rpms
/
lz4
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: rpms:c9
Branches Tags
rpms:i10c-beta
rpms:c10-beta
rpms:i10cs
rpms:cs10
rpms:i8c
rpms:c8
rpms:i9c
rpms:c9
..
compare: rpms:c8
Branches Tags
rpms:i10c-beta
rpms:c10-beta
rpms:i10cs
rpms:cs10
rpms:i8c
rpms:c8
rpms:i9c
rpms:c9

No commits in common. 'c9' and 'c8' have entirely different histories.
c9 ... c8

4 changed files with 42 additions and 71 deletions
Show Stats

2
.gitignore vendored
Unescape View File

@ -1 +1 @@
SOURCES/lz4-1.9.3.tar.gz
SOURCES/lz4-1.8.3.tar.gz

2
.lz4.metadata
Unescape View File

@ -1 +1 @@
5a19554ef404a609123b756ddcbbb677df838f05 SOURCES/lz4-1.9.3.tar.gz
070867abcd93a7245b80ec6fc2ced27c6b8e3e0c SOURCES/lz4-1.8.3.tar.gz

32
SOURCES/lz4-cve-2021-3520.patch
Unescape View File

@ -1,22 +1,24 @@
From 8301a21773ef61656225e264f4f06ae14462bca7 Mon Sep 17 00:00:00 2001
From: Jasper Lievisse Adriaanse <j@jasper.la>
Date: Fri, 26 Feb 2021 15:21:20 +0100
Subject: [PATCH] Fix potential memory corruption with negative memmove() size
From 97f58e5fe5ff44fc9f7c86f6f67a11223379e640 Mon Sep 17 00:00:00 2001
From: Jakub Martisko <jamartis@redhat.com>
Date: Fri, 7 May 2021 13:08:24 +0200
Subject: [PATCH] Fix: cve-2021-3520
---
lib/lz4.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
lib/lz4.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/lib/lz4.c b/lib/lz4.c
index 5f524d01..c2f504ef 100644
index 4046102..c18c1f6 100644
--- a/lib/lz4.c
+++ b/lib/lz4.c
@@ -1749,7 +1749,7 @@ LZ4_decompress_generic(
const size_t dictSize /* note : = 0 if noDict */
)
{
- if (src == NULL) { return -1; }
+ if ((src == NULL) || (outputSize < 0)) { return -1; }
@@ -1437,6 +1437,7 @@ LZ4_decompress_generic(
/* Special cases */
assert(lowPrefix <= op);
assert(src != NULL);
+ if (outputSize < 0) {return -1;};
if ((endOnInput) && (unlikely(outputSize==0))) return ((srcSize==1) && (*ip==0)) ? 0 : -1; /* Empty output buffer */
if ((!endOnInput) && (unlikely(outputSize==0))) return (*ip==0 ? 1 : -1);
if ((endOnInput) && unlikely(srcSize==0)) return -1;
--
2.30.1
{ const BYTE* ip = (const BYTE*) src;
const BYTE* const iend = ip + srcSize;

75
SPECS/lz4.spec
Unescape View File

@ -1,21 +1,16 @@
%global _vpath_srcdir contrib/meson
Name: lz4
Version: 1.9.3
Release: 5%{?dist}
Version: 1.8.3
Release: 3%{?dist}
Summary: Extremely fast compression algorithm
License: GPLv2+ and BSD
URL: https://lz4.github.io/lz4/
Source0: https://github.com/lz4/lz4/archive/v%{version}/%{name}-%{version}.tar.gz
Source0: https://github.com/Cyan4973/lz4/archive/v%{version}/%{name}-%{version}.tar.gz
Obsoletes: %{name} < 1.7.5-3
BuildRequires: make
BuildRequires: gcc
BuildRequires: meson >= 0.43
Patch1: lz4-cve-2021-3520.patch
%description
LZ4 is an extremely fast loss-less compression algorithm, providing compression
speed at 400 MB/s per core, scalable with multi-core CPU. It also features
@ -46,16 +41,19 @@ contains static libraries for static linking of applications.
%prep
%autosetup -p1
echo '#!/bin/sh' > ./configure
chmod +x ./configure
%build
%meson \
-Dbin_programs=true \
-Ddefault_library=both \
%{nil}
%meson_build
%configure
%make_build
%install
%meson_install
%configure
# Someone thinks that plain Makefiles are good for bigger projects than hello world..
%make_install LIBDIR=%{_libdir} PREFIX=%{_prefix}
%ldconfig_scriptlets libs
%files
%license programs/COPYING
@ -83,46 +81,17 @@ contains static libraries for static linking of applications.
%{_libdir}/liblz4.a
%changelog
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.9.3-5
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Thu May 27 2021 Jakub Martisko <jamartis@redhat.com> - 1.9.3-4
- Fix cve-2021-3520
resolves: cve-2021-3520
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.9.3-3
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Wed Jan 06 2021 Timothée Ravier <travier@redhat.com> - 1.9.3-1
- Update to 1.9.3 and switch to Meson
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Wed Aug 14 2019 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1.9.1-1
- Update to 1.9.1
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Mon Oct 29 2018 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 1.8.3-1
- Update to latest version
* Fri May 07 2021 Jakub Martisko <jamartis@redhat.com> - 1.8.3-3
- Fix memory corruption due to an integer overflow
_ Resolves: CVE-2021-3520
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Tue May 26 2020 Jakub Martisko <jamartis@redhat.com> - 1.8.3-2
- Rebuilding with the new gating tests
- Related: 1840046
* Sat May 12 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1.8.2-1
- Update to 1.8.2
* Mon Apr 06 2020 Jakub Martisko <jamartis@redhat.com> - 1.8.3-1
- Rebase to 1.8.3
- Resolves: #1821237
* Fri Feb 09 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1.8.1.2-4
- Escape macros in %%changelog

Write Preview
Loading…
Cancel
Save