Sync from SUSE:SLFO:Main python-grpcio revision c265f3309b951c8456ab12728185d56a

2025-04-25 21:32:24 +02:00
10 changed files with 166 additions and 309 deletions
--- a/fix-return-values.patch
+++ b/fix-return-values.patch
@@ -0,0 +1,64 @@
 Index: grpcio-1.68.1/src/core/lib/promise/party.h
 ===================================================================
 --- grpcio-1.68.1.orig/src/core/lib/promise/party.h
 +++ grpcio-1.68.1/src/core/lib/promise/party.h
@@ -269,6 +269,7 @@ class Party : public Activity, private W
           Crash(
               "unreachable: promises should not be repolled after completion");
       }
 +      return false;
     }
     // Outside party poll: check whether the spawning party has completed this
@@ -281,6 +282,7 @@ class Party : public Activity, private W
         case State::kResult:
           return std::move(result_);
       }
 +      return Pending{};
     }
     void Destroy() override { this->Unref(); }
 Index: grpcio-1.68.1/src/core/lib/transport/call_state.h
 ===================================================================
 --- grpcio-1.68.1.orig/src/core/lib/transport/call_state.h
 +++ grpcio-1.68.1/src/core/lib/transport/call_state.h
@@ -151,6 +151,7 @@ class CallState {
       case ClientToServerPullState::kTerminated:
         return "Terminated";
     }
 +    return "";
   }
   template <typename Sink>
   friend void AbslStringify(Sink& out, ClientToServerPullState state) {
@@ -181,6 +182,7 @@ class CallState {
       case ClientToServerPushState::kFinished:
         return "Finished";
     }
 +    return "";
   }
   template <typename Sink>
   friend void AbslStringify(Sink& out, ClientToServerPushState state) {
@@ -231,6 +233,7 @@ class CallState {
       case ServerToClientPullState::kTerminated:
         return "Terminated";
     }
 +    return "";
   }
   template <typename Sink>
   friend void AbslStringify(Sink& out, ServerToClientPullState state) {
@@ -268,6 +271,7 @@ class CallState {
       case ServerToClientPushState::kFinished:
         return "Finished";
     }
 +    return "";
   }
   template <typename Sink>
   friend void AbslStringify(Sink& out, ServerToClientPushState state) {
@@ -298,6 +302,7 @@ class CallState {
       case ServerTrailingMetadataState::kPulledCancel:
         return "PulledCancel";
     }
 +    return "";
   }
   template <typename Sink>
   friend void AbslStringify(Sink& out, ServerTrailingMetadataState state) {
--- a/grpcio-1.60.0.tar.gz
+++ b/grpcio-1.60.0.tar.gz
--- a/grpcio-1.69.0.tar.gz
+++ b/grpcio-1.69.0.tar.gz
--- a/python-grpcio-CVE-2024-11407.patch
+++ b/python-grpcio-CVE-2024-11407.patch
@@ -1,25 +0,0 @@
 From e9046b2bbebc0cb7f5dc42008f807f6c7e98e791 Mon Sep 17 00:00:00 2001
 From: Vignesh Babu <vigneshbabu@google.com>
 Date: Thu, 12 Sep 2024 11:13:45 -0700
 Subject: [PATCH] [EventEngine] Fix bug in Tx0cp code path in posix endpoint.
 This fix ensures that the iov_base pointers point to the right address.
 PiperOrigin-RevId: 673923651
 ---
 src/core/lib/event_engine/posix_engine/posix_endpoint.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 Index: grpc-1.60.0/src/core/lib/event_engine/posix_engine/posix_endpoint.cc
 ===================================================================
 --- grpc-1.60.0.orig/src/core/lib/event_engine/posix_engine/posix_endpoint.cc
 +++ grpc-1.60.0/src/core/lib/event_engine/posix_engine/posix_endpoint.cc
@@ -239,7 +239,7 @@ msg_iovlen_type TcpZerocopySendRecord::P
        iov_size++) {
     MutableSlice& slice = internal::SliceCast<MutableSlice>(
         buf_.MutableSliceAt(out_offset_.slice_idx));
 -    iov[iov_size].iov_base = slice.begin();
 +    iov[iov_size].iov_base = slice.begin() + out_offset_.byte_idx;
     iov[iov_size].iov_len = slice.length() - out_offset_.byte_idx;
     *sending_length += iov[iov_size].iov_len;
     ++(out_offset_.slice_idx);
--- a/python-grpcio-CVE-2024-7246.patch
+++ b/python-grpcio-CVE-2024-7246.patch
@@ -1,181 +0,0 @@
 diff --git a/src/core/ext/transport/chttp2/transport/hpack_parser.cc b/src/core/ext/transport/chttp2/transport/hpack_parser.cc
 index 31bf46456f1d0..f2fe80c504e58 100644
 --- a/src/core/ext/transport/chttp2/transport/hpack_parser.cc
 +++ b/src/core/ext/transport/chttp2/transport/hpack_parser.cc
@@ -91,12 +91,14 @@ constexpr Base64InverseTable kBase64InverseTable;
 class HPackParser::Input {
  public:
   Input(grpc_slice_refcount* current_slice_refcount, const uint8_t* begin,
 -        const uint8_t* end, absl::BitGenRef bitsrc, HpackParseResult& error)
 +        const uint8_t* end, absl::BitGenRef bitsrc,
 +        HpackParseResult& frame_error, HpackParseResult& field_error)
       : current_slice_refcount_(current_slice_refcount),
         begin_(begin),
         end_(end),
         frontier_(begin),
 -        error_(error),
 +        frame_error_(frame_error),
 +        field_error_(field_error),
         bitsrc_(bitsrc) {}
   // If input is backed by a slice, retrieve its refcount. If not, return
@@ -215,14 +217,18 @@ class HPackParser::Input {
   // Check if we saw an EOF
   bool eof_error() const {
 -    return min_progress_size_ != 0 || error_.connection_error();
 +    return min_progress_size_ != 0 || frame_error_.connection_error();
 +  }
 +
 +  // Reset the field error to be ok
 +  void ClearFieldError() {
 +    if (field_error_.ok()) return;
 +    field_error_ = HpackParseResult();
   }
   // Minimum number of bytes to unstuck the current parse
   size_t min_progress_size() const { return min_progress_size_; }
 -  bool has_error() const { return !error_.ok(); }
 -
   // Set the current error - tweaks the error to include a stream id so that
   // chttp2 does not close the connection.
   // Intended for errors that are specific to a stream and recoverable.
@@ -246,10 +252,7 @@ class HPackParser::Input {
   // read prior to being able to get further in this parse.
   void UnexpectedEOF(size_t min_progress_size) {
     GPR_ASSERT(min_progress_size > 0);
 -    if (min_progress_size_ != 0 || error_.connection_error()) {
 -      GPR_DEBUG_ASSERT(eof_error());
 -      return;
 -    }
 +    if (eof_error()) return;
     // Set min progress size, taking into account bytes parsed already but not
     // consumed.
     min_progress_size_ = min_progress_size + (begin_ - frontier_);
@@ -302,13 +305,18 @@ class HPackParser::Input {
   // Do not use this directly, instead use SetErrorAndContinueParsing or
   // SetErrorAndStopParsing.
   void SetError(HpackParseResult error) {
 -    if (!error_.ok() || min_progress_size_ > 0) {
 -      if (error.connection_error() && !error_.connection_error()) {
 -        error_ = std::move(error);  // connection errors dominate
 +    SetErrorFor(frame_error_, error);
 +    SetErrorFor(field_error_, std::move(error));
 +  }
 +
 +  void SetErrorFor(HpackParseResult& error, HpackParseResult new_error) {
 +    if (!error.ok() || min_progress_size_ > 0) {
 +      if (new_error.connection_error() && !error.connection_error()) {
 +        error = std::move(new_error);  // connection errors dominate
       }
       return;
     }
 -    error_ = std::move(error);
 +    error = std::move(new_error);
   }
   // Refcount if we are backed by a slice
@@ -320,7 +328,8 @@ class HPackParser::Input {
   // Frontier denotes the first byte past successfully processed input
   const uint8_t* frontier_;
   // Current error
 -  HpackParseResult& error_;
 +  HpackParseResult& frame_error_;
 +  HpackParseResult& field_error_;
   // If the error was EOF, we flag it here by noting how many more bytes would
   // be needed to make progress
   size_t min_progress_size_ = 0;
@@ -597,6 +606,7 @@ class HPackParser::Parser {
   bool ParseTop() {
     GPR_DEBUG_ASSERT(state_.parse_state == ParseState::kTop);
     auto cur = *input_->Next();
 +    input_->ClearFieldError();
     switch (cur >> 4) {
         // Literal header not indexed - First byte format: 0000xxxx
         // Literal header never indexed - First byte format: 0001xxxx
@@ -702,7 +712,7 @@ class HPackParser::Parser {
         break;
     }
     gpr_log(
 -        GPR_DEBUG, "HTTP:%d:%s:%s: %s%s", log_info_.stream_id, type,
 +        GPR_INFO, "HTTP:%d:%s:%s: %s%s", log_info_.stream_id, type,
         log_info_.is_client ? "CLI" : "SVR", memento.md.DebugString().c_str(),
         memento.parse_status == nullptr
             ? ""
@@ -951,11 +961,10 @@ class HPackParser::Parser {
                                   state_.string_length)
             : String::Parse(input_, state_.is_string_huff_compressed,
                             state_.string_length);
 -    HpackParseResult& status = state_.frame_error;
     absl::string_view key_string;
     if (auto* s = absl::get_if<Slice>(&state_.key)) {
       key_string = s->as_string_view();
 -      if (status.ok()) {
 +      if (state_.field_error.ok()) {
         auto r = ValidateKey(key_string);
         if (r != ValidateMetadataResult::kOk) {
           input_->SetErrorAndContinueParsing(
@@ -965,7 +974,7 @@ class HPackParser::Parser {
     } else {
       const auto* memento = absl::get<const HPackTable::Memento*>(state_.key);
       key_string = memento->md.key();
 -      if (status.ok() && memento->parse_status != nullptr) {
 +      if (state_.field_error.ok() && memento->parse_status != nullptr) {
         input_->SetErrorAndContinueParsing(*memento->parse_status);
       }
     }
@@ -992,16 +1001,16 @@ class HPackParser::Parser {
         key_string.size() + value.wire_size + hpack_constants::kEntryOverhead;
     auto md = grpc_metadata_batch::Parse(
         key_string, std::move(value_slice), state_.add_to_table, transport_size,
 -        [key_string, &status, this](absl::string_view message, const Slice&) {
 -          if (!status.ok()) return;
 +        [key_string, this](absl::string_view message, const Slice&) {
 +          if (!state_.field_error.ok()) return;
           input_->SetErrorAndContinueParsing(
               HpackParseResult::MetadataParseError(key_string));
           gpr_log(GPR_ERROR, "Error parsing '%s' metadata: %s",
                   std::string(key_string).c_str(),
                   std::string(message).c_str());
         });
 -    HPackTable::Memento memento{std::move(md),
 -                                status.PersistentStreamErrorOrNullptr()};
 +    HPackTable::Memento memento{
 +        std::move(md), state_.field_error.PersistentStreamErrorOrNullptr()};
     input_->UpdateFrontier();
     state_.parse_state = ParseState::kTop;
     if (state_.add_to_table) {
@@ -1163,13 +1172,13 @@ grpc_error_handle HPackParser::Parse(
     std::vector<uint8_t> buffer = std::move(unparsed_bytes_);
     return ParseInput(
         Input(nullptr, buffer.data(), buffer.data() + buffer.size(), bitsrc,
 -              state_.frame_error),
 +              state_.frame_error, state_.field_error),
         is_last, call_tracer);
   }
 -  return ParseInput(
 -      Input(slice.refcount, GRPC_SLICE_START_PTR(slice),
 -            GRPC_SLICE_END_PTR(slice), bitsrc, state_.frame_error),
 -      is_last, call_tracer);
 +  return ParseInput(Input(slice.refcount, GRPC_SLICE_START_PTR(slice),
 +                          GRPC_SLICE_END_PTR(slice), bitsrc, state_.frame_error,
 +                          state_.field_error),
 +                    is_last, call_tracer);
 }
 grpc_error_handle HPackParser::ParseInput(
 diff --git a/src/core/ext/transport/chttp2/transport/hpack_parser.h b/src/core/ext/transport/chttp2/transport/hpack_parser.h
 index 37456683b6468..55842e47eb228 100644
 --- a/src/core/ext/transport/chttp2/transport/hpack_parser.h
 +++ b/src/core/ext/transport/chttp2/transport/hpack_parser.h
@@ -236,6 +236,8 @@ class HPackParser {
     HPackTable hpack_table;
     // Error so far for this frame (set by class Input)
     HpackParseResult frame_error;
 +    // Error so far for this field (set by class Input)
 +    HpackParseResult field_error;
     // Length of frame so far.
     uint32_t frame_length = 0;
     // Length of the string being parsed
--- a/python-grpcio-cython3-compat.patch
+++ b/python-grpcio-cython3-compat.patch
@@ -1,63 +0,0 @@
 Index: grpcio-1.60.0/src/python/grpcio/grpc/_cython/_cygrpc/vtable.pyx.pxi
 ===================================================================
 --- grpcio-1.60.0.orig/src/python/grpcio/grpc/_cython/_cygrpc/vtable.pyx.pxi
 +++ grpcio-1.60.0/src/python/grpcio/grpc/_cython/_cygrpc/vtable.pyx.pxi
@@ -13,16 +13,16 @@
 # limitations under the License.
 # TODO(https://github.com/grpc/grpc/issues/15662): Reform this.
 -cdef void* _copy_pointer(void* pointer):
 +cdef void* _copy_pointer(void* pointer) noexcept:
   return pointer
 # TODO(https://github.com/grpc/grpc/issues/15662): Reform this.
 -cdef void _destroy_pointer(void* pointer):
 +cdef void _destroy_pointer(void* pointer) noexcept:
   pass
 -cdef int _compare_pointer(void* first_pointer, void* second_pointer):
 +cdef int _compare_pointer(void* first_pointer, void* second_pointer) noexcept:
   if first_pointer < second_pointer:
     return -1
   elif first_pointer > second_pointer:
 Index: grpcio-1.60.0/src/python/grpcio/grpc/_cython/_cygrpc/credentials.pyx.pxi
 ===================================================================
 --- grpcio-1.60.0.orig/src/python/grpcio/grpc/_cython/_cygrpc/credentials.pyx.pxi
 +++ grpcio-1.60.0/src/python/grpcio/grpc/_cython/_cygrpc/credentials.pyx.pxi
@@ -316,7 +316,7 @@ def server_credentials_ssl_dynamic_cert_
   return credentials
 cdef grpc_ssl_certificate_config_reload_status _server_cert_config_fetcher_wrapper(
 -        void* user_data, grpc_ssl_server_certificate_config **config) with gil:
 +        void* user_data, grpc_ssl_server_certificate_config **config) noexcept with gil:
   # This is a credentials.ServerCertificateConfig
   cdef ServerCertificateConfig cert_config = None
   if not user_data:
 Index: grpcio-1.60.0/src/python/grpcio/grpc/_cython/_cygrpc/aio/callback_common.pyx.pxi
 ===================================================================
 --- grpcio-1.60.0.orig/src/python/grpcio/grpc/_cython/_cygrpc/aio/callback_common.pyx.pxi
 +++ grpcio-1.60.0/src/python/grpcio/grpc/_cython/_cygrpc/aio/callback_common.pyx.pxi
@@ -50,7 +50,7 @@ cdef class CallbackWrapper:
     @staticmethod
     cdef void functor_run(
             grpc_completion_queue_functor* functor,
 -            int success):
 +            int success) noexcept:
         cdef CallbackContext *context = <CallbackContext *>functor
         cdef object waiter = <object>context.waiter
         if not waiter.cancelled():
 Index: grpcio-1.60.0/src/python/grpcio/grpc/_cython/_cygrpc/aio/callback_common.pxd.pxi
 ===================================================================
 --- grpcio-1.60.0.orig/src/python/grpcio/grpc/_cython/_cygrpc/aio/callback_common.pxd.pxi
 +++ grpcio-1.60.0/src/python/grpcio/grpc/_cython/_cygrpc/aio/callback_common.pxd.pxi
@@ -48,7 +48,7 @@ cdef class CallbackWrapper:
     @staticmethod
     cdef void functor_run(
             grpc_completion_queue_functor* functor,
 -            int succeed)
 +            int succeed) noexcept
     cdef grpc_completion_queue_functor *c_functor(self)
--- a/python-grpcio.changes
+++ b/python-grpcio.changes
@@ -1,12 +1,88 @@
 -------------------------------------------------------------------
-Tue Dec 17 15:06:09 UTC 2024 - pgajdos@suse.com
+Mon Jan 20 14:23:28 UTC 2025 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- security update
+- Update to version 1.69.0
- added patches
+  * [Build] Override MACOSX_DEPLOYMENT_TARGET for gRPC Python. (#37997)
-  fix CVE-2024-11407 [bsc#1233821], servers with transmit zero copy enabled through GRPC_ARG_TCP_TX_ZEROCOPY_ENABLED can experience data corruption issues
+- from version 1.68.2
-  + python-grpcio-CVE-2024-11407.patch
+  * No Python-specific changes.
-  fix CVE-2024-7246 [bsc#1228919], gRPC clients communicating with a HTTP/2 proxy can poison the HPACK table between the proxy and the backend
+
-  + python-grpcio-CVE-2024-7246.patch
+-------------------------------------------------------------------
 Wed Dec 18 11:13:30 UTC 2024 - Atri Bhattacharya <badshah400@gmail.com>
 - Update to version 1.68.1 (CVE-2024-11407, bsc#1233821):
  * No Python specific changes.
 - Changes from version 1.68.0:
  * Add templating and support for Python 3.13
    (gh#grpc/grpc#37643).
 -------------------------------------------------------------------
 Mon Nov 11 14:35:18 UTC 2024 - Adrian Schröter <adrian@suse.de>
 - Update to version 1.67.1 (CVE-2024-7246, bsc#1228919):
  * Add templating and support for Python 3.13
  * Add templating and support for Python 3.13
  * Change warning to RuntimeError for version incompatibility.
  * reflection returns original_request.
 - Added fix-return-values.patch for compile failures
 - Removed obsolete terminate.patch
 -------------------------------------------------------------------
 Wed Jul 17 10:56:55 UTC 2024 - Atri Bhattacharya <badshah400@gmail.com>
 - Update to version 1.65.0:
  * [Python O11y] Implement CSM observability for Python
    (gh#grpc/grpc#36557).
  * [Python AIO] Return EOF from UnaryStreamCall.read() as
    documented (gh#grpc/grpc#36660).
  * [Python Otel] Deprecate target_attribute_filter
    (gh#grpc/grpc#36697).
  * [Python Server] Remove abstractmethod notation for
    add_registered_method_handlers (gh#grpc/grpc#36684).
 - Drop python-grpcio-cython3-compat.patch: upstreamed.
 - Rebase xxhash-avoid-armv6-unaligned-access.patch and
  xxhash-ppc64le-gcc7.patch to apply with -p1 from top level dir,
  for easier maintenance.
 -------------------------------------------------------------------
 Sun Apr 21 16:12:45 UTC 2024 - Dirk Müller <dmueller@suse.com>
 - update to 1.62.2:
  * [Fix Python Deadlock] Guard
    grpc_google_default_credentials_create with nogil
 -------------------------------------------------------------------
 Wed Mar 20 07:41:06 UTC 2024 - Atri Bhattacharya <badshah400@gmail.com>
 - Update to version 1.62.1:
  * This release contains refinements, improvements, and bug
    fixes.
 -------------------------------------------------------------------
 Mon Feb 26 19:09:09 UTC 2024 - Robert Schweikert <rjschwei@suse.com>
 - Version update in SLE 15 SP4 and later (jsc#PED-6697)
 -------------------------------------------------------------------
 Fri Feb 23 22:10:40 UTC 2024 - Atri Bhattacharya <badshah400@gmail.com>
 - Update to version 1.62.0:
  * [Python AIO] Handle DeprecationWarnings when get current loop
    (gh#grpc/grpc#35583).
  * [Python AIO] Raise resource_exhausted error in case of
    concurrent RPC limit exceeded (gh#grpc/grpc#35376).
  * [Python O11y] Build and distrib O11y package
    (gh#grpc/grpc#35578).
  * [Python setuptools] Import error from distutils for lower
    version of setuptools (gh#grpc/grpc#35561).
 - Add terminate.patch: Fix control reaching end of non-void
  function.
 - Rebase python-grpcio-cython3-compat.patch for updated version.
 -------------------------------------------------------------------
 Fri Feb  9 12:10:38 UTC 2024 - Dirk Müller <dmueller@suse.com>
 - update to 1.60.1:
  * Revert change to print backtrace in server
 -------------------------------------------------------------------
 Fri Dec 15 14:47:42 UTC 2023 - Atri Bhattacharya <badshah400@gmail.com>
@@ -22,7 +98,7 @@ Wed Nov 22 17:38:11 UTC 2023 - Antonio Larrosa <alarrosa@suse.com>
  when using gcc 7 (boo#1208794).
 - add patch xxhash-avoid-armv6-unaligned-access.patch
  do not expect unaligned accesses to work on armv6, it breaks
-  in our build setup using aarch64 kernels 
+  in our build setup using aarch64 kernels
 -------------------------------------------------------------------
 Tue Oct 31 08:50:42 UTC 2023 - Atri Bhattacharya <badshah400@gmail.com>
@@ -54,7 +130,7 @@ Sun Sep 17 13:22:25 UTC 2023 - Atri Bhattacharya <badshah400@gmail.com>
 -------------------------------------------------------------------
 Wed Aug 30 17:07:21 UTC 2023 - Atri Bhattacharya <badshah400@gmail.com>
- Update to version 1.57.0:
+- Update to version 1.57.0: (CVE-2023-4785, bsc#1215334, CVE-2023-33953, bsc#1214148)
  * [posix] Enable systemd sockets for libsystemd>=233
    (gh#grpc/grpc#32671).
  * [python O11Y] Initial Implementation (gh#grpc/grpc#32974).
@@ -93,7 +169,7 @@ Sun Jul  2 12:33:22 UTC 2023 - ecsos <ecsos@opensuse.org>
 -------------------------------------------------------------------
 Fri Jun 30 15:47:01 UTC 2023 - Atri Bhattacharya <badshah400@gmail.com>
- Update to version 1.56.0:
+- Update to version 1.56.0: (CVE-2023-32731, bsc#1212180)
  * [aio types] Fix some grpc.aio python types
    (gh#grpc/grpc#32475).
@@ -111,7 +187,7 @@ Sat Jun 10 16:26:53 UTC 2023 - Atri Bhattacharya <badshah400@gmail.com>
 -------------------------------------------------------------------
 Fri Apr 28 04:39:48 UTC 2023 - Atri Bhattacharya <badshah400@gmail.com>
- Update to version 1.54.0:
+- Update to version 1.54.0: (CVE-2023-32732, bsc#1212182)
  * Fix DeprecationWarning when calling asyncio.get_event_loop()
    (gh#grpc/grpc#32533).
  * Remove references to deprecated syntax field
@@ -159,7 +235,7 @@ Sat Jun  4 14:52:05 UTC 2022 - Dirk Müller <dmueller@suse.com>
 - update to 1.46.3:
  * backport: xds: use federation env var to guard new-style resource name parsing
-  * This release contains refinements, improvements, and bug fixes. 
+  * This release contains refinements, improvements, and bug fixes.
 -------------------------------------------------------------------
 Fri May  6 17:37:43 UTC 2022 - Atri Bhattacharya <badshah400@gmail.com>
@@ -214,7 +290,7 @@ Tue Feb  8 23:52:07 UTC 2022 - Atri Bhattacharya <badshah400@gmail.com>
 Tue Oct 26 20:44:15 UTC 2021 - Dirk Müller <dmueller@suse.com>
 - update to 1.41.1:
-  * This is release 1.41.0 (goat) of gRPC Core. 
+  * This is release 1.41.0 (goat) of gRPC Core.
 -------------------------------------------------------------------
 Thu Oct 21 13:16:01 UTC 2021 - Atri Bhattacharya <badshah400@gmail.com>
--- a/python-grpcio.spec
+++ b/python-grpcio.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package python-grpcio
 #
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2025 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,27 +17,20 @@
 %global modname grpcio
 # PYTHON2 NOT SUPPORTED BY UPSTREAM
 %define         skip_python2 1
 %{?sle15_python_module_pythons}
 Name:           python-grpcio
-Version:        1.60.0
+Version:        1.69.0
 Release:        0
 Summary:        HTTP/2-based Remote Procedure Call implementation
 License:        Apache-2.0
 Group:          Development/Languages/Python
 URL:            https://grpc.io
 Source:         https://files.pythonhosted.org/packages/source/g/grpcio/grpcio-%{version}.tar.gz
 # PATCH-FIX-UPSTREAM python-grpcio-cython3-compat.patch gh#grpc/grpc#33918 badshah400@gmail.com -- Fix noexcept errors upon compiling with Cython 3+
 Patch0:         python-grpcio-cython3-compat.patch
 # PATCH-FIX-SLE xxhash-avoid-armv6-unaligned-access.patch alarrosa@suse.com -- do not expect unaligned accesses to work on armv6
 Patch1:         xxhash-avoid-armv6-unaligned-access.patch
 # PATCH-FIX-SLE xxhash-ppc64le-gcc7.patch boo#1208794 alarrosa@suse.com -- fix build failure on ppc64le when using gcc 7
 Patch2:         xxhash-ppc64le-gcc7.patch
-# CVE-2024-7246 [bsc#1228919], gRPC clients communicating with a HTTP/2 proxy can poison the HPACK table between the proxy and the backend
+Patch3:         fix-return-values.patch
 Patch3:         python-grpcio-CVE-2024-7246.patch
 # CVE-2024-11407 [bsc#1233821], servers with transmit zero copy enabled through GRPC_ARG_TCP_TX_ZEROCOPY_ENABLED can experience data corruption issues
 Patch4:         python-grpcio-CVE-2024-11407.patch
 BuildRequires:  %{python_module Cython >= 0.29.8}
 BuildRequires:  %{python_module devel >= 3.7}
 BuildRequires:  %{python_module pip}
@@ -64,14 +57,7 @@ and server applications to communicate, and enables the building of
 connected systems.
 %prep
-%autosetup -N -n grpcio-%{version}
+%autosetup -p1 -n grpcio-%{version}
 %patch0 -p1
 pushd third_party/xxhash
 %patch1 -p1
 %patch2 -p1
 popd
 %patch3 -p1
 %patch4 -p1
 %build
 export GRPC_BUILD_WITH_BORING_SSL_ASM=false
--- a/xxhash-avoid-armv6-unaligned-access.patch
+++ b/xxhash-avoid-armv6-unaligned-access.patch
@@ -1,7 +1,7 @@
-Index: xxHash-0.8.1/xxhash.h
+Index: grpcio/third_party/xxhash/xxhash.h
 ===================================================================
--- xxHash-0.8.1.orig/xxhash.h
+--- grpcio.orig/third_party/xxhash/xxhash.h
-+++ xxHash-0.8.1/xxhash.h
+++ grpcio/third_party/xxhash/xxhash.h
@@ -1408,7 +1408,7 @@ XXH3_128bits_reset_withSecretandSeed(XXH
     (defined(__INTEL_COMPILER) && !defined(_WIN32)) || \
     ( \
--- a/xxhash-ppc64le-gcc7.patch
+++ b/xxhash-ppc64le-gcc7.patch
@@ -7,10 +7,10 @@ Subject: [PATCH] Fix compilation on RHEL 7 ppc64le (gcc 4.8)
 xxhash.h | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)
-diff --git a/xxhash.h b/xxhash.h
+diff --git a/third_party/xxhash/xxhash.h b/third_party/xxhash/xxhash.h
 index 08ab794..7850622 100644
--- a/xxhash.h
+--- a/third_party/xxhash/xxhash.h
-+++ b/xxhash.h
+++ b/third_party/xxhash/xxhash.h
@@ -4129,7 +4129,7 @@ XXH3_accumulate_512_vsx(  void* XXH_RESTRICT acc,
                     const void* XXH_RESTRICT secret)
 {