@@ -1,13 +1,22 @@
+From f5ce0700d80c776186b0fb0414ef20966a3a6a03 Mon Sep 17 00:00:00 2001
+From: "Sana.Kazi" <Sana.Kazi@kpit.com>
+Date: Wed, 23 Feb 2022 15:50:16 +0530
+Subject: [PATCH] protobuf: Fix CVE-2021-22570
+
CVE: CVE-2021-22570
Upstream-Status: Backport [https://src.fedoraproject.org/rpms/protobuf/blob/394beeacb500861f76473d47e10314e6a3600810/f/CVE-2021-22570.patch]
Comment: Removed first and second hunk
Signed-off-by: Sana.Kazi <Sana.Kazi@kpit.com>
+---
+ src/google/protobuf/descriptor.cc | 20 ++++++++++++++++++++
+ 1 file changed, 20 insertions(+)
+
diff --git a/src/google/protobuf/descriptor.cc b/src/google/protobuf/descriptor.cc
-index 7af37c57f3..03c4e2b516 100644
+index 6835a3cde..1514ae531 100644
--- a/src/google/protobuf/descriptor.cc
+++ b/src/google/protobuf/descriptor.cc
-@@ -2626,6 +2626,8 @@ void Descriptor::DebugString(int depth, std::string* contents,
+@@ -2603,6 +2603,8 @@ void Descriptor::DebugString(int depth, std::string* contents,
const Descriptor::ReservedRange* range = reserved_range(i);
if (range->end == range->start + 1) {
strings::SubstituteAndAppend(contents, "$0, ", range->start);
@@ -15,8 +24,8 @@ index 7af37c57f3..03c4e2b516 100644
+ strings::SubstituteAndAppend(contents, "$0 to max, ", range->start);
} else {
strings::SubstituteAndAppend(contents, "$0 to $1, ", range->start,
- range->end - 1);
-@@ -2829,6 +2831,8 @@ void EnumDescriptor::DebugString(
+ range->end - 1);
+@@ -2815,6 +2817,8 @@ void EnumDescriptor::DebugString(
const EnumDescriptor::ReservedRange* range = reserved_range(i);
if (range->end == range->start) {
strings::SubstituteAndAppend(contents, "$0, ", range->start);
@@ -24,8 +33,8 @@ index 7af37c57f3..03c4e2b516 100644
+ strings::SubstituteAndAppend(contents, "$0 to max, ", range->start);
} else {
strings::SubstituteAndAppend(contents, "$0 to $1, ", range->start,
- range->end);
-@@ -4019,6 +4023,11 @@ bool DescriptorBuilder::AddSymbol(const std::string& full_name,
+ range->end);
+@@ -4002,6 +4006,11 @@ bool DescriptorBuilder::AddSymbol(const std::string& full_name,
// Use its file as the parent instead.
if (parent == nullptr) parent = file_;
@@ -37,7 +46,7 @@ index 7af37c57f3..03c4e2b516 100644
if (tables_->AddSymbol(full_name, symbol)) {
if (!file_tables_->AddAliasUnderParent(parent, name, symbol)) {
// This is only possible if there was already an error adding something of
-@@ -4059,6 +4068,11 @@ bool DescriptorBuilder::AddSymbol(const std::string& full_name,
+@@ -4041,6 +4050,11 @@ bool DescriptorBuilder::AddSymbol(const std::string& full_name,
void DescriptorBuilder::AddPackage(const std::string& name,
const Message& proto,
const FileDescriptor* file) {
@@ -49,7 +58,7 @@ index 7af37c57f3..03c4e2b516 100644
if (tables_->AddSymbol(name, Symbol(file))) {
// Success. Also add parent package, if any.
std::string::size_type dot_pos = name.find_last_of('.');
-@@ -4372,6 +4386,12 @@ FileDescriptor* DescriptorBuilder::BuildFileImpl(
+@@ -4354,6 +4368,12 @@ FileDescriptor* DescriptorBuilder::BuildFileImpl(
}
result->pool_ = pool_;
Applying patch CVE-2021-22570.patch patching file src/google/protobuf/descriptor.cc Hunk #1 succeeded at 2603 with fuzz 1 (offset -23 lines). Hunk #2 succeeded at 2817 with fuzz 1 (offset -14 lines). Hunk #3 succeeded at 4006 (offset -17 lines). Hunk #4 succeeded at 4050 (offset -18 lines). Hunk #5 succeeded at 4368 (offset -18 lines). Signed-off-by: Ross Burton <ross.burton@arm.com> --- .../protobuf/protobuf/CVE-2021-22570.patch | 25 +++++++++++++------ 1 file changed, 17 insertions(+), 8 deletions(-)