diff --git a/CVE-2022-33070.patch b/CVE-2022-33070.patch deleted file mode 100644 index 3c9dd42943643397760086909554c5a92638ea94..0000000000000000000000000000000000000000 --- a/CVE-2022-33070.patch +++ /dev/null @@ -1,73 +0,0 @@ -diff -Naru "protobuf-c-1.4.0 copy/protobuf-c/protobuf-c.c" protobuf-c-1.4.0/protobuf-c/protobuf-c.c ---- "protobuf-c-1.4.0 copy/protobuf-c/protobuf-c.c" 2022-07-04 11:35:58.920205000 +0800 -+++ protobuf-c-1.4.0/protobuf-c/protobuf-c.c 2022-07-04 11:41:59.158278000 +0800 -@@ -316,9 +316,8 @@ - static inline uint32_t - zigzag32(int32_t v) - { -- // Note: the right-shift must be arithmetic -- // Note: left shift must be unsigned because of overflow -- return ((uint32_t)(v) << 1) ^ (uint32_t)(v >> 31); -+ // Note: Using unsigned types prevents undefined behavior -+ return ((uint32_t)v << 1) ^ -((uint32_t)v >> 31); - } - - /** -@@ -380,9 +379,8 @@ - static inline uint64_t - zigzag64(int64_t v) - { -- // Note: the right-shift must be arithmetic -- // Note: left shift must be unsigned because of overflow -- return ((uint64_t)(v) << 1) ^ (uint64_t)(v >> 63); -+ // Note: Using unsigned types prevents undefined behavior -+ return ((uint64_t)v << 1) ^ -((uint64_t)v >> 63); - } - - /** -@@ -802,7 +800,8 @@ - } - - /** -- * Pack a signed 32-bit integer and return the number of bytes written. -+ * Pack a signed 32-bit integer and return the number of bytes written, -+ * passed as unsigned to avoid implementation-specific behavior. - * Negative numbers are encoded as two's complement 64-bit integers. - * - * \param value -@@ -813,14 +812,14 @@ - * Number of bytes written to `out`. - */ - static inline size_t --int32_pack(int32_t value, uint8_t *out) -+int32_pack(uint32_t value, uint8_t *out) - { -- if (value < 0) { -+ if ((int32_t)value < 0) { - out[0] = value | 0x80; - out[1] = (value >> 7) | 0x80; - out[2] = (value >> 14) | 0x80; - out[3] = (value >> 21) | 0x80; -- out[4] = (value >> 28) | 0x80; -+ out[4] = (value >> 28) | 0xf0; - out[5] = out[6] = out[7] = out[8] = 0xff; - out[9] = 0x01; - return 10; -@@ -2425,7 +2424,7 @@ - unzigzag32(uint32_t v) - { - // Note: Using unsigned types prevents undefined behavior -- return (int32_t)((v >> 1) ^ (~(v & 1) + 1)); -+ return (int32_t)((v >> 1) ^ -(v & 1)); - } - - static inline uint32_t -@@ -2467,7 +2466,7 @@ - unzigzag64(uint64_t v) - { - // Note: Using unsigned types prevents undefined behavior -- return (int64_t)((v >> 1) ^ (~(v & 1) + 1)); -+ return (int64_t)((v >> 1) ^ -(v & 1)); - } - - static inline uint64_t diff --git a/backport-0001-Fix-issue-499-unsigned-integer-overflow.patch b/backport-0001-Fix-issue-499-unsigned-integer-overflow.patch deleted file mode 100644 index f01254291a766726b5f25f42a6e58d3218a6dc88..0000000000000000000000000000000000000000 --- a/backport-0001-Fix-issue-499-unsigned-integer-overflow.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 289f5c18b195aa43d46a619d1188709abbfa9c82 Mon Sep 17 00:00:00 2001 -From: 10054172 -Date: Fri, 18 Mar 2022 12:42:57 -0400 -Subject: [PATCH 1/2] Fix issue #499: unsigned integer overflow - -Signed-off-by: 10054172 ---- - protobuf-c/protobuf-c.c | 11 +++++++---- - 1 file changed, 7 insertions(+), 4 deletions(-) - -diff --git a/protobuf-c/protobuf-c.c b/protobuf-c/protobuf-c.c -index 98052cd..ec2d40a 100644 ---- a/protobuf-c/protobuf-c.c -+++ b/protobuf-c/protobuf-c.c -@@ -2603,10 +2603,13 @@ parse_required_member(ScannedMember *scanned_member, - return FALSE; - - def_mess = scanned_member->field->default_value; -- subm = protobuf_c_message_unpack(scanned_member->field->descriptor, -- allocator, -- len - pref_len, -- data + pref_len); -+ if (len > pref_len) -+ subm = protobuf_c_message_unpack(scanned_member->field->descriptor, -+ allocator, -+ len - pref_len, -+ data + pref_len); -+ else -+ subm = NULL; - - if (maybe_clear && - *pmessage != NULL && --- -2.37.3.windows.1 - diff --git a/backport-0002-Fix-regression-with-zero-length-messages-introduced-.patch b/backport-0002-Fix-regression-with-zero-length-messages-introduced-.patch deleted file mode 100644 index dd46392f14e26f3b585f05095f4a188627656249..0000000000000000000000000000000000000000 --- a/backport-0002-Fix-regression-with-zero-length-messages-introduced-.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 0d1fd124a4e0a07b524989f6e64410ff648fba61 Mon Sep 17 00:00:00 2001 -From: "Todd C. Miller" -Date: Thu, 9 Jun 2022 07:34:55 -0600 -Subject: [PATCH 2/2] Fix regression with zero-length messages introduced in - protobuf-c PR 500. - -[edmonds: Import bugfix from -https://github.com/sudo-project/sudo/commit/b6a6451482a3ff5e30f43ef888159d4b0d39143b.patch.] ---- - protobuf-c/protobuf-c.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/protobuf-c/protobuf-c.c b/protobuf-c/protobuf-c.c -index ec2d40a..448f3e8 100644 ---- a/protobuf-c/protobuf-c.c -+++ b/protobuf-c/protobuf-c.c -@@ -2603,7 +2603,7 @@ parse_required_member(ScannedMember *scanned_member, - return FALSE; - - def_mess = scanned_member->field->default_value; -- if (len > pref_len) -+ if (len >= pref_len) - subm = protobuf_c_message_unpack(scanned_member->field->descriptor, - allocator, - len - pref_len, --- -2.37.3.windows.1 - diff --git a/protobuf-c.spec b/protobuf-c.spec index 705104c025b5f4a761e300f866365adb8085b2e2..2058bb1ce88363726ff23f019fce97880fdace96 100644 --- a/protobuf-c.spec +++ b/protobuf-c.spec @@ -1,19 +1,15 @@ Name: protobuf-c -Version: 1.4.0 -Release: 4 +Version: 1.4.1 +Release: 1 Summary: This is protobuf-c, a C implementation of the Google Protocol Buffers data serialization format License: BSD-2-Clause URL: https://github.com/protobuf-c/protobuf-c Source0: %{url}/archive/refs/tags/v%{version}.tar.gz #https://github.com/protobuf-c/protobuf-c/pull/508/files -Patch0001: CVE-2022-33070.patch BuildRequires: autoconf automake libtool gcc-c++ pkgconfig(protobuf) Provides: %{name}-compiler = %{version}-%{release} Obsoletes: %{name}-compiler < %{version}-%{release} -Patch6000: backport-0001-Fix-issue-499-unsigned-integer-overflow.patch -Patch6001: backport-0002-Fix-regression-with-zero-length-messages-introduced-.patch - %description This is protobuf-c, a C implementation of the Google Protocol Buffers data serialization format. @@ -53,6 +49,12 @@ make check %{_libdir}/{libprotobuf-c.so,pkgconfig/libprotobuf-c.pc} %changelog +* Thu Feb 2 2023 zhoujie - 1.4.1-1 +- Type:upgrade +- CVE:NA +- SUG:NA +- DESC:upgrade to 1.4.1-1 + * Sat Jan 7 2023 mengwenhua - 1.4.0-4 - Type:bugfix - CVE:NA diff --git a/v1.4.0.tar.gz b/v1.4.0.tar.gz deleted file mode 100644 index 395983da4ec51ef607641903e20dd6bcd0ad852e..0000000000000000000000000000000000000000 Binary files a/v1.4.0.tar.gz and /dev/null differ diff --git a/v1.4.1.tar.gz b/v1.4.1.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..662ecfc930b4a28c69ec1b8b24026cb1f0e9cdc8 Binary files /dev/null and b/v1.4.1.tar.gz differ