rebase: ParseAcceptLanguage takes a long time to parse complex tags

A vulnerability was found in golang.org/x/text/language package which could cause a denial of service. An attacker can craft an Accept-Language header which ParseAcceptLanguage will take significant time to parse. Version v0.3.8 of golang.org/x/text fixes a vulnerability. See-also: https://go.dev/issue/56152 See-also: https://bugzilla.redhat.com/CVE-2022-32149 Signed-off-by: Niels de Vos <ndevos@redhat.com>
2025-06-13 10:33:35 +00:00 · 2022-10-17 08:49:59 +02:00
parent b3837d44ce
commit e08005f402
27 changed files with 667 additions and 583 deletions
--- a/vendor/golang.org/x/text/width/tables12.0.0.go
+++ b/vendor/golang.org/x/text/width/tables12.0.0.go
@ -1178,21 +1178,31 @@ var widthIndex = [1408]uint8{
 }

 // inverseData contains 4-byte entries of the following format:
-//   <length> <modified UTF-8-encoded rune> <0 padding>
+//
+//	<length> <modified UTF-8-encoded rune> <0 padding>
+//
 // The last byte of the UTF-8-encoded rune is xor-ed with the last byte of the
 // UTF-8 encoding of the original rune. Mappings often have the following
 // pattern:
-//   Ａ -> A  (U+FF21 -> U+0041)
-//   Ｂ -> B  (U+FF22 -> U+0042)
-//   ...
+//
+//	Ａ -> A  (U+FF21 -> U+0041)
+//	Ｂ -> B  (U+FF22 -> U+0042)
+//	...
+//
 // By xor-ing the last byte the same entry can be shared by many mappings. This
 // reduces the total number of distinct entries by about two thirds.
 // The resulting entry for the aforementioned mappings is
-//   { 0x01, 0xE0, 0x00, 0x00 }
+//
+//	{ 0x01, 0xE0, 0x00, 0x00 }
+//
 // Using this entry to map U+FF21 (UTF-8 [EF BC A1]), we get
-//   E0 ^ A1 = 41.
+//
+//	E0 ^ A1 = 41.
+//
 // Similarly, for U+FF22 (UTF-8 [EF BC A2]), we get
-//   E0 ^ A2 = 42.
+//
+//	E0 ^ A2 = 42.
+//
 // Note that because of the xor-ing, the byte sequence stored in the entry is
 // not valid UTF-8.
 var inverseData = [150][4]byte{