rebase: ParseAcceptLanguage takes a long time to parse complex tags

A vulnerability was found in golang.org/x/text/language package which
could cause a denial of service. An attacker can craft an
Accept-Language header which ParseAcceptLanguage will take significant
time to parse.
Version v0.3.8 of golang.org/x/text fixes a vulnerability.

See-also: https://go.dev/issue/56152
See-also: https://bugzilla.redhat.com/CVE-2022-32149
Signed-off-by: Niels de Vos <ndevos@redhat.com>

vendor/golang.org/x/text/internal/language/compact/tables.go

@@ -966,7 +966,7 @@ var coreTags = []language.CompactCoreInfo{ // 773 elements
 	0x3fd00000, 0x3fd00072, 0x3fd000da, 0x3fd0010c,
 	0x3ff00000, 0x3ff000d1, 0x40100000, 0x401000c3,
 	0x40200000, 0x4020004c, 0x40700000, 0x40800000,
-	0x4085a000, 0x4085a0ba, 0x408e3000, 0x408e30ba,
+	0x4085a000, 0x4085a0ba, 0x408e8000, 0x408e80ba,
 	0x40c00000, 0x40c000b3, 0x41200000, 0x41200111,
 	0x41600000, 0x4160010f, 0x41c00000, 0x41d00000,
 	// Entry 280 - 29F
@@ -994,7 +994,7 @@ var coreTags = []language.CompactCoreInfo{ // 773 elements
 	0x4ae00130, 0x4b400000, 0x4b400099, 0x4b4000e8,
 	0x4bc00000, 0x4bc05000, 0x4bc05024, 0x4bc20000,
 	0x4bc20137, 0x4bc5a000, 0x4bc5a137, 0x4be00000,
-	0x4be5a000, 0x4be5a0b4, 0x4beeb000, 0x4beeb0b4,
+	0x4be5a000, 0x4be5a0b4, 0x4bef1000, 0x4bef10b4,
 	0x4c000000, 0x4c300000, 0x4c30013e, 0x4c900000,
 	// Entry 2E0 - 2FF
 	0x4c900001, 0x4cc00000, 0x4cc0012f, 0x4ce00000,
@@ -1012,4 +1012,4 @@ var coreTags = []language.CompactCoreInfo{ // 773 elements
 
 const specialTagsStr string = "ca-ES-valencia en-US-u-va-posix"
 
-// Total table size 3147 bytes (3KiB); checksum: BE816D44
+// Total table size 3147 bytes (3KiB); checksum: 6772C83C

vendor/golang.org/x/text/internal/language/lookup.go

@@ -328,7 +328,7 @@ func (r Region) IsPrivateUse() bool {
 	return r.typ()&iso3166UserAssigned != 0
 }
 
-type Script uint8
+type Script uint16
 
 // getScriptID returns the script id for string s. It assumes that s
 // is of the format [A-Z][a-z]{3}.

vendor/golang.org/x/text/internal/language/parse.go

@@ -270,7 +270,7 @@ func parse(scan *scanner, s string) (t Tag, err error) {
 	} else if n >= 4 {
 		return Und, ErrSyntax
 	} else { // the usual case
-		t, end = parseTag(scan)
+		t, end = parseTag(scan, true)
 		if n := len(scan.token); n == 1 {
 			t.pExt = uint16(end)
 			end = parseExtensions(scan)
@@ -296,7 +296,8 @@ func parse(scan *scanner, s string) (t Tag, err error) {
 
 // parseTag parses language, script, region and variants.
 // It returns a Tag and the end position in the input that was parsed.
-func parseTag(scan *scanner) (t Tag, end int) {
+// If doNorm is true, then <lang>-<extlang> will be normalized to <extlang>.
+func parseTag(scan *scanner, doNorm bool) (t Tag, end int) {
 	var e error
 	// TODO: set an error if an unknown lang, script or region is encountered.
 	t.LangID, e = getLangID(scan.token)
@@ -307,14 +308,17 @@ func parseTag(scan *scanner) (t Tag, end int) {
 	for len(scan.token) == 3 && isAlpha(scan.token[0]) {
 		// From http://tools.ietf.org/html/bcp47, <lang>-<extlang> tags are equivalent
 		// to a tag of the form <extlang>.
-		lang, e := getLangID(scan.token)
-		if lang != 0 {
-			t.LangID = lang
-			copy(scan.b[langStart:], lang.String())
-			scan.b[langStart+3] = '-'
-			scan.start = langStart + 4
+		if doNorm {
+			lang, e := getLangID(scan.token)
+			if lang != 0 {
+				t.LangID = lang
+				langStr := lang.String()
+				copy(scan.b[langStart:], langStr)
+				scan.b[langStart+len(langStr)] = '-'
+				scan.start = langStart + len(langStr) + 1
+			}
+			scan.gobble(e)
 		}
-		scan.gobble(e)
 		end = scan.scan()
 	}
 	if len(scan.token) == 4 && isAlpha(scan.token[0]) {
@@ -559,7 +563,7 @@ func parseExtension(scan *scanner) int {
 	case 't': // https://www.ietf.org/rfc/rfc6497.txt
 		scan.scan()
 		if n := len(scan.token); n >= 2 && n <= 3 && isAlpha(scan.token[1]) {
-			_, end = parseTag(scan)
+			_, end = parseTag(scan, false)
 			scan.toLower(start, end)
 		}
 		for len(scan.token) == 2 && !isAlpha(scan.token[1]) {