Sync from SUSE:SLFO:1.1 python-grpcio revision 7e72968d5cf0b3ca292ebac580ee839e

2025-04-16 01:04:10 +02:00
4 changed files with 0 additions and 222 deletions
--- a/python-grpcio-CVE-2024-11407.patch
+++ b/python-grpcio-CVE-2024-11407.patch
@@ -1,25 +0,0 @@
 From e9046b2bbebc0cb7f5dc42008f807f6c7e98e791 Mon Sep 17 00:00:00 2001
 From: Vignesh Babu <vigneshbabu@google.com>
 Date: Thu, 12 Sep 2024 11:13:45 -0700
 Subject: [PATCH] [EventEngine] Fix bug in Tx0cp code path in posix endpoint.
 This fix ensures that the iov_base pointers point to the right address.
 PiperOrigin-RevId: 673923651
 ---
 src/core/lib/event_engine/posix_engine/posix_endpoint.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 Index: grpc-1.60.0/src/core/lib/event_engine/posix_engine/posix_endpoint.cc
 ===================================================================
 --- grpc-1.60.0.orig/src/core/lib/event_engine/posix_engine/posix_endpoint.cc
 +++ grpc-1.60.0/src/core/lib/event_engine/posix_engine/posix_endpoint.cc
@@ -239,7 +239,7 @@ msg_iovlen_type TcpZerocopySendRecord::P
        iov_size++) {
     MutableSlice& slice = internal::SliceCast<MutableSlice>(
         buf_.MutableSliceAt(out_offset_.slice_idx));
 -    iov[iov_size].iov_base = slice.begin();
 +    iov[iov_size].iov_base = slice.begin() + out_offset_.byte_idx;
     iov[iov_size].iov_len = slice.length() - out_offset_.byte_idx;
     *sending_length += iov[iov_size].iov_len;
     ++(out_offset_.slice_idx);
--- a/python-grpcio-CVE-2024-7246.patch
+++ b/python-grpcio-CVE-2024-7246.patch
@@ -1,181 +0,0 @@
 diff --git a/src/core/ext/transport/chttp2/transport/hpack_parser.cc b/src/core/ext/transport/chttp2/transport/hpack_parser.cc
 index 31bf46456f1d0..f2fe80c504e58 100644
 --- a/src/core/ext/transport/chttp2/transport/hpack_parser.cc
 +++ b/src/core/ext/transport/chttp2/transport/hpack_parser.cc
@@ -91,12 +91,14 @@ constexpr Base64InverseTable kBase64InverseTable;
 class HPackParser::Input {
  public:
   Input(grpc_slice_refcount* current_slice_refcount, const uint8_t* begin,
 -        const uint8_t* end, absl::BitGenRef bitsrc, HpackParseResult& error)
 +        const uint8_t* end, absl::BitGenRef bitsrc,
 +        HpackParseResult& frame_error, HpackParseResult& field_error)
       : current_slice_refcount_(current_slice_refcount),
         begin_(begin),
         end_(end),
         frontier_(begin),
 -        error_(error),
 +        frame_error_(frame_error),
 +        field_error_(field_error),
         bitsrc_(bitsrc) {}
   // If input is backed by a slice, retrieve its refcount. If not, return
@@ -215,14 +217,18 @@ class HPackParser::Input {
   // Check if we saw an EOF
   bool eof_error() const {
 -    return min_progress_size_ != 0 || error_.connection_error();
 +    return min_progress_size_ != 0 || frame_error_.connection_error();
 +  }
 +
 +  // Reset the field error to be ok
 +  void ClearFieldError() {
 +    if (field_error_.ok()) return;
 +    field_error_ = HpackParseResult();
   }
   // Minimum number of bytes to unstuck the current parse
   size_t min_progress_size() const { return min_progress_size_; }
 -  bool has_error() const { return !error_.ok(); }
 -
   // Set the current error - tweaks the error to include a stream id so that
   // chttp2 does not close the connection.
   // Intended for errors that are specific to a stream and recoverable.
@@ -246,10 +252,7 @@ class HPackParser::Input {
   // read prior to being able to get further in this parse.
   void UnexpectedEOF(size_t min_progress_size) {
     GPR_ASSERT(min_progress_size > 0);
 -    if (min_progress_size_ != 0 || error_.connection_error()) {
 -      GPR_DEBUG_ASSERT(eof_error());
 -      return;
 -    }
 +    if (eof_error()) return;
     // Set min progress size, taking into account bytes parsed already but not
     // consumed.
     min_progress_size_ = min_progress_size + (begin_ - frontier_);
@@ -302,13 +305,18 @@ class HPackParser::Input {
   // Do not use this directly, instead use SetErrorAndContinueParsing or
   // SetErrorAndStopParsing.
   void SetError(HpackParseResult error) {
 -    if (!error_.ok() || min_progress_size_ > 0) {
 -      if (error.connection_error() && !error_.connection_error()) {
 -        error_ = std::move(error);  // connection errors dominate
 +    SetErrorFor(frame_error_, error);
 +    SetErrorFor(field_error_, std::move(error));
 +  }
 +
 +  void SetErrorFor(HpackParseResult& error, HpackParseResult new_error) {
 +    if (!error.ok() || min_progress_size_ > 0) {
 +      if (new_error.connection_error() && !error.connection_error()) {
 +        error = std::move(new_error);  // connection errors dominate
       }
       return;
     }
 -    error_ = std::move(error);
 +    error = std::move(new_error);
   }
   // Refcount if we are backed by a slice
@@ -320,7 +328,8 @@ class HPackParser::Input {
   // Frontier denotes the first byte past successfully processed input
   const uint8_t* frontier_;
   // Current error
 -  HpackParseResult& error_;
 +  HpackParseResult& frame_error_;
 +  HpackParseResult& field_error_;
   // If the error was EOF, we flag it here by noting how many more bytes would
   // be needed to make progress
   size_t min_progress_size_ = 0;
@@ -597,6 +606,7 @@ class HPackParser::Parser {
   bool ParseTop() {
     GPR_DEBUG_ASSERT(state_.parse_state == ParseState::kTop);
     auto cur = *input_->Next();
 +    input_->ClearFieldError();
     switch (cur >> 4) {
         // Literal header not indexed - First byte format: 0000xxxx
         // Literal header never indexed - First byte format: 0001xxxx
@@ -702,7 +712,7 @@ class HPackParser::Parser {
         break;
     }
     gpr_log(
 -        GPR_DEBUG, "HTTP:%d:%s:%s: %s%s", log_info_.stream_id, type,
 +        GPR_INFO, "HTTP:%d:%s:%s: %s%s", log_info_.stream_id, type,
         log_info_.is_client ? "CLI" : "SVR", memento.md.DebugString().c_str(),
         memento.parse_status == nullptr
             ? ""
@@ -951,11 +961,10 @@ class HPackParser::Parser {
                                   state_.string_length)
             : String::Parse(input_, state_.is_string_huff_compressed,
                             state_.string_length);
 -    HpackParseResult& status = state_.frame_error;
     absl::string_view key_string;
     if (auto* s = absl::get_if<Slice>(&state_.key)) {
       key_string = s->as_string_view();
 -      if (status.ok()) {
 +      if (state_.field_error.ok()) {
         auto r = ValidateKey(key_string);
         if (r != ValidateMetadataResult::kOk) {
           input_->SetErrorAndContinueParsing(
@@ -965,7 +974,7 @@ class HPackParser::Parser {
     } else {
       const auto* memento = absl::get<const HPackTable::Memento*>(state_.key);
       key_string = memento->md.key();
 -      if (status.ok() && memento->parse_status != nullptr) {
 +      if (state_.field_error.ok() && memento->parse_status != nullptr) {
         input_->SetErrorAndContinueParsing(*memento->parse_status);
       }
     }
@@ -992,16 +1001,16 @@ class HPackParser::Parser {
         key_string.size() + value.wire_size + hpack_constants::kEntryOverhead;
     auto md = grpc_metadata_batch::Parse(
         key_string, std::move(value_slice), state_.add_to_table, transport_size,
 -        [key_string, &status, this](absl::string_view message, const Slice&) {
 -          if (!status.ok()) return;
 +        [key_string, this](absl::string_view message, const Slice&) {
 +          if (!state_.field_error.ok()) return;
           input_->SetErrorAndContinueParsing(
               HpackParseResult::MetadataParseError(key_string));
           gpr_log(GPR_ERROR, "Error parsing '%s' metadata: %s",
                   std::string(key_string).c_str(),
                   std::string(message).c_str());
         });
 -    HPackTable::Memento memento{std::move(md),
 -                                status.PersistentStreamErrorOrNullptr()};
 +    HPackTable::Memento memento{
 +        std::move(md), state_.field_error.PersistentStreamErrorOrNullptr()};
     input_->UpdateFrontier();
     state_.parse_state = ParseState::kTop;
     if (state_.add_to_table) {
@@ -1163,13 +1172,13 @@ grpc_error_handle HPackParser::Parse(
     std::vector<uint8_t> buffer = std::move(unparsed_bytes_);
     return ParseInput(
         Input(nullptr, buffer.data(), buffer.data() + buffer.size(), bitsrc,
 -              state_.frame_error),
 +              state_.frame_error, state_.field_error),
         is_last, call_tracer);
   }
 -  return ParseInput(
 -      Input(slice.refcount, GRPC_SLICE_START_PTR(slice),
 -            GRPC_SLICE_END_PTR(slice), bitsrc, state_.frame_error),
 -      is_last, call_tracer);
 +  return ParseInput(Input(slice.refcount, GRPC_SLICE_START_PTR(slice),
 +                          GRPC_SLICE_END_PTR(slice), bitsrc, state_.frame_error,
 +                          state_.field_error),
 +                    is_last, call_tracer);
 }
 grpc_error_handle HPackParser::ParseInput(
 diff --git a/src/core/ext/transport/chttp2/transport/hpack_parser.h b/src/core/ext/transport/chttp2/transport/hpack_parser.h
 index 37456683b6468..55842e47eb228 100644
 --- a/src/core/ext/transport/chttp2/transport/hpack_parser.h
 +++ b/src/core/ext/transport/chttp2/transport/hpack_parser.h
@@ -236,6 +236,8 @@ class HPackParser {
     HPackTable hpack_table;
     // Error so far for this frame (set by class Input)
     HpackParseResult frame_error;
 +    // Error so far for this field (set by class Input)
 +    HpackParseResult field_error;
     // Length of frame so far.
     uint32_t frame_length = 0;
     // Length of the string being parsed
--- a/python-grpcio.changes
+++ b/python-grpcio.changes
@@ -1,13 +1,3 @@
 -------------------------------------------------------------------
 Tue Dec 17 15:06:09 UTC 2024 - pgajdos@suse.com
 - security update
 - added patches
  fix CVE-2024-11407 [bsc#1233821], servers with transmit zero copy enabled through GRPC_ARG_TCP_TX_ZEROCOPY_ENABLED can experience data corruption issues
  + python-grpcio-CVE-2024-11407.patch
  fix CVE-2024-7246 [bsc#1228919], gRPC clients communicating with a HTTP/2 proxy can poison the HPACK table between the proxy and the backend
  + python-grpcio-CVE-2024-7246.patch
 -------------------------------------------------------------------
 Fri Dec 15 14:47:42 UTC 2023 - Atri Bhattacharya <badshah400@gmail.com>
--- a/python-grpcio.spec
+++ b/python-grpcio.spec
@@ -34,10 +34,6 @@ Patch0:         python-grpcio-cython3-compat.patch
 Patch1:         xxhash-avoid-armv6-unaligned-access.patch
 # PATCH-FIX-SLE xxhash-ppc64le-gcc7.patch boo#1208794 alarrosa@suse.com -- fix build failure on ppc64le when using gcc 7
 Patch2:         xxhash-ppc64le-gcc7.patch
 # CVE-2024-7246 [bsc#1228919], gRPC clients communicating with a HTTP/2 proxy can poison the HPACK table between the proxy and the backend
 Patch3:         python-grpcio-CVE-2024-7246.patch
 # CVE-2024-11407 [bsc#1233821], servers with transmit zero copy enabled through GRPC_ARG_TCP_TX_ZEROCOPY_ENABLED can experience data corruption issues
 Patch4:         python-grpcio-CVE-2024-11407.patch
 BuildRequires:  %{python_module Cython >= 0.29.8}
 BuildRequires:  %{python_module devel >= 3.7}
 BuildRequires:  %{python_module pip}
@@ -70,8 +66,6 @@ pushd third_party/xxhash
 %patch1 -p1
 %patch2 -p1
 popd
 %patch3 -p1
 %patch4 -p1
 %build
 export GRPC_BUILD_WITH_BORING_SSL_ASM=false