bump RTC-Folly to 2021.07.22

[luissantana]

Summary

Bumping RTC-Folly version used to address CVE-2022-24440.

Changelog

[General][Security] - Bump RTC-Folly to 2021-07-22

Test Plan

[analysis-bot]

Platform	Engine	Arch	Size (bytes)	Diff
android	hermes	arm64-v8a	7,823,411	+77
android	hermes	armeabi-v7a	7,210,717	+176
android	hermes	x86	8,134,007	+36
android	hermes	x86_64	8,114,223	+99
android	jsc	arm64-v8a	9,690,728	-8
android	jsc	armeabi-v7a	8,446,849	+16
android	jsc	x86	9,642,021	-106
android	jsc	x86_64	10,239,300	+6

Base commit: e5c5dcd
Branch: main

[facebook-github-bot]

@genkikondo has imported this pull request. If you are a Meta employee, you can view this diff on Phabricator.

[luissantana]

@genkikondo what needs to happen to backport this change into v 0.65? thanks!

[cortinico]

Just a heads up that this PR is sadly not enough to bump Folly.

There are a variety of places where the Folly version is specified, specifically:

third-party-podspecs/RCT-Folly.podspec
6:folly_release_version = '2021.06.28.00'

ReactAndroid/gradle.properties
21:FOLLY_VERSION=2021.06.28.00

React/FBReactNativeSpec/FBReactNativeSpec.podspec
23:folly_version = '2021.06.28.00-v2'

React/React-RCTFabric.podspec
21:folly_version = '2021.06.28.00-v2'

React/third-party.xcconfig
11:HEADER_SEARCH_PATHS = $(SRCROOT)/../third-party/boost_1_76_0 $(SRCROOT)/../third-party/folly-2021.06.28.00 $(SRCROOT)/../third-party/glog-0.3.5/src

React/CoreModules/React-CoreModules.podspec
20:folly_version = '2021.06.28.00-v2'

packages/rn-tester/Podfile.lock
7:    - RCT-Folly (= 2021.06.28.00-v2)
78:  - RCT-Folly (2021.06.28.00-v2):
83:    - RCT-Folly/Default (= 2021.06.28.00-v2)
84:  - RCT-Folly/Default (2021.06.28.00-v2):
89:  - RCT-Folly/Fabric (2021.06.28.00-v2):
113:    - RCT-Folly (= 2021.06.28.00-v2)
118:    - RCT-Folly (= 2021.06.28.00-v2)
129:    - RCT-Folly (= 2021.06.28.00-v2)
138:    - RCT-Folly (= 2021.06.28.00-v2)
147:    - RCT-Folly (= 2021.06.28.00-v2)
155:    - RCT-Folly (= 2021.06.28.00-v2)
166:    - RCT-Folly (= 2021.06.28.00-v2)
175:    - RCT-Folly (= 2021.06.28.00-v2)
184:    - RCT-Folly (= 2021.06.28.00-v2)
193:    - RCT-Folly (= 2021.06.28.00-v2)
202:    - RCT-Folly (= 2021.06.28.00-v2)
211:    - RCT-Folly (= 2021.06.28.00-v2)
220:    - RCT-Folly (= 2021.06.28.00-v2)
229:    - RCT-Folly (= 2021.06.28.00-v2)
238:    - RCT-Folly (= 2021.06.28.00-v2)
247:    - RCT-Folly (= 2021.06.28.00-v2)
256:    - RCT-Folly (= 2021.06.28.00-v2)
264:    - RCT-Folly (= 2021.06.28.00-v2)
275:    - RCT-Folly (= 2021.06.28.00-v2)
283:    - RCT-Folly/Fabric (= 2021.06.28.00-v2)
311:    - RCT-Folly/Fabric (= 2021.06.28.00-v2)
319:    - RCT-Folly/Fabric (= 2021.06.28.00-v2)
327:    - RCT-Folly/Fabric (= 2021.06.28.00-v2)
335:    - RCT-Folly/Fabric (= 2021.06.28.00-v2)
343:    - RCT-Folly/Fabric (= 2021.06.28.00-v2)
351:    - RCT-Folly/Fabric (= 2021.06.28.00-v2)
372:    - RCT-Folly/Fabric (= 2021.06.28.00-v2)
380:    - RCT-Folly/Fabric (= 2021.06.28.00-v2)
388:    - RCT-Folly/Fabric (= 2021.06.28.00-v2)
396:    - RCT-Folly/Fabric (= 2021.06.28.00-v2)
404:    - RCT-Folly/Fabric (= 2021.06.28.00-v2)
412:    - RCT-Folly/Fabric (= 2021.06.28.00-v2)
420:    - RCT-Folly/Fabric (= 2021.06.28.00-v2)
428:    - RCT-Folly/Fabric (= 2021.06.28.00-v2)
436:    - RCT-Folly/Fabric (= 2021.06.28.00-v2)
444:    - RCT-Folly/Fabric (= 2021.06.28.00-v2)
452:    - RCT-Folly/Fabric (= 2021.06.28.00-v2)
460:    - RCT-Folly/Fabric (= 2021.06.28.00-v2)
468:    - RCT-Folly/Fabric (= 2021.06.28.00-v2)
477:    - RCT-Folly/Fabric (= 2021.06.28.00-v2)
485:    - RCT-Folly/Fabric (= 2021.06.28.00-v2)
493:    - RCT-Folly/Fabric (= 2021.06.28.00-v2)
501:    - RCT-Folly/Fabric (= 2021.06.28.00-v2)
509:    - RCT-Folly/Fabric (= 2021.06.28.00-v2)
518:    - RCT-Folly/Fabric (= 2021.06.28.00-v2)
526:    - RCT-Folly/Fabric (= 2021.06.28.00-v2)
534:    - RCT-Folly/Fabric (= 2021.06.28.00-v2)
542:    - RCT-Folly/Fabric (= 2021.06.28.00-v2)
550:    - RCT-Folly/Fabric (= 2021.06.28.00-v2)
558:    - RCT-Folly/Fabric (= 2021.06.28.00-v2)
566:    - RCT-Folly/Fabric (= 2021.06.28.00-v2)
575:    - RCT-Folly/Fabric (= 2021.06.28.00-v2)
583:    - RCT-Folly/Fabric (= 2021.06.28.00-v2)
591:    - RCT-Folly/Fabric (= 2021.06.28.00-v2)
597:    - RCT-Folly (= 2021.06.28.00-v2)
603:    - RCT-Folly (= 2021.06.28.00-v2)
608:    - RCT-Folly (= 2021.06.28.00-v2)
612:    - RCT-Folly (= 2021.06.28.00-v2)
623:    - RCT-Folly (= 2021.06.28.00-v2)
630:    - RCT-Folly (= 2021.06.28.00-v2)
638:    - RCT-Folly/Fabric (= 2021.06.28.00-v2)
643:    - RCT-Folly (= 2021.06.28.00-v2)
656:    - RCT-Folly (= 2021.06.28.00-v2)
669:    - RCT-Folly (= 2021.06.28.00-v2)
676:    - RCT-Folly (= 2021.06.28.00-v2)
684:    - RCT-Folly (= 2021.06.28.00-v2)
695:    - RCT-Folly (= 2021.06.28.00-v2)
706:    - RCT-Folly (= 2021.06.28.00-v2)
716:    - RCT-Folly (= 2021.06.28.00-v2)

packages/rn-tester/RCTTest/React-RCTTest.podspec
20:folly_version = '2021.06.28.00-v2'

packages/rn-tester/NativeModuleExample/ScreenshotManager.podspec
11:folly_version = '2021.06.28.00-v2'

packages/rn-tester/NativeComponentExample/MyNativeView.podspec
11:folly_version = '2021.06.28.00-v2'

scripts/react_native_pods.rb
267:  folly_version = '2021.06.28.00-v2'

React-Core.podspec
20:folly_version = '2021.06.28.00-v2'

ReactCommon/hermes/React-hermes.podspec
20:folly_version = '2021.06.28.00-v2'

ReactCommon/react/bridging/React-bridging.podspec
20:folly_version = '2021.06.28.00-v2'

ReactCommon/react/renderer/graphics/React-graphics.podspec
20:folly_version = '2021.06.28.00-v2'

ReactCommon/callinvoker/React-callinvoker.podspec
20:folly_version = '2021.06.28.00-v2'

ReactCommon/ReactCommon.podspec
20:folly_version = '2021.06.28.00-v2'

ReactCommon/runtimeexecutor/React-runtimeexecutor.podspec
20:folly_version = '2021.06.28.00-v2'

ReactCommon/React-Fabric.podspec
20:folly_version = '2021.06.28.00-v2'

ReactCommon/cxxreact/React-cxxreact.podspec
───────┬───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
       │ File: Libraries/Vibration/React-RCTVibration.podspec
       │ Size: 2.3 KB
───────┼───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
   1   │ # Copyright (c) Meta Platforms, Inc. and affiliates.
   2   │ #
   3   │ # This source code is licensed under the MIT license found in the
   4   │ # LICENSE file in the root directory of this source tree.
   5   │
   6   │ require "json"
   7   │
   8   │ package = JSON.parse(File.read(File.join(__dir__, "..", "..", "package.json")))
   9   │ version = package['version']
  10   │
  11   │ source = { :git => 'https://github.com/facebook/react-native.git' }
  12   │ if version == '1000.0.0'
  13   │   # This is an unpublished version, use the latest commit hash of the react-native repo, which we’re presumably in.
  14   │   source[:commit] = `git rev-parse HEAD`.strip if system("git rev-parse --git-dir > /dev/null 2>&1")
  15   │ else
  16   │   source[:tag] = "v#{version}"
  17   │ end
  18   │
  19   │ folly_compiler_flags = '-DFOLLY_NO_CONFIG -DFOLLY_MOBILE=1 -DFOLLY_USE_LIBCPP=1 -Wno-comma -Wno-shorten-64-to-32'
21:folly_version = '2021.06.28.00-v2'

ReactCommon/jsi/React-jsi.podspec
20:folly_version = '2021.06.28.00-v2'

ReactCommon/reactperflogger/React-perflogger.podspec
20:folly_version = '2021.06.28.00-v2'

ReactCommon/logger/React-logger.podspec
21:folly_version = '2021.06.28.00-v2'

Libraries/PushNotificationIOS/React-RCTPushNotification.podspec
20:folly_version = '2021.06.28.00-v2'

ReactCommon/jsiexecutor/React-jsiexecutor.podspec
20:folly_version = '2021.06.28.00-v2'

Libraries/Blob/React-RCTBlob.podspec
20:folly_version = '2021.06.28.00-v2'

Libraries/LinkingIOS/React-RCTLinking.podspec
20:folly_version = '2021.06.28.00-v2'

Libraries/Image/React-RCTImage.podspec
20:folly_version = '2021.06.28.00-v2'

Libraries/Network/React-RCTNetwork.podspec
20:folly_version = '2021.06.28.00-v2'

Libraries/NativeAnimation/React-RCTAnimation.podspec
20:folly_version = '2021.06.28.00-v2'

Libraries/Settings/React-RCTSettings.podspec
20:folly_version = '2021.06.28.00-v2'

Libraries/Vibration/React-RCTVibration.podspec
20:folly_version = '2021.06.28.00-v2'

Aside from iOS, also the Android bump will have to be done, as we want to make sure the two platform have aligned versions of Folly.

@genkikondo what needs to happen to backport this change into v 0.65? thanks!

I think it's unlikely we backport this down to .65 as it would require a point release for .65, .66, .67 and .68.

[luissantana]

OMG, that is in fact sad news.
thanks for the heads up @cortinico, will aim to upgrade this PR and see our course of action if this gets fix only in the current version.

[luissantana]

hey @cortinico , I updated the remaining files with the version bump. hopefully that would be enough to upgrade in the current version. thanks!

[cortinico]

Thanks for the heads up @luissantana. Can I ask you to rebase as the CI should be green now?

[luissantana]

@cortinico rebased :D

[analysis-bot]

Platform	Engine	Arch	Size (bytes)	Diff
ios	-	universal	n/a	--

Base commit: e5c5dcd
Branch: main

[facebook-github-bot]

@cortinico has imported this pull request. If you are a Meta employee, you can view this diff on Phabricator.

[alaldtt]

Thanks for the heads up @luissantana. Can I ask you to rebase as the CI should be green now?

Is there going to be an official release?

[cortinico]

Just a small heads up. This is failing internally when building RN Tester with:

stderr:
2022-05-30 02:42:00.479 xcodebuild[99177:383529154] Requested but did not find extension point with identifier Xcode.IDEKit.ExtensionSentinelHostApplications for extension Xcode.DebuggerFoundation.AppExtensionHosts.watchOS of plug-in com.apple.dt.IDEWatchSupportCore
2022-05-30 02:42:00.480 xcodebuild[99177:383529154] Requested but did not find extension point with identifier Xcode.IDEKit.ExtensionPointIdentifierToBundleIdentifier for extension Xcode.DebuggerFoundation.AppExtensionToBundleIdentifierMap.watchOS of plug-in com.apple.dt.IDEWatchSupportCore

Not sure why this is not failing on CircleCI though. Does it ring any bell?

[facebook-github-bot]

@cortinico has imported this pull request. If you are a Meta employee, you can view this diff on Phabricator.

[cortinico]

Thanks for re-running pod install @luissantana 👍 This solved the build issue.

[react-native-bot]

This pull request was successfully merged by @luissantana in 68f3a42.

^{When will my fix make it into a release? | Upcoming Releases}