From e908293a8dbd0d80c719fdc36e3d4ba745eb0926 Mon Sep 17 00:00:00 2001 From: Eliza Weisman Date: Fri, 9 Jul 2021 07:53:26 -0700 Subject: [PATCH] build(deps): update `tonic`, `prost`, and `linkerd2-proxy-api` (#1137) This updates `prost`, `prost-types`, and `prost-build` to v0.8, which includes a fix for a panic (and potential denial-of-service attack) when converting a protobuf duration into a Rust `Duration`. Although we don't use the vulnerable APIs in the proxy or in `linkerd2-proxy-api`, this is necessary in order to fix a RUSTSEC advisory warning. In order to update `prost`, we must also update `tonic` and `tonic-build` to v0.5, which depends on `prost` 0.8, and update the `linkerd2-proxy-api` crate to include linkerd/linkerd2-proxy-api#71. Since these crates all depend on each other, we need to update them all at the same time. Dependabot has opened separate PRs for these crates, but none of them will pass CI, since they depend on incompatible versions. This PR, on the other hand, should pass, since it updates all the crates atomically in one commit. Also, some minor code changes were required due to breaking API changes in `tonic` 0.5. Closes #1134, #1135, and #1136; should fix CI. --- Cargo.lock | 54 +++++++++++++++++------- linkerd/app/Cargo.toml | 2 +- linkerd/app/core/Cargo.toml | 2 +- linkerd/app/core/src/errors.rs | 1 - linkerd/app/integration/Cargo.toml | 2 +- linkerd/opencensus/Cargo.toml | 2 +- linkerd/opencensus/src/lib.rs | 4 +- linkerd/proxy/api-resolve/Cargo.toml | 4 +- linkerd/proxy/api-resolve/src/resolve.rs | 16 +++---- linkerd/proxy/identity/Cargo.toml | 2 +- linkerd/proxy/identity/src/certify.rs | 12 ++---- linkerd/proxy/tap/Cargo.toml | 4 +- linkerd/service-profiles/Cargo.toml | 4 +- linkerd/service-profiles/src/client.rs | 23 +++++----- linkerd/service-profiles/src/lib.rs | 2 +- linkerd/tonic-watch/Cargo.toml | 2 +- linkerd/transport-header/Cargo.toml | 4 +- opencensus-proto/Cargo.toml | 8 ++-- 18 files changed, 80 insertions(+), 68 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index a8f9e354cb..b0d2ceb33c 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -480,6 +480,18 @@ dependencies = [ "tower", ] +[[package]] +name = "hyper-timeout" +version = "0.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bbb958482e8c7be4bc3cf272a766a2b0bf1a6755e7a6ae777f017a31d11b13b1" +dependencies = [ + "hyper", + "pin-project-lite", + "tokio", + "tokio-io-timeout", +] + [[package]] name = "idna" version = "0.2.3" @@ -530,9 +542,9 @@ checksum = "68f2d64f2edebec4ce84ad108148e67e1064789bee435edc5b60ad398714a3a9" [[package]] name = "itertools" -version = "0.9.0" +version = "0.10.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "284f18f85651fe11e8a991b2adb42cb078325c996ed026d994719efcfca1d54b" +checksum = "69ddb889f9d0d08a67338271fa9b62996bc788c7796a5c18cf057420aaed5eaf" dependencies = [ "either", ] @@ -1465,7 +1477,7 @@ dependencies = [ [[package]] name = "linkerd2-proxy-api" version = "0.1.18" -source = "git+https://github.com/linkerd/linkerd2-proxy-api?branch=main#def4e323b26e04f177c53f8f14a9ff7c82830721" +source = "git+https://github.com/linkerd/linkerd2-proxy-api?branch=main#5e4e190df8fe3a2c869169a60b7ba78e2afe31b6" dependencies = [ "h2", "http", @@ -1733,9 +1745,9 @@ dependencies = [ [[package]] name = "prost" -version = "0.7.0" +version = "0.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9e6984d2f1a23009bd270b8bb56d0926810a3d483f59c987d77969e9d8e840b2" +checksum = "de5e2533f59d08fcf364fd374ebda0692a70bd6d7e66ef97f306f45c6c5d8020" dependencies = [ "bytes", "prost-derive", @@ -1743,9 +1755,9 @@ dependencies = [ [[package]] name = "prost-build" -version = "0.7.0" +version = "0.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "32d3ebd75ac2679c2af3a92246639f9fcc8a442ee420719cc4fe195b98dd5fa3" +checksum = "355f634b43cdd80724ee7848f95770e7e70eefa6dcf14fea676216573b8fd603" dependencies = [ "bytes", "heck", @@ -1761,9 +1773,9 @@ dependencies = [ [[package]] name = "prost-derive" -version = "0.7.0" +version = "0.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "169a15f3008ecb5160cba7d37bcd690a7601b6d30cfb87a117d45e59d52af5d4" +checksum = "600d2f334aa05acb02a755e217ef1ab6dea4d51b58b7846588b747edec04efba" dependencies = [ "anyhow", "itertools", @@ -1774,9 +1786,9 @@ dependencies = [ [[package]] name = "prost-types" -version = "0.7.0" +version = "0.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b518d7cdd93dab1d1122cf07fa9a60771836c668dde9d9e2a139f957f0d9f1bb" +checksum = "603bbd6394701d13f3f25aada59c7de9d35a6a5887cfc156181234a44002771b" dependencies = [ "bytes", "prost", @@ -2139,6 +2151,16 @@ dependencies = [ "winapi", ] +[[package]] +name = "tokio-io-timeout" +version = "1.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "90c49f106be240de154571dd31fbe48acb10ba6c6dd6f6517ad603abffa42de9" +dependencies = [ + "pin-project-lite", + "tokio", +] + [[package]] name = "tokio-macros" version = "1.1.0" @@ -2214,9 +2236,9 @@ dependencies = [ [[package]] name = "tonic" -version = "0.4.3" +version = "0.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2ac42cd97ac6bd2339af5bcabf105540e21e45636ec6fa6aae5e85d44db31be0" +checksum = "b584f064fdfc50017ec39162d5aebce49912f1eb16fd128e04b7f4ce4907c7e5" dependencies = [ "async-stream", "async-trait", @@ -2228,6 +2250,7 @@ dependencies = [ "http", "http-body", "hyper", + "hyper-timeout", "percent-encoding", "pin-project", "prost", @@ -2236,6 +2259,7 @@ dependencies = [ "tokio-stream", "tokio-util", "tower", + "tower-layer", "tower-service", "tracing", "tracing-futures", @@ -2243,9 +2267,9 @@ dependencies = [ [[package]] name = "tonic-build" -version = "0.4.2" +version = "0.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c695de27302f4697191dda1c7178131a8cb805463dda02864acb80fe1322fdcf" +checksum = "25db9a497663a9a779693ef67b6e6aef8345b3d3ff8d50ef92eae6c88cb1e386" dependencies = [ "proc-macro2", "prost-build", diff --git a/linkerd/app/Cargo.toml b/linkerd/app/Cargo.toml index 05b9f91043..e821e80e31 100644 --- a/linkerd/app/Cargo.toml +++ b/linkerd/app/Cargo.toml @@ -28,6 +28,6 @@ regex = "1.5.4" thiserror = "1.0" tokio = { version = "1", features = ["rt"] } tokio-stream = { version = "0.1.7", features = ["time", "sync"] } -tonic = { version = "0.4", default-features = false, features = ["prost"] } +tonic = { version = "0.5", default-features = false, features = ["prost"] } tower = "0.4.8" tracing = "0.1.26" diff --git a/linkerd/app/core/Cargo.toml b/linkerd/app/core/Cargo.toml index fc98ce49fb..b7d4cbb864 100644 --- a/linkerd/app/core/Cargo.toml +++ b/linkerd/app/core/Cargo.toml @@ -64,7 +64,7 @@ serde_json = "1" thiserror = "1.0" tokio = { version = "1", features = ["macros", "sync", "parking_lot"]} tokio-stream = { version = "0.1.7", features = ["time"] } -tonic = { version = "0.4", default-features = false, features = ["prost"] } +tonic = { version = "0.5", default-features = false, features = ["prost"] } tracing = "0.1.26" pin-project = "1" diff --git a/linkerd/app/core/src/errors.rs b/linkerd/app/core/src/errors.rs index 06c800c548..d0c753ef0d 100644 --- a/linkerd/app/core/src/errors.rs +++ b/linkerd/app/core/src/errors.rs @@ -337,7 +337,6 @@ fn code_header(code: grpc::Code) -> HeaderValue { Code::Unavailable => HeaderValue::from_static("14"), Code::DataLoss => HeaderValue::from_static("15"), Code::Unauthenticated => HeaderValue::from_static("16"), - Code::__NonExhaustive => unreachable!("Code::__NonExhaustive"), } } diff --git a/linkerd/app/integration/Cargo.toml b/linkerd/app/integration/Cargo.toml index e5fbabaf30..93c2c3d18a 100644 --- a/linkerd/app/integration/Cargo.toml +++ b/linkerd/app/integration/Cargo.toml @@ -35,7 +35,7 @@ tokio = { version = "1", features = ["io-util", "net", "rt", "macros"] } tokio-stream = { version = "0.1.7", features = ["sync"] } tokio-rustls = "0.22" tower = { version = "0.4.8", default-features = false } -tonic = { version = "0.4", default-features = false } +tonic = { version = "0.5", default-features = false } tracing = "0.1.26" webpki = "0.21" tracing-subscriber = { version = "0.2", default-features = false, features = ["fmt"] } diff --git a/linkerd/opencensus/Cargo.toml b/linkerd/opencensus/Cargo.toml index c68a921bd7..cb57d87e67 100644 --- a/linkerd/opencensus/Cargo.toml +++ b/linkerd/opencensus/Cargo.toml @@ -13,7 +13,7 @@ http-body = "0.4" linkerd-error = { path = "../error" } linkerd-metrics = { path = "../metrics" } opencensus-proto = { path = "../../opencensus-proto" } -tonic = { version = "0.4", default-features = false, features = ["prost", "codegen"] } +tonic = { version = "0.5", default-features = false, features = ["prost", "codegen"] } tower = { version = "0.4.8", default-features = false } tokio = { version = "1", features = ["macros", "sync", "time"] } tokio-stream = { version = "0.1.7", features = ["sync"] } diff --git a/linkerd/opencensus/src/lib.rs b/linkerd/opencensus/src/lib.rs index 4c40b03344..b1ac5549e4 100644 --- a/linkerd/opencensus/src/lib.rs +++ b/linkerd/opencensus/src/lib.rs @@ -24,7 +24,7 @@ where T: GrpcService + Clone, T::Error: Into, ::Error: Into + Send + Sync, - T::ResponseBody: 'static, + T::ResponseBody: Send + Sync + 'static, S: Stream + Unpin, { debug!("Span exporter running"); @@ -49,7 +49,7 @@ where T: GrpcService, T::Error: Into, ::Error: Into + Send + Sync, - T::ResponseBody: 'static, + T::ResponseBody: Send + Sync + 'static, S: Stream + Unpin, { const MAX_BATCH_SIZE: usize = 1000; diff --git a/linkerd/proxy/api-resolve/Cargo.toml b/linkerd/proxy/api-resolve/Cargo.toml index 851a1efe00..97460004f8 100644 --- a/linkerd/proxy/api-resolve/Cargo.toml +++ b/linkerd/proxy/api-resolve/Cargo.toml @@ -24,7 +24,7 @@ linkerd-tls = { path = "../../tls" } http = "0.2" http-body = "0.4" pin-project = "1" -prost = "0.7" -tonic = { version = "0.4", default-features = false } +prost = "0.8" +tonic = { version = "0.5", default-features = false } tower = { version = "0.4.8", default-features = false } tracing = "0.1.26" diff --git a/linkerd/proxy/api-resolve/src/resolve.rs b/linkerd/proxy/api-resolve/src/resolve.rs index 849d7e8694..c48a76face 100644 --- a/linkerd/proxy/api-resolve/src/resolve.rs +++ b/linkerd/proxy/api-resolve/src/resolve.rs @@ -7,16 +7,12 @@ use crate::{ use api::destination_client::DestinationClient; use async_stream::try_stream; use futures::prelude::*; -use http_body::Body as HttpBody; +use http_body::Body; use linkerd_error::Error; use linkerd_stack::Param; use std::pin::Pin; use std::task::{Context, Poll}; -use tonic::{ - self as grpc, - body::{Body, BoxBody}, - client::GrpcService, -}; +use tonic::{self as grpc, body::BoxBody, client::GrpcService}; use tower::Service; use tracing::{debug, info, trace}; @@ -32,9 +28,9 @@ impl Resolve where S: GrpcService + Clone + Send + 'static, S::Error: Into + Send, - S::ResponseBody: Send, + S::ResponseBody: Send + Sync, ::Data: Send, - ::Error: Into + Send, + ::Error: Into + Send, S::Future: Send, { pub fn new(svc: S, context_token: String) -> Self { @@ -56,9 +52,9 @@ where T: Param, S: GrpcService + Clone + Send + 'static, S::Error: Into + Send, - S::ResponseBody: Send, + S::ResponseBody: Send + Sync, ::Data: Send, - ::Error: Into + Send, + ::Error: Into + Send, S::Future: Send, { type Response = UpdatesStream; diff --git a/linkerd/proxy/identity/Cargo.toml b/linkerd/proxy/identity/Cargo.toml index 6d9d4812b7..da42b706ec 100644 --- a/linkerd/proxy/identity/Cargo.toml +++ b/linkerd/proxy/identity/Cargo.toml @@ -18,7 +18,7 @@ linkerd-metrics = { path = "../../metrics" } linkerd-stack = { path = "../../stack" } linkerd-tls = { path = "../../tls" } tokio = { version = "1", features = ["time", "sync"] } -tonic = { version = "0.4", default-features = false } +tonic = { version = "0.5", default-features = false } tracing = "0.1.26" http-body = "0.4" pin-project = "1" diff --git a/linkerd/proxy/identity/src/certify.rs b/linkerd/proxy/identity/src/certify.rs index dba15fc6f7..0fc7ebc689 100644 --- a/linkerd/proxy/identity/src/certify.rs +++ b/linkerd/proxy/identity/src/certify.rs @@ -1,4 +1,4 @@ -use http_body::Body as HttpBody; +use http_body::Body; use linkerd2_proxy_api::identity::{self as api, identity_client::IdentityClient}; use linkerd_error::Error; use linkerd_identity as id; @@ -11,11 +11,7 @@ use std::sync::Arc; use std::time::{Duration, SystemTime, UNIX_EPOCH}; use tokio::sync::watch; use tokio::time::{self, Sleep}; -use tonic::{ - self as grpc, - body::{Body, BoxBody}, - client::GrpcService, -}; +use tonic::{self as grpc, body::BoxBody, client::GrpcService}; use tracing::{debug, error, trace}; /// Configures the Identity service and local identity. @@ -88,9 +84,9 @@ impl Daemon { where N: NewService<(), Service = S>, S: GrpcService, - S::ResponseBody: Send + 'static, + S::ResponseBody: Send + Sync + 'static, ::Data: Send, - ::Error: Into + Send, + ::Error: Into + Send, { let Self { crt_key_watch, diff --git a/linkerd/proxy/tap/Cargo.toml b/linkerd/proxy/tap/Cargo.toml index 01b5b2c9c4..1add83a8b5 100644 --- a/linkerd/proxy/tap/Cargo.toml +++ b/linkerd/proxy/tap/Cargo.toml @@ -27,11 +27,11 @@ rand = { version = "0.8" } thiserror = "1.0" tokio = { version = "1", features = ["time"]} tower = { version = "0.4.8", default-features = false } -tonic = { version = "0.4", default-features = false } +tonic = { version = "0.5", default-features = false } tracing = "0.1.26" pin-project = "1" [dev-dependencies] linkerd2-proxy-api = { git = "https://github.com/linkerd/linkerd2-proxy-api", branch = "main", features = ["arbitrary"] } -prost-types = "0.7.0" +prost-types = "0.8.0" quickcheck = { version = "1", default-features = false } diff --git a/linkerd/service-profiles/Cargo.toml b/linkerd/service-profiles/Cargo.toml index 3d66fd416b..65b98de278 100644 --- a/linkerd/service-profiles/Cargo.toml +++ b/linkerd/service-profiles/Cargo.toml @@ -29,7 +29,7 @@ rand = { version = "0.8", features = ["small_rng"] } regex = "1.5.4" tokio = { version = "1", features = ["macros", "rt", "sync", "time"] } tokio-stream = { version = "0.1", features = ["sync"] } -tonic = { version = "0.4", default-features = false } +tonic = { version = "0.5", default-features = false } tower = { version = "0.4.8", features = [ "ready-cache", "retry", "util"] } thiserror = "1" tracing = "0.1.26" @@ -37,5 +37,5 @@ pin-project = "1" [dev-dependencies] linkerd2-proxy-api = { git = "https://github.com/linkerd/linkerd2-proxy-api", branch = "main", features = ["arbitrary"] } -prost-types = "0.7.0" +prost-types = "0.8.0" quickcheck = { version = "1", default-features = false } diff --git a/linkerd/service-profiles/src/client.rs b/linkerd/service-profiles/src/client.rs index f86195ec4e..b2f52207e3 100644 --- a/linkerd/service-profiles/src/client.rs +++ b/linkerd/service-profiles/src/client.rs @@ -1,15 +1,12 @@ use crate::{proto, LookupAddr, Profile, Receiver}; use futures::prelude::*; -use http_body::Body as HttpBody; +use http_body::Body; use linkerd2_proxy_api::destination::{self as api, destination_client::DestinationClient}; use linkerd_error::{Never, Recover}; use linkerd_stack::{Param, Service}; use linkerd_tonic_watch::StreamWatch; use std::task::{Context, Poll}; -use tonic::{ - body::{Body, BoxBody}, - client::GrpcService, -}; +use tonic::{body::BoxBody, client::GrpcService}; use tracing::debug; /// Creates watches on service profiles. @@ -30,9 +27,9 @@ struct Inner { impl Client where S: GrpcService + Clone + Send + 'static, - S::ResponseBody: Send, + S::ResponseBody: Send + Sync, ::Data: Send, - ::Error: + ::Error: Into> + Send, S::Future: Send, R: Recover + Send + Clone + 'static, @@ -49,9 +46,9 @@ impl Service for Client where T: Param, S: GrpcService + Clone + Send + 'static, - S::ResponseBody: Send, + S::ResponseBody: Send + Sync, ::Data: Send, - ::Error: + ::Error: Into> + Send, S::Future: Send, R: Recover + Send + Clone + 'static, @@ -96,9 +93,9 @@ type InnerFuture = impl Inner where S: GrpcService + Clone + Send + 'static, - S::ResponseBody: Send, + S::ResponseBody: Send + Sync, ::Data: Send, - ::Error: + ::Error: Into> + Send, S::Future: Send, { @@ -113,9 +110,9 @@ where impl Service for Inner where S: GrpcService + Clone + Send + 'static, - S::ResponseBody: Send, + S::ResponseBody: Send + Sync, ::Data: Send, - ::Error: + ::Error: Into> + Send, S::Future: Send, { diff --git a/linkerd/service-profiles/src/lib.rs b/linkerd/service-profiles/src/lib.rs index 7191334dea..65e5060622 100644 --- a/linkerd/service-profiles/src/lib.rs +++ b/linkerd/service-profiles/src/lib.rs @@ -63,7 +63,7 @@ pub struct Target { #[derive(Clone, Debug)] pub struct GetProfileService

(P); -#[derive(Clone, Debug, Error)] +#[derive(Debug, Error)] pub enum DiscoveryRejected { #[error("discovery rejected by control plane: {0}")] Remote( diff --git a/linkerd/tonic-watch/Cargo.toml b/linkerd/tonic-watch/Cargo.toml index 2b01935786..0dfcfcf54a 100644 --- a/linkerd/tonic-watch/Cargo.toml +++ b/linkerd/tonic-watch/Cargo.toml @@ -13,7 +13,7 @@ Provides a utility for creating robust watches from a service that returns a str futures = { version = "0.3", default-features = false } linkerd-error = { path = "../error" } linkerd-stack = { path = "../stack" } -tonic = { version = "0.4", default-features = false } +tonic = { version = "0.5", default-features = false } tokio = { version = "1", features = ["macros", "rt", "sync", "time"] } tracing = "0.1" diff --git a/linkerd/transport-header/Cargo.toml b/linkerd/transport-header/Cargo.toml index 286fd048b5..a648650e5d 100644 --- a/linkerd/transport-header/Cargo.toml +++ b/linkerd/transport-header/Cargo.toml @@ -14,12 +14,12 @@ linkerd-dns-name = { path = "../dns/name" } linkerd-error = { path = "../error" } linkerd-io = { path = "../io" } linkerd-stack = { path = "../stack" } -prost = "0.7" +prost = "0.8" tokio = { version = "1", features = ["time"] } tracing = "0.1.26" [build-dependencies] -prost-build = { version = "0.7", default-features = false } +prost-build = { version = "0.8", default-features = false } [target.'cfg(fuzzing)'.dependencies] arbitrary = { version = "1", features = ["derive"] } diff --git a/opencensus-proto/Cargo.toml b/opencensus-proto/Cargo.toml index f6636e87e6..c5ff0f3db4 100644 --- a/opencensus-proto/Cargo.toml +++ b/opencensus-proto/Cargo.toml @@ -13,12 +13,12 @@ Vendored from https://github.com/census-instrumentation/opencensus-proto/. [dependencies] bytes = "1" -tonic = { version = "0.4", default-features = false, features = ["prost", "codegen"] } -prost = "0.7" -prost-types = "0.7" +tonic = { version = "0.5", default-features = false, features = ["prost", "codegen"] } +prost = "0.8" +prost-types = "0.8" [build-dependencies] -tonic-build = { version = "0.4", features = ["prost"], default-features = false } +tonic-build = { version = "0.5", features = ["prost"], default-features = false } [lib] doctest = false