sync #8
Merged
sync #8
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This updates the version of boringssl and removes the dependency on APR. netty-tcnative 2.0.56.Final uses APR 1.7.0, so is in scope for CVE-2021-35940, CVE-2022-28331, and CVE-2022-24963. netty-tcnative is not actually vulnerable. The binary does not include apr_socket_sendv(), apr_encode_*(), apr_pencode_*(), apr_decode_*(), apr_pdecode_*(). The binary does include apr_time_exp_*() but it is unused code. Unfortunately --gc-sections wasn't used during compilation. apr_time_now() is used, but that just calls gettimeofday() and is not vulnerable. There's no panic here, but this updates netty-tcnative just a few weeks before we would have ordinarily done so. Bumping the version makes life easier for everyone.
Explicit dependencies to keep versions in step with newer Guava
DefaultByteBufHolder has many perfectly good implementations. It should be enought to implement the replace method.
com.google.protobuf:protoc updated from 3.21.7 to 3.22.3.
The PipeSocket was convenient and avoided real I/O, but the shutdown/close while connecting/handshaking tests were triggering a Socket bug in Java (https://bugs.openjdk.org/browse/JDK-8278326). Using a real socket doesn't trigger the bug because the test stops sharing state with the code under test. Fixes #10228 ``` Details ================== WARNING: ThreadSanitizer: data race (pid=4528) Write of size 1 at 0x0000cfb9d5f4 by thread T36 (mutexes: write M0): #0 java.net.Socket.setCreated()V Socket.java:687 #1 java.net.AbstractPlainSocketImpl.create(Z)V AbstractPlainSocketImpl.java:149 #2 java.net.Socket.createImpl(Z)V Socket.java:477 #3 java.net.Socket.getImpl()Ljava/net/SocketImpl; Socket.java:540 #4 java.net.Socket.setTcpNoDelay(Z)V Socket.java:998 #5 io.grpc.okhttp.OkHttpServerTransport.startIo(Lio/grpc/internal/SerializingExecutor;)V OkHttpServerTransport.java:164 #6 io.grpc.okhttp.OkHttpServerTransport.lambda$start$0(Lio/grpc/internal/SerializingExecutor;)V OkHttpServerTransport.java:159 #7 io.grpc.okhttp.OkHttpServerTransport$$Lambda$56.run()V ?? #8 io.grpc.internal.SerializingExecutor.run()V SerializingExecutor.java:133 #9 java.util.concurrent.ThreadPoolExecutor.runWorker(Ljava/util/concurrent/ThreadPoolExecutor$Worker;)V ThreadPoolExecutor.java:1130 #10 java.util.concurrent.ThreadPoolExecutor$Worker.run()V ThreadPoolExecutor.java:630 #11 java.lang.Thread.run()V Thread.java:830 #12 (Generated Stub) <null> Previous read of size 1 at 0x0000cfb9d5f4 by thread T35 (mutexes: write M1, write M2): #0 java.net.Socket.close()V Socket.java:1512 #1 io.grpc.okhttp.OkHttpServerTransportTest$PipeSocket.close()V OkHttpServerTransportTest.java:1384 #2 io.grpc.okhttp.OkHttpServerTransportTest.clientCloseDuringHandshake()V OkHttpServerTransportTest.java:290 ```
* Suppress duplicate children and NACK if detect loops (child is an ancestors of the current CDS aggregate). * Handle diamond shaped aggregations (same cluster appears under 2 distinct parents that doesn't create a loop).
This is now the preferred way to specify rule execution order.
replaced use of bareSocket with a synchronized socket, added additional lock to synchronize initialization with shutdown() to fix a Java bug
…tion Apparently our Kokoro image has this done already, and my laptop as well. But the newer Kokoro image and other computers like my desktop don't have it already.
Plumbing through sourceSet lets cross-project dependencies work the same way as artifacts published to Maven. This fixes an issue for interop-testing where build/install would include all the raw files from thirdparty in addition to the grpc-xds.jar. For example: build/install/grpc-interop-testing/lib/com/github/xds/data/orca/v3/OrcaLoadReport$1.class b/288577812
Instead of the deprecated Android AsyncTask, let's use the standard Java concurrency library with a Callable and an ExecutorService.
Note that this changes the JDK used to compile releases to Java 11. That should only impact the appearance of the Javadoc. This adds the Android SDK to the build container, removing the dependency on the Android SDK being available on the CI host. This allows running on newer Kokoro images. 'Android' and 'Android interop' CIs still depend on the Android SDK being available on the host, but since they aren't used as part of the release process, they can more easily migrate off Kokoro as part of future work. This also causes Android components to now be built with -Werror, as we use -PfailOnWarnings=true in unix.sh but were missing it from the Android build invocations. Gradle will auto-download the necessary version of build-tools. We don't want to download it ourselves because the version we specify might not even be used. Looking at logs, we were previously downloading a version that was unused. We now fork javac to avoid OOM. The build fails 2/3 times before the forking, and 0/3 after.
* context, all: move Context classes to grpc-api clean up grpc-context since it has no source code: only add dep on grpc-api add exclusion for all transitive deps of grpc-api - only guava exclude grpc-context as a dependency from grpc-alts because all context code is in grpc-api now api: 1.7 as target Java version for Context source-set of grpc-api * core, census: fix the issues with android project pulling in old grpc-context version * api,context: make changes to bazel build files to account for context code moving from context to api
…o support cross-user communication through OnDeviceServer. (#10197) Add UserHandle and BinderChannelCredentials to BinderChannelBuilder to support cross-user ondevice server.
There's been minor version skew between Java and C++ many times because certain releases are one-language-only. And now we have more severe skew, where we can't readily upgrade to newer C++ Protobuf versions because of build complexity. Let's just remove the version, and have the canonical C++ Protobuf version live in COMPILING.md. See #10317
Currently, the gRPC compiler isn't properly using the fully qualified string name `java.lang.String` instead of `String`. Update the generator to use the `$String$` alias to avoid compile issues with protobuf messages called String. Fixes #10316.
This stabilizes: - Status.asRuntimeException(Metadata) - Status.trailersFromThrowable(Throwable)
3808e70 fixed references of String to be java.lang.String, but failed to update the Android build.
This has been fixed in the Protobuf Gradle Plugin since probably 0.8.13.
ManagedCahnnelImpl did not make sure to use a RetryingNameResolver if authority was not overriden. This was not a problem for DNS name resolution as the DNS name resolver factory explicitly returns a RetryingNameResolver. For polling name resolvers that do not do this in their factories (like the grpclb name resolver) this meant not having retry at all.
…text dep from api (#10326)
* require EDS service name in CDS resources with xdstp name
…in load balancing policy (#10272)
Motivation: When multiple NameResolvers are created, the Classloader is scanned every time trying to figure out if the Platform is Android. This expensive work could be done only once. Modification: Cache isAndroid resolution in a constant. Result: Less expensive multiple NameResolvers instantiation.
Instead of assignment, it now seems to be a FileCollection that you modify. This has probably been broken since f458f22. ``` > Could not create task ':grpc-auth:japicmp'. > Cannot set the value of read-only property 'oldClasspath' for task ':grpc-auth:japicmp' of type me.champeau.gradle.japicmp.JapicmpTask. ``` The change works with or without the files(), but the conversion is just not needed anymore as it is handled by FileCollection.
I moved items that could be done immediately after the release up into the main release flow. I also stripped some outdated or unnecessary text to make it quicker to follow.
Co-authored-by: Sergii Tkachenko <[email protected]>
…ption (#10356) `StatusException` thrown from `checkedStart()` may have `trailers`. Therefore, `CheckedForwardingClientCall` should pass the `trailers` to `responseListener.onClose()`.
…10334) * Sort the policies in a rule by policy name when parsing from proto. This fixes the server sending a GOAWAY when an LDS update with no changes other than ordering is received. * Remove use of deprecated method setSourceIp * Fix style issues * Update RbacFilterTest.java
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
13 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
sync