mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-03-09 22:00:00 +00:00
Code Issues Projects Releases Wiki Activity

python3-grpcio: patch CVE-2024-11407

Browse Source 
Cherry-pick commit [1] mentioned in [2].

[1] e9046b2bbe
[2] https://nvd.nist.gov/vuln/detail/CVE-2024-11407

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This commit is contained in:
Peter Marko
2025-01-26 12:01:07 +01:00
committed by Armin Kuster
parent d7e5d4796c
commit 988751415d
2 changed files with 33 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
meta-python/recipes-devtools/python/python3-grpcio/CVE-2024-11407.patch Normal file
View File

@@ -0,0 +1,32 @@
From e9046b2bbebc0cb7f5dc42008f807f6c7e98e791 Mon Sep 17 00:00:00 2001
From: Vignesh Babu <vigneshbabu@google.com>
Date: Thu, 12 Sep 2024 11:13:45 -0700
Subject: [PATCH] [EventEngine] Fix bug in Tx0cp code path in posix endpoint.
This fix ensures that the iov_base pointers point to the right address.
PiperOrigin-RevId: 673923651
CVE: CVE-2024-11407
Upstream-Status: Backport [https://github.com/grpc/grpc/commit/e9046b2bbebc0cb7f5dc42008f807f6c7e98e791]
Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
src/core/lib/event_engine/posix_engine/posix_endpoint.cc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/core/lib/event_engine/posix_engine/posix_endpoint.cc b/src/core/lib/event_engine/posix_engine/posix_endpoint.cc
index 7634bb1334b..c5708db02c5 100644
--- a/src/core/lib/event_engine/posix_engine/posix_endpoint.cc
+++ b/src/core/lib/event_engine/posix_engine/posix_endpoint.cc
@@ -240,7 +240,7 @@ msg_iovlen_type TcpZerocopySendRecord::PopulateIovs(size_t* unwind_slice_idx,
iov_size++) {
MutableSlice& slice = internal::SliceCast<MutableSlice>(
buf_.MutableSliceAt(out_offset_.slice_idx));
- iov[iov_size].iov_base = slice.begin();
+ iov[iov_size].iov_base = slice.begin() + out_offset_.byte_idx;
iov[iov_size].iov_len = slice.length() - out_offset_.byte_idx;
*sending_length += iov[iov_size].iov_len;
++(out_offset_.slice_idx);
--
2.30.2

1
meta-python/recipes-devtools/python/python3-grpcio_1.62.2.bb
View File

@@ -12,6 +12,7 @@ SRC_URI += "file://0001-Include-missing-cstdint-header.patch \
file://0001-crypto-use-_Generic-only-if-defined-__cplusplus.patch;patchdir=third_party/boringssl-with-bazel/src/ \
file://0001-target.h-define-proper-macro-for-ppc-ppc64.patch \
file://0001-PR-1644-unscaledcycleclock-remove-RISC-V-support.patch \
file://CVE-2024-11407.patch \
"
SRC_URI[sha256sum] = "c77618071d96b7a8be2c10701a98537823b9c65ba256c0b9067e0594cdbd954d"