diff --git a/SOURCES/CVE-2021-22570.rhel-8.patch b/SOURCES/CVE-2021-22570.rhel-8.patch new file mode 100644 index 0000000..8910b4d --- /dev/null +++ b/SOURCES/CVE-2021-22570.rhel-8.patch @@ -0,0 +1,57 @@ +--- a/src/google/protobuf/descriptor.cc.orig 2017-11-13 19:47:29.000000000 +0100 ++++ b/src/google/protobuf/descriptor.cc 2022-03-08 17:00:19.057041566 +0100 +@@ -2591,6 +2591,8 @@ + const Descriptor::ReservedRange* range = reserved_range(i); + if (range->end == range->start + 1) { + strings::SubstituteAndAppend(contents, "$0, ", range->start); ++ } else if (range->end > FieldDescriptor::kMaxNumber) { ++ strings::SubstituteAndAppend(contents, "$0 to max, ", range->start); + } else { + strings::SubstituteAndAppend(contents, "$0 to $1, ", + range->start, range->end - 1); +@@ -2810,6 +2812,8 @@ + const EnumDescriptor::ReservedRange* range = reserved_range(i); + if (range->end == range->start) { + strings::SubstituteAndAppend(contents, "$0, ", range->start); ++ } else if (range->end == INT_MAX) { ++ strings::SubstituteAndAppend(contents, "$0 to max, ", range->start); + } else { + strings::SubstituteAndAppend(contents, "$0 to $1, ", + range->start, range->end); +@@ -3983,6 +3987,11 @@ + // Use its file as the parent instead. + if (parent == NULL) parent = file_; + ++ if (full_name.find('\0') != std::string::npos) { ++ AddError(full_name, proto, DescriptorPool::ErrorCollector::NAME, ++ "\"" + full_name + "\" contains null character."); ++ return false; ++ } + if (tables_->AddSymbol(full_name, symbol)) { + if (!file_tables_->AddAliasUnderParent(parent, name, symbol)) { + // This is only possible if there was already an error adding something of +@@ -4020,6 +4029,11 @@ + + void DescriptorBuilder::AddPackage( + const string& name, const Message& proto, const FileDescriptor* file) { ++ if (name.find('\0') != std::string::npos) { ++ AddError(name, proto, DescriptorPool::ErrorCollector::NAME, ++ "\"" + name + "\" contains null character."); ++ return; ++ } + if (tables_->AddSymbol(name, Symbol(file))) { + // Success. Also add parent package, if any. + string::size_type dot_pos = name.find_last_of('.'); +@@ -4288,6 +4302,12 @@ + } + result->pool_ = pool_; + ++ if (result->name().find('\0') != std::string::npos) { ++ AddError(result->name(), proto, DescriptorPool::ErrorCollector::NAME, ++ "\"" + result->name() + "\" contains null character."); ++ return nullptr; ++ } ++ + // Add to tables. + if (!tables_->AddFile(result)) { + AddError(proto.name(), proto, DescriptorPool::ErrorCollector::OTHER, diff --git a/SPECS/protobuf.spec b/SPECS/protobuf.spec index 5e404fd..3cf2ca0 100644 --- a/SPECS/protobuf.spec +++ b/SPECS/protobuf.spec @@ -14,7 +14,7 @@ Summary: Protocol Buffers - Google's data interchange format Name: protobuf Version: 3.5.0 -Release: 13%{?dist} +Release: 15%{?dist} License: BSD URL: https://github.com/google/protobuf Source: https://github.com/google/protobuf/archive/v%{version}%{?rcver}/%{name}-%{version}%{?rcver}.tar.gz @@ -25,6 +25,7 @@ Source3: https://github.com/google/googlemock/archive/release-1.7.0.tar.g Source4: https://github.com/google/googletest/archive/release-1.7.0.tar.gz#/googletest-1.7.0.tar.gz # Might be upstreamable, but for now temporary workaround Patch0: 0001-fix-build-on-s390x.patch +Patch1: CVE-2021-22570.rhel-8.patch BuildRequires: autoconf BuildRequires: automake @@ -421,6 +422,9 @@ install -p -m 0644 %{SOURCE2} $RPM_BUILD_ROOT%{emacs_startdir} %endif %changelog +* Mon Mar 21 2022 Adrian Reber - 3.5.0-15 +- Applied patch for for CVE-2021-22570 (#2050494) + * Thu May 28 2020 Adrian Reber - 3.5.0-13 - Rebuild