0ct0pu5/moby
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
moby/vendor/golang.org/x/text
History
Exact
Cory Snider 2c22bd5280 vendor: golang.org/x/net v0.17.0 
full diff: https://github.com/golang/net/compare/ab34263943818b32f575efc978

This fixes the same CVE as go1.21.3 and go1.20.10;

- net/http: rapid stream resets can cause excessive work

  A malicious HTTP/2 client which rapidly creates requests and
  immediately resets them can cause excessive server resource consumption.
  While the total number of requests is bounded to the
  http2.Server.MaxConcurrentStreams setting, resetting an in-progress
  request allows the attacker to create a new request while the existing
  one is still executing.

  HTTP/2 servers now bound the number of simultaneously executing
  handler goroutines to the stream concurrency limit. New requests
  arriving when at the limit (which can only happen after the client
  has reset an existing, in-flight request) will be queued until a
  handler exits. If the request queue grows too large, the server
  will terminate the connection.

  This issue is also fixed in golang.org/x/net/http2 v0.17.0,
  for users manually configuring HTTP/2.

  The default stream concurrency limit is 250 streams (requests)
  per HTTP/2 connection. This value may be adjusted using the
  golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams
  setting and the ConfigureServer function.

  This is CVE-2023-39325 and Go issue https://go.dev/issue/63417.
  This is also tracked by CVE-2023-44487.

Dependency full diffs:
a3d24e80b04bd7...v0.17.0
https://github.com/golang/sys/compare/33da011f77ade50ff5b6a6fb4a
9a1e6d6b285809...v0.13.0
https://github.com/golang/text/compare/v0.3.3...v0.13.0
https://github.com/golang/crypto/compare/c1f2f97bffc9c53fc40a1a28a5
b460094c0050d9...v0.14.0

Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-10-23 16:37:52 -04:00
..
secure/bidirule vendor: golang.org/x/net v0.17.0 2023-10-23 16:37:52 -04:00
transform vendor: golang.org/x/text v0.3.3 2020-06-17 12:52:46 +02:00
unicode vendor: golang.org/x/net v0.17.0 2023-10-23 16:37:52 -04:00
go.mod vendor: golang.org/x/net v0.17.0 2023-10-23 16:37:52 -04:00
LICENSE vendor: update golang/net to c427ad74c 2017-01-13 15:42:11 -08:00
PATENTS vendor: update golang/net to c427ad74c 2017-01-13 15:42:11 -08:00
README.md vendor: golang.org/x/net v0.17.0 2023-10-23 16:37:52 -04:00

README.md

Go Text

Go Reference

This repository holds supplementary Go libraries for text processing, many involving Unicode.

CLDR Versioning

It is important that the Unicode version used in x/text matches the one used by your Go compiler. The x/text repository supports multiple versions of Unicode and will match the version of Unicode to that of the Go compiler. At the moment this is supported for Go compilers from version 1.7.

Download/Install

The easiest way to install is to run go get -u golang.org/x/text. You can also manually git clone the repository to $GOPATH/src/golang.org/x/text.

Contribute

To submit changes to this repository, see http://golang.org/doc/contribute.html.

To generate the tables in this repository (except for the encoding tables), run go generate from this directory. By default tables are generated for the Unicode version in core and the CLDR version defined in golang.org/x/text/unicode/cldr.

Running go generate will as a side effect create a DATA subdirectory in this directory, which holds all files that are used as a source for generating the tables. This directory will also serve as a cache.

Testing

Run

go test ./...

from this directory to run all tests. Add the "-tags icu" flag to also run ICU conformance tests (if available). This requires that you have the correct ICU version installed on your system.

TODO:

  • updating unversioned source files.

Generating Tables

To generate the tables in this repository (except for the encoding tables), run go generate from this directory. By default tables are generated for the Unicode version in core and the CLDR version defined in golang.org/x/text/unicode/cldr.

Running go generate will as a side effect create a DATA subdirectory in this directory which holds all files that are used as a source for generating the tables. This directory will also serve as a cache.

Versions

To update a Unicode version run

UNICODE_VERSION=x.x.x go generate

where x.x.x must correspond to a directory in https://www.unicode.org/Public/. If this version is newer than the version in core it will also update the relevant packages there. The idna package in x/net will always be updated.

To update a CLDR version run

CLDR_VERSION=version go generate

where version must correspond to a directory in https://www.unicode.org/Public/cldr/.

Note that the code gets adapted over time to changes in the data and that backwards compatibility is not maintained. So updating to a different version may not work.

The files in DATA/{iana|icu|w3|whatwg} are currently not versioned.

Report Issues / Send Patches

This repository uses Gerrit for code changes. To learn how to submit changes to this repository, see https://golang.org/doc/contribute.html.

The main issue tracker for the image repository is located at https://github.com/golang/go/issues. Prefix your issue with "x/text:" in the subject line, so it is easy to find.