--- /dev/null
--- /dev/null
++Abseil for Debian
++-----------------
++
++libabsl-dev installs a number of files to 'internal' directories. In general,
++your project should not directly include any files from these directories; they
++may change without warning. If you think you need something from one of those
++files, please report a bug with reportbug(1).
++
++ -- Benjamin Barenblat <bbaren@debian.org> Thu, 07 May 2020 11:35:28 -0400
--- /dev/null
--- /dev/null
++abseil (20220623.1-1+deb12u2) bookworm; urgency=medium
++
++ * Skip absl_failure_signal_handler_test on ppc64el, it's known to fail.
++
++ -- Tobias Frost <tobi@debian.org> Mon, 12 May 2025 17:26:59 +0200
++
++abseil (20220623.1-1+deb12u1) bookworm; urgency=medium
++
++ * Non maintainer upload by the LTS Team.
++ * Backport fix for CVE-2025-0838 - Heap buffer overflow vulnerablity
++ (Closes: #1098903)
++
++ -- Tobias Frost <tobi@debian.org> Sat, 05 Apr 2025 16:09:38 +0200
++
++abseil (20220623.1-1) unstable; urgency=medium
++
++ * New upstream release.
++
++ -- Benjamin Barenblat <bbaren@debian.org> Tue, 18 Oct 2022 10:02:49 -0400
++
++abseil (0~20220623.0-2) unstable; urgency=medium
++
++ * Backport an upstream patch to correct pkg-config file generation.
++
++ -- Benjamin Barenblat <bbaren@debian.org> Tue, 30 Aug 2022 22:54:45 -0400
++
++abseil (0~20220623.0-1) unstable; urgency=medium
++
++ * New upstream release. (Closes: #1008730, #1012194)
++
++ -- Benjamin Barenblat <bbaren@debian.org> Mon, 22 Aug 2022 22:17:36 -0400
++
++abseil (0~20210324.2-4) unstable; urgency=medium
++
++ * Fix "spurious -Wl flag in some pkg-config entries" by backporting a
++ patch from upstream that corrects CMake pkg-config generation.
++ (Closes: #1011294)
++
++ -- Benjamin Barenblat <bbaren@debian.org> Fri, 27 May 2022 16:58:38 -0400
++
++abseil (0~20210324.2-3) unstable; urgency=medium
++
++ * Backport an upstream patch to disable a problematic unit test.
++ (Closes: #1007136)
++ * Reenable unit tests on hppa.
++
++ -- Benjamin Barenblat <bbaren@debian.org> Thu, 14 Apr 2022 13:20:16 -0400
++
++abseil (0~20210324.2-2) unstable; urgency=medium
++
++ * Disable a test that doesn’t play well with multiarch on armel and
++ armhf.
++
++ -- Benjamin Barenblat <bbaren@debian.org> Mon, 07 Feb 2022 11:54:21 -0500
++
++abseil (0~20210324.2-1) experimental; urgency=medium
++
++ * New upstream release.
++ * Stop installing libabsl_flags.so and libabsl_flags.a, since they are
++ empty on every platform that Debian supports.
++ * Correct debian/watch search URLs to avoid picking up rc versions.
++ * Mangle upstream version in debian/watch to match manual mangling in
++ debian/changelog.
++ * Stop forcing -Wl,--no-as-needed on dependents. (Closes: #1001596)
++ * Compute Thumb function bounds correctly. (Closes: #987314)
++ * Reenable unit tests on most architectures.
++
++ -- Benjamin Barenblat <bbaren@debian.org> Fri, 04 Feb 2022 13:11:32 -0500
++
++abseil (0~20200923.3-3) unstable; urgency=medium
++
++ * Fix "ftbfs with -march=x86-64-v3" by correcting the relevant unit
++ tests. (Closes: #983936)
++ * Disable double-double unit tests due to compiler bugs.
++ * Reenable unit tests on ppc64el.
++
++ -- Benjamin Barenblat <bbaren@debian.org> Fri, 05 Mar 2021 15:57:38 -0500
++
++abseil (0~20200923.3-2) unstable; urgency=medium
++
++ * Correct string formatting on POWER.
++
++ -- Benjamin Barenblat <bbaren@debian.org> Tue, 09 Feb 2021 14:41:06 -0500
++
++abseil (0~20200923.3-1) unstable; urgency=medium
++
++ * New upstream release.
++ * Correct endianness issues in hash functions and RNG.
++
++ -- Benjamin Barenblat <bbaren@debian.org> Mon, 08 Feb 2021 15:04:52 -0500
++
++abseil (0~20200923.2-3) unstable; urgency=medium
++
++ * Fix some issues in unit tests.
++ * Re-disable unit tests on most platforms until they’re working
++ everywhere.
++
++ -- Benjamin Barenblat <bbaren@debian.org> Sun, 31 Jan 2021 15:13:51 -0500
++
++abseil (0~20200923.2-2) unstable; urgency=medium
++
++ * Reenable unit tests.
++
++ -- Benjamin Barenblat <bbaren@debian.org> Tue, 01 Dec 2020 12:37:56 -0500
++
++abseil (0~20200923.2-1) unstable; urgency=medium
++
++ * New upstream release.
++ * Fix build on hppa via patch. (Closes: #971768)
++ * Link libatomic where necessary to prevent issues with load-time
++ symbol resolution. (Closes: #973492)
++
++ -- Benjamin Barenblat <bbaren@debian.org> Fri, 06 Nov 2020 16:51:39 -0500
++
++abseil (0~20200923.1-1) unstable; urgency=medium
++
++ * New upstream release.
++
++ -- Benjamin Barenblat <bbaren@debian.org> Mon, 12 Oct 2020 12:40:50 -0400
++
++abseil (0~20200923-2) unstable; urgency=medium
++
++ * Release for unstable.
++
++ -- Benjamin Barenblat <bbaren@debian.org> Tue, 06 Oct 2020 10:00:02 -0400
++
++abseil (0~20200923-1) experimental; urgency=medium
++
++ * New upstream release.
++
++ -- Benjamin Barenblat <bbaren@debian.org> Fri, 25 Sep 2020 17:57:31 -0400
++
++abseil (0~20200225.2-4) unstable; urgency=medium
++
++ * Fix "autopkgtest needs update for new version of cmake: warning on
++ stderr" by applying a patch from upstream. (Closes: #970333)
++
++ -- Benjamin Barenblat <bbaren@debian.org> Mon, 14 Sep 2020 17:40:05 -0400
++
++abseil (0~20200225.2-3) unstable; urgency=medium
++
++ * Replace symbols file with shlibs infrastructure. (Closes: #966183)
++
++ -- Benjamin Barenblat <bbaren@debian.org> Fri, 24 Jul 2020 09:42:03 -0400
++
++abseil (0~20200225.2-2) unstable; urgency=medium
++
++ * Rebuild for unstable.
++ * Rework symbols file using pkg-kde-tools for increased robustness.
++ * Avoid SSSE3 on amd64 and SSE2 on i386 for greater processor
++ compatibility.
++
++ -- Benjamin Barenblat <bbaren@debian.org> Thu, 23 Jul 2020 17:23:57 -0400
++
++abseil (0~20200225.2-1) experimental; urgency=medium
++
++ * Initial release. (Closes: #888705)
++
++ -- Benjamin Barenblat <bbaren@debian.org> Thu, 18 Jun 2020 16:27:49 -0400
--- /dev/null
--- /dev/null
++# Copyright 2020 Google LLC
++#
++# Licensed under the Apache License, Version 2.0 (the "License"); you may not
++# use this file except in compliance with the License. You may obtain a copy of
++# the License at
++#
++# https://www.apache.org/licenses/LICENSE-2.0
++#
++# Unless required by applicable law or agreed to in writing, software
++# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
++# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
++# License for the specific language governing permissions and limitations under
++# the License.
++
++Source: abseil
++Priority: optional
++Maintainer: Benjamin Barenblat <bbaren@debian.org>
++Build-Depends:
++ cmake (>= 3.5),
++ debhelper-compat (= 12),
++ googletest (>= 1.12) [!mipsel !ppc64] <!nocheck>
++Rules-Requires-Root: no
++Standards-Version: 4.6.1
++Section: libs
++Homepage: https://abseil.io/
++Vcs-Browser: https://salsa.debian.org/debian/abseil
++Vcs-Git: https://salsa.debian.org/debian/abseil.git
++Description: extensions to the C++ standard library
++ Abseil is an open-source collection of C++ library code designed to augment the
++ C++ standard library. The Abseil library code is collected from Google's C++
++ codebase and has been extensively tested and used in production. In some cases,
++ Abseil provides pieces missing from the C++ standard; in others, Abseil
++ provides alternatives to the standard for special needs.
++
++Package: libabsl-dev
++Architecture: any
++Multi-Arch: same
++Section: libdevel
++Depends:
++ libabsl20220623 (= ${binary:Version}),
++ ${misc:Depends},
++Recommends: cmake (>= 2.6) | pkg-config, g++ (>= 5.1)
++Description: ${source:Synopsis} (development files)
++ ${source:Extended-Description}
++ .
++ This package contains header files and other data necessary for developing with
++ Abseil.
++
++Package: libabsl20220623
++Architecture: any
++Multi-Arch: same
++Depends: ${shlibs:Depends}, ${misc:Depends}
++Description: ${source:Synopsis}
++ ${source:Extended-Description}
++ .
++ This package contains Abseil's shared libraries.
--- /dev/null
--- /dev/null
++Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
++Upstream-Name: Abseil
++Upstream-Contact: abseil-io@googlegroups.com
++Source: https://github.com/abseil/abseil-cpp/
++Copyright: 2017 The Abseil Authors
++License: Apache-2.0
++
++Files: *
++Copyright:
++ 2000-2017 Google Inc.
++ 2017-2021 The Abseil Authors
++License: Apache-2.0
++
++Files: debian/*
++Copyright: 2020-2022 Google LLC
++License: Apache-2.0
++
++License: Apache-2.0
++ Licensed under the Apache License, Version 2.0 (the "License"); you may not use
++ this file except in compliance with the License. You may obtain a copy of the
++ License at
++ .
++ https://www.apache.org/licenses/LICENSE-2.0
++ .
++ Unless required by applicable law or agreed to in writing, software distributed
++ under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
++ CONDITIONS OF ANY KIND, either express or implied. See the License for the
++ specific language governing permissions and limitations under the License.
++ .
++ On Debian systems, the complete text of the Apache License, Version 2.0, can be
++ found in "/usr/share/common-licenses/Apache-2.0".
--- /dev/null
--- /dev/null
++# Copyright 2020 Google LLC
++#
++# Licensed under the Apache License, Version 2.0 (the "License"); you may not
++# use this file except in compliance with the License. You may obtain a copy of
++# the License at
++#
++# https://www.apache.org/licenses/LICENSE-2.0
++#
++# Unless required by applicable law or agreed to in writing, software
++# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
++# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
++# License for the specific language governing permissions and limitations under
++# the License.
++
++[DEFAULT]
++upstream-tag = 20220623.1
--- /dev/null
--- /dev/null
++# Copyright 2020 Google LLC
++#
++# Licensed under the Apache License, Version 2.0 (the "License"); you may not
++# use this file except in compliance with the License. You may obtain a copy of
++# the License at
++#
++# https://www.apache.org/licenses/LICENSE-2.0
++#
++# Unless required by applicable law or agreed to in writing, software
++# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
++# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
++# License for the specific language governing permissions and limitations under
++# the License.
++
++usr/include/absl
++usr/lib/*/*.a
++usr/lib/*/*.so
++usr/lib/*/cmake
++usr/lib/*/pkgconfig/*.pc
--- /dev/null
--- /dev/null
++# Copyright 2022 Google LLC
++#
++# Licensed under the Apache License, Version 2.0 (the "License"); you may not
++# use this file except in compliance with the License. You may obtain a copy of
++# the License at
++#
++# https://www.apache.org/licenses/LICENSE-2.0
++#
++# Unless required by applicable law or agreed to in writing, software
++# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
++# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
++# License for the specific language governing permissions and limitations under
++# the License.
++
++libabsl-dev: no-code-sections [usr/lib/*/libabsl_random_internal_platform.*]
--- /dev/null
--- /dev/null
++# Copyright 2020 Google LLC
++#
++# Licensed under the Apache License, Version 2.0 (the "License"); you may not
++# use this file except in compliance with the License. You may obtain a copy of
++# the License at
++#
++# https://www.apache.org/licenses/LICENSE-2.0
++#
++# Unless required by applicable law or agreed to in writing, software
++# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
++# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
++# License for the specific language governing permissions and limitations under
++# the License.
++
++usr/lib/*/libabsl_*.so.*
--- /dev/null
--- /dev/null
++# Copyright 2022 Google LLC
++#
++# Licensed under the Apache License, Version 2.0 (the "License"); you may not
++# use this file except in compliance with the License. You may obtain a copy of
++# the License at
++#
++# https://www.apache.org/licenses/LICENSE-2.0
++#
++# Unless required by applicable law or agreed to in writing, software
++# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
++# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
++# License for the specific language governing permissions and limitations under
++# the License.
++
++libabsl20220623: hardening-no-fortify-functions [usr/lib/*/libabsl_base.so*]
++libabsl20220623: hardening-no-fortify-functions [usr/lib/*/libabsl_debugging_internal.so*]
++libabsl20220623: hardening-no-fortify-functions [usr/lib/*/libabsl_random_internal_seed_material.so*]
++libabsl20220623: hardening-no-fortify-functions [usr/lib/*/libabsl_time_zone.so*]
++libabsl20220623: library-not-linked-against-libc [usr/lib/*/libabsl_bad_any_cast_impl.so*]
++libabsl20220623: library-not-linked-against-libc [usr/lib/*/libabsl_bad_optional_access.so*]
++libabsl20220623: library-not-linked-against-libc [usr/lib/*/libabsl_bad_variant_access.so*]
++libabsl20220623: library-not-linked-against-libc [usr/lib/*/libabsl_cordz_functions.so*]
++libabsl20220623: library-not-linked-against-libc [usr/lib/*/libabsl_cordz_sample_token.so*]
++libabsl20220623: library-not-linked-against-libc [usr/lib/*/libabsl_exponential_biased.so*]
++libabsl20220623: library-not-linked-against-libc [usr/lib/*/libabsl_flags_commandlineflag.so*]
++libabsl20220623: library-not-linked-against-libc [usr/lib/*/libabsl_flags_commandlineflag_internal.so*]
++libabsl20220623: library-not-linked-against-libc [usr/lib/*/libabsl_hash.so*]
++libabsl20220623: library-not-linked-against-libc [usr/lib/*/libabsl_log_severity.so*]
++libabsl20220623: library-not-linked-against-libc [usr/lib/*/libabsl_periodic_sampler.so*]
++libabsl20220623: library-not-linked-against-libc [usr/lib/*/libabsl_random_internal_randen.so*]
++libabsl20220623: library-not-linked-against-libc [usr/lib/*/libabsl_random_internal_randen_hwaes_impl.so*]
++libabsl20220623: library-not-linked-against-libc [usr/lib/*/libabsl_random_internal_randen_slow.so*]
++libabsl20220623: library-not-linked-against-libc [usr/lib/*/libabsl_throw_delegate.so*]
++libabsl20220623: no-symbols-control-file usr/lib/*/libabsl_*
++libabsl20220623: package-name-doesnt-match-sonames libabsl-*
++libabsl20220623: shared-library-lacks-prerequisites [usr/lib/*/libabsl_city.so*]
++libabsl20220623: shared-library-lacks-prerequisites [usr/lib/*/libabsl_leak_check.so*]
++libabsl20220623: shared-library-lacks-prerequisites [usr/lib/*/libabsl_low_level_hash.so*]
++libabsl20220623: shared-library-lacks-prerequisites [usr/lib/*/libabsl_random_internal_platform.so*]
++libabsl20220623: shared-library-lacks-prerequisites [usr/lib/*/libabsl_random_internal_randen_hwaes.so*]
--- /dev/null
--- /dev/null
++# Copyright 2022 Google LLC
++#
++# Licensed under the Apache License, Version 2.0 (the "License"); you may not
++# use this file except in compliance with the License. You may obtain a copy of
++# the License at
++#
++# https://www.apache.org/licenses/LICENSE-2.0
++#
++# Unless required by applicable law or agreed to in writing, software
++# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
++# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
++# License for the specific language governing permissions and limitations under
++# the License.
++#
++libabsl_bad_any_cast_impl 20220623 libabsl20220623 (>= 0~20220623.0-1)
++libabsl_bad_optional_access 20220623 libabsl20220623 (>= 0~20220623.0-1)
++libabsl_bad_variant_access 20220623 libabsl20220623 (>= 0~20220623.0-1)
++libabsl_base 20220623 libabsl20220623 (>= 0~20220623.0-1)
++libabsl_city 20220623 libabsl20220623 (>= 0~20220623.0-1)
++libabsl_civil_time 20220623 libabsl20220623 (>= 0~20220623.0-1)
++libabsl_cord 20220623 libabsl20220623 (>= 0~20220623.0-1)
++libabsl_cord_internal 20220623 libabsl20220623 (>= 0~20220623.0-1)
++libabsl_cordz_functions 20220623 libabsl20220623 (>= 0~20220623.0-1)
++libabsl_cordz_handle 20220623 libabsl20220623 (>= 0~20220623.0-1)
++libabsl_cordz_info 20220623 libabsl20220623 (>= 0~20220623.0-1)
++libabsl_cordz_sample_token 20220623 libabsl20220623 (>= 0~20220623.0-1)
++libabsl_debugging_internal 20220623 libabsl20220623 (>= 0~20220623.0-1)
++libabsl_demangle_internal 20220623 libabsl20220623 (>= 0~20220623.0-1)
++libabsl_examine_stack 20220623 libabsl20220623 (>= 0~20220623.0-1)
++libabsl_exponential_biased 20220623 libabsl20220623 (>= 0~20220623.0-1)
++libabsl_failure_signal_handler 20220623 libabsl20220623 (>= 0~20220623.0-1)
++libabsl_flags_commandlineflag 20220623 libabsl20220623 (>= 0~20220623.0-1)
++libabsl_flags_commandlineflag_internal 20220623 libabsl20220623 (>= 0~20220623.0-1)
++libabsl_flags_config 20220623 libabsl20220623 (>= 0~20220623.0-1)
++libabsl_flags_internal 20220623 libabsl20220623 (>= 0~20220623.0-1)
++libabsl_flags_marshalling 20220623 libabsl20220623 (>= 0~20220623.0-1)
++libabsl_flags_parse 20220623 libabsl20220623 (>= 0~20220623.0-1)
++libabsl_flags_private_handle_accessor 20220623 libabsl20220623 (>= 0~20220623.0-1)
++libabsl_flags_program_name 20220623 libabsl20220623 (>= 0~20220623.0-1)
++libabsl_flags_reflection 20220623 libabsl20220623 (>= 0~20220623.0-1)
++libabsl_flags_usage 20220623 libabsl20220623 (>= 0~20220623.0-1)
++libabsl_flags_usage_internal 20220623 libabsl20220623 (>= 0~20220623.0-1)
++libabsl_graphcycles_internal 20220623 libabsl20220623 (>= 0~20220623.0-1)
++libabsl_hash 20220623 libabsl20220623 (>= 0~20220623.0-1)
++libabsl_hashtablez_sampler 20220623 libabsl20220623 (>= 0~20220623.0-1)
++libabsl_int128 20220623 libabsl20220623 (>= 0~20220623.0-1)
++libabsl_leak_check 20220623 libabsl20220623 (>= 0~20220623.0-1)
++libabsl_log_severity 20220623 libabsl20220623 (>= 0~20220623.0-1)
++libabsl_low_level_hash 20220623 libabsl20220623 (>= 0~20220623.0-1)
++libabsl_malloc_internal 20220623 libabsl20220623 (>= 0~20220623.0-1)
++libabsl_periodic_sampler 20220623 libabsl20220623 (>= 0~20220623.0-1)
++libabsl_random_distributions 20220623 libabsl20220623 (>= 0~20220623.0-1)
++libabsl_random_internal_distribution_test_util 20220623 libabsl20220623 (>= 0~20220623.0-1)
++libabsl_random_internal_platform 20220623 libabsl20220623 (>= 0~20220623.0-1)
++libabsl_random_internal_pool_urbg 20220623 libabsl20220623 (>= 0~20220623.0-1)
++libabsl_random_internal_randen 20220623 libabsl20220623 (>= 0~20220623.0-1)
++libabsl_random_internal_randen_hwaes 20220623 libabsl20220623 (>= 0~20220623.0-1)
++libabsl_random_internal_randen_hwaes_impl 20220623 libabsl20220623 (>= 0~20220623.0-1)
++libabsl_random_internal_randen_slow 20220623 libabsl20220623 (>= 0~20220623.0-1)
++libabsl_random_internal_seed_material 20220623 libabsl20220623 (>= 0~20220623.0-1)
++libabsl_random_seed_gen_exception 20220623 libabsl20220623 (>= 0~20220623.0-1)
++libabsl_random_seed_sequences 20220623 libabsl20220623 (>= 0~20220623.0-1)
++libabsl_raw_hash_set 20220623 libabsl20220623 (>= 0~20220623.0-1)
++libabsl_raw_logging_internal 20220623 libabsl20220623 (>= 0~20220623.0-1)
++libabsl_scoped_set_env 20220623 libabsl20220623 (>= 0~20220623.0-1)
++libabsl_spinlock_wait 20220623 libabsl20220623 (>= 0~20220623.0-1)
++libabsl_stacktrace 20220623 libabsl20220623 (>= 0~20220623.0-1)
++libabsl_status 20220623 libabsl20220623 (>= 0~20220623.0-1)
++libabsl_statusor 20220623 libabsl20220623 (>= 0~20220623.0-1)
++libabsl_str_format_internal 20220623 libabsl20220623 (>= 0~20220623.0-1)
++libabsl_strerror 20220623 libabsl20220623 (>= 0~20220623.0-1)
++libabsl_strings 20220623 libabsl20220623 (>= 0~20220623.0-1)
++libabsl_strings_internal 20220623 libabsl20220623 (>= 0~20220623.0-1)
++libabsl_symbolize 20220623 libabsl20220623 (>= 0~20220623.0-1)
++libabsl_synchronization 20220623 libabsl20220623 (>= 0~20220623.0-1)
++libabsl_throw_delegate 20220623 libabsl20220623 (>= 0~20220623.0-1)
++libabsl_time 20220623 libabsl20220623 (>= 0~20220623.0-1)
++libabsl_time_zone 20220623 libabsl20220623 (>= 0~20220623.0-1)
--- /dev/null
--- /dev/null
++Description: CVE-2025-0838 - Heap buffer overflow vulnerable in Abseil-cpp
++ Backported for bookworm from upstream.
++Origin: https://github.com/abseil/abseil-cpp/commit/5a0e2cb5e3958dd90bb8569a2766622cb74d90c1
++Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098903
++
++From 5a0e2cb5e3958dd90bb8569a2766622cb74d90c1 Mon Sep 17 00:00:00 2001
++From: Derek Mauro <dmauro@google.com>
++Date: Thu, 23 Jan 2025 06:33:43 -0800
++Subject: [PATCH] Fix potential integer overflow in hash container
++ create/resize
++
++The sized constructors, reserve(), and rehash() methods of
++absl::{flat,node}_hash_{set,map} did not impose an upper bound on
++their size argument. As a result, it was possible for a caller to pass
++a very large size that would cause an integer overflow when computing
++the size of the container's backing store. Subsequent accesses to the
++container might then access out-of-bounds memory.
++
++The fix is in two parts:
++
++1) Update max_size() to return the maximum number of items that can be
++stored in the container
++
++2) Validate the size arguments to the constructors, reserve(), and
++rehash() methods, and abort the program when the argument is invalid
++
++We've looked at uses of these containers in Google codebases like
++Chrome, and determined this vulnerability is likely to be difficult to
++exploit. This is primarily because container sizes are rarely
++attacker-controlled.
++
++The bug was discovered by Dmitry Vyukov <dvyukov@google.com>.
++
++PiperOrigin-RevId: 718841870
++Change-Id: Ic09dc9de140a35dbb45ab9d90f58383cf2de8286
++---
++ absl/container/internal/raw_hash_set.cc | 5 ++++
++ absl/container/internal/raw_hash_set.h | 26 +++++++++++++++++++-
++ absl/container/internal/raw_hash_set_test.cc | 8 ++++++
++ 3 files changed, 38 insertions(+), 1 deletion(-)
++
++--- a/absl/container/internal/raw_hash_set.cc
+++++ b/absl/container/internal/raw_hash_set.cc
++@@ -13,6 +13,7 @@
++ // limitations under the License.
++
++ #include "absl/container/internal/raw_hash_set.h"
+++#include "absl/base/internal/raw_logging.h"
++
++ #include <atomic>
++ #include <cstddef>
++@@ -66,6 +67,10 @@
++ // Extern template instantiotion for inline function.
++ template FindInfo find_first_non_full(const ctrl_t*, size_t, size_t);
++
+++void HashTableSizeOverflow() {
+++ ABSL_RAW_LOG(FATAL, "Hash table size overflow");
+++}
+++
++ } // namespace container_internal
++ ABSL_NAMESPACE_END
++ } // namespace absl
++--- a/absl/container/internal/raw_hash_set.h
+++++ b/absl/container/internal/raw_hash_set.h
++@@ -219,6 +219,15 @@
++ ABSL_NAMESPACE_BEGIN
++ namespace container_internal {
++
+++#ifdef ABSL_SWISSTABLE_ASSERT
+++#error ABSL_SWISSTABLE_ASSERT cannot be directly set
+++#else
+++// We use this macro for assertions that users may see when the table is in an
+++// invalid state that sanitizers may help diagnose.
+++#define ABSL_SWISSTABLE_ASSERT(CONDITION) \
+++ assert((CONDITION) && "Try enabling sanitizers.")
+++#endif
+++
++ template <typename AllocType>
++ void SwapAlloc(AllocType& lhs, AllocType& rhs,
++ std::true_type /* propagate_on_container_swap */) {
++@@ -745,6 +754,15 @@
++ return n ? ~size_t{} >> countl_zero(n) : 1;
++ }
++
+++template <size_t kSlotSize>
+++size_t MaxValidCapacity() {
+++ return NormalizeCapacity((std::numeric_limits<size_t>::max)() / 4 /
+++ kSlotSize);
+++}
+++
+++// Use a non-inlined function to avoid code bloat.
+++[[noreturn]] void HashTableSizeOverflow();
+++
++ // General notes on capacity/growth methods below:
++ // - We use 7/8th as maximum load factor. For 16-wide groups, that gives an
++ // average of two empty slots per group.
++@@ -1148,6 +1166,10 @@
++ : ctrl_(EmptyGroup()),
++ settings_(0, HashtablezInfoHandle(), hash, eq, alloc) {
++ if (bucket_count) {
+++ if (ABSL_PREDICT_FALSE(bucket_count >
+++ MaxValidCapacity<sizeof(slot_type)>())) {
+++ HashTableSizeOverflow();
+++ }
++ capacity_ = NormalizeCapacity(bucket_count);
++ initialize_slots();
++ }
++@@ -1341,7 +1363,9 @@
++ bool empty() const { return !size(); }
++ size_t size() const { return size_; }
++ size_t capacity() const { return capacity_; }
++- size_t max_size() const { return (std::numeric_limits<size_t>::max)(); }
+++ size_t max_size() const {
+++ return CapacityToGrowth(MaxValidCapacity<sizeof(slot_type)>());
+++ }
++
++ ABSL_ATTRIBUTE_REINITIALIZES void clear() {
++ // Iterating over this container is O(bucket_count()). When bucket_count()
++@@ -1678,6 +1702,9 @@
++ auto m = NormalizeCapacity(n | GrowthToLowerboundCapacity(size()));
++ // n == 0 unconditionally rehashes as per the standard.
++ if (n == 0 || m > capacity_) {
+++ if (ABSL_PREDICT_FALSE(m > MaxValidCapacity<sizeof(slot_type)>())) {
+++ HashTableSizeOverflow();
+++ }
++ resize(m);
++
++ // This is after resize, to ensure that we have completed the allocation
++@@ -1688,6 +1715,9 @@
++
++ void reserve(size_t n) {
++ if (n > size() + growth_left()) {
+++ if (ABSL_PREDICT_FALSE(n > max_size())) {
+++ HashTableSizeOverflow();
+++ }
++ size_t m = GrowthToLowerboundCapacity(n);
++ resize(NormalizeCapacity(m));
++
++@@ -2361,5 +2391,6 @@
++ } // namespace absl
++
++ #undef ABSL_INTERNAL_ASSERT_IS_FULL
+++#undef ABSL_SWISSTABLE_ASSERT
++
++ #endif // ABSL_CONTAINER_INTERNAL_RAW_HASH_SET_H_
++--- a/absl/container/internal/raw_hash_set_test.cc
+++++ b/absl/container/internal/raw_hash_set_test.cc
++@@ -2181,6 +2181,14 @@
++ }
++ }
++
+++TEST(Table, MaxSizeOverflow) {
+++ size_t overflow = (std::numeric_limits<size_t>::max)();
+++ EXPECT_DEATH_IF_SUPPORTED(IntTable t(overflow), "Hash table size overflow");
+++ IntTable t;
+++ EXPECT_DEATH_IF_SUPPORTED(t.reserve(overflow), "Hash table size overflow");
+++ EXPECT_DEATH_IF_SUPPORTED(t.rehash(overflow), "Hash table size overflow");
+++}
+++
++ } // namespace
++ } // namespace container_internal
++ ABSL_NAMESPACE_END
--- /dev/null
--- /dev/null
++From: Benjamin Barenblat <bbaren@google.com>
++Subject: Set package configuration options
++Forwarded: not-needed
++
++Configure Abseil for Debian.
++
++ - Set the SONAME appropriately.
++
++ - To minimize the possibility of future ABI breakage, treat absl::any,
++ absl::optional, absl::string_view, and absl::variant as their own types
++ (rather than aliases for the std:: versions), and compile everything in an
++ inline namespace.
++
++ - Enable upstream's hardened build mode.
++
++--- a/CMake/AbseilHelpers.cmake
+++++ b/CMake/AbseilHelpers.cmake
++@@ -281,7 +281,8 @@
++ if(ABSL_ENABLE_INSTALL)
++ set_target_properties(${_NAME} PROPERTIES
++ OUTPUT_NAME "absl_${_NAME}"
++- SOVERSION "2206.0.0"
+++ SOVERSION 20220623
+++ VERSION "20220623.0.0"
++ )
++ endif()
++ else()
++--- a/absl/base/options.h
+++++ b/absl/base/options.h
++@@ -100,7 +100,7 @@
++ // User code should not inspect this macro. To check in the preprocessor if
++ // absl::any is a typedef of std::any, use the feature macro ABSL_USES_STD_ANY.
++
++-#define ABSL_OPTION_USE_STD_ANY 2
+++#define ABSL_OPTION_USE_STD_ANY 0
++
++
++ // ABSL_OPTION_USE_STD_OPTIONAL
++@@ -127,7 +127,7 @@
++ // absl::optional is a typedef of std::optional, use the feature macro
++ // ABSL_USES_STD_OPTIONAL.
++
++-#define ABSL_OPTION_USE_STD_OPTIONAL 2
+++#define ABSL_OPTION_USE_STD_OPTIONAL 0
++
++
++ // ABSL_OPTION_USE_STD_STRING_VIEW
++@@ -154,7 +154,7 @@
++ // absl::string_view is a typedef of std::string_view, use the feature macro
++ // ABSL_USES_STD_STRING_VIEW.
++
++-#define ABSL_OPTION_USE_STD_STRING_VIEW 2
+++#define ABSL_OPTION_USE_STD_STRING_VIEW 0
++
++ // ABSL_OPTION_USE_STD_VARIANT
++ //
++@@ -180,7 +180,7 @@
++ // absl::variant is a typedef of std::variant, use the feature macro
++ // ABSL_USES_STD_VARIANT.
++
++-#define ABSL_OPTION_USE_STD_VARIANT 2
+++#define ABSL_OPTION_USE_STD_VARIANT 0
++
++
++ // ABSL_OPTION_USE_INLINE_NAMESPACE
++@@ -206,7 +206,7 @@
++ // allowed.
++
++ #define ABSL_OPTION_USE_INLINE_NAMESPACE 1
++-#define ABSL_OPTION_INLINE_NAMESPACE_NAME lts_20220623
+++#define ABSL_OPTION_INLINE_NAMESPACE_NAME debian3
++
++ // ABSL_OPTION_HARDENED
++ //
++@@ -233,6 +233,6 @@
++ // checks enabled by this option may abort the program in a different way and
++ // log additional information when `NDEBUG` is not defined.
++
++-#define ABSL_OPTION_HARDENED 0
+++#define ABSL_OPTION_HARDENED 1
++
++ #endif // ABSL_BASE_OPTIONS_H_
--- /dev/null
--- /dev/null
++--- a/absl/strings/internal/cordz_info_statistics_test.cc
+++++ b/absl/strings/internal/cordz_info_statistics_test.cc
++@@ -466,6 +466,8 @@
++ }
++
++ TEST(CordzInfoStatisticsTest, ThreadSafety) {
+++ GTEST_SKIP() << "Skipping test; see https://bugs.debian.org/1018804";
+++
++ Notification stop;
++ static constexpr int kNumThreads = 8;
++ int64_t sampled_node_count = 0;
--- /dev/null
--- /dev/null
++From: Benjamin Barenblat <bbaren@google.com>
++Subject: Canonicalize supported CPU feature set
++Forwarded: not-needed
++
++Explicitly set supported CPU features.
++
++ - Disable Intel SSE and SSE2 on i386, since Debian supports some i386
++ processors without those extensions. Keep them enabled on amd64, since all
++ amd64 processors have them.
++
++ - Disable Intel SSSE3 entirely, since no i386 processor supports it and Debian
++ supports amd64 processors without it.
++
++ - Disable NEON on armel and armhf, since no armel processor supports NEON and
++ Debian supports some armhf processors without it. Keep it enabled on arm64,
++ since all arm64 processors have it.
++
++--- a/absl/base/config.h
+++++ b/absl/base/config.h
++@@ -862,7 +862,7 @@
++ // which architectures support the various x86 instruction sets.
++ #ifdef ABSL_INTERNAL_HAVE_SSE
++ #error ABSL_INTERNAL_HAVE_SSE cannot be directly set
++-#elif defined(__SSE__)
+++#elif defined(__x86_64__)
++ #define ABSL_INTERNAL_HAVE_SSE 1
++ #elif defined(_M_X64) || (defined(_M_IX86_FP) && _M_IX86_FP >= 1)
++ // MSVC only defines _M_IX86_FP for x86 32-bit code, and _M_IX86_FP >= 1
++@@ -877,7 +877,7 @@
++ // which architectures support the various x86 instruction sets.
++ #ifdef ABSL_INTERNAL_HAVE_SSE2
++ #error ABSL_INTERNAL_HAVE_SSE2 cannot be directly set
++-#elif defined(__SSE2__)
+++#elif defined(__x86_64__)
++ #define ABSL_INTERNAL_HAVE_SSE2 1
++ #elif defined(_M_X64) || (defined(_M_IX86_FP) && _M_IX86_FP >= 2)
++ // MSVC only defines _M_IX86_FP for x86 32-bit code, and _M_IX86_FP >= 2
++@@ -898,15 +898,13 @@
++ // by the CPU.
++ #ifdef ABSL_INTERNAL_HAVE_SSSE3
++ #error ABSL_INTERNAL_HAVE_SSSE3 cannot be directly set
++-#elif defined(__SSSE3__)
++-#define ABSL_INTERNAL_HAVE_SSSE3 1
++ #endif
++
++ // ABSL_INTERNAL_HAVE_ARM_NEON is used for compile-time detection of NEON (ARM
++ // SIMD).
++ #ifdef ABSL_INTERNAL_HAVE_ARM_NEON
++ #error ABSL_INTERNAL_HAVE_ARM_NEON cannot be directly set
++-#elif defined(__ARM_NEON)
+++#elif defined(__aarch64__)
++ #define ABSL_INTERNAL_HAVE_ARM_NEON 1
++ #endif
++
--- /dev/null
--- /dev/null
++From: Benjamin Barenblat <bbaren@google.com>
++Subject: Eliminate libabsl_flags.so and libabsl_flags.a
++Forwarded: not-needed
++
++The libabsl_flags library only contains code when compiling with MSVC, which
++Debian doesn't use. Skip compiling absl/flags/flag.cc, and make the Abseil flags
++library header-only.
++
++--- a/absl/flags/CMakeLists.txt
+++++ b/absl/flags/CMakeLists.txt
++@@ -199,8 +199,6 @@
++ absl_cc_library(
++ NAME
++ flags
++- SRCS
++- "flag.cc"
++ HDRS
++ "declare.h"
++ "flag.h"
--- /dev/null
--- /dev/null
++From: Benjamin Barenblat <bbaren@google.com>
++Subject: Use libatomic if necessary
++Bug-Debian: https://bugs.debian.org/973492
++
++On some architectures, notably armel, Abseil needs symbols defined in
++libatomic. Abseil does not currently have a well-developed system to
++declare external library dependencies, so just have the linker determine
++if anything needs libatomic and add the DT_NEEDED entry where necessary.
++
++--- a/absl/copts/AbseilConfigureCopts.cmake
+++++ b/absl/copts/AbseilConfigureCopts.cmake
++@@ -94,4 +94,8 @@
++ set(ABSL_TEST_COPTS "")
++ endif()
++
+++list(APPEND ABSL_DEFAULT_LINKOPTS
+++ "-Wl,--push-state,--as-needed" "-latomic" "-Wl,--pop-state"
+++)
+++
++ set(ABSL_CXX_STANDARD "${CMAKE_CXX_STANDARD}")
--- /dev/null
--- /dev/null
++From: Bruno Pitrus <brunopitrus@hotmail.com>
++Subject: Do not leak -maes -msse4.1 into pkgconfig
++Forwarded: https://github.com/abseil/abseil-cpp/pull/1216
++Origin: upstream, https://github.com/abseil/abseil-cpp/commit/09e96049995584c3489e4bd1467313e3e85af99c
++
++--- a/CMake/AbseilHelpers.cmake
+++++ b/CMake/AbseilHelpers.cmake
++@@ -166,6 +166,8 @@
++ set(PC_CFLAGS "${PC_CFLAGS} ${cflag}")
++ elseif(${cflag} MATCHES "^(-W|/w[1234eo])")
++ # Don't impose our warnings on others.
+++ elseif(${cflag} MATCHES "^-m")
+++ # Don't impose CPU instruction requirements on others, as the code performs feature detection on runtime.
++ else()
++ set(PC_CFLAGS "${PC_CFLAGS} ${cflag}")
++ endif()
--- /dev/null
--- /dev/null
++configure.diff
++cpu-features.diff
++latomic.diff
++empty-flags-library.diff
++leaky-pkgconfig-cflags.diff
++cordz-info-statistics-test.diff
++CVE-2025-0838.patch
--- /dev/null
--- /dev/null
++#!/usr/bin/make -f
++# Copyright 2020 Google LLC
++#
++# Licensed under the Apache License, Version 2.0 (the "License"); you may not
++# use this file except in compliance with the License. You may obtain a copy of
++# the License at
++#
++# https://www.apache.org/licenses/LICENSE-2.0
++#
++# Unless required by applicable law or agreed to in writing, software
++# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
++# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
++# License for the specific language governing permissions and limitations under
++# the License.
++
++include /usr/share/dpkg/architecture.mk
++
++export DEB_BUILD_MAINT_OPTIONS = hardening=+bindnow reproducible=+fixfilepath
++
++# Unit tests require more than 2 GB of RAM, so disable them on mipsel.
++#
++# Unit tests are not yet passing on ppc64, so disable them there as well.
++#
++# Disable unit tests unconditionally if nocheck is set.
++ifneq ($(filter $(DEB_HOST_ARCH),mipsel ppc64),)
++ABSL_RUN_TESTS=OFF
++else ifneq ($(filter nocheck,$(DEB_BUILD_OPTIONS)),)
++ABSL_RUN_TESTS=OFF
++else
++ABSL_RUN_TESTS=ON
++endif
++ifeq ($(DEB_HOST_ARCH),ppc64el)
++# https://github.com/abseil/abseil-cpp/issues/1804
++ABSL_TEST_EXTRA_ARGS="ARGS+=--exclude-regex absl_failure_signal_handler_test"
++endif
++
++%:
++ dh $@
++
++override_dh_auto_clean:
++ $(RM) -r $(CURDIR)/static
++ $(RM) -r $(CURDIR)/shared
++
++override_dh_auto_configure:
++ dh_auto_configure -Bstatic -- -DCMAKE_CXX_STANDARD=17 -DBUILD_SHARED_LIBS=OFF
++ifeq ($(ABSL_RUN_TESTS),ON)
++ dh_auto_configure -Bshared -- -DCMAKE_CXX_STANDARD=17 -DBUILD_SHARED_LIBS=ON -DBUILD_TESTING=ON -DABSL_BUILD_TESTING=ON -DABSL_USE_GOOGLETEST_HEAD=OFF
++else
++ dh_auto_configure -Bshared -- -DCMAKE_CXX_STANDARD=17 -DBUILD_SHARED_LIBS=ON
++endif
++
++override_dh_auto_build:
++ dh_auto_build -Bstatic
++ dh_auto_build -Bshared
++
++ifeq ($(ABSL_RUN_TESTS),ON)
++override_dh_auto_test:
++ dh_auto_test -Bshared -- $(ABSL_TEST_EXTRA_ARGS)
++endif
++
++override_dh_auto_install:
++ dh_auto_install -Bstatic
++ dh_auto_install -Bshared
++ find debian/tmp -type d -empty -delete
--- /dev/null
--- /dev/null
++3.0 (quilt)
--- /dev/null
--- /dev/null
++#!/bin/sh
++# Copyright 2022 Google LLC
++#
++# Licensed under the Apache License, Version 2.0 (the "License"); you may not
++# use this file except in compliance with the License. You may obtain a copy of
++# the License at
++#
++# https://www.apache.org/licenses/LICENSE-2.0
++#
++# Unless required by applicable law or agreed to in writing, software
++# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
++# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
++# License for the specific language governing permissions and limitations under
++# the License.
++
++set -eu
++
++readonly TMP="$(mktemp -d)"
++trap "rm -rf \"$TMP\"" EXIT
++cd "$TMP"
++
++echo 'int main() {}' >noop.cc
++
++g++ -o noop noop.cc $(pkg-config --cflags absl_base) $(pkg-config --libs absl_base)
--- /dev/null
--- /dev/null
++#!/bin/sh -eu
++# Copyright 2020 Google LLC
++#
++# Licensed under the Apache License, Version 2.0 (the "License"); you may not
++# use this file except in compliance with the License. You may obtain a copy of
++# the License at
++#
++# https://www.apache.org/licenses/LICENSE-2.0
++#
++# Unless required by applicable law or agreed to in writing, software
++# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
++# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
++# License for the specific language governing permissions and limitations under
++# the License.
++
++readonly TMP="$(mktemp -d)"
++trap "rm -rf \"$TMP\"" EXIT
++cd "$TMP"
++
++cat >test.cc <<EOF
++#include <absl/strings/numbers.h>
++
++int main(int argc, char* argv[]) {
++ int n;
++ if (!absl::SimpleAtoi(argv[1], &n)) {
++ return 1;
++ }
++ return n;
++}
++EOF
++
++cat >CMakeLists.txt <<EOF
++cmake_minimum_required(VERSION 3.5)
++project(test CXX)
++set(CMAKE_CXX_STANDARD 17)
++add_executable(test test.cc)
++find_package(absl REQUIRED)
++target_link_libraries(test absl::strings)
++EOF
++
++mkdir build
++cd build
++cmake ..
++make
++./test 0
--- /dev/null
--- /dev/null
++# Copyright 2020 Google LLC
++#
++# Licensed under the Apache License, Version 2.0 (the "License"); you may not
++# use this file except in compliance with the License. You may obtain a copy of
++# the License at
++#
++# https://www.apache.org/licenses/LICENSE-2.0
++#
++# Unless required by applicable law or agreed to in writing, software
++# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
++# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
++# License for the specific language governing permissions and limitations under
++# the License.
++
++Tests: smoke
++Depends: @, g++, libgtest-dev
++
++Tests: cmake
++Depends: @, cmake (>= 3.5), g++, make
++
++Tests: bug1011294
++Depends: @, g++, pkg-config
--- /dev/null
--- /dev/null
++#!/bin/sh -eu
++# Copyright 2020 Google LLC
++#
++# Licensed under the Apache License, Version 2.0 (the "License"); you may not
++# use this file except in compliance with the License. You may obtain a copy of
++# the License at
++#
++# https://www.apache.org/licenses/LICENSE-2.0
++#
++# Unless required by applicable law or agreed to in writing, software
++# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
++# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
++# License for the specific language governing permissions and limitations under
++# the License.
++
++readonly TMP="$(mktemp -d)"
++trap "rm -rf \"$TMP\"" EXIT
++cd "$TMP"
++
++cat >smoke.cc <<EOF
++#include <absl/strings/str_join.h>
++#include <gtest/gtest.h>
++
++#include <vector>
++
++namespace {
++
++TEST(AbseilTest, StrJoinWorks) {
++ std::vector<std::string> v = {"foo", "bar", "baz"};
++ EXPECT_EQ(absl::StrJoin(v, "-"), "foo-bar-baz");
++}
++
++} // namespace
++EOF
++
++g++ -o smoke smoke.cc -labsl_strings -lgtest -lgtest_main -pthread
++./smoke
--- /dev/null
--- /dev/null
++# Copyright 2020 Google LLC
++#
++# Licensed under the Apache License, Version 2.0 (the "License"); you may not
++# use this file except in compliance with the License. You may obtain a copy of
++# the License at
++#
++# https://www.apache.org/licenses/LICENSE-2.0
++#
++# Unless required by applicable law or agreed to in writing, software
++# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
++# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
++# License for the specific language governing permissions and limitations under
++# the License.
++
++version=4
++opts="filenamemangle=s%(?:.*?)?v?(\d[\d.]*)\.tar\.gz%@PACKAGE@-$1.tar.gz%, uversionmangle=s/^/0~/" \
++ https://github.com/abseil/abseil-cpp/releases \
++ (?:.*?/)?v?(\d[\d.]*)\.tar\.gz
projects / abseil.git / commitdiff