!151 [sync] PR-147: containerd：update vendored golang.org/x/net

From: @openeuler-sync-bot Reviewed-by: @flyflyflypeng Signed-off-by: @flyflyflypeng
2024-02-06 11:04:38 +00:00 · 2024-02-06 11:04:38 +00:00 · e9cf5d9e41
commit e9cf5d9e41
parent f76f0a4bb7 4bf1ad0c53
4 changed files with 144 additions and 2 deletions
--- a/containerd.spec
+++ b/containerd.spec
@ -2,7 +2,7 @@
 %global debug_package %{nil}
 Version:        1.2.0
 Name:           containerd
-Release:        316
+Release:        317
 Summary:        An industry-standard container runtime
 License:        ASL 2.0
 URL:            https://containerd.io
@ -72,6 +72,12 @@ install -p -m 755 bin/ctr $RPM_BUILD_ROOT/%{_bindir}/ctr
 %{_bindir}/ctr
 %changelog
 * Tue Feb 06 2024 zhongjiawei<zhongjiawei1@huawei.com> - 1.2.0-317
 - Type:bugfix
 - ID:NA
 - SUG:NA
 - DESC:update vendored golang.org/x/net
 * Tue Jan 30 2024 zhongjiawei<zhongjiawei1@huawei.com> - 1.2.0-316
 - Type:CVE
 - ID:NA
--- a/2
+++ b/2
@ -1 +1 @@
-3f8608f668f99748bd26d8369aa167e0e6b9f855
+6062133c573a214534f51095586c54aefc690369
--- a/patch/0110-containerd-update-vendored-golang.org-x-net.patch
+++ b/patch/0110-containerd-update-vendored-golang.org-x-net.patch
@ -0,0 +1,135 @@
 From 7ab94524b9c4f0d9ab767cc6c22afc9e451e67dc Mon Sep 17 00:00:00 2001
 From: zhongjiawei <zhongjiawei1@huawei.com>
 Date: Tue, 6 Feb 2024 15:43:40 +0800
 Subject: [PATCH] containerd: update vendored golang.org/x/net
 ---
 vendor/golang.org/x/net/http2/hpack/hpack.go | 79 ++++++++++++--------
 1 file changed, 49 insertions(+), 30 deletions(-)
 diff --git a/vendor/golang.org/x/net/http2/hpack/hpack.go b/vendor/golang.org/x/net/http2/hpack/hpack.go
 index 176644a..f56067e 100644
 --- a/vendor/golang.org/x/net/http2/hpack/hpack.go
 +++ b/vendor/golang.org/x/net/http2/hpack/hpack.go
@@ -351,6 +351,7 @@ func (d *Decoder) parseFieldLiteral(n uint8, it indexType) error {
 	var hf HeaderField
 	wantStr := d.emitEnabled || it.indexed()
 +	var undecodedName undecodedString
 	if nameIdx > 0 {
 		ihf, ok := d.at(nameIdx)
 		if !ok {
@@ -358,15 +359,27 @@ func (d *Decoder) parseFieldLiteral(n uint8, it indexType) error {
 		}
 		hf.Name = ihf.Name
 	} else {
 -		hf.Name, buf, err = d.readString(buf, wantStr)
 +		undecodedName, buf, err = d.readString(buf)
 		if err != nil {
 			return err
 		}
 	}
 -	hf.Value, buf, err = d.readString(buf, wantStr)
 +	undecodedValue, buf, err := d.readString(buf)
 	if err != nil {
 		return err
 	}
 +	if wantStr {
 +		if nameIdx <= 0 {
 +			hf.Name, err = d.decodeString(undecodedName)
 +			if err != nil {
 +				return err
 +			}
 +		}
 +		hf.Value, err = d.decodeString(undecodedValue)
 +		if err != nil {
 +			return err
 +		}
 +	}
 	d.buf = buf
 	if it.indexed() {
 		d.dynTab.add(hf)
@@ -445,46 +458,52 @@ func readVarInt(n byte, p []byte) (i uint64, remain []byte, err error) {
 	return 0, origP, errNeedMore
 }
 -// readString decodes an hpack string from p.
 +// readString reads an hpack string from p.
 //
 -// wantStr is whether s will be used. If false, decompression and
 -// []byte->string garbage are skipped if s will be ignored
 -// anyway. This does mean that huffman decoding errors for non-indexed
 -// strings past the MAX_HEADER_LIST_SIZE are ignored, but the server
 -// is returning an error anyway, and because they're not indexed, the error
 -// won't affect the decoding state.
 -func (d *Decoder) readString(p []byte, wantStr bool) (s string, remain []byte, err error) {
 +// It returns a reference to the encoded string data to permit deferring decode costs
 +// until after the caller verifies all data is present.
 +func (d *Decoder) readString(p []byte) (u undecodedString, remain []byte, err error) {
 	if len(p) == 0 {
 -		return "", p, errNeedMore
 +		return u, p, errNeedMore
 	}
 	isHuff := p[0]&128 != 0
 	strLen, p, err := readVarInt(7, p)
 	if err != nil {
 -		return "", p, err
 +		return u, p, err
 	}
 	if d.maxStrLen != 0 && strLen > uint64(d.maxStrLen) {
 -		return "", nil, ErrStringLength
 +		// Returning an error here means Huffman decoding errors
 +		// for non-indexed strings past the maximum string length
 +		// are ignored, but the server is returning an error anyway
 +		// and because the string is not indexed the error will not
 +		// affect the decoding state.
 +		return u, nil, ErrStringLength
 	}
 	if uint64(len(p)) < strLen {
 -		return "", p, errNeedMore
 -	}
 -	if !isHuff {
 -		if wantStr {
 -			s = string(p[:strLen])
 -		}
 -		return s, p[strLen:], nil
 +		return u, p, errNeedMore
 	}
 +	u.isHuff = isHuff
 +	u.b = p[:strLen]
 +	return u, p[strLen:], nil
 +}
 -	if wantStr {
 -		buf := bufPool.Get().(*bytes.Buffer)
 -		buf.Reset() // don't trust others
 -		defer bufPool.Put(buf)
 -		if err := huffmanDecode(buf, d.maxStrLen, p[:strLen]); err != nil {
 -			buf.Reset()
 -			return "", nil, err
 -		}
 +type undecodedString struct {
 +	isHuff bool
 +	b      []byte
 +}
 +
 +func (d *Decoder) decodeString(u undecodedString) (string, error) {
 +	if !u.isHuff {
 +		return string(u.b), nil
 +	}
 +	buf := bufPool.Get().(*bytes.Buffer)
 +	buf.Reset() // don't trust others
 +	var s string
 +	err := huffmanDecode(buf, d.maxStrLen, u.b)
 +	if err == nil {
 		s = buf.String()
 -		buf.Reset() // be nice to GC
 	}
 -	return s, p[strLen:], nil
 +	buf.Reset() // be nice to GC
 +	bufPool.Put(buf)
 +	return s, err
 }
 -- 
 2.33.0
--- a/series.conf
+++ b/series.conf
@ -117,4 +117,5 @@ patch/0106-containerd-bump-ttrpc.patch
 patch/0107-containerd-Fix-missing-closed-fifo.patch
 patch/0108-containerd-Update-TTRPC-and-Protobuild-dependencies.patch
 patch/0109-containerd-Backport-net-http-regenerate-h2_bundle.go.patch
 patch/0110-containerd-update-vendored-golang.org-x-net.patch
 # end
`@ -1 +1 @@`
	`3f8608f668f99748bd26d8369aa167e0e6b9f855`	`6062133c573a214534f51095586c54aefc690369`