go.mod: Update to protobuf v1.3.2

[amorenoz]

To address CVE-2021-3121 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3121)

Signed-off-by: Adrian Moreno amorenoz@redhat.com

[amorenoz]

@lebauce please confirm there are no more hidden "go get"

[amorenoz]

Repository is altered after build:
diff --git a/flow/flow.pb.go b/flow/flow.pb.go
index 2b3591ab..f3687e4f 100644
--- a/flow/flow.pb.go
+++ b/flow/flow.pb.go
@@ -3043,10 +3043,7 @@ func (m *FlowLayer) Unmarshal(dAtA []byte) error {
            if err != nil {
                return err
            }
-           if skippy < 0 {
-               return ErrInvalidLengthFlow
-           }
-           if (iNdEx + skippy) < 0 {
+           if (skippy < 0) || (iNdEx+skippy) < 0 {
                return ErrInvalidLengthFlow
            }
            if (iNdEx + skippy) > l {
...

Do I have to regenerate the .pb.go files and commit them?

[safchain]

@amorenoz all "go get" related to protoc are in the .mk folder. Yes you have to commit the generated files

[amorenoz]

Thanks for helping @lebauce. I've been unable to build skydive with the new protobuf:

$ make                                                                                                                                                                                                                                  
go mod download                                                                                                                                                                                                                                 
go get github.com/gogo/protobuf/protoc-gen-gogofaster@v1.3.2                                                                                                                                                                                    
go: found github.com/gogo/protobuf/protoc-gen-gogofaster in github.com/gogo/protobuf v1.3.2                                                                                                                                                     
go get github.com/golang/protobuf/protoc-gen-go@v1.3.2                                                                                                                                                                                          
go: found github.com/golang/protobuf/protoc-gen-go in github.com/golang/protobuf v1.3.2                                                                                                                                                         
protoc -I. -Iflow/layers -I${GOPATH}/pkg/mod/github.com/gogo/protobuf@v1.3.2 --plugin=${GOPATH}/bin/protoc-gen-gogofaster --gogofaster_out $GOPATH/src flow/flow.proto                                                                          
# always export flow.ParentUUID as we need to store this information to know                                                                                                                                                                    
# if it's a Outer or Inner packet.                          
sed -e 's/ParentUUID\(.*\),omitempty\(.*\)/ParentUUID\1\2/' \                                                           
        -e 's/Protocol\(.*\),omitempty\(.*\)/Protocol\1\2/' \                                                           
        -e 's/ICMPType\(.*\),omitempty\(.*\)/ICMPType\1\2/' \                                                           
        -e 's/int64\(.*\),omitempty\(.*\)/int64\1\2/' \                                                                 
        -i flow/flow.pb.go                                  
sed: can't read flow/flow.pb.go: No such file or directory                                                              
make: *** [.mk/proto.mk:16: flow/flow.pb.go] Error 2        

[lebauce]

run skydive-k8s-tests

[lebauce]

@amorenoz No problem, thanks for the patch. It seems the protoc command did not generate the flow.pb.go file. What version of Go and protoc are you using ?