diff options
Diffstat (limited to 'poky/meta/recipes-support/lz4')
-rw-r--r-- | poky/meta/recipes-support/lz4/files/CVE-2021-3520.patch | 27 | ||||
-rw-r--r-- | poky/meta/recipes-support/lz4/lz4_1.9.4.bb (renamed from poky/meta/recipes-support/lz4/lz4_1.9.3.bb) | 10 |
2 files changed, 4 insertions, 33 deletions
diff --git a/poky/meta/recipes-support/lz4/files/CVE-2021-3520.patch b/poky/meta/recipes-support/lz4/files/CVE-2021-3520.patch deleted file mode 100644 index 5ac8f6691f..0000000000 --- a/poky/meta/recipes-support/lz4/files/CVE-2021-3520.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 8301a21773ef61656225e264f4f06ae14462bca7 Mon Sep 17 00:00:00 2001 -From: Jasper Lievisse Adriaanse <j@jasper.la> -Date: Fri, 26 Feb 2021 15:21:20 +0100 -Subject: [PATCH] Fix potential memory corruption with negative memmove() size - -Upstream-Status: Backport -https://github.com/lz4/lz4/commit/8301a21773ef61656225e264f4f06ae14462bca7#diff-7055e9cf14c488aea9837aaf9f528b58ee3c22988d7d0d81d172ec62d94a88a7 -CVE: CVE-2021-3520 -Signed-off-by: Armin Kuster <akuster@mvista.com> - ---- - lib/lz4.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -Index: git/lib/lz4.c -=================================================================== ---- git.orig/lib/lz4.c -+++ git/lib/lz4.c -@@ -1665,7 +1665,7 @@ LZ4_decompress_generic( - const size_t dictSize /* note : = 0 if noDict */ - ) - { -- if (src == NULL) { return -1; } -+ if ((src == NULL) || (outputSize < 0)) { return -1; } - - { const BYTE* ip = (const BYTE*) src; - const BYTE* const iend = ip + srcSize; diff --git a/poky/meta/recipes-support/lz4/lz4_1.9.3.bb b/poky/meta/recipes-support/lz4/lz4_1.9.4.bb index 129a86b681..a2a178bab5 100644 --- a/poky/meta/recipes-support/lz4/lz4_1.9.3.bb +++ b/poky/meta/recipes-support/lz4/lz4_1.9.4.bb @@ -3,18 +3,16 @@ DESCRIPTION = "LZ4 is a very fast lossless compression algorithm, providing comp HOMEPAGE = "https://github.com/lz4/lz4" LICENSE = "BSD-2-Clause | GPL-2.0-only" -LIC_FILES_CHKSUM = "file://lib/LICENSE;md5=ebc2ea4814a64de7708f1571904b32cc \ +LIC_FILES_CHKSUM = "file://lib/LICENSE;md5=5cd5f851b52ec832b10eedb3f01f885a \ file://programs/COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ - file://LICENSE;md5=d57c0d21cb917fb4e0af2454aa48b956 \ + file://LICENSE;md5=c5cc3cd6f9274b4d32988096df9c3ec3 \ " PE = "1" -SRCREV = "d44371841a2f1728a3f36839fd4b7e872d0927d3" +SRCREV = "5ff839680134437dbf4678f3d0c7b371d84f4964" -SRC_URI = "git://github.com/lz4/lz4.git;branch=release;protocol=https \ - file://CVE-2021-3520.patch \ - " +SRC_URI = "git://github.com/lz4/lz4.git;branch=release;protocol=https" UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>.*)" S = "${WORKDIR}/git" |