diff options
Diffstat (limited to 'meta/recipes-support/lz4')
-rw-r--r-- | meta/recipes-support/lz4/files/CVE-2021-3520.patch | 27 | ||||
-rw-r--r-- | meta/recipes-support/lz4/lz4_1.9.2.bb | 10 |
2 files changed, 35 insertions, 2 deletions
diff --git a/meta/recipes-support/lz4/files/CVE-2021-3520.patch b/meta/recipes-support/lz4/files/CVE-2021-3520.patch new file mode 100644 index 0000000000..5ac8f6691f --- /dev/null +++ b/meta/recipes-support/lz4/files/CVE-2021-3520.patch | |||
@@ -0,0 +1,27 @@ | |||
1 | From 8301a21773ef61656225e264f4f06ae14462bca7 Mon Sep 17 00:00:00 2001 | ||
2 | From: Jasper Lievisse Adriaanse <j@jasper.la> | ||
3 | Date: Fri, 26 Feb 2021 15:21:20 +0100 | ||
4 | Subject: [PATCH] Fix potential memory corruption with negative memmove() size | ||
5 | |||
6 | Upstream-Status: Backport | ||
7 | https://github.com/lz4/lz4/commit/8301a21773ef61656225e264f4f06ae14462bca7#diff-7055e9cf14c488aea9837aaf9f528b58ee3c22988d7d0d81d172ec62d94a88a7 | ||
8 | CVE: CVE-2021-3520 | ||
9 | Signed-off-by: Armin Kuster <akuster@mvista.com> | ||
10 | |||
11 | --- | ||
12 | lib/lz4.c | 2 +- | ||
13 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
14 | |||
15 | Index: git/lib/lz4.c | ||
16 | =================================================================== | ||
17 | --- git.orig/lib/lz4.c | ||
18 | +++ git/lib/lz4.c | ||
19 | @@ -1665,7 +1665,7 @@ LZ4_decompress_generic( | ||
20 | const size_t dictSize /* note : = 0 if noDict */ | ||
21 | ) | ||
22 | { | ||
23 | - if (src == NULL) { return -1; } | ||
24 | + if ((src == NULL) || (outputSize < 0)) { return -1; } | ||
25 | |||
26 | { const BYTE* ip = (const BYTE*) src; | ||
27 | const BYTE* const iend = ip + srcSize; | ||
diff --git a/meta/recipes-support/lz4/lz4_1.9.2.bb b/meta/recipes-support/lz4/lz4_1.9.2.bb index 455d2a5141..bc11a57eb5 100644 --- a/meta/recipes-support/lz4/lz4_1.9.2.bb +++ b/meta/recipes-support/lz4/lz4_1.9.2.bb | |||
@@ -1,5 +1,6 @@ | |||
1 | SUMMARY = "Extremely Fast Compression algorithm" | 1 | SUMMARY = "Extremely Fast Compression algorithm" |
2 | DESCRIPTION = "LZ4 is a very fast lossless compression algorithm, providing compression speed at 400 MB/s per core, scalable with multi-cores CPU. It also features an extremely fast decoder, with speed in multiple GB/s per core, typically reaching RAM speed limits on multi-core systems." | 2 | DESCRIPTION = "LZ4 is a very fast lossless compression algorithm, providing compression speed at 400 MB/s per core, scalable with multi-cores CPU. It also features an extremely fast decoder, with speed in multiple GB/s per core, typically reaching RAM speed limits on multi-core systems." |
3 | HOMEPAGE = "https://github.com/lz4/lz4" | ||
3 | 4 | ||
4 | LICENSE = "BSD | BSD-2-Clause | GPL-2.0" | 5 | LICENSE = "BSD | BSD-2-Clause | GPL-2.0" |
5 | LIC_FILES_CHKSUM = "file://lib/LICENSE;md5=ebc2ea4814a64de7708f1571904b32cc \ | 6 | LIC_FILES_CHKSUM = "file://lib/LICENSE;md5=ebc2ea4814a64de7708f1571904b32cc \ |
@@ -11,8 +12,13 @@ PE = "1" | |||
11 | 12 | ||
12 | SRCREV = "fdf2ef5809ca875c454510610764d9125ef2ebbd" | 13 | SRCREV = "fdf2ef5809ca875c454510610764d9125ef2ebbd" |
13 | 14 | ||
14 | SRC_URI = "git://github.com/lz4/lz4.git;branch=dev \ | 15 | # remove at next version upgrade or when output changes |
16 | PR = "r1" | ||
17 | HASHEQUIV_HASH_VERSION .= ".1" | ||
18 | |||
19 | SRC_URI = "git://github.com/lz4/lz4.git;branch=dev;protocol=https \ | ||
15 | file://run-ptest \ | 20 | file://run-ptest \ |
21 | file://CVE-2021-3520.patch \ | ||
16 | " | 22 | " |
17 | UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>.*)" | 23 | UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>.*)" |
18 | 24 | ||
@@ -21,7 +27,7 @@ S = "${WORKDIR}/git" | |||
21 | # Fixed in r118, which is larger than the current version. | 27 | # Fixed in r118, which is larger than the current version. |
22 | CVE_CHECK_WHITELIST += "CVE-2014-4715" | 28 | CVE_CHECK_WHITELIST += "CVE-2014-4715" |
23 | 29 | ||
24 | EXTRA_OEMAKE = "PREFIX=${prefix} CC='${CC}' DESTDIR=${D} LIBDIR=${libdir} INCLUDEDIR=${includedir} BUILD_STATIC=no" | 30 | EXTRA_OEMAKE = "PREFIX=${prefix} CC='${CC}' CFLAGS='${CFLAGS}' DESTDIR=${D} LIBDIR=${libdir} INCLUDEDIR=${includedir} BUILD_STATIC=no" |
25 | 31 | ||
26 | do_install() { | 32 | do_install() { |
27 | oe_runmake install | 33 | oe_runmake install |