vendor: golang.org/x/net v0.4.0

golang.org/x/net contains a fix for CVE-2022-41717, which was addressed in stdlib in go1.19.4 and go1.18.9; > net/http: limit canonical header cache by bytes, not entries > > An attacker can cause excessive memory growth in a Go server accepting > HTTP/2 requests. > > HTTP/2 server connections contain a cache of HTTP header keys sent by > the client. While the total number of entries in this cache is capped, > an attacker sending very large keys can cause the server to allocate > approximately 64 MiB per open connection. > > This issue is also fixed in golang.org/x/net/http2 v0.4.0, > for users manually configuring HTTP/2. full diff: https://github.com/golang/net/compare/v0.2.0...v0.4.0 other dependency updates (due to (circular) dependencies): - golang.org/x/sys v0.3.0: https://github.com/golang/sys/compare/3c1f35247d10...v0.3.0 - golang.org/x/text v0.5.0: https://github.com/golang/text/compare/v0.3.7...v0.5.0 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-08 10:39:04 +01:00 · 2022-12-08 10:39:04 +01:00 · 345be95498
commit 345be95498
parent 7847817946
168 changed files with 19829 additions and 2149 deletions
--- a/vendor/golang.org/x/sys/unix/mkerrors.sh
+++ b/vendor/golang.org/x/sys/unix/mkerrors.sh
@ -642,7 +642,7 @@ errors=$(
 signals=$(
 	echo '#include <signal.h>' | $CC -x c - -E -dM $ccflags |
 	awk '$1=="#define" && $2 ~ /^SIG[A-Z0-9]+$/ { print $2 }' |
-	egrep -v '(SIGSTKSIZE|SIGSTKSZ|SIGRT|SIGMAX64)' |
+	grep -v 'SIGSTKSIZE\|SIGSTKSZ\|SIGRT\|SIGMAX64' |
 	sort
 )

@ -652,7 +652,7 @@ echo '#include <errno.h>' | $CC -x c - -E -dM $ccflags |
 	sort >_error.grep
 echo '#include <signal.h>' | $CC -x c - -E -dM $ccflags |
 	awk '$1=="#define" && $2 ~ /^SIG[A-Z0-9]+$/ { print "^\t" $2 "[ \t]*=" }' |
-	egrep -v '(SIGSTKSIZE|SIGSTKSZ|SIGRT|SIGMAX64)' |
+	grep -v 'SIGSTKSIZE\|SIGSTKSZ\|SIGRT\|SIGMAX64' |
 	sort >_signal.grep

 echo '// mkerrors.sh' "$@"