protobuf

Protocol Buffers - Google's data interchange format

Go to file

Adrian Reber 9dfa2f5140 Fix CVE-2026-0994: nested Any messages bypassing recursion depth limits Add max_recursion_depth parameter to json_format Parse/ParseDict functions to prevent denial-of-service attacks via deeply nested protobuf messages. The fix also changes _ConvertAnyMessage to use ConvertMessage directly, ensuring recursion depth is properly tracked for nested Any messages. Upstream PR: https://github.com/protocolbuffers/protobuf/pull/25239 New patches: - protobuf-3.14-CVE-2026-0994-nested-any-recursion.patch - protobuf-3.14-CVE-2026-0994-test.patch Generated with [Claude Code](https://claude.ai/code) Resolves: RHEL-144068 Signed-off-by: Adrian Reber <areber@redhat.com>		2026-01-26 21:33:40 +01:00
tests	Add tests and gating.yaml	2021-05-07 09:42:57 +02:00
.gitignore	Merged update from upstream sources	2021-01-16 16:25:39 +00:00
CVE-2021-22570.patch	Applied patch for for CVE-2021-22570 (#2055641 )	2022-03-08 10:14:14 +01:00
CVE-2022-1941.patch	Applied patch for CVE-2022-1941 (#RHEL-40872)	2024-06-17 13:25:38 +02:00
ftdetect-proto.vim	RHEL 9.0.0 Alpha bootstrap	2020-10-14 16:32:52 -07:00
gating.yaml	Add tests and gating.yaml	2021-05-07 09:42:57 +02:00
protobuf-3.14-CVE-2026-0994-nested-any-recursion.patch	Fix CVE-2026-0994: nested Any messages bypassing recursion depth limits	2026-01-26 21:33:40 +01:00
protobuf-3.14-CVE-2026-0994-test.patch	Fix CVE-2026-0994: nested Any messages bypassing recursion depth limits	2026-01-26 21:33:40 +01:00
protobuf-3.14-disable-IoTest.LargeOutput.patch	Merged update from upstream sources	2021-01-16 16:25:39 +00:00
protobuf-init.el	RHEL 9.0.0 Alpha bootstrap	2020-10-14 16:32:52 -07:00
protobuf.spec	Fix CVE-2026-0994: nested Any messages bypassing recursion depth limits	2026-01-26 21:33:40 +01:00
rpminspect.yaml	Rebuilt for test fixes	2022-03-23 15:59:36 +01:00
sources	Merged update from upstream sources	2021-01-16 16:25:39 +00:00