diff --git a/SOURCES/ec3d900001a13ccdaa8aef996b34c61159c76217.patch b/SOURCES/ec3d900001a13ccdaa8aef996b34c61159c76217.patch new file mode 100644 index 0000000..c7836bc --- /dev/null +++ b/SOURCES/ec3d900001a13ccdaa8aef996b34c61159c76217.patch @@ -0,0 +1,58 @@ +From 289f5c18b195aa43d46a619d1188709abbfa9c82 Mon Sep 17 00:00:00 2001 +From: 10054172 +Date: Fri, 18 Mar 2022 12:42:57 -0400 +Subject: [PATCH 1/2] Fix issue #499: unsigned integer overflow + +Signed-off-by: 10054172 +--- + protobuf-c/protobuf-c.c | 11 +++++++---- + 1 file changed, 7 insertions(+), 4 deletions(-) + +diff --git a/protobuf-c/protobuf-c.c b/protobuf-c/protobuf-c.c +index 98052cdb..ec2d40a1 100644 +--- a/protobuf-c/protobuf-c.c ++++ b/protobuf-c/protobuf-c.c +@@ -2603,10 +2603,13 @@ parse_required_member(ScannedMember *scanned_member, + return FALSE; + + def_mess = scanned_member->field->default_value; +- subm = protobuf_c_message_unpack(scanned_member->field->descriptor, +- allocator, +- len - pref_len, +- data + pref_len); ++ if (len > pref_len) ++ subm = protobuf_c_message_unpack(scanned_member->field->descriptor, ++ allocator, ++ len - pref_len, ++ data + pref_len); ++ else ++ subm = NULL; + + if (maybe_clear && + *pmessage != NULL && + +From 0d1fd124a4e0a07b524989f6e64410ff648fba61 Mon Sep 17 00:00:00 2001 +From: "Todd C. Miller" +Date: Thu, 9 Jun 2022 07:34:55 -0600 +Subject: [PATCH 2/2] Fix regression with zero-length messages introduced in + protobuf-c PR 500. + +[edmonds: Import bugfix from +https://github.com/sudo-project/sudo/commit/b6a6451482a3ff5e30f43ef888159d4b0d39143b.patch.] +--- + protobuf-c/protobuf-c.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/protobuf-c/protobuf-c.c b/protobuf-c/protobuf-c.c +index ec2d40a1..448f3e81 100644 +--- a/protobuf-c/protobuf-c.c ++++ b/protobuf-c/protobuf-c.c +@@ -2603,7 +2603,7 @@ parse_required_member(ScannedMember *scanned_member, + return FALSE; + + def_mess = scanned_member->field->default_value; +- if (len > pref_len) ++ if (len >= pref_len) + subm = protobuf_c_message_unpack(scanned_member->field->descriptor, + allocator, + len - pref_len, diff --git a/SPECS/protobuf-c.spec b/SPECS/protobuf-c.spec index 28ef01b..5941ec1 100644 --- a/SPECS/protobuf-c.spec +++ b/SPECS/protobuf-c.spec @@ -1,22 +1,23 @@ Name: protobuf-c Version: 1.3.0 -Release: 6%{?dist} +Release: 8%{?dist} Summary: C bindings for Google's Protocol Buffers License: BSD URL: https://github.com/protobuf-c/protobuf-c Source0: https://github.com/protobuf-c/protobuf-c/releases/download/v%{version}/%{name}-%{version}.tar.gz +Patch0: %{url}/commit/ec3d900001a13ccdaa8aef996b34c61159c76217.patch BuildRequires: autoconf automake libtool BuildRequires: gcc-c++ BuildRequires: pkgconfig(protobuf) %description -Protocol Buffers are a way of encoding structured data in an efficient yet +Protocol Buffers are a way of encoding structured data in an efficient yet extensible format. This package provides a code generator and run-time libraries to use Protocol Buffers from pure C (not C++). -It uses a modified version of protoc called protoc-c. +It uses a modified version of protoc called protoc-c. %package compiler Summary: Protocol Buffers C compiler @@ -36,6 +37,7 @@ This package contains protobuf-c headers and libraries. %prep %setup -q +%patch -P 0 -p 1 %build autoreconf -ifv @@ -67,9 +69,15 @@ rm -vf $RPM_BUILD_ROOT/%{_libdir}/libprotobuf-c.la %{_libdir}/pkgconfig/libprotobuf-c.pc %changelog -* Wed Jul 26 2023 MSVSphere Packaging Team - 1.3.0-6 +* Wed Jul 26 2023 MSVSphere Packaging Team - 1.3.0-8 - Rebuilt for MSVSphere 8.8 +* Tue Apr 25 2023 Adrian Reber - 1.3.0-8 +- Rebuild for gating test + +* Mon Apr 24 2023 Adrian Reber - 1.3.0-7 +- Applied patch for for CVE-2022-48468 (#2186678) + * Wed Feb 03 2021 Petr Menšík - 1.3.0-6 - Rebuild for gating test (#1919904)