Applied patch for for CVE-2021-22570 (#2050492)

Signed-off-by: Adrian Reber <adrian@lisas.de>

.gitignore

@@ -16,3 +16,6 @@ protobuf-2.3.0.tar.bz2
 /protobuf-3.11.2-all.tar.gz
 /5ec7f0c4a113e2f18ac2c6cc7df51ad6afc24081.zip
 /protobuf-3.11.4-all.tar.gz
+/protobuf-3.12.3-all.tar.gz
+/protobuf-3.13.0-all.tar.gz
+/protobuf-3.14.0-all.tar.gz

CVE-2021-22570.patch

@@ -0,0 +1,77 @@
+diff --git a/src/google/protobuf/descriptor.cc b/src/google/protobuf/descriptor.cc
+index 7af37c57f3..03c4e2b516 100644
+--- a/src/google/protobuf/descriptor.cc
++++ b/src/google/protobuf/descriptor.cc
+@@ -1090,7 +1090,7 @@ inline void DescriptorPool::Tables::FindAllExtensions(
+ 
+ bool DescriptorPool::Tables::AddSymbol(const std::string& full_name,
+                                        Symbol symbol) {
+-  if (InsertIfNotPresent(&symbols_by_name_, full_name.c_str(), symbol)) {
++  if (InsertIfNotPresent(&symbols_by_name_, full_name, symbol)) {
+     symbols_after_checkpoint_.push_back(full_name.c_str());
+     return true;
+   } else {
+@@ -1106,7 +1106,7 @@ bool FileDescriptorTables::AddAliasUnderParent(const void* parent,
+ }
+ 
+ bool DescriptorPool::Tables::AddFile(const FileDescriptor* file) {
+-  if (InsertIfNotPresent(&files_by_name_, file->name().c_str(), file)) {
++  if (InsertIfNotPresent(&files_by_name_, file->name(), file)) {
+     files_after_checkpoint_.push_back(file->name().c_str());
+     return true;
+   } else {
+@@ -2626,6 +2626,8 @@ void Descriptor::DebugString(int depth, std::string* contents,
+       const Descriptor::ReservedRange* range = reserved_range(i);
+       if (range->end == range->start + 1) {
+         strings::SubstituteAndAppend(contents, "$0, ", range->start);
++      } else if (range->end > FieldDescriptor::kMaxNumber) {
++        strings::SubstituteAndAppend(contents, "$0 to max, ", range->start);
+       } else {
+         strings::SubstituteAndAppend(contents, "$0 to $1, ", range->start,
+                                   range->end - 1);
+@@ -2829,6 +2831,8 @@ void EnumDescriptor::DebugString(
+       const EnumDescriptor::ReservedRange* range = reserved_range(i);
+       if (range->end == range->start) {
+         strings::SubstituteAndAppend(contents, "$0, ", range->start);
++      } else if (range->end == INT_MAX) {
++        strings::SubstituteAndAppend(contents, "$0 to max, ", range->start);
+       } else {
+         strings::SubstituteAndAppend(contents, "$0 to $1, ", range->start,
+                                   range->end);
+@@ -4019,6 +4023,11 @@ bool DescriptorBuilder::AddSymbol(const std::string& full_name,
+   // Use its file as the parent instead.
+   if (parent == nullptr) parent = file_;
+ 
++  if (full_name.find('\0') != std::string::npos) {
++    AddError(full_name, proto, DescriptorPool::ErrorCollector::NAME,
++             "\"" + full_name + "\" contains null character.");
++    return false;
++  }
+   if (tables_->AddSymbol(full_name, symbol)) {
+     if (!file_tables_->AddAliasUnderParent(parent, name, symbol)) {
+       // This is only possible if there was already an error adding something of
+@@ -4059,6 +4068,11 @@ bool DescriptorBuilder::AddSymbol(const std::string& full_name,
+ void DescriptorBuilder::AddPackage(const std::string& name,
+                                    const Message& proto,
+                                    const FileDescriptor* file) {
++  if (name.find('\0') != std::string::npos) {
++    AddError(name, proto, DescriptorPool::ErrorCollector::NAME,
++             "\"" + name + "\" contains null character.");
++    return;
++  }
+   if (tables_->AddSymbol(name, Symbol(file))) {
+     // Success.  Also add parent package, if any.
+     std::string::size_type dot_pos = name.find_last_of('.');
+@@ -4372,6 +4386,12 @@ FileDescriptor* DescriptorBuilder::BuildFileImpl(
+   }
+   result->pool_ = pool_;
+ 
++  if (result->name().find('\0') != std::string::npos) {
++    AddError(result->name(), proto, DescriptorPool::ErrorCollector::NAME,
++             "\"" + result->name() + "\" contains null character.");
++    return nullptr;
++  }
++
+   // Add to tables.
+   if (!tables_->AddFile(result)) {
+     AddError(proto.name(), proto, DescriptorPool::ErrorCollector::OTHER,

protobuf-3.14-disable-IoTest.LargeOutput.patch

@@ -0,0 +1,25 @@
+--- a/src/google/protobuf/io/zero_copy_stream_unittest.cc.orig	2021-01-12 12:25:18.471517830 +0100
++++ b/src/google/protobuf/io/zero_copy_stream_unittest.cc	2021-01-12 12:25:42.022696126 +0100
+@@ -712,22 +712,6 @@
+   }
+ }
+ 
+-// Verifies that outputs up to kint32max can be created.
+-TEST_F(IoTest, LargeOutput) {
+-  std::string str;
+-  StringOutputStream output(&str);
+-  void* unused_data;
+-  int size;
+-  // Repeatedly calling Next should eventually grow the buffer to kint32max.
+-  do {
+-    EXPECT_TRUE(output.Next(&unused_data, &size));
+-  } while (str.size() < std::numeric_limits<int>::max());
+-  // Further increases should be possible.
+-  output.Next(&unused_data, &size);
+-  EXPECT_GT(size, 0);
+-}
+-
+-
+ // To test files, we create a temporary file, write, read, truncate, repeat.
+ TEST_F(IoTest, FileIo) {
+   std::string filename = TestTempDir() + "/zero_copy_stream_test_file";

protobuf.spec

@@ -7,8 +7,8 @@
 
 Summary:        Protocol Buffers - Google's data interchange format
 Name:           protobuf
-Version:        3.11.4
-Release:        1%{?dist}
+Version:        3.14.0
+Release:        7%{?dist}
 License:        BSD
 URL:            https://github.com/protocolbuffers/protobuf
 Source:         https://github.com/protocolbuffers/protobuf/archive/v%{version}%{?rcver}/%{name}-%{version}%{?rcver}-all.tar.gz
@@ -17,6 +17,16 @@ Source2:        protobuf-init.el
 # For tests (using exactly the same version as the release)
 Source3:        https://github.com/google/googletest/archive/5ec7f0c4a113e2f18ac2c6cc7df51ad6afc24081.zip
 
+# https://github.com/protocolbuffers/protobuf/issues/8082
+Patch1:         protobuf-3.14-disable-IoTest.LargeOutput.patch
+
+# Fix for CVE-2021-22570 "protobuf: Incorrect parsing of nullchar in the proto symbol leads to Nullptr dereference"
+# https://bugzilla.redhat.com/show_bug.cgi?id=2050492
+# Based on https://github.com/protocolbuffers/protobuf/commit/af95001202a035d78ff997e737bd67fca22ab32a
+# As described in https://bugzilla.suse.com/show_bug.cgi?id=1195258
+Patch2:         CVE-2021-22570.patch
+
+BuildRequires:  make
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  emacs
@@ -41,9 +51,6 @@ breaking deployed programs that are compiled against the "old" format.
 %package compiler
 Summary:        Protocol Buffers compiler
 Requires:       %{name} = %{version}-%{release}
-Obsoletes:      protobuf-emacs < 3.6.1-4
-Obsoletes:      protobuf-emacs-el < 3.6.1-4
-Requires:       emacs-filesystem >= %{_emacs_version}
 
 %description compiler
 This package contains Protocol Buffers compiler for all programming
@@ -108,6 +115,7 @@ Summary:        Python 3 bindings for Google Protocol Buffers
 BuildArch:      noarch
 BuildRequires:  python%{python3_pkgversion}-devel
 BuildRequires:  python%{python3_pkgversion}-setuptools
+BuildRequires:  python%{python3_pkgversion}-wheel
 Requires:       python%{python3_pkgversion}-six >= 1.9
 Conflicts:      %{name}-compiler > %{version}
 Conflicts:      %{name}-compiler < %{version}
@@ -186,9 +194,24 @@ Protocol Buffer BOM POM.
 
 %endif
 
+%package emacs
+Summary:        Emacs mode for Google Protocol Buffers descriptions
+BuildArch:      noarch
+Requires:       emacs-filesystem >= %{_emacs_version}
+Obsoletes:      protobuf-emacs-el < 3.6.1-4
+
+%description emacs
+This package contains syntax highlighting for Google Protocol Buffers
+descriptions in the Emacs editor.
+
 %prep
 %setup -q -n %{name}-%{version}%{?rcver} -a 3
-%autopatch -p1
+%ifarch %{ix86} armv7hl
+# IoTest.LargeOutput fails on 32bit arches
+# https://github.com/protocolbuffers/protobuf/issues/8082
+%patch1 -p1
+%endif
+%patch2 -p1
 mv googletest-5ec7f0c4a113e2f18ac2c6cc7df51ad6afc24081/* third_party/googletest/
 find -name \*.cc -o -name \*.h | xargs chmod -x
 chmod 644 examples/*
@@ -204,6 +227,7 @@ rm java/core/src/test/java/com/google/protobuf/LiteralByteStringTest.java
 rm java/core/src/test/java/com/google/protobuf/BoundedByteStringTest.java
 rm java/core/src/test/java/com/google/protobuf/RopeByteStringTest.java
 rm java/core/src/test/java/com/google/protobuf/RopeByteStringSubstringTest.java
+rm java/core/src/test/java/com/google/protobuf/TextFormatTest.java
 rm -r java/util/src/test/java/com/google/protobuf/util
 rm -r java/util/src/main/java/com/google/protobuf/util
 
@@ -232,7 +256,12 @@ export PTHREAD_LIBS="-lpthread"
 ./autogen.sh
 %configure
 
-%make_build
+# -Wno-error=type-limits:
+#     https://bugzilla.redhat.com/show_bug.cgi?id=1838470
+#     https://github.com/protocolbuffers/protobuf/issues/7514
+#     https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95148
+#  (also set in %%check)
+%make_build CXXFLAGS="%{build_cxxflags} -Wno-error=type-limits"
 
 %if %{with python}
 pushd python
@@ -257,7 +286,7 @@ fail=0
 %else
 fail=1
 %endif
-make %{?_smp_mflags} check || exit $fail
+%make_build check CXXFLAGS="%{build_cxxflags} -Wno-error=type-limits" || exit $fail
 
 
 %install
@@ -266,7 +295,6 @@ find %{buildroot} -type f -name "*.la" -exec rm -f {} \;
 
 %if %{with python}
 pushd python
-#python ./setup.py install --root=%{buildroot} --single-version-externally-managed --record=INSTALLED_FILES --optimize=1
 %py3_install
 find %{buildroot}%{python3_sitelib} -name \*.py |
   xargs sed -i -e '1{\@^#!@d}'
@@ -292,15 +320,13 @@ install -p -m 0644 %{SOURCE2} %{buildroot}%{_emacs_sitestartdir}
 %files
 %doc CHANGES.txt CONTRIBUTORS.txt README.md
 %license LICENSE
-%{_libdir}/libprotobuf.so.22*
+%{_libdir}/libprotobuf.so.25*
 
 %files compiler
 %doc README.md
 %license LICENSE
 %{_bindir}/protoc
-%{_libdir}/libprotoc.so.22*
-%{_emacs_sitelispdir}/%{name}/
-%{_emacs_sitestartdir}/protobuf-init.el
+%{_libdir}/libprotoc.so.25*
 
 %files devel
 %dir %{_includedir}/google
@@ -310,12 +336,16 @@ install -p -m 0644 %{SOURCE2} %{buildroot}%{_emacs_sitestartdir}
 %{_libdir}/pkgconfig/protobuf.pc
 %doc examples/add_person.cc examples/addressbook.proto examples/list_people.cc examples/Makefile examples/README.md
 
+%files emacs
+%{_emacs_sitelispdir}/%{name}/
+%{_emacs_sitestartdir}/protobuf-init.el
+
 %files static
 %{_libdir}/libprotobuf.a
 %{_libdir}/libprotoc.a
 
 %files lite
-%{_libdir}/libprotobuf-lite.so.22*
+%{_libdir}/libprotobuf-lite.so.25*
 
 %files lite-devel
 %{_libdir}/libprotobuf-lite.so
@@ -361,6 +391,47 @@ install -p -m 0644 %{SOURCE2} %{buildroot}%{_emacs_sitestartdir}
 
 
 %changelog
+* Sat Feb 12 2022 Adrian Reber <adrian@lisas.de> - 3.14.0-7
+- Applied patch for for CVE-2021-22570 (#2050492)
+
+* Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.14.0-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Fri Jun 04 2021 Python Maint <python-maint@redhat.com> - 3.14.0-5
+- Rebuilt for Python 3.10
+
+* Thu May 06 2021 Adrian Reber <adrian@lisas.de> - 3.14.0-4
+- Reintroduce the emacs subpackage to avoid file conflicts between
+  protobuf-compiler.x86_64 and protobuf-compiler.i686
+
+* Tue Mar 30 2021 Jonathan Wakely <jwakely@redhat.com> - 3.14.0-3
+- Rebuilt for removed libstdc++ symbol (#1937698)
+
+* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.14.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Mon Jan 04 2021 Adrian Reber <adrian@lisas.de> - 3.14.0-1
+- Update to 3.14.0
+
+* Wed Aug 26 2020 Charalampos Stratakis <cstratak@redhat.com> - 3.13.0-1
+- Update to 3.13.0
+
+* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.12.3-4
+- Second attempt - Rebuilt for
+  https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.12.3-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Sat Jul 11 2020 Jiri Vanek <jvanek@redhat.com> - 3.12.3-2
+- Rebuilt for JDK-11, see https://fedoraproject.org/wiki/Changes/Java11
+
+* Fri Jun 19 2020 Adrian Reber <adrian@lisas.de> - 3.12.3-2
+- Update to 3.12.3
+
+* Tue May 26 2020 Miro Hrončok <mhroncok@redhat.com> - 3.11.4-2
+- Rebuilt for Python 3.9
+
 * Tue Mar 31 2020 Adrian Reber <adrian@lisas.de> - 3.11.4-1
 - Update to 3.11.4
 

sources

@@ -1,2 +1,2 @@
-SHA512 (protobuf-3.11.4-all.tar.gz) = 777bbb0e9e2375eaebe6b8c87abd660bac70ee469c9ad00dd25917b82d7fb5bbe33cf87f0d69c90e19d55c07a7285ec20974ba4768623ce9ccfadf147fd5e261
 SHA512 (5ec7f0c4a113e2f18ac2c6cc7df51ad6afc24081.zip) = ba904f3a0b606357873db938986b0abf37425a65501340fe81f73f9c5d05f542429662fe71c0b10e4796cb6335ae9a687fc9fb21084f2f5bfd2ede79977f5821
+SHA512 (protobuf-3.14.0-all.tar.gz) = 9dabba81119cb6196ef5de382a1032c57f6e69038f4dce0156f8671b98e51bb5095915fb6d05bb5a8ad8b17b559e652e1e9a392dd30c7ed8dcf1d986c137be11