lz4: upgrade 1.9.3 -> 1.9.4

CVE-2021-3520.patch removed since it's included in 1.9.4 License-Update: Copyright year updated to 2020 description of 3rd party applications changed (From OE-Core rev: f95c66050bc69af7769d1868b0118cefb24e5b0d) Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: wangmy <wangmy@fujitsu.com> 2022-08-30 12:11:52 +0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2022-09-01 10:14:01 +0100
commit: 21bd9f18405ab201322d12d151dc42279d39a0b3 (patch)
tree: 00a36a443c1ba281ce7ff636d1794cbe0f6d476f
parent: 28e5e1ebdd8a6f8b9be91c3b028da3ad722d9729 (diff)
download: poky-21bd9f18405ab201322d12d151dc42279d39a0b3.tar.gz
2 files changed, 4 insertions, 33 deletions
diff --git a/meta/recipes-support/lz4/files/CVE-2021-3520.patch b/meta/recipes-support/lz4/files/CVE-2021-3520.patch
deleted file mode 100644
index 5ac8f6691f..0000000000
--- a/meta/recipes-support/lz4/files/CVE-2021-3520.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From 8301a21773ef61656225e264f4f06ae14462bca7 Mon Sep 17 00:00:00 2001
-From: Jasper Lievisse Adriaanse <j@jasper.la>
-Date: Fri, 26 Feb 2021 15:21:20 +0100
-Subject: [PATCH] Fix potential memory corruption with negative memmove() size
-Upstream-Status: Backport
-https://github.com/lz4/lz4/commit/8301a21773ef61656225e264f4f06ae14462bca7#diff-7055e9cf14c488aea9837aaf9f528b58ee3c22988d7d0d81d172ec62d94a88a7
-CVE: CVE-2021-3520
-Signed-off-by: Armin Kuster <akuster@mvista.com>
---
- lib/lz4.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-Index: git/lib/lz4.c
-===================================================================
--- git.orig/lib/lz4.c
-+++ git/lib/lz4.c
-@@ -1665,7 +1665,7 @@ LZ4_decompress_generic(
-                  const size_t dictSize         /* note : = 0 if noDict */
-                  )
- {
-    if (src == NULL) { return -1; }
-+    if ((src == NULL) || (outputSize < 0)) { return -1; }
- 
-     {   const BYTE* ip = (const BYTE*) src;
-         const BYTE* const iend = ip + srcSize;
diff --git a/meta/recipes-support/lz4/lz4_1.9.3.bb b/meta/recipes-support/lz4/lz4_1.9.4.bb
index 129a86b681..a2a178bab5 100644
--- a/meta/recipes-support/lz4/lz4_1.9.3.bb
+++ b/meta/recipes-support/lz4/lz4_1.9.4.bb
@@ -3,18 +3,16 @@ DESCRIPTION = "LZ4 is a very fast lossless compression algorithm, providing comp
 HOMEPAGE = "https://github.com/lz4/lz4"
 LICENSE = "BSD-2-Clause | GPL-2.0-only"
-LIC_FILES_CHKSUM = "file://lib/LICENSE;md5=ebc2ea4814a64de7708f1571904b32cc \
+LIC_FILES_CHKSUM = "file://lib/LICENSE;md5=5cd5f851b52ec832b10eedb3f01f885a \
                    file://programs/COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
-                    file://LICENSE;md5=d57c0d21cb917fb4e0af2454aa48b956 \
+                    file://LICENSE;md5=c5cc3cd6f9274b4d32988096df9c3ec3 \
                    "
 PE = "1"
-SRCREV = "d44371841a2f1728a3f36839fd4b7e872d0927d3"
+SRCREV = "5ff839680134437dbf4678f3d0c7b371d84f4964"
-SRC_URI = "git://github.com/lz4/lz4.git;branch=release;protocol=https \
+SRC_URI = "git://github.com/lz4/lz4.git;branch=release;protocol=https"
-           file://CVE-2021-3520.patch \
-           "
 UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>.*)"
 S = "${WORKDIR}/git"
author	wangmy <wangmy@fujitsu.com>	2022-08-30 12:11:52 +0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2022-09-01 10:14:01 +0100
commit	21bd9f18405ab201322d12d151dc42279d39a0b3 (patch)
tree	00a36a443c1ba281ce7ff636d1794cbe0f6d476f
parent	28e5e1ebdd8a6f8b9be91c3b028da3ad722d9729 (diff)
download	poky-21bd9f18405ab201322d12d151dc42279d39a0b3.tar.gz

diff --git a/meta/recipes-support/lz4/files/CVE-2021-3520.patch b/meta/recipes-support/lz4/files/CVE-2021-3520.patch deleted file mode 100644 index 5ac8f6691f..0000000000 --- a/meta/recipes-support/lz4/files/CVE-2021-3520.patch +++ /dev/null
@@ -1,27 +0,0 @@
1	From 8301a21773ef61656225e264f4f06ae14462bca7 Mon Sep 17 00:00:00 2001
2	From: Jasper Lievisse Adriaanse <j@jasper.la>
3	Date: Fri, 26 Feb 2021 15:21:20 +0100
4	Subject: [PATCH] Fix potential memory corruption with negative memmove() size
5
6	Upstream-Status: Backport
7	https://github.com/lz4/lz4/commit/8301a21773ef61656225e264f4f06ae14462bca7#diff-7055e9cf14c488aea9837aaf9f528b58ee3c22988d7d0d81d172ec62d94a88a7
8	CVE: CVE-2021-3520
9	Signed-off-by: Armin Kuster <akuster@mvista.com>
10
11	---
12	lib/lz4.c \| 2 +-
13	1 file changed, 1 insertion(+), 1 deletion(-)
14
15	Index: git/lib/lz4.c
16	===================================================================
17	--- git.orig/lib/lz4.c
18	+++ git/lib/lz4.c
19	@@ -1665,7 +1665,7 @@ LZ4_decompress_generic(
20	const size_t dictSize /* note : = 0 if noDict */
21	)
22	{
23	- if (src == NULL) { return -1; }
24	+ if ((src == NULL) \|\| (outputSize < 0)) { return -1; }
25
26	{ const BYTE* ip = (const BYTE*) src;
27	const BYTE* const iend = ip + srcSize;


diff --git a/meta/recipes-support/lz4/lz4_1.9.3.bb b/meta/recipes-support/lz4/lz4_1.9.4.bb index 129a86b681..a2a178bab5 100644 --- a/meta/recipes-support/lz4/lz4_1.9.3.bb +++ b/meta/recipes-support/lz4/lz4_1.9.4.bb
@@ -3,18 +3,16 @@ DESCRIPTION = "LZ4 is a very fast lossless compression algorithm, providing comp
3	HOMEPAGE = "https://github.com/lz4/lz4"	3	HOMEPAGE = "https://github.com/lz4/lz4"
4		4
5	LICENSE = "BSD-2-Clause \| GPL-2.0-only"	5	LICENSE = "BSD-2-Clause \| GPL-2.0-only"
6	LIC_FILES_CHKSUM = "file://lib/LICENSE;md5=ebc2ea4814a64de7708f1571904b32cc \	6	LIC_FILES_CHKSUM = "file://lib/LICENSE;md5=5cd5f851b52ec832b10eedb3f01f885a \
7	file://programs/COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \	7	file://programs/COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
8	file://LICENSE;md5=d57c0d21cb917fb4e0af2454aa48b956 \	8	file://LICENSE;md5=c5cc3cd6f9274b4d32988096df9c3ec3 \
9	"	9	"
10		10
11	PE = "1"	11	PE = "1"
12		12
13	SRCREV = "d44371841a2f1728a3f36839fd4b7e872d0927d3"	13	SRCREV = "5ff839680134437dbf4678f3d0c7b371d84f4964"
14		14
15	SRC_URI = "git://github.com/lz4/lz4.git;branch=release;protocol=https \	15	SRC_URI = "git://github.com/lz4/lz4.git;branch=release;protocol=https"
16	file://CVE-2021-3520.patch \
17	"
18	UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>.*)"	16	UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>.*)"
19		17
20	S = "${WORKDIR}/git"	18	S = "${WORKDIR}/git"