From 99fa341e22763f2d9513556146db68f3499f5833 Mon Sep 17 00:00:00 2001
From: Arjan H <github@hakwerk.com>
Date: Mon, 9 Nov 2020 11:05:18 +0100
Subject: [PATCH] Bump boulder version to release-2020-11-04

---
 config_bad-key-revoker.patch |  2 +-
 install                      |  2 +-
 policy_pa.patch              | 20 ++++++++++----------
 ra_ra.patch                  |  6 +++---
 test_config_ca_a.patch       |  2 +-
 test_config_ca_b.patch       |  2 +-
 6 files changed, 17 insertions(+), 17 deletions(-)

diff --git a/config_bad-key-revoker.patch b/config_bad-key-revoker.patch
index 9498e06..e7d5717 100644
--- a/config_bad-key-revoker.patch
+++ b/config_bad-key-revoker.patch
@@ -22,7 +22,7 @@ index 482fd85fc..3e678aa5b 100644
 +        "interval": "5m"
      },
      "syslog": {
-         "stdoutlevel": 6,
+         "stdoutlevel": 4,
          "sysloglevel": 4
 +    },
 +    "common": {
diff --git a/install b/install
index 0f796bf..f151476 100755
--- a/install
+++ b/install
@@ -24,7 +24,7 @@ dockerComposeVersion="1.22.0"
 
 labcaUrl="https://github.com/hakwerk/labca/"
 boulderUrl="https://github.com/letsencrypt/boulder/"
-boulderTag="release-2020-10-13"
+boulderTag="release-2020-11-04"
 
 #
 # Color configuration
diff --git a/policy_pa.patch b/policy_pa.patch
index 951bf15..a86fbdd 100644
--- a/policy_pa.patch
+++ b/policy_pa.patch
@@ -1,8 +1,8 @@
 diff --git a/policy/pa.go b/policy/pa.go
-index 599dcdb10..084cb3ba8 100644
+index 7950970f4..03cfb937e 100644
 --- a/policy/pa.go
 +++ b/policy/pa.go
-@@ -30,6 +30,8 @@ type AuthorityImpl struct {
+@@ -31,6 +31,8 @@ type AuthorityImpl struct {
  	blocklist              map[string]bool
  	exactBlocklist         map[string]bool
  	wildcardExactBlocklist map[string]bool
@@ -11,7 +11,7 @@ index 599dcdb10..084cb3ba8 100644
  	blocklistMu            sync.RWMutex
  
  	enabledChallenges map[core.AcmeChallenge]bool
-@@ -70,6 +72,9 @@ type blockedNamesPolicy struct {
+@@ -71,6 +73,9 @@ type blockedNamesPolicy struct {
  	// time above and beyond the high-risk domains. Managing these entries separately
  	// from HighRiskBlockedNames makes it easier to vet changes accurately.
  	AdminBlockedNames []string `yaml:"AdminBlockedNames"`
@@ -21,7 +21,7 @@ index 599dcdb10..084cb3ba8 100644
  }
  
  // SetHostnamePolicyFile will load the given policy file, returning error if it
-@@ -138,10 +143,20 @@ func (pa *AuthorityImpl) processHostnamePolicy(policy blockedNamesPolicy) error
+@@ -139,10 +144,20 @@ func (pa *AuthorityImpl) processHostnamePolicy(policy blockedNamesPolicy) error
  		// wildcardNameMap to block issuance for `*.`+parts[1]
  		wildcardNameMap[parts[1]] = true
  	}
@@ -42,7 +42,7 @@ index 599dcdb10..084cb3ba8 100644
  	pa.blocklistMu.Unlock()
  	return nil
  }
-@@ -214,7 +229,7 @@ var (
+@@ -215,7 +230,7 @@ var (
  // * exactly equal to an IANA registered TLD
  //
  // It does _not_ check that the domain isn't on any PA blocked lists.
@@ -51,7 +51,7 @@ index 599dcdb10..084cb3ba8 100644
  	if domain == "" {
  		return errEmptyName
  	}
-@@ -281,6 +296,14 @@ func ValidDomain(domain string) error {
+@@ -282,6 +297,14 @@ func ValidDomain(domain string) error {
  		}
  	}
  
@@ -66,7 +66,7 @@ index 599dcdb10..084cb3ba8 100644
  	// Names must end in an ICANN TLD, but they must not be equal to an ICANN TLD.
  	icannTLD, err := iana.ExtractSuffix(domain)
  	if err != nil {
-@@ -308,7 +331,7 @@ var forbiddenMailDomains = map[string]bool{
+@@ -309,7 +332,7 @@ var forbiddenMailDomains = map[string]bool{
  // ValidEmail returns an error if the input doesn't parse as an email address,
  // the domain isn't a valid hostname in Preferred Name Syntax, or its on the
  // list of domains forbidden for mail (because they are often used in examples).
@@ -75,7 +75,7 @@ index 599dcdb10..084cb3ba8 100644
  	email, err := mail.ParseAddress(address)
  	if err != nil {
  		if len(address) > 254 {
-@@ -318,7 +341,7 @@ func ValidEmail(address string) error {
+@@ -319,7 +342,7 @@ func ValidEmail(address string) error {
  	}
  	splitEmail := strings.SplitN(email.Address, "@", -1)
  	domain := strings.ToLower(splitEmail[len(splitEmail)-1])
@@ -84,7 +84,7 @@ index 599dcdb10..084cb3ba8 100644
  		return berrors.InvalidEmailError(
  			"contact email %q has invalid domain : %s",
  			email.Address, err)
-@@ -357,10 +380,14 @@ func (pa *AuthorityImpl) WillingToIssue(id identifier.ACMEIdentifier) error {
+@@ -358,10 +381,14 @@ func (pa *AuthorityImpl) WillingToIssue(id identifier.ACMEIdentifier) error {
  	}
  	domain := id.Value
  
@@ -100,7 +100,7 @@ index 599dcdb10..084cb3ba8 100644
  	// Require no match against hostname block lists
  	if err := pa.checkHostLists(domain); err != nil {
  		return err
-@@ -369,6 +396,31 @@ func (pa *AuthorityImpl) WillingToIssue(id identifier.ACMEIdentifier) error {
+@@ -370,6 +397,31 @@ func (pa *AuthorityImpl) WillingToIssue(id identifier.ACMEIdentifier) error {
  	return nil
  }
  
diff --git a/ra_ra.patch b/ra_ra.patch
index 77cdc37..2b9ba82 100644
--- a/ra_ra.patch
+++ b/ra_ra.patch
@@ -1,8 +1,8 @@
 diff --git a/ra/ra.go b/ra/ra.go
-index ca21ace0e..6d90d7eff 100644
+index bdc0520bc..2d74d1318 100644
 --- a/ra/ra.go
 +++ b/ra/ra.go
-@@ -29,7 +29,6 @@ import (
+@@ -30,7 +30,6 @@ import (
  	"github.com/letsencrypt/boulder/issuance"
  	blog "github.com/letsencrypt/boulder/log"
  	"github.com/letsencrypt/boulder/metrics"
@@ -10,7 +10,7 @@ index ca21ace0e..6d90d7eff 100644
  	"github.com/letsencrypt/boulder/probs"
  	rapb "github.com/letsencrypt/boulder/ra/proto"
  	"github.com/letsencrypt/boulder/ratelimit"
-@@ -400,7 +399,7 @@ func (ra *RegistrationAuthorityImpl) validateContacts(ctx context.Context, conta
+@@ -401,7 +400,7 @@ func (ra *RegistrationAuthorityImpl) validateContacts(ctx context.Context, conta
  				contact,
  			)
  		}
diff --git a/test_config_ca_a.patch b/test_config_ca_a.patch
index 0387bc2..1188a81 100644
--- a/test_config_ca_a.patch
+++ b/test_config_ca_a.patch
@@ -2,7 +2,7 @@ diff --git a/test/config/ca-a.json b/test/config/ca-a.json
 index be064a52e..e7ef8fcf6 100644
 --- a/test/config/ca-a.json
 +++ b/test/config/ca-a.json
-@@ -30,11 +30,7 @@
+@@ -122,11 +122,7 @@
      },
      "issuers": [{
        "configFile": "test/test-ca.key-pkcs11.json",
diff --git a/test_config_ca_b.patch b/test_config_ca_b.patch
index 86463a0..3a8e335 100644
--- a/test_config_ca_b.patch
+++ b/test_config_ca_b.patch
@@ -2,7 +2,7 @@ diff --git a/test/config/ca-b.json b/test/config/ca-b.json
 index ed2498f1a..4d24ffa94 100644
 --- a/test/config/ca-b.json
 +++ b/test/config/ca-b.json
-@@ -30,11 +30,7 @@
+@@ -127,11 +127,7 @@
      },
      "issuers": [{
        "configFile": "test/test-ca.key-pkcs11.json",