rpms/protobuf
7
0
Fork 0
Code Issues Pull Requests Releases Activity
Protocol Buffers - Google's data interchange format
171 Commits 8 Branches 23 Tags 317 KiB
Emacs Lisp 81.5%
Vim script 18.5%
ea5b2395b2
Go to file
Adrian Reber ea5b2395b2 Fix CVE-2026-0994: nested Any messages bypassing recursion depth limits 
Add max_recursion_depth parameter to json_format Parse/ParseDict functions
to prevent denial-of-service attacks via deeply nested protobuf messages.
The fix also changes _ConvertAnyMessage to use ConvertMessage directly,
ensuring recursion depth is properly tracked for nested Any messages.

Upstream PR: https://github.com/protocolbuffers/protobuf/pull/25239

New patches:
- protobuf-3.19-CVE-2026-0994-nested-any-recursion.patch
- protobuf-3.19-CVE-2026-0994-test.patch

Generated with [Claude Code](https://claude.ai/code)

Resolves: RHEL-144062

Signed-off-by: Adrian Reber <areber@redhat.com>
2026-01-26 18:25:32 +01:00
tests Rebuilt for tests directory 2025-05-26 12:49:47 +02:00
.gitignore Update to 3.19.6; fix CVE-2022-3171 2022-12-07 13:49:42 -05:00
disable-tests-on-32-bit-systems.patch Disable tests that fail on 32bit arches 2021-10-22 10:37:46 +02:00
ftdetect-proto.vim Initial import of approved protobuf-2.0.2-4 2008-11-25 18:48:07 +00:00
gating.yaml copy gating.yaml from c9s 2024-08-06 15:12:44 +02:00
protobuf-3.14-disable-IoTest.LargeOutput.patch Update to 3.14.0 2021-01-12 12:31:15 +01:00
protobuf-3.19-CVE-2026-0994-nested-any-recursion.patch Fix CVE-2026-0994: nested Any messages bypassing recursion depth limits 2026-01-26 18:25:32 +01:00
protobuf-3.19-CVE-2026-0994-test.patch Fix CVE-2026-0994: nested Any messages bypassing recursion depth limits 2026-01-26 18:25:32 +01:00
protobuf-3.19.4-jre17-add-opens.patch Add some --add-opens option for java17 2022-02-13 21:50:46 +09:00
protobuf-3.19.4-python3.11.patch Re-enable compiled Python extension on Python 3.11 2022-12-05 10:39:12 -05:00
protobuf-init.el Added sub-package for Emacs editing mode 2013-01-20 12:02:08 -08:00
protobuf.spec Fix CVE-2026-0994: nested Any messages bypassing recursion depth limits 2026-01-26 18:25:32 +01:00
protoc.1 Add a man page for protoc 2022-12-06 09:31:01 -05:00
rpminspect.yaml Disable tests during build that are flaky 2025-11-14 08:14:13 +01:00
sources Update to 3.19.6; fix CVE-2022-3171 2022-12-07 13:49:42 -05:00