2 files changed, 33 insertions, 0 deletions
diff --git a/meta-python/recipes-devtools/python/python3-grpcio/CVE-2024-11407.patch b/meta-python/recipes-devtools/python/python3-grpcio/CVE-2024-11407.patch
new file mode 100644
index 0000000000..eef5e7239e
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python3-grpcio/CVE-2024-11407.patch
@@ -0,0 +1,32 @@
+From e9046b2bbebc0cb7f5dc42008f807f6c7e98e791 Mon Sep 17 00:00:00 2001
+From: Vignesh Babu <vigneshbabu@google.com>
+Date: Thu, 12 Sep 2024 11:13:45 -0700
+Subject: [PATCH] [EventEngine] Fix bug in Tx0cp code path in posix endpoint.
+This fix ensures that the iov_base pointers point to the right address.
+PiperOrigin-RevId: 673923651
+CVE: CVE-2024-11407
+Upstream-Status: Backport [https://github.com/grpc/grpc/commit/e9046b2bbebc0cb7f5dc42008f807f6c7e98e791]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ src/core/lib/event_engine/posix_engine/posix_endpoint.cc | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/src/core/lib/event_engine/posix_engine/posix_endpoint.cc b/src/core/lib/event_engine/posix_engine/posix_endpoint.cc
+index 7634bb1334b..c5708db02c5 100644
+--- a/src/core/lib/event_engine/posix_engine/posix_endpoint.cc
+++ b/src/core/lib/event_engine/posix_engine/posix_endpoint.cc
+@@ -240,7 +240,7 @@ msg_iovlen_type TcpZerocopySendRecord::PopulateIovs(size_t* unwind_slice_idx,
+        iov_size++) {
+     MutableSlice& slice = internal::SliceCast<MutableSlice>(
+         buf_.MutableSliceAt(out_offset_.slice_idx));
+-    iov[iov_size].iov_base = slice.begin();
+    iov[iov_size].iov_base = slice.begin() + out_offset_.byte_idx;
+     iov[iov_size].iov_len = slice.length() - out_offset_.byte_idx;
+     *sending_length += iov[iov_size].iov_len;
+     ++(out_offset_.slice_idx);
+-- 
+2.30.2
diff --git a/meta-python/recipes-devtools/python/python3-grpcio_1.62.2.bb b/meta-python/recipes-devtools/python/python3-grpcio_1.62.2.bb
index 59bfbf5538..b12b509142 100644
--- a/meta-python/recipes-devtools/python/python3-grpcio_1.62.2.bb
+++ b/meta-python/recipes-devtools/python/python3-grpcio_1.62.2.bb
@@ -12,6 +12,7 @@ SRC_URI += "file://0001-Include-missing-cstdint-header.patch \
           file://0001-crypto-use-_Generic-only-if-defined-__cplusplus.patch;patchdir=third_party/boringssl-with-bazel/src/ \
           file://0001-target.h-define-proper-macro-for-ppc-ppc64.patch \
           file://0001-PR-1644-unscaledcycleclock-remove-RISC-V-support.patch \
+           file://CVE-2024-11407.patch \
           "
 SRC_URI[sha256sum] = "c77618071d96b7a8be2c10701a98537823b9c65ba256c0b9067e0594cdbd954d"

diff --git a/meta-python/recipes-devtools/python/python3-grpcio/CVE-2024-11407.patch b/meta-python/recipes-devtools/python/python3-grpcio/CVE-2024-11407.patch new file mode 100644 index 0000000000..eef5e7239e --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-grpcio/CVE-2024-11407.patch
@@ -0,0 +1,32 @@
		1	From e9046b2bbebc0cb7f5dc42008f807f6c7e98e791 Mon Sep 17 00:00:00 2001
		2	From: Vignesh Babu <vigneshbabu@google.com>
		3	Date: Thu, 12 Sep 2024 11:13:45 -0700
		4	Subject: [PATCH] [EventEngine] Fix bug in Tx0cp code path in posix endpoint.
		5
		6	This fix ensures that the iov_base pointers point to the right address.
		7
		8	PiperOrigin-RevId: 673923651
		9
		10	CVE: CVE-2024-11407
		11	Upstream-Status: Backport [https://github.com/grpc/grpc/commit/e9046b2bbebc0cb7f5dc42008f807f6c7e98e791]
		12	Signed-off-by: Peter Marko <peter.marko@siemens.com>
		13	---
		14	src/core/lib/event_engine/posix_engine/posix_endpoint.cc \| 2 +-
		15	1 file changed, 1 insertion(+), 1 deletion(-)
		16
		17	diff --git a/src/core/lib/event_engine/posix_engine/posix_endpoint.cc b/src/core/lib/event_engine/posix_engine/posix_endpoint.cc
		18	index 7634bb1334b..c5708db02c5 100644
		19	--- a/src/core/lib/event_engine/posix_engine/posix_endpoint.cc
		20	+++ b/src/core/lib/event_engine/posix_engine/posix_endpoint.cc
		21	@@ -240,7 +240,7 @@ msg_iovlen_type TcpZerocopySendRecord::PopulateIovs(size_t* unwind_slice_idx,
		22	iov_size++) {
		23	MutableSlice& slice = internal::SliceCast<MutableSlice>(
		24	buf_.MutableSliceAt(out_offset_.slice_idx));
		25	- iov[iov_size].iov_base = slice.begin();
		26	+ iov[iov_size].iov_base = slice.begin() + out_offset_.byte_idx;
		27	iov[iov_size].iov_len = slice.length() - out_offset_.byte_idx;
		28	*sending_length += iov[iov_size].iov_len;
		29	++(out_offset_.slice_idx);
		30	--
		31	2.30.2
		32


diff --git a/meta-python/recipes-devtools/python/python3-grpcio_1.62.2.bb b/meta-python/recipes-devtools/python/python3-grpcio_1.62.2.bb index 59bfbf5538..b12b509142 100644 --- a/meta-python/recipes-devtools/python/python3-grpcio_1.62.2.bb +++ b/meta-python/recipes-devtools/python/python3-grpcio_1.62.2.bb
@@ -12,6 +12,7 @@ SRC_URI += "file://0001-Include-missing-cstdint-header.patch \
12	file://0001-crypto-use-_Generic-only-if-defined-__cplusplus.patch;patchdir=third_party/boringssl-with-bazel/src/ \	12	file://0001-crypto-use-_Generic-only-if-defined-__cplusplus.patch;patchdir=third_party/boringssl-with-bazel/src/ \
13	file://0001-target.h-define-proper-macro-for-ppc-ppc64.patch \	13	file://0001-target.h-define-proper-macro-for-ppc-ppc64.patch \
14	file://0001-PR-1644-unscaledcycleclock-remove-RISC-V-support.patch \	14	file://0001-PR-1644-unscaledcycleclock-remove-RISC-V-support.patch \
		15	file://CVE-2024-11407.patch \
15	"	16	"
16	SRC_URI[sha256sum] = "c77618071d96b7a8be2c10701a98537823b9c65ba256c0b9067e0594cdbd954d"	17	SRC_URI[sha256sum] = "c77618071d96b7a8be2c10701a98537823b9c65ba256c0b9067e0594cdbd954d"
17		18