rpms/lz4
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

base: rpms:c8
Branches Tags
rpms:c8
rpms:c8s
rpms:c10
rpms:c9s
rpms:c10s
rpms:c10s-gating
rpms:c9
rpms:c9-beta
rpms:c8-beta
rpms:imports/c8/lz4-1.8.3-5.el8_10
rpms:imports/c10/lz4-1.9.4-8.el10_0
rpms:imports/c10s/lz4-1.9.4-8.el10
rpms:imports/c10s/lz4-1.9.4-7.el10
rpms:imports/c9/lz4-1.9.3-5.el9
rpms:imports/c9-beta/lz4-1.9.3-5.el9
rpms:imports/c8-beta/lz4-1.8.3-3.el8_4
rpms:imports/c8-beta/lz4-1.8.3-2.el8
rpms:imports/c8-beta/lz4-1.8.1.2-4.el8
rpms:imports/c8s/lz4-1.8.3-3.el8
rpms:imports/c8s/lz4-1.8.3-2.el8
rpms:imports/c8/lz4-1.8.3-3.el8_4
rpms:imports/c8/lz4-1.8.3-2.el8
rpms:imports/c8/lz4-1.8.1.2-4.el8
..
compare: rpms:c10
Branches Tags
rpms:c8
rpms:c8s
rpms:c10
rpms:c9s
rpms:c10s
rpms:c10s-gating
rpms:c9
rpms:c9-beta
rpms:c8-beta
rpms:imports/c8/lz4-1.8.3-5.el8_10
rpms:imports/c10/lz4-1.9.4-8.el10_0
rpms:imports/c10s/lz4-1.9.4-8.el10
rpms:imports/c10s/lz4-1.9.4-7.el10
rpms:imports/c9/lz4-1.9.3-5.el9
rpms:imports/c9-beta/lz4-1.9.3-5.el9
rpms:imports/c8-beta/lz4-1.8.3-3.el8_4
rpms:imports/c8-beta/lz4-1.8.3-2.el8
rpms:imports/c8-beta/lz4-1.8.1.2-4.el8
rpms:imports/c8s/lz4-1.8.3-3.el8
rpms:imports/c8s/lz4-1.8.3-2.el8
rpms:imports/c8/lz4-1.8.3-3.el8_4
rpms:imports/c8/lz4-1.8.3-2.el8
rpms:imports/c8/lz4-1.8.1.2-4.el8

1 Commits
c8 ... c10

Author SHA1 Message Date
eabdullin
816da2306f import UBI lz4-1.9.4-8.el10 2025-05-14 17:23:56 +00:00
8 changed files with 77 additions and 183 deletions
Show Stats Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/lz4-1.8.3.tar.gz
lz4-1.9.4.tar.gz

1
.lz4.metadata
View File

@ -1 +0,0 @@
070867abcd93a7245b80ec6fc2ced27c6b8e3e0c SOURCES/lz4-1.8.3.tar.gz

22
SOURCES/cve-2019-17543-part1.patch
View File

@ -1,22 +0,0 @@
From 690009e2c2f9e5dcb0d40e7c0c40610ce6006eda Mon Sep 17 00:00:00 2001
From: Nick Terrell <terrelln@fb.com>
Date: Wed, 17 Jul 2019 11:07:24 -0700
Subject: [PATCH] [LZ4_compress_destSize] Allow 2 more bytes of match length
---
lib/lz4.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/lz4.c b/lib/lz4.c
index 5b03e3d08..1e80c9812 100644
--- a/lib/lz4.c
+++ b/lib/lz4.c
@@ -1016,7 +1016,7 @@ LZ4_FORCE_INLINE int LZ4_compress_generic(
return 0;
if (outputLimited == fillOutput) {
/* Match description too long : reduce it */
- U32 newMatchCode = 15 /* in token */ - 1 /* to avoid needing a zero byte */ + ((U32)(olimit - op) - 2 - 1 - LASTLITERALS) * 255;
+ U32 newMatchCode = 15 /* in token */ - 1 /* to avoid needing a zero byte */ + ((U32)(olimit - op) - 1 - LASTLITERALS) * 255;
ip -= matchCode - newMatchCode;
matchCode = newMatchCode;
}

79
SOURCES/cve-2019-17543-part2.patch
View File

@ -1,79 +0,0 @@
From 6bc6f836a18d1f8fd05c8fc2b42f1d800bc25de1 Mon Sep 17 00:00:00 2001
From: Nick Terrell <terrelln@fb.com>
Date: Wed, 17 Jul 2019 11:28:38 -0700
Subject: [PATCH] [LZ4_compress_destSize] Fix rare data corruption bug
---
lib/lz4.c | 30 ++++++++++++++++++++++++++++++
1 file changed, 30 insertions(+)
diff --git a/lib/lz4.c b/lib/lz4.c
index 1e80c9812..461644da0 100644
--- a/lib/lz4.c
+++ b/lib/lz4.c
@@ -648,6 +648,18 @@ LZ4_FORCE_INLINE U32 LZ4_hashPosition(const void* const p, tableType_t const tab
return LZ4_hash4(LZ4_read32(p), tableType);
}
+static void LZ4_clearHash(U32 h, void* tableBase, tableType_t const tableType)
+{
+ switch (tableType)
+ {
+ default: /* fallthrough */
+ case clearedTable: { /* illegal! */ assert(0); return; }
+ case byPtr: { const BYTE** hashTable = (const BYTE**)tableBase; hashTable[h] = NULL; return; }
+ case byU32: { U32* hashTable = (U32*) tableBase; hashTable[h] = 0; return; }
+ case byU16: { U16* hashTable = (U16*) tableBase; hashTable[h] = 0; return; }
+ }
+}
+
static void LZ4_putIndexOnHash(U32 idx, U32 h, void* tableBase, tableType_t const tableType)
{
switch (tableType)
@@ -848,6 +860,7 @@ LZ4_FORCE_INLINE int LZ4_compress_generic(
for ( ; ; ) {
const BYTE* match;
BYTE* token;
+ const BYTE* filledIp;
/* Find a match */
if (tableType == byPtr) {
@@ -934,6 +947,7 @@ LZ4_FORCE_INLINE int LZ4_compress_generic(
}
/* Catch up */
+ filledIp = ip;
while (((ip>anchor) & (match > lowLimit)) && (unlikely(ip[-1]==match[-1]))) { ip--; match--; }
/* Encode Literals */
@@ -1018,7 +1032,21 @@ LZ4_FORCE_INLINE int LZ4_compress_generic(
/* Match description too long : reduce it */
U32 newMatchCode = 15 /* in token */ - 1 /* to avoid needing a zero byte */ + ((U32)(olimit - op) - 1 - LASTLITERALS) * 255;
ip -= matchCode - newMatchCode;
+ assert(newMatchCode < matchCode);
matchCode = newMatchCode;
+ if (unlikely(ip < filledIp)) {
+ /* We have already filled up to filledIp so if ip ends up less than filledIp
+ * we have positions in the hash table beyond the current position. This is
+ * a problem if we reuse the hash table. So we have to remove these positions
+ * from the hash table.
+ */
+ const BYTE* ptr;
+ DEBUGLOG(5, "Clearing %u positions", (U32)(filledIp - ip));
+ for (ptr = ip; ptr <= filledIp; ++ptr) {
+ U32 const h = LZ4_hashPosition(ptr, tableType);
+ LZ4_clearHash(h, cctx->hashTable, tableType);
+ }
+ }
}
}
if (matchCode >= ML_MASK) {
@@ -1038,6 +1066,8 @@ LZ4_FORCE_INLINE int LZ4_compress_generic(
} else
*token += (BYTE)(matchCode);
}
+ /* Ensure we have enough space for the last literals. */
+ assert(!(outputLimited == fillOutput && op + 1 + LASTLITERALS > olimit));
anchor = ip;

22
SOURCES/cve-2019-17543-part3.patch
View File

@ -1,22 +0,0 @@
From 13a2d9e34ffc4170720ce417c73e396d0ac1471a Mon Sep 17 00:00:00 2001
From: Nick Terrell <terrelln@fb.com>
Date: Wed, 17 Jul 2019 11:50:47 -0700
Subject: [PATCH] [LZ4_compress_destSize] Fix overflow condition
---
lib/lz4.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/lz4.c b/lib/lz4.c
index 461644da0..74a9247ec 100644
--- a/lib/lz4.c
+++ b/lib/lz4.c
@@ -1027,7 +1027,7 @@ LZ4_FORCE_INLINE int LZ4_compress_generic(
}
if ((outputLimited) && /* Check output buffer overflow */
- (unlikely(op + (1 + LASTLITERALS) + (matchCode>>8) > olimit)) ) {
+ (unlikely(op + (1 + LASTLITERALS) + (matchCode+240)/255 > olimit)) ) {
if (outputLimited == limitedOutput)
return 0;
if (outputLimited == fillOutput) {

24
SOURCES/lz4-cve-2021-3520.patch
View File

@ -1,24 +0,0 @@
From 97f58e5fe5ff44fc9f7c86f6f67a11223379e640 Mon Sep 17 00:00:00 2001
From: Jakub Martisko <jamartis@redhat.com>
Date: Fri, 7 May 2021 13:08:24 +0200
Subject: [PATCH] Fix: cve-2021-3520
---
lib/lz4.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/lib/lz4.c b/lib/lz4.c
index 4046102..c18c1f6 100644
--- a/lib/lz4.c
+++ b/lib/lz4.c
@@ -1437,6 +1437,7 @@ LZ4_decompress_generic(
/* Special cases */
assert(lowPrefix <= op);
assert(src != NULL);
+ if (outputSize < 0) {return -1;};
if ((endOnInput) && (unlikely(outputSize==0))) return ((srcSize==1) && (*ip==0)) ? 0 : -1; /* Empty output buffer */
if ((!endOnInput) && (unlikely(outputSize==0))) return (*ip==0 ? 1 : -1);
if ((endOnInput) && unlikely(srcSize==0)) return -1;
--
2.30.1

109
SPECS/lz4.spec → lz4.spec
View File

@ -1,18 +1,19 @@
%global _vpath_srcdir contrib/meson
Name: lz4
Version: 1.8.3
Release: 5%{?dist}
Version: 1.9.4
Release: 8%{?dist}
Summary: Extremely fast compression algorithm
License: GPLv2+ and BSD
License: GPL-2.0-or-later AND BSD-2-Clause
URL: https://lz4.github.io/lz4/
Source0: https://github.com/Cyan4973/lz4/archive/v%{version}/%{name}-%{version}.tar.gz
Source0: https://github.com/lz4/lz4/archive/v%{version}/%{name}-%{version}.tar.gz
Obsoletes: %{name} < 1.7.5-3
Patch1: lz4-cve-2021-3520.patch
Patch2: cve-2019-17543-part1.patch
Patch3: cve-2019-17543-part2.patch
Patch4: cve-2019-17543-part3.patch
BuildRequires: make
BuildRequires: gcc
BuildRequires: meson >= 0.43
%description
LZ4 is an extremely fast loss-less compression algorithm, providing compression
@ -43,20 +44,17 @@ LZ4 is an extremely fast loss-less compression algorithm. This package
contains static libraries for static linking of applications.
%prep
%autosetup -p1
echo '#!/bin/sh' > ./configure
chmod +x ./configure
%autosetup
%build
%configure
%make_build
%meson \
-Dprograms=true \
-Ddefault_library=both \
%{nil}
%meson_build
%install
%configure
# Someone thinks that plain Makefiles are good for bigger projects than hello world..
%make_install LIBDIR=%{_libdir} PREFIX=%{_prefix}
%ldconfig_scriptlets libs
%meson_install
%files
%license programs/COPYING
@ -84,26 +82,69 @@ chmod +x ./configure
%{_libdir}/liblz4.a
%changelog
* Fri Jun 20 2025 Jakub Martisko <jamartis@redhat.com> - 1.8.3-5
- Fix a renamed variable in one of the patches
- Since the variable was used in an assert, the regular build did not fail, but the QA builds did.
- Related: RHEL-87362
* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 1.9.4-8
- Bump release for October 2024 mass rebuild:
Resolves: RHEL-64018
* Thu Jun 19 2025 Jakub Martisko <jamartis@redhat.com> - 1.8.3-4
- Fix CVE-2019-17543
- Resolves: RHEL-87362
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 1.9.4-7
- Bump release for June 2024 mass rebuild
* Fri May 07 2021 Jakub Martisko <jamartis@redhat.com> - 1.8.3-3
- Fix memory corruption due to an integer overflow
_ Resolves: CVE-2021-3520
* Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.4-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Tue May 26 2020 Jakub Martisko <jamartis@redhat.com> - 1.8.3-2
- Rebuilding with the new gating tests
- Related: 1840046
* Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.4-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Mon Apr 06 2020 Jakub Martisko <jamartis@redhat.com> - 1.8.3-1
- Rebase to 1.8.3
- Resolves: #1821237
* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.4-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Thu Apr 13 2023 Lukáš Zaoral <lzaoral@redhat.com> - 1.9.4-3
- migrate to SPDX license format
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Wed Aug 17 2022 Timothée Ravier <tim@siosm.fr> - 1.9.4-1
- Update to 1.9.4 (fedora#2118499)
* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.3-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.3-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Wed Jan 06 2021 Timothée Ravier <travier@redhat.com> - 1.9.3-1
- Update to 1.9.3 and switch to Meson
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Wed Aug 14 2019 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1.9.1-1
- Update to 1.9.1
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Mon Oct 29 2018 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 1.8.3-1
- Update to latest version
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Sat May 12 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1.8.2-1
- Update to 1.8.2
* Fri Feb 09 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1.8.1.2-4
- Escape macros in %%changelog

1
sources Normal file
View File

@ -0,0 +1 @@
SHA512 (lz4-1.9.4.tar.gz) = 043a9acb2417624019d73db140d83b80f1d7c43a6fd5be839193d68df8fd0b3f610d7ed4d628c2a9184f7cde9a0fd1ba9d075d8251298e3eb4b3a77f52736684