pool/grpc
SHA256
11
0
Fork 3
Code Issues Pull Requests Activity

Compare commits

merge into: pool:factory
Branches Tags
pool:factory pool:slfo-1.2 pool:slfo-main
...
pull from: pool:slfo-main
Branches Tags
pool:slfo-1.2 pool:slfo-main pool:factory

1 Commits
factory ... slfo-main

Author SHA256 Message Date
Adrian Schröter
73cb2b867b Sync changes to SLFO-1.2 branch 2025-08-20 09:22:08 +02:00
9 changed files with 459 additions and 261 deletions
Expand all files Collapse all files

58
ARM-Unaligned-access-fixes.patch
View File

@@ -1,58 +0,0 @@
From 316649c7bb8545571d9beb75dc2fb1abfbe6552f Mon Sep 17 00:00:00 2001
From: "easyaspi314 (Devin)" <easyaspi314@users.noreply.github.com>
Date: Tue, 7 Dec 2021 21:36:13 -0500
Subject: [PATCH] [ARM] Unaligned access fixes
- Use memcpy on ARMv6 and lower when unaligned access is supported
- GCC has an internal conflict on whether unaligned access is available
on ARMv6 so some parts do byteshift, some parts do not
- aligned(1) is better on everything else
- All this seems to be safe on even GCC 4.9.
- Leave out the alignment check if unaligned access is supported on ARM.
---
xxhash.h | 24 +++++++-----------------
1 file changed, 7 insertions(+), 17 deletions(-)
diff --git a/xxhash.h b/xxhash.h
index 08ab794..4cf3f0d 100644
--- a/xxhash.h
+++ b/xxhash.h
@@ -1402,28 +1402,18 @@ XXH3_128bits_reset_withSecretandSeed(XXH3_state_t* statePtr,
*/
#ifndef XXH_FORCE_MEMORY_ACCESS /* can be defined externally, on command line for example */
- /* prefer __packed__ structures (method 1) for gcc on armv7+ and mips */
-# if !defined(__clang__) && \
-( \
- (defined(__INTEL_COMPILER) && !defined(_WIN32)) || \
- ( \
- defined(__GNUC__) && ( \
- (defined(__ARM_ARCH) && __ARM_ARCH >= 7) || \
- ( \
- defined(__mips__) && \
- (__mips <= 5 || __mips_isa_rev < 6) && \
- (!defined(__mips16) || defined(__mips_mips16e2)) \
- ) \
- ) \
- ) \
-)
+ /* prefer __packed__ structures (method 1) for GCC
+ * < ARMv7 with unaligned access (e.g. Raspbian armhf) still uses byte shifting, so we use memcpy
+ * which for some reason does unaligned loads. */
+# if defined(__GNUC__) && !(defined(__ARM_ARCH) && __ARM_ARCH < 7 && defined(__ARM_FEATURE_UNALIGNED))
# define XXH_FORCE_MEMORY_ACCESS 1
# endif
#endif
#ifndef XXH_FORCE_ALIGN_CHECK /* can be defined externally */
-# if defined(__i386) || defined(__x86_64__) || defined(__aarch64__) \
- || defined(_M_IX86) || defined(_M_X64) || defined(_M_ARM64) /* visual */
+ /* don't check on x86, aarch64, or arm when unaligned access is available */
+# if defined(__i386) || defined(__x86_64__) || defined(__aarch64__) || defined(__ARM_FEATURE_UNALIGNED) \
+ || defined(_M_IX86) || defined(_M_X64) || defined(_M_ARM64) || defined(_M_ARM) /* visual */
# define XXH_FORCE_ALIGN_CHECK 0
# else
# define XXH_FORCE_ALIGN_CHECK 1
--
2.43.0

43
Fix-compilation-on-RHEL-7-ppc64le-gcc-4.8.patch
View File

@@ -1,43 +0,0 @@
From 2d5f93345cacbd2a076e75e6ce33e7bf3a4b9cb0 Mon Sep 17 00:00:00 2001
From: Mattias Ellert <mattias.ellert@physics.uu.se>
Date: Tue, 30 Nov 2021 23:19:38 +0100
Subject: [PATCH] Fix compilation on RHEL 7 ppc64le (gcc 4.8)
---
xxhash.h | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/xxhash.h b/xxhash.h
index 4cf3f0d..b07de0c 100644
--- a/xxhash.h
+++ b/xxhash.h
@@ -4119,7 +4119,7 @@ XXH3_accumulate_512_vsx( void* XXH_RESTRICT acc,
const void* XXH_RESTRICT secret)
{
/* presumed aligned */
- unsigned long long* const xacc = (unsigned long long*) acc;
+ unsigned int* const xacc = (unsigned int*) acc;
xxh_u64x2 const* const xinput = (xxh_u64x2 const*) input; /* no alignment restriction */
xxh_u64x2 const* const xsecret = (xxh_u64x2 const*) secret; /* no alignment restriction */
xxh_u64x2 const v32 = { 32, 32 };
@@ -4135,7 +4135,7 @@ XXH3_accumulate_512_vsx( void* XXH_RESTRICT acc,
/* product = ((xxh_u64x2)data_key & 0xFFFFFFFF) * ((xxh_u64x2)shuffled & 0xFFFFFFFF); */
xxh_u64x2 const product = XXH_vec_mulo((xxh_u32x4)data_key, shuffled);
/* acc_vec = xacc[i]; */
- xxh_u64x2 acc_vec = vec_xl(0, xacc + 2 * i);
+ xxh_u64x2 acc_vec = (xxh_u64x2)vec_xl(0, xacc + 4 * i);
acc_vec += product;
/* swap high and low halves */
@@ -4145,7 +4145,7 @@ XXH3_accumulate_512_vsx( void* XXH_RESTRICT acc,
acc_vec += vec_xxpermdi(data_vec, data_vec, 2);
#endif
/* xacc[i] = acc_vec; */
- vec_xst(acc_vec, 0, xacc + 2 * i);
+ vec_xst((xxh_u32x4)acc_vec, 0, xacc + 4 * i);
}
}
--
2.43.0

25
grpc-CVE-2024-11407.patch Normal file
View File

@@ -0,0 +1,25 @@
From e9046b2bbebc0cb7f5dc42008f807f6c7e98e791 Mon Sep 17 00:00:00 2001
From: Vignesh Babu <vigneshbabu@google.com>
Date: Thu, 12 Sep 2024 11:13:45 -0700
Subject: [PATCH] [EventEngine] Fix bug in Tx0cp code path in posix endpoint.
This fix ensures that the iov_base pointers point to the right address.
PiperOrigin-RevId: 673923651
---
src/core/lib/event_engine/posix_engine/posix_endpoint.cc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Index: grpc-1.60.0/src/core/lib/event_engine/posix_engine/posix_endpoint.cc
===================================================================
--- grpc-1.60.0.orig/src/core/lib/event_engine/posix_engine/posix_endpoint.cc
+++ grpc-1.60.0/src/core/lib/event_engine/posix_engine/posix_endpoint.cc
@@ -239,7 +239,7 @@ msg_iovlen_type TcpZerocopySendRecord::P
iov_size++) {
MutableSlice& slice = internal::SliceCast<MutableSlice>(
buf_.MutableSliceAt(out_offset_.slice_idx));
- iov[iov_size].iov_base = slice.begin();
+ iov[iov_size].iov_base = slice.begin() + out_offset_.byte_idx;
iov[iov_size].iov_len = slice.length() - out_offset_.byte_idx;
*sending_length += iov[iov_size].iov_len;
++(out_offset_.slice_idx);

409
grpc-CVE-2024-7246.patch Normal file
View File

@@ -0,0 +1,409 @@
From 4a3092a29cf0cf53595c137c7b20909255f78923 Mon Sep 17 00:00:00 2001
From: Craig Tiller <ctiller@google.com>
Date: Thu, 1 Aug 2024 13:02:21 -0700
Subject: [PATCH] [v1.59] [chttp2] Fix a bug in hpack error handling (#37367)
PiperOrigin-RevId: 657234128
PiperOrigin-RevId: 658458047
---
.../chttp2/transport/hpack_parser.cc | 63 +++++++------
.../transport/chttp2/transport/hpack_parser.h | 2 +
.../transport/chttp2/hpack_parser_test.cc | 89 ++++++++++++++++---
.../transport/chttp2/hpack_sync_fuzzer.cc | 62 +++++++++++++
.../transport/chttp2/hpack_sync_fuzzer.proto | 3 +
5 files changed, 179 insertions(+), 40 deletions(-)
diff --git a/src/core/ext/transport/chttp2/transport/hpack_parser.cc b/src/core/ext/transport/chttp2/transport/hpack_parser.cc
index 31bf46456f1d0..f2fe80c504e58 100644
--- a/src/core/ext/transport/chttp2/transport/hpack_parser.cc
+++ b/src/core/ext/transport/chttp2/transport/hpack_parser.cc
@@ -91,12 +91,14 @@ constexpr Base64InverseTable kBase64InverseTable;
class HPackParser::Input {
public:
Input(grpc_slice_refcount* current_slice_refcount, const uint8_t* begin,
- const uint8_t* end, absl::BitGenRef bitsrc, HpackParseResult& error)
+ const uint8_t* end, absl::BitGenRef bitsrc,
+ HpackParseResult& frame_error, HpackParseResult& field_error)
: current_slice_refcount_(current_slice_refcount),
begin_(begin),
end_(end),
frontier_(begin),
- error_(error),
+ frame_error_(frame_error),
+ field_error_(field_error),
bitsrc_(bitsrc) {}
// If input is backed by a slice, retrieve its refcount. If not, return
@@ -215,14 +217,18 @@ class HPackParser::Input {
// Check if we saw an EOF
bool eof_error() const {
- return min_progress_size_ != 0 || error_.connection_error();
+ return min_progress_size_ != 0 || frame_error_.connection_error();
+ }
+
+ // Reset the field error to be ok
+ void ClearFieldError() {
+ if (field_error_.ok()) return;
+ field_error_ = HpackParseResult();
}
// Minimum number of bytes to unstuck the current parse
size_t min_progress_size() const { return min_progress_size_; }
- bool has_error() const { return !error_.ok(); }
-
// Set the current error - tweaks the error to include a stream id so that
// chttp2 does not close the connection.
// Intended for errors that are specific to a stream and recoverable.
@@ -246,10 +252,7 @@ class HPackParser::Input {
// read prior to being able to get further in this parse.
void UnexpectedEOF(size_t min_progress_size) {
GPR_ASSERT(min_progress_size > 0);
- if (min_progress_size_ != 0 || error_.connection_error()) {
- GPR_DEBUG_ASSERT(eof_error());
- return;
- }
+ if (eof_error()) return;
// Set min progress size, taking into account bytes parsed already but not
// consumed.
min_progress_size_ = min_progress_size + (begin_ - frontier_);
@@ -302,13 +305,18 @@ class HPackParser::Input {
// Do not use this directly, instead use SetErrorAndContinueParsing or
// SetErrorAndStopParsing.
void SetError(HpackParseResult error) {
- if (!error_.ok() || min_progress_size_ > 0) {
- if (error.connection_error() && !error_.connection_error()) {
- error_ = std::move(error); // connection errors dominate
+ SetErrorFor(frame_error_, error);
+ SetErrorFor(field_error_, std::move(error));
+ }
+
+ void SetErrorFor(HpackParseResult& error, HpackParseResult new_error) {
+ if (!error.ok() || min_progress_size_ > 0) {
+ if (new_error.connection_error() && !error.connection_error()) {
+ error = std::move(new_error); // connection errors dominate
}
return;
}
- error_ = std::move(error);
+ error = std::move(new_error);
}
// Refcount if we are backed by a slice
@@ -320,7 +328,8 @@ class HPackParser::Input {
// Frontier denotes the first byte past successfully processed input
const uint8_t* frontier_;
// Current error
- HpackParseResult& error_;
+ HpackParseResult& frame_error_;
+ HpackParseResult& field_error_;
// If the error was EOF, we flag it here by noting how many more bytes would
// be needed to make progress
size_t min_progress_size_ = 0;
@@ -597,6 +606,7 @@ class HPackParser::Parser {
bool ParseTop() {
GPR_DEBUG_ASSERT(state_.parse_state == ParseState::kTop);
auto cur = *input_->Next();
+ input_->ClearFieldError();
switch (cur >> 4) {
// Literal header not indexed - First byte format: 0000xxxx
// Literal header never indexed - First byte format: 0001xxxx
@@ -702,7 +712,7 @@ class HPackParser::Parser {
break;
}
gpr_log(
- GPR_DEBUG, "HTTP:%d:%s:%s: %s%s", log_info_.stream_id, type,
+ GPR_INFO, "HTTP:%d:%s:%s: %s%s", log_info_.stream_id, type,
log_info_.is_client ? "CLI" : "SVR", memento.md.DebugString().c_str(),
memento.parse_status == nullptr
? ""
@@ -951,11 +961,10 @@ class HPackParser::Parser {
state_.string_length)
: String::Parse(input_, state_.is_string_huff_compressed,
state_.string_length);
- HpackParseResult& status = state_.frame_error;
absl::string_view key_string;
if (auto* s = absl::get_if<Slice>(&state_.key)) {
key_string = s->as_string_view();
- if (status.ok()) {
+ if (state_.field_error.ok()) {
auto r = ValidateKey(key_string);
if (r != ValidateMetadataResult::kOk) {
input_->SetErrorAndContinueParsing(
@@ -965,7 +974,7 @@ class HPackParser::Parser {
} else {
const auto* memento = absl::get<const HPackTable::Memento*>(state_.key);
key_string = memento->md.key();
- if (status.ok() && memento->parse_status != nullptr) {
+ if (state_.field_error.ok() && memento->parse_status != nullptr) {
input_->SetErrorAndContinueParsing(*memento->parse_status);
}
}
@@ -992,16 +1001,16 @@ class HPackParser::Parser {
key_string.size() + value.wire_size + hpack_constants::kEntryOverhead;
auto md = grpc_metadata_batch::Parse(
key_string, std::move(value_slice), state_.add_to_table, transport_size,
- [key_string, &status, this](absl::string_view message, const Slice&) {
- if (!status.ok()) return;
+ [key_string, this](absl::string_view message, const Slice&) {
+ if (!state_.field_error.ok()) return;
input_->SetErrorAndContinueParsing(
HpackParseResult::MetadataParseError(key_string));
gpr_log(GPR_ERROR, "Error parsing '%s' metadata: %s",
std::string(key_string).c_str(),
std::string(message).c_str());
});
- HPackTable::Memento memento{std::move(md),
- status.PersistentStreamErrorOrNullptr()};
+ HPackTable::Memento memento{
+ std::move(md), state_.field_error.PersistentStreamErrorOrNullptr()};
input_->UpdateFrontier();
state_.parse_state = ParseState::kTop;
if (state_.add_to_table) {
@@ -1163,13 +1172,13 @@ grpc_error_handle HPackParser::Parse(
std::vector<uint8_t> buffer = std::move(unparsed_bytes_);
return ParseInput(
Input(nullptr, buffer.data(), buffer.data() + buffer.size(), bitsrc,
- state_.frame_error),
+ state_.frame_error, state_.field_error),
is_last, call_tracer);
}
- return ParseInput(
- Input(slice.refcount, GRPC_SLICE_START_PTR(slice),
- GRPC_SLICE_END_PTR(slice), bitsrc, state_.frame_error),
- is_last, call_tracer);
+ return ParseInput(Input(slice.refcount, GRPC_SLICE_START_PTR(slice),
+ GRPC_SLICE_END_PTR(slice), bitsrc, state_.frame_error,
+ state_.field_error),
+ is_last, call_tracer);
}
grpc_error_handle HPackParser::ParseInput(
diff --git a/src/core/ext/transport/chttp2/transport/hpack_parser.h b/src/core/ext/transport/chttp2/transport/hpack_parser.h
index 6b28daad61d4b..8f7132092958c 100644
--- a/src/core/ext/transport/chttp2/transport/hpack_parser.h
+++ b/src/core/ext/transport/chttp2/transport/hpack_parser.h
@@ -236,6 +236,8 @@ class HPackParser {
HPackTable hpack_table;
// Error so far for this frame (set by class Input)
HpackParseResult frame_error;
+ // Error so far for this field (set by class Input)
+ HpackParseResult field_error;
// Length of frame so far.
uint32_t frame_length = 0;
// Length of the string being parsed
diff --git a/test/core/transport/chttp2/hpack_parser_test.cc b/test/core/transport/chttp2/hpack_parser_test.cc
index 3772d909b9b8b..d5b9c6cb68da2 100644
--- a/test/core/transport/chttp2/hpack_parser_test.cc
+++ b/test/core/transport/chttp2/hpack_parser_test.cc
@@ -440,19 +440,82 @@ INSTANTIATE_TEST_SUITE_P(
Test{"Base64LegalEncoding",
{},
{},
- {// Binary metadata: created using:
- // tools/codegen/core/gen_header_frame.py
- // --compression inc --no_framing --output hexstr
- // < test/core/transport/chttp2/bad-base64.headers
- {"4009612e622e632d62696e1c6c75636b696c7920666f722075732c206974"
- "27732074756573646179",
- absl::InternalError("Error parsing 'a.b.c-bin' metadata: "
- "illegal base64 encoding"),
- 0},
- {"be",
- absl::InternalError("Error parsing 'a.b.c-bin' metadata: "
- "illegal base64 encoding"),
- 0}}},
+ {
+ // Binary metadata: created using:
+ // tools/codegen/core/gen_header_frame.py
+ // --compression inc --no_framing --output hexstr
+ // < test/core/transport/chttp2/bad-base64.headers
+ {"4009612e622e632d62696e1c6c75636b696c7920666f722075732c206974"
+ "27732074756573646179",
+ absl::InternalError("Error parsing 'a.b.c-bin' metadata: "
+ "illegal base64 encoding"),
+ 0},
+ {"be",
+ absl::InternalError("Error parsing 'a.b.c-bin' metadata: "
+ "illegal base64 encoding"),
+ kEndOfHeaders},
+ {"82", ":method: GET\n", 0},
+ }},
+ Test{"Base64LegalEncodingWorksAfterFailure",
+ {},
+ {},
+ {
+ // Binary metadata: created using:
+ // tools/codegen/core/gen_header_frame.py
+ // --compression inc --no_framing --output hexstr
+ // < test/core/transport/chttp2/bad-base64.headers
+ {"4009612e622e632d62696e1c6c75636b696c7920666f722075732c206974"
+ "27732074756573646179",
+ absl::InternalError("Error parsing 'a.b.c-bin' metadata: "
+ "illegal base64 encoding"),
+ 0},
+ {"be",
+ absl::InternalError("Error parsing 'a.b.c-bin' metadata: "
+ "illegal base64 encoding"),
+ 0},
+ {"400e636f6e74656e742d6c656e6774680135",
+ absl::InternalError("Error parsing 'a.b.c-bin' metadata: "
+ "illegal base64 encoding"),
+ kEndOfHeaders},
+ {"be", "content-length: 5\n", 0},
+ }},
+ Test{"Base64LegalEncodingWorksAfterFailure2",
+ {},
+ {},
+ {
+ {// Generated with: tools/codegen/core/gen_header_frame.py
+ // --compression inc --output hexstr --no_framing <
+ // test/core/transport/chttp2/MiXeD-CaSe.headers
+ "400a4d695865442d436153651073686f756c64206e6f74207061727365",
+ absl::InternalError("Illegal header key: MiXeD-CaSe"), 0},
+ // Binary metadata: created using:
+ // tools/codegen/core/gen_header_frame.py
+ // --compression inc --no_framing --output hexstr
+ // < test/core/transport/chttp2/bad-base64.headers
+ {"4009612e622e632d62696e1c6c75636b696c7920666f722075732c206974"
+ "27732074756573646179",
+ absl::InternalError("Illegal header key: MiXeD-CaSe"), 0},
+ {"be", absl::InternalError("Illegal header key: MiXeD-CaSe"),
+ 0},
+ {"400e636f6e74656e742d6c656e6774680135",
+ absl::InternalError("Illegal header key: MiXeD-CaSe"),
+ kEndOfHeaders},
+ {"be", "content-length: 5\n", 0},
+ {"bf",
+ absl::InternalError("Error parsing 'a.b.c-bin' metadata: "
+ "illegal base64 encoding"),
+ 0},
+ // Only the first error in each frame is reported, so we should
+ // still see the same error here...
+ {"c0",
+ absl::InternalError("Error parsing 'a.b.c-bin' metadata: "
+ "illegal base64 encoding"),
+ kEndOfHeaders},
+ // ... but if we look at the next frame we should see the
+ // stored error
+ {"c0", absl::InternalError("Illegal header key: MiXeD-CaSe"),
+ kEndOfHeaders},
+ }},
Test{"TeIsTrailers",
{},
{},
diff --git a/test/core/transport/chttp2/hpack_sync_fuzzer.cc b/test/core/transport/chttp2/hpack_sync_fuzzer.cc
index 81809afcf7175..40de14def3d92 100644
--- a/test/core/transport/chttp2/hpack_sync_fuzzer.cc
+++ b/test/core/transport/chttp2/hpack_sync_fuzzer.cc
@@ -86,6 +86,10 @@ void FuzzOneInput(const hpack_sync_fuzzer::Msg& msg) {
// Not an interesting case to fuzz
continue;
}
+ if (msg.check_ab_preservation() &&
+ header.literal_inc_idx().key() == "a") {
+ continue;
+ }
if (absl::EndsWith(header.literal_inc_idx().value(), "-bin")) {
std::ignore = encoder.EmitLitHdrWithBinaryStringKeyIncIdx(
Slice::FromCopiedString(header.literal_inc_idx().key()),
@@ -97,6 +101,10 @@ void FuzzOneInput(const hpack_sync_fuzzer::Msg& msg) {
}
break;
case hpack_sync_fuzzer::Header::kLiteralNotIdx:
+ if (msg.check_ab_preservation() &&
+ header.literal_not_idx().key() == "a") {
+ continue;
+ }
if (absl::EndsWith(header.literal_not_idx().value(), "-bin")) {
encoder.EmitLitHdrWithBinaryStringKeyNotIdx(
Slice::FromCopiedString(header.literal_not_idx().key()),
@@ -115,6 +123,10 @@ void FuzzOneInput(const hpack_sync_fuzzer::Msg& msg) {
break;
}
}
+ if (msg.check_ab_preservation()) {
+ std::ignore = encoder.EmitLitHdrWithNonBinaryStringKeyIncIdx(
+ Slice::FromCopiedString("a"), Slice::FromCopiedString("b"));
+ }
// STAGE 2: Decode the buffer (encode_output) into a list of headers
HPackParser parser;
@@ -141,6 +153,21 @@ void FuzzOneInput(const hpack_sync_fuzzer::Msg& msg) {
}
}
+ if (seen_errors.empty() && msg.check_ab_preservation()) {
+ std::string backing;
+ auto a_value = read_metadata.GetStringValue("a", &backing);
+ if (!a_value.has_value()) {
+ fprintf(stderr, "Expected 'a' header to be present: %s\n",
+ read_metadata.DebugString().c_str());
+ abort();
+ }
+ if (a_value != "b") {
+ fprintf(stderr, "Expected 'a' header to be 'b', got '%s'\n",
+ std::string(*a_value).c_str());
+ abort();
+ }
+ }
+
// STAGE 3: If we reached here we either had a stream error or no error
// parsing.
// Either way, the hpack tables should be of the same size between client and
@@ -169,6 +196,41 @@ void FuzzOneInput(const hpack_sync_fuzzer::Msg& msg) {
}
abort();
}
+
+ if (msg.check_ab_preservation()) {
+ SliceBuffer encode_output_2;
+ hpack_encoder_detail::Encoder encoder_2(
+ &compressor, msg.use_true_binary_metadata(), encode_output_2);
+ encoder_2.EmitIndexed(62);
+ GPR_ASSERT(encode_output_2.Count() == 1);
+ grpc_metadata_batch read_metadata_2(arena.get());
+ parser.BeginFrame(
+ &read_metadata_2, 1024, 1024, HPackParser::Boundary::EndOfHeaders,
+ HPackParser::Priority::None,
+ HPackParser::LogInfo{3, HPackParser::LogInfo::kHeaders, false});
+ auto err = parser.Parse(encode_output_2.c_slice_at(0), true,
+ absl::BitGenRef(proto_bit_src),
+ /*call_tracer=*/nullptr);
+ if (!err.ok()) {
+ fprintf(stderr, "Error parsing preservation encoded data: %s\n",
+ err.ToString().c_str());
+ abort();
+ }
+ std::string backing;
+ auto a_value = read_metadata_2.GetStringValue("a", &backing);
+ if (!a_value.has_value()) {
+ fprintf(stderr,
+ "Expected 'a' header to be present: %s\nfirst metadata: %s\n",
+ read_metadata_2.DebugString().c_str(),
+ read_metadata.DebugString().c_str());
+ abort();
+ }
+ if (a_value != "b") {
+ fprintf(stderr, "Expected 'a' header to be 'b', got '%s'\n",
+ std::string(*a_value).c_str());
+ abort();
+ }
+ }
}
} // namespace
diff --git a/test/core/transport/chttp2/hpack_sync_fuzzer.proto b/test/core/transport/chttp2/hpack_sync_fuzzer.proto
index 72792b60d640a..2c075a6abb1a1 100644
--- a/test/core/transport/chttp2/hpack_sync_fuzzer.proto
+++ b/test/core/transport/chttp2/hpack_sync_fuzzer.proto
@@ -44,4 +44,7 @@ message Msg {
repeated Header headers = 2;
grpc.testing.FuzzConfigVars config_vars = 3;
repeated uint64 random_numbers = 4;
+ // Ensure that a header "a: b" appended to headers with hpack incremental
+ // indexing is correctly added to the hpack table.
+ bool check_ab_preservation = 5;
}

99
grpc.changes
View File

@@ -1,87 +1,12 @@
-------------------------------------------------------------------
Wed Apr 3 09:05:38 UTC 2024 - Antonio Larrosa <alarrosa@suse.com>
Tue Dec 17 13:58:55 UTC 2024 - pgajdos@suse.com
- abseil-cpp 20240116 in SP5 can't be used with gcc7 when using
-DCMAKE_CXX_STANDARD=17 since it tries to use the <filesystem>
header file so revert last change to "switch build
compiler back to default on SLE-15" to use gcc12 again.
-------------------------------------------------------------------
Sun Mar 10 11:59:06 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
- Update to release 1.62.1
* This release contains unspecified refinements, improvements,
and bug fixes.
-------------------------------------------------------------------
Wed Feb 21 09:36:25 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
- Update to release 1.62
* metadata: Allow non application/grpc content-type values
-------------------------------------------------------------------
Wed Feb 14 16:15:47 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
- Also fixup hashbang of tools/profiling/ios_bin/parse_link_map.py,
which was exceptionally not using env python, but directly
/usr/bin/python.
-------------------------------------------------------------------
Tue Feb 13 10:18:50 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
- Update to release 1.61.1
* Add missing include directives so that the build with
newer absl works
-------------------------------------------------------------------
Wed Jan 31 19:51:15 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
- Update to release 1.61
* SSA: change xds_override_host policy to manage subchannels
based on last-used time rather than EDS health state
* xDS: read connection idle timeout from CDS resource
* xDS: move CDS and EDS watchers into xds resolver
* alpn: Remove grpc-exp experimental ALPN protocol
- Add terminate.patch
-------------------------------------------------------------------
Mon Jan 29 17:25:06 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
- Force-replace all /usr/bin/env python by python3.
-------------------------------------------------------------------
Thu Jan 18 07:58:43 UTC 2024 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- Add ARM-Unaligned-access-fixes.patch to fix unaligned
access on ARM which causes issues on AArch64 kernels
- Add Fix-compilation-on-RHEL-7-ppc64le-gcc-4.8.patch
to fix FTBFS on ppc64le when using gcc-7 (boo#1208794)
- Revert changes made to RPATH handling
- Switch build compiler back to default on SLE-15
-------------------------------------------------------------------
Tue Nov 28 21:04:45 UTC 2023 - Jan Engelhardt <jengelh@inai.de>
- Update to release 1.60
* Implemented dualstack IPv4 and IPv6 backend support, as per
draft gRFC A61. xDS support currently guarded by
GRPC_EXPERIMENTAL_XDS_DUALSTACK_ENDPOINTS env var.
* Support for setting proxy for addresses.
* Add v1 reflection.
-------------------------------------------------------------------
Sat Nov 18 08:56:16 UTC 2023 - Dirk Müller <dmueller@suse.com>
- update to 1.59.3:
* Security - Revocation: Crl backport to 1.59. (#34926)
-------------------------------------------------------------------
Tue Nov 14 10:21:58 UTC 2023 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- Adjust RPATH handling to fix FTBFS on SLE-15
* Set CMAKE_SKIP_RPATH to FALSE
* Set CMAKE_SKIP_INSTALL_RPATH to TRUE
- Build with gcc-12 on SLE-15 to fix FTBFS on ppc64le
- security update
- added patches
fix CVE-2024-11407 [bsc#1233821], servers with transmit zero copy enabled through GRPC_ARG_TCP_TX_ZEROCOPY_ENABLED can experience data corruption issues
+ grpc-CVE-2024-11407.patch
fix CVE-2024-7246 [bsc#1228919], gRPC clients communicating with a HTTP/2 proxy can poison the HPACK table between the proxy and the backend
+ grpc-CVE-2024-7246.patch
-------------------------------------------------------------------
Tue Oct 31 05:21:51 UTC 2023 - Jan Engelhardt <jengelh@inai.de>
@@ -139,7 +64,7 @@ Wed Sep 6 16:02:40 UTC 2023 - Jan Engelhardt <jengelh@inai.de>
-------------------------------------------------------------------
Wed Aug 9 01:02:35 UTC 2023 - Jan Engelhardt <jengelh@inai.de>
- Update to release 1.57 (CVE-2023-4785, bsc#1215334, CVE-2023-33953, bsc#1214148)
- Update to release 1.57
* EventEngine: Change GetDNSResolver to return
absl::StatusOr<std::unique_ptr<DNSResolver>>.
* Improve server handling of file descriptor exhaustion.
@@ -165,7 +90,7 @@ Wed Jun 28 07:09:25 UTC 2023 - Fabian Vogt <fvogt@suse.com>
-------------------------------------------------------------------
Mon Jun 19 03:28:40 UTC 2023 - Jan Engelhardt <jengelh@inai.de>
- Update to release 1.56.0 (CVE-2023-32731, bsc#1212180)
- Update to release 1.56.0
* core: Add support for vsock transport.
* EventEngine: Change TXT lookup result type to
std::vector<std::string>.
@@ -175,7 +100,7 @@ Mon Jun 19 03:28:40 UTC 2023 - Jan Engelhardt <jengelh@inai.de>
-------------------------------------------------------------------
Tue Jun 13 21:09:27 UTC 2023 - Dirk Müller <dmueller@suse.com>
- pin to protobuf < 22 until next version update
- pin to protobuf < 22 until next version update
-------------------------------------------------------------------
Tue May 2 10:15:43 UTC 2023 - Jan Engelhardt <jengelh@inai.de>
@@ -186,7 +111,7 @@ Tue May 2 10:15:43 UTC 2023 - Jan Engelhardt <jengelh@inai.de>
-------------------------------------------------------------------
Fri Apr 14 11:07:33 UTC 2023 - Jan Engelhardt <jengelh@inai.de>
- Update to release 1.54 (CVE-2023-32732, bsc#1212182)
- Update to release 1.54
* XDS: enable XDS federation by default
* TlsCreds: Support revocation of intermediate in chain
@@ -499,7 +424,7 @@ Sat Mar 6 09:08:09 UTC 2021 - Jan Engelhardt <jengelh@inai.de>
-------------------------------------------------------------------
Thu Mar 4 09:53:13 UTC 2021 - Paolo Stivanin <info@paolostivanin.com>
- Update to 1.36.1:
- Update to 1.36.1:
* Core:
* Remove unnecessary internal pollset set in c-ares DNS resolver
* Support Default Root Certs in Tls Credentials

45
grpc.spec
View File

@@ -1,7 +1,7 @@
#
# spec file for package grpc
#
# Copyright (c) 2024 SUSE LLC
# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -16,11 +16,11 @@
#
%define lver 39
%define lverp 1_62
%define lver 36
%define lverp 1_59
%define src_install_dir /usr/src/%name
Name: grpc
Version: 1.62.1
Version: 1.59.2
Release: 0
Summary: HTTP/2-based Remote Procedure Call implementation
License: Apache-2.0
@@ -28,17 +28,14 @@ Group: Development/Tools/Building
URL: https://grpc.io/
Source: https://github.com/grpc/grpc/archive/v%version.tar.gz
Source2: %name-rpmlintrc
Patch1: terminate.patch
Patch4: ARM-Unaligned-access-fixes.patch
Patch5: Fix-compilation-on-RHEL-7-ppc64le-gcc-4.8.patch
# CVE-2024-7246 [bsc#1228919], gRPC clients communicating with a HTTP/2 proxy can poison the HPACK table between the proxy and the backend
Patch0: grpc-CVE-2024-7246.patch
# CVE-2024-11407 [bsc#1233821], servers with transmit zero copy enabled through GRPC_ARG_TCP_TX_ZEROCOPY_ENABLED can experience data corruption issues
Patch1: grpc-CVE-2024-11407.patch
BuildRequires: abseil-cpp-devel
BuildRequires: cmake
BuildRequires: fdupes
%if 0%{?suse_version} < 1550
BuildRequires: gcc12-c++
%else
BuildRequires: gcc-c++
%endif
BuildRequires: opencensus-proto-source
BuildRequires: pkg-config
BuildRequires: pkgconfig(libcares) >= 1.19.1
@@ -127,37 +124,17 @@ BuildArch: noarch
This subpackage contains source code of the gRPC reference implementation.
%prep
%autosetup -N
%patch -P 1 -p1
find "." -type f -exec grep -l '/usr/bin/python' {} + |
xargs -r perl -i -lpe \
's{#! ?/usr/bin/python\S*}{#!/usr/bin/python3}g;'
find "." -type f -exec grep -l '/usr/bin/env ' {} + |
xargs -r perl -i -lpe \
's{#! ?/usr/bin/env python\S*}{#!/usr/bin/python3}g;
s{#! ?/usr/bin/env sh}{#!/bin/sh}g;
s{#! ?/usr/bin/env bash}{#!/bin/bash}g;
s{#! ?/usr/bin/env }{#!/usr/bin/}g;'
pushd third_party/xxhash
%patch -P 4 -P 5 -p1
popd
%autosetup -p1
rm -Rf third_party/abseil-cpp/
%build
%if 0%{?suse_version} < 1550
export CC=gcc-12
export CXX=g++-12
%endif
%define _lto_cflags %nil
# protoc is invoked strangely; make it happy with this dir or it will assert()
mkdir -p third_party/protobuf/src
cp -a /usr/src/opencensus-proto third_party/
export CFLAGS="%optflags -Wno-error"
export CXXFLAGS="$CFLAGS"
find "." -type f -exec grep '/usr/bin/env ' {} + || :
pushd .
%cmake -DgRPC_INSTALL=ON \
-DgRPC_INSTALL_LIBDIR:PATH="%_lib" \
-DgRPC_INSTALL_CMAKEDIR:PATH="%_libdir/cmake/grpc" \
@@ -168,10 +145,8 @@ pushd .
-DgRPC_SSL_PROVIDER=package \
-DZLIB_LIBRARY=%{_libdir}/libz.so \
-DgRPC_ZLIB_PROVIDER=package \
-DCMAKE_CXX_STANDARD=17
-DCMAKE_CXX_STANDARD=17
%cmake_build
popd
find "." -type f -exec grep '/usr/bin/env ' {} + || :
%install
b="%buildroot"

35
terminate.patch
View File

@@ -1,35 +0,0 @@
From: Jan Engelhardt <jengelh@inai.de>
Date: 2024-01-31 20:50:55.596208216 +0100
[ 221s] src/core/lib/promise/party.h: In member function 'bool grpc_core::Party::PromiseParticipantImpl<SuppliedFactory>::PollParticipantPromise() [with SuppliedFactory = grpc_core::ForwardCall(CallHandler, CallInitiator, ClientMetadataHandle)::<lambda()> mutable::<lambda(grpc_core::MessageHandle)> mutable::<lambda()>]':
[ 221s] src/core/lib/promise/party.h:541:5: error: control reaches end of non-void function [-Werror=return-type]
[ 221s] src/core/lib/promise/party.h: In member function 'grpc_core::Poll<typename grpc_core::promise_detail::OncePromiseFactory<void, F>::Promise::Result> grpc_core::Party::PromiseParticipantImpl<SuppliedFactory>::PollCompletion() [with SuppliedFactory = grpc_core::ForwardCall(CallHandler, CallInitiator, ClientMetadataHandle)::<lambda()> mutable::<lambda(grpc_core::MessageHandle)> mutable::<lambda()>]':
[ 221s] src/core/lib/promise/party.h:553:5: error: control reaches end of non-void function [-Werror=return-type]
That enum class only has three numerators, and it's not clear why gcc
would warn, given all three cases return.
---
src/core/lib/promise/party.h | 4 ++++
1 file changed, 4 insertions(+)
Index: grpc-1.61.0/src/core/lib/promise/party.h
===================================================================
--- grpc-1.61.0.orig/src/core/lib/promise/party.h
+++ grpc-1.61.0/src/core/lib/promise/party.h
@@ -538,6 +538,7 @@ class Party : public Activity, private W
Crash(
"unreachable: promises should not be repolled after completion");
}
+ std::terminate();
}
// Outside party poll: check whether the spawning party has completed this
@@ -550,6 +552,7 @@ class Party : public Activity, private W
case State::kResult:
return std::move(result_);
}
+ std::terminate();
}
void Destroy() override { this->Unref(); }

BIN
v1.59.2.tar.gz (Stored with Git LFS) Normal file
View File

Binary file not shown.

3
v1.62.1.tar.gz
View File

@@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:c9f9ae6e4d6f40464ee9958be4068087881ed6aa37e30d0e64d40ed7be39dd01
size 22384671