Compare commits
No commits in common. "a7b7e9b1e6ea7c995218e2ad6158c8753ea48fff" and "1913427d68a14f300e63d66a0cbe04fbd080f0e5" have entirely different histories.
a7b7e9b1e6
...
1913427d68
@ -1,22 +0,0 @@
|
||||
From 8301a21773ef61656225e264f4f06ae14462bca7 Mon Sep 17 00:00:00 2001
|
||||
From: Jasper Lievisse Adriaanse <j@jasper.la>
|
||||
Date: Fri, 26 Feb 2021 15:21:20 +0100
|
||||
Subject: [PATCH] Fix potential memory corruption with negative memmove() size
|
||||
|
||||
---
|
||||
lib/lz4.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/lib/lz4.c b/lib/lz4.c
|
||||
index 5f524d01d..c2f504ef3 100644
|
||||
--- a/lib/lz4.c
|
||||
+++ b/lib/lz4.c
|
||||
@@ -1749,7 +1749,7 @@ LZ4_decompress_generic(
|
||||
const size_t dictSize /* note : = 0 if noDict */
|
||||
)
|
||||
{
|
||||
- if (src == NULL) { return -1; }
|
||||
+ if ((src == NULL) || (outputSize < 0)) { return -1; }
|
||||
|
||||
{ const BYTE* ip = (const BYTE*) src;
|
||||
const BYTE* const iend = ip + srcSize;
|
||||
BIN
lz4-1.9.2.tar.gz
Normal file
BIN
lz4-1.9.2.tar.gz
Normal file
Binary file not shown.
BIN
lz4-1.9.3.tar.gz
BIN
lz4-1.9.3.tar.gz
Binary file not shown.
27
lz4.spec
27
lz4.spec
@ -1,13 +1,12 @@
|
||||
Name: lz4
|
||||
Version: 1.9.3
|
||||
Release: 3
|
||||
Version: 1.9.2
|
||||
Release: 2
|
||||
Summary: Extremely fast compression algorithm
|
||||
|
||||
License: GPLv2+ and BSD
|
||||
URL: https://lz4.github.io/lz4/
|
||||
Source0: https://github.com/lz4/lz4/archive/v%{version}/%{name}-%{version}.tar.gz
|
||||
Patch6000: Fix-Data-Corruption-Bug-when-Streaming-with-an-Attac.patch
|
||||
Patch6001: backport-CVE-2021-3520.patch
|
||||
Patch6000: Fix-Data-Corruption-Bug-when-Streaming-with-an-Attac.patch
|
||||
|
||||
Provides: %{name}-libs = %{version}-%{release}
|
||||
Obsoletes: %{name} < 1.7.5-3
|
||||
@ -38,15 +37,12 @@ applications using liblz4 library.
|
||||
cp %{_builddir}/%{name}-%{version}/lib/LICENSE %{_builddir}/%{name}-%{version}/LICENSE-lib
|
||||
|
||||
%build
|
||||
export MOREFLAGS="-g -D_FORTIFY_SOURCE=2 -O2"
|
||||
export MOREFLAGS="-g"
|
||||
%make_build
|
||||
|
||||
%install
|
||||
%make_install LIBDIR=%{_libdir} PREFIX=%{_prefix}
|
||||
|
||||
%check
|
||||
make check
|
||||
|
||||
%post -p /sbin/ldconfig
|
||||
|
||||
%postun -p /sbin/ldconfig
|
||||
@ -72,21 +68,6 @@ make check
|
||||
%{_mandir}/man1/unlz4.1*
|
||||
|
||||
%changelog
|
||||
* Tue Nov 14 2023 yanglongkang <yanglongkang@h-partners.com> - 1.9.3-3
|
||||
- revert version to 1.9.3
|
||||
|
||||
* Tue Oct 24 2023 yanglongkang <yanglongkang@h-partners.com> - 1.9.4-1
|
||||
- upgrade to 1.9.4-1
|
||||
|
||||
* Mon Jun 20 2022 renhongxun <renhongxun@h-partners.com> - 1.9.3-3
|
||||
- add _FORTIFY_SOURCE add enable check
|
||||
|
||||
* Sat Jun 19 2021 shixuantong <shixuantong@huawei.com> - 1.9.3-2
|
||||
- fix CVE-2021-3520
|
||||
|
||||
* Thu Jan 28 2021 liudabo <liudabo1@huawei.com> - 1.9.3-1
|
||||
- upgrade version to 1.9.3
|
||||
|
||||
* Mon Dec 23 2019 openEuler Buildteam <buildteam@openeuler.org> - 1.9.2-2
|
||||
- fix abort in oss-fuzz round_trip_stream_fuzzer.c
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user