diff options
| author |   wangmy <wangmy@fujitsu.com> | 2022-08-30 12:11:52 +0800 |
|---|---|---|
| committer |   Steve Sakoman <steve@sakoman.com> | 2022-09-06 07:10:59 -1000 |
| commit | 8883d3992078ae24c2601ebf844223fa6e056ded (patch) | |
| tree | b539263e1c1ab943d30b909aefcfbcc3eb6f4c5d | |
| parent | 8bcf5d5885abbc405f17a56027aa19f826dcdb71 (diff) | |
| download | openembedded-core-8883d3992078ae24c2601ebf844223fa6e056ded.tar.gz | |
lz4: upgrade 1.9.3 -> 1.9.4
CVE-2021-3520.patch
removed since it's included in 1.9.4
License-Update:
Copyright year updated to 2020
description of 3rd party applications changed
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit f95c66050bc69af7769d1868b0118cefb24e5b0d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
| -rw-r--r-- | meta/recipes-support/lz4/files/CVE-2021-3520.patch | 27 | ||||
| -rw-r--r-- | meta/recipes-support/lz4/lz4_1.9.4.bb (renamed from meta/recipes-support/lz4/lz4_1.9.3.bb) | 10 |
2 files changed, 4 insertions, 33 deletions
diff --git a/meta/recipes-support/lz4/files/CVE-2021-3520.patch b/meta/recipes-support/lz4/files/CVE-2021-3520.patch deleted file mode 100644 index 5ac8f6691f..0000000000 --- a/meta/recipes-support/lz4/files/CVE-2021-3520.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 8301a21773ef61656225e264f4f06ae14462bca7 Mon Sep 17 00:00:00 2001 -From: Jasper Lievisse Adriaanse <j@jasper.la> -Date: Fri, 26 Feb 2021 15:21:20 +0100 -Subject: [PATCH] Fix potential memory corruption with negative memmove() size - -Upstream-Status: Backport -https://github.com/lz4/lz4/commit/8301a21773ef61656225e264f4f06ae14462bca7#diff-7055e9cf14c488aea9837aaf9f528b58ee3c22988d7d0d81d172ec62d94a88a7 -CVE: CVE-2021-3520 -Signed-off-by: Armin Kuster <akuster@mvista.com> - ---- - lib/lz4.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -Index: git/lib/lz4.c -=================================================================== ---- git.orig/lib/lz4.c -+++ git/lib/lz4.c -@@ -1665,7 +1665,7 @@ LZ4_decompress_generic( - const size_t dictSize /* note : = 0 if noDict */ - ) - { -- if (src == NULL) { return -1; } -+ if ((src == NULL) || (outputSize < 0)) { return -1; } - - { const BYTE* ip = (const BYTE*) src; - const BYTE* const iend = ip + srcSize; diff --git a/meta/recipes-support/lz4/lz4_1.9.3.bb b/meta/recipes-support/lz4/lz4_1.9.4.bb index 129a86b681..a2a178bab5 100644 --- a/meta/recipes-support/lz4/lz4_1.9.3.bb +++ b/meta/recipes-support/lz4/lz4_1.9.4.bb @@ -3,18 +3,16 @@ DESCRIPTION = "LZ4 is a very fast lossless compression algorithm, providing comp HOMEPAGE = "https://github.com/lz4/lz4" LICENSE = "BSD-2-Clause | GPL-2.0-only" -LIC_FILES_CHKSUM = "file://lib/LICENSE;md5=ebc2ea4814a64de7708f1571904b32cc \ +LIC_FILES_CHKSUM = "file://lib/LICENSE;md5=5cd5f851b52ec832b10eedb3f01f885a \ file://programs/COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ - file://LICENSE;md5=d57c0d21cb917fb4e0af2454aa48b956 \ + file://LICENSE;md5=c5cc3cd6f9274b4d32988096df9c3ec3 \ " PE = "1" -SRCREV = "d44371841a2f1728a3f36839fd4b7e872d0927d3" +SRCREV = "5ff839680134437dbf4678f3d0c7b371d84f4964" -SRC_URI = "git://github.com/lz4/lz4.git;branch=release;protocol=https \ - file://CVE-2021-3520.patch \ - " +SRC_URI = "git://github.com/lz4/lz4.git;branch=release;protocol=https" UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>.*)" S = "${WORKDIR}/git" |