From: Adolf Belka <adolf.belka@ipfire.org>
To: development@lists.ipfire.org
Cc: Adolf Belka <adolf.belka@ipfire.org>
Subject: [PATCH] protobuf: Update to version 33.0
Date: Thu, 6 Nov 2025 19:03:29 +0100 [thread overview]
Message-ID: <20251106180330.3678184-6-adolf.belka@ipfire.org> (raw)
In-Reply-To: <20251106180330.3678184-1-adolf.belka@ipfire.org>
- Update from version 32.1 to 33.0
- Update of rootfile
- Changelog
33.0
Bazel
Feat: update bazel central registry publish workflow (#23465) (#23913)
(d5217fd)
Add target_compatible_with parameter to proto_toolchain in Bazel rules
(#22429) (30d2332)
Bazel: add missing rules_cc loads (#23584) (d98e2ef)
Compiler
Disable symbol visibility enforcement by default in C++ runtime (ae308fc)
Ship all option dependencies to plugins along with regular ones. (abeb130)
C++
Avoid calling deprecated arena-enabled constructors in arena.h. (813a7ef)
Add a macro to make RepeatedField(Arena*) constructor private in a future
release. (768db14)
Add a macro to make Map(Arena*) constructor private in a future release.
(543a17f)
Optimize ReadPackedVarint (3d94d83)
Add a macro to make RepeatedPtrField(Arena*) constructor private in a
future release (6422b9d)
Add IsEmpty() function to reflection. (b64e490)
Refactor RuntimeAssertInBounds to remove repeated logic and make
Get/Mutable easier to read. (2f270c4)
Disable symbol visibility enforcement by default in C++ runtime (ae308fc)
Fix a bug in the main C++ JSON parser/serializer camelcasing of certain
non-style-compliant names incorrectly, in a way that would prevent it
from interoperating with any other implementation on those fields.
(e25e267)
Fail early for messages with more than 65k fields. (90824aa)
Add option to C++ JSON Parser/Serializer to allow customers to
affirmatively disable legacy bug-compatibilty behaviors. (6ea1640)
Fix mishandling on JSON serialization of Timestamp with invalid negative
and too-large nanos value. (a959f27)
Preserve features in type resolver (c7030f4)
Add a DCHECK that ArenaStringPtr::Set(char*, Arena*) is not called with
(95b1763)
Java
Restored compatibility of runtime with gencode created with protoc <3.21
With this release, compatibility of the runtime with older gencode down to
3.0.0 is restored, compared to the previous support minimum of gencode
created with 3.22+. Note that it is still strongly recommended to
regenerate your gencode with a newer protoc and to avoid using gencode
which was created with an old protoc.
Generated code from this range is covered by CVE-2022-3171 and is
potentially vulnerable to a Denial of Service risk.
JavaProto 4.x previously dropped compatibility with the potentially
vulnerable generated code, having the behavior of:
The vulnerable generated code was source-incompatible with new runtime
(would not compile when built from source)
The vulnerable generated code was ABI-incompatible with new runtime
(when using a .class file compiled against old runtime, a
NoSuchMethodException would be thrown at parse time).
Starting with this release:
The vulnerable generated code is now source-compatible (will compile).
The first time each potentially vulnerable type is parsed, an error
message will be logged noting that potentially vulnerable generated
code is in use and the name of the corresponding type.
Environment variables may be set to either throw an exception instead
(-Dcom.google.protobuf.error_on_unsafe_pre22_gencode) or to entirely
silence the logged messages
(-Dcom.google.protobuf.use_unsafe_pre22_gencode)
This change was made based on community feedback regarding the difficulty
in identifying and quickly remediating stale gencode in their
transitive dependencies weighed against a careful evaluation of the
realistic risk exposure of DoS (with no risk of other concerns
including information leak or RCE).
We strongly recommend that any users who observe the log messages to
regenerate the corresponding code with a newer protoc. We recommend
that any security-conscious services opt into the
error_on_unsafe_pre22_gencode behavior to preclude any risk of a
Denial of Service surface area being exposed.
A future 4.x release may flip the default behavior to error by default as
a measure to further help the ecosystem avoid the Denial of Service
risks, while still maintaining the ability to opt into continuing to
use insecure gencode for users who are parsing trusted inputs and
where the difficulty of regenerating is high.
Changes
Switch the pre22 warning to use CopyOnWriteArraySet. (#23969) (e55224c)
Expose helpers for checking if messages and enums are nested. (8de4002)
Fix a bug calculating the file name in the absense of directories. (c4ff7a6)
Clarify the public APIs of GeneratorNames helpers. (537ac35)
Expose helpers to predict generated class names in java. (eba6df2)
Deprecate ClassName methods in favor of new QualifiedClassName ones.
(ca4fb2f)
Restore the 3-argument internalBuildGeneratedFileFrom. (4376591)
Fix large java enums not being honored on lite runtime. (a995803)
Slightly relax Java Poison Pill on prerelease versions (-rc1, -dev, etc).
(7b0bee3)
Avoid boxing/unboxing varint, fixed32, and fixed64 fields in
UnknownFieldSet.Field (810272f)
Readd new*List() methods on GeneratedMessageV3. (badaf41)
Add Values.of(Map<String, Value> values). (c518f25)
Fix handling of optional dependencies in java generator. (8d51e34)
Restore ABI compatibility for extension methods which was previously
(knowingly) broken with 4.x: 94a2a44 (ea33ae8)
Restore Protobuf Java extension modifiers in gencode that were previously
removed in 7bff169 (f2257f5)
Ship all option dependencies to plugins along with regular ones. (abeb130)
Optimize redaction state calculation (e05db5c)
Add isPlaceholder() accessors to file, message, and enum descriptors
(f978ec2)
Improve Java gencode static initialization to avoid unnecessary
temporaries again (745e15b)
Improve Java gencode static initialization to avoid unnecessary
temporaries (b68b673)
Remove protobuf-util usages of guava except annotations. (5768acd)
Restore compatibility of runtime with pre-3.22.x gencode impacted by
CVE-2022-3171 (7c51e5b)
Expose an iterator for GeneratedMessage.ExtendableMessage.extensions
(b25d39e)
Rust
Change Rust prelude to bring in traits as _ (c3f7e8d)
Make message Muts Send (8bff944)
See also UPB changes below, which may affect Rust.
Python
Publish s390x wheels for Python/upb. (56b2b89)
Fix a crash that happens during shutdown due to looking up modules in the
cache (d57d270)
Add construction support for repeated Timestamp/Duration/Struct/ListValue.
(5f6c013)
Fix handling of repeated extension fields in PyProto JSON (07ef676)
Fixed a parser bug where closed enums are parsed incorrectly for
non-repeated extensions. (c36f728)
Fixed mypy errors by setting __slots__ to empty in .pyi files. (38ca2d3)
Raise warnings for float_precision from python json_format. (4659cd7)
Raise warnings when assign bool to int/enum field in Python Proto. This
will turn into error in 34.0 release. (4ee55d7)
PHP
Fix(php): php errors on repeated field (#23372) (6fee29b)
UPB (Python/PHP/Ruby C-Extension)
Fixed a parser bug where closed enums are parsed incorrectly for
non-repeated extensions. (c36f728)
Other
Update token for BCR release to reuse existing BOT_ACCESS_TOKEN used for
staleness_refresh.yml and update_php_repo.yml (#23925) (dcace2f)
Use the 'better' JSON parser on the conformance suite harness. (4b4e405)
Add JSON conformance test that a single value provided for a repeated
field should parse fail. (9806994)
Add conformance test cases for malformed nanos fields on Durations and
Timestamps. (a6bdd0a)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
config/rootfiles/common/protobuf | 21 ++++++++++++---------
lfs/protobuf | 4 ++--
2 files changed, 14 insertions(+), 11 deletions(-)
diff --git a/config/rootfiles/common/protobuf b/config/rootfiles/common/protobuf
index 42e544568..182ffd7bd 100644
--- a/config/rootfiles/common/protobuf
+++ b/config/rootfiles/common/protobuf
@@ -1,11 +1,11 @@
#usr/bin/protoc
-usr/bin/protoc-32.1.0
+usr/bin/protoc-33.0.0
#usr/bin/protoc-gen-upb
-usr/bin/protoc-gen-upb-32.1.0
+usr/bin/protoc-gen-upb-33.0.0
#usr/bin/protoc-gen-upb_minitable
-usr/bin/protoc-gen-upb_minitable-32.1.0
+usr/bin/protoc-gen-upb_minitable-33.0.0
#usr/bin/protoc-gen-upbdefs
-usr/bin/protoc-gen-upbdefs-32.1.0
+usr/bin/protoc-gen-upbdefs-33.0.0
#usr/include/google
#usr/include/google/protobuf
#usr/include/google/protobuf/any.h
@@ -39,6 +39,7 @@ usr/bin/protoc-gen-upbdefs-32.1.0
#usr/include/google/protobuf/compiler/java/java_features.pb.h
#usr/include/google/protobuf/compiler/java/name_resolver.h
#usr/include/google/protobuf/compiler/java/names.h
+#usr/include/google/protobuf/compiler/java/names_internal.h
#usr/include/google/protobuf/compiler/java/options.h
#usr/include/google/protobuf/compiler/kotlin
#usr/include/google/protobuf/compiler/kotlin/generator.h
@@ -139,6 +140,8 @@ usr/bin/protoc-gen-upbdefs-32.1.0
#usr/include/google/protobuf/metadata.h
#usr/include/google/protobuf/metadata_lite.h
#usr/include/google/protobuf/micro_string.h
+#usr/include/google/protobuf/os_macros_restore.inc
+#usr/include/google/protobuf/os_macros_undef.inc
#usr/include/google/protobuf/parse_context.h
#usr/include/google/protobuf/port.h
#usr/include/google/protobuf/port_def.inc
@@ -348,16 +351,16 @@ usr/bin/protoc-gen-upbdefs-32.1.0
#usr/lib/cmake/utf8_range/utf8_range-targets-noconfig.cmake
#usr/lib/cmake/utf8_range/utf8_range-targets.cmake
#usr/lib/libprotobuf-lite.so
-usr/lib/libprotobuf-lite.so.32.1.0
+usr/lib/libprotobuf-lite.so.33.0.0
#usr/lib/libprotobuf.so
-usr/lib/libprotobuf.so.32.1.0
+usr/lib/libprotobuf.so.33.0.0
#usr/lib/libprotoc.so
-usr/lib/libprotoc.so.32.1.0
+usr/lib/libprotoc.so.33.0.0
#usr/lib/libupb.a
usr/lib/libutf8_range.so
-usr/lib/libutf8_range.so.32.1.0
+usr/lib/libutf8_range.so.33.0.0
usr/lib/libutf8_validity.so
-usr/lib/libutf8_validity.so.32.1.0
+usr/lib/libutf8_validity.so.33.0.0
#usr/lib/pkgconfig/protobuf-lite.pc
#usr/lib/pkgconfig/protobuf.pc
#usr/lib/pkgconfig/upb.pc
diff --git a/lfs/protobuf b/lfs/protobuf
index 897b11454..8f40dc2fb 100644
--- a/lfs/protobuf
+++ b/lfs/protobuf
@@ -24,7 +24,7 @@
include Config
-VER = 32.1
+VER = 33.0
THISAPP = protobuf-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = f6c1faa260ecb57c0a1a5d4be7d56e431cac9e325a02b86d9eecd0318a0964618063db218a4720fcb1121614016f112ba00880a5b743a5c34f19f79ea4420735
+$(DL_FILE)_BLAKE2 = 5d456c000117b590dea5b7e721a8b8d00d9e7067ba2156f082e4959a17fcf8d4f2e306f90335aad97e1a94dfd2491544d67cb29670f0022034fde574140a8066
install : $(TARGET)
--
2.51.2
next prev parent reply other threads:[~2025-11-06 18:03 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-06 18:03 [PATCH] core199: Ship elfutils, iana-etc, libcap, lvm2 & sqlite Adolf Belka
2025-11-06 18:03 ` [PATCH] elfutils: Update to version 0.194 Adolf Belka
2025-11-06 18:03 ` [PATCH] iana-etc: Update to version 20251030 Adolf Belka
2025-11-06 18:03 ` [PATCH] libcap: Update to version 2.77 Adolf Belka
2025-11-06 18:03 ` [PATCH] lvm2: Update to version 2.03.36 Adolf Belka
2025-11-06 18:03 ` Adolf Belka [this message]
2025-11-06 18:03 ` [PATCH] sqlite: Update to version 3510000 Adolf Belka
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251106180330.3678184-6-adolf.belka@ipfire.org \
--to=adolf.belka@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox