From 202c28e2a5ae3b22b575ba0d83ab176fe6ef6d59 Mon Sep 17 00:00:00 2001
From: zhangxianting <zhangxianting@uniontech.com>
Date: Thu, 19 Sep 2024 10:42:51 +0800
Subject: [PATCH] fix CVE-2024-7254

(cherry picked from commit 9a7fc3d97bf25458b652f79a7e2c409b1507777f)
---
 0004-backport-CVE-2024-7254.patch | 146 ++++++++++++++++++++++++++++++
 protobuf.spec                     |   9 +-
 2 files changed, 154 insertions(+), 1 deletion(-)
 create mode 100644 0004-backport-CVE-2024-7254.patch

diff --git a/0004-backport-CVE-2024-7254.patch b/0004-backport-CVE-2024-7254.patch
new file mode 100644
index 0000000..89492db
--- /dev/null
+++ b/0004-backport-CVE-2024-7254.patch
@@ -0,0 +1,146 @@
+From cc8b3483a5584b3301e3d43d17eb59704857ffaa Mon Sep 17 00:00:00 2001
+From: Protobuf Team Bot <protobuf-github-bot@google.com>
+Date: Thu, 18 Jul 2024 07:41:01 -0700
+Subject: [PATCH] Internal change
+
+PiperOrigin-RevId: 653615736
+---
+ .../core/src/main/java/com/google/protobuf/ArrayDecoders.java | 3 +--
+ .../com/google/protobuf/InvalidProtocolBufferException.java   | 2 +-
+ .../core/src/main/java/com/google/protobuf/MessageSchema.java | 3 +++
+ .../src/main/java/com/google/protobuf/MessageSetSchema.java   | 1 +
+ .../src/main/java/com/google/protobuf/UnknownFieldSchema.java | 3 +--
+ java/lite/src/test/java/com/google/protobuf/LiteTest.java     | 3 +++
+ src/google/protobuf/unittest_lite.proto                       | 4 ++++
+ 7 files changed, 14 insertions(+), 5 deletions(-)
+
+diff --git a/java/core/src/main/java/com/google/protobuf/ArrayDecoders.java b/java/core/src/main/java/com/google/protobuf/ArrayDecoders.java
+index f3241de..9bf1439 100644
+--- a/java/core/src/main/java/com/google/protobuf/ArrayDecoders.java
++++ b/java/core/src/main/java/com/google/protobuf/ArrayDecoders.java
+@@ -24,8 +24,7 @@ import java.io.IOException;
+ @CheckReturnValue
+ final class ArrayDecoders {
+ 
+-  private ArrayDecoders() {
+-  }
++  private ArrayDecoders() {}
+ 
+   /**
+    * A helper used to return multiple values in a Java function. Java doesn't natively support
+diff --git a/java/core/src/main/java/com/google/protobuf/InvalidProtocolBufferException.java b/java/core/src/main/java/com/google/protobuf/InvalidProtocolBufferException.java
+index 5d10e48..dbcb9e8 100644
+--- a/java/core/src/main/java/com/google/protobuf/InvalidProtocolBufferException.java
++++ b/java/core/src/main/java/com/google/protobuf/InvalidProtocolBufferException.java
+@@ -132,7 +132,7 @@ public class InvalidProtocolBufferException extends IOException {
+   static InvalidProtocolBufferException recursionLimitExceeded() {
+     return new InvalidProtocolBufferException(
+         "Protocol message had too many levels of nesting.  May be malicious.  "
+-            + "Use CodedInputStream.setRecursionLimit() to increase the depth limit.");
++            + "Use setRecursionLimit() to increase the recursion depth limit.");
+   }
+ 
+   static InvalidProtocolBufferException sizeLimitExceeded() {
+diff --git a/java/core/src/main/java/com/google/protobuf/MessageSchema.java b/java/core/src/main/java/com/google/protobuf/MessageSchema.java
+index de3890f..f8f79fc 100644
+--- a/java/core/src/main/java/com/google/protobuf/MessageSchema.java
++++ b/java/core/src/main/java/com/google/protobuf/MessageSchema.java
+@@ -3006,6 +3006,7 @@ final class MessageSchema<T> implements Schema<T> {
+               unknownFields = unknownFieldSchema.getBuilderFromMessage(message);
+             }
+             // Unknown field.
++
+             if (unknownFieldSchema.mergeOneFieldFrom(unknownFields, reader)) {
+               continue;
+             }
+@@ -3381,6 +3382,7 @@ final class MessageSchema<T> implements Schema<T> {
+               if (unknownFields == null) {
+                 unknownFields = unknownFieldSchema.getBuilderFromMessage(message);
+               }
++
+               if (!unknownFieldSchema.mergeOneFieldFrom(unknownFields, reader)) {
+                 return;
+               }
+@@ -3397,6 +3399,7 @@ final class MessageSchema<T> implements Schema<T> {
+             if (unknownFields == null) {
+               unknownFields = unknownFieldSchema.getBuilderFromMessage(message);
+             }
++
+             if (!unknownFieldSchema.mergeOneFieldFrom(unknownFields, reader)) {
+               return;
+             }
+diff --git a/java/core/src/main/java/com/google/protobuf/MessageSetSchema.java b/java/core/src/main/java/com/google/protobuf/MessageSetSchema.java
+index eec3acd..a17037e 100644
+--- a/java/core/src/main/java/com/google/protobuf/MessageSetSchema.java
++++ b/java/core/src/main/java/com/google/protobuf/MessageSetSchema.java
+@@ -278,6 +278,7 @@ final class MessageSetSchema<T> implements Schema<T> {
+               reader, extension, extensionRegistry, extensions);
+           return true;
+         } else {
++
+           return unknownFieldSchema.mergeOneFieldFrom(unknownFields, reader);
+         }
+       } else {
+diff --git a/java/core/src/main/java/com/google/protobuf/UnknownFieldSchema.java b/java/core/src/main/java/com/google/protobuf/UnknownFieldSchema.java
+index c4ec645..a43bc2a 100644
+--- a/java/core/src/main/java/com/google/protobuf/UnknownFieldSchema.java
++++ b/java/core/src/main/java/com/google/protobuf/UnknownFieldSchema.java
+@@ -55,7 +55,6 @@ abstract class UnknownFieldSchema<T, B> {
+   /** Marks unknown fields as immutable. */
+   abstract void makeImmutable(Object message);
+ 
+-  /** Merges one field into the unknown fields. */
+   final boolean mergeOneFieldFrom(B unknownFields, Reader reader) throws IOException {
+     int tag = reader.getTag();
+     int fieldNumber = WireFormat.getTagFieldNumber(tag);
+@@ -88,7 +87,7 @@ abstract class UnknownFieldSchema<T, B> {
+     }
+   }
+ 
+-  final void mergeFrom(B unknownFields, Reader reader) throws IOException {
++  private final void mergeFrom(B unknownFields, Reader reader) throws IOException {
+     while (true) {
+       if (reader.getFieldNumber() == Reader.READ_DONE
+           || !mergeOneFieldFrom(unknownFields, reader)) {
+diff --git a/java/lite/src/test/java/com/google/protobuf/LiteTest.java b/java/lite/src/test/java/com/google/protobuf/LiteTest.java
+index 754ed7d..b42a4b9 100644
+--- a/java/lite/src/test/java/com/google/protobuf/LiteTest.java
++++ b/java/lite/src/test/java/com/google/protobuf/LiteTest.java
+@@ -10,12 +10,14 @@ package com.google.protobuf;
+ import static com.google.common.truth.Truth.assertThat;
+ import static com.google.common.truth.Truth.assertWithMessage;
+ import static java.util.Collections.singletonList;
++import static org.junit.Assert.assertThrows;
+ 
+ import com.google.protobuf.FieldPresenceTestProto.TestAllTypes;
+ import com.google.protobuf.UnittestImportLite.ImportEnumLite;
+ import com.google.protobuf.UnittestImportPublicLite.PublicImportMessageLite;
+ import com.google.protobuf.UnittestLite.ForeignEnumLite;
+ import com.google.protobuf.UnittestLite.ForeignMessageLite;
++import com.google.protobuf.UnittestLite.RecursiveGroup;
+ import com.google.protobuf.UnittestLite.RecursiveMessage;
+ import com.google.protobuf.UnittestLite.TestAllExtensionsLite;
+ import com.google.protobuf.UnittestLite.TestAllTypesLite;
+@@ -50,6 +52,7 @@ import java.util.ArrayList;
+ import java.util.Arrays;
+ import java.util.Iterator;
+ import java.util.List;
++import java.util.concurrent.atomic.AtomicBoolean;
+ import org.junit.Before;
+ import org.junit.Test;
+ import org.junit.runner.RunWith;
+diff --git a/src/google/protobuf/unittest_lite.proto b/src/google/protobuf/unittest_lite.proto
+index 1848a2a..af6febf 100644
+--- a/src/google/protobuf/unittest_lite.proto
++++ b/src/google/protobuf/unittest_lite.proto
+@@ -505,3 +505,7 @@ message RecursiveMessage {
+   optional RecursiveMessage recurse = 1;
+   optional bytes payload = 2;
+ }
++
++message RecursiveGroup {
++  RecursiveGroup recurse = 1 [features.message_encoding = DELIMITED];
++}
+-- 
+2.43.0
+
diff --git a/protobuf.spec b/protobuf.spec
index 1a4cf07..c321dc4 100644
--- a/protobuf.spec
+++ b/protobuf.spec
@@ -11,7 +11,7 @@
 Summary:        Protocol Buffers - Google's data interchange format
 Name:           protobuf
 Version:        25.1
-Release:        5
+Release:        6
 License:        BSD
 URL:            https://github.com/protocolbuffers/protobuf
 Source:         https://github.com/protocolbuffers/protobuf/releases/download/v%{version}%{?rcver}/%{name}-all-%{version}%{?rcver}.tar.gz
@@ -21,6 +21,7 @@ Source1:        protobuf-init.el
 Patch9000:      0001-add-secure-compile-option.patch
 Patch9001:      0002-Fix-CC-compiler-support.patch
 Patch9002:      0003-protobuf-add-coverage-compile-option.patch
+Patch9003:      0004-backport-CVE-2024-7254.patch
 
 BuildRequires:  cmake gcc-c++ emacs zlib-devel gmock-devel gtest-devel jsoncpp-devel
 BuildRequires:  fdupes pkgconfig python-rpm-macros pkgconfig(zlib) ninja-build
@@ -403,6 +404,12 @@ install -p -m 0644 %{SOURCE1} %{buildroot}%{_emacs_sitestartdir}
 %endif
 
 %changelog
+* Thu Sep 19 2024 zhangxianting <zhangxianting@uniontech.com> - 25.1-6
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC: fix CVE-2024-7254
+
 * Mon Aug 05 2024 zhongtao <zhongtao17@huawei.com> - 25.1-5
 - Type:bugfix
 - ID:NA
-- 
Gitee