Import Debian changes 1.3.3-ok1

protobuf-c (1.3.3-ok1) yangtze; urgency=medium * Build for openKylin.
2023-02-13 17:23:41 +08:00 · 2023-02-13 17:23:41 +08:00 · a6c01c6369
parent 9237bfac9a
commit a6c01c6369
16 changed files with 361 additions and 0 deletions
--- a/debian/changelog
+++ b/debian/changelog
@ -0,0 +1,5 @@
+protobuf-c (1.3.3-ok1) yangtze; urgency=medium
+
+  * Build for openKylin.
+
+ -- zhouganqing <zhouganqing@kylinos.cn>  Mon, 13 Feb 2023 17:23:41 +0800
--- a/debian/control
+++ b/debian/control
@ -0,0 +1,72 @@
+Source: protobuf-c
+Section: devel
+Priority: optional
+Maintainer: OpenKylin Developers <packaging@lists.openkylin.top>
+Build-Depends:
+ debhelper-compat (= 12),
+ libprotobuf-dev (>= 2.6.0~),
+ libprotoc-dev (>= 2.6.0~),
+ pkg-config,
+ protobuf-compiler (>= 2.6.0~),
+Standards-Version: 4.5.0
+Homepage: https://github.com/protobuf-c/protobuf-c
+Vcs-Browser: https://gitee.com/openkylin/protobuf-c
+Vcs-Git: https://gitee.com/openkylin/protobuf-c.git
+
+Package: libprotobuf-c-dev
+Architecture: any
+Section: libdevel
+Depends: libprotobuf-c1 (= ${binary:Version}), ${misc:Depends}
+Breaks: protobuf-c-compiler (<< 1.0.0~)
+Multi-Arch: same
+Description: Protocol Buffers C static library and headers (protobuf-c)
+ Protocol Buffers are a flexible, efficient, automated mechanism for
+ serializing structured data - similar to XML, but smaller, faster, and
+ simpler. You define how you want your data to be structured once, then you can
+ use special generated source code to easily write and read your structured
+ data to and from a variety of data streams and using a variety of languages.
+ You can even update your data structure without breaking deployed programs
+ that are compiled against the "old" format.
+ .
+ This is the "protobuf-c" implementation of Protocol Buffers in C.
+ .
+ This package contains the static library and development headers.
+
+Package: libprotobuf-c1
+Architecture: any
+Section: libs
+Depends: ${misc:Depends}, ${shlibs:Depends}
+Multi-Arch: same
+Description: Protocol Buffers C shared library (protobuf-c)
+ Protocol Buffers are a flexible, efficient, automated mechanism for
+ serializing structured data - similar to XML, but smaller, faster, and
+ simpler. You define how you want your data to be structured once, then you can
+ use special generated source code to easily write and read your structured
+ data to and from a variety of data streams and using a variety of languages.
+ You can even update your data structure without breaking deployed programs
+ that are compiled against the "old" format.
+ .
+ This is the "protobuf-c" implementation of Protocol Buffers in C.
+ .
+ This package contains the shared library.
+
+Package: protobuf-c-compiler
+Architecture: any
+Depends:
+ ${misc:Depends},
+ ${shlibs:Depends},
+Multi-Arch: foreign
+Description: Protocol Buffers C compiler (protobuf-c)
+ Protocol Buffers are a flexible, efficient, automated mechanism for
+ serializing structured data - similar to XML, but smaller, faster, and
+ simpler. You define how you want your data to be structured once, then you can
+ use special generated source code to easily write and read your structured
+ data to and from a variety of data streams and using a variety of languages.
+ You can even update your data structure without breaking deployed programs
+ that are compiled against the "old" format.
+ .
+ This is the "protobuf-c" implementation of Protocol Buffers in C.
+ .
+ This package contains the "protoc-c" code generator that creates C stubs from
+ Protocol Buffers .proto files. These stubs must be compiled and linked against
+ the libprotobuf-c support library.
--- a/debian/copyright
+++ b/debian/copyright
@ -0,0 +1,69 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+
+Files: *
+Copyright: 2008-2019 Dave Benson and the protobuf-c authors
+License: BSD-2-Clause
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are
+ met:
+ .
+     * Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+ .
+     * Redistributions in binary form must reproduce the above
+ copyright notice, this list of conditions and the following disclaimer
+ in the documentation and/or other materials provided with the
+ distribution.
+ .
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ .
+ The code generated by the protoc-c compiler is owned by the owner of the
+ input files used when generating it. This code is not standalone and
+ requires a support library to be linked with it. This support library is
+ covered by the above license.
+
+Files: protoc-c/*
+Copyright: 2008 Google Inc.
+License: BSD-3-Clause
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are
+ met:
+ .
+     * Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+     * Redistributions in binary form must reproduce the above
+ copyright notice, this list of conditions and the following disclaimer
+ in the documentation and/or other materials provided with the
+ distribution.
+     * Neither the name of Google Inc. nor the names of its
+ contributors may be used to endorse or promote products derived from
+ this software without specific prior written permission.
+ .
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+Files: debian/*
+Copyright: 2009-2019 Robert Edmonds <edmonds@debian.org>
+License: permissive
+ Copying and distribution of this package, with or without modification,
+ are permitted in any medium without royalty provided the copyright notice
+ and this notice are preserved.
--- a/debian/libprotobuf-c-dev.install
+++ b/debian/libprotobuf-c-dev.install
@ -0,0 +1,5 @@
+usr/include/google/protobuf-c/*
+usr/include/protobuf-c/*
+usr/lib/*/lib*.a
+usr/lib/*/lib*.so
+usr/lib/*/pkgconfig/*.pc
--- a/debian/libprotobuf-c1.install
+++ b/debian/libprotobuf-c1.install
@ -0,0 +1 @@
+usr/lib/*/lib*.so.*
--- a/debian/libprotobuf-c1.symbols
+++ b/debian/libprotobuf-c1.symbols
@ -0,0 +1,23 @@
+libprotobuf-c.so.1 libprotobuf-c1 #MINVER#
+* Build-Depends-Package: libprotobuf-c-dev
+ LIBPROTOBUF_C_1.0.0@LIBPROTOBUF_C_1.0.0 1.0.0
+ LIBPROTOBUF_C_1.3.0@LIBPROTOBUF_C_1.3.0 1.3.1
+ protobuf_c_buffer_simple_append@LIBPROTOBUF_C_1.0.0 1.0.0
+ protobuf_c_empty_string@LIBPROTOBUF_C_1.3.0 1.3.1
+ protobuf_c_enum_descriptor_get_value@LIBPROTOBUF_C_1.0.0 1.0.0
+ protobuf_c_enum_descriptor_get_value_by_name@LIBPROTOBUF_C_1.0.0 1.0.0
+ protobuf_c_message_check@LIBPROTOBUF_C_1.0.0 1.0.0
+ protobuf_c_message_descriptor_get_field@LIBPROTOBUF_C_1.0.0 1.0.0
+ protobuf_c_message_descriptor_get_field_by_name@LIBPROTOBUF_C_1.0.0 1.0.0
+ protobuf_c_message_free_unpacked@LIBPROTOBUF_C_1.0.0 1.0.0
+ protobuf_c_message_get_packed_size@LIBPROTOBUF_C_1.0.0 1.0.0
+ protobuf_c_message_init@LIBPROTOBUF_C_1.0.0 1.0.0
+ protobuf_c_message_pack@LIBPROTOBUF_C_1.0.0 1.0.0
+ protobuf_c_message_pack_to_buffer@LIBPROTOBUF_C_1.0.0 1.0.0
+ protobuf_c_message_unpack@LIBPROTOBUF_C_1.0.0 1.0.1
+ protobuf_c_service_descriptor_get_method_by_name@LIBPROTOBUF_C_1.0.0 1.0.0
+ protobuf_c_service_destroy@LIBPROTOBUF_C_1.0.0 1.0.0
+ protobuf_c_service_generated_init@LIBPROTOBUF_C_1.0.0 1.0.0
+ protobuf_c_service_invoke_internal@LIBPROTOBUF_C_1.0.0 1.0.0
+ protobuf_c_version@LIBPROTOBUF_C_1.0.0 1.0.0
+ protobuf_c_version_number@LIBPROTOBUF_C_1.0.0 1.0.0
--- a/debian/patches/CVE-2022-33070.patch
+++ b/debian/patches/CVE-2022-33070.patch
@ -0,0 +1,84 @@
+From 6e389ce2c34355d36009a8fb1666bed29fa2d4f4 Mon Sep 17 00:00:00 2001
+From: "Todd C. Miller" <Todd.Miller@sudo.ws>
+Date: Mon, 6 Jun 2022 13:57:38 -0600
+Subject: [PATCH] Only shift unsigned values to avoid implementation-specific
+ behavior. This converts the arithmetic shifts to logical shifts. It is based
+ in part on a stackoverflow answer by John Schultz,
+ https://stackoverflow.com/questions/4533076/google-protocol-buffers-zigzag-encoding
+
+---
+ protobuf-c/protobuf-c.c | 23 +++++++++++------------
+ 1 file changed, 11 insertions(+), 12 deletions(-)
+
+--- a/protobuf-c/protobuf-c.c
+++ b/protobuf-c/protobuf-c.c
+@@ -312,9 +312,8 @@ int32_size(int32_t v)
+ static inline uint32_t
+ zigzag32(int32_t v)
+ {
+-	// Note:  the right-shift must be arithmetic
+-	// Note:  left shift must be unsigned because of overflow
+-	return ((uint32_t)(v) << 1) ^ (uint32_t)(v >> 31);
+	// Note:  Using unsigned types prevents undefined behavior
+	return ((uint32_t)v << 1) ^ -((uint32_t)v >> 31);
+ }
+ 
+ /**
+@@ -376,9 +375,8 @@ uint64_size(uint64_t v)
+ static inline uint64_t
+ zigzag64(int64_t v)
+ {
+-	// Note:  the right-shift must be arithmetic
+-	// Note:  left shift must be unsigned because of overflow
+-	return ((uint64_t)(v) << 1) ^ (uint64_t)(v >> 63);
+	// Note:  Using unsigned types prevents undefined behavior
+	return ((uint64_t)v << 1) ^ -((uint64_t)v >> 63);
+ }
+ 
+ /**
+@@ -798,7 +796,8 @@ uint32_pack(uint32_t value, uint8_t *out
+ }
+ 
+ /**
+- * Pack a signed 32-bit integer and return the number of bytes written.
+ * Pack a signed 32-bit integer and return the number of bytes written,
+ * passed as unsigned to avoid implementation-specific behavior.
+  * Negative numbers are encoded as two's complement 64-bit integers.
+  *
+  * \param value
+@@ -809,14 +808,14 @@ uint32_pack(uint32_t value, uint8_t *out
+  *      Number of bytes written to `out`.
+  */
+ static inline size_t
+-int32_pack(int32_t value, uint8_t *out)
+int32_pack(uint32_t value, uint8_t *out)
+ {
+-	if (value < 0) {
+	if ((int32_t)value < 0) {
+ 		out[0] = value | 0x80;
+ 		out[1] = (value >> 7) | 0x80;
+ 		out[2] = (value >> 14) | 0x80;
+ 		out[3] = (value >> 21) | 0x80;
+-		out[4] = (value >> 28) | 0x80;
+		out[4] = (value >> 28) | 0xf0;
+ 		out[5] = out[6] = out[7] = out[8] = 0xff;
+ 		out[9] = 0x01;
+ 		return 10;
+@@ -2422,7 +2421,7 @@ static inline int32_t
+ unzigzag32(uint32_t v)
+ {
+ 	// Note:  Using unsigned types prevents undefined behavior
+-	return (int32_t)((v >> 1) ^ (~(v & 1) + 1));
+	return (int32_t)((v >> 1) ^ -(v & 1));
+ }
+ 
+ static inline uint32_t
+@@ -2464,7 +2463,7 @@ static inline int64_t
+ unzigzag64(uint64_t v)
+ {
+ 	// Note:  Using unsigned types prevents undefined behavior
+-	return (int64_t)((v >> 1) ^ (~(v & 1) + 1));
+	return (int64_t)((v >> 1) ^ -(v & 1));
+ }
+ 
+ static inline uint64_t
--- a/debian/patches/misc-2022-null-deref.patch
+++ b/debian/patches/misc-2022-null-deref.patch
@ -0,0 +1,23 @@
+From ab5f76a52bade28a2c025bd52c7847f033ca82f3 Mon Sep 17 00:00:00 2001
+From: "Todd C. Miller" <Todd.Miller@sudo.ws>
+Date: Wed, 29 Jun 2022 11:18:16 -0600
+Subject: [PATCH] Fix a clang analyzer 14 warning about a possible NULL deref.
+
+[edmonds: Import commit from
+https://github.com/sudo-project/sudo/commit/bfc6249902d842626058e74074832930feaf2f80.patch.]
+---
+ protobuf-c/protobuf-c.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/protobuf-c/protobuf-c.c
+++ b/protobuf-c/protobuf-c.c
+@@ -3224,6 +3224,9 @@ protobuf_c_message_unpack(const Protobuf
+ 	/* allocate space for repeated fields, also check that all required fields have been set */
+ 	for (f = 0; f < desc->n_fields; f++) {
+ 		const ProtobufCFieldDescriptor *field = desc->fields + f;
+		if (field == NULL) {
+			continue;
+		}
+ 		if (field->label == PROTOBUF_C_LABEL_REPEATED) {
+ 			size_t siz =
+ 			    sizeof_elt_in_repeated_array(field->type);
--- a/debian/patches/misc-2022-unsigned-integer.patch
+++ b/debian/patches/misc-2022-unsigned-integer.patch
@ -0,0 +1,30 @@
+From 289f5c18b195aa43d46a619d1188709abbfa9c82 Mon Sep 17 00:00:00 2001
+From: 10054172 <hui.zhang@thalesgroup.com>
+Date: Fri, 18 Mar 2022 12:42:57 -0400
+Subject: [PATCH 1/2] Fix issue #499: unsigned integer overflow
+
+Signed-off-by: 10054172 <hui.zhang@thalesgroup.com>
+---
+ protobuf-c/protobuf-c.c | 11 +++++++----
+ 1 file changed, 7 insertions(+), 4 deletions(-)
+
+--- a/protobuf-c/protobuf-c.c
+++ b/protobuf-c/protobuf-c.c
+@@ -2600,10 +2600,13 @@ parse_required_member(ScannedMember *sca
+ 			return FALSE;
+ 
+ 		def_mess = scanned_member->field->default_value;
+-		subm = protobuf_c_message_unpack(scanned_member->field->descriptor,
+-						 allocator,
+-						 len - pref_len,
+-						 data + pref_len);
+		if (len >= pref_len)
+			subm = protobuf_c_message_unpack(scanned_member->field->descriptor,
+							 allocator,
+							 len - pref_len,
+							 data + pref_len);
+		else
+			subm = NULL;
+ 
+ 		if (maybe_clear &&
+ 		    *pmessage != NULL &&
--- a/debian/patches/series
+++ b/debian/patches/series
@ -0,0 +1,3 @@
+CVE-2022-33070.patch
+misc-2022-unsigned-integer.patch
+misc-2022-null-deref.patch
--- a/debian/protobuf-c-compiler.install
+++ b/debian/protobuf-c-compiler.install
@ -0,0 +1 @@
+usr/bin/*
--- a/debian/rules
+++ b/debian/rules
@ -0,0 +1,6 @@
+#!/usr/bin/make -f
+
+export DEB_BUILD_MAINT_OPTIONS = hardening=+all
+
+%:
+	dh $@
--- a/debian/source/format
+++ b/debian/source/format
@ -0,0 +1 @@
+3.0 (quilt)
--- a/debian/tests/build-test
+++ b/debian/tests/build-test
@ -0,0 +1,29 @@
+#!/bin/sh
+set -eu
+
+if [ -n "${DEB_HOST_GNU_TYPE:-}" ]; then
+    CROSS_COMPILE="$DEB_HOST_GNU_TYPE-"
+else
+    CROSS_COMPILE=
+fi
+
+cd "$AUTOPKGTEST_TMP"
+
+cat <<EOF > libtest.c
+#include <stdio.h>
+#include <protobuf-c/protobuf-c.h>
+
+int
+main (int    argc,
+      char **argv)
+{
+        const char* version_str = protobuf_c_version();
+        printf("protobuf-c version: %s\n", version_str);
+}
+EOF
+
+${CROSS_COMPILE}gcc -o libtest libtest.c $(${CROSS_COMPILE}pkg-config --cflags --libs libprotobuf-c)
+echo "build ok"
+[ -x libtest ]
+./libtest
+echo "starts ok"
--- a/debian/tests/control
+++ b/debian/tests/control
@ -0,0 +1,6 @@
+Tests: build-test
+Depends: libprotobuf-c-dev, build-essential, pkg-config
+
+Test-Command: dh_auto_configure; dh_auto_build; dh_auto_test
+Depends: @builddeps@
+Restrictions: allow-stderr
--- a/debian/watch
+++ b/debian/watch
@ -0,0 +1,3 @@
+version=4
+opts=filenamemangle=s/.+\/v?(\d\S+)\.tar\.gz/<project>-$1\.tar\.gz/ \
+  https://github.com/protobuf-c/protobuf-c/tags .*/v?(\d\S+)\.tar\.gz