Skip to content

patch prost 0.5 to pick up security fix#414

Merged
hawkw merged 1 commit intomasterfrom
eliza/patch-prost-2
Jan 23, 2020
Merged

patch prost 0.5 to pick up security fix#414
hawkw merged 1 commit intomasterfrom
eliza/patch-prost-2

Conversation

@hawkw
Copy link
Contributor

@hawkw hawkw commented Jan 23, 2020
edited
Loading

This branch updates the proxy's prost dependency to a patched version
of prost 0.5 that incorporates the cahnges in danburkert/prost#268.
This patch fixes a security issue where a malicious protobuf message
could be used to trigger a stack overflow.

We are unfortunately unable to easily update to prost 0.6.1, which
includes this fix, as 0.6 updates the bytes dependency to 0.5. The
tokio 0.1 ecosystem that the proxy currently uses still depends on
0.4, and the breaking changes in 0.5 are quite significant. Therefore,
updating to bytes 0.5 would require a lot of fairly large changes to
legacy versions of...pretty much everything (tokio-io, tokio-buf,
hyper, http-body...). As we intend to update to tokio 0.2 in the
near future, patching all these legacy dependencies is a bit of a waste
of time. Therefore, I opted to backport the security fix to a compatible
prost version instead.

Closes linkerd/linkerd2#3963

Signed-off-by: Eliza Weisman eliza@buoyant.io

@hawkw
patch prost 0.5 to pick up security fix
c133481 
This branch updates the proxy's `prost` dependency to a patched version
of `prost` 0.5 that incorporates the cahnges in danburkert/prost#268.
This patch fixes a security issue where a malicious protobuf message
could be used to trigger a stack overflow.

We are unfortunately unable to easily update to `prost` 0.6.1, which
includes this fix, as 0.6 updates the `bytes` dependency to 0.5. The
`tokio` 0.1 ecosystem that the proxy currently uses still depends on
0.4, and the breaking changes in 0.5 are quite significant. Therefore,
updating to `bytes` 0.5 would require a lot of fairly large changes to
legacy versions of...pretty much everything (`tokio-io`, `tokio-buf`,
`hyper`, `http-body`...). As we intend to update to `tokio` 0.2 in the
near future, patching all these legacy dependencies is a bit of a waste
of time. Therefore, I opted to backport the security fix to a compatible
`prost` version instead.

Closes inkerd/linkerd2#3963

Signed-off-by: Eliza Weisman <eliza@buoyant.io>
@hawkw hawkw requested review from olix0r and seanmonstar January 23, 2020 22:35
@hawkw
Copy link
Contributor Author

hawkw commented Jan 23, 2020

unfortunately, cargo audit will still think we are vulnerable because the version hasn't changed (and, we can't change it since it's necessary to patch the version that other crates depend on)

olix0r
olix0r approved these changes Jan 23, 2020
View reviewed changes
Copy link
Member

@olix0r olix0r left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! LGTM once it passes CI

@hawkw hawkw merged commit b352624 into master Jan 23, 2020
olix0r added a commit to linkerd/linkerd2 that referenced this pull request Feb 4, 2020
@olix0r
proxy: v2.85.0
9112d8c 
This release fixes a bug in the proxy's logging subsystem that could
cause the proxy to consume memory until the process is OOMKilled,
especially when the proxy was configured to log diagnostic information.

The proxy also now properly emits `grpc-status` headers when signaling
proxy errors to gRPC clients.

This release upgrades the proxy's Rust version, the `http` crate
dependency to address RUSTSEC-2019-0033 and RUSTSEC-2019-0034, and the
`prost` crate dependency has been patched to address RUSTSEC-2020-02.

---

* internal: Introduce a locking middleware (linkerd/linkerd2-proxy#408)
* Update to Rust 1.40 with new Cargo.lock format (linkerd/linkerd2-proxy#410)
* Update http to v0.1.21 (linkerd/linkerd2-proxy#412)
* internal: Split retry, http-classify, and http-metrics (linkerd/linkerd2-proxy#409)
* Actually update http to v0.1.21 (linkerd/linkerd2-proxy#413)
* patch `prost` 0.5 to pick up security fix (linkerd/linkerd2-proxy#414)
* metrics: Make Counter & Gauge atomic (linkerd/linkerd2-proxy#415)
* Set grpc-status headers on dispatch errors (linkerd/linkerd2-proxy#416)
* trace: update `tracing-subscriber` to 0.2.0-alpha.4 (linkerd/linkerd2-proxy#418)
* discover: Warn on discovery error (linkerd/linkerd2-proxy#422)
* router: Avoid large up-front allocations (linkerd/linkerd2-proxy#421)
* errors: Set correct HTTP version on responses (linkerd/linkerd2-proxy#424)
* app: initialize tracing prior to parsing env vars (linkerd/linkerd2-proxy#425)
* trace: update tracing-subscriber to 0.2.0-alpha.6 (linkerd/linkerd2-proxy#423)
@olix0r olix0r mentioned this pull request Feb 4, 2020
Merged
adleong pushed a commit to linkerd/linkerd2 that referenced this pull request Feb 4, 2020
@olix0r
proxy: v2.85.0 (#4010)
afcbebd 
This release fixes a bug in the proxy's logging subsystem that could
cause the proxy to consume memory until the process is OOMKilled,
especially when the proxy was configured to log diagnostic information.

The proxy also now properly emits `grpc-status` headers when signaling
proxy errors to gRPC clients.

This release upgrades the proxy's Rust version, the `http` crate
dependency to address RUSTSEC-2019-0033 and RUSTSEC-2019-0034, and the
`prost` crate dependency has been patched to address RUSTSEC-2020-02.

---

* internal: Introduce a locking middleware (linkerd/linkerd2-proxy#408)
* Update to Rust 1.40 with new Cargo.lock format (linkerd/linkerd2-proxy#410)
* Update http to v0.1.21 (linkerd/linkerd2-proxy#412)
* internal: Split retry, http-classify, and http-metrics (linkerd/linkerd2-proxy#409)
* Actually update http to v0.1.21 (linkerd/linkerd2-proxy#413)
* patch `prost` 0.5 to pick up security fix (linkerd/linkerd2-proxy#414)
* metrics: Make Counter & Gauge atomic (linkerd/linkerd2-proxy#415)
* Set grpc-status headers on dispatch errors (linkerd/linkerd2-proxy#416)
* trace: update `tracing-subscriber` to 0.2.0-alpha.4 (linkerd/linkerd2-proxy#418)
* discover: Warn on discovery error (linkerd/linkerd2-proxy#422)
* router: Avoid large up-front allocations (linkerd/linkerd2-proxy#421)
* errors: Set correct HTTP version on responses (linkerd/linkerd2-proxy#424)
* app: initialize tracing prior to parsing env vars (linkerd/linkerd2-proxy#425)
* trace: update tracing-subscriber to 0.2.0-alpha.6 (linkerd/linkerd2-proxy#423)
@olix0r olix0r deleted the eliza/patch-prost-2 branch May 25, 2021 15:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@olix0r olix0r olix0r approved these changes

+1 more reviewer

@seanmonstar seanmonstar seanmonstar approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

proxy: Update prost to 0.6

3 participants

@hawkw @seanmonstar @olix0r