From 784b9bb1a95cea3dae4ada4ddcdac6036f113314 Mon Sep 17 00:00:00 2001
From: Thane Thomson <connect@thanethomson.com>
Date: Mon, 25 Oct 2021 11:58:47 -0400
Subject: [PATCH 1/5] Update prost dependencies to use official release

Signed-off-by: Thane Thomson <connect@thanethomson.com>
---
 abci/Cargo.toml       | 2 +-
 p2p/Cargo.toml        | 4 ++--
 proto/Cargo.toml      | 4 ++--
 tendermint/Cargo.toml | 4 ++--
 4 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/abci/Cargo.toml b/abci/Cargo.toml
index bb2a808b7..36276c70f 100644
--- a/abci/Cargo.toml
+++ b/abci/Cargo.toml
@@ -33,7 +33,7 @@ std = [
 
 [dependencies]
 bytes = { version = "1.0", default-features = false }
-prost = { package = "informalsystems-prost", version = "0.8.1", default-features = false }
+prost = { version = "0.9", default-features = false }
 tendermint-proto = { version = "0.23.0-internal", default-features = false, path = "../proto" }
 tracing = { version = "0.1", default-features = false }
 flex-error = { version = "0.4.3", default-features = false }
diff --git a/p2p/Cargo.toml b/p2p/Cargo.toml
index 0e4ba9ebc..dad51244a 100644
--- a/p2p/Cargo.toml
+++ b/p2p/Cargo.toml
@@ -37,7 +37,7 @@ eyre = { version = "0.6", default-features = false }
 flume = { version = "0.10.7", default-features = false }
 hkdf = { version = "0.10.0", default-features = false }
 merlin = { version = "2", default-features = false }
-prost = { package = "informalsystems-prost", version = "0.8.1", default-features = false }
+prost = { version = "0.9", default-features = false }
 rand_core = { version = "0.5", default-features = false, features = ["std"] }
 sha2 = { version = "0.9", default-features = false }
 subtle = { version = "2", default-features = false }
@@ -53,4 +53,4 @@ tendermint-proto = { path = "../proto", version = "0.23.0-internal" }
 tendermint-std-ext = { path = "../std-ext", version = "0.23.0-internal" }
 
 # optional dependencies
-prost-derive = { package = "informalsystems-prost-derive", version = "0.8.1", optional = true }
+prost-derive = { version = "0.9", optional = true }
diff --git a/proto/Cargo.toml b/proto/Cargo.toml
index 57fa3bd1e..8412e71be 100644
--- a/proto/Cargo.toml
+++ b/proto/Cargo.toml
@@ -17,8 +17,8 @@ description = """
 all-features = true
 
 [dependencies]
-prost = { package = "informalsystems-prost", version = "0.8.1", default-features = false }
-prost-types = { package = "informalsystems-prost-types", version = "0.8.1", default-features = false }
+prost = { version = "0.9", default-features = false }
+prost-types = { version = "0.9", default-features = false }
 bytes = { version = "1.0", default-features = false }
 serde = { version = "1.0", default-features = false, features = ["derive"] }
 serde_bytes = { version = "0.11", default-features = false, features = ["alloc"] }
diff --git a/tendermint/Cargo.toml b/tendermint/Cargo.toml
index c86544dde..417b5f817 100644
--- a/tendermint/Cargo.toml
+++ b/tendermint/Cargo.toml
@@ -41,8 +41,8 @@ ed25519-dalek = { version = "1", default-features = false, features = ["u64_back
 futures = { version = "0.3", default-features = false }
 num-traits = { version = "0.2", default-features = false }
 once_cell = { version = "1.3", default-features = false }
-prost = { package = "informalsystems-prost", version = "0.8.1", default-features = false }
-prost-types = { package = "informalsystems-prost-types", version = "0.8.1", default-features = false }
+prost = { version = "0.9", default-features = false }
+prost-types = { version = "0.9", default-features = false }
 serde = { version = "1", default-features = false, features = ["derive"] }
 serde_json = { version = "1", default-features = false, features = ["alloc"] }
 serde_bytes = { version = "0.11", default-features = false }

From 5705068d72b1181f62a816acd927f6f671c792b8 Mon Sep 17 00:00:00 2001
From: Thane Thomson <connect@thanethomson.com>
Date: Mon, 25 Oct 2021 11:58:56 -0400
Subject: [PATCH 2/5] Fix clippy warning/error

Signed-off-by: Thane Thomson <connect@thanethomson.com>
---
 testgen/src/tester.rs | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/testgen/src/tester.rs b/testgen/src/tester.rs
index 0a9dc2114..484ad91ad 100644
--- a/testgen/src/tester.rs
+++ b/testgen/src/tester.rs
@@ -460,9 +460,7 @@ impl Tester {
                             let path = format!("{}", entry.path().display());
                             let rel_path = self.env().unwrap().rel_path(&path).unwrap();
                             if kind.is_file() || kind.is_symlink() {
-                                if !rel_path.ends_with(".json") {
-                                    return;
-                                } else {
+                                if rel_path.ends_with(".json") {
                                     self.run_for_file(&rel_path);
                                 }
                             } else if kind.is_dir() {

From 943f66f293aaf3a8468d818f60b6e36b90615388 Mon Sep 17 00:00:00 2001
From: Thane Thomson <connect@thanethomson.com>
Date: Mon, 25 Oct 2021 12:01:28 -0400
Subject: [PATCH 3/5] Bump prost version for proto-compiler

Signed-off-by: Thane Thomson <connect@thanethomson.com>
---
 tools/proto-compiler/Cargo.toml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/proto-compiler/Cargo.toml b/tools/proto-compiler/Cargo.toml
index 746da69be..45be63d80 100644
--- a/tools/proto-compiler/Cargo.toml
+++ b/tools/proto-compiler/Cargo.toml
@@ -7,7 +7,7 @@ publish = false
 
 [dependencies]
 walkdir         = { version = "2.3" }
-prost-build     = { version = "0.7" }
+prost-build     = { version = "0.9" }
 git2            = { version = "0.13" }
 tempfile        = { version = "3.2.0" }
 subtle-encoding = { version = "0.5" }

From 158e8ba6b6412881ab481a7ccbc70a0542b7df4d Mon Sep 17 00:00:00 2001
From: Thane Thomson <connect@thanethomson.com>
Date: Mon, 25 Oct 2021 12:08:46 -0400
Subject: [PATCH 4/5] Regenerate protos

Signed-off-by: Thane Thomson <connect@thanethomson.com>
---
 proto/src/prost/google.protobuf.rs  | 2 +-
 proto/src/prost/tendermint.abci.rs  | 8 ++++----
 proto/src/prost/tendermint.types.rs | 2 +-
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/proto/src/prost/google.protobuf.rs b/proto/src/prost/google.protobuf.rs
index e6ea7cfe3..b54bc4bbf 100644
--- a/proto/src/prost/google.protobuf.rs
+++ b/proto/src/prost/google.protobuf.rs
@@ -331,7 +331,7 @@ pub struct MethodDescriptorProto {
 //   extension number. You can declare multiple options with only one extension
 //   number by putting them in a sub-message. See the Custom Options section of
 //   the docs for examples:
-//   https://developers.google.com/protocol-buffers/docs/proto#options
+//   <https://developers.google.com/protocol-buffers/docs/proto#options>
 //   If this turns out to be popular, a web service will be set up
 //   to automatically assign option numbers.
 
diff --git a/proto/src/prost/tendermint.abci.rs b/proto/src/prost/tendermint.abci.rs
index 959a160a7..c34e6d1b8 100644
--- a/proto/src/prost/tendermint.abci.rs
+++ b/proto/src/prost/tendermint.abci.rs
@@ -1,6 +1,6 @@
-// This file is copied from http://github.com/tendermint/abci
+// This file is copied from <http://github.com/tendermint/abci>
 // NOTE: When using custom types, mind the warnings.
-// https://github.com/gogo/protobuf/blob/master/custom_types.md#warnings-and-issues
+// <https://github.com/gogo/protobuf/blob/master/custom_types.md#warnings-and-issues>
 
 //----------------------------------------
 // Request types
@@ -490,7 +490,7 @@ pub struct Validator {
     /// The first 20 bytes of SHA256(public key)
     #[prost(bytes="vec", tag="1")]
     pub address: ::prost::alloc::vec::Vec<u8>,
-    /// PubKey pub_key = 2 [(gogoproto.nullable)=false];
+    /// PubKey pub_key = 2 \[(gogoproto.nullable)=false\];
     ///
     /// The voting power
     #[prost(int64, tag="3")]
@@ -527,7 +527,7 @@ pub struct Evidence {
     pub time: ::core::option::Option<super::super::google::protobuf::Timestamp>,
     /// Total voting power of the validator set in case the ABCI application does
     /// not store historical validators.
-    /// https://github.com/tendermint/tendermint/issues/4581
+    /// <https://github.com/tendermint/tendermint/issues/4581>
     #[prost(int64, tag="5")]
     pub total_voting_power: i64,
 }
diff --git a/proto/src/prost/tendermint.types.rs b/proto/src/prost/tendermint.types.rs
index a39adc1a3..61c23229e 100644
--- a/proto/src/prost/tendermint.types.rs
+++ b/proto/src/prost/tendermint.types.rs
@@ -386,7 +386,7 @@ pub struct EvidenceParams {
     ///
     /// It should correspond with an app's "unbonding period" or other similar
     /// mechanism for handling [Nothing-At-Stake
-    /// attacks](https://github.com/ethereum/wiki/wiki/Proof-of-Stake-FAQ#what-is-the-nothing-at-stake-problem-and-how-can-it-be-fixed).
+    /// attacks](<https://github.com/ethereum/wiki/wiki/Proof-of-Stake-FAQ#what-is-the-nothing-at-stake-problem-and-how-can-it-be-fixed>).
     #[prost(message, optional, tag="2")]
     pub max_age_duration: ::core::option::Option<super::super::google::protobuf::Duration>,
     /// This sets the maximum size of total evidence in bytes that can be committed in a single block.

From 2e94188c118a2f608124f083d8416b84b26c1f4c Mon Sep 17 00:00:00 2001
From: Thane Thomson <connect@thanethomson.com>
Date: Tue, 26 Oct 2021 08:24:24 -0400
Subject: [PATCH 5/5] Add changelog entry

Signed-off-by: Thane Thomson <connect@thanethomson.com>
---
 .changelog/unreleased/breaking-changes/925-upgrade-prost.md | 3 +++
 1 file changed, 3 insertions(+)
 create mode 100644 .changelog/unreleased/breaking-changes/925-upgrade-prost.md

diff --git a/.changelog/unreleased/breaking-changes/925-upgrade-prost.md b/.changelog/unreleased/breaking-changes/925-upgrade-prost.md
new file mode 100644
index 000000000..8afd475d3
--- /dev/null
+++ b/.changelog/unreleased/breaking-changes/925-upgrade-prost.md
@@ -0,0 +1,3 @@
+- Upgraded Prost to the official v0.9 release to finally resolve the security
+  issue introduced by v0.7
+  ([#925](https://github.com/informalsystems/tendermint-rs/issues/925))