gentoo resync : 25.09.2021

5 files changed, 273 insertions, 158 deletions

diff --git a/app-admin/vault/Manifest b/app-admin/vault/Manifest
index e31970aaa29b..c8b1f994bc77 100644
--- a/app-admin/vault/Manifest
+++ b/app-admin/vault/Manifest
@@ -1,4 +1,5 @@
 AUX localhost.json.example 130 BLAKE2B c2af154a798286daae8a1804c698a8a8437bb4fbf2c9e928bd8ebd2cc846a7887058695f3715a4e3b9c82232529fe053b40d52fd98fd6b6c4018fbb2009a7da0 SHA512 9f9bc222f3716942b7423fa2ab14afd1d516bf3f3170b7418a75b970a33341426e13f89cf331a5e25bd3159dcbb435e20e75a0c9109e767e67bf777a7dbcd182
+AUX vault-1.8.2-go-limiter.patch 10588 BLAKE2B 597b3edd7e98d36d34123ae5352bc8894df40962afc1721c87b53cd2baa459ae1a9545d5830ea31c46549a38e713157dd920292ede19c4a4e4b4c75e5a605038 SHA512 ae8134f2cd743188e4f7be06ee8f816456613c177cd56b311fd1ad0cae6106180b85c56381da866afd31ccf7e4d5b1c9239f148d2b18dae2dfcea3c08c74d0f7
 AUX vault.confd 243 BLAKE2B 6598fa2138c4ca94fdd6b7a02048ee4a4eb2b37d17b8a065ae2f29ac183bd1473de37107b2e141b74933c1b14502cdaaaebe493ee71ad6c9141a889c6e73b977 SHA512 395d823dee49fed30d99fea1fcd1b0c1c3ae2bfd806fa0c169aa14d83a594d224f8966870799a3740a7e52f039616efe78834e0522e7a2802c7df4c56b3bbdd2
 AUX vault.initd 573 BLAKE2B 444541b8912910cf6b5d038e466e18baebb7dfd2905d802217baf9e861bb7f2a3e032716545c74e269782aa420fbd052745322576b4bcb8c4cf53ba07471b261 SHA512 11124e6fc656977c20b55b578e30fd76b8f6905760c2f17f93b960a317975f1914c6bd8d4ffd3741ba405bfe5aa0cecb68067f8ce52b2df9015863d31f9a7aad
 AUX vault.logrotated 83 BLAKE2B 63b106e949f8a2da0ca97f1d07732fdea4dafbe44cb97ea81074472b95489d179deccd14f4d4176043f488f2be68b96dc6bee20748fe68f650d70fd32078d2bd SHA512 83d73760d85dbb731652aa5936d2780208ac4643e975538652f53b49305d024df6d72a8a06d82f430982b07cf940b2fd69f9a6eedb39d380136c8e5bfda280e5
@@ -1125,8 +1126,8 @@ DIST github.com%2Fsean-%2Fconswriter%2F@v%2Fv0.0.0-20180208195008-f5ae3917a627.m
 DIST github.com%2Fsean-%2Fpager%2F@v%2Fv0.0.0-20180208200047-666be9bf53b5.mod 30 BLAKE2B 77431281d4cec52a254453afe8c7438154b0ecae0116ba085401536adc1f71f6a7eea8b0e2181893b004d805e3ff8b3a7f212ac82e41877cd08c2cf0fc47af05 SHA512 5101454134688f96467dbbdf475b1d9bd9e446c29eb2cd04b85430ea0130c09dcbd8141d5ca0d63e63b74349c3dbf59d978ef2115a03c920ff2abfad10fe9a62
 DIST github.com%2Fsean-%2Fseed%2F@v%2Fv0.0.0-20170313163322-e2103e2c3529.mod 29 BLAKE2B 8f509981164937fb0aab63b0344ddbf25c183b926a6e87400e745f6aee9dcc478f0ed455c62a9753722954acb3506be5f7810915a15d03647668e7bb707c09c0 SHA512 c7dc34c7a73c5899ca207c0cac88dd38ddebaffa04b5dd511a86dd10160e60be2806dfc6e079a5871b0cb6142f53d7d7dc87ddbe3fb19240bf894430feac5875
 DIST github.com%2Fsean-%2Fseed%2F@v%2Fv0.0.0-20170313163322-e2103e2c3529.zip 4415 BLAKE2B f50a9fd1f74506625ae9460c6071bbbd1dd3ad3d83264fb7def028c757e8ad8f865fc7255db6e9b5cdb7a1744ac1f741bc6184f064eee7108f6fc0facc81f639 SHA512 acd19ece301ac146ae50dd784e3dc1c2cbc0c00a562fc5d2759b7b8a4acf0b5bf83d5bcd54122130877a1568a13709c28ab7e1cc7ba269ec91aa1b1a86c2065a
-DIST github.com%2Fsethvargo%2Fgo-limiter%2F@v%2Fv0.3.0.mod 48 BLAKE2B 33ddfe8d645092d307c8b8acd8b1c0c8c0c91224a6b0eb3bac20d707be49acc3d437cf00d341d4d37857a9ac4b5303d1df717d2a46ce717941ab7eedbfd133bd SHA512 4266c966fbdba482455fdd13f37891847cff194d1a6d169be35167b729c6e36e9517d72c5a5fda048d8465ada31927b0f3d00fe455e5339c554829e7fb914d2a
-DIST github.com%2Fsethvargo%2Fgo-limiter%2F@v%2Fv0.3.0.zip 32198 BLAKE2B d779ed09d9e00d6ff18be20b48068a1877d623070d2f74bebb6816d3a139b311276caf8f3f3099a6b6940e8d5ddaaae07719fb86f117f9ec987483b1573561d5 SHA512 35f0ae21b2af7e125e4c18a36a0c6695b024f9f53facf6f025c71237cd12658cd507d05b6d8e8249c53477b56ed7c8e0a960232715e7243da2a3f00d6dcdcd68
+DIST github.com%2Fsethvargo%2Fgo-limiter%2F@v%2Fv0.7.1.mod 48 BLAKE2B 33ddfe8d645092d307c8b8acd8b1c0c8c0c91224a6b0eb3bac20d707be49acc3d437cf00d341d4d37857a9ac4b5303d1df717d2a46ce717941ab7eedbfd133bd SHA512 4266c966fbdba482455fdd13f37891847cff194d1a6d169be35167b729c6e36e9517d72c5a5fda048d8465ada31927b0f3d00fe455e5339c554829e7fb914d2a
+DIST github.com%2Fsethvargo%2Fgo-limiter%2F@v%2Fv0.7.1.zip 24454 BLAKE2B 4958546c0be405c760d03db84554b582ae770c08893c1dd77445f655d76714a93a5c1f2a9d5cc9590564002df9c6e81eafc2d44082c6da50a0f2ef18152e1d17 SHA512 e303b4042ed3f18743bc0d11700c40e5661a32472802dd1a5f9cd4131d520c774dd98cd62c056b6bf45739600cea5cb6052eb02a113fb091316cf1c11b5c819b
 DIST github.com%2Fshirou%2Fgopsutil%2F@v%2Fv3.21.5+incompatible.mod 34 BLAKE2B 790ec7277e4654961540dd09fcb7962328547009b0181183b7cb64972b872d30986d1e53ded5961588d89508c913b2b56dd7af3625d0e8d7be2253b6bcf59576 SHA512 a5f5d88a767a855b6ff24d7e2e0c4aeb81fb1365a7e81ed989b4c605a7a6c61dc52d7ce97fc672c21020ef56f597dce679184e5e8d3d199678487e6bebaa8127
 DIST github.com%2Fshirou%2Fgopsutil%2F@v%2Fv3.21.5+incompatible.zip 257791 BLAKE2B d0c44078120582d20e3c3eb60d0ecfc2c8547323ea68eddaffee5614243b4410518eabaf0c17b24351cd269d85bfc5f32151bcb56680793682a17b61e8881204 SHA512 c2d405ad66b1e3d6860ef21dacb6b7f0a5daef57267c32773cb26ea9983ba75df39e6b3ab5bc97c4c0eb133e17eb587a565da30d89139982fd90102765d27ca9
 DIST github.com%2Fshopspring%2Fdecimal%2F@v%2Fv0.0.0-20180709203117-cd690d0c9e24.mod 37 BLAKE2B 9945435440e0d3be57cdb12cab697382fe91c56329289bbde332bbd1fd15928a5101d7fcadd89064ecbd103130514a1cad383db097d02d596138fad0348c15d0 SHA512 7f46d39bc8f24a5c5c1ff513c0f0018d5341a008526a49bf0b3694008c272b3080b0386a44ba6c27f2894bef19dfbec5095c9189ed222ed5a55797788668315e
@@ -1749,13 +1750,7 @@ DIST sigs.k8s.io%2Fyaml%2F@v%2Fv1.1.0.mod 24 BLAKE2B d33080dbc62b185d029eb43f75d
 DIST sigs.k8s.io%2Fyaml%2F@v%2Fv1.2.0.mod 106 BLAKE2B bd5d8af6c5046c6de9b171ea2915c308de08e9696a8c82b3831bf5dc01f8aefc21b13b5b9a210f24ff8782909308137c25363074753427109e009889b7860f5f SHA512 712a936d07bfe4c2e67a4f199346d7e96db35486a0f051365c4636ddbc6505cf540995bc67e6a03b1b58e1e4816ece573418f23bf9ce93fcdc141a05f922f527
 DIST sigs.k8s.io%2Fyaml%2F@v%2Fv1.2.0.zip 20937 BLAKE2B 1bc20da34d11c6704b2d34eb93b06fd376d1b0932626c7dcbdaf43df8c8eb14e07529e84e028576bb67ce1961c3c86d0303d375d8d0aa372ded259c3561b9291 SHA512 52a52b3d380ae6e2cbe1b2c849d3089f74aa876fb3fadfbd02eada97446e0f2cf387f10ddb527f2dfefd57dccba8c82b0b349efbecaa0e6e3d00dc2b5d4fc21e
 DIST sourcegraph.com%2Fsourcegraph%2Fappdash%2F@v%2Fv0.0.0-20190731080439-ebfcffb1b5c0.mod 43 BLAKE2B 44d562f1cdabdb24ca05eb508183dc158939129a4cf6ec0c58815076367b2902b660ee0ef526aa01e920846fb633d001c499bf63a3cea16494213eec41587408 SHA512 7d863e4af4e480a247bc767d1de96ff8050b12a13a182a9a8fa68c983c2f0b1a16b509d40de3cca552082535f876458034e1510f0f0feef383f16e1f84f81282
-DIST vault-1.6.6-webui.tar.xz 1268292 BLAKE2B ea30ecaee5ff58a6b7281a5cedb9e8484c6d19feb2b5f0391002a2022dfc4978ac9c37bdcb69617034f93c44835bd4d88720788affcd45d516c190a011dc3882 SHA512 458cb4093a06142c11376a65a11deecc135915586353eae9511bdbdc49539ed296d3a008a91d8c6c6a43d71a0dfff85727a669428a822246265ffd1e48ce3972
-DIST vault-1.6.6.tar.gz 39139148 BLAKE2B 1b6615fddb649c852d62f8a4d9d97d09be4e966427753ba87add08cf758416c349caae189e6bb6a3b24edf3c708f17655090d713f6e9ab2c02b7db8656c4cd02 SHA512 820ec2f0b71defe6e6920bb4eefec55536d3d06345b676323d4af0c74c837c886871b0951b54f917e27b61bade9b4a8e9f36e3905a82a134b9e5f887ed744534
-DIST vault-1.7.4-webui.tar.xz 1324720 BLAKE2B 822f4afd2dd2ede0741b597b66a89fa04d1e160fa826ce609816786f9393aac24bbe36d27c7c3a11642d93b35606804d52ddd7da51aa9d3346f67caa5a886f21 SHA512 cfc0f8ccdb5ca348286676c3ff512483ed7e5c129bf5a6d7a5cfd60d4c5679688f4aff66221874cf413fad654aa0d71ba72eb58bb5f0165d42b9603e1cec279b
-DIST vault-1.7.4.tar.gz 39607823 BLAKE2B 24b1c5473bac6fe0973a95a4c7ce30d5e8b4d3e78ec606cfe64ac3a1dcf84733aac4309496da0fd6b8bec5d98d951df29a4f1e1709f30856cc35e1d0464bdb25 SHA512 ec2f13741a182f1127424cd135ca1d5e9000e5e1cb3410135d805ff5cebb728091ffd67c7fea2134b1488ec13c8e298683adae23cb7ef87d8d35404ffddf9be3
 DIST vault-1.8.2-webui.tar.xz 1382592 BLAKE2B e7df79275f65b601de577f1197b89c03bd4e299fb4c5ee67f5e91439a79c15eeb4b58946d4cf2c837ca88883c2d655ae86388f2f194a06f159c6580d4e6b1e59 SHA512 35c738be79fd956f09595045d7616599cfd7948baf2b774d0585c4cc12f9cfbd8bf262eb3c9a3969b96184560f2b2f7eb203271100a4ce452347d1100a5884b8
 DIST vault-1.8.2.tar.gz 20974085 BLAKE2B dbef32b3b1881f61053fed410c80caca253af9fd27d525eaf7e8b471af15d62c16423d35905302ccd4c32d7f2bc983a09d4ccbf2f835b7c60e2ac5067b17348c SHA512 fe203f68a8b2f91356a59ee5a5e072aad232bfb9b037c7673297240ddd6270936f144c9a25bcba399053ef0fbc756146cc0e9e9f3642f0fd07008d8ee003d793
-EBUILD vault-1.6.6.ebuild 1815 BLAKE2B 26b1ef44a8f7a7368e43f053589e55dbcf184f67c9d7bfa264f80d8a8de83b13568ee614d357ed75eb0464f53dfa8e58a97755229b283d026212761492264e64 SHA512 bd013a506908c251eeb581602e9f039361b33e3a8b13589c32228845cf830f66cb02960f0375a482fdae237a8c637145ab75bffd5d4f4e96d10046fdf32b6948
-EBUILD vault-1.7.4.ebuild 1816 BLAKE2B 64dfcfd1375b66458538b35647ddf2a373be16ba8ac27619db188dbaec020f54f045977033a33aa365846e2c9aaf13ec491591208bf67811a7ef871afb32cc2c SHA512 7d4c606e6ad9f6b82c8930580fb37de60b1ce5cb1d470f37fec833e8402ed967187f6884264d417c356f1a2f9f1f7389bd968bddaba4d9baa601771e536b86e3
-EBUILD vault-1.8.2.ebuild 95817 BLAKE2B 0db23ac16cc0111102b457863bdea186f7f0531b1bb9b3c18965c8cda7d1b6779b9ae882eaeb339035e91f9262101bb59073acff45cab64d217a138f197cbda3 SHA512 9eca6a162fc601f44ea0e7a3d9150752130deb401344e65c57aab1c9505248bfea4c3a06e7bbedd5cc94b11e77b6d95644c584bc2611f77c5dee6393fa1a0fd4
+EBUILD vault-1.8.2.ebuild 95865 BLAKE2B 6f72e3a4c990600d2f0b2cd189ca4d0502195edd05e7fc1f00d6788243f535705226d5a0faa1f44618e49081c1230b71431d4e949b47e6c1c4f39247255dadbb SHA512 33ad1aca41e2d07adcff741e7eb603f87dded3bb4c794eceb6bbfca694944c0cf28f9b7ce19762a7a8aba1c2c512e4b9a90667ac1ff04069d257f3600d18c103
 MISC metadata.xml 372 BLAKE2B 8e18e03d14e17a6a5d8c6b7bdb0d87ef6aec8530e203edc579a66b0c6ba0809bbddf4d68943281483ed841daa18a87ee13bed427162e40cd6c2fe3c45b0ec4fb SHA512 07bd140cd5152ccf7e9c39a0ad45a9361b56306b773176155fceaee3dbfa4645d74dba5a21a131f0221419aed5a9aeed4a5aef7c4eec2750c803e11c96621b02
diff --git a/app-admin/vault/files/vault-1.8.2-go-limiter.patch b/app-admin/vault/files/vault-1.8.2-go-limiter.patch
new file mode 100644
index 000000000000..3aef43e5c17b
--- /dev/null
+++ b/app-admin/vault/files/vault-1.8.2-go-limiter.patch
@@ -0,0 +1,264 @@
+This is a combination of upstream commits:
+b368a675955707db4e940da29a1043871a3781b6
+21ea03e0f874991086d2f1bcdc285216878bd566
+
+Fixes https://bugs.gentoo.org/808791
+Fixes https://bugs.gentoo.org/810317
+
+diff --git a/go.mod b/go.mod
+index 548c0590f..22a8833e2 100644
+--- a/go.mod
++++ b/go.mod
+@@ -150,7 +150,7 @@ require (
+ 	github.com/ryanuber/go-glob v1.0.0
+ 	github.com/samuel/go-zookeeper v0.0.0-20190923202752-2cc03de413da
+ 	github.com/sasha-s/go-deadlock v0.2.0
+-	github.com/sethvargo/go-limiter v0.3.0
++	github.com/sethvargo/go-limiter v0.7.1
+ 	github.com/shirou/gopsutil v3.21.5+incompatible
+ 	github.com/stretchr/testify v1.7.0
+ 	github.com/tidwall/pretty v1.0.1 // indirect
+diff --git a/go.sum b/go.sum
+index c5b3b410d..98a5dd0a8 100644
+--- a/go.sum
++++ b/go.sum
+@@ -1120,8 +1120,8 @@ github.com/sean-/conswriter v0.0.0-20180208195008-f5ae3917a627/go.mod h1:7zjs06q
+ github.com/sean-/pager v0.0.0-20180208200047-666be9bf53b5/go.mod h1:BeybITEsBEg6qbIiqJ6/Bqeq25bCLbL7YFmpaFfJDuM=
+ github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529 h1:nn5Wsu0esKSJiIVhscUtVbo7ada43DJhG55ua/hjS5I=
+ github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
+-github.com/sethvargo/go-limiter v0.3.0 h1:yRMc+Qs2yqw6YJp6UxrO2iUs6DOSq4zcnljbB7/rMns=
+-github.com/sethvargo/go-limiter v0.3.0/go.mod h1:C0kbSFbiriE5k2FFOe18M1YZbAR2Fiwf72uGu0CXCcU=
++github.com/sethvargo/go-limiter v0.7.1 h1:wWNhTj0pxjyJ7wuJHpRJpYwJn+bUnjYfw2a85eu5w9U=
++github.com/sethvargo/go-limiter v0.7.1/go.mod h1:C0kbSFbiriE5k2FFOe18M1YZbAR2Fiwf72uGu0CXCcU=
+ github.com/shirou/gopsutil v3.21.5+incompatible h1:OloQyEerMi7JUrXiNzy8wQ5XN+baemxSl12QgIzt0jc=
+ github.com/shirou/gopsutil v3.21.5+incompatible/go.mod h1:5b4v6he4MtMOwMlS0TUMTu2PcXUg8+E1lC7eC3UO/RA=
+ github.com/shopspring/decimal v0.0.0-20180709203117-cd690d0c9e24 h1:pntxY8Ary0t43dCZ5dqY4YTJCObLY1kIXl0uzMv+7DE=
+diff --git a/http/util.go b/http/util.go
+index 0550a93c7..cbb364843 100644
+--- a/http/util.go
++++ b/http/util.go
+@@ -48,7 +48,7 @@ func rateLimitQuotaWrapping(handler http.Handler, core *vault.Core) http.Handler
+ 			return
+ 		}
+ 
+-		quotaResp, err := core.ApplyRateLimitQuota(&quotas.Request{
++		quotaResp, err := core.ApplyRateLimitQuota(r.Context(), &quotas.Request{
+ 			Type:          quotas.TypeRateLimit,
+ 			Path:          path,
+ 			MountPath:     strings.TrimPrefix(core.MatchingMount(r.Context(), path), ns.Path),
+diff --git a/vault/core.go b/vault/core.go
+index 3b6e461fd..27741e8c6 100644
+--- a/vault/core.go
++++ b/vault/core.go
+@@ -2744,7 +2744,7 @@ func (c *Core) setupQuotas(ctx context.Context, isPerfStandby bool) error {
+ 
+ // ApplyRateLimitQuota checks the request against all the applicable quota rules.
+ // If the given request's path is exempt, no rate limiting will be applied.
+-func (c *Core) ApplyRateLimitQuota(req *quotas.Request) (quotas.Response, error) {
++func (c *Core) ApplyRateLimitQuota(ctx context.Context, req *quotas.Request) (quotas.Response, error) {
+ 	req.Type = quotas.TypeRateLimit
+ 
+ 	resp := quotas.Response{
+@@ -2758,7 +2758,7 @@ func (c *Core) ApplyRateLimitQuota(req *quotas.Request) (quotas.Response, error)
+ 			return resp, nil
+ 		}
+ 
+-		return c.quotaManager.ApplyQuota(req)
++		return c.quotaManager.ApplyQuota(ctx, req)
+ 	}
+ 
+ 	return resp, nil
+diff --git a/vault/quotas/quotas.go b/vault/quotas/quotas.go
+index 68cc72f9f..80ee59521 100644
+--- a/vault/quotas/quotas.go
++++ b/vault/quotas/quotas.go
+@@ -168,7 +168,7 @@ type Manager struct {
+ // Quota represents the common properties of every quota type
+ type Quota interface {
+ 	// allow checks the if the request is allowed by the quota type implementation.
+-	allow(*Request) (Response, error)
++	allow(context.Context, *Request) (Response, error)
+ 
+ 	// quotaID is the identifier of the quota rule
+ 	quotaID() string
+@@ -181,7 +181,7 @@ type Quota interface {
+ 
+ 	// close defines any cleanup behavior that needs to be executed when a quota
+ 	// rule is deleted.
+-	close() error
++	close(context.Context) error
+ 
+ 	// handleRemount takes in the new mount path in the quota
+ 	handleRemount(string)
+@@ -287,7 +287,7 @@ func (m *Manager) setQuotaLocked(ctx context.Context, qType string, quota Quota,
+ 	// If there already exists an entry in the db, remove that first.
+ 	if raw != nil {
+ 		quota := raw.(Quota)
+-		if err := quota.close(); err != nil {
++		if err := quota.close(ctx); err != nil {
+ 			return err
+ 		}
+ 		err = txn.Delete(qType, raw)
+@@ -518,7 +518,7 @@ func (m *Manager) DeleteQuota(ctx context.Context, qType string, name string) er
+ 	}
+ 
+ 	quota := raw.(Quota)
+-	if err := quota.close(); err != nil {
++	if err := quota.close(ctx); err != nil {
+ 		return err
+ 	}
+ 
+@@ -541,7 +541,7 @@ func (m *Manager) DeleteQuota(ctx context.Context, qType string, name string) er
+ // ApplyQuota runs the request against any quota rule that is applicable to it. If
+ // there are multiple quota rule that matches the request parameters, rule that
+ // takes precedence will be used to allow/reject the request.
+-func (m *Manager) ApplyQuota(req *Request) (Response, error) {
++func (m *Manager) ApplyQuota(ctx context.Context, req *Request) (Response, error) {
+ 	var resp Response
+ 
+ 	quota, err := m.QueryQuota(req)
+@@ -562,7 +562,7 @@ func (m *Manager) ApplyQuota(req *Request) (Response, error) {
+ 		return resp, nil
+ 	}
+ 
+-	return quota.allow(req)
++	return quota.allow(ctx, req)
+ }
+ 
+ // SetEnableRateLimitAuditLogging updates the operator preference regarding the
+diff --git a/vault/quotas/quotas_rate_limit.go b/vault/quotas/quotas_rate_limit.go
+index 64117b002..ad58b2af3 100644
+--- a/vault/quotas/quotas_rate_limit.go
++++ b/vault/quotas/quotas_rate_limit.go
+@@ -1,6 +1,7 @@
+ package quotas
+ 
+ import (
++	"context"
+ 	"encoding/hex"
+ 	"fmt"
+ 	"math"
+@@ -264,7 +265,7 @@ func (rlq *RateLimitQuota) QuotaName() string {
+ // returned if the request ID or address is empty. If the path is exempt, the
+ // quota will not be evaluated. Otherwise, the client rate limiter is retrieved
+ // by address and the rate limit quota is checked against that limiter.
+-func (rlq *RateLimitQuota) allow(req *Request) (Response, error) {
++func (rlq *RateLimitQuota) allow(ctx context.Context, req *Request) (Response, error) {
+ 	resp := Response{
+ 		Headers: make(map[string]string),
+ 	}
+@@ -300,7 +301,11 @@ func (rlq *RateLimitQuota) allow(req *Request) (Response, error) {
+ 		}
+ 	}
+ 
+-	limit, remaining, reset, allow := rlq.store.Take(req.ClientAddress)
++	limit, remaining, reset, allow, err := rlq.store.Take(ctx, req.ClientAddress)
++	if err != nil {
++		return resp, err
++	}
++
+ 	resp.Allowed = allow
+ 	resp.Headers[httplimit.HeaderRateLimitLimit] = strconv.FormatUint(limit, 10)
+ 	resp.Headers[httplimit.HeaderRateLimitRemaining] = strconv.FormatUint(remaining, 10)
+@@ -320,13 +325,13 @@ func (rlq *RateLimitQuota) allow(req *Request) (Response, error) {
+ 
+ // close stops the current running client purge loop.
+ // It should be called with the write lock held.
+-func (rlq *RateLimitQuota) close() error {
++func (rlq *RateLimitQuota) close(ctx context.Context) error {
+ 	if rlq.purgeBlocked {
+ 		close(rlq.closePurgeBlockedCh)
+ 	}
+ 
+ 	if rlq.store != nil {
+-		return rlq.store.Close()
++		return rlq.store.Close(ctx)
+ 	}
+ 
+ 	return nil
+diff --git a/vault/quotas/quotas_rate_limit_test.go b/vault/quotas/quotas_rate_limit_test.go
+index 27225e338..21f35dac3 100644
+--- a/vault/quotas/quotas_rate_limit_test.go
++++ b/vault/quotas/quotas_rate_limit_test.go
+@@ -37,7 +37,7 @@ func TestNewRateLimitQuota(t *testing.T) {
+ 			err := tc.rlq.initialize(logging.NewVaultLogger(log.Trace), metricsutil.BlackholeSink())
+ 			require.Equal(t, tc.expectErr, err != nil, err)
+ 			if err == nil {
+-				require.Nil(t, tc.rlq.close())
++				require.Nil(t, tc.rlq.close(context.Background()))
+ 			}
+ 		})
+ 	}
+@@ -46,7 +46,7 @@ func TestNewRateLimitQuota(t *testing.T) {
+ func TestRateLimitQuota_Close(t *testing.T) {
+ 	rlq := NewRateLimitQuota("test-rate-limiter", "qa", "/foo/bar", 16.7, time.Second, time.Minute)
+ 	require.NoError(t, rlq.initialize(logging.NewVaultLogger(log.Trace), metricsutil.BlackholeSink()))
+-	require.NoError(t, rlq.close())
++	require.NoError(t, rlq.close(context.Background()))
+ 
+ 	time.Sleep(time.Second) // allow enough time for purgeClientsLoop to receive on closeCh
+ 	require.False(t, rlq.getPurgeBlocked(), "expected blocked client purging to be disabled after explicit close")
+@@ -66,14 +66,14 @@ func TestRateLimitQuota_Allow(t *testing.T) {
+ 	}
+ 
+ 	require.NoError(t, rlq.initialize(logging.NewVaultLogger(log.Trace), metricsutil.BlackholeSink()))
+-	defer rlq.close()
++	defer rlq.close(context.Background())
+ 
+ 	var wg sync.WaitGroup
+ 
+ 	reqFunc := func(addr string, atomicNumAllow, atomicNumFail *atomic.Int32) {
+ 		defer wg.Done()
+ 
+-		resp, err := rlq.allow(&Request{ClientAddress: addr})
++		resp, err := rlq.allow(context.Background(), &Request{ClientAddress: addr})
+ 		if err != nil {
+ 			return
+ 		}
+@@ -141,7 +141,7 @@ func TestRateLimitQuota_Allow_WithBlock(t *testing.T) {
+ 	}
+ 
+ 	require.NoError(t, rlq.initialize(logging.NewVaultLogger(log.Trace), metricsutil.BlackholeSink()))
+-	defer rlq.close()
++	defer rlq.close(context.Background())
+ 	require.True(t, rlq.getPurgeBlocked())
+ 
+ 	var wg sync.WaitGroup
+@@ -149,7 +149,7 @@ func TestRateLimitQuota_Allow_WithBlock(t *testing.T) {
+ 	reqFunc := func(addr string, atomicNumAllow, atomicNumFail *atomic.Int32) {
+ 		defer wg.Done()
+ 
+-		resp, err := rlq.allow(&Request{ClientAddress: addr})
++		resp, err := rlq.allow(context.Background(), &Request{ClientAddress: addr})
+ 		if err != nil {
+ 			return
+ 		}
+@@ -221,5 +221,5 @@ func TestRateLimitQuota_Update(t *testing.T) {
+ 	require.NoError(t, qm.SetQuota(context.Background(), TypeRateLimit.String(), quota, true))
+ 	require.NoError(t, qm.SetQuota(context.Background(), TypeRateLimit.String(), quota, true))
+ 
+-	require.Nil(t, quota.close())
++	require.Nil(t, quota.close(context.Background()))
+ }
+diff --git a/vault/quotas/quotas_util.go b/vault/quotas/quotas_util.go
+index dc2fcdfac..7c0732f67 100644
+--- a/vault/quotas/quotas_util.go
++++ b/vault/quotas/quotas_util.go
+@@ -40,7 +40,7 @@ func (*entManager) Reset() error {
+ 
+ type LeaseCountQuota struct{}
+ 
+-func (l LeaseCountQuota) allow(request *Request) (Response, error) {
++func (l LeaseCountQuota) allow(_ context.Context, _ *Request) (Response, error) {
+ 	panic("implement me")
+ }
+ 
+@@ -56,7 +56,7 @@ func (l LeaseCountQuota) initialize(logger log.Logger, sink *metricsutil.Cluster
+ 	panic("implement me")
+ }
+ 
+-func (l LeaseCountQuota) close() error {
++func (l LeaseCountQuota) close(_ context.Context) error {
+ 	panic("implement me")
+ }
+ 
diff --git a/app-admin/vault/vault-1.6.6.ebuild b/app-admin/vault/vault-1.6.6.ebuild
deleted file mode 100644
index 28654c831960..000000000000
--- a/app-admin/vault/vault-1.6.6.ebuild
+++ /dev/null
@@ -1,73 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit fcaps go-module systemd
-
-DESCRIPTION="A tool for managing secrets"
-HOMEPAGE="https://vaultproject.io/"
-VAULT_WEBUI_ARCHIVE="${P}-webui.tar.xz"
-SRC_URI="https://github.com/hashicorp/vault/archive/v${PV}.tar.gz -> ${P}.tar.gz
-	webui? (
-		https://dev.gentoo.org/~zmedico/dist/${VAULT_WEBUI_ARCHIVE}
-	)"
-
-LICENSE="MPL-2.0 Apache-2.0 BSD BSD-2 CC-BY-SA-4.0 ISC MIT"
-SLOT="0"
-KEYWORDS="amd64"
-IUSE="+webui"
-
-BDEPEND="dev-go/gox
-	>=dev-lang/go-1.15.3"
-COMMON_DEPEND="acct-group/vault
-	acct-user/vault"
-	DEPEND="${COMMON_DEPEND}"
-	RDEPEND="${COMMON_DEPEND}"
-
-FILECAPS=(
-	-m 755 'cap_ipc_lock=+ep' usr/bin/${PN}
-)
-
-RESTRICT+=" test"
-
-src_prepare() {
-	default
-	# Avoid the need to have a git checkout
-	sed -e 's:^\(GIT_COMMIT=\).*:\1:' \
-		-e 's:^\(GIT_DIRTY=\).*:\1:' \
-		-e s:\'\${GIT_COMMIT}\${GIT_DIRTY}\':: \
-		-i scripts/build.sh || die
-	sed -e "/hooks/d" \
-		-e 's|^\([[:space:]]*\)goimports .*)|\1true|' \
-		-i Makefile || die
-	if [[ -f "${WORKDIR}/http/bindata_assetfs.go" ]]; then
-		mv "${WORKDIR}/http/bindata_assetfs.go" "${S}/http" ||
-			die "mv failed"
-	fi
-}
-
-src_compile() {
-	mkdir "${T}"/bin || die
-	BUILD_TAGS="$(usex webui ui '')" \
-	GOFLAGS="-mod=vendor" \
-	GOPATH="${T}" \
-	XC_ARCH=$(go env GOARCH) \
-	XC_OS=$(go env GOOS) \
-	XC_OSARCH=$(go env GOOS)/$(go env GOARCH) \
-	emake
-}
-
-src_install() {
-	dobin bin/${PN}
-	dodoc CHANGELOG.md CONTRIBUTING.md README.md
-	insinto /etc/${PN}.d
-	doins "${FILESDIR}/"*.json.example
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}/${PN}.logrotated" "${PN}"
-	newinitd "${FILESDIR}/${PN}.initd" "${PN}"
-	newconfd "${FILESDIR}/${PN}.confd" "${PN}"
-	systemd_dounit "${FILESDIR}/${PN}.service"
-	keepdir /var/log/${PN}
-	fowners ${PN}:${PN} /var/log/${PN}
-}
diff --git a/app-admin/vault/vault-1.7.4.ebuild b/app-admin/vault/vault-1.7.4.ebuild
deleted file mode 100644
index 87aa3191263e..000000000000
--- a/app-admin/vault/vault-1.7.4.ebuild
+++ /dev/null
@@ -1,73 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit fcaps go-module systemd
-
-DESCRIPTION="A tool for managing secrets"
-HOMEPAGE="https://vaultproject.io/"
-VAULT_WEBUI_ARCHIVE="${P}-webui.tar.xz"
-SRC_URI="https://github.com/hashicorp/vault/archive/v${PV}.tar.gz -> ${P}.tar.gz
-	webui? (
-		https://dev.gentoo.org/~zmedico/dist/${VAULT_WEBUI_ARCHIVE}
-	)"
-
-LICENSE="MPL-2.0 Apache-2.0 BSD BSD-2 CC-BY-SA-4.0 ISC MIT"
-SLOT="0"
-KEYWORDS="~amd64"
-IUSE="+webui"
-
-BDEPEND="dev-go/gox
-	>=dev-lang/go-1.15.3"
-COMMON_DEPEND="acct-group/vault
-	acct-user/vault"
-	DEPEND="${COMMON_DEPEND}"
-	RDEPEND="${COMMON_DEPEND}"
-
-FILECAPS=(
-	-m 755 'cap_ipc_lock=+ep' usr/bin/${PN}
-)
-
-RESTRICT+=" test"
-
-src_prepare() {
-	default
-	# Avoid the need to have a git checkout
-	sed -e 's:^\(GIT_COMMIT=\).*:\1:' \
-		-e 's:^\(GIT_DIRTY=\).*:\1:' \
-		-e s:\'\${GIT_COMMIT}\${GIT_DIRTY}\':: \
-		-i scripts/build.sh || die
-	sed -e "/hooks/d" \
-		-e 's|^\([[:space:]]*\)goimports .*)|\1true|' \
-		-i Makefile || die
-	if [[ -f "${WORKDIR}/http/bindata_assetfs.go" ]]; then
-		mv "${WORKDIR}/http/bindata_assetfs.go" "${S}/http" ||
-			die "mv failed"
-	fi
-}
-
-src_compile() {
-	mkdir "${T}"/bin || die
-	BUILD_TAGS="$(usex webui ui '')" \
-	GOFLAGS="-mod=vendor" \
-	GOPATH="${T}" \
-	XC_ARCH=$(go env GOARCH) \
-	XC_OS=$(go env GOOS) \
-	XC_OSARCH=$(go env GOOS)/$(go env GOARCH) \
-	emake
-}
-
-src_install() {
-	dobin bin/${PN}
-	dodoc CHANGELOG.md CONTRIBUTING.md README.md
-	insinto /etc/${PN}.d
-	doins "${FILESDIR}/"*.json.example
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}/${PN}.logrotated" "${PN}"
-	newinitd "${FILESDIR}/${PN}.initd" "${PN}"
-	newconfd "${FILESDIR}/${PN}.confd" "${PN}"
-	systemd_dounit "${FILESDIR}/${PN}.service"
-	keepdir /var/log/${PN}
-	fowners ${PN}:${PN} /var/log/${PN}
-}
diff --git a/app-admin/vault/vault-1.8.2.ebuild b/app-admin/vault/vault-1.8.2.ebuild
index 57bba092722c..8957da4edc80 100644
--- a/app-admin/vault/vault-1.8.2.ebuild
+++ b/app-admin/vault/vault-1.8.2.ebuild
@@ -1130,8 +1130,8 @@ EGO_SUM=(
 "github.com/sean-/pager v0.0.0-20180208200047-666be9bf53b5/go.mod"
 "github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529"
 "github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod"
-"github.com/sethvargo/go-limiter v0.3.0"
-"github.com/sethvargo/go-limiter v0.3.0/go.mod"
+"github.com/sethvargo/go-limiter v0.7.1"
+"github.com/sethvargo/go-limiter v0.7.1/go.mod"
 "github.com/shirou/gopsutil v3.21.5+incompatible"
 "github.com/shirou/gopsutil v3.21.5+incompatible/go.mod"
 "github.com/shopspring/decimal v0.0.0-20180709203117-cd690d0c9e24"
@@ -1766,7 +1766,7 @@ SRC_URI="https://github.com/hashicorp/vault/archive/v${PV}.tar.gz -> ${P}.tar.gz
 
 LICENSE="MPL-2.0 Apache-2.0 BSD BSD-2 CC-BY-SA-4.0 ISC MIT"
 SLOT="0"
-KEYWORDS="~amd64"
+KEYWORDS="amd64"
 IUSE="+webui"
 
 BDEPEND="dev-go/gox
@@ -1780,6 +1780,8 @@ FILECAPS=(
 	-m 755 'cap_ipc_lock=+ep' usr/bin/${PN}
 )
 
+PATCHES=( "${FILESDIR}"/${P}-go-limiter.patch )
+
 RESTRICT+=" test"
 
 src_prepare() {