https://github.com/cilium/cilium
Revision a3d58a4b32ab3fa65146154065a50289ae185c3e authored by Tobias Klauser on 13 July 2023, 08:26:42 UTC, committed by Sebastian Wicki on 19 July 2023, 14:13:57 UTC
[ upstream commit b9ec2aaece578278733e473a72bb5594f621d495 ] Go 1.20.6 added a security fix [1] which leads to stricter sanitization of the HTTP host header in the net/http client. Cilium's pkg/client currently sets the Host header to the UDS path (e.g. /var/run/cilium/cilium.sock), however the slashes in that Host header now lead net/http to reject it. RFC 7230, Section 5.4 states [2]: > If the authority component is missing or undefined for the target URI, > then a client MUST send a Host header field with an empty field-value. The authority component is undefined for the unix:// scheme. Thus, the correct value to use would be the empty string. However, this does not work due to OpenAPI runtime using the same value for the URL's host and the http client's host header. Thus, use a dummy value "localhost". [1] https://go.dev/issue/60374 [2] https://datatracker.ietf.org/doc/html/rfc7230#section-5.4 Signed-off-by: Tobias Klauser <tobias@cilium.io> Signed-off-by: Sebastian Wicki <sebastian@isovalent.com>
1 parent 4fa7df8
Tip revision: a3d58a4b32ab3fa65146154065a50289ae185c3e authored by Tobias Klauser on 13 July 2023, 08:26:42 UTC
client, health/client: set dummy host header on unix:// local communication
client, health/client: set dummy host header on unix:// local communication
Tip revision: a3d58a4
go.mod
module github.com/cilium/cilium
go 1.17
require (
github.com/Azure/azure-sdk-for-go v59.3.0+incompatible
github.com/Azure/go-autorest/autorest v0.11.22
github.com/Azure/go-autorest/autorest/adal v0.9.17
github.com/Azure/go-autorest/autorest/azure/auth v0.5.9
github.com/Azure/go-autorest/autorest/to v0.4.0
github.com/aliyun/alibaba-cloud-sdk-go v1.61.1334
github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d
github.com/aws/aws-sdk-go-v2 v1.11.2
github.com/aws/aws-sdk-go-v2/config v1.11.0
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.8.2
github.com/aws/aws-sdk-go-v2/service/ec2 v1.25.0
github.com/aws/smithy-go v1.9.0
github.com/blang/semver/v4 v4.0.0
github.com/cilium/customvet v0.0.0-20201209211516-9852765c1ac4
github.com/cilium/deepequal-gen v0.0.0-20200406125435-ad6a9003139e
github.com/cilium/ebpf v0.7.0
github.com/cilium/ipam v0.0.0-20211026130907-54a76012817c
github.com/cilium/lumberjack/v2 v2.2.1
github.com/cilium/proxy v0.0.0-20230219184343-04413917ff99
github.com/cilium/workerpool v1.1.1
github.com/containernetworking/cni v1.0.1
github.com/containernetworking/plugins v1.0.1
github.com/coreos/go-systemd/v22 v22.3.2
github.com/davecgh/go-spew v1.1.1
github.com/docker/docker v20.10.11+incompatible
github.com/docker/libnetwork v0.8.0-dev.2.0.20210525090646-64b7a4574d14
github.com/fsnotify/fsnotify v1.5.1
github.com/go-openapi/errors v0.20.1
github.com/go-openapi/loads v0.21.0
github.com/go-openapi/runtime v0.21.0
github.com/go-openapi/spec v0.20.4
github.com/go-openapi/strfmt v0.21.0
github.com/go-openapi/swag v0.19.15
github.com/go-openapi/validate v0.20.3
github.com/gogo/protobuf v1.3.2
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da
github.com/golang/protobuf v1.5.2
github.com/google/go-cmp v0.5.6
github.com/google/gopacket v1.1.19
github.com/google/gops v0.3.22
github.com/google/renameio v1.0.1
github.com/google/uuid v1.3.0
github.com/gorilla/mux v1.8.0
github.com/hashicorp/consul/api v1.11.0
github.com/hashicorp/go-immutable-radix v1.3.1
github.com/hashicorp/golang-lru v0.5.4
github.com/jeremywohl/flatten v1.0.1
github.com/kevinburke/ssh_config v1.1.0
github.com/kr/pretty v0.3.0
github.com/mattn/go-shellwords v1.0.12
github.com/miekg/dns v1.1.43
github.com/onsi/ginkgo v1.16.5
github.com/onsi/gomega v1.17.0
github.com/optiopay/kafka v0.0.0-00010101000000-000000000000
github.com/pmezard/go-difflib v1.0.0
github.com/prometheus/client_golang v1.12.2
github.com/prometheus/client_model v0.2.1-0.20210607210712-147c58e9608a
github.com/prometheus/procfs v0.7.3
github.com/russross/blackfriday/v2 v2.1.0
github.com/sasha-s/go-deadlock v0.3.1
github.com/servak/go-fastping v0.0.0-20160802140958-5718d12e20a0
github.com/shirou/gopsutil/v3 v3.21.10
github.com/sirupsen/logrus v1.9.0
github.com/spf13/cast v1.4.1
github.com/spf13/cobra v1.2.1
github.com/spf13/pflag v1.0.5
github.com/spf13/viper v1.9.0
github.com/stretchr/testify v1.8.0
github.com/vishvananda/netlink v1.1.1-0.20220125195016-0639e7e787ba
github.com/vishvananda/netns v0.0.0-20211101163701-50045581ed74
go.etcd.io/etcd/api/v3 v3.5.1
go.etcd.io/etcd/client/pkg/v3 v3.5.1
go.etcd.io/etcd/client/v3 v3.5.1
go.uber.org/goleak v1.2.0
go.uber.org/multierr v1.7.0
go.universe.tf/metallb v0.11.0
golang.org/x/crypto v0.0.0-20220214200702-86341886e292
golang.org/x/net v0.7.0
golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4
golang.org/x/sys v0.5.0
golang.org/x/time v0.0.0-20220210224613-90d013bbcef8
golang.org/x/tools v0.1.12
golang.zx2c4.com/wireguard v0.0.0-20211017052713-f87e87af0d9a
golang.zx2c4.com/wireguard/wgctrl v0.0.0-20211027115401-c9b1ec1aa6d8
google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa
google.golang.org/grpc v1.43.0
google.golang.org/protobuf v1.27.1
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c
gopkg.in/ini.v1 v1.64.0
gopkg.in/yaml.v2 v2.4.0
k8s.io/api v0.23.17
k8s.io/apiextensions-apiserver v0.23.17
k8s.io/apimachinery v0.23.17
k8s.io/client-go v0.23.17
k8s.io/code-generator v0.23.17
k8s.io/klog/v2 v2.30.0
k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65
sigs.k8s.io/controller-tools v0.6.2
sigs.k8s.io/yaml v1.3.0
)
require (
github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect
github.com/Azure/go-autorest v14.2.0+incompatible // indirect
github.com/Azure/go-autorest/autorest/azure/cli v0.4.3 // indirect
github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect
github.com/Azure/go-autorest/autorest/validation v0.3.1 // indirect
github.com/Azure/go-autorest/logger v0.2.1 // indirect
github.com/Azure/go-autorest/tracing v0.6.0 // indirect
github.com/Microsoft/go-winio v0.5.1 // indirect
github.com/PuerkitoBio/purell v1.1.1 // indirect
github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect
github.com/StackExchange/wmi v1.2.1 // indirect
github.com/armon/go-metrics v0.3.10 // indirect
github.com/aws/aws-sdk-go-v2/credentials v1.6.4 // indirect
github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.2 // indirect
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.0.2 // indirect
github.com/aws/aws-sdk-go-v2/internal/ini v1.3.2 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.5.2 // indirect
github.com/aws/aws-sdk-go-v2/service/sso v1.6.2 // indirect
github.com/aws/aws-sdk-go-v2/service/sts v1.11.1 // indirect
github.com/beorn7/perks v1.0.1 // indirect
github.com/census-instrumentation/opencensus-proto v0.3.0 // indirect
github.com/cespare/xxhash/v2 v2.1.2 // indirect
github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1 // indirect
github.com/containerd/containerd v1.5.7 // indirect
github.com/coreos/go-semver v0.3.0 // indirect
github.com/cpuguy83/go-md2man/v2 v2.0.1 // indirect
github.com/dimchansky/utfbom v1.1.1 // indirect
github.com/docker/distribution v2.8.1+incompatible // indirect
github.com/docker/go-connections v0.4.0 // indirect
github.com/docker/go-units v0.4.0 // indirect
github.com/emicklei/go-restful v2.9.5+incompatible // indirect
github.com/envoyproxy/protoc-gen-validate v0.6.2 // indirect
github.com/evanphx/json-patch v5.6.0+incompatible // indirect
github.com/fatih/color v1.13.0 // indirect
github.com/go-kit/kit v0.12.0 // indirect
github.com/go-kit/log v0.2.0 // indirect
github.com/go-logfmt/logfmt v0.5.1 // indirect
github.com/go-logr/logr v1.2.0 // indirect
github.com/go-ole/go-ole v1.2.6 // indirect
github.com/go-openapi/analysis v0.21.1 // indirect
github.com/go-openapi/jsonpointer v0.19.5 // indirect
github.com/go-openapi/jsonreference v0.19.6 // indirect
github.com/go-stack/stack v1.8.1 // indirect
github.com/gobuffalo/flect v0.2.3 // indirect
github.com/godbus/dbus/v5 v5.0.4 // indirect
github.com/golang-jwt/jwt/v4 v4.1.0 // indirect
github.com/golang/snappy v0.0.4 // indirect
github.com/google/gofuzz v1.2.0 // indirect
github.com/googleapis/gnostic v0.5.5 // indirect
github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
github.com/hashicorp/go-hclog v1.0.0 // indirect
github.com/hashicorp/go-rootcerts v1.0.2 // indirect
github.com/hashicorp/hcl v1.0.0 // indirect
github.com/hashicorp/serf v0.9.5 // indirect
github.com/imdario/mergo v0.3.12 // indirect
github.com/inconshreveable/mousetrap v1.0.0 // indirect
github.com/ishidawataru/sctp v0.0.0-20210707070123-9a39160e9062 // indirect
github.com/jmespath/go-jmespath v0.4.0 // indirect
github.com/josharian/intern v1.0.0 // indirect
github.com/josharian/native v0.0.0-20200817173448-b6b71def0850 // indirect
github.com/json-iterator/go v1.1.12 // indirect
github.com/kr/text v0.2.0 // indirect
github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0 // indirect
github.com/magiconair/properties v1.8.5 // indirect
github.com/mailru/easyjson v0.7.7 // indirect
github.com/mattn/go-colorable v0.1.11 // indirect
github.com/mattn/go-isatty v0.0.14 // indirect
github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect
github.com/mdlayher/arp v0.0.0-20191213142603-f72070a231fc // indirect
github.com/mdlayher/ethernet v0.0.0-20190606142754-0394541c37b7 // indirect
github.com/mdlayher/genetlink v1.0.0 // indirect
github.com/mdlayher/ndp v0.0.0-20200602162440-17ab9e3e5567 // indirect
github.com/mdlayher/netlink v1.4.1 // indirect
github.com/mdlayher/raw v0.0.0-20210412142147-51b895745faf // indirect
github.com/mdlayher/socket v0.0.0-20211102153432-57e3fa563ecb // indirect
github.com/mikioh/ipaddr v0.0.0-20190404000644-d465c8ab6721 // indirect
github.com/mitchellh/go-homedir v1.1.0 // indirect
github.com/mitchellh/mapstructure v1.4.2 // indirect
github.com/moby/term v0.0.0-20210610120745-9d4ed1856297 // indirect
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
github.com/modern-go/reflect2 v1.0.2 // indirect
github.com/morikuni/aec v1.0.0 // indirect
github.com/nxadm/tail v1.4.8 // indirect
github.com/oklog/ulid v1.3.1 // indirect
github.com/opencontainers/go-digest v1.0.0 // indirect
github.com/opencontainers/image-spec v1.0.2 // indirect
github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b // indirect
github.com/pelletier/go-toml v1.9.5 // indirect
github.com/petermattis/goid v0.0.0-20180202154549-b0b1615b78e5 // indirect
github.com/pkg/errors v0.9.1 // indirect
github.com/prometheus/common v0.32.1 // indirect
github.com/rogpeppe/go-internal v1.8.0 // indirect
github.com/spf13/afero v1.6.0 // indirect
github.com/spf13/jwalterweatherman v1.1.0 // indirect
github.com/subosito/gotenv v1.2.0 // indirect
github.com/tklauser/go-sysconf v0.3.9 // indirect
github.com/tklauser/numcpus v0.3.0 // indirect
gitlab.com/golang-commonmark/puny v0.0.0-20191124015043-9f83538fa04f // indirect
go.mongodb.org/mongo-driver v1.7.4 // indirect
go.uber.org/atomic v1.9.0 // indirect
go.uber.org/zap v1.19.1 // indirect
golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect
golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8 // indirect
golang.org/x/term v0.5.0 // indirect
golang.org/x/text v0.7.0 // indirect
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect
google.golang.org/appengine v1.6.7 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c // indirect
k8s.io/klog v1.0.0 // indirect
k8s.io/utils v0.0.0-20211116205334-6203023598ed // indirect
sigs.k8s.io/json v0.0.0-20211020170558-c049b76a60c6 // indirect
sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
)
replace (
github.com/miekg/dns => github.com/cilium/dns v1.1.51-0.20220729113855-5b94b11b46fc
github.com/optiopay/kafka => github.com/cilium/kafka v0.0.0-20180809090225-01ce283b732b
go.universe.tf/metallb => github.com/cilium/metallb v0.1.1-0.20220829170633-5d7dfb1129f7
// Using private fork of controller-tools. See commit msg for more context
// as to why we are using a private fork.
sigs.k8s.io/controller-tools => github.com/cilium/controller-tools v0.6.2
)
![swh spinner](/static/img/swh-spinner.gif)
Computing file changes ...