Compare commits
10 Commits
1913427d68
...
a7b7e9b1e6
| Author | SHA1 | Date | |
|---|---|---|---|
|
a7b7e9b1e6 | ||
|
|
192cabe36c | ||
|
|
31424276cd | ||
|
|
8d097cc8a2 | ||
|
|
a8cbaf2af4 | ||
|
|
fdb34fa687 | ||
|
|
c0a12e2011 | ||
|
|
fdfe95197d | ||
|
|
422b5f0af9 | ||
|
|
f1cc5fc70c |
22
backport-CVE-2021-3520.patch
Normal file
22
backport-CVE-2021-3520.patch
Normal file
@ -0,0 +1,22 @@
|
||||
From 8301a21773ef61656225e264f4f06ae14462bca7 Mon Sep 17 00:00:00 2001
|
||||
From: Jasper Lievisse Adriaanse <j@jasper.la>
|
||||
Date: Fri, 26 Feb 2021 15:21:20 +0100
|
||||
Subject: [PATCH] Fix potential memory corruption with negative memmove() size
|
||||
|
||||
---
|
||||
lib/lz4.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/lib/lz4.c b/lib/lz4.c
|
||||
index 5f524d01d..c2f504ef3 100644
|
||||
--- a/lib/lz4.c
|
||||
+++ b/lib/lz4.c
|
||||
@@ -1749,7 +1749,7 @@ LZ4_decompress_generic(
|
||||
const size_t dictSize /* note : = 0 if noDict */
|
||||
)
|
||||
{
|
||||
- if (src == NULL) { return -1; }
|
||||
+ if ((src == NULL) || (outputSize < 0)) { return -1; }
|
||||
|
||||
{ const BYTE* ip = (const BYTE*) src;
|
||||
const BYTE* const iend = ip + srcSize;
|
||||
BIN
lz4-1.9.2.tar.gz
BIN
lz4-1.9.2.tar.gz
Binary file not shown.
BIN
lz4-1.9.3.tar.gz
Normal file
BIN
lz4-1.9.3.tar.gz
Normal file
Binary file not shown.
27
lz4.spec
27
lz4.spec
@ -1,12 +1,13 @@
|
||||
Name: lz4
|
||||
Version: 1.9.2
|
||||
Release: 2
|
||||
Version: 1.9.3
|
||||
Release: 3
|
||||
Summary: Extremely fast compression algorithm
|
||||
|
||||
License: GPLv2+ and BSD
|
||||
URL: https://lz4.github.io/lz4/
|
||||
Source0: https://github.com/lz4/lz4/archive/v%{version}/%{name}-%{version}.tar.gz
|
||||
Patch6000: Fix-Data-Corruption-Bug-when-Streaming-with-an-Attac.patch
|
||||
Patch6000: Fix-Data-Corruption-Bug-when-Streaming-with-an-Attac.patch
|
||||
Patch6001: backport-CVE-2021-3520.patch
|
||||
|
||||
Provides: %{name}-libs = %{version}-%{release}
|
||||
Obsoletes: %{name} < 1.7.5-3
|
||||
@ -37,12 +38,15 @@ applications using liblz4 library.
|
||||
cp %{_builddir}/%{name}-%{version}/lib/LICENSE %{_builddir}/%{name}-%{version}/LICENSE-lib
|
||||
|
||||
%build
|
||||
export MOREFLAGS="-g"
|
||||
export MOREFLAGS="-g -D_FORTIFY_SOURCE=2 -O2"
|
||||
%make_build
|
||||
|
||||
%install
|
||||
%make_install LIBDIR=%{_libdir} PREFIX=%{_prefix}
|
||||
|
||||
%check
|
||||
make check
|
||||
|
||||
%post -p /sbin/ldconfig
|
||||
|
||||
%postun -p /sbin/ldconfig
|
||||
@ -68,6 +72,21 @@ export MOREFLAGS="-g"
|
||||
%{_mandir}/man1/unlz4.1*
|
||||
|
||||
%changelog
|
||||
* Tue Nov 14 2023 yanglongkang <yanglongkang@h-partners.com> - 1.9.3-3
|
||||
- revert version to 1.9.3
|
||||
|
||||
* Tue Oct 24 2023 yanglongkang <yanglongkang@h-partners.com> - 1.9.4-1
|
||||
- upgrade to 1.9.4-1
|
||||
|
||||
* Mon Jun 20 2022 renhongxun <renhongxun@h-partners.com> - 1.9.3-3
|
||||
- add _FORTIFY_SOURCE add enable check
|
||||
|
||||
* Sat Jun 19 2021 shixuantong <shixuantong@huawei.com> - 1.9.3-2
|
||||
- fix CVE-2021-3520
|
||||
|
||||
* Thu Jan 28 2021 liudabo <liudabo1@huawei.com> - 1.9.3-1
|
||||
- upgrade version to 1.9.3
|
||||
|
||||
* Mon Dec 23 2019 openEuler Buildteam <buildteam@openeuler.org> - 1.9.2-2
|
||||
- fix abort in oss-fuzz round_trip_stream_fuzzer.c
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user