org/x/net/internal/iana"
 	"golang.org/x/net/internal/socket"
+
+	"golang.org/x/sys/unix"
 )
 
 func setControlMessage(c *socket.Conn, opt *rawOpt, cf ControlFlags, on bool) error {
@@ -65,7 +67,7 @@ func setControlMessage(c *socket.Conn, opt *rawOpt, cf ControlFlags, on bool) er
 
 func marshalTTL(b []byte, cm *ControlMessage) []byte {
 	m := socket.ControlMessage(b)
-	m.MarshalHeader(iana.ProtocolIP, sysIP_RECVTTL, 1)
+	m.MarshalHeader(iana.ProtocolIP, unix.IP_RECVTTL, 1)
 	return m.Next(1)
 }
 
diff --git a/vendor/golang.org/x/net/ipv4/sys_aix.go b/vendor/golang.org/x/net/ipv4/sys_aix.go
index 7b65dd6ef4..02730cdfd2 100644
--- a/vendor/golang.org/x/net/ipv4/sys_aix.go
+++ b/vendor/golang.org/x/net/ipv4/sys_aix.go
@@ -18,6 +18,9 @@ import (
 	"golang.org/x/sys/unix"
 )
 
+// IP_RECVIF is defined on AIX but doesn't work. IP_RECVINTERFACE must be used instead.
+const sockoptReceiveInterface = unix.IP_RECVINTERFACE
+
 var (
 	ctlOpts = [ctlMax]ctlOpt{
 		ctlTTL:       {unix.IP_RECVTTL, 1, marshalTTL, parseTTL},
diff --git a/vendor/golang.org/x/net/ipv4/sys_bsd.go b/vendor/golang.org/x/net/ipv4/sys_bsd.go
index e8299b4145..e191b2f14f 100644
--- a/vendor/golang.org/x/net/ipv4/sys_bsd.go
+++ b/vendor/golang.org/x/net/ipv4/sys_bsd.go
@@ -17,6 +17,8 @@ import (
 	"golang.org/x/sys/unix"
 )
 
+const sockoptReceiveInterface = unix.IP_RECVIF
+
 var (
 	ctlOpts = [ctlMax]ctlOpt{
 		ctlTTL:       {unix.IP_RECVTTL, 1, marshalTTL, parseTTL},
diff --git a/vendor/golang.org/x/net/ipv4/sys_darwin.go b/vendor/golang.org/x/net/ipv4/sys_darwin.go
index f6bf8eddb6..c5527acf62 100644
--- a/vendor/golang.org/x/net/ipv4/sys_darwin.go
+++ b/vendor/golang.org/x/net/ipv4/sys_darwin.go
@@ -15,6 +15,8 @@ import (
 	"golang.org/x/sys/unix"
 )
 
+const sockoptReceiveInterface = unix.IP_RECVIF
+
 var (
 	ctlOpts = [ctlMax]ctlOpt{
 		ctlTTL:        {unix.IP_RECVTTL, 1, marshalTTL, parseTTL},
diff --git a/vendor/golang.org/x/net/ipv4/sys_dragonfly.go b/vendor/golang.org/x/net/ipv4/sys_dragonfly.go
index f34925c05e..0620d0e1ea 100644
--- a/vendor/golang.org/x/net/ipv4/sys_dragonfly.go
+++ b/vendor/golang.org/x/net/ipv4/sys_dragonfly.go
@@ -14,6 +14,8 @@ import (
 	"golang.org/x/sys/unix"
 )
 
+const sockoptReceiveInterface = unix.IP_RECVIF
+
 var (
 	ctlOpts = [ctlMax]ctlOpt{
 		ctlTTL:       {unix.IP_RECVTTL, 1, marshalTTL, parseTTL},
diff --git a/vendor/golang.org/x/net/ipv4/sys_freebsd.go b/vendor/golang.org/x/net/ipv4/sys_freebsd.go
index cba9063022..7457bfde92 100644
--- a/vendor/golang.org/x/net/ipv4/sys_freebsd.go
+++ b/vendor/golang.org/x/net/ipv4/sys_freebsd.go
@@ -17,6 +17,8 @@ import (
 	"golang.org/x/sys/unix"
 )
 
+const sockoptReceiveInterface = unix.IP_RECVIF
+
 var (
 	ctlOpts = [ctlMax]ctlOpt{
 		ctlTTL:       {unix.IP_RECVTTL, 1, marshalTTL, parseTTL},
diff --git a/vendor/golang.org/x/net/ipv4/sys_solaris.go b/vendor/golang.org/x/net/ipv4/sys_solaris.go
index b79b695834..0bb9f3e364 100644
--- a/vendor/golang.org/x/net/ipv4/sys_solaris.go
+++ b/vendor/golang.org/x/net/ipv4/sys_solaris.go
@@ -15,6 +15,8 @@ import (
 	"golang.org/x/sys/unix"
 )
 
+const sockoptReceiveInterface = unix.IP_RECVIF
+
 var (
 	ctlOpts = [ctlMax]ctlOpt{
 		ctlTTL:        {unix.IP_RECVTTL, 4, marshalTTL, parseTTL},
diff --git a/vendor/golang.org/x/net/ipv4/zsys_aix_ppc64.go b/vendor/golang.org/x/net/ipv4/zsys_aix_ppc64.go
index 42a81863c3..b7f2d6e5c1 100644
--- a/vendor/golang.org/x/net/ipv4/zsys_aix_ppc64.go
+++ b/vendor/golang.org/x/net/ipv4/zsys_aix_ppc64.go
@@ -8,10 +8,6 @@
 package ipv4
 
 const (
-	sysIP_RECVDSTADDR = 0x7
-	sysIP_RECVIF      = 0x20
-	sysIP_RECVTTL     = 0x22
-
 	sizeofIPMreq = 0x8
 )
 
diff --git a/vendor/golang.org/x/net/ipv4/zsys_darwin.go b/vendor/golang.org/x/net/ipv4/zsys_darwin.go
index d14b871715..9c35f97675 100644
--- a/vendor/golang.org/x/net/ipv4/zsys_darwin.go
+++ b/vendor/golang.org/x/net/ipv4/zsys_darwin.go
@@ -4,10 +4,6 @@
 package ipv4
 
 const (
-	sysIP_RECVDSTADDR = 0x7
-	sysIP_RECVIF      = 0x14
-	sysIP_RECVTTL     = 0x18
-
 	sizeofSockaddrStorage = 0x80
 	sizeofSockaddrInet    = 0x10
 	sizeofInetPktinfo     = 0xc
diff --git a/vendor/golang.org/x/net/ipv4/zsys_dragonfly.go b/vendor/golang.org/x/net/ipv4/zsys_dragonfly.go
index 9631421dad..2155df130a 100644
--- a/vendor/golang.org/x/net/ipv4/zsys_dragonfly.go
+++ b/vendor/golang.org/x/net/ipv4/zsys_dragonfly.go
@@ -4,10 +4,6 @@
 package ipv4
 
 const (
-	sysIP_RECVDSTADDR = 0x7
-	sysIP_RECVIF      = 0x14
-	sysIP_RECVTTL     = 0x41
-
 	sizeofIPMreq = 0x8
 )
 
diff --git a/vendor/golang.org/x/net/ipv4/zsys_freebsd_386.go b/vendor/golang.org/x/net/ipv4/zsys_freebsd_386.go
index 9a0e3283d2..b2208a45db 100644
--- a/vendor/golang.org/x/net/ipv4/zsys_freebsd_386.go
+++ b/vendor/golang.org/x/net/ipv4/zsys_freebsd_386.go
@@ -4,10 +4,6 @@
 package ipv4
 
 const (
-	sysIP_RECVDSTADDR = 0x7
-	sysIP_RECVIF      = 0x14
-	sysIP_RECVTTL     = 0x41
-
 	sizeofSockaddrStorage = 0x80
 	sizeofSockaddrInet    = 0x10
 
diff --git a/vendor/golang.org/x/net/ipv4/zsys_freebsd_amd64.go b/vendor/golang.org/x/net/ipv4/zsys_freebsd_amd64.go
index 143623bbd7..6719f19479 100644
--- a/vendor/golang.org/x/net/ipv4/zsys_freebsd_amd64.go
+++ b/vendor/golang.org/x/net/ipv4/zsys_freebsd_amd64.go
@@ -4,10 +4,6 @@
 package ipv4
 
 const (
-	sysIP_RECVDSTADDR = 0x7
-	sysIP_RECVIF      = 0x14
-	sysIP_RECVTTL     = 0x41
-
 	sizeofSockaddrStorage = 0x80
 	sizeofSockaddrInet    = 0x10
 
diff --git a/vendor/golang.org/x/net/ipv4/zsys_freebsd_arm.go b/vendor/golang.org/x/net/ipv4/zsys_freebsd_arm.go
index 143623bbd7..6719f19479 100644
--- a/vendor/golang.org/x/net/ipv4/zsys_freebsd_arm.go
+++ b/vendor/golang.org/x/net/ipv4/zsys_freebsd_arm.go
@@ -4,10 +4,6 @@
 package ipv4
 
 const (
-	sysIP_RECVDSTADDR = 0x7
-	sysIP_RECVIF      = 0x14
-	sysIP_RECVTTL     = 0x41
-
 	sizeofSockaddrStorage = 0x80
 	sizeofSockaddrInet    = 0x10
 
diff --git a/vendor/golang.org/x/net/ipv4/zsys_freebsd_arm64.go b/vendor/golang.org/x/net/ipv4/zsys_freebsd_arm64.go
index 1be70237fe..07a5f5d7e1 100644
--- a/vendor/golang.org/x/net/ipv4/zsys_freebsd_arm64.go
+++ b/vendor/golang.org/x/net/ipv4/zsys_freebsd_arm64.go
@@ -4,10 +4,6 @@
 package ipv4
 
 const (
-	sysIP_RECVDSTADDR = 0x7
-	sysIP_RECVIF      = 0x14
-	sysIP_RECVTTL     = 0x41
-
 	sizeofSockaddrStorage = 0x80
 	sizeofSockaddrInet    = 0x10
 
diff --git a/vendor/golang.org/x/net/ipv4/zsys_linux_386.go b/vendor/golang.org/x/net/ipv4/zsys_linux_386.go
index 8c5795ea64..a8e3c26267 100644
--- a/vendor/golang.org/x/net/ipv4/zsys_linux_386.go
+++ b/vendor/golang.org/x/net/ipv4/zsys_linux_386.go
@@ -4,8 +4,6 @@
 package ipv4
 
 const (
-	sysIP_RECVTTL = 0xc
-
 	sizeofKernelSockaddrStorage = 0x80
 	sizeofSockaddrInet          = 0x10
 	sizeofInetPktinfo           = 0xc
diff --git a/vendor/golang.org/x/net/ipv4/zsys_linux_amd64.go b/vendor/golang.org/x/net/ipv4/zsys_linux_amd64.go
index 7b40aa1b62..7291f96a02 100644
--- a/vendor/golang.org/x/net/ipv4/zsys_linux_amd64.go
+++ b/vendor/golang.org/x/net/ipv4/zsys_linux_amd64.go
@@ -4,8 +4,6 @@
 package ipv4
 
 const (
-	sysIP_RECVTTL = 0xc
-
 	sizeofKernelSockaddrStorage = 0x80
 	sizeofSockaddrInet          = 0x10
 	sizeofInetPktinfo           = 0xc
diff --git a/vendor/golang.org/x/net/ipv4/zsys_linux_arm.go b/vendor/golang.org/x/net/ipv4/zsys_linux_arm.go
index 8c5795ea64..a8e3c26267 100644
--- a/vendor/golang.org/x/net/ipv4/zsys_linux_arm.go
+++ b/vendor/golang.org/x/net/ipv4/zsys_linux_arm.go
@@ -4,8 +4,6 @@
 package ipv4
 
 const (
-	sysIP_RECVTTL = 0xc
-
 	sizeofKernelSockaddrStorage = 0x80
 	sizeofSockaddrInet          = 0x10
 	sizeofInetPktinfo           = 0xc
diff --git a/vendor/golang.org/x/net/ipv4/zsys_linux_arm64.go b/vendor/golang.org/x/net/ipv4/zsys_linux_arm64.go
index 7b40aa1b62..7291f96a02 100644
--- a/vendor/golang.org/x/net/ipv4/zsys_linux_arm64.go
+++ b/vendor/golang.org/x/net/ipv4/zsys_linux_arm64.go
@@ -4,8 +4,6 @@
 package ipv4
 
 const (
-	sysIP_RECVTTL = 0xc
-
 	sizeofKernelSockaddrStorage = 0x80
 	sizeofSockaddrInet          = 0x10
 	sizeofInetPktinfo           = 0xc
diff --git a/vendor/golang.org/x/net/ipv4/zsys_linux_mips.go b/vendor/golang.org/x/net/ipv4/zsys_linux_mips.go
index 8c5795ea64..a8e3c26267 100644
--- a/vendor/golang.org/x/net/ipv4/zsys_linux_mips.go
+++ b/vendor/golang.org/x/net/ipv4/zsys_linux_mips.go
@@ -4,8 +4,6 @@
 package ipv4
 
 const (
-	sysIP_RECVTTL = 0xc
-
 	sizeofKernelSockaddrStorage = 0x80
 	sizeofSockaddrInet          = 0x10
 	sizeofInetPktinfo           = 0xc
diff --git a/vendor/golang.org/x/net/ipv4/zsys_linux_mips64.go b/vendor/golang.org/x/net/ipv4/zsys_linux_mips64.go
index 7b40aa1b62..7291f96a02 100644
--- a/vendor/golang.org/x/net/ipv4/zsys_linux_mips64.go
+++ b/vendor/golang.org/x/net/ipv4/zsys_linux_mips64.go
@@ -4,8 +4,6 @@
 package ipv4
 
 const (
-	sysIP_RECVTTL = 0xc
-
 	sizeofKernelSockaddrStorage = 0x80
 	sizeofSockaddrInet          = 0x10
 	sizeofInetPktinfo           = 0xc
diff --git a/vendor/golang.org/x/net/ipv4/zsys_linux_mips64le.go b/vendor/golang.org/x/net/ipv4/zsys_linux_mips64le.go
index 7b40aa1b62..7291f96a02 100644
--- a/vendor/golang.org/x/net/ipv4/zsys_linux_mips64le.go
+++ b/vendor/golang.org/x/net/ipv4/zsys_linux_mips64le.go
@@ -4,8 +4,6 @@
 package ipv4
 
 const (
-	sysIP_RECVTTL = 0xc
-
 	sizeofKernelSockaddrStorage = 0x80
 	sizeofSockaddrInet          = 0x10
 	sizeofInetPktinfo           = 0xc
diff --git a/vendor/golang.org/x/net/ipv4/zsys_linux_mipsle.go b/vendor/golang.org/x/net/ipv4/zsys_linux_mipsle.go
index 8c5795ea64..a8e3c26267 100644
--- a/vendor/golang.org/x/net/ipv4/zsys_linux_mipsle.go
+++ b/vendor/golang.org/x/net/ipv4/zsys_linux_mipsle.go
@@ -4,8 +4,6 @@
 package ipv4
 
 const (
-	sysIP_RECVTTL = 0xc
-
 	sizeofKernelSockaddrStorage = 0x80
 	sizeofSockaddrInet          = 0x10
 	sizeofInetPktinfo           = 0xc
diff --git a/vendor/golang.org/x/net/ipv4/zsys_linux_ppc.go b/vendor/golang.org/x/net/ipv4/zsys_linux_ppc.go
index 2c9e7e3cba..b9adb2af2b 100644
--- a/vendor/golang.org/x/net/ipv4/zsys_linux_ppc.go
+++ b/vendor/golang.org/x/net/ipv4/zsys_linux_ppc.go
@@ -4,8 +4,6 @@
 package ipv4
 
 const (
-	sysIP_RECVTTL = 0xc
-
 	sizeofKernelSockaddrStorage = 0x80
 	sizeofSockaddrInet          = 0x10
 	sizeofInetPktinfo           = 0xc
diff --git a/vendor/golang.org/x/net/ipv4/zsys_linux_ppc64.go b/vendor/golang.org/x/net/ipv4/zsys_linux_ppc64.go
index 7b40aa1b62..7291f96a02 100644
--- a/vendor/golang.org/x/net/ipv4/zsys_linux_ppc64.go
+++ b/vendor/golang.org/x/net/ipv4/zsys_linux_ppc64.go
@@ -4,8 +4,6 @@
 package ipv4
 
 const (
-	sysIP_RECVTTL = 0xc
-
 	sizeofKernelSockaddrStorage = 0x80
 	sizeofSockaddrInet          = 0x10
 	sizeofInetPktinfo           = 0xc
diff --git a/vendor/golang.org/x/net/ipv4/zsys_linux_ppc64le.go b/vendor/golang.org/x/net/ipv4/zsys_linux_ppc64le.go
index 7b40aa1b62..7291f96a02 100644
--- a/vendor/golang.org/x/net/ipv4/zsys_linux_ppc64le.go
+++ b/vendor/golang.org/x/net/ipv4/zsys_linux_ppc64le.go
@@ -4,8 +4,6 @@
 package ipv4
 
 const (
-	sysIP_RECVTTL = 0xc
-
 	sizeofKernelSockaddrStorage = 0x80
 	sizeofSockaddrInet          = 0x10
 	sizeofInetPktinfo           = 0xc
diff --git a/vendor/golang.org/x/net/ipv4/zsys_linux_riscv64.go b/vendor/golang.org/x/net/ipv4/zsys_linux_riscv64.go
index b31766a02b..b24d2649d1 100644
--- a/vendor/golang.org/x/net/ipv4/zsys_linux_riscv64.go
+++ b/vendor/golang.org/x/net/ipv4/zsys_linux_riscv64.go
@@ -7,8 +7,6 @@
 package ipv4
 
 const (
-	sysIP_RECVTTL = 0xc
-
 	sizeofKernelSockaddrStorage = 0x80
 	sizeofSockaddrInet          = 0x10
 	sizeofInetPktinfo           = 0xc
diff --git a/vendor/golang.org/x/net/ipv4/zsys_linux_s390x.go b/vendor/golang.org/x/net/ipv4/zsys_linux_s390x.go
index 7b40aa1b62..7291f96a02 100644
--- a/vendor/golang.org/x/net/ipv4/zsys_linux_s390x.go
+++ b/vendor/golang.org/x/net/ipv4/zsys_linux_s390x.go
@@ -4,8 +4,6 @@
 package ipv4
 
 const (
-	sysIP_RECVTTL = 0xc
-
 	sizeofKernelSockaddrStorage = 0x80
 	sizeofSockaddrInet          = 0x10
 	sizeofInetPktinfo           = 0xc
diff --git a/vendor/golang.org/x/net/ipv4/zsys_netbsd.go b/vendor/golang.org/x/net/ipv4/zsys_netbsd.go
index df99ef6939..a2ef2f6d6d 100644
--- a/vendor/golang.org/x/net/ipv4/zsys_netbsd.go
+++ b/vendor/golang.org/x/net/ipv4/zsys_netbsd.go
@@ -4,10 +4,6 @@
 package ipv4
 
 const (
-	sysIP_RECVDSTADDR = 0x7
-	sysIP_RECVIF      = 0x14
-	sysIP_RECVTTL     = 0x17
-
 	sizeofIPMreq = 0x8
 )
 
diff --git a/vendor/golang.org/x/net/ipv4/zsys_openbsd.go b/vendor/golang.org/x/net/ipv4/zsys_openbsd.go
index 9052a9bd42..b293a338f8 100644
--- a/vendor/golang.org/x/net/ipv4/zsys_openbsd.go
+++ b/vendor/golang.org/x/net/ipv4/zsys_openbsd.go
@@ -4,10 +4,6 @@
 package ipv4
 
 const (
-	sysIP_RECVDSTADDR = 0x7
-	sysIP_RECVIF      = 0x1e
-	sysIP_RECVTTL     = 0x1f
-
 	sizeofIPMreq = 0x8
 )
 
diff --git a/vendor/golang.org/x/net/ipv4/zsys_solaris.go b/vendor/golang.org/x/net/ipv4/zsys_solaris.go
index 1cdc45c270..e1a961bb61 100644
--- a/vendor/golang.org/x/net/ipv4/zsys_solaris.go
+++ b/vendor/golang.org/x/net/ipv4/zsys_solaris.go
@@ -4,10 +4,6 @@
 package ipv4
 
 const (
-	sysIP_RECVDSTADDR = 0x7
-	sysIP_RECVIF      = 0x9
-	sysIP_RECVTTL     = 0xb
-
 	sizeofSockaddrStorage = 0x100
 	sizeofSockaddrInet    = 0x10
 	sizeofInetPktinfo     = 0xc
diff --git a/vendor/golang.org/x/net/ipv6/control_rfc3542_unix.go b/vendor/golang.org/x/net/ipv6/control_rfc3542_unix.go
index 2422194195..9c90844aac 100644
--- a/vendor/golang.org/x/net/ipv6/control_rfc3542_unix.go
+++ b/vendor/golang.org/x/net/ipv6/control_rfc3542_unix.go
@@ -13,11 +13,13 @@ import (
 
 	"golang.org/x/net/internal/iana"
 	"golang.org/x/net/internal/socket"
+
+	"golang.org/x/sys/unix"
 )
 
 func marshalTrafficClass(b []byte, cm *ControlMessage) []byte {
 	m := socket.ControlMessage(b)
-	m.MarshalHeader(iana.ProtocolIPv6, sysIPV6_TCLASS, 4)
+	m.MarshalHeader(iana.ProtocolIPv6, unix.IPV6_TCLASS, 4)
 	if cm != nil {
 		socket.NativeEndian.PutUint32(m.Data(4), uint32(cm.TrafficClass))
 	}
@@ -30,7 +32,7 @@ func parseTrafficClass(cm *ControlMessage, b []byte) {
 
 func marshalHopLimit(b []byte, cm *ControlMessage) []byte {
 	m := socket.ControlMessage(b)
-	m.MarshalHeader(iana.ProtocolIPv6, sysIPV6_HOPLIMIT, 4)
+	m.MarshalHeader(iana.ProtocolIPv6, unix.IPV6_HOPLIMIT, 4)
 	if cm != nil {
 		socket.NativeEndian.PutUint32(m.Data(4), uint32(cm.HopLimit))
 	}
@@ -43,7 +45,7 @@ func parseHopLimit(cm *ControlMessage, b []byte) {
 
 func marshalPacketInfo(b []byte, cm *ControlMessage) []byte {
 	m := socket.ControlMessage(b)
-	m.MarshalHeader(iana.ProtocolIPv6, sysIPV6_PKTINFO, sizeofInet6Pktinfo)
+	m.MarshalHeader(iana.ProtocolIPv6, unix.IPV6_PKTINFO, sizeofInet6Pktinfo)
 	if cm != nil {
 		pi := (*inet6Pktinfo)(unsafe.Pointer(&m.Data(sizeofInet6Pktinfo)[0]))
 		if ip := cm.Src.To16(); ip != nil && ip.To4() == nil {
@@ -67,7 +69,7 @@ func parsePacketInfo(cm *ControlMessage, b []byte) {
 
 func marshalNextHop(b []byte, cm *ControlMessage) []byte {
 	m := socket.ControlMessage(b)
-	m.MarshalHeader(iana.ProtocolIPv6, sysIPV6_NEXTHOP, sizeofSockaddrInet6)
+	m.MarshalHeader(iana.ProtocolIPv6, unix.IPV6_NEXTHOP, sizeofSockaddrInet6)
 	if cm != nil {
 		sa := (*sockaddrInet6)(unsafe.Pointer(&m.Data(sizeofSockaddrInet6)[0]))
 		sa.setSockaddr(cm.NextHop, cm.IfIndex)
@@ -80,7 +82,7 @@ func parseNextHop(cm *ControlMessage, b []byte) {
 
 func marshalPathMTU(b []byte, cm *ControlMessage) []byte {
 	m := socket.ControlMessage(b)
-	m.MarshalHeader(iana.ProtocolIPv6, sysIPV6_PATHMTU, sizeofIPv6Mtuinfo)
+	m.MarshalHeader(iana.ProtocolIPv6, unix.IPV6_PATHMTU, sizeofIPv6Mtuinfo)
 	return m.Next(sizeofIPv6Mtuinfo)
 }
 
diff --git a/vendor/golang.org/x/net/ipv6/sys_solaris.go b/vendor/golang.org/x/net/ipv6/sys_solaris.go
index d348b5f6e4..1fc30add4d 100644
--- a/vendor/golang.org/x/net/ipv6/sys_solaris.go
+++ b/vendor/golang.org/x/net/ipv6/sys_solaris.go
@@ -11,36 +11,38 @@ import (
 
 	"golang.org/x/net/internal/iana"
 	"golang.org/x/net/internal/socket"
+
+	"golang.org/x/sys/unix"
 )
 
 var (
 	ctlOpts = [ctlMax]ctlOpt{
-		ctlTrafficClass: {sysIPV6_TCLASS, 4, marshalTrafficClass, parseTrafficClass},
-		ctlHopLimit:     {sysIPV6_HOPLIMIT, 4, marshalHopLimit, parseHopLimit},
-		ctlPacketInfo:   {sysIPV6_PKTINFO, sizeofInet6Pktinfo, marshalPacketInfo, parsePacketInfo},
-		ctlNextHop:      {sysIPV6_NEXTHOP, sizeofSockaddrInet6, marshalNextHop, parseNextHop},
-		ctlPathMTU:      {sysIPV6_PATHMTU, sizeofIPv6Mtuinfo, marshalPathMTU, parsePathMTU},
+		ctlTrafficClass: {unix.IPV6_TCLASS, 4, marshalTrafficClass, parseTrafficClass},
+		ctlHopLimit:     {unix.IPV6_HOPLIMIT, 4, marshalHopLimit, parseHopLimit},
+		ctlPacketInfo:   {unix.IPV6_PKTINFO, sizeofInet6Pktinfo, marshalPacketInfo, parsePacketInfo},
+		ctlNextHop:      {unix.IPV6_NEXTHOP, sizeofSockaddrInet6, marshalNextHop, parseNextHop},
+		ctlPathMTU:      {unix.IPV6_PATHMTU, sizeofIPv6Mtuinfo, marshalPathMTU, parsePathMTU},
 	}
 
 	sockOpts = map[int]*sockOpt{
-		ssoTrafficClass:        {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_TCLASS, Len: 4}},
-		ssoHopLimit:            {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_UNICAST_HOPS, Len: 4}},
-		ssoMulticastInterface:  {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_MULTICAST_IF, Len: 4}},
-		ssoMulticastHopLimit:   {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_MULTICAST_HOPS, Len: 4}},
-		ssoMulticastLoopback:   {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_MULTICAST_LOOP, Len: 4}},
-		ssoReceiveTrafficClass: {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_RECVTCLASS, Len: 4}},
-		ssoReceiveHopLimit:     {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_RECVHOPLIMIT, Len: 4}},
-		ssoReceivePacketInfo:   {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_RECVPKTINFO, Len: 4}},
-		ssoReceivePathMTU:      {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_RECVPATHMTU, Len: 4}},
-		ssoPathMTU:             {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_PATHMTU, Len: sizeofIPv6Mtuinfo}},
-		ssoChecksum:            {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_CHECKSUM, Len: 4}},
-		ssoICMPFilter:          {Option: socket.Option{Level: iana.ProtocolIPv6ICMP, Name: sysICMP6_FILTER, Len: sizeofICMPv6Filter}},
-		ssoJoinGroup:           {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysMCAST_JOIN_GROUP, Len: sizeofGroupReq}, typ: ssoTypeGroupReq},
-		ssoLeaveGroup:          {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysMCAST_LEAVE_GROUP, Len: sizeofGroupReq}, typ: ssoTypeGroupReq},
-		ssoJoinSourceGroup:     {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysMCAST_JOIN_SOURCE_GROUP, Len: sizeofGroupSourceReq}, typ: ssoTypeGroupSourceReq},
-		ssoLeaveSourceGroup:    {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysMCAST_LEAVE_SOURCE_GROUP, Len: sizeofGroupSourceReq}, typ: ssoTypeGroupSourceReq},
-		ssoBlockSourceGroup:    {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysMCAST_BLOCK_SOURCE, Len: sizeofGroupSourceReq}, typ: ssoTypeGroupSourceReq},
-		ssoUnblockSourceGroup:  {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysMCAST_UNBLOCK_SOURCE, Len: sizeofGroupSourceReq}, typ: ssoTypeGroupSourceReq},
+		ssoTrafficClass:        {Option: socket.Option{Level: iana.ProtocolIPv6, Name: unix.IPV6_TCLASS, Len: 4}},
+		ssoHopLimit:            {Option: socket.Option{Level: iana.ProtocolIPv6, Name: unix.IPV6_UNICAST_HOPS, Len: 4}},
+		ssoMulticastInterface:  {Option: socket.Option{Level: iana.ProtocolIPv6, Name: unix.IPV6_MULTICAST_IF, Len: 4}},
+		ssoMulticastHopLimit:   {Option: socket.Option{Level: iana.ProtocolIPv6, Name: unix.IPV6_MULTICAST_HOPS, Len: 4}},
+		ssoMulticastLoopback:   {Option: socket.Option{Level: iana.ProtocolIPv6, Name: unix.IPV6_MULTICAST_LOOP, Len: 4}},
+		ssoReceiveTrafficClass: {Option: socket.Option{Level: iana.ProtocolIPv6, Name: unix.IPV6_RECVTCLASS, Len: 4}},
+		ssoReceiveHopLimit:     {Option: socket.Option{Level: iana.ProtocolIPv6, Name: unix.IPV6_RECVHOPLIMIT, Len: 4}},
+		ssoReceivePacketInfo:   {Option: socket.Option{Level: iana.ProtocolIPv6, Name: unix.IPV6_RECVPKTINFO, Len: 4}},
+		ssoReceivePathMTU:      {Option: socket.Option{Level: iana.ProtocolIPv6, Name: unix.IPV6_RECVPATHMTU, Len: 4}},
+		ssoPathMTU:             {Option: socket.Option{Level: iana.ProtocolIPv6, Name: unix.IPV6_PATHMTU, Len: sizeofIPv6Mtuinfo}},
+		ssoChecksum:            {Option: socket.Option{Level: iana.ProtocolIPv6, Name: unix.IPV6_CHECKSUM, Len: 4}},
+		ssoICMPFilter:          {Option: socket.Option{Level: iana.ProtocolIPv6ICMP, Name: unix.ICMP6_FILTER, Len: sizeofICMPv6Filter}},
+		ssoJoinGroup:           {Option: socket.Option{Level: iana.ProtocolIPv6, Name: unix.MCAST_JOIN_GROUP, Len: sizeofGroupReq}, typ: ssoTypeGroupReq},
+		ssoLeaveGroup:          {Option: socket.Option{Level: iana.ProtocolIPv6, Name: unix.MCAST_LEAVE_GROUP, Len: sizeofGroupReq}, typ: ssoTypeGroupReq},
+		ssoJoinSourceGroup:     {Option: socket.Option{Level: iana.ProtocolIPv6, Name: unix.MCAST_JOIN_SOURCE_GROUP, Len: sizeofGroupSourceReq}, typ: ssoTypeGroupSourceReq},
+		ssoLeaveSourceGroup:    {Option: socket.Option{Level: iana.ProtocolIPv6, Name: unix.MCAST_LEAVE_SOURCE_GROUP, Len: sizeofGroupSourceReq}, typ: ssoTypeGroupSourceReq},
+		ssoBlockSourceGroup:    {Option: socket.Option{Level: iana.ProtocolIPv6, Name: unix.MCAST_BLOCK_SOURCE, Len: sizeofGroupSourceReq}, typ: ssoTypeGroupSourceReq},
+		ssoUnblockSourceGroup:  {Option: socket.Option{Level: iana.ProtocolIPv6, Name: unix.MCAST_UNBLOCK_SOURCE, Len: sizeofGroupSourceReq}, typ: ssoTypeGroupSourceReq},
 	}
 )
 
diff --git a/vendor/golang.org/x/net/ipv6/sys_zos.go b/vendor/golang.org/x/net/ipv6/sys_zos.go
index d4567f908f..31adc86655 100644
--- a/vendor/golang.org/x/net/ipv6/sys_zos.go
+++ b/vendor/golang.org/x/net/ipv6/sys_zos.go
@@ -11,33 +11,35 @@ import (
 
 	"golang.org/x/net/internal/iana"
 	"golang.org/x/net/internal/socket"
+
+	"golang.org/x/sys/unix"
 )
 
 var (
 	ctlOpts = [ctlMax]ctlOpt{
-		ctlHopLimit:   {sysIPV6_HOPLIMIT, 4, marshalHopLimit, parseHopLimit},
-		ctlPacketInfo: {sysIPV6_PKTINFO, sizeofInet6Pktinfo, marshalPacketInfo, parsePacketInfo},
-		ctlPathMTU:    {sysIPV6_PATHMTU, sizeofIPv6Mtuinfo, marshalPathMTU, parsePathMTU},
+		ctlHopLimit:   {unix.IPV6_HOPLIMIT, 4, marshalHopLimit, parseHopLimit},
+		ctlPacketInfo: {unix.IPV6_PKTINFO, sizeofInet6Pktinfo, marshalPacketInfo, parsePacketInfo},
+		ctlPathMTU:    {unix.IPV6_PATHMTU, sizeofIPv6Mtuinfo, marshalPathMTU, parsePathMTU},
 	}
 
 	sockOpts = map[int]*sockOpt{
-		ssoTrafficClass:        {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_TCLASS, Len: 4}},
-		ssoHopLimit:            {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_UNICAST_HOPS, Len: 4}},
-		ssoMulticastInterface:  {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_MULTICAST_IF, Len: 4}},
-		ssoMulticastHopLimit:   {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_MULTICAST_HOPS, Len: 4}},
-		ssoMulticastLoopback:   {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_MULTICAST_LOOP, Len: 4}},
-		ssoReceiveTrafficClass: {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_RECVTCLASS, Len: 4}},
-		ssoReceiveHopLimit:     {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_RECVHOPLIMIT, Len: 4}},
-		ssoReceivePacketInfo:   {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_RECVPKTINFO, Len: 4}},
-		ssoReceivePathMTU:      {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_RECVPATHMTU, Len: 4}},
-		ssoChecksum:            {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_CHECKSUM, Len: 4}},
-		ssoICMPFilter:          {Option: socket.Option{Level: iana.ProtocolIPv6ICMP, Name: sysICMP6_FILTER, Len: sizeofICMPv6Filter}},
-		ssoJoinGroup:           {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysMCAST_JOIN_GROUP, Len: sizeofGroupReq}, typ: ssoTypeGroupReq},
-		ssoLeaveGroup:          {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysMCAST_LEAVE_GROUP, Len: sizeofGroupReq}, typ: ssoTypeGroupReq},
-		ssoJoinSourceGroup:     {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysMCAST_JOIN_SOURCE_GROUP, Len: sizeofGroupSourceReq}, typ: ssoTypeGroupSourceReq},
-		ssoLeaveSourceGroup:    {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysMCAST_LEAVE_SOURCE_GROUP, Len: sizeofGroupSourceReq}, typ: ssoTypeGroupSourceReq},
-		ssoBlockSourceGroup:    {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysMCAST_BLOCK_SOURCE, Len: sizeofGroupSourceReq}, typ: ssoTypeGroupSourceReq},
-		ssoUnblockSourceGroup:  {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysMCAST_UNBLOCK_SOURCE, Len: sizeofGroupSourceReq}, typ: ssoTypeGroupSourceReq},
+		ssoTrafficClass:        {Option: socket.Option{Level: iana.ProtocolIPv6, Name: unix.IPV6_TCLASS, Len: 4}},
+		ssoHopLimit:            {Option: socket.Option{Level: iana.ProtocolIPv6, Name: unix.IPV6_UNICAST_HOPS, Len: 4}},
+		ssoMulticastInterface:  {Option: socket.Option{Level: iana.ProtocolIPv6, Name: unix.IPV6_MULTICAST_IF, Len: 4}},
+		ssoMulticastHopLimit:   {Option: socket.Option{Level: iana.ProtocolIPv6, Name: unix.IPV6_MULTICAST_HOPS, Len: 4}},
+		ssoMulticastLoopback:   {Option: socket.Option{Level: iana.ProtocolIPv6, Name: unix.IPV6_MULTICAST_LOOP, Len: 4}},
+		ssoReceiveTrafficClass: {Option: socket.Option{Level: iana.ProtocolIPv6, Name: unix.IPV6_RECVTCLASS, Len: 4}},
+		ssoReceiveHopLimit:     {Option: socket.Option{Level: iana.ProtocolIPv6, Name: unix.IPV6_RECVHOPLIMIT, Len: 4}},
+		ssoReceivePacketInfo:   {Option: socket.Option{Level: iana.ProtocolIPv6, Name: unix.IPV6_RECVPKTINFO, Len: 4}},
+		ssoReceivePathMTU:      {Option: socket.Option{Level: iana.ProtocolIPv6, Name: unix.IPV6_RECVPATHMTU, Len: 4}},
+		ssoChecksum:            {Option: socket.Option{Level: iana.ProtocolIPv6, Name: unix.IPV6_CHECKSUM, Len: 4}},
+		ssoICMPFilter:          {Option: socket.Option{Level: iana.ProtocolIPv6ICMP, Name: unix.ICMP6_FILTER, Len: sizeofICMPv6Filter}},
+		ssoJoinGroup:           {Option: socket.Option{Level: iana.ProtocolIPv6, Name: unix.MCAST_JOIN_GROUP, Len: sizeofGroupReq}, typ: ssoTypeGroupReq},
+		ssoLeaveGroup:          {Option: socket.Option{Level: iana.ProtocolIPv6, Name: unix.MCAST_LEAVE_GROUP, Len: sizeofGroupReq}, typ: ssoTypeGroupReq},
+		ssoJoinSourceGroup:     {Option: socket.Option{Level: iana.ProtocolIPv6, Name: unix.MCAST_JOIN_SOURCE_GROUP, Len: sizeofGroupSourceReq}, typ: ssoTypeGroupSourceReq},
+		ssoLeaveSourceGroup:    {Option: socket.Option{Level: iana.ProtocolIPv6, Name: unix.MCAST_LEAVE_SOURCE_GROUP, Len: sizeofGroupSourceReq}, typ: ssoTypeGroupSourceReq},
+		ssoBlockSourceGroup:    {Option: socket.Option{Level: iana.ProtocolIPv6, Name: unix.MCAST_BLOCK_SOURCE, Len: sizeofGroupSourceReq}, typ: ssoTypeGroupSourceReq},
+		ssoUnblockSourceGroup:  {Option: socket.Option{Level: iana.ProtocolIPv6, Name: unix.MCAST_UNBLOCK_SOURCE, Len: sizeofGroupSourceReq}, typ: ssoTypeGroupSourceReq},
 	}
 )
 
diff --git a/vendor/golang.org/x/net/ipv6/zsys_aix_ppc64.go b/vendor/golang.org/x/net/ipv6/zsys_aix_ppc64.go
index 869f4b2bc9..f604b0f3b4 100644
--- a/vendor/golang.org/x/net/ipv6/zsys_aix_ppc64.go
+++ b/vendor/golang.org/x/net/ipv6/zsys_aix_ppc64.go
@@ -8,12 +8,6 @@
 package ipv6
 
 const (
-	sysIPV6_PATHMTU  = 0x2e
-	sysIPV6_PKTINFO  = 0x21
-	sysIPV6_HOPLIMIT = 0x28
-	sysIPV6_NEXTHOP  = 0x30
-	sysIPV6_TCLASS   = 0x2b
-
 	sizeofSockaddrStorage = 0x508
 	sizeofSockaddrInet6   = 0x1c
 	sizeofInet6Pktinfo    = 0x14
diff --git a/vendor/golang.org/x/net/ipv6/zsys_darwin.go b/vendor/golang.org/x/net/ipv6/zsys_darwin.go
index a1211729e4..dd6f7b28ec 100644
--- a/vendor/golang.org/x/net/ipv6/zsys_darwin.go
+++ b/vendor/golang.org/x/net/ipv6/zsys_darwin.go
@@ -4,12 +4,6 @@
 package ipv6
 
 const (
-	sysIPV6_TCLASS   = 0x24
-	sysIPV6_PATHMTU  = 0x2c
-	sysIPV6_PKTINFO  = 0x2e
-	sysIPV6_HOPLIMIT = 0x2f
-	sysIPV6_NEXTHOP  = 0x30
-
 	sizeofSockaddrStorage = 0x80
 	sizeofSockaddrInet6   = 0x1c
 	sizeofInet6Pktinfo    = 0x14
diff --git a/vendor/golang.org/x/net/ipv6/zsys_dragonfly.go b/vendor/golang.org/x/net/ipv6/zsys_dragonfly.go
index 512db656e5..6b45a94fe1 100644
--- a/vendor/golang.org/x/net/ipv6/zsys_dragonfly.go
+++ b/vendor/golang.org/x/net/ipv6/zsys_dragonfly.go
@@ -4,12 +4,6 @@
 package ipv6
 
 const (
-	sysIPV6_PATHMTU  = 0x2c
-	sysIPV6_PKTINFO  = 0x2e
-	sysIPV6_HOPLIMIT = 0x2f
-	sysIPV6_NEXTHOP  = 0x30
-	sysIPV6_TCLASS   = 0x3d
-
 	sizeofSockaddrInet6 = 0x1c
 	sizeofInet6Pktinfo  = 0x14
 	sizeofIPv6Mtuinfo   = 0x20
diff --git a/vendor/golang.org/x/net/ipv6/zsys_freebsd_386.go b/vendor/golang.org/x/net/ipv6/zsys_freebsd_386.go
index 46a62b8851..8da55925f7 100644
--- a/vendor/golang.org/x/net/ipv6/zsys_freebsd_386.go
+++ b/vendor/golang.org/x/net/ipv6/zsys_freebsd_386.go
@@ -4,12 +4,6 @@
 package ipv6
 
 const (
-	sysIPV6_PATHMTU  = 0x2c
-	sysIPV6_PKTINFO  = 0x2e
-	sysIPV6_HOPLIMIT = 0x2f
-	sysIPV6_NEXTHOP  = 0x30
-	sysIPV6_TCLASS   = 0x3d
-
 	sizeofSockaddrStorage = 0x80
 	sizeofSockaddrInet6   = 0x1c
 	sizeofInet6Pktinfo    = 0x14
diff --git a/vendor/golang.org/x/net/ipv6/zsys_freebsd_amd64.go b/vendor/golang.org/x/net/ipv6/zsys_freebsd_amd64.go
index e475f51118..72a1a65a23 100644
--- a/vendor/golang.org/x/net/ipv6/zsys_freebsd_amd64.go
+++ b/vendor/golang.org/x/net/ipv6/zsys_freebsd_amd64.go
@@ -4,12 +4,6 @@
 package ipv6
 
 const (
-	sysIPV6_PATHMTU  = 0x2c
-	sysIPV6_PKTINFO  = 0x2e
-	sysIPV6_HOPLIMIT = 0x2f
-	sysIPV6_NEXTHOP  = 0x30
-	sysIPV6_TCLASS   = 0x3d
-
 	sizeofSockaddrStorage = 0x80
 	sizeofSockaddrInet6   = 0x1c
 	sizeofInet6Pktinfo    = 0x14
diff --git a/vendor/golang.org/x/net/ipv6/zsys_freebsd_arm.go b/vendor/golang.org/x/net/ipv6/zsys_freebsd_arm.go
index e475f51118..72a1a65a23 100644
--- a/vendor/golang.org/x/net/ipv6/zsys_freebsd_arm.go
+++ b/vendor/golang.org/x/net/ipv6/zsys_freebsd_arm.go
@@ -4,12 +4,6 @@
 package ipv6
 
 const (
-	sysIPV6_PATHMTU  = 0x2c
-	sysIPV6_PKTINFO  = 0x2e
-	sysIPV6_HOPLIMIT = 0x2f
-	sysIPV6_NEXTHOP  = 0x30
-	sysIPV6_TCLASS   = 0x3d
-
 	sizeofSockaddrStorage = 0x80
 	sizeofSockaddrInet6   = 0x1c
 	sizeofInet6Pktinfo    = 0x14
diff --git a/vendor/golang.org/x/net/ipv6/zsys_freebsd_arm64.go b/vendor/golang.org/x/net/ipv6/zsys_freebsd_arm64.go
index edaf7f15ed..5b39eb8dfd 100644
--- a/vendor/golang.org/x/net/ipv6/zsys_freebsd_arm64.go
+++ b/vendor/golang.org/x/net/ipv6/zsys_freebsd_arm64.go
@@ -4,12 +4,6 @@
 package ipv6
 
 const (
-	sysIPV6_PATHMTU  = 0x2c
-	sysIPV6_PKTINFO  = 0x2e
-	sysIPV6_HOPLIMIT = 0x2f
-	sysIPV6_NEXTHOP  = 0x30
-	sysIPV6_TCLASS   = 0x3d
-
 	sizeofSockaddrStorage = 0x80
 	sizeofSockaddrInet6   = 0x1c
 	sizeofInet6Pktinfo    = 0x14
diff --git a/vendor/golang.org/x/net/ipv6/zsys_linux_386.go b/vendor/golang.org/x/net/ipv6/zsys_linux_386.go
index bb579ea1c9..ad71871b78 100644
--- a/vendor/golang.org/x/net/ipv6/zsys_linux_386.go
+++ b/vendor/golang.org/x/net/ipv6/zsys_linux_386.go
@@ -4,12 +4,6 @@
 package ipv6
 
 const (
-	sysIPV6_NEXTHOP  = 0x9
-	sysIPV6_PKTINFO  = 0x32
-	sysIPV6_HOPLIMIT = 0x34
-	sysIPV6_PATHMTU  = 0x3d
-	sysIPV6_TCLASS   = 0x43
-
 	sizeofKernelSockaddrStorage = 0x80
 	sizeofSockaddrInet6         = 0x1c
 	sizeofInet6Pktinfo          = 0x14
diff --git a/vendor/golang.org/x/net/ipv6/zsys_linux_amd64.go b/vendor/golang.org/x/net/ipv6/zsys_linux_amd64.go
index 9500f7d5ed..2514ab9a41 100644
--- a/vendor/golang.org/x/net/ipv6/zsys_linux_amd64.go
+++ b/vendor/golang.org/x/net/ipv6/zsys_linux_amd64.go
@@ -4,12 +4,6 @@
 package ipv6
 
 const (
-	sysIPV6_NEXTHOP  = 0x9
-	sysIPV6_PKTINFO  = 0x32
-	sysIPV6_HOPLIMIT = 0x34
-	sysIPV6_PATHMTU  = 0x3d
-	sysIPV6_TCLASS   = 0x43
-
 	sizeofKernelSockaddrStorage = 0x80
 	sizeofSockaddrInet6         = 0x1c
 	sizeofInet6Pktinfo          = 0x14
diff --git a/vendor/golang.org/x/net/ipv6/zsys_linux_arm.go b/vendor/golang.org/x/net/ipv6/zsys_linux_arm.go
index bb579ea1c9..ad71871b78 100644
--- a/vendor/golang.org/x/net/ipv6/zsys_linux_arm.go
+++ b/vendor/golang.org/x/net/ipv6/zsys_linux_arm.go
@@ -4,12 +4,6 @@
 package ipv6
 
 const (
-	sysIPV6_NEXTHOP  = 0x9
-	sysIPV6_PKTINFO  = 0x32
-	sysIPV6_HOPLIMIT = 0x34
-	sysIPV6_PATHMTU  = 0x3d
-	sysIPV6_TCLASS   = 0x43
-
 	sizeofKernelSockaddrStorage = 0x80
 	sizeofSockaddrInet6         = 0x1c
 	sizeofInet6Pktinfo          = 0x14
diff --git a/vendor/golang.org/x/net/ipv6/zsys_linux_arm64.go b/vendor/golang.org/x/net/ipv6/zsys_linux_arm64.go
index 9500f7d5ed..2514ab9a41 100644
--- a/vendor/golang.org/x/net/ipv6/zsys_linux_arm64.go
+++ b/vendor/golang.org/x/net/ipv6/zsys_linux_arm64.go
@@ -4,12 +4,6 @@
 package ipv6
 
 const (
-	sysIPV6_NEXTHOP  = 0x9
-	sysIPV6_PKTINFO  = 0x32
-	sysIPV6_HOPLIMIT = 0x34
-	sysIPV6_PATHMTU  = 0x3d
-	sysIPV6_TCLASS   = 0x43
-
 	sizeofKernelSockaddrStorage = 0x80
 	sizeofSockaddrInet6         = 0x1c
 	sizeofInet6Pktinfo          = 0x14
diff --git a/vendor/golang.org/x/net/ipv6/zsys_linux_mips.go b/vendor/golang.org/x/net/ipv6/zsys_linux_mips.go
index bb579ea1c9..ad71871b78 100644
--- a/vendor/golang.org/x/net/ipv6/zsys_linux_mips.go
+++ b/vendor/golang.org/x/net/ipv6/zsys_linux_mips.go
@@ -4,12 +4,6 @@
 package ipv6
 
 const (
-	sysIPV6_NEXTHOP  = 0x9
-	sysIPV6_PKTINFO  = 0x32
-	sysIPV6_HOPLIMIT = 0x34
-	sysIPV6_PATHMTU  = 0x3d
-	sysIPV6_TCLASS   = 0x43
-
 	sizeofKernelSockaddrStorage = 0x80
 	sizeofSockaddrInet6         = 0x1c
 	sizeofInet6Pktinfo          = 0x14
diff --git a/vendor/golang.org/x/net/ipv6/zsys_linux_mips64.go b/vendor/golang.org/x/net/ipv6/zsys_linux_mips64.go
index 9500f7d5ed..2514ab9a41 100644
--- a/vendor/golang.org/x/net/ipv6/zsys_linux_mips64.go
+++ b/vendor/golang.org/x/net/ipv6/zsys_linux_mips64.go
@@ -4,12 +4,6 @@
 package ipv6
 
 const (
-	sysIPV6_NEXTHOP  = 0x9
-	sysIPV6_PKTINFO  = 0x32
-	sysIPV6_HOPLIMIT = 0x34
-	sysIPV6_PATHMTU  = 0x3d
-	sysIPV6_TCLASS   = 0x43
-
 	sizeofKernelSockaddrStorage = 0x80
 	sizeofSockaddrInet6         = 0x1c
 	sizeofInet6Pktinfo          = 0x14
diff --git a/vendor/golang.org/x/net/ipv6/zsys_linux_mips64le.go b/vendor/golang.org/x/net/ipv6/zsys_linux_mips64le.go
index 9500f7d5ed..2514ab9a41 100644
--- a/vendor/golang.org/x/net/ipv6/zsys_linux_mips64le.go
+++ b/vendor/golang.org/x/net/ipv6/zsys_linux_mips64le.go
@@ -4,12 +4,6 @@
 package ipv6
 
 const (
-	sysIPV6_NEXTHOP  = 0x9
-	sysIPV6_PKTINFO  = 0x32
-	sysIPV6_HOPLIMIT = 0x34
-	sysIPV6_PATHMTU  = 0x3d
-	sysIPV6_TCLASS   = 0x43
-
 	sizeofKernelSockaddrStorage = 0x80
 	sizeofSockaddrInet6         = 0x1c
 	sizeofInet6Pktinfo          = 0x14
diff --git a/vendor/golang.org/x/net/ipv6/zsys_linux_mipsle.go b/vendor/golang.org/x/net/ipv6/zsys_linux_mipsle.go
index bb579ea1c9..ad71871b78 100644
--- a/vendor/golang.org/x/net/ipv6/zsys_linux_mipsle.go
+++ b/vendor/golang.org/x/net/ipv6/zsys_linux_mipsle.go
@@ -4,12 +4,6 @@
 package ipv6
 
 const (
-	sysIPV6_NEXTHOP  = 0x9
-	sysIPV6_PKTINFO  = 0x32
-	sysIPV6_HOPLIMIT = 0x34
-	sysIPV6_PATHMTU  = 0x3d
-	sysIPV6_TCLASS   = 0x43
-
 	sizeofKernelSockaddrStorage = 0x80
 	sizeofSockaddrInet6         = 0x1c
 	sizeofInet6Pktinfo          = 0x14
diff --git a/vendor/golang.org/x/net/ipv6/zsys_linux_ppc.go b/vendor/golang.org/x/net/ipv6/zsys_linux_ppc.go
index 5486c2448a..d06c2adecb 100644
--- a/vendor/golang.org/x/net/ipv6/zsys_linux_ppc.go
+++ b/vendor/golang.org/x/net/ipv6/zsys_linux_ppc.go
@@ -4,12 +4,6 @@
 package ipv6
 
 const (
-	sysIPV6_NEXTHOP  = 0x9
-	sysIPV6_PKTINFO  = 0x32
-	sysIPV6_HOPLIMIT = 0x34
-	sysIPV6_PATHMTU  = 0x3d
-	sysIPV6_TCLASS   = 0x43
-
 	sizeofKernelSockaddrStorage = 0x80
 	sizeofSockaddrInet6         = 0x1c
 	sizeofInet6Pktinfo          = 0x14
diff --git a/vendor/golang.org/x/net/ipv6/zsys_linux_ppc64.go b/vendor/golang.org/x/net/ipv6/zsys_linux_ppc64.go
index 9500f7d5ed..2514ab9a41 100644
--- a/vendor/golang.org/x/net/ipv6/zsys_linux_ppc64.go
+++ b/vendor/golang.org/x/net/ipv6/zsys_linux_ppc64.go
@@ -4,12 +4,6 @@
 package ipv6
 
 const (
-	sysIPV6_NEXTHOP  = 0x9
-	sysIPV6_PKTINFO  = 0x32
-	sysIPV6_HOPLIMIT = 0x34
-	sysIPV6_PATHMTU  = 0x3d
-	sysIPV6_TCLASS   = 0x43
-
 	sizeofKernelSockaddrStorage = 0x80
 	sizeofSockaddrInet6         = 0x1c
 	sizeofInet6Pktinfo          = 0x14
diff --git a/vendor/golang.org/x/net/ipv6/zsys_linux_ppc64le.go b/vendor/golang.org/x/net/ipv6/zsys_linux_ppc64le.go
index 9500f7d5ed..2514ab9a41 100644
--- a/vendor/golang.org/x/net/ipv6/zsys_linux_ppc64le.go
+++ b/vendor/golang.org/x/net/ipv6/zsys_linux_ppc64le.go
@@ -4,12 +4,6 @@
 package ipv6
 
 const (
-	sysIPV6_NEXTHOP  = 0x9
-	sysIPV6_PKTINFO  = 0x32
-	sysIPV6_HOPLIMIT = 0x34
-	sysIPV6_PATHMTU  = 0x3d
-	sysIPV6_TCLASS   = 0x43
-
 	sizeofKernelSockaddrStorage = 0x80
 	sizeofSockaddrInet6         = 0x1c
 	sizeofInet6Pktinfo          = 0x14
diff --git a/vendor/golang.org/x/net/ipv6/zsys_linux_riscv64.go b/vendor/golang.org/x/net/ipv6/zsys_linux_riscv64.go
index 283973e6f0..d4f78e405a 100644
--- a/vendor/golang.org/x/net/ipv6/zsys_linux_riscv64.go
+++ b/vendor/golang.org/x/net/ipv6/zsys_linux_riscv64.go
@@ -7,12 +7,6 @@
 package ipv6
 
 const (
-	sysIPV6_NEXTHOP  = 0x9
-	sysIPV6_PKTINFO  = 0x32
-	sysIPV6_HOPLIMIT = 0x34
-	sysIPV6_PATHMTU  = 0x3d
-	sysIPV6_TCLASS   = 0x43
-
 	sizeofKernelSockaddrStorage = 0x80
 	sizeofSockaddrInet6         = 0x1c
 	sizeofInet6Pktinfo          = 0x14
diff --git a/vendor/golang.org/x/net/ipv6/zsys_linux_s390x.go b/vendor/golang.org/x/net/ipv6/zsys_linux_s390x.go
index 9500f7d5ed..2514ab9a41 100644
--- a/vendor/golang.org/x/net/ipv6/zsys_linux_s390x.go
+++ b/vendor/golang.org/x/net/ipv6/zsys_linux_s390x.go
@@ -4,12 +4,6 @@
 package ipv6
 
 const (
-	sysIPV6_NEXTHOP  = 0x9
-	sysIPV6_PKTINFO  = 0x32
-	sysIPV6_HOPLIMIT = 0x34
-	sysIPV6_PATHMTU  = 0x3d
-	sysIPV6_TCLASS   = 0x43
-
 	sizeofKernelSockaddrStorage = 0x80
 	sizeofSockaddrInet6         = 0x1c
 	sizeofInet6Pktinfo          = 0x14
diff --git a/vendor/golang.org/x/net/ipv6/zsys_netbsd.go b/vendor/golang.org/x/net/ipv6/zsys_netbsd.go
index 524c97fbc7..f7335d5ae4 100644
--- a/vendor/golang.org/x/net/ipv6/zsys_netbsd.go
+++ b/vendor/golang.org/x/net/ipv6/zsys_netbsd.go
@@ -4,12 +4,6 @@
 package ipv6
 
 const (
-	sysIPV6_PATHMTU  = 0x2c
-	sysIPV6_PKTINFO  = 0x2e
-	sysIPV6_HOPLIMIT = 0x2f
-	sysIPV6_NEXTHOP  = 0x30
-	sysIPV6_TCLASS   = 0x3d
-
 	sizeofSockaddrInet6 = 0x1c
 	sizeofInet6Pktinfo  = 0x14
 	sizeofIPv6Mtuinfo   = 0x20
diff --git a/vendor/golang.org/x/net/ipv6/zsys_openbsd.go b/vendor/golang.org/x/net/ipv6/zsys_openbsd.go
index 5e7bdedc9c..6d15928122 100644
--- a/vendor/golang.org/x/net/ipv6/zsys_openbsd.go
+++ b/vendor/golang.org/x/net/ipv6/zsys_openbsd.go
@@ -4,12 +4,6 @@
 package ipv6
 
 const (
-	sysIPV6_PATHMTU  = 0x2c
-	sysIPV6_PKTINFO  = 0x2e
-	sysIPV6_HOPLIMIT = 0x2f
-	sysIPV6_NEXTHOP  = 0x30
-	sysIPV6_TCLASS   = 0x3d
-
 	sizeofSockaddrInet6 = 0x1c
 	sizeofInet6Pktinfo  = 0x14
 	sizeofIPv6Mtuinfo   = 0x20
diff --git a/vendor/golang.org/x/net/ipv6/zsys_solaris.go b/vendor/golang.org/x/net/ipv6/zsys_solaris.go
index 690eef9341..1716197477 100644
--- a/vendor/golang.org/x/net/ipv6/zsys_solaris.go
+++ b/vendor/golang.org/x/net/ipv6/zsys_solaris.go
@@ -4,74 +4,6 @@
 package ipv6
 
 const (
-	sysIPV6_UNICAST_HOPS   = 0x5
-	sysIPV6_MULTICAST_IF   = 0x6
-	sysIPV6_MULTICAST_HOPS = 0x7
-	sysIPV6_MULTICAST_LOOP = 0x8
-	sysIPV6_JOIN_GROUP     = 0x9
-	sysIPV6_LEAVE_GROUP    = 0xa
-
-	sysIPV6_PKTINFO = 0xb
-
-	sysIPV6_HOPLIMIT = 0xc
-	sysIPV6_NEXTHOP  = 0xd
-	sysIPV6_HOPOPTS  = 0xe
-	sysIPV6_DSTOPTS  = 0xf
-
-	sysIPV6_RTHDR        = 0x10
-	sysIPV6_RTHDRDSTOPTS = 0x11
-
-	sysIPV6_RECVPKTINFO  = 0x12
-	sysIPV6_RECVHOPLIMIT = 0x13
-	sysIPV6_RECVHOPOPTS  = 0x14
-
-	sysIPV6_RECVRTHDR = 0x16
-
-	sysIPV6_RECVRTHDRDSTOPTS = 0x17
-
-	sysIPV6_CHECKSUM        = 0x18
-	sysIPV6_RECVTCLASS      = 0x19
-	sysIPV6_USE_MIN_MTU     = 0x20
-	sysIPV6_DONTFRAG        = 0x21
-	sysIPV6_SEC_OPT         = 0x22
-	sysIPV6_SRC_PREFERENCES = 0x23
-	sysIPV6_RECVPATHMTU     = 0x24
-	sysIPV6_PATHMTU         = 0x25
-	sysIPV6_TCLASS          = 0x26
-	sysIPV6_V6ONLY          = 0x27
-
-	sysIPV6_RECVDSTOPTS = 0x28
-
-	sysMCAST_JOIN_GROUP         = 0x29
-	sysMCAST_LEAVE_GROUP        = 0x2a
-	sysMCAST_BLOCK_SOURCE       = 0x2b
-	sysMCAST_UNBLOCK_SOURCE     = 0x2c
-	sysMCAST_JOIN_SOURCE_GROUP  = 0x2d
-	sysMCAST_LEAVE_SOURCE_GROUP = 0x2e
-
-	sysIPV6_PREFER_SRC_HOME   = 0x1
-	sysIPV6_PREFER_SRC_COA    = 0x2
-	sysIPV6_PREFER_SRC_PUBLIC = 0x4
-	sysIPV6_PREFER_SRC_TMP    = 0x8
-	sysIPV6_PREFER_SRC_NONCGA = 0x10
-	sysIPV6_PREFER_SRC_CGA    = 0x20
-
-	sysIPV6_PREFER_SRC_MIPMASK    = 0x3
-	sysIPV6_PREFER_SRC_MIPDEFAULT = 0x1
-	sysIPV6_PREFER_SRC_TMPMASK    = 0xc
-	sysIPV6_PREFER_SRC_TMPDEFAULT = 0x4
-	sysIPV6_PREFER_SRC_CGAMASK    = 0x30
-	sysIPV6_PREFER_SRC_CGADEFAULT = 0x10
-
-	sysIPV6_PREFER_SRC_MASK = 0x3f
-
-	sysIPV6_PREFER_SRC_DEFAULT = 0x15
-
-	sysIPV6_BOUND_IF   = 0x41
-	sysIPV6_UNSPEC_SRC = 0x42
-
-	sysICMP6_FILTER = 0x1
-
 	sizeofSockaddrStorage = 0x100
 	sizeofSockaddrInet6   = 0x20
 	sizeofInet6Pktinfo    = 0x14
diff --git a/vendor/golang.org/x/net/ipv6/zsys_zos_s390x.go b/vendor/golang.org/x/net/ipv6/zsys_zos_s390x.go
index 3f980691f6..7c75645967 100644
--- a/vendor/golang.org/x/net/ipv6/zsys_zos_s390x.go
+++ b/vendor/golang.org/x/net/ipv6/zsys_zos_s390x.go
@@ -8,50 +8,6 @@
 package ipv6
 
 const (
-	sysIPV6_ADDR_PREFERENCES  = 32
-	sysIPV6_CHECKSUM          = 19
-	sysIPV6_DONTFRAG          = 29
-	sysIPV6_DSTOPTS           = 23
-	sysIPV6_HOPLIMIT          = 11
-	sysIPV6_HOPOPTS           = 22
-	sysIPV6_JOIN_GROUP        = 5
-	sysIPV6_LEAVE_GROUP       = 6
-	sysIPV6_MULTICAST_HOPS    = 9
-	sysIPV6_MULTICAST_IF      = 7
-	sysIPV6_MULTICAST_LOOP    = 4
-	sysIPV6_NEXTHOP           = 20
-	sysIPV6_PATHMTU           = 12
-	sysIPV6_PKTINFO           = 13
-	sysIPV6_PREFER_SRC_CGA    = 0x10
-	sysIPV6_PREFER_SRC_COA    = 0x02
-	sysIPV6_PREFER_SRC_HOME   = 0x01
-	sysIPV6_PREFER_SRC_NONCGA = 0x20
-	sysIPV6_PREFER_SRC_PUBLIC = 0x08
-	sysIPV6_PREFER_SRC_TMP    = 0x04
-	sysIPV6_RECVDSTOPTS       = 28
-	sysIPV6_RECVHOPLIMIT      = 14
-	sysIPV6_RECVHOPOPTS       = 26
-	sysIPV6_RECVPATHMTU       = 16
-	sysIPV6_RECVPKTINFO       = 15
-	sysIPV6_RECVRTHDR         = 25
-	sysIPV6_RECVTCLASS        = 31
-	sysIPV6_RTHDR             = 21
-	sysIPV6_RTHDRDSTOPTS      = 24
-	sysIPV6_RTHDR_TYPE_0      = 0
-	sysIPV6_TCLASS            = 30
-	sysIPV6_UNICAST_HOPS      = 3
-	sysIPV6_USE_MIN_MTU       = 18
-	sysIPV6_V6ONLY            = 10
-
-	sysMCAST_JOIN_GROUP         = 40
-	sysMCAST_LEAVE_GROUP        = 41
-	sysMCAST_JOIN_SOURCE_GROUP  = 42
-	sysMCAST_LEAVE_SOURCE_GROUP = 43
-	sysMCAST_BLOCK_SOURCE       = 44
-	sysMCAST_UNBLOCK_SOURCE     = 45
-
-	sysICMP6_FILTER = 0x1
-
 	sizeofSockaddrStorage = 128
 	sizeofICMPv6Filter    = 32
 	sizeofInet6Pktinfo    = 20
diff --git a/vendor/golang.org/x/sys/unix/fcntl_linux_32bit.go b/vendor/golang.org/x/sys/unix/fcntl_linux_32bit.go
index cb0dfbd09a..29d44808b1 100644
--- a/vendor/golang.org/x/sys/unix/fcntl_linux_32bit.go
+++ b/vendor/golang.org/x/sys/unix/fcntl_linux_32bit.go
@@ -2,8 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-//go:build (linux && 386) || (linux && arm) || (linux && mips) || (linux && mipsle)
-// +build linux,386 linux,arm linux,mips linux,mipsle
+//go:build (linux && 386) || (linux && arm) || (linux && mips) || (linux && mipsle) || (linux && ppc)
+// +build linux,386 linux,arm linux,mips linux,mipsle linux,ppc
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ioctl_linux.go b/vendor/golang.org/x/sys/unix/ioctl_linux.go
new file mode 100644
index 0000000000..48773f730a
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/ioctl_linux.go
@@ -0,0 +1,196 @@
+// Copyright 2021 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package unix
+
+import (
+	"runtime"
+	"unsafe"
+)
+
+// IoctlRetInt performs an ioctl operation specified by req on a device
+// associated with opened file descriptor fd, and returns a non-negative
+// integer that is returned by the ioctl syscall.
+func IoctlRetInt(fd int, req uint) (int, error) {
+	ret, _, err := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), 0)
+	if err != 0 {
+		return 0, err
+	}
+	return int(ret), nil
+}
+
+func IoctlGetUint32(fd int, req uint) (uint32, error) {
+	var value uint32
+	err := ioctl(fd, req, uintptr(unsafe.Pointer(&value)))
+	return value, err
+}
+
+func IoctlGetRTCTime(fd int) (*RTCTime, error) {
+	var value RTCTime
+	err := ioctl(fd, RTC_RD_TIME, uintptr(unsafe.Pointer(&value)))
+	return &value, err
+}
+
+func IoctlSetRTCTime(fd int, value *RTCTime) error {
+	err := ioctl(fd, RTC_SET_TIME, uintptr(unsafe.Pointer(value)))
+	runtime.KeepAlive(value)
+	return err
+}
+
+func IoctlGetRTCWkAlrm(fd int) (*RTCWkAlrm, error) {
+	var value RTCWkAlrm
+	err := ioctl(fd, RTC_WKALM_RD, uintptr(unsafe.Pointer(&value)))
+	return &value, err
+}
+
+func IoctlSetRTCWkAlrm(fd int, value *RTCWkAlrm) error {
+	err := ioctl(fd, RTC_WKALM_SET, uintptr(unsafe.Pointer(value)))
+	runtime.KeepAlive(value)
+	return err
+}
+
+type ifreqEthtool struct {
+	name [IFNAMSIZ]byte
+	data unsafe.Pointer
+}
+
+// IoctlGetEthtoolDrvinfo fetches ethtool driver information for the network
+// device specified by ifname.
+func IoctlGetEthtoolDrvinfo(fd int, ifname string) (*EthtoolDrvinfo, error) {
+	// Leave room for terminating NULL byte.
+	if len(ifname) >= IFNAMSIZ {
+		return nil, EINVAL
+	}
+
+	value := EthtoolDrvinfo{
+		Cmd: ETHTOOL_GDRVINFO,
+	}
+	ifreq := ifreqEthtool{
+		data: unsafe.Pointer(&value),
+	}
+	copy(ifreq.name[:], ifname)
+	err := ioctl(fd, SIOCETHTOOL, uintptr(unsafe.Pointer(&ifreq)))
+	runtime.KeepAlive(ifreq)
+	return &value, err
+}
+
+// IoctlGetWatchdogInfo fetches information about a watchdog device from the
+// Linux watchdog API. For more information, see:
+// https://www.kernel.org/doc/html/latest/watchdog/watchdog-api.html.
+func IoctlGetWatchdogInfo(fd int) (*WatchdogInfo, error) {
+	var value WatchdogInfo
+	err := ioctl(fd, WDIOC_GETSUPPORT, uintptr(unsafe.Pointer(&value)))
+	return &value, err
+}
+
+// IoctlWatchdogKeepalive issues a keepalive ioctl to a watchdog device. For
+// more information, see:
+// https://www.kernel.org/doc/html/latest/watchdog/watchdog-api.html.
+func IoctlWatchdogKeepalive(fd int) error {
+	return ioctl(fd, WDIOC_KEEPALIVE, 0)
+}
+
+// IoctlFileCloneRange performs an FICLONERANGE ioctl operation to clone the
+// range of data conveyed in value to the file associated with the file
+// descriptor destFd. See the ioctl_ficlonerange(2) man page for details.
+func IoctlFileCloneRange(destFd int, value *FileCloneRange) error {
+	err := ioctl(destFd, FICLONERANGE, uintptr(unsafe.Pointer(value)))
+	runtime.KeepAlive(value)
+	return err
+}
+
+// IoctlFileClone performs an FICLONE ioctl operation to clone the entire file
+// associated with the file description srcFd to the file associated with the
+// file descriptor destFd. See the ioctl_ficlone(2) man page for details.
+func IoctlFileClone(destFd, srcFd int) error {
+	return ioctl(destFd, FICLONE, uintptr(srcFd))
+}
+
+type FileDedupeRange struct {
+	Src_offset uint64
+	Src_length uint64
+	Reserved1  uint16
+	Reserved2  uint32
+	Info       []FileDedupeRangeInfo
+}
+
+type FileDedupeRangeInfo struct {
+	Dest_fd       int64
+	Dest_offset   uint64
+	Bytes_deduped uint64
+	Status        int32
+	Reserved      uint32
+}
+
+// IoctlFileDedupeRange performs an FIDEDUPERANGE ioctl operation to share the
+// range of data conveyed in value from the file associated with the file
+// descriptor srcFd to the value.Info destinations. See the
+// ioctl_fideduperange(2) man page for details.
+func IoctlFileDedupeRange(srcFd int, value *FileDedupeRange) error {
+	buf := make([]byte, SizeofRawFileDedupeRange+
+		len(value.Info)*SizeofRawFileDedupeRangeInfo)
+	rawrange := (*RawFileDedupeRange)(unsafe.Pointer(&buf[0]))
+	rawrange.Src_offset = value.Src_offset
+	rawrange.Src_length = value.Src_length
+	rawrange.Dest_count = uint16(len(value.Info))
+	rawrange.Reserved1 = value.Reserved1
+	rawrange.Reserved2 = value.Reserved2
+
+	for i := range value.Info {
+		rawinfo := (*RawFileDedupeRangeInfo)(unsafe.Pointer(
+			uintptr(unsafe.Pointer(&buf[0])) + uintptr(SizeofRawFileDedupeRange) +
+				uintptr(i*SizeofRawFileDedupeRangeInfo)))
+		rawinfo.Dest_fd = value.Info[i].Dest_fd
+		rawinfo.Dest_offset = value.Info[i].Dest_offset
+		rawinfo.Bytes_deduped = value.Info[i].Bytes_deduped
+		rawinfo.Status = value.Info[i].Status
+		rawinfo.Reserved = value.Info[i].Reserved
+	}
+
+	err := ioctl(srcFd, FIDEDUPERANGE, uintptr(unsafe.Pointer(&buf[0])))
+
+	// Output
+	for i := range value.Info {
+		rawinfo := (*RawFileDedupeRangeInfo)(unsafe.Pointer(
+			uintptr(unsafe.Pointer(&buf[0])) + uintptr(SizeofRawFileDedupeRange) +
+				uintptr(i*SizeofRawFileDedupeRangeInfo)))
+		value.Info[i].Dest_fd = rawinfo.Dest_fd
+		value.Info[i].Dest_offset = rawinfo.Dest_offset
+		value.Info[i].Bytes_deduped = rawinfo.Bytes_deduped
+		value.Info[i].Status = rawinfo.Status
+		value.Info[i].Reserved = rawinfo.Reserved
+	}
+
+	return err
+}
+
+func IoctlHIDGetDesc(fd int, value *HIDRawReportDescriptor) error {
+	err := ioctl(fd, HIDIOCGRDESC, uintptr(unsafe.Pointer(value)))
+	runtime.KeepAlive(value)
+	return err
+}
+
+func IoctlHIDGetRawInfo(fd int) (*HIDRawDevInfo, error) {
+	var value HIDRawDevInfo
+	err := ioctl(fd, HIDIOCGRAWINFO, uintptr(unsafe.Pointer(&value)))
+	return &value, err
+}
+
+func IoctlHIDGetRawName(fd int) (string, error) {
+	var value [_HIDIOCGRAWNAME_LEN]byte
+	err := ioctl(fd, _HIDIOCGRAWNAME, uintptr(unsafe.Pointer(&value[0])))
+	return ByteSliceToString(value[:]), err
+}
+
+func IoctlHIDGetRawPhys(fd int) (string, error) {
+	var value [_HIDIOCGRAWPHYS_LEN]byte
+	err := ioctl(fd, _HIDIOCGRAWPHYS, uintptr(unsafe.Pointer(&value[0])))
+	return ByteSliceToString(value[:]), err
+}
+
+func IoctlHIDGetRawUniq(fd int) (string, error) {
+	var value [_HIDIOCGRAWUNIQ_LEN]byte
+	err := ioctl(fd, _HIDIOCGRAWUNIQ, uintptr(unsafe.Pointer(&value[0])))
+	return ByteSliceToString(value[:]), err
+}
diff --git a/vendor/golang.org/x/sys/unix/mkerrors.sh b/vendor/golang.org/x/sys/unix/mkerrors.sh
index f2bc863149..007358af8f 100644
--- a/vendor/golang.org/x/sys/unix/mkerrors.sh
+++ b/vendor/golang.org/x/sys/unix/mkerrors.sh
@@ -405,10 +405,11 @@ includes_SunOS='
 #include <net/if_arp.h>
 #include <net/if_types.h>
 #include <net/route.h>
+#include <netinet/icmp6.h>
 #include <netinet/in.h>
-#include <termios.h>
 #include <netinet/ip.h>
 #include <netinet/ip_mroute.h>
+#include <termios.h>
 '
 
 
@@ -499,10 +500,10 @@ ccflags="$@"
 		$2 ~ /^LOCK_(SH|EX|NB|UN)$/ ||
 		$2 ~ /^LO_(KEY|NAME)_SIZE$/ ||
 		$2 ~ /^LOOP_(CLR|CTL|GET|SET)_/ ||
-		$2 ~ /^(AF|SOCK|SO|SOL|IPPROTO|IP|IPV6|ICMP6|TCP|MCAST|EVFILT|NOTE|SHUT|PROT|MAP|MFD|T?PACKET|MSG|SCM|MCL|DT|MADV|PR|LOCAL)_/ ||
+		$2 ~ /^(AF|SOCK|SO|SOL|IPPROTO|IP|IPV6|TCP|MCAST|EVFILT|NOTE|SHUT|PROT|MAP|MFD|T?PACKET|MSG|SCM|MCL|DT|MADV|PR|LOCAL)_/ ||
 		$2 ~ /^TP_STATUS_/ ||
 		$2 ~ /^FALLOC_/ ||
-		$2 ~ /^ICMP(V6)?_FILTER/ ||
+		$2 ~ /^ICMPV?6?_(FILTER|SEC)/ ||
 		$2 == "SOMAXCONN" ||
 		$2 == "NAME_MAX" ||
 		$2 == "IFNAMSIZ" ||
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux.go b/vendor/golang.org/x/sys/unix/syscall_linux.go
index 44ea96e39c..4263953bee 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux.go
@@ -70,167 +70,7 @@ func Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) {
 
 // ioctl itself should not be exposed directly, but additional get/set
 // functions for specific types are permissible.
-
-// IoctlRetInt performs an ioctl operation specified by req on a device
-// associated with opened file descriptor fd, and returns a non-negative
-// integer that is returned by the ioctl syscall.
-func IoctlRetInt(fd int, req uint) (int, error) {
-	ret, _, err := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), 0)
-	if err != 0 {
-		return 0, err
-	}
-	return int(ret), nil
-}
-
-func IoctlSetRTCTime(fd int, value *RTCTime) error {
-	err := ioctl(fd, RTC_SET_TIME, uintptr(unsafe.Pointer(value)))
-	runtime.KeepAlive(value)
-	return err
-}
-
-func IoctlSetRTCWkAlrm(fd int, value *RTCWkAlrm) error {
-	err := ioctl(fd, RTC_WKALM_SET, uintptr(unsafe.Pointer(value)))
-	runtime.KeepAlive(value)
-	return err
-}
-
-func IoctlGetUint32(fd int, req uint) (uint32, error) {
-	var value uint32
-	err := ioctl(fd, req, uintptr(unsafe.Pointer(&value)))
-	return value, err
-}
-
-func IoctlGetRTCTime(fd int) (*RTCTime, error) {
-	var value RTCTime
-	err := ioctl(fd, RTC_RD_TIME, uintptr(unsafe.Pointer(&value)))
-	return &value, err
-}
-
-// IoctlGetWatchdogInfo fetches information about a watchdog device from the
-// Linux watchdog API. For more information, see:
-// https://www.kernel.org/doc/html/latest/watchdog/watchdog-api.html.
-func IoctlGetWatchdogInfo(fd int) (*WatchdogInfo, error) {
-	var value WatchdogInfo
-	err := ioctl(fd, WDIOC_GETSUPPORT, uintptr(unsafe.Pointer(&value)))
-	return &value, err
-}
-
-func IoctlGetRTCWkAlrm(fd int) (*RTCWkAlrm, error) {
-	var value RTCWkAlrm
-	err := ioctl(fd, RTC_WKALM_RD, uintptr(unsafe.Pointer(&value)))
-	return &value, err
-}
-
-// IoctlFileCloneRange performs an FICLONERANGE ioctl operation to clone the
-// range of data conveyed in value to the file associated with the file
-// descriptor destFd. See the ioctl_ficlonerange(2) man page for details.
-func IoctlFileCloneRange(destFd int, value *FileCloneRange) error {
-	err := ioctl(destFd, FICLONERANGE, uintptr(unsafe.Pointer(value)))
-	runtime.KeepAlive(value)
-	return err
-}
-
-// IoctlFileClone performs an FICLONE ioctl operation to clone the entire file
-// associated with the file description srcFd to the file associated with the
-// file descriptor destFd. See the ioctl_ficlone(2) man page for details.
-func IoctlFileClone(destFd, srcFd int) error {
-	return ioctl(destFd, FICLONE, uintptr(srcFd))
-}
-
-type FileDedupeRange struct {
-	Src_offset uint64
-	Src_length uint64
-	Reserved1  uint16
-	Reserved2  uint32
-	Info       []FileDedupeRangeInfo
-}
-
-type FileDedupeRangeInfo struct {
-	Dest_fd       int64
-	Dest_offset   uint64
-	Bytes_deduped uint64
-	Status        int32
-	Reserved      uint32
-}
-
-// IoctlFileDedupeRange performs an FIDEDUPERANGE ioctl operation to share the
-// range of data conveyed in value from the file associated with the file
-// descriptor srcFd to the value.Info destinations. See the
-// ioctl_fideduperange(2) man page for details.
-func IoctlFileDedupeRange(srcFd int, value *FileDedupeRange) error {
-	buf := make([]byte, SizeofRawFileDedupeRange+
-		len(value.Info)*SizeofRawFileDedupeRangeInfo)
-	rawrange := (*RawFileDedupeRange)(unsafe.Pointer(&buf[0]))
-	rawrange.Src_offset = value.Src_offset
-	rawrange.Src_length = value.Src_length
-	rawrange.Dest_count = uint16(len(value.Info))
-	rawrange.Reserved1 = value.Reserved1
-	rawrange.Reserved2 = value.Reserved2
-
-	for i := range value.Info {
-		rawinfo := (*RawFileDedupeRangeInfo)(unsafe.Pointer(
-			uintptr(unsafe.Pointer(&buf[0])) + uintptr(SizeofRawFileDedupeRange) +
-				uintptr(i*SizeofRawFileDedupeRangeInfo)))
-		rawinfo.Dest_fd = value.Info[i].Dest_fd
-		rawinfo.Dest_offset = value.Info[i].Dest_offset
-		rawinfo.Bytes_deduped = value.Info[i].Bytes_deduped
-		rawinfo.Status = value.Info[i].Status
-		rawinfo.Reserved = value.Info[i].Reserved
-	}
-
-	err := ioctl(srcFd, FIDEDUPERANGE, uintptr(unsafe.Pointer(&buf[0])))
-
-	// Output
-	for i := range value.Info {
-		rawinfo := (*RawFileDedupeRangeInfo)(unsafe.Pointer(
-			uintptr(unsafe.Pointer(&buf[0])) + uintptr(SizeofRawFileDedupeRange) +
-				uintptr(i*SizeofRawFileDedupeRangeInfo)))
-		value.Info[i].Dest_fd = rawinfo.Dest_fd
-		value.Info[i].Dest_offset = rawinfo.Dest_offset
-		value.Info[i].Bytes_deduped = rawinfo.Bytes_deduped
-		value.Info[i].Status = rawinfo.Status
-		value.Info[i].Reserved = rawinfo.Reserved
-	}
-
-	return err
-}
-
-// IoctlWatchdogKeepalive issues a keepalive ioctl to a watchdog device. For
-// more information, see:
-// https://www.kernel.org/doc/html/latest/watchdog/watchdog-api.html.
-func IoctlWatchdogKeepalive(fd int) error {
-	return ioctl(fd, WDIOC_KEEPALIVE, 0)
-}
-
-func IoctlHIDGetDesc(fd int, value *HIDRawReportDescriptor) error {
-	err := ioctl(fd, HIDIOCGRDESC, uintptr(unsafe.Pointer(value)))
-	runtime.KeepAlive(value)
-	return err
-}
-
-func IoctlHIDGetRawInfo(fd int) (*HIDRawDevInfo, error) {
-	var value HIDRawDevInfo
-	err := ioctl(fd, HIDIOCGRAWINFO, uintptr(unsafe.Pointer(&value)))
-	return &value, err
-}
-
-func IoctlHIDGetRawName(fd int) (string, error) {
-	var value [_HIDIOCGRAWNAME_LEN]byte
-	err := ioctl(fd, _HIDIOCGRAWNAME, uintptr(unsafe.Pointer(&value[0])))
-	return ByteSliceToString(value[:]), err
-}
-
-func IoctlHIDGetRawPhys(fd int) (string, error) {
-	var value [_HIDIOCGRAWPHYS_LEN]byte
-	err := ioctl(fd, _HIDIOCGRAWPHYS, uintptr(unsafe.Pointer(&value[0])))
-	return ByteSliceToString(value[:]), err
-}
-
-func IoctlHIDGetRawUniq(fd int) (string, error) {
-	var value [_HIDIOCGRAWUNIQ_LEN]byte
-	err := ioctl(fd, _HIDIOCGRAWUNIQ, uintptr(unsafe.Pointer(&value[0])))
-	return ByteSliceToString(value[:]), err
-}
+// These are defined in ioctl.go and ioctl_linux.go.
 
 //sys	Linkat(olddirfd int, oldpath string, newdirfd int, newpath string, flags int) (err error)
 
@@ -857,16 +697,19 @@ type SockaddrVM struct {
 	// CID and Port specify a context ID and port address for a VM socket.
 	// Guests have a unique CID, and hosts may have a well-known CID of:
 	//  - VMADDR_CID_HYPERVISOR: refers to the hypervisor process.
+	//  - VMADDR_CID_LOCAL: refers to local communication (loopback).
 	//  - VMADDR_CID_HOST: refers to other processes on the host.
-	CID  uint32
-	Port uint32
-	raw  RawSockaddrVM
+	CID   uint32
+	Port  uint32
+	Flags uint8
+	raw   RawSockaddrVM
 }
 
 func (sa *SockaddrVM) sockaddr() (unsafe.Pointer, _Socklen, error) {
 	sa.raw.Family = AF_VSOCK
 	sa.raw.Port = sa.Port
 	sa.raw.Cid = sa.CID
+	sa.raw.Flags = sa.Flags
 
 	return unsafe.Pointer(&sa.raw), SizeofSockaddrVM, nil
 }
@@ -1171,8 +1014,9 @@ func anyToSockaddr(fd int, rsa *RawSockaddrAny) (Sockaddr, error) {
 	case AF_VSOCK:
 		pp := (*RawSockaddrVM)(unsafe.Pointer(rsa))
 		sa := &SockaddrVM{
-			CID:  pp.Cid,
-			Port: pp.Port,
+			CID:   pp.Cid,
+			Port:  pp.Port,
+			Flags: pp.Flags,
 		}
 		return sa, nil
 	case AF_BLUETOOTH:
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_ppc.go b/vendor/golang.org/x/sys/unix/syscall_linux_ppc.go
new file mode 100644
index 0000000000..7e65e088d2
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_ppc.go
@@ -0,0 +1,272 @@
+// Copyright 2021 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build linux && ppc
+// +build linux
+// +build ppc
+
+package unix
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+//sys	dup2(oldfd int, newfd int) (err error)
+//sysnb	EpollCreate(size int) (fd int, err error)
+//sys	EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error)
+//sys	Fchown(fd int, uid int, gid int) (err error)
+//sys	Fstat(fd int, stat *Stat_t) (err error) = SYS_FSTAT64
+//sys	Fstatat(dirfd int, path string, stat *Stat_t, flags int) (err error) = SYS_FSTATAT64
+//sys	Ftruncate(fd int, length int64) (err error) = SYS_FTRUNCATE64
+//sysnb	Getegid() (egid int)
+//sysnb	Geteuid() (euid int)
+//sysnb	Getgid() (gid int)
+//sysnb	Getuid() (uid int)
+//sysnb	InotifyInit() (fd int, err error)
+//sys	Ioperm(from int, num int, on int) (err error)
+//sys	Iopl(level int) (err error)
+//sys	Lchown(path string, uid int, gid int) (err error)
+//sys	Listen(s int, n int) (err error)
+//sys	Lstat(path string, stat *Stat_t) (err error) = SYS_LSTAT64
+//sys	Pause() (err error)
+//sys	Pread(fd int, p []byte, offset int64) (n int, err error) = SYS_PREAD64
+//sys	Pwrite(fd int, p []byte, offset int64) (n int, err error) = SYS_PWRITE64
+//sys	Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error)
+//sys	Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) = SYS__NEWSELECT
+//sys	sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) = SYS_SENDFILE64
+//sys	setfsgid(gid int) (prev int, err error)
+//sys	setfsuid(uid int) (prev int, err error)
+//sysnb	Setregid(rgid int, egid int) (err error)
+//sysnb	Setresgid(rgid int, egid int, sgid int) (err error)
+//sysnb	Setresuid(ruid int, euid int, suid int) (err error)
+//sysnb	Setreuid(ruid int, euid int) (err error)
+//sys	Shutdown(fd int, how int) (err error)
+//sys	Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int, err error)
+//sys	Stat(path string, stat *Stat_t) (err error) = SYS_STAT64
+//sys	Truncate(path string, length int64) (err error) = SYS_TRUNCATE64
+//sys	Ustat(dev int, ubuf *Ustat_t) (err error)
+//sys	accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error)
+//sys	accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error)
+//sys	bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error)
+//sys	connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error)
+//sysnb	getgroups(n int, list *_Gid_t) (nn int, err error)
+//sysnb	setgroups(n int, list *_Gid_t) (err error)
+//sys	getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error)
+//sys	setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error)
+//sysnb	socket(domain int, typ int, proto int) (fd int, err error)
+//sysnb	socketpair(domain int, typ int, proto int, fd *[2]int32) (err error)
+//sysnb	getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error)
+//sysnb	getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error)
+//sys	recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error)
+//sys	sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error)
+//sys	recvmsg(s int, msg *Msghdr, flags int) (n int, err error)
+//sys	sendmsg(s int, msg *Msghdr, flags int) (n int, err error)
+
+//sys	futimesat(dirfd int, path string, times *[2]Timeval) (err error)
+//sysnb	Gettimeofday(tv *Timeval) (err error)
+//sysnb	Time(t *Time_t) (tt Time_t, err error)
+//sys	Utime(path string, buf *Utimbuf) (err error)
+//sys	utimes(path string, times *[2]Timeval) (err error)
+
+func Fadvise(fd int, offset int64, length int64, advice int) (err error) {
+	_, _, e1 := Syscall6(SYS_FADVISE64_64, uintptr(fd), uintptr(advice), uintptr(offset>>32), uintptr(offset), uintptr(length>>32), uintptr(length))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func seek(fd int, offset int64, whence int) (int64, syscall.Errno) {
+	var newoffset int64
+	offsetLow := uint32(offset & 0xffffffff)
+	offsetHigh := uint32((offset >> 32) & 0xffffffff)
+	_, _, err := Syscall6(SYS__LLSEEK, uintptr(fd), uintptr(offsetHigh), uintptr(offsetLow), uintptr(unsafe.Pointer(&newoffset)), uintptr(whence), 0)
+	return newoffset, err
+}
+
+func Seek(fd int, offset int64, whence int) (newoffset int64, err error) {
+	newoffset, errno := seek(fd, offset, whence)
+	if errno != 0 {
+		return 0, errno
+	}
+	return newoffset, nil
+}
+
+func Fstatfs(fd int, buf *Statfs_t) (err error) {
+	_, _, e := Syscall(SYS_FSTATFS64, uintptr(fd), unsafe.Sizeof(*buf), uintptr(unsafe.Pointer(buf)))
+	if e != 0 {
+		err = e
+	}
+	return
+}
+
+func Statfs(path string, buf *Statfs_t) (err error) {
+	pathp, err := BytePtrFromString(path)
+	if err != nil {
+		return err
+	}
+	_, _, e := Syscall(SYS_STATFS64, uintptr(unsafe.Pointer(pathp)), unsafe.Sizeof(*buf), uintptr(unsafe.Pointer(buf)))
+	if e != 0 {
+		err = e
+	}
+	return
+}
+
+//sys	mmap2(addr uintptr, length uintptr, prot int, flags int, fd int, pageOffset uintptr) (xaddr uintptr, err error)
+
+func mmap(addr uintptr, length uintptr, prot int, flags int, fd int, offset int64) (xaddr uintptr, err error) {
+	page := uintptr(offset / 4096)
+	if offset != int64(page)*4096 {
+		return 0, EINVAL
+	}
+	return mmap2(addr, length, prot, flags, fd, page)
+}
+
+func setTimespec(sec, nsec int64) Timespec {
+	return Timespec{Sec: int32(sec), Nsec: int32(nsec)}
+}
+
+func setTimeval(sec, usec int64) Timeval {
+	return Timeval{Sec: int32(sec), Usec: int32(usec)}
+}
+
+type rlimit32 struct {
+	Cur uint32
+	Max uint32
+}
+
+//sysnb	getrlimit(resource int, rlim *rlimit32) (err error) = SYS_UGETRLIMIT
+
+const rlimInf32 = ^uint32(0)
+const rlimInf64 = ^uint64(0)
+
+func Getrlimit(resource int, rlim *Rlimit) (err error) {
+	err = prlimit(0, resource, nil, rlim)
+	if err != ENOSYS {
+		return err
+	}
+
+	rl := rlimit32{}
+	err = getrlimit(resource, &rl)
+	if err != nil {
+		return
+	}
+
+	if rl.Cur == rlimInf32 {
+		rlim.Cur = rlimInf64
+	} else {
+		rlim.Cur = uint64(rl.Cur)
+	}
+
+	if rl.Max == rlimInf32 {
+		rlim.Max = rlimInf64
+	} else {
+		rlim.Max = uint64(rl.Max)
+	}
+	return
+}
+
+//sysnb	setrlimit(resource int, rlim *rlimit32) (err error) = SYS_SETRLIMIT
+
+func Setrlimit(resource int, rlim *Rlimit) (err error) {
+	err = prlimit(0, resource, rlim, nil)
+	if err != ENOSYS {
+		return err
+	}
+
+	rl := rlimit32{}
+	if rlim.Cur == rlimInf64 {
+		rl.Cur = rlimInf32
+	} else if rlim.Cur < uint64(rlimInf32) {
+		rl.Cur = uint32(rlim.Cur)
+	} else {
+		return EINVAL
+	}
+	if rlim.Max == rlimInf64 {
+		rl.Max = rlimInf32
+	} else if rlim.Max < uint64(rlimInf32) {
+		rl.Max = uint32(rlim.Max)
+	} else {
+		return EINVAL
+	}
+
+	return setrlimit(resource, &rl)
+}
+
+func (r *PtraceRegs) PC() uint32 { return r.Nip }
+
+func (r *PtraceRegs) SetPC(pc uint32) { r.Nip = pc }
+
+func (iov *Iovec) SetLen(length int) {
+	iov.Len = uint32(length)
+}
+
+func (msghdr *Msghdr) SetControllen(length int) {
+	msghdr.Controllen = uint32(length)
+}
+
+func (msghdr *Msghdr) SetIovlen(length int) {
+	msghdr.Iovlen = uint32(length)
+}
+
+func (cmsg *Cmsghdr) SetLen(length int) {
+	cmsg.Len = uint32(length)
+}
+
+//sysnb	pipe(p *[2]_C_int) (err error)
+
+func Pipe(p []int) (err error) {
+	if len(p) != 2 {
+		return EINVAL
+	}
+	var pp [2]_C_int
+	err = pipe(&pp)
+	p[0] = int(pp[0])
+	p[1] = int(pp[1])
+	return
+}
+
+//sysnb	pipe2(p *[2]_C_int, flags int) (err error)
+
+func Pipe2(p []int, flags int) (err error) {
+	if len(p) != 2 {
+		return EINVAL
+	}
+	var pp [2]_C_int
+	err = pipe2(&pp, flags)
+	p[0] = int(pp[0])
+	p[1] = int(pp[1])
+	return
+}
+
+//sys	poll(fds *PollFd, nfds int, timeout int) (n int, err error)
+
+func Poll(fds []PollFd, timeout int) (n int, err error) {
+	if len(fds) == 0 {
+		return poll(nil, 0, timeout)
+	}
+	return poll(&fds[0], len(fds), timeout)
+}
+
+//sys	syncFileRange2(fd int, flags int, off int64, n int64) (err error) = SYS_SYNC_FILE_RANGE2
+
+func SyncFileRange(fd int, off int64, n int64, flags int) error {
+	// The sync_file_range and sync_file_range2 syscalls differ only in the
+	// order of their arguments.
+	return syncFileRange2(fd, flags, off, n)
+}
+
+//sys	kexecFileLoad(kernelFd int, initrdFd int, cmdlineLen int, cmdline string, flags int) (err error)
+
+func KexecFileLoad(kernelFd int, initrdFd int, cmdline string, flags int) error {
+	cmdlineLen := len(cmdline)
+	if cmdlineLen > 0 {
+		// Account for the additional NULL byte added by
+		// BytePtrFromString in kexecFileLoad. The kexec_file_load
+		// syscall expects a NULL-terminated string.
+		cmdlineLen++
+	}
+	return kexecFileLoad(kernelFd, initrdFd, cmdlineLen, cmdline, flags)
+}
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go
new file mode 100644
index 0000000000..d9530e5fbf
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go
@@ -0,0 +1,860 @@
+// mkerrors.sh -Wall -Werror -static -I/tmp/include
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+//go:build ppc && linux
+// +build ppc,linux
+
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs -- -Wall -Werror -static -I/tmp/include /build/_const.go
+
+package unix
+
+import "syscall"
+
+const (
+	B1000000                         = 0x17
+	B115200                          = 0x11
+	B1152000                         = 0x18
+	B1500000                         = 0x19
+	B2000000                         = 0x1a
+	B230400                          = 0x12
+	B2500000                         = 0x1b
+	B3000000                         = 0x1c
+	B3500000                         = 0x1d
+	B4000000                         = 0x1e
+	B460800                          = 0x13
+	B500000                          = 0x14
+	B57600                           = 0x10
+	B576000                          = 0x15
+	B921600                          = 0x16
+	BLKBSZGET                        = 0x40041270
+	BLKBSZSET                        = 0x80041271
+	BLKFLSBUF                        = 0x20001261
+	BLKFRAGET                        = 0x20001265
+	BLKFRASET                        = 0x20001264
+	BLKGETSIZE                       = 0x20001260
+	BLKGETSIZE64                     = 0x40041272
+	BLKPBSZGET                       = 0x2000127b
+	BLKRAGET                         = 0x20001263
+	BLKRASET                         = 0x20001262
+	BLKROGET                         = 0x2000125e
+	BLKROSET                         = 0x2000125d
+	BLKRRPART                        = 0x2000125f
+	BLKSECTGET                       = 0x20001267
+	BLKSECTSET                       = 0x20001266
+	BLKSSZGET                        = 0x20001268
+	BOTHER                           = 0x1f
+	BS1                              = 0x8000
+	BSDLY                            = 0x8000
+	CBAUD                            = 0xff
+	CBAUDEX                          = 0x0
+	CIBAUD                           = 0xff0000
+	CLOCAL                           = 0x8000
+	CR1                              = 0x1000
+	CR2                              = 0x2000
+	CR3                              = 0x3000
+	CRDLY                            = 0x3000
+	CREAD                            = 0x800
+	CS6                              = 0x100
+	CS7                              = 0x200
+	CS8                              = 0x300
+	CSIZE                            = 0x300
+	CSTOPB                           = 0x400
+	ECHOCTL                          = 0x40
+	ECHOE                            = 0x2
+	ECHOK                            = 0x4
+	ECHOKE                           = 0x1
+	ECHONL                           = 0x10
+	ECHOPRT                          = 0x20
+	EFD_CLOEXEC                      = 0x80000
+	EFD_NONBLOCK                     = 0x800
+	EPOLL_CLOEXEC                    = 0x80000
+	EXTPROC                          = 0x10000000
+	FF1                              = 0x4000
+	FFDLY                            = 0x4000
+	FICLONE                          = 0x80049409
+	FICLONERANGE                     = 0x8020940d
+	FLUSHO                           = 0x800000
+	FS_IOC_ENABLE_VERITY             = 0x80806685
+	FS_IOC_GETFLAGS                  = 0x40046601
+	FS_IOC_GET_ENCRYPTION_NONCE      = 0x4010661b
+	FS_IOC_GET_ENCRYPTION_POLICY     = 0x800c6615
+	FS_IOC_GET_ENCRYPTION_PWSALT     = 0x80106614
+	FS_IOC_SETFLAGS                  = 0x80046602
+	FS_IOC_SET_ENCRYPTION_POLICY     = 0x400c6613
+	F_GETLK                          = 0xc
+	F_GETLK64                        = 0xc
+	F_GETOWN                         = 0x9
+	F_RDLCK                          = 0x0
+	F_SETLK                          = 0xd
+	F_SETLK64                        = 0xd
+	F_SETLKW                         = 0xe
+	F_SETLKW64                       = 0xe
+	F_SETOWN                         = 0x8
+	F_UNLCK                          = 0x2
+	F_WRLCK                          = 0x1
+	HIDIOCGRAWINFO                   = 0x40084803
+	HIDIOCGRDESC                     = 0x50044802
+	HIDIOCGRDESCSIZE                 = 0x40044801
+	HUPCL                            = 0x4000
+	ICANON                           = 0x100
+	IEXTEN                           = 0x400
+	IN_CLOEXEC                       = 0x80000
+	IN_NONBLOCK                      = 0x800
+	IOCTL_VM_SOCKETS_GET_LOCAL_CID   = 0x200007b9
+	ISIG                             = 0x80
+	IUCLC                            = 0x1000
+	IXOFF                            = 0x400
+	IXON                             = 0x200
+	MAP_ANON                         = 0x20
+	MAP_ANONYMOUS                    = 0x20
+	MAP_DENYWRITE                    = 0x800
+	MAP_EXECUTABLE                   = 0x1000
+	MAP_GROWSDOWN                    = 0x100
+	MAP_HUGETLB                      = 0x40000
+	MAP_LOCKED                       = 0x80
+	MAP_NONBLOCK                     = 0x10000
+	MAP_NORESERVE                    = 0x40
+	MAP_POPULATE                     = 0x8000
+	MAP_STACK                        = 0x20000
+	MAP_SYNC                         = 0x80000
+	MCL_CURRENT                      = 0x2000
+	MCL_FUTURE                       = 0x4000
+	MCL_ONFAULT                      = 0x8000
+	NFDBITS                          = 0x20
+	NL2                              = 0x200
+	NL3                              = 0x300
+	NLDLY                            = 0x300
+	NOFLSH                           = 0x80000000
+	NS_GET_NSTYPE                    = 0x2000b703
+	NS_GET_OWNER_UID                 = 0x2000b704
+	NS_GET_PARENT                    = 0x2000b702
+	NS_GET_USERNS                    = 0x2000b701
+	OLCUC                            = 0x4
+	ONLCR                            = 0x2
+	O_APPEND                         = 0x400
+	O_ASYNC                          = 0x2000
+	O_CLOEXEC                        = 0x80000
+	O_CREAT                          = 0x40
+	O_DIRECT                         = 0x20000
+	O_DIRECTORY                      = 0x4000
+	O_DSYNC                          = 0x1000
+	O_EXCL                           = 0x80
+	O_FSYNC                          = 0x101000
+	O_LARGEFILE                      = 0x10000
+	O_NDELAY                         = 0x800
+	O_NOATIME                        = 0x40000
+	O_NOCTTY                         = 0x100
+	O_NOFOLLOW                       = 0x8000
+	O_NONBLOCK                       = 0x800
+	O_PATH                           = 0x200000
+	O_RSYNC                          = 0x101000
+	O_SYNC                           = 0x101000
+	O_TMPFILE                        = 0x404000
+	O_TRUNC                          = 0x200
+	PARENB                           = 0x1000
+	PARODD                           = 0x2000
+	PENDIN                           = 0x20000000
+	PERF_EVENT_IOC_DISABLE           = 0x20002401
+	PERF_EVENT_IOC_ENABLE            = 0x20002400
+	PERF_EVENT_IOC_ID                = 0x40042407
+	PERF_EVENT_IOC_MODIFY_ATTRIBUTES = 0x8004240b
+	PERF_EVENT_IOC_PAUSE_OUTPUT      = 0x80042409
+	PERF_EVENT_IOC_PERIOD            = 0x80082404
+	PERF_EVENT_IOC_QUERY_BPF         = 0xc004240a
+	PERF_EVENT_IOC_REFRESH           = 0x20002402
+	PERF_EVENT_IOC_RESET             = 0x20002403
+	PERF_EVENT_IOC_SET_BPF           = 0x80042408
+	PERF_EVENT_IOC_SET_FILTER        = 0x80042406
+	PERF_EVENT_IOC_SET_OUTPUT        = 0x20002405
+	PPPIOCATTACH                     = 0x8004743d
+	PPPIOCATTCHAN                    = 0x80047438
+	PPPIOCBRIDGECHAN                 = 0x80047435
+	PPPIOCCONNECT                    = 0x8004743a
+	PPPIOCDETACH                     = 0x8004743c
+	PPPIOCDISCONN                    = 0x20007439
+	PPPIOCGASYNCMAP                  = 0x40047458
+	PPPIOCGCHAN                      = 0x40047437
+	PPPIOCGDEBUG                     = 0x40047441
+	PPPIOCGFLAGS                     = 0x4004745a
+	PPPIOCGIDLE                      = 0x4008743f
+	PPPIOCGIDLE32                    = 0x4008743f
+	PPPIOCGIDLE64                    = 0x4010743f
+	PPPIOCGL2TPSTATS                 = 0x40487436
+	PPPIOCGMRU                       = 0x40047453
+	PPPIOCGRASYNCMAP                 = 0x40047455
+	PPPIOCGUNIT                      = 0x40047456
+	PPPIOCGXASYNCMAP                 = 0x40207450
+	PPPIOCSACTIVE                    = 0x80087446
+	PPPIOCSASYNCMAP                  = 0x80047457
+	PPPIOCSCOMPRESS                  = 0x800c744d
+	PPPIOCSDEBUG                     = 0x80047440
+	PPPIOCSFLAGS                     = 0x80047459
+	PPPIOCSMAXCID                    = 0x80047451
+	PPPIOCSMRRU                      = 0x8004743b
+	PPPIOCSMRU                       = 0x80047452
+	PPPIOCSNPMODE                    = 0x8008744b
+	PPPIOCSPASS                      = 0x80087447
+	PPPIOCSRASYNCMAP                 = 0x80047454
+	PPPIOCSXASYNCMAP                 = 0x8020744f
+	PPPIOCUNBRIDGECHAN               = 0x20007434
+	PPPIOCXFERUNIT                   = 0x2000744e
+	PROT_SAO                         = 0x10
+	PR_SET_PTRACER_ANY               = 0xffffffff
+	PTRACE_GETEVRREGS                = 0x14
+	PTRACE_GETFPREGS                 = 0xe
+	PTRACE_GETREGS64                 = 0x16
+	PTRACE_GETVRREGS                 = 0x12
+	PTRACE_GETVSRREGS                = 0x1b
+	PTRACE_GET_DEBUGREG              = 0x19
+	PTRACE_SETEVRREGS                = 0x15
+	PTRACE_SETFPREGS                 = 0xf
+	PTRACE_SETREGS64                 = 0x17
+	PTRACE_SETVRREGS                 = 0x13
+	PTRACE_SETVSRREGS                = 0x1c
+	PTRACE_SET_DEBUGREG              = 0x1a
+	PTRACE_SINGLEBLOCK               = 0x100
+	PTRACE_SYSEMU                    = 0x1d
+	PTRACE_SYSEMU_SINGLESTEP         = 0x1e
+	PT_CCR                           = 0x26
+	PT_CTR                           = 0x23
+	PT_DAR                           = 0x29
+	PT_DSCR                          = 0x2c
+	PT_DSISR                         = 0x2a
+	PT_FPR0                          = 0x30
+	PT_FPR31                         = 0x6e
+	PT_FPSCR                         = 0x71
+	PT_LNK                           = 0x24
+	PT_MQ                            = 0x27
+	PT_MSR                           = 0x21
+	PT_NIP                           = 0x20
+	PT_ORIG_R3                       = 0x22
+	PT_R0                            = 0x0
+	PT_R1                            = 0x1
+	PT_R10                           = 0xa
+	PT_R11                           = 0xb
+	PT_R12                           = 0xc
+	PT_R13                           = 0xd
+	PT_R14                           = 0xe
+	PT_R15                           = 0xf
+	PT_R16                           = 0x10
+	PT_R17                           = 0x11
+	PT_R18                           = 0x12
+	PT_R19                           = 0x13
+	PT_R2                            = 0x2
+	PT_R20                           = 0x14
+	PT_R21                           = 0x15
+	PT_R22                           = 0x16
+	PT_R23                           = 0x17
+	PT_R24                           = 0x18
+	PT_R25                           = 0x19
+	PT_R26                           = 0x1a
+	PT_R27                           = 0x1b
+	PT_R28                           = 0x1c
+	PT_R29                           = 0x1d
+	PT_R3                            = 0x3
+	PT_R30                           = 0x1e
+	PT_R31                           = 0x1f
+	PT_R4                            = 0x4
+	PT_R5                            = 0x5
+	PT_R6                            = 0x6
+	PT_R7                            = 0x7
+	PT_R8                            = 0x8
+	PT_R9                            = 0x9
+	PT_REGS_COUNT                    = 0x2c
+	PT_RESULT                        = 0x2b
+	PT_TRAP                          = 0x28
+	PT_XER                           = 0x25
+	RLIMIT_AS                        = 0x9
+	RLIMIT_MEMLOCK                   = 0x8
+	RLIMIT_NOFILE                    = 0x7
+	RLIMIT_NPROC                     = 0x6
+	RLIMIT_RSS                       = 0x5
+	RNDADDENTROPY                    = 0x80085203
+	RNDADDTOENTCNT                   = 0x80045201
+	RNDCLEARPOOL                     = 0x20005206
+	RNDGETENTCNT                     = 0x40045200
+	RNDGETPOOL                       = 0x40085202
+	RNDRESEEDCRNG                    = 0x20005207
+	RNDZAPENTCNT                     = 0x20005204
+	RTC_AIE_OFF                      = 0x20007002
+	RTC_AIE_ON                       = 0x20007001
+	RTC_ALM_READ                     = 0x40247008
+	RTC_ALM_SET                      = 0x80247007
+	RTC_EPOCH_READ                   = 0x4004700d
+	RTC_EPOCH_SET                    = 0x8004700e
+	RTC_IRQP_READ                    = 0x4004700b
+	RTC_IRQP_SET                     = 0x8004700c
+	RTC_PIE_OFF                      = 0x20007006
+	RTC_PIE_ON                       = 0x20007005
+	RTC_PLL_GET                      = 0x401c7011
+	RTC_PLL_SET                      = 0x801c7012
+	RTC_RD_TIME                      = 0x40247009
+	RTC_SET_TIME                     = 0x8024700a
+	RTC_UIE_OFF                      = 0x20007004
+	RTC_UIE_ON                       = 0x20007003
+	RTC_VL_CLR                       = 0x20007014
+	RTC_VL_READ                      = 0x40047013
+	RTC_WIE_OFF                      = 0x20007010
+	RTC_WIE_ON                       = 0x2000700f
+	RTC_WKALM_RD                     = 0x40287010
+	RTC_WKALM_SET                    = 0x8028700f
+	SCM_TIMESTAMPING                 = 0x25
+	SCM_TIMESTAMPING_OPT_STATS       = 0x36
+	SCM_TIMESTAMPING_PKTINFO         = 0x3a
+	SCM_TIMESTAMPNS                  = 0x23
+	SCM_TXTIME                       = 0x3d
+	SCM_WIFI_STATUS                  = 0x29
+	SFD_CLOEXEC                      = 0x80000
+	SFD_NONBLOCK                     = 0x800
+	SIOCATMARK                       = 0x8905
+	SIOCGPGRP                        = 0x8904
+	SIOCGSTAMPNS_NEW                 = 0x40108907
+	SIOCGSTAMP_NEW                   = 0x40108906
+	SIOCINQ                          = 0x4004667f
+	SIOCOUTQ                         = 0x40047473
+	SIOCSPGRP                        = 0x8902
+	SOCK_CLOEXEC                     = 0x80000
+	SOCK_DGRAM                       = 0x2
+	SOCK_NONBLOCK                    = 0x800
+	SOCK_STREAM                      = 0x1
+	SOL_SOCKET                       = 0x1
+	SO_ACCEPTCONN                    = 0x1e
+	SO_ATTACH_BPF                    = 0x32
+	SO_ATTACH_REUSEPORT_CBPF         = 0x33
+	SO_ATTACH_REUSEPORT_EBPF         = 0x34
+	SO_BINDTODEVICE                  = 0x19
+	SO_BINDTOIFINDEX                 = 0x3e
+	SO_BPF_EXTENSIONS                = 0x30
+	SO_BROADCAST                     = 0x6
+	SO_BSDCOMPAT                     = 0xe
+	SO_BUSY_POLL                     = 0x2e
+	SO_BUSY_POLL_BUDGET              = 0x46
+	SO_CNX_ADVICE                    = 0x35
+	SO_COOKIE                        = 0x39
+	SO_DETACH_REUSEPORT_BPF          = 0x44
+	SO_DOMAIN                        = 0x27
+	SO_DONTROUTE                     = 0x5
+	SO_ERROR                         = 0x4
+	SO_INCOMING_CPU                  = 0x31
+	SO_INCOMING_NAPI_ID              = 0x38
+	SO_KEEPALIVE                     = 0x9
+	SO_LINGER                        = 0xd
+	SO_LOCK_FILTER                   = 0x2c
+	SO_MARK                          = 0x24
+	SO_MAX_PACING_RATE               = 0x2f
+	SO_MEMINFO                       = 0x37
+	SO_NOFCS                         = 0x2b
+	SO_OOBINLINE                     = 0xa
+	SO_PASSCRED                      = 0x14
+	SO_PASSSEC                       = 0x22
+	SO_PEEK_OFF                      = 0x2a
+	SO_PEERCRED                      = 0x15
+	SO_PEERGROUPS                    = 0x3b
+	SO_PEERSEC                       = 0x1f
+	SO_PREFER_BUSY_POLL              = 0x45
+	SO_PROTOCOL                      = 0x26
+	SO_RCVBUF                        = 0x8
+	SO_RCVBUFFORCE                   = 0x21
+	SO_RCVLOWAT                      = 0x10
+	SO_RCVTIMEO                      = 0x12
+	SO_RCVTIMEO_NEW                  = 0x42
+	SO_RCVTIMEO_OLD                  = 0x12
+	SO_REUSEADDR                     = 0x2
+	SO_REUSEPORT                     = 0xf
+	SO_RXQ_OVFL                      = 0x28
+	SO_SECURITY_AUTHENTICATION       = 0x16
+	SO_SECURITY_ENCRYPTION_NETWORK   = 0x18
+	SO_SECURITY_ENCRYPTION_TRANSPORT = 0x17
+	SO_SELECT_ERR_QUEUE              = 0x2d
+	SO_SNDBUF                        = 0x7
+	SO_SNDBUFFORCE                   = 0x20
+	SO_SNDLOWAT                      = 0x11
+	SO_SNDTIMEO                      = 0x13
+	SO_SNDTIMEO_NEW                  = 0x43
+	SO_SNDTIMEO_OLD                  = 0x13
+	SO_TIMESTAMPING                  = 0x25
+	SO_TIMESTAMPING_NEW              = 0x41
+	SO_TIMESTAMPING_OLD              = 0x25
+	SO_TIMESTAMPNS                   = 0x23
+	SO_TIMESTAMPNS_NEW               = 0x40
+	SO_TIMESTAMPNS_OLD               = 0x23
+	SO_TIMESTAMP_NEW                 = 0x3f
+	SO_TXTIME                        = 0x3d
+	SO_TYPE                          = 0x3
+	SO_WIFI_STATUS                   = 0x29
+	SO_ZEROCOPY                      = 0x3c
+	TAB1                             = 0x400
+	TAB2                             = 0x800
+	TAB3                             = 0xc00
+	TABDLY                           = 0xc00
+	TCFLSH                           = 0x2000741f
+	TCGETA                           = 0x40147417
+	TCGETS                           = 0x402c7413
+	TCSAFLUSH                        = 0x2
+	TCSBRK                           = 0x2000741d
+	TCSBRKP                          = 0x5425
+	TCSETA                           = 0x80147418
+	TCSETAF                          = 0x8014741c
+	TCSETAW                          = 0x80147419
+	TCSETS                           = 0x802c7414
+	TCSETSF                          = 0x802c7416
+	TCSETSW                          = 0x802c7415
+	TCXONC                           = 0x2000741e
+	TFD_CLOEXEC                      = 0x80000
+	TFD_NONBLOCK                     = 0x800
+	TIOCCBRK                         = 0x5428
+	TIOCCONS                         = 0x541d
+	TIOCEXCL                         = 0x540c
+	TIOCGDEV                         = 0x40045432
+	TIOCGETC                         = 0x40067412
+	TIOCGETD                         = 0x5424
+	TIOCGETP                         = 0x40067408
+	TIOCGEXCL                        = 0x40045440
+	TIOCGICOUNT                      = 0x545d
+	TIOCGISO7816                     = 0x40285442
+	TIOCGLCKTRMIOS                   = 0x5456
+	TIOCGLTC                         = 0x40067474
+	TIOCGPGRP                        = 0x40047477
+	TIOCGPKT                         = 0x40045438
+	TIOCGPTLCK                       = 0x40045439
+	TIOCGPTN                         = 0x40045430
+	TIOCGPTPEER                      = 0x20005441
+	TIOCGRS485                       = 0x542e
+	TIOCGSERIAL                      = 0x541e
+	TIOCGSID                         = 0x5429
+	TIOCGSOFTCAR                     = 0x5419
+	TIOCGWINSZ                       = 0x40087468
+	TIOCINQ                          = 0x4004667f
+	TIOCLINUX                        = 0x541c
+	TIOCMBIC                         = 0x5417
+	TIOCMBIS                         = 0x5416
+	TIOCMGET                         = 0x5415
+	TIOCMIWAIT                       = 0x545c
+	TIOCMSET                         = 0x5418
+	TIOCM_CAR                        = 0x40
+	TIOCM_CD                         = 0x40
+	TIOCM_CTS                        = 0x20
+	TIOCM_DSR                        = 0x100
+	TIOCM_LOOP                       = 0x8000
+	TIOCM_OUT1                       = 0x2000
+	TIOCM_OUT2                       = 0x4000
+	TIOCM_RI                         = 0x80
+	TIOCM_RNG                        = 0x80
+	TIOCM_SR                         = 0x10
+	TIOCM_ST                         = 0x8
+	TIOCNOTTY                        = 0x5422
+	TIOCNXCL                         = 0x540d
+	TIOCOUTQ                         = 0x40047473
+	TIOCPKT                          = 0x5420
+	TIOCSBRK                         = 0x5427
+	TIOCSCTTY                        = 0x540e
+	TIOCSERCONFIG                    = 0x5453
+	TIOCSERGETLSR                    = 0x5459
+	TIOCSERGETMULTI                  = 0x545a
+	TIOCSERGSTRUCT                   = 0x5458
+	TIOCSERGWILD                     = 0x5454
+	TIOCSERSETMULTI                  = 0x545b
+	TIOCSERSWILD                     = 0x5455
+	TIOCSER_TEMT                     = 0x1
+	TIOCSETC                         = 0x80067411
+	TIOCSETD                         = 0x5423
+	TIOCSETN                         = 0x8006740a
+	TIOCSETP                         = 0x80067409
+	TIOCSIG                          = 0x80045436
+	TIOCSISO7816                     = 0xc0285443
+	TIOCSLCKTRMIOS                   = 0x5457
+	TIOCSLTC                         = 0x80067475
+	TIOCSPGRP                        = 0x80047476
+	TIOCSPTLCK                       = 0x80045431
+	TIOCSRS485                       = 0x542f
+	TIOCSSERIAL                      = 0x541f
+	TIOCSSOFTCAR                     = 0x541a
+	TIOCSTART                        = 0x2000746e
+	TIOCSTI                          = 0x5412
+	TIOCSTOP                         = 0x2000746f
+	TIOCSWINSZ                       = 0x80087467
+	TIOCVHANGUP                      = 0x5437
+	TOSTOP                           = 0x400000
+	TUNATTACHFILTER                  = 0x800854d5
+	TUNDETACHFILTER                  = 0x800854d6
+	TUNGETDEVNETNS                   = 0x200054e3
+	TUNGETFEATURES                   = 0x400454cf
+	TUNGETFILTER                     = 0x400854db
+	TUNGETIFF                        = 0x400454d2
+	TUNGETSNDBUF                     = 0x400454d3
+	TUNGETVNETBE                     = 0x400454df
+	TUNGETVNETHDRSZ                  = 0x400454d7
+	TUNGETVNETLE                     = 0x400454dd
+	TUNSETCARRIER                    = 0x800454e2
+	TUNSETDEBUG                      = 0x800454c9
+	TUNSETFILTEREBPF                 = 0x400454e1
+	TUNSETGROUP                      = 0x800454ce
+	TUNSETIFF                        = 0x800454ca
+	TUNSETIFINDEX                    = 0x800454da
+	TUNSETLINK                       = 0x800454cd
+	TUNSETNOCSUM                     = 0x800454c8
+	TUNSETOFFLOAD                    = 0x800454d0
+	TUNSETOWNER                      = 0x800454cc
+	TUNSETPERSIST                    = 0x800454cb
+	TUNSETQUEUE                      = 0x800454d9
+	TUNSETSNDBUF                     = 0x800454d4
+	TUNSETSTEERINGEBPF               = 0x400454e0
+	TUNSETTXFILTER                   = 0x800454d1
+	TUNSETVNETBE                     = 0x800454de
+	TUNSETVNETHDRSZ                  = 0x800454d8
+	TUNSETVNETLE                     = 0x800454dc
+	UBI_IOCATT                       = 0x80186f40
+	UBI_IOCDET                       = 0x80046f41
+	UBI_IOCEBCH                      = 0x80044f02
+	UBI_IOCEBER                      = 0x80044f01
+	UBI_IOCEBISMAP                   = 0x40044f05
+	UBI_IOCEBMAP                     = 0x80084f03
+	UBI_IOCEBUNMAP                   = 0x80044f04
+	UBI_IOCMKVOL                     = 0x80986f00
+	UBI_IOCRMVOL                     = 0x80046f01
+	UBI_IOCRNVOL                     = 0x91106f03
+	UBI_IOCRPEB                      = 0x80046f04
+	UBI_IOCRSVOL                     = 0x800c6f02
+	UBI_IOCSETVOLPROP                = 0x80104f06
+	UBI_IOCSPEB                      = 0x80046f05
+	UBI_IOCVOLCRBLK                  = 0x80804f07
+	UBI_IOCVOLRMBLK                  = 0x20004f08
+	UBI_IOCVOLUP                     = 0x80084f00
+	VDISCARD                         = 0x10
+	VEOF                             = 0x4
+	VEOL                             = 0x6
+	VEOL2                            = 0x8
+	VMIN                             = 0x5
+	VREPRINT                         = 0xb
+	VSTART                           = 0xd
+	VSTOP                            = 0xe
+	VSUSP                            = 0xc
+	VSWTC                            = 0x9
+	VT1                              = 0x10000
+	VTDLY                            = 0x10000
+	VTIME                            = 0x7
+	VWERASE                          = 0xa
+	WDIOC_GETBOOTSTATUS              = 0x40045702
+	WDIOC_GETPRETIMEOUT              = 0x40045709
+	WDIOC_GETSTATUS                  = 0x40045701
+	WDIOC_GETSUPPORT                 = 0x40285700
+	WDIOC_GETTEMP                    = 0x40045703
+	WDIOC_GETTIMELEFT                = 0x4004570a
+	WDIOC_GETTIMEOUT                 = 0x40045707
+	WDIOC_KEEPALIVE                  = 0x40045705
+	WDIOC_SETOPTIONS                 = 0x40045704
+	WORDSIZE                         = 0x20
+	XCASE                            = 0x4000
+	XTABS                            = 0xc00
+	_HIDIOCGRAWNAME                  = 0x40804804
+	_HIDIOCGRAWPHYS                  = 0x40404805
+	_HIDIOCGRAWUNIQ                  = 0x40404808
+)
+
+// Errors
+const (
+	EADDRINUSE      = syscall.Errno(0x62)
+	EADDRNOTAVAIL   = syscall.Errno(0x63)
+	EADV            = syscall.Errno(0x44)
+	EAFNOSUPPORT    = syscall.Errno(0x61)
+	EALREADY        = syscall.Errno(0x72)
+	EBADE           = syscall.Errno(0x34)
+	EBADFD          = syscall.Errno(0x4d)
+	EBADMSG         = syscall.Errno(0x4a)
+	EBADR           = syscall.Errno(0x35)
+	EBADRQC         = syscall.Errno(0x38)
+	EBADSLT         = syscall.Errno(0x39)
+	EBFONT          = syscall.Errno(0x3b)
+	ECANCELED       = syscall.Errno(0x7d)
+	ECHRNG          = syscall.Errno(0x2c)
+	ECOMM           = syscall.Errno(0x46)
+	ECONNABORTED    = syscall.Errno(0x67)
+	ECONNREFUSED    = syscall.Errno(0x6f)
+	ECONNRESET      = syscall.Errno(0x68)
+	EDEADLK         = syscall.Errno(0x23)
+	EDEADLOCK       = syscall.Errno(0x3a)
+	EDESTADDRREQ    = syscall.Errno(0x59)
+	EDOTDOT         = syscall.Errno(0x49)
+	EDQUOT          = syscall.Errno(0x7a)
+	EHOSTDOWN       = syscall.Errno(0x70)
+	EHOSTUNREACH    = syscall.Errno(0x71)
+	EHWPOISON       = syscall.Errno(0x85)
+	EIDRM           = syscall.Errno(0x2b)
+	EILSEQ          = syscall.Errno(0x54)
+	EINPROGRESS     = syscall.Errno(0x73)
+	EISCONN         = syscall.Errno(0x6a)
+	EISNAM          = syscall.Errno(0x78)
+	EKEYEXPIRED     = syscall.Errno(0x7f)
+	EKEYREJECTED    = syscall.Errno(0x81)
+	EKEYREVOKED     = syscall.Errno(0x80)
+	EL2HLT          = syscall.Errno(0x33)
+	EL2NSYNC        = syscall.Errno(0x2d)
+	EL3HLT          = syscall.Errno(0x2e)
+	EL3RST          = syscall.Errno(0x2f)
+	ELIBACC         = syscall.Errno(0x4f)
+	ELIBBAD         = syscall.Errno(0x50)
+	ELIBEXEC        = syscall.Errno(0x53)
+	ELIBMAX         = syscall.Errno(0x52)
+	ELIBSCN         = syscall.Errno(0x51)
+	ELNRNG          = syscall.Errno(0x30)
+	ELOOP           = syscall.Errno(0x28)
+	EMEDIUMTYPE     = syscall.Errno(0x7c)
+	EMSGSIZE        = syscall.Errno(0x5a)
+	EMULTIHOP       = syscall.Errno(0x48)
+	ENAMETOOLONG    = syscall.Errno(0x24)
+	ENAVAIL         = syscall.Errno(0x77)
+	ENETDOWN        = syscall.Errno(0x64)
+	ENETRESET       = syscall.Errno(0x66)
+	ENETUNREACH     = syscall.Errno(0x65)
+	ENOANO          = syscall.Errno(0x37)
+	ENOBUFS         = syscall.Errno(0x69)
+	ENOCSI          = syscall.Errno(0x32)
+	ENODATA         = syscall.Errno(0x3d)
+	ENOKEY          = syscall.Errno(0x7e)
+	ENOLCK          = syscall.Errno(0x25)
+	ENOLINK         = syscall.Errno(0x43)
+	ENOMEDIUM       = syscall.Errno(0x7b)
+	ENOMSG          = syscall.Errno(0x2a)
+	ENONET          = syscall.Errno(0x40)
+	ENOPKG          = syscall.Errno(0x41)
+	ENOPROTOOPT     = syscall.Errno(0x5c)
+	ENOSR           = syscall.Errno(0x3f)
+	ENOSTR          = syscall.Errno(0x3c)
+	ENOSYS          = syscall.Errno(0x26)
+	ENOTCONN        = syscall.Errno(0x6b)
+	ENOTEMPTY       = syscall.Errno(0x27)
+	ENOTNAM         = syscall.Errno(0x76)
+	ENOTRECOVERABLE = syscall.Errno(0x83)
+	ENOTSOCK        = syscall.Errno(0x58)
+	ENOTSUP         = syscall.Errno(0x5f)
+	ENOTUNIQ        = syscall.Errno(0x4c)
+	EOPNOTSUPP      = syscall.Errno(0x5f)
+	EOVERFLOW       = syscall.Errno(0x4b)
+	EOWNERDEAD      = syscall.Errno(0x82)
+	EPFNOSUPPORT    = syscall.Errno(0x60)
+	EPROTO          = syscall.Errno(0x47)
+	EPROTONOSUPPORT = syscall.Errno(0x5d)
+	EPROTOTYPE      = syscall.Errno(0x5b)
+	EREMCHG         = syscall.Errno(0x4e)
+	EREMOTE         = syscall.Errno(0x42)
+	EREMOTEIO       = syscall.Errno(0x79)
+	ERESTART        = syscall.Errno(0x55)
+	ERFKILL         = syscall.Errno(0x84)
+	ESHUTDOWN       = syscall.Errno(0x6c)
+	ESOCKTNOSUPPORT = syscall.Errno(0x5e)
+	ESRMNT          = syscall.Errno(0x45)
+	ESTALE          = syscall.Errno(0x74)
+	ESTRPIPE        = syscall.Errno(0x56)
+	ETIME           = syscall.Errno(0x3e)
+	ETIMEDOUT       = syscall.Errno(0x6e)
+	ETOOMANYREFS    = syscall.Errno(0x6d)
+	EUCLEAN         = syscall.Errno(0x75)
+	EUNATCH         = syscall.Errno(0x31)
+	EUSERS          = syscall.Errno(0x57)
+	EXFULL          = syscall.Errno(0x36)
+)
+
+// Signals
+const (
+	SIGBUS    = syscall.Signal(0x7)
+	SIGCHLD   = syscall.Signal(0x11)
+	SIGCLD    = syscall.Signal(0x11)
+	SIGCONT   = syscall.Signal(0x12)
+	SIGIO     = syscall.Signal(0x1d)
+	SIGPOLL   = syscall.Signal(0x1d)
+	SIGPROF   = syscall.Signal(0x1b)
+	SIGPWR    = syscall.Signal(0x1e)
+	SIGSTKFLT = syscall.Signal(0x10)
+	SIGSTOP   = syscall.Signal(0x13)
+	SIGSYS    = syscall.Signal(0x1f)
+	SIGTSTP   = syscall.Signal(0x14)
+	SIGTTIN   = syscall.Signal(0x15)
+	SIGTTOU   = syscall.Signal(0x16)
+	SIGURG    = syscall.Signal(0x17)
+	SIGUSR1   = syscall.Signal(0xa)
+	SIGUSR2   = syscall.Signal(0xc)
+	SIGVTALRM = syscall.Signal(0x1a)
+	SIGWINCH  = syscall.Signal(0x1c)
+	SIGXCPU   = syscall.Signal(0x18)
+	SIGXFSZ   = syscall.Signal(0x19)
+)
+
+// Error table
+var errorList = [...]struct {
+	num  syscall.Errno
+	name string
+	desc string
+}{
+	{1, "EPERM", "operation not permitted"},
+	{2, "ENOENT", "no such file or directory"},
+	{3, "ESRCH", "no such process"},
+	{4, "EINTR", "interrupted system call"},
+	{5, "EIO", "input/output error"},
+	{6, "ENXIO", "no such device or address"},
+	{7, "E2BIG", "argument list too long"},
+	{8, "ENOEXEC", "exec format error"},
+	{9, "EBADF", "bad file descriptor"},
+	{10, "ECHILD", "no child processes"},
+	{11, "EAGAIN", "resource temporarily unavailable"},
+	{12, "ENOMEM", "cannot allocate memory"},
+	{13, "EACCES", "permission denied"},
+	{14, "EFAULT", "bad address"},
+	{15, "ENOTBLK", "block device required"},
+	{16, "EBUSY", "device or resource busy"},
+	{17, "EEXIST", "file exists"},
+	{18, "EXDEV", "invalid cross-device link"},
+	{19, "ENODEV", "no such device"},
+	{20, "ENOTDIR", "not a directory"},
+	{21, "EISDIR", "is a directory"},
+	{22, "EINVAL", "invalid argument"},
+	{23, "ENFILE", "too many open files in system"},
+	{24, "EMFILE", "too many open files"},
+	{25, "ENOTTY", "inappropriate ioctl for device"},
+	{26, "ETXTBSY", "text file busy"},
+	{27, "EFBIG", "file too large"},
+	{28, "ENOSPC", "no space left on device"},
+	{29, "ESPIPE", "illegal seek"},
+	{30, "EROFS", "read-only file system"},
+	{31, "EMLINK", "too many links"},
+	{32, "EPIPE", "broken pipe"},
+	{33, "EDOM", "numerical argument out of domain"},
+	{34, "ERANGE", "numerical result out of range"},
+	{35, "EDEADLK", "resource deadlock avoided"},
+	{36, "ENAMETOOLONG", "file name too long"},
+	{37, "ENOLCK", "no locks available"},
+	{38, "ENOSYS", "function not implemented"},
+	{39, "ENOTEMPTY", "directory not empty"},
+	{40, "ELOOP", "too many levels of symbolic links"},
+	{42, "ENOMSG", "no message of desired type"},
+	{43, "EIDRM", "identifier removed"},
+	{44, "ECHRNG", "channel number out of range"},
+	{45, "EL2NSYNC", "level 2 not synchronized"},
+	{46, "EL3HLT", "level 3 halted"},
+	{47, "EL3RST", "level 3 reset"},
+	{48, "ELNRNG", "link number out of range"},
+	{49, "EUNATCH", "protocol driver not attached"},
+	{50, "ENOCSI", "no CSI structure available"},
+	{51, "EL2HLT", "level 2 halted"},
+	{52, "EBADE", "invalid exchange"},
+	{53, "EBADR", "invalid request descriptor"},
+	{54, "EXFULL", "exchange full"},
+	{55, "ENOANO", "no anode"},
+	{56, "EBADRQC", "invalid request code"},
+	{57, "EBADSLT", "invalid slot"},
+	{58, "EDEADLOCK", "file locking deadlock error"},
+	{59, "EBFONT", "bad font file format"},
+	{60, "ENOSTR", "device not a stream"},
+	{61, "ENODATA", "no data available"},
+	{62, "ETIME", "timer expired"},
+	{63, "ENOSR", "out of streams resources"},
+	{64, "ENONET", "machine is not on the network"},
+	{65, "ENOPKG", "package not installed"},
+	{66, "EREMOTE", "object is remote"},
+	{67, "ENOLINK", "link has been severed"},
+	{68, "EADV", "advertise error"},
+	{69, "ESRMNT", "srmount error"},
+	{70, "ECOMM", "communication error on send"},
+	{71, "EPROTO", "protocol error"},
+	{72, "EMULTIHOP", "multihop attempted"},
+	{73, "EDOTDOT", "RFS specific error"},
+	{74, "EBADMSG", "bad message"},
+	{75, "EOVERFLOW", "value too large for defined data type"},
+	{76, "ENOTUNIQ", "name not unique on network"},
+	{77, "EBADFD", "file descriptor in bad state"},
+	{78, "EREMCHG", "remote address changed"},
+	{79, "ELIBACC", "can not access a needed shared library"},
+	{80, "ELIBBAD", "accessing a corrupted shared library"},
+	{81, "ELIBSCN", ".lib section in a.out corrupted"},
+	{82, "ELIBMAX", "attempting to link in too many shared libraries"},
+	{83, "ELIBEXEC", "cannot exec a shared library directly"},
+	{84, "EILSEQ", "invalid or incomplete multibyte or wide character"},
+	{85, "ERESTART", "interrupted system call should be restarted"},
+	{86, "ESTRPIPE", "streams pipe error"},
+	{87, "EUSERS", "too many users"},
+	{88, "ENOTSOCK", "socket operation on non-socket"},
+	{89, "EDESTADDRREQ", "destination address required"},
+	{90, "EMSGSIZE", "message too long"},
+	{91, "EPROTOTYPE", "protocol wrong type for socket"},
+	{92, "ENOPROTOOPT", "protocol not available"},
+	{93, "EPROTONOSUPPORT", "protocol not supported"},
+	{94, "ESOCKTNOSUPPORT", "socket type not supported"},
+	{95, "ENOTSUP", "operation not supported"},
+	{96, "EPFNOSUPPORT", "protocol family not supported"},
+	{97, "EAFNOSUPPORT", "address family not supported by protocol"},
+	{98, "EADDRINUSE", "address already in use"},
+	{99, "EADDRNOTAVAIL", "cannot assign requested address"},
+	{100, "ENETDOWN", "network is down"},
+	{101, "ENETUNREACH", "network is unreachable"},
+	{102, "ENETRESET", "network dropped connection on reset"},
+	{103, "ECONNABORTED", "software caused connection abort"},
+	{104, "ECONNRESET", "connection reset by peer"},
+	{105, "ENOBUFS", "no buffer space available"},
+	{106, "EISCONN", "transport endpoint is already connected"},
+	{107, "ENOTCONN", "transport endpoint is not connected"},
+	{108, "ESHUTDOWN", "cannot send after transport endpoint shutdown"},
+	{109, "ETOOMANYREFS", "too many references: cannot splice"},
+	{110, "ETIMEDOUT", "connection timed out"},
+	{111, "ECONNREFUSED", "connection refused"},
+	{112, "EHOSTDOWN", "host is down"},
+	{113, "EHOSTUNREACH", "no route to host"},
+	{114, "EALREADY", "operation already in progress"},
+	{115, "EINPROGRESS", "operation now in progress"},
+	{116, "ESTALE", "stale file handle"},
+	{117, "EUCLEAN", "structure needs cleaning"},
+	{118, "ENOTNAM", "not a XENIX named type file"},
+	{119, "ENAVAIL", "no XENIX semaphores available"},
+	{120, "EISNAM", "is a named type file"},
+	{121, "EREMOTEIO", "remote I/O error"},
+	{122, "EDQUOT", "disk quota exceeded"},
+	{123, "ENOMEDIUM", "no medium found"},
+	{124, "EMEDIUMTYPE", "wrong medium type"},
+	{125, "ECANCELED", "operation canceled"},
+	{126, "ENOKEY", "required key not available"},
+	{127, "EKEYEXPIRED", "key has expired"},
+	{128, "EKEYREVOKED", "key has been revoked"},
+	{129, "EKEYREJECTED", "key was rejected by service"},
+	{130, "EOWNERDEAD", "owner died"},
+	{131, "ENOTRECOVERABLE", "state not recoverable"},
+	{132, "ERFKILL", "operation not possible due to RF-kill"},
+	{133, "EHWPOISON", "memory page has hardware error"},
+}
+
+// Signal table
+var signalList = [...]struct {
+	num  syscall.Signal
+	name string
+	desc string
+}{
+	{1, "SIGHUP", "hangup"},
+	{2, "SIGINT", "interrupt"},
+	{3, "SIGQUIT", "quit"},
+	{4, "SIGILL", "illegal instruction"},
+	{5, "SIGTRAP", "trace/breakpoint trap"},
+	{6, "SIGABRT", "aborted"},
+	{7, "SIGBUS", "bus error"},
+	{8, "SIGFPE", "floating point exception"},
+	{9, "SIGKILL", "killed"},
+	{10, "SIGUSR1", "user defined signal 1"},
+	{11, "SIGSEGV", "segmentation fault"},
+	{12, "SIGUSR2", "user defined signal 2"},
+	{13, "SIGPIPE", "broken pipe"},
+	{14, "SIGALRM", "alarm clock"},
+	{15, "SIGTERM", "terminated"},
+	{16, "SIGSTKFLT", "stack fault"},
+	{17, "SIGCHLD", "child exited"},
+	{18, "SIGCONT", "continued"},
+	{19, "SIGSTOP", "stopped (signal)"},
+	{20, "SIGTSTP", "stopped"},
+	{21, "SIGTTIN", "stopped (tty input)"},
+	{22, "SIGTTOU", "stopped (tty output)"},
+	{23, "SIGURG", "urgent I/O condition"},
+	{24, "SIGXCPU", "CPU time limit exceeded"},
+	{25, "SIGXFSZ", "file size limit exceeded"},
+	{26, "SIGVTALRM", "virtual timer expired"},
+	{27, "SIGPROF", "profiling timer expired"},
+	{28, "SIGWINCH", "window changed"},
+	{29, "SIGIO", "I/O possible"},
+	{30, "SIGPWR", "power failure"},
+	{31, "SIGSYS", "bad system call"},
+}
diff --git a/vendor/golang.org/x/sys/unix/zerrors_solaris_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_solaris_amd64.go
index 65fb2c5cd8..1afee6a089 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_solaris_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_solaris_amd64.go
@@ -366,6 +366,7 @@ const (
 	HUPCL                         = 0x400
 	IBSHIFT                       = 0x10
 	ICANON                        = 0x2
+	ICMP6_FILTER                  = 0x1
 	ICRNL                         = 0x100
 	IEXTEN                        = 0x8000
 	IFF_ADDRCONF                  = 0x80000
@@ -612,6 +613,7 @@ const (
 	IP_RECVPKTINFO                = 0x1a
 	IP_RECVRETOPTS                = 0x6
 	IP_RECVSLLA                   = 0xa
+	IP_RECVTOS                    = 0xc
 	IP_RECVTTL                    = 0xb
 	IP_RETOPTS                    = 0x8
 	IP_REUSEADDR                  = 0x104
@@ -704,6 +706,7 @@ const (
 	O_APPEND                      = 0x8
 	O_CLOEXEC                     = 0x800000
 	O_CREAT                       = 0x100
+	O_DIRECT                      = 0x2000000
 	O_DIRECTORY                   = 0x1000000
 	O_DSYNC                       = 0x40
 	O_EXCL                        = 0x400
diff --git a/vendor/golang.org/x/sys/unix/zerrors_zos_s390x.go b/vendor/golang.org/x/sys/unix/zerrors_zos_s390x.go
index c8c7909038..4e87b4bebd 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_zos_s390x.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_zos_s390x.go
@@ -164,6 +164,12 @@ const (
 	MAP_PRIVATE                     = 0x1 // changes are private
 	MAP_SHARED                      = 0x2 // changes are shared
 	MAP_FIXED                       = 0x4 // place exactly
+	MCAST_JOIN_GROUP                = 40
+	MCAST_LEAVE_GROUP               = 41
+	MCAST_JOIN_SOURCE_GROUP         = 42
+	MCAST_LEAVE_SOURCE_GROUP        = 43
+	MCAST_BLOCK_SOURCE              = 44
+	MCAST_UNBLOCK_SOURCE            = 45
 	MS_SYNC                         = 0x1 // msync - synchronous writes
 	MS_ASYNC                        = 0x2 // asynchronous writes
 	MS_INVALIDATE                   = 0x4 // invalidate mappings
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc.go
new file mode 100644
index 0000000000..927cf1a00f
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc.go
@@ -0,0 +1,762 @@
+// go run mksyscall.go -b32 -tags linux,ppc syscall_linux.go syscall_linux_ppc.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+//go:build linux && ppc
+// +build linux,ppc
+
+package unix
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+var _ syscall.Errno
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fanotifyMark(fd int, flags uint, mask uint64, dirFd int, pathname *byte) (err error) {
+	_, _, e1 := Syscall6(SYS_FANOTIFY_MARK, uintptr(fd), uintptr(flags), uintptr(mask>>32), uintptr(mask), uintptr(dirFd), uintptr(unsafe.Pointer(pathname)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fallocate(fd int, mode uint32, off int64, len int64) (err error) {
+	_, _, e1 := Syscall6(SYS_FALLOCATE, uintptr(fd), uintptr(mode), uintptr(off>>32), uintptr(off), uintptr(len>>32), uintptr(len))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Tee(rfd int, wfd int, len int, flags int) (n int64, err error) {
+	r0, r1, e1 := Syscall6(SYS_TEE, uintptr(rfd), uintptr(wfd), uintptr(len), uintptr(flags), 0, 0)
+	n = int64(int64(r0)<<32 | int64(r1))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func dup2(oldfd int, newfd int) (err error) {
+	_, _, e1 := Syscall(SYS_DUP2, uintptr(oldfd), uintptr(newfd), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func EpollCreate(size int) (fd int, err error) {
+	r0, _, e1 := RawSyscall(SYS_EPOLL_CREATE, uintptr(size), 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(events) > 0 {
+		_p0 = unsafe.Pointer(&events[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_EPOLL_WAIT, uintptr(epfd), uintptr(_p0), uintptr(len(events)), uintptr(msec), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchown(fd int, uid int, gid int) (err error) {
+	_, _, e1 := Syscall(SYS_FCHOWN, uintptr(fd), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstat(fd int, stat *Stat_t) (err error) {
+	_, _, e1 := Syscall(SYS_FSTAT64, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstatat(dirfd int, path string, stat *Stat_t, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FSTATAT64, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Ftruncate(fd int, length int64) (err error) {
+	_, _, e1 := Syscall(SYS_FTRUNCATE64, uintptr(fd), uintptr(length>>32), uintptr(length))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getegid() (egid int) {
+	r0, _ := RawSyscallNoError(SYS_GETEGID, 0, 0, 0)
+	egid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Geteuid() (euid int) {
+	r0, _ := RawSyscallNoError(SYS_GETEUID, 0, 0, 0)
+	euid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getgid() (gid int) {
+	r0, _ := RawSyscallNoError(SYS_GETGID, 0, 0, 0)
+	gid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getuid() (uid int) {
+	r0, _ := RawSyscallNoError(SYS_GETUID, 0, 0, 0)
+	uid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func InotifyInit() (fd int, err error) {
+	r0, _, e1 := RawSyscall(SYS_INOTIFY_INIT, 0, 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Ioperm(from int, num int, on int) (err error) {
+	_, _, e1 := Syscall(SYS_IOPERM, uintptr(from), uintptr(num), uintptr(on))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Iopl(level int) (err error) {
+	_, _, e1 := Syscall(SYS_IOPL, uintptr(level), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Lchown(path string, uid int, gid int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_LCHOWN, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Listen(s int, n int) (err error) {
+	_, _, e1 := Syscall(SYS_LISTEN, uintptr(s), uintptr(n), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Lstat(path string, stat *Stat_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_LSTAT64, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pause() (err error) {
+	_, _, e1 := Syscall(SYS_PAUSE, 0, 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pread(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_PREAD64, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset>>32), uintptr(offset), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pwrite(fd int, p []byte, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_PWRITE64, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset>>32), uintptr(offset), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(oldpath)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(newpath)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_RENAMEAT, uintptr(olddirfd), uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) {
+	r0, _, e1 := Syscall6(SYS__NEWSELECT, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) {
+	r0, _, e1 := Syscall6(SYS_SENDFILE64, uintptr(outfd), uintptr(infd), uintptr(unsafe.Pointer(offset)), uintptr(count), 0, 0)
+	written = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setfsgid(gid int) (prev int, err error) {
+	r0, _, e1 := Syscall(SYS_SETFSGID, uintptr(gid), 0, 0)
+	prev = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setfsuid(uid int) (prev int, err error) {
+	r0, _, e1 := Syscall(SYS_SETFSUID, uintptr(uid), 0, 0)
+	prev = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setregid(rgid int, egid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETREGID, uintptr(rgid), uintptr(egid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setresgid(rgid int, egid int, sgid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRESGID, uintptr(rgid), uintptr(egid), uintptr(sgid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setresuid(ruid int, euid int, suid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRESUID, uintptr(ruid), uintptr(euid), uintptr(suid))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setreuid(ruid int, euid int) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETREUID, uintptr(ruid), uintptr(euid), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Shutdown(fd int, how int) (err error) {
+	_, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(fd), uintptr(how), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int, err error) {
+	r0, _, e1 := Syscall6(SYS_SPLICE, uintptr(rfd), uintptr(unsafe.Pointer(roff)), uintptr(wfd), uintptr(unsafe.Pointer(woff)), uintptr(len), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Stat(path string, stat *Stat_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_STAT64, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Truncate(path string, length int64) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_TRUNCATE64, uintptr(unsafe.Pointer(_p0)), uintptr(length>>32), uintptr(length))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Ustat(dev int, ubuf *Ustat_t) (err error) {
+	_, _, e1 := Syscall(SYS_USTAT, uintptr(dev), uintptr(unsafe.Pointer(ubuf)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) {
+	r0, _, e1 := Syscall(SYS_ACCEPT, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error) {
+	r0, _, e1 := Syscall6(SYS_ACCEPT4, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)), uintptr(flags), 0, 0)
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	_, _, e1 := Syscall(SYS_BIND, uintptr(s), uintptr(addr), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+	_, _, e1 := Syscall(SYS_CONNECT, uintptr(s), uintptr(addr), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getgroups(n int, list *_Gid_t) (nn int, err error) {
+	r0, _, e1 := RawSyscall(SYS_GETGROUPS, uintptr(n), uintptr(unsafe.Pointer(list)), 0)
+	nn = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setgroups(n int, list *_Gid_t) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETGROUPS, uintptr(n), uintptr(unsafe.Pointer(list)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error) {
+	_, _, e1 := Syscall6(SYS_GETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(unsafe.Pointer(vallen)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error) {
+	_, _, e1 := Syscall6(SYS_SETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(vallen), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socket(domain int, typ int, proto int) (fd int, err error) {
+	r0, _, e1 := RawSyscall(SYS_SOCKET, uintptr(domain), uintptr(typ), uintptr(proto))
+	fd = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socketpair(domain int, typ int, proto int, fd *[2]int32) (err error) {
+	_, _, e1 := RawSyscall6(SYS_SOCKETPAIR, uintptr(domain), uintptr(typ), uintptr(proto), uintptr(unsafe.Pointer(fd)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETPEERNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETSOCKNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_RECVFROM, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall6(SYS_SENDTO, uintptr(s), uintptr(_p0), uintptr(len(buf)), uintptr(flags), uintptr(to), uintptr(addrlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_RECVMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_SENDMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func futimesat(dirfd int, path string, times *[2]Timeval) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_FUTIMESAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Gettimeofday(tv *Timeval) (err error) {
+	_, _, e1 := RawSyscall(SYS_GETTIMEOFDAY, uintptr(unsafe.Pointer(tv)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Time(t *Time_t) (tt Time_t, err error) {
+	r0, _, e1 := RawSyscall(SYS_TIME, uintptr(unsafe.Pointer(t)), 0, 0)
+	tt = Time_t(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Utime(path string, buf *Utimbuf) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UTIME, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(buf)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func utimes(path string, times *[2]Timeval) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall(SYS_UTIMES, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func mmap2(addr uintptr, length uintptr, prot int, flags int, fd int, pageOffset uintptr) (xaddr uintptr, err error) {
+	r0, _, e1 := Syscall6(SYS_MMAP2, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flags), uintptr(fd), uintptr(pageOffset))
+	xaddr = uintptr(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getrlimit(resource int, rlim *rlimit32) (err error) {
+	_, _, e1 := RawSyscall(SYS_UGETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setrlimit(resource int, rlim *rlimit32) (err error) {
+	_, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pipe(p *[2]_C_int) (err error) {
+	_, _, e1 := RawSyscall(SYS_PIPE, uintptr(unsafe.Pointer(p)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func poll(fds *PollFd, nfds int, timeout int) (n int, err error) {
+	r0, _, e1 := Syscall(SYS_POLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func syncFileRange2(fd int, flags int, off int64, n int64) (err error) {
+	_, _, e1 := Syscall6(SYS_SYNC_FILE_RANGE2, uintptr(fd), uintptr(flags), uintptr(off>>32), uintptr(off), uintptr(n>>32), uintptr(n))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func kexecFileLoad(kernelFd int, initrdFd int, cmdlineLen int, cmdline string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(cmdline)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_KEXEC_FILE_LOAD, uintptr(kernelFd), uintptr(initrdFd), uintptr(cmdlineLen), uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go
new file mode 100644
index 0000000000..7693656a6b
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go
@@ -0,0 +1,433 @@
+// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/include /tmp/include/asm/unistd.h
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+//go:build ppc && linux
+// +build ppc,linux
+
+package unix
+
+const (
+	SYS_RESTART_SYSCALL              = 0
+	SYS_EXIT                         = 1
+	SYS_FORK                         = 2
+	SYS_READ                         = 3
+	SYS_WRITE                        = 4
+	SYS_OPEN                         = 5
+	SYS_CLOSE                        = 6
+	SYS_WAITPID                      = 7
+	SYS_CREAT                        = 8
+	SYS_LINK                         = 9
+	SYS_UNLINK                       = 10
+	SYS_EXECVE                       = 11
+	SYS_CHDIR                        = 12
+	SYS_TIME                         = 13
+	SYS_MKNOD                        = 14
+	SYS_CHMOD                        = 15
+	SYS_LCHOWN                       = 16
+	SYS_BREAK                        = 17
+	SYS_OLDSTAT                      = 18
+	SYS_LSEEK                        = 19
+	SYS_GETPID                       = 20
+	SYS_MOUNT                        = 21
+	SYS_UMOUNT                       = 22
+	SYS_SETUID                       = 23
+	SYS_GETUID                       = 24
+	SYS_STIME                        = 25
+	SYS_PTRACE                       = 26
+	SYS_ALARM                        = 27
+	SYS_OLDFSTAT                     = 28
+	SYS_PAUSE                        = 29
+	SYS_UTIME                        = 30
+	SYS_STTY                         = 31
+	SYS_GTTY                         = 32
+	SYS_ACCESS                       = 33
+	SYS_NICE                         = 34
+	SYS_FTIME                        = 35
+	SYS_SYNC                         = 36
+	SYS_KILL                         = 37
+	SYS_RENAME                       = 38
+	SYS_MKDIR                        = 39
+	SYS_RMDIR                        = 40
+	SYS_DUP                          = 41
+	SYS_PIPE                         = 42
+	SYS_TIMES                        = 43
+	SYS_PROF                         = 44
+	SYS_BRK                          = 45
+	SYS_SETGID                       = 46
+	SYS_GETGID                       = 47
+	SYS_SIGNAL                       = 48
+	SYS_GETEUID                      = 49
+	SYS_GETEGID                      = 50
+	SYS_ACCT                         = 51
+	SYS_UMOUNT2                      = 52
+	SYS_LOCK                         = 53
+	SYS_IOCTL                        = 54
+	SYS_FCNTL                        = 55
+	SYS_MPX                          = 56
+	SYS_SETPGID                      = 57
+	SYS_ULIMIT                       = 58
+	SYS_OLDOLDUNAME                  = 59
+	SYS_UMASK                        = 60
+	SYS_CHROOT                       = 61
+	SYS_USTAT                        = 62
+	SYS_DUP2                         = 63
+	SYS_GETPPID                      = 64
+	SYS_GETPGRP                      = 65
+	SYS_SETSID                       = 66
+	SYS_SIGACTION                    = 67
+	SYS_SGETMASK                     = 68
+	SYS_SSETMASK                     = 69
+	SYS_SETREUID                     = 70
+	SYS_SETREGID                     = 71
+	SYS_SIGSUSPEND                   = 72
+	SYS_SIGPENDING                   = 73
+	SYS_SETHOSTNAME                  = 74
+	SYS_SETRLIMIT                    = 75
+	SYS_GETRLIMIT                    = 76
+	SYS_GETRUSAGE                    = 77
+	SYS_GETTIMEOFDAY                 = 78
+	SYS_SETTIMEOFDAY                 = 79
+	SYS_GETGROUPS                    = 80
+	SYS_SETGROUPS                    = 81
+	SYS_SELECT                       = 82
+	SYS_SYMLINK                      = 83
+	SYS_OLDLSTAT                     = 84
+	SYS_READLINK                     = 85
+	SYS_USELIB                       = 86
+	SYS_SWAPON                       = 87
+	SYS_REBOOT                       = 88
+	SYS_READDIR                      = 89
+	SYS_MMAP                         = 90
+	SYS_MUNMAP                       = 91
+	SYS_TRUNCATE                     = 92
+	SYS_FTRUNCATE                    = 93
+	SYS_FCHMOD                       = 94
+	SYS_FCHOWN                       = 95
+	SYS_GETPRIORITY                  = 96
+	SYS_SETPRIORITY                  = 97
+	SYS_PROFIL                       = 98
+	SYS_STATFS                       = 99
+	SYS_FSTATFS                      = 100
+	SYS_IOPERM                       = 101
+	SYS_SOCKETCALL                   = 102
+	SYS_SYSLOG                       = 103
+	SYS_SETITIMER                    = 104
+	SYS_GETITIMER                    = 105
+	SYS_STAT                         = 106
+	SYS_LSTAT                        = 107
+	SYS_FSTAT                        = 108
+	SYS_OLDUNAME                     = 109
+	SYS_IOPL                         = 110
+	SYS_VHANGUP                      = 111
+	SYS_IDLE                         = 112
+	SYS_VM86                         = 113
+	SYS_WAIT4                        = 114
+	SYS_SWAPOFF                      = 115
+	SYS_SYSINFO                      = 116
+	SYS_IPC                          = 117
+	SYS_FSYNC                        = 118
+	SYS_SIGRETURN                    = 119
+	SYS_CLONE                        = 120
+	SYS_SETDOMAINNAME                = 121
+	SYS_UNAME                        = 122
+	SYS_MODIFY_LDT                   = 123
+	SYS_ADJTIMEX                     = 124
+	SYS_MPROTECT                     = 125
+	SYS_SIGPROCMASK                  = 126
+	SYS_CREATE_MODULE                = 127
+	SYS_INIT_MODULE                  = 128
+	SYS_DELETE_MODULE                = 129
+	SYS_GET_KERNEL_SYMS              = 130
+	SYS_QUOTACTL                     = 131
+	SYS_GETPGID                      = 132
+	SYS_FCHDIR                       = 133
+	SYS_BDFLUSH                      = 134
+	SYS_SYSFS                        = 135
+	SYS_PERSONALITY                  = 136
+	SYS_AFS_SYSCALL                  = 137
+	SYS_SETFSUID                     = 138
+	SYS_SETFSGID                     = 139
+	SYS__LLSEEK                      = 140
+	SYS_GETDENTS                     = 141
+	SYS__NEWSELECT                   = 142
+	SYS_FLOCK                        = 143
+	SYS_MSYNC                        = 144
+	SYS_READV                        = 145
+	SYS_WRITEV                       = 146
+	SYS_GETSID                       = 147
+	SYS_FDATASYNC                    = 148
+	SYS__SYSCTL                      = 149
+	SYS_MLOCK                        = 150
+	SYS_MUNLOCK                      = 151
+	SYS_MLOCKALL                     = 152
+	SYS_MUNLOCKALL                   = 153
+	SYS_SCHED_SETPARAM               = 154
+	SYS_SCHED_GETPARAM               = 155
+	SYS_SCHED_SETSCHEDULER           = 156
+	SYS_SCHED_GETSCHEDULER           = 157
+	SYS_SCHED_YIELD                  = 158
+	SYS_SCHED_GET_PRIORITY_MAX       = 159
+	SYS_SCHED_GET_PRIORITY_MIN       = 160
+	SYS_SCHED_RR_GET_INTERVAL        = 161
+	SYS_NANOSLEEP                    = 162
+	SYS_MREMAP                       = 163
+	SYS_SETRESUID                    = 164
+	SYS_GETRESUID                    = 165
+	SYS_QUERY_MODULE                 = 166
+	SYS_POLL                         = 167
+	SYS_NFSSERVCTL                   = 168
+	SYS_SETRESGID                    = 169
+	SYS_GETRESGID                    = 170
+	SYS_PRCTL                        = 171
+	SYS_RT_SIGRETURN                 = 172
+	SYS_RT_SIGACTION                 = 173
+	SYS_RT_SIGPROCMASK               = 174
+	SYS_RT_SIGPENDING                = 175
+	SYS_RT_SIGTIMEDWAIT              = 176
+	SYS_RT_SIGQUEUEINFO              = 177
+	SYS_RT_SIGSUSPEND                = 178
+	SYS_PREAD64                      = 179
+	SYS_PWRITE64                     = 180
+	SYS_CHOWN                        = 181
+	SYS_GETCWD                       = 182
+	SYS_CAPGET                       = 183
+	SYS_CAPSET                       = 184
+	SYS_SIGALTSTACK                  = 185
+	SYS_SENDFILE                     = 186
+	SYS_GETPMSG                      = 187
+	SYS_PUTPMSG                      = 188
+	SYS_VFORK                        = 189
+	SYS_UGETRLIMIT                   = 190
+	SYS_READAHEAD                    = 191
+	SYS_MMAP2                        = 192
+	SYS_TRUNCATE64                   = 193
+	SYS_FTRUNCATE64                  = 194
+	SYS_STAT64                       = 195
+	SYS_LSTAT64                      = 196
+	SYS_FSTAT64                      = 197
+	SYS_PCICONFIG_READ               = 198
+	SYS_PCICONFIG_WRITE              = 199
+	SYS_PCICONFIG_IOBASE             = 200
+	SYS_MULTIPLEXER                  = 201
+	SYS_GETDENTS64                   = 202
+	SYS_PIVOT_ROOT                   = 203
+	SYS_FCNTL64                      = 204
+	SYS_MADVISE                      = 205
+	SYS_MINCORE                      = 206
+	SYS_GETTID                       = 207
+	SYS_TKILL                        = 208
+	SYS_SETXATTR                     = 209
+	SYS_LSETXATTR                    = 210
+	SYS_FSETXATTR                    = 211
+	SYS_GETXATTR                     = 212
+	SYS_LGETXATTR                    = 213
+	SYS_FGETXATTR                    = 214
+	SYS_LISTXATTR                    = 215
+	SYS_LLISTXATTR                   = 216
+	SYS_FLISTXATTR                   = 217
+	SYS_REMOVEXATTR                  = 218
+	SYS_LREMOVEXATTR                 = 219
+	SYS_FREMOVEXATTR                 = 220
+	SYS_FUTEX                        = 221
+	SYS_SCHED_SETAFFINITY            = 222
+	SYS_SCHED_GETAFFINITY            = 223
+	SYS_TUXCALL                      = 225
+	SYS_SENDFILE64                   = 226
+	SYS_IO_SETUP                     = 227
+	SYS_IO_DESTROY                   = 228
+	SYS_IO_GETEVENTS                 = 229
+	SYS_IO_SUBMIT                    = 230
+	SYS_IO_CANCEL                    = 231
+	SYS_SET_TID_ADDRESS              = 232
+	SYS_FADVISE64                    = 233
+	SYS_EXIT_GROUP                   = 234
+	SYS_LOOKUP_DCOOKIE               = 235
+	SYS_EPOLL_CREATE                 = 236
+	SYS_EPOLL_CTL                    = 237
+	SYS_EPOLL_WAIT                   = 238
+	SYS_REMAP_FILE_PAGES             = 239
+	SYS_TIMER_CREATE                 = 240
+	SYS_TIMER_SETTIME                = 241
+	SYS_TIMER_GETTIME                = 242
+	SYS_TIMER_GETOVERRUN             = 243
+	SYS_TIMER_DELETE                 = 244
+	SYS_CLOCK_SETTIME                = 245
+	SYS_CLOCK_GETTIME                = 246
+	SYS_CLOCK_GETRES                 = 247
+	SYS_CLOCK_NANOSLEEP              = 248
+	SYS_SWAPCONTEXT                  = 249
+	SYS_TGKILL                       = 250
+	SYS_UTIMES                       = 251
+	SYS_STATFS64                     = 252
+	SYS_FSTATFS64                    = 253
+	SYS_FADVISE64_64                 = 254
+	SYS_RTAS                         = 255
+	SYS_SYS_DEBUG_SETCONTEXT         = 256
+	SYS_MIGRATE_PAGES                = 258
+	SYS_MBIND                        = 259
+	SYS_GET_MEMPOLICY                = 260
+	SYS_SET_MEMPOLICY                = 261
+	SYS_MQ_OPEN                      = 262
+	SYS_MQ_UNLINK                    = 263
+	SYS_MQ_TIMEDSEND                 = 264
+	SYS_MQ_TIMEDRECEIVE              = 265
+	SYS_MQ_NOTIFY                    = 266
+	SYS_MQ_GETSETATTR                = 267
+	SYS_KEXEC_LOAD                   = 268
+	SYS_ADD_KEY                      = 269
+	SYS_REQUEST_KEY                  = 270
+	SYS_KEYCTL                       = 271
+	SYS_WAITID                       = 272
+	SYS_IOPRIO_SET                   = 273
+	SYS_IOPRIO_GET                   = 274
+	SYS_INOTIFY_INIT                 = 275
+	SYS_INOTIFY_ADD_WATCH            = 276
+	SYS_INOTIFY_RM_WATCH             = 277
+	SYS_SPU_RUN                      = 278
+	SYS_SPU_CREATE                   = 279
+	SYS_PSELECT6                     = 280
+	SYS_PPOLL                        = 281
+	SYS_UNSHARE                      = 282
+	SYS_SPLICE                       = 283
+	SYS_TEE                          = 284
+	SYS_VMSPLICE                     = 285
+	SYS_OPENAT                       = 286
+	SYS_MKDIRAT                      = 287
+	SYS_MKNODAT                      = 288
+	SYS_FCHOWNAT                     = 289
+	SYS_FUTIMESAT                    = 290
+	SYS_FSTATAT64                    = 291
+	SYS_UNLINKAT                     = 292
+	SYS_RENAMEAT                     = 293
+	SYS_LINKAT                       = 294
+	SYS_SYMLINKAT                    = 295
+	SYS_READLINKAT                   = 296
+	SYS_FCHMODAT                     = 297
+	SYS_FACCESSAT                    = 298
+	SYS_GET_ROBUST_LIST              = 299
+	SYS_SET_ROBUST_LIST              = 300
+	SYS_MOVE_PAGES                   = 301
+	SYS_GETCPU                       = 302
+	SYS_EPOLL_PWAIT                  = 303
+	SYS_UTIMENSAT                    = 304
+	SYS_SIGNALFD                     = 305
+	SYS_TIMERFD_CREATE               = 306
+	SYS_EVENTFD                      = 307
+	SYS_SYNC_FILE_RANGE2             = 308
+	SYS_FALLOCATE                    = 309
+	SYS_SUBPAGE_PROT                 = 310
+	SYS_TIMERFD_SETTIME              = 311
+	SYS_TIMERFD_GETTIME              = 312
+	SYS_SIGNALFD4                    = 313
+	SYS_EVENTFD2                     = 314
+	SYS_EPOLL_CREATE1                = 315
+	SYS_DUP3                         = 316
+	SYS_PIPE2                        = 317
+	SYS_INOTIFY_INIT1                = 318
+	SYS_PERF_EVENT_OPEN              = 319
+	SYS_PREADV                       = 320
+	SYS_PWRITEV                      = 321
+	SYS_RT_TGSIGQUEUEINFO            = 322
+	SYS_FANOTIFY_INIT                = 323
+	SYS_FANOTIFY_MARK                = 324
+	SYS_PRLIMIT64                    = 325
+	SYS_SOCKET                       = 326
+	SYS_BIND                         = 327
+	SYS_CONNECT                      = 328
+	SYS_LISTEN                       = 329
+	SYS_ACCEPT                       = 330
+	SYS_GETSOCKNAME                  = 331
+	SYS_GETPEERNAME                  = 332
+	SYS_SOCKETPAIR                   = 333
+	SYS_SEND                         = 334
+	SYS_SENDTO                       = 335
+	SYS_RECV                         = 336
+	SYS_RECVFROM                     = 337
+	SYS_SHUTDOWN                     = 338
+	SYS_SETSOCKOPT                   = 339
+	SYS_GETSOCKOPT                   = 340
+	SYS_SENDMSG                      = 341
+	SYS_RECVMSG                      = 342
+	SYS_RECVMMSG                     = 343
+	SYS_ACCEPT4                      = 344
+	SYS_NAME_TO_HANDLE_AT            = 345
+	SYS_OPEN_BY_HANDLE_AT            = 346
+	SYS_CLOCK_ADJTIME                = 347
+	SYS_SYNCFS                       = 348
+	SYS_SENDMMSG                     = 349
+	SYS_SETNS                        = 350
+	SYS_PROCESS_VM_READV             = 351
+	SYS_PROCESS_VM_WRITEV            = 352
+	SYS_FINIT_MODULE                 = 353
+	SYS_KCMP                         = 354
+	SYS_SCHED_SETATTR                = 355
+	SYS_SCHED_GETATTR                = 356
+	SYS_RENAMEAT2                    = 357
+	SYS_SECCOMP                      = 358
+	SYS_GETRANDOM                    = 359
+	SYS_MEMFD_CREATE                 = 360
+	SYS_BPF                          = 361
+	SYS_EXECVEAT                     = 362
+	SYS_SWITCH_ENDIAN                = 363
+	SYS_USERFAULTFD                  = 364
+	SYS_MEMBARRIER                   = 365
+	SYS_MLOCK2                       = 378
+	SYS_COPY_FILE_RANGE              = 379
+	SYS_PREADV2                      = 380
+	SYS_PWRITEV2                     = 381
+	SYS_KEXEC_FILE_LOAD              = 382
+	SYS_STATX                        = 383
+	SYS_PKEY_ALLOC                   = 384
+	SYS_PKEY_FREE                    = 385
+	SYS_PKEY_MPROTECT                = 386
+	SYS_RSEQ                         = 387
+	SYS_IO_PGETEVENTS                = 388
+	SYS_SEMGET                       = 393
+	SYS_SEMCTL                       = 394
+	SYS_SHMGET                       = 395
+	SYS_SHMCTL                       = 396
+	SYS_SHMAT                        = 397
+	SYS_SHMDT                        = 398
+	SYS_MSGGET                       = 399
+	SYS_MSGSND                       = 400
+	SYS_MSGRCV                       = 401
+	SYS_MSGCTL                       = 402
+	SYS_CLOCK_GETTIME64              = 403
+	SYS_CLOCK_SETTIME64              = 404
+	SYS_CLOCK_ADJTIME64              = 405
+	SYS_CLOCK_GETRES_TIME64          = 406
+	SYS_CLOCK_NANOSLEEP_TIME64       = 407
+	SYS_TIMER_GETTIME64              = 408
+	SYS_TIMER_SETTIME64              = 409
+	SYS_TIMERFD_GETTIME64            = 410
+	SYS_TIMERFD_SETTIME64            = 411
+	SYS_UTIMENSAT_TIME64             = 412
+	SYS_PSELECT6_TIME64              = 413
+	SYS_PPOLL_TIME64                 = 414
+	SYS_IO_PGETEVENTS_TIME64         = 416
+	SYS_RECVMMSG_TIME64              = 417
+	SYS_MQ_TIMEDSEND_TIME64          = 418
+	SYS_MQ_TIMEDRECEIVE_TIME64       = 419
+	SYS_SEMTIMEDOP_TIME64            = 420
+	SYS_RT_SIGTIMEDWAIT_TIME64       = 421
+	SYS_FUTEX_TIME64                 = 422
+	SYS_SCHED_RR_GET_INTERVAL_TIME64 = 423
+	SYS_PIDFD_SEND_SIGNAL            = 424
+	SYS_IO_URING_SETUP               = 425
+	SYS_IO_URING_ENTER               = 426
+	SYS_IO_URING_REGISTER            = 427
+	SYS_OPEN_TREE                    = 428
+	SYS_MOVE_MOUNT                   = 429
+	SYS_FSOPEN                       = 430
+	SYS_FSCONFIG                     = 431
+	SYS_FSMOUNT                      = 432
+	SYS_FSPICK                       = 433
+	SYS_PIDFD_OPEN                   = 434
+	SYS_CLONE3                       = 435
+	SYS_CLOSE_RANGE                  = 436
+	SYS_OPENAT2                      = 437
+	SYS_PIDFD_GETFD                  = 438
+	SYS_FACCESSAT2                   = 439
+	SYS_PROCESS_MADVISE              = 440
+	SYS_EPOLL_PWAIT2                 = 441
+)
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux.go b/vendor/golang.org/x/sys/unix/ztypes_linux.go
index c769e73cd6..3bfc6f7323 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux.go
@@ -3698,6 +3698,21 @@ const (
 	ETHTOOL_A_TUNNEL_INFO_MAX                 = 0x2
 )
 
+type EthtoolDrvinfo struct {
+	Cmd          uint32
+	Driver       [32]byte
+	Version      [32]byte
+	Fw_version   [32]byte
+	Bus_info     [32]byte
+	Erom_version [32]byte
+	Reserved2    [12]byte
+	N_priv_flags uint32
+	N_stats      uint32
+	Testinfo_len uint32
+	Eedump_len   uint32
+	Regdump_len  uint32
+}
+
 type (
 	HIDRawReportDescriptor struct {
 		Size  uint32
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go
new file mode 100644
index 0000000000..af7a72017e
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go
@@ -0,0 +1,627 @@
+// cgo -godefs -- -Wall -Werror -static -I/tmp/include /build/linux/types.go | go run mkpost.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+//go:build ppc && linux
+// +build ppc,linux
+
+package unix
+
+const (
+	SizeofPtr  = 0x4
+	SizeofLong = 0x4
+)
+
+type (
+	_C_long int32
+)
+
+type Timespec struct {
+	Sec  int32
+	Nsec int32
+}
+
+type Timeval struct {
+	Sec  int32
+	Usec int32
+}
+
+type Timex struct {
+	Modes     uint32
+	Offset    int32
+	Freq      int32
+	Maxerror  int32
+	Esterror  int32
+	Status    int32
+	Constant  int32
+	Precision int32
+	Tolerance int32
+	Time      Timeval
+	Tick      int32
+	Ppsfreq   int32
+	Jitter    int32
+	Shift     int32
+	Stabil    int32
+	Jitcnt    int32
+	Calcnt    int32
+	Errcnt    int32
+	Stbcnt    int32
+	Tai       int32
+	_         [44]byte
+}
+
+type Time_t int32
+
+type Tms struct {
+	Utime  int32
+	Stime  int32
+	Cutime int32
+	Cstime int32
+}
+
+type Utimbuf struct {
+	Actime  int32
+	Modtime int32
+}
+
+type Rusage struct {
+	Utime    Timeval
+	Stime    Timeval
+	Maxrss   int32
+	Ixrss    int32
+	Idrss    int32
+	Isrss    int32
+	Minflt   int32
+	Majflt   int32
+	Nswap    int32
+	Inblock  int32
+	Oublock  int32
+	Msgsnd   int32
+	Msgrcv   int32
+	Nsignals int32
+	Nvcsw    int32
+	Nivcsw   int32
+}
+
+type Stat_t struct {
+	Dev     uint64
+	Ino     uint64
+	Mode    uint32
+	Nlink   uint32
+	Uid     uint32
+	Gid     uint32
+	Rdev    uint64
+	_       uint16
+	_       [4]byte
+	Size    int64
+	Blksize int32
+	_       [4]byte
+	Blocks  int64
+	Atim    Timespec
+	Mtim    Timespec
+	Ctim    Timespec
+	_       uint32
+	_       uint32
+}
+
+type Dirent struct {
+	Ino    uint64
+	Off    int64
+	Reclen uint16
+	Type   uint8
+	Name   [256]uint8
+	_      [5]byte
+}
+
+type Flock_t struct {
+	Type   int16
+	Whence int16
+	_      [4]byte
+	Start  int64
+	Len    int64
+	Pid    int32
+	_      [4]byte
+}
+
+type DmNameList struct {
+	Dev  uint64
+	Next uint32
+	Name [0]byte
+	_    [4]byte
+}
+
+const (
+	FADV_DONTNEED = 0x4
+	FADV_NOREUSE  = 0x5
+)
+
+type RawSockaddr struct {
+	Family uint16
+	Data   [14]uint8
+}
+
+type RawSockaddrAny struct {
+	Addr RawSockaddr
+	Pad  [96]uint8
+}
+
+type Iovec struct {
+	Base *byte
+	Len  uint32
+}
+
+type Msghdr struct {
+	Name       *byte
+	Namelen    uint32
+	Iov        *Iovec
+	Iovlen     uint32
+	Control    *byte
+	Controllen uint32
+	Flags      int32
+}
+
+type Cmsghdr struct {
+	Len   uint32
+	Level int32
+	Type  int32
+}
+
+const (
+	SizeofIovec   = 0x8
+	SizeofMsghdr  = 0x1c
+	SizeofCmsghdr = 0xc
+)
+
+const (
+	SizeofSockFprog = 0x8
+)
+
+type PtraceRegs struct {
+	Gpr       [32]uint32
+	Nip       uint32
+	Msr       uint32
+	Orig_gpr3 uint32
+	Ctr       uint32
+	Link      uint32
+	Xer       uint32
+	Ccr       uint32
+	Mq        uint32
+	Trap      uint32
+	Dar       uint32
+	Dsisr     uint32
+	Result    uint32
+}
+
+type FdSet struct {
+	Bits [32]int32
+}
+
+type Sysinfo_t struct {
+	Uptime    int32
+	Loads     [3]uint32
+	Totalram  uint32
+	Freeram   uint32
+	Sharedram uint32
+	Bufferram uint32
+	Totalswap uint32
+	Freeswap  uint32
+	Procs     uint16
+	Pad       uint16
+	Totalhigh uint32
+	Freehigh  uint32
+	Unit      uint32
+	_         [8]uint8
+}
+
+type Ustat_t struct {
+	Tfree  int32
+	Tinode uint32
+	Fname  [6]uint8
+	Fpack  [6]uint8
+}
+
+type EpollEvent struct {
+	Events uint32
+	_      int32
+	Fd     int32
+	Pad    int32
+}
+
+const (
+	POLLRDHUP = 0x2000
+)
+
+type Sigset_t struct {
+	Val [32]uint32
+}
+
+const _C__NSIG = 0x41
+
+type Termios struct {
+	Iflag  uint32
+	Oflag  uint32
+	Cflag  uint32
+	Lflag  uint32
+	Cc     [19]uint8
+	Line   uint8
+	Ispeed uint32
+	Ospeed uint32
+}
+
+type Taskstats struct {
+	Version                   uint16
+	Ac_exitcode               uint32
+	Ac_flag                   uint8
+	Ac_nice                   uint8
+	_                         [4]byte
+	Cpu_count                 uint64
+	Cpu_delay_total           uint64
+	Blkio_count               uint64
+	Blkio_delay_total         uint64
+	Swapin_count              uint64
+	Swapin_delay_total        uint64
+	Cpu_run_real_total        uint64
+	Cpu_run_virtual_total     uint64
+	Ac_comm                   [32]uint8
+	Ac_sched                  uint8
+	Ac_pad                    [3]uint8
+	_                         [4]byte
+	Ac_uid                    uint32
+	Ac_gid                    uint32
+	Ac_pid                    uint32
+	Ac_ppid                   uint32
+	Ac_btime                  uint32
+	_                         [4]byte
+	Ac_etime                  uint64
+	Ac_utime                  uint64
+	Ac_stime                  uint64
+	Ac_minflt                 uint64
+	Ac_majflt                 uint64
+	Coremem                   uint64
+	Virtmem                   uint64
+	Hiwater_rss               uint64
+	Hiwater_vm                uint64
+	Read_char                 uint64
+	Write_char                uint64
+	Read_syscalls             uint64
+	Write_syscalls            uint64
+	Read_bytes                uint64
+	Write_bytes               uint64
+	Cancelled_write_bytes     uint64
+	Nvcsw                     uint64
+	Nivcsw                    uint64
+	Ac_utimescaled            uint64
+	Ac_stimescaled            uint64
+	Cpu_scaled_run_real_total uint64
+	Freepages_count           uint64
+	Freepages_delay_total     uint64
+	Thrashing_count           uint64
+	Thrashing_delay_total     uint64
+	Ac_btime64                uint64
+}
+
+type cpuMask uint32
+
+const (
+	_NCPUBITS = 0x20
+)
+
+const (
+	CBitFieldMaskBit0  = 0x8000000000000000
+	CBitFieldMaskBit1  = 0x4000000000000000
+	CBitFieldMaskBit2  = 0x2000000000000000
+	CBitFieldMaskBit3  = 0x1000000000000000
+	CBitFieldMaskBit4  = 0x800000000000000
+	CBitFieldMaskBit5  = 0x400000000000000
+	CBitFieldMaskBit6  = 0x200000000000000
+	CBitFieldMaskBit7  = 0x100000000000000
+	CBitFieldMaskBit8  = 0x80000000000000
+	CBitFieldMaskBit9  = 0x40000000000000
+	CBitFieldMaskBit10 = 0x20000000000000
+	CBitFieldMaskBit11 = 0x10000000000000
+	CBitFieldMaskBit12 = 0x8000000000000
+	CBitFieldMaskBit13 = 0x4000000000000
+	CBitFieldMaskBit14 = 0x2000000000000
+	CBitFieldMaskBit15 = 0x1000000000000
+	CBitFieldMaskBit16 = 0x800000000000
+	CBitFieldMaskBit17 = 0x400000000000
+	CBitFieldMaskBit18 = 0x200000000000
+	CBitFieldMaskBit19 = 0x100000000000
+	CBitFieldMaskBit20 = 0x80000000000
+	CBitFieldMaskBit21 = 0x40000000000
+	CBitFieldMaskBit22 = 0x20000000000
+	CBitFieldMaskBit23 = 0x10000000000
+	CBitFieldMaskBit24 = 0x8000000000
+	CBitFieldMaskBit25 = 0x4000000000
+	CBitFieldMaskBit26 = 0x2000000000
+	CBitFieldMaskBit27 = 0x1000000000
+	CBitFieldMaskBit28 = 0x800000000
+	CBitFieldMaskBit29 = 0x400000000
+	CBitFieldMaskBit30 = 0x200000000
+	CBitFieldMaskBit31 = 0x100000000
+	CBitFieldMaskBit32 = 0x80000000
+	CBitFieldMaskBit33 = 0x40000000
+	CBitFieldMaskBit34 = 0x20000000
+	CBitFieldMaskBit35 = 0x10000000
+	CBitFieldMaskBit36 = 0x8000000
+	CBitFieldMaskBit37 = 0x4000000
+	CBitFieldMaskBit38 = 0x2000000
+	CBitFieldMaskBit39 = 0x1000000
+	CBitFieldMaskBit40 = 0x800000
+	CBitFieldMaskBit41 = 0x400000
+	CBitFieldMaskBit42 = 0x200000
+	CBitFieldMaskBit43 = 0x100000
+	CBitFieldMaskBit44 = 0x80000
+	CBitFieldMaskBit45 = 0x40000
+	CBitFieldMaskBit46 = 0x20000
+	CBitFieldMaskBit47 = 0x10000
+	CBitFieldMaskBit48 = 0x8000
+	CBitFieldMaskBit49 = 0x4000
+	CBitFieldMaskBit50 = 0x2000
+	CBitFieldMaskBit51 = 0x1000
+	CBitFieldMaskBit52 = 0x800
+	CBitFieldMaskBit53 = 0x400
+	CBitFieldMaskBit54 = 0x200
+	CBitFieldMaskBit55 = 0x100
+	CBitFieldMaskBit56 = 0x80
+	CBitFieldMaskBit57 = 0x40
+	CBitFieldMaskBit58 = 0x20
+	CBitFieldMaskBit59 = 0x10
+	CBitFieldMaskBit60 = 0x8
+	CBitFieldMaskBit61 = 0x4
+	CBitFieldMaskBit62 = 0x2
+	CBitFieldMaskBit63 = 0x1
+)
+
+type SockaddrStorage struct {
+	Family uint16
+	_      [122]uint8
+	_      uint32
+}
+
+type HDGeometry struct {
+	Heads     uint8
+	Sectors   uint8
+	Cylinders uint16
+	Start     uint32
+}
+
+type Statfs_t struct {
+	Type    int32
+	Bsize   int32
+	Blocks  uint64
+	Bfree   uint64
+	Bavail  uint64
+	Files   uint64
+	Ffree   uint64
+	Fsid    Fsid
+	Namelen int32
+	Frsize  int32
+	Flags   int32
+	Spare   [4]int32
+	_       [4]byte
+}
+
+type TpacketHdr struct {
+	Status  uint32
+	Len     uint32
+	Snaplen uint32
+	Mac     uint16
+	Net     uint16
+	Sec     uint32
+	Usec    uint32
+}
+
+const (
+	SizeofTpacketHdr = 0x18
+)
+
+type RTCPLLInfo struct {
+	Ctrl    int32
+	Value   int32
+	Max     int32
+	Min     int32
+	Posmult int32
+	Negmult int32
+	Clock   int32
+}
+
+type BlkpgPartition struct {
+	Start   int64
+	Length  int64
+	Pno     int32
+	Devname [64]uint8
+	Volname [64]uint8
+	_       [4]byte
+}
+
+const (
+	BLKPG = 0x20001269
+)
+
+type XDPUmemReg struct {
+	Addr     uint64
+	Len      uint64
+	Size     uint32
+	Headroom uint32
+	Flags    uint32
+	_        [4]byte
+}
+
+type CryptoUserAlg struct {
+	Name        [64]uint8
+	Driver_name [64]uint8
+	Module_name [64]uint8
+	Type        uint32
+	Mask        uint32
+	Refcnt      uint32
+	Flags       uint32
+}
+
+type CryptoStatAEAD struct {
+	Type         [64]uint8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Err_cnt      uint64
+}
+
+type CryptoStatAKCipher struct {
+	Type         [64]uint8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Verify_cnt   uint64
+	Sign_cnt     uint64
+	Err_cnt      uint64
+}
+
+type CryptoStatCipher struct {
+	Type         [64]uint8
+	Encrypt_cnt  uint64
+	Encrypt_tlen uint64
+	Decrypt_cnt  uint64
+	Decrypt_tlen uint64
+	Err_cnt      uint64
+}
+
+type CryptoStatCompress struct {
+	Type            [64]uint8
+	Compress_cnt    uint64
+	Compress_tlen   uint64
+	Decompress_cnt  uint64
+	Decompress_tlen uint64
+	Err_cnt         uint64
+}
+
+type CryptoStatHash struct {
+	Type      [64]uint8
+	Hash_cnt  uint64
+	Hash_tlen uint64
+	Err_cnt   uint64
+}
+
+type CryptoStatKPP struct {
+	Type                      [64]uint8
+	Setsecret_cnt             uint64
+	Generate_public_key_cnt   uint64
+	Compute_shared_secret_cnt uint64
+	Err_cnt                   uint64
+}
+
+type CryptoStatRNG struct {
+	Type          [64]uint8
+	Generate_cnt  uint64
+	Generate_tlen uint64
+	Seed_cnt      uint64
+	Err_cnt       uint64
+}
+
+type CryptoStatLarval struct {
+	Type [64]uint8
+}
+
+type CryptoReportLarval struct {
+	Type [64]uint8
+}
+
+type CryptoReportHash struct {
+	Type       [64]uint8
+	Blocksize  uint32
+	Digestsize uint32
+}
+
+type CryptoReportCipher struct {
+	Type        [64]uint8
+	Blocksize   uint32
+	Min_keysize uint32
+	Max_keysize uint32
+}
+
+type CryptoReportBlkCipher struct {
+	Type        [64]uint8
+	Geniv       [64]uint8
+	Blocksize   uint32
+	Min_keysize uint32
+	Max_keysize uint32
+	Ivsize      uint32
+}
+
+type CryptoReportAEAD struct {
+	Type        [64]uint8
+	Geniv       [64]uint8
+	Blocksize   uint32
+	Maxauthsize uint32
+	Ivsize      uint32
+}
+
+type CryptoReportComp struct {
+	Type [64]uint8
+}
+
+type CryptoReportRNG struct {
+	Type     [64]uint8
+	Seedsize uint32
+}
+
+type CryptoReportAKCipher struct {
+	Type [64]uint8
+}
+
+type CryptoReportKPP struct {
+	Type [64]uint8
+}
+
+type CryptoReportAcomp struct {
+	Type [64]uint8
+}
+
+type LoopInfo struct {
+	Number           int32
+	Device           uint32
+	Inode            uint32
+	Rdevice          uint32
+	Offset           int32
+	Encrypt_type     int32
+	Encrypt_key_size int32
+	Flags            int32
+	Name             [64]uint8
+	Encrypt_key      [32]uint8
+	Init             [2]uint32
+	Reserved         [4]uint8
+}
+
+type TIPCSubscr struct {
+	Seq     TIPCServiceRange
+	Timeout uint32
+	Filter  uint32
+	Handle  [8]uint8
+}
+
+type TIPCSIOCLNReq struct {
+	Peer     uint32
+	Id       uint32
+	Linkname [68]uint8
+}
+
+type TIPCSIOCNodeIDReq struct {
+	Peer uint32
+	Id   [16]uint8
+}
+
+type PPSKInfo struct {
+	Assert_sequence uint32
+	Clear_sequence  uint32
+	Assert_tu       PPSKTime
+	Clear_tu        PPSKTime
+	Current_mode    int32
+	_               [4]byte
+}
+
+const (
+	PPS_GETPARAMS = 0x400470a1
+	PPS_SETPARAMS = 0x800470a2
+	PPS_GETCAP    = 0x400470a3
+	PPS_FETCH     = 0xc00470a4
+)
diff --git a/vendor/golang.org/x/sys/windows/security_windows.go b/vendor/golang.org/x/sys/windows/security_windows.go
index 0e428ecbbd..111c10d3a7 100644
--- a/vendor/golang.org/x/sys/windows/security_windows.go
+++ b/vendor/golang.org/x/sys/windows/security_windows.go
@@ -1334,7 +1334,11 @@ func (absoluteSD *SECURITY_DESCRIPTOR) ToSelfRelative() (selfRelativeSD *SECURIT
 }
 
 func (selfRelativeSD *SECURITY_DESCRIPTOR) copySelfRelativeSecurityDescriptor() *SECURITY_DESCRIPTOR {
-	sdLen := (int)(selfRelativeSD.Length())
+	sdLen := int(selfRelativeSD.Length())
+	const min = int(unsafe.Sizeof(SECURITY_DESCRIPTOR{}))
+	if sdLen < min {
+		sdLen = min
+	}
 
 	var src []byte
 	h := (*unsafeheader.Slice)(unsafe.Pointer(&src))
@@ -1342,7 +1346,15 @@ func (selfRelativeSD *SECURITY_DESCRIPTOR) copySelfRelativeSecurityDescriptor()
 	h.Len = sdLen
 	h.Cap = sdLen
 
-	dst := make([]byte, sdLen)
+	const psize = int(unsafe.Sizeof(uintptr(0)))
+
+	var dst []byte
+	h = (*unsafeheader.Slice)(unsafe.Pointer(&dst))
+	alloc := make([]uintptr, (sdLen+psize-1)/psize)
+	h.Data = (*unsafeheader.Slice)(unsafe.Pointer(&alloc)).Data
+	h.Len = sdLen
+	h.Cap = sdLen
+
 	copy(dst, src)
 	return (*SECURITY_DESCRIPTOR)(unsafe.Pointer(&dst[0]))
 }
diff --git a/vendor/golang.org/x/text/internal/language/language.go b/vendor/golang.org/x/text/internal/language/language.go
index 1e74d1affd..f41aedcfc8 100644
--- a/vendor/golang.org/x/text/internal/language/language.go
+++ b/vendor/golang.org/x/text/internal/language/language.go
@@ -303,9 +303,17 @@ func (t Tag) Extensions() []string {
 // are of the allowed values defined for the Unicode locale extension ('u') in
 // https://www.unicode.org/reports/tr35/#Unicode_Language_and_Locale_Identifiers.
 // TypeForKey will traverse the inheritance chain to get the correct value.
+//
+// If there are multiple types associated with a key, only the first will be
+// returned. If there is no type associated with a key, it returns the empty
+// string.
 func (t Tag) TypeForKey(key string) string {
-	if start, end, _ := t.findTypeForKey(key); end != start {
-		return t.str[start:end]
+	if _, start, end, _ := t.findTypeForKey(key); end != start {
+		s := t.str[start:end]
+		if p := strings.IndexByte(s, '-'); p >= 0 {
+			s = s[:p]
+		}
+		return s
 	}
 	return ""
 }
@@ -329,13 +337,13 @@ func (t Tag) SetTypeForKey(key, value string) (Tag, error) {
 
 	// Remove the setting if value is "".
 	if value == "" {
-		start, end, _ := t.findTypeForKey(key)
-		if start != end {
-			// Remove key tag and leading '-'.
-			start -= 4
-
+		start, sep, end, _ := t.findTypeForKey(key)
+		if start != sep {
 			// Remove a possible empty extension.
-			if (end == len(t.str) || t.str[end+2] == '-') && t.str[start-2] == '-' {
+			switch {
+			case t.str[start-2] != '-': // has previous elements.
+			case end == len(t.str), // end of string
+				end+2 < len(t.str) && t.str[end+2] == '-': // end of extension
 				start -= 2
 			}
 			if start == int(t.pVariant) && end == len(t.str) {
@@ -381,14 +389,14 @@ func (t Tag) SetTypeForKey(key, value string) (Tag, error) {
 		t.str = string(buf[:uStart+len(b)])
 	} else {
 		s := t.str
-		start, end, hasExt := t.findTypeForKey(key)
-		if start == end {
+		start, sep, end, hasExt := t.findTypeForKey(key)
+		if start == sep {
 			if hasExt {
 				b = b[2:]
 			}
-			t.str = fmt.Sprintf("%s-%s%s", s[:start], b, s[end:])
+			t.str = fmt.Sprintf("%s-%s%s", s[:sep], b, s[end:])
 		} else {
-			t.str = fmt.Sprintf("%s%s%s", s[:start], value, s[end:])
+			t.str = fmt.Sprintf("%s-%s%s", s[:start+3], value, s[end:])
 		}
 	}
 	return t, nil
@@ -399,10 +407,10 @@ func (t Tag) SetTypeForKey(key, value string) (Tag, error) {
 // wasn't found. The hasExt return value reports whether an -u extension was present.
 // Note: the extensions are typically very small and are likely to contain
 // only one key-type pair.
-func (t Tag) findTypeForKey(key string) (start, end int, hasExt bool) {
+func (t Tag) findTypeForKey(key string) (start, sep, end int, hasExt bool) {
 	p := int(t.pExt)
 	if len(key) != 2 || p == len(t.str) || p == 0 {
-		return p, p, false
+		return p, p, p, false
 	}
 	s := t.str
 
@@ -410,10 +418,10 @@ func (t Tag) findTypeForKey(key string) (start, end int, hasExt bool) {
 	for p++; s[p] != 'u'; p++ {
 		if s[p] > 'u' {
 			p--
-			return p, p, false
+			return p, p, p, false
 		}
 		if p = nextExtension(s, p); p == len(s) {
-			return len(s), len(s), false
+			return len(s), len(s), len(s), false
 		}
 	}
 	// Proceed to the hyphen following the extension name.
@@ -424,40 +432,28 @@ func (t Tag) findTypeForKey(key string) (start, end int, hasExt bool) {
 
 	// Iterate over keys until we get the end of a section.
 	for {
-		// p points to the hyphen preceding the current token.
-		if p3 := p + 3; s[p3] == '-' {
-			// Found a key.
-			// Check whether we just processed the key that was requested.
-			if curKey == key {
-				return start, p, true
+		end = p
+		for p++; p < len(s) && s[p] != '-'; p++ {
+		}
+		n := p - end - 1
+		if n <= 2 && curKey == key {
+			if sep < end {
+				sep++
 			}
-			// Set to the next key and continue scanning type tokens.
-			curKey = s[p+1 : p3]
+			return start, sep, end, true
+		}
+		switch n {
+		case 0, // invalid string
+			1: // next extension
+			return end, end, end, true
+		case 2:
+			// next key
+			curKey = s[end+1 : p]
 			if curKey > key {
-				return p, p, true
+				return end, end, end, true
 			}
-			// Start of the type token sequence.
-			start = p + 4
-			// A type is at least 3 characters long.
-			p += 7 // 4 + 3
-		} else {
-			// Attribute or type, which is at least 3 characters long.
-			p += 4
-		}
-		// p points past the third character of a type or attribute.
-		max := p + 5 // maximum length of token plus hyphen.
-		if len(s) < max {
-			max = len(s)
-		}
-		for ; p < max && s[p] != '-'; p++ {
-		}
-		// Bail if we have exhausted all tokens or if the next token starts
-		// a new extension.
-		if p == len(s) || s[p+2] == '-' {
-			if curKey == key {
-				return start, p, true
-			}
-			return p, p, true
+			start = end
+			sep = p
 		}
 	}
 }
diff --git a/vendor/golang.org/x/text/internal/language/parse.go b/vendor/golang.org/x/text/internal/language/parse.go
index a2fdad89db..c696fd0bd8 100644
--- a/vendor/golang.org/x/text/internal/language/parse.go
+++ b/vendor/golang.org/x/text/internal/language/parse.go
@@ -138,7 +138,7 @@ func (s *scanner) resizeRange(oldStart, oldEnd, newSize int) {
 			b = make([]byte, n)
 			copy(b, s.b[:oldStart])
 		} else {
-			b = s.b[:n:n]
+			b = s.b[:n]
 		}
 		copy(b[end:], s.b[oldEnd:])
 		s.b = b
@@ -483,7 +483,7 @@ func parseExtensions(scan *scanner) int {
 func parseExtension(scan *scanner) int {
 	start, end := scan.start, scan.end
 	switch scan.token[0] {
-	case 'u':
+	case 'u': // https://www.ietf.org/rfc/rfc6067.txt
 		attrStart := end
 		scan.scan()
 		for last := []byte{}; len(scan.token) > 2; scan.scan() {
@@ -503,27 +503,29 @@ func parseExtension(scan *scanner) int {
 			last = scan.token
 			end = scan.end
 		}
+		// Scan key-type sequences. A key is of length 2 and may be followed
+		// by 0 or more "type" subtags from 3 to the maximum of 8 letters.
 		var last, key []byte
 		for attrEnd := end; len(scan.token) == 2; last = key {
 			key = scan.token
-			keyEnd := scan.end
-			end = scan.acceptMinSize(3)
+			end = scan.end
+			for scan.scan(); end < scan.end && len(scan.token) > 2; scan.scan() {
+				end = scan.end
+			}
 			// TODO: check key value validity
-			if keyEnd == end || bytes.Compare(key, last) != 1 {
+			if bytes.Compare(key, last) != 1 || scan.err != nil {
 				// We have an invalid key or the keys are not sorted.
 				// Start scanning keys from scratch and reorder.
 				p := attrEnd + 1
 				scan.next = p
 				keys := [][]byte{}
 				for scan.scan(); len(scan.token) == 2; {
-					keyStart, keyEnd := scan.start, scan.end
-					end = scan.acceptMinSize(3)
-					if keyEnd != end {
-						keys = append(keys, scan.b[keyStart:end])
-					} else {
-						scan.setError(ErrSyntax)
-						end = keyStart
+					keyStart := scan.start
+					end = scan.end
+					for scan.scan(); end < scan.end && len(scan.token) > 2; scan.scan() {
+						end = scan.end
 					}
+					keys = append(keys, scan.b[keyStart:end])
 				}
 				sort.Stable(bytesSort{keys, 2})
 				if n := len(keys); n > 0 {
@@ -547,7 +549,7 @@ func parseExtension(scan *scanner) int {
 				break
 			}
 		}
-	case 't':
+	case 't': // https://www.ietf.org/rfc/rfc6497.txt
 		scan.scan()
 		if n := len(scan.token); n >= 2 && n <= 3 && isAlpha(scan.token[1]) {
 			_, end = parseTag(scan)
diff --git a/vendor/golang.org/x/text/language/go1_1.go b/vendor/golang.org/x/text/language/go1_1.go
index 380f4c09f7..c7435583b5 100644
--- a/vendor/golang.org/x/text/language/go1_1.go
+++ b/vendor/golang.org/x/text/language/go1_1.go
@@ -2,6 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build !go1.2
 // +build !go1.2
 
 package language
diff --git a/vendor/golang.org/x/text/language/go1_2.go b/vendor/golang.org/x/text/language/go1_2.go
index 38268c57a3..77aaaa299e 100644
--- a/vendor/golang.org/x/text/language/go1_2.go
+++ b/vendor/golang.org/x/text/language/go1_2.go
@@ -2,6 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build go1.2
 // +build go1.2
 
 package language
diff --git a/vendor/golang.org/x/text/language/language.go b/vendor/golang.org/x/text/language/language.go
index abfa17f66d..289b3a36d5 100644
--- a/vendor/golang.org/x/text/language/language.go
+++ b/vendor/golang.org/x/text/language/language.go
@@ -412,6 +412,10 @@ func (t Tag) Extensions() []Extension {
 // are of the allowed values defined for the Unicode locale extension ('u') in
 // https://www.unicode.org/reports/tr35/#Unicode_Language_and_Locale_Identifiers.
 // TypeForKey will traverse the inheritance chain to get the correct value.
+//
+// If there are multiple types associated with a key, only the first will be
+// returned. If there is no type associated with a key, it returns the empty
+// string.
 func (t Tag) TypeForKey(key string) string {
 	if !compact.Tag(t).MayHaveExtensions() {
 		if key != "rg" && key != "va" {
diff --git a/vendor/golang.org/x/text/language/tables.go b/vendor/golang.org/x/text/language/tables.go
index 87e58a02a0..96b57f610a 100644
--- a/vendor/golang.org/x/text/language/tables.go
+++ b/vendor/golang.org/x/text/language/tables.go
@@ -47,7 +47,7 @@ const (
 	_Zzzz = 251
 )
 
-var regionToGroups = []uint8{ // 357 elements
+var regionToGroups = []uint8{ // 358 elements
 	// Entry 0 - 3F
 	0x00, 0x00, 0x00, 0x04, 0x04, 0x00, 0x00, 0x04,
 	0x00, 0x00, 0x00, 0x00, 0x04, 0x04, 0x04, 0x00,
@@ -98,8 +98,8 @@ var regionToGroups = []uint8{ // 357 elements
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-	0x00, 0x00, 0x00, 0x00, 0x00,
-} // Size: 381 bytes
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+} // Size: 382 bytes
 
 var paradigmLocales = [][3]uint16{ // 3 elements
 	0: [3]uint16{0x139, 0x0, 0x7b},
@@ -295,4 +295,4 @@ var matchRegion = []regionIntelligibility{ // 15 elements
 	14: {lang: 0x529, script: 0x3c, group: 0x80, distance: 0x5},
 } // Size: 114 bytes
 
-// Total table size 1471 bytes (1KiB); checksum: 4CB1CD46
+// Total table size 1472 bytes (1KiB); checksum: F86C669
diff --git a/vendor/golang.org/x/text/secure/bidirule/bidirule10.0.0.go b/vendor/golang.org/x/text/secure/bidirule/bidirule10.0.0.go
index e4c62289f9..8a7392c4a1 100644
--- a/vendor/golang.org/x/text/secure/bidirule/bidirule10.0.0.go
+++ b/vendor/golang.org/x/text/secure/bidirule/bidirule10.0.0.go
@@ -2,6 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build go1.10
 // +build go1.10
 
 package bidirule
diff --git a/vendor/golang.org/x/text/secure/bidirule/bidirule9.0.0.go b/vendor/golang.org/x/text/secure/bidirule/bidirule9.0.0.go
index 02b9e1e9d4..bb0a920018 100644
--- a/vendor/golang.org/x/text/secure/bidirule/bidirule9.0.0.go
+++ b/vendor/golang.org/x/text/secure/bidirule/bidirule9.0.0.go
@@ -2,6 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build !go1.10
 // +build !go1.10
 
 package bidirule
diff --git a/vendor/golang.org/x/text/unicode/bidi/tables10.0.0.go b/vendor/golang.org/x/text/unicode/bidi/tables10.0.0.go
index d8c94e1bd1..42fa8d72ce 100644
--- a/vendor/golang.org/x/text/unicode/bidi/tables10.0.0.go
+++ b/vendor/golang.org/x/text/unicode/bidi/tables10.0.0.go
@@ -1,5 +1,6 @@
 // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
 
+//go:build go1.10 && !go1.13
 // +build go1.10,!go1.13
 
 package bidi
diff --git a/vendor/golang.org/x/text/unicode/bidi/tables11.0.0.go b/vendor/golang.org/x/text/unicode/bidi/tables11.0.0.go
index 16b11db538..56a0e1ea21 100644
--- a/vendor/golang.org/x/text/unicode/bidi/tables11.0.0.go
+++ b/vendor/golang.org/x/text/unicode/bidi/tables11.0.0.go
@@ -1,5 +1,6 @@
 // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
 
+//go:build go1.13 && !go1.14
 // +build go1.13,!go1.14
 
 package bidi
diff --git a/vendor/golang.org/x/text/unicode/bidi/tables12.0.0.go b/vendor/golang.org/x/text/unicode/bidi/tables12.0.0.go
index 647f2d4279..baacf32b43 100644
--- a/vendor/golang.org/x/text/unicode/bidi/tables12.0.0.go
+++ b/vendor/golang.org/x/text/unicode/bidi/tables12.0.0.go
@@ -1,5 +1,6 @@
 // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
 
+//go:build go1.14 && !go1.16
 // +build go1.14,!go1.16
 
 package bidi
diff --git a/vendor/golang.org/x/text/unicode/bidi/tables13.0.0.go b/vendor/golang.org/x/text/unicode/bidi/tables13.0.0.go
index c937d0976f..f248effae1 100644
--- a/vendor/golang.org/x/text/unicode/bidi/tables13.0.0.go
+++ b/vendor/golang.org/x/text/unicode/bidi/tables13.0.0.go
@@ -1,5 +1,6 @@
 // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
 
+//go:build go1.16
 // +build go1.16
 
 package bidi
diff --git a/vendor/golang.org/x/text/unicode/bidi/tables9.0.0.go b/vendor/golang.org/x/text/unicode/bidi/tables9.0.0.go
index 0ca0193ebe..f517fdb202 100644
--- a/vendor/golang.org/x/text/unicode/bidi/tables9.0.0.go
+++ b/vendor/golang.org/x/text/unicode/bidi/tables9.0.0.go
@@ -1,5 +1,6 @@
 // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
 
+//go:build !go1.10
 // +build !go1.10
 
 package bidi
diff --git a/vendor/golang.org/x/text/unicode/norm/tables10.0.0.go b/vendor/golang.org/x/text/unicode/norm/tables10.0.0.go
index 26fbd55a12..f5a0788277 100644
--- a/vendor/golang.org/x/text/unicode/norm/tables10.0.0.go
+++ b/vendor/golang.org/x/text/unicode/norm/tables10.0.0.go
@@ -1,5 +1,6 @@
 // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
 
+//go:build go1.10 && !go1.13
 // +build go1.10,!go1.13
 
 package norm
diff --git a/vendor/golang.org/x/text/unicode/norm/tables11.0.0.go b/vendor/golang.org/x/text/unicode/norm/tables11.0.0.go
index 2c58f09baa..cb7239c437 100644
--- a/vendor/golang.org/x/text/unicode/norm/tables11.0.0.go
+++ b/vendor/golang.org/x/text/unicode/norm/tables11.0.0.go
@@ -1,5 +1,6 @@
 // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
 
+//go:build go1.13 && !go1.14
 // +build go1.13,!go1.14
 
 package norm
diff --git a/vendor/golang.org/x/text/unicode/norm/tables12.0.0.go b/vendor/golang.org/x/text/unicode/norm/tables12.0.0.go
index 7e1ae096e5..11b2733001 100644
--- a/vendor/golang.org/x/text/unicode/norm/tables12.0.0.go
+++ b/vendor/golang.org/x/text/unicode/norm/tables12.0.0.go
@@ -1,5 +1,6 @@
 // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
 
+//go:build go1.14 && !go1.16
 // +build go1.14,!go1.16
 
 package norm
diff --git a/vendor/golang.org/x/text/unicode/norm/tables13.0.0.go b/vendor/golang.org/x/text/unicode/norm/tables13.0.0.go
index 9ea1b42140..96a130d30e 100644
--- a/vendor/golang.org/x/text/unicode/norm/tables13.0.0.go
+++ b/vendor/golang.org/x/text/unicode/norm/tables13.0.0.go
@@ -1,5 +1,6 @@
 // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
 
+//go:build go1.16
 // +build go1.16
 
 package norm
diff --git a/vendor/golang.org/x/text/unicode/norm/tables9.0.0.go b/vendor/golang.org/x/text/unicode/norm/tables9.0.0.go
index 9429069291..0175eae50a 100644
--- a/vendor/golang.org/x/text/unicode/norm/tables9.0.0.go
+++ b/vendor/golang.org/x/text/unicode/norm/tables9.0.0.go
@@ -1,5 +1,6 @@
 // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
 
+//go:build !go1.10
 // +build !go1.10
 
 package norm
diff --git a/vendor/golang.org/x/text/width/tables10.0.0.go b/vendor/golang.org/x/text/width/tables10.0.0.go
index decb8e4809..186b1d4efa 100644
--- a/vendor/golang.org/x/text/width/tables10.0.0.go
+++ b/vendor/golang.org/x/text/width/tables10.0.0.go
@@ -1,5 +1,6 @@
 // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
 
+//go:build go1.10 && !go1.13
 // +build go1.10,!go1.13
 
 package width
diff --git a/vendor/golang.org/x/text/width/tables11.0.0.go b/vendor/golang.org/x/text/width/tables11.0.0.go
index 3c75e428fd..990f7622f1 100644
--- a/vendor/golang.org/x/text/width/tables11.0.0.go
+++ b/vendor/golang.org/x/text/width/tables11.0.0.go
@@ -1,5 +1,6 @@
 // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
 
+//go:build go1.13 && !go1.14
 // +build go1.13,!go1.14
 
 package width
diff --git a/vendor/golang.org/x/text/width/tables12.0.0.go b/vendor/golang.org/x/text/width/tables12.0.0.go
index 543942b9e7..85296297e3 100644
--- a/vendor/golang.org/x/text/width/tables12.0.0.go
+++ b/vendor/golang.org/x/text/width/tables12.0.0.go
@@ -1,5 +1,6 @@
 // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
 
+//go:build go1.14 && !go1.16
 // +build go1.14,!go1.16
 
 package width
diff --git a/vendor/golang.org/x/text/width/tables13.0.0.go b/vendor/golang.org/x/text/width/tables13.0.0.go
index 804264ca67..bac3f1aee3 100644
--- a/vendor/golang.org/x/text/width/tables13.0.0.go
+++ b/vendor/golang.org/x/text/width/tables13.0.0.go
@@ -1,5 +1,6 @@
 // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
 
+//go:build go1.16
 // +build go1.16
 
 package width
diff --git a/vendor/golang.org/x/text/width/tables9.0.0.go b/vendor/golang.org/x/text/width/tables9.0.0.go
index 7069e26345..b3db84f6f9 100644
--- a/vendor/golang.org/x/text/width/tables9.0.0.go
+++ b/vendor/golang.org/x/text/width/tables9.0.0.go
@@ -1,5 +1,6 @@
 // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
 
+//go:build !go1.10
 // +build !go1.10
 
 package width
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 38c2bd8517..4005b6de69 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -171,7 +171,7 @@ github.com/boombuler/barcode/utils
 # github.com/bradfitz/gomemcache v0.0.0-20190913173617-a41fca850d0b
 ## explicit
 github.com/bradfitz/gomemcache/memcache
-# github.com/caddyserver/certmagic v0.12.0
+# github.com/caddyserver/certmagic v0.13.0
 ## explicit
 github.com/caddyserver/certmagic
 # github.com/cespare/xxhash/v2 v2.1.1
@@ -538,7 +538,6 @@ github.com/lib/pq
 github.com/lib/pq/oid
 github.com/lib/pq/scram
 # github.com/libdns/libdns v0.2.0
-## explicit
 github.com/libdns/libdns
 # github.com/lunny/dingtalk_webhook v0.0.0-20171025031554-e3534c89ef96
 ## explicit
@@ -590,7 +589,6 @@ github.com/mgechev/revive/formatter
 github.com/mgechev/revive/lint
 github.com/mgechev/revive/rule
 # github.com/mholt/acmez v0.1.3
-## explicit
 github.com/mholt/acmez
 github.com/mholt/acmez/acme
 # github.com/mholt/archiver/v3 v3.5.0
@@ -599,7 +597,7 @@ github.com/mholt/archiver/v3
 # github.com/microcosm-cc/bluemonday v1.0.7
 ## explicit
 github.com/microcosm-cc/bluemonday
-# github.com/miekg/dns v1.1.40
+# github.com/miekg/dns v1.1.41
 ## explicit
 github.com/miekg/dns
 # github.com/minio/md5-simd v1.1.2
@@ -860,7 +858,7 @@ go.uber.org/zap/internal/bufferpool
 go.uber.org/zap/internal/color
 go.uber.org/zap/internal/exit
 go.uber.org/zap/zapcore
-# golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83
+# golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b
 ## explicit
 golang.org/x/crypto/argon2
 golang.org/x/crypto/bcrypt
@@ -890,7 +888,7 @@ golang.org/x/crypto/ssh/knownhosts
 # golang.org/x/mod v0.4.1
 golang.org/x/mod/module
 golang.org/x/mod/semver
-# golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4
+# golang.org/x/net v0.0.0-20210421230115-4e50805a0758
 ## explicit
 golang.org/x/net/bpf
 golang.org/x/net/context
@@ -915,7 +913,7 @@ golang.org/x/oauth2/google/internal/externalaccount
 golang.org/x/oauth2/internal
 golang.org/x/oauth2/jws
 golang.org/x/oauth2/jwt
-# golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44
+# golang.org/x/sys v0.0.0-20210421221651-33663a62ff08
 ## explicit
 golang.org/x/sys/cpu
 golang.org/x/sys/execabs
@@ -924,7 +922,7 @@ golang.org/x/sys/unix
 golang.org/x/sys/windows
 golang.org/x/sys/windows/svc
 golang.org/x/sys/windows/svc/debug
-# golang.org/x/text v0.3.5
+# golang.org/x/text v0.3.6
 ## explicit
 golang.org/x/text/encoding
 golang.org/x/text/encoding/charmap