7 changed files with 174 additions and 68 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-SOURCES/lz4-1.9.3.tar.gz
+SOURCES/lz4-1.8.3.tar.gz
--- a/.lz4.metadata
+++ b/.lz4.metadata
@ -1 +1 @@
-5a19554ef404a609123b756ddcbbb677df838f05 SOURCES/lz4-1.9.3.tar.gz
+070867abcd93a7245b80ec6fc2ced27c6b8e3e0c SOURCES/lz4-1.8.3.tar.gz
--- a/SOURCES/cve-2019-17543-part1.patch
+++ b/SOURCES/cve-2019-17543-part1.patch
@ -0,0 +1,22 @@
+From 690009e2c2f9e5dcb0d40e7c0c40610ce6006eda Mon Sep 17 00:00:00 2001
+From: Nick Terrell <terrelln@fb.com>
+Date: Wed, 17 Jul 2019 11:07:24 -0700
+Subject: [PATCH] [LZ4_compress_destSize] Allow 2 more bytes of match length
+
+---
+ lib/lz4.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/lz4.c b/lib/lz4.c
+index 5b03e3d08..1e80c9812 100644
+--- a/lib/lz4.c
+++ b/lib/lz4.c
+@@ -1016,7 +1016,7 @@ LZ4_FORCE_INLINE int LZ4_compress_generic(
+                   return 0;
+                 if (outputLimited == fillOutput) {
+                     /* Match description too long : reduce it */
+-                    U32 newMatchCode = 15 /* in token */ - 1 /* to avoid needing a zero byte */ + ((U32)(olimit - op) - 2 - 1 - LASTLITERALS) * 255;
+                    U32 newMatchCode = 15 /* in token */ - 1 /* to avoid needing a zero byte */ + ((U32)(olimit - op) - 1 - LASTLITERALS) * 255;
+                     ip -= matchCode - newMatchCode;
+                     matchCode = newMatchCode;
+                 }
--- a/SOURCES/cve-2019-17543-part2.patch
+++ b/SOURCES/cve-2019-17543-part2.patch
@ -0,0 +1,79 @@
+From 6bc6f836a18d1f8fd05c8fc2b42f1d800bc25de1 Mon Sep 17 00:00:00 2001
+From: Nick Terrell <terrelln@fb.com>
+Date: Wed, 17 Jul 2019 11:28:38 -0700
+Subject: [PATCH] [LZ4_compress_destSize] Fix rare data corruption bug
+
+---
+ lib/lz4.c | 30 ++++++++++++++++++++++++++++++
+ 1 file changed, 30 insertions(+)
+
+diff --git a/lib/lz4.c b/lib/lz4.c
+index 1e80c9812..461644da0 100644
+--- a/lib/lz4.c
+++ b/lib/lz4.c
+@@ -648,6 +648,18 @@ LZ4_FORCE_INLINE U32 LZ4_hashPosition(const void* const p, tableType_t const tab
+     return LZ4_hash4(LZ4_read32(p), tableType);
+ }
+ 
+static void LZ4_clearHash(U32 h, void* tableBase, tableType_t const tableType)
+{
+    switch (tableType)
+    {
+    default: /* fallthrough */
+    case clearedTable: { /* illegal! */ assert(0); return; }
+    case byPtr: { const BYTE** hashTable = (const BYTE**)tableBase; hashTable[h] = NULL; return; }
+    case byU32: { U32* hashTable = (U32*) tableBase; hashTable[h] = 0; return; }
+    case byU16: { U16* hashTable = (U16*) tableBase; hashTable[h] = 0; return; }
+    }
+}
+
+ static void LZ4_putIndexOnHash(U32 idx, U32 h, void* tableBase, tableType_t const tableType)
+ {
+     switch (tableType)
+@@ -848,6 +860,7 @@ LZ4_FORCE_INLINE int LZ4_compress_generic(
+     for ( ; ; ) {
+         const BYTE* match;
+         BYTE* token;
+        const BYTE* filledIp;
+ 
+         /* Find a match */
+         if (tableType == byPtr) {
+@@ -934,6 +947,7 @@ LZ4_FORCE_INLINE int LZ4_compress_generic(
+         }
+ 
+         /* Catch up */
+        filledIp = ip;
+         while (((ip>anchor) & (match > lowLimit)) && (unlikely(ip[-1]==match[-1]))) { ip--; match--; }
+ 
+         /* Encode Literals */
+@@ -1018,7 +1032,21 @@ LZ4_FORCE_INLINE int LZ4_compress_generic(
+                     /* Match description too long : reduce it */
+                     U32 newMatchCode = 15 /* in token */ - 1 /* to avoid needing a zero byte */ + ((U32)(olimit - op) - 1 - LASTLITERALS) * 255;
+                     ip -= matchCode - newMatchCode;
+                    assert(newMatchCode < matchCode);
+                     matchCode = newMatchCode;
+                    if (unlikely(ip < filledIp)) {
+                        /* We have already filled up to filledIp so if ip ends up less than filledIp
+                         * we have positions in the hash table beyond the current position. This is
+                         * a problem if we reuse the hash table. So we have to remove these positions
+                         * from the hash table.
+                         */
+                        const BYTE* ptr;
+                        DEBUGLOG(5, "Clearing %u positions", (U32)(filledIp - ip));
+                        for (ptr = ip; ptr <= filledIp; ++ptr) {
+                            U32 const h = LZ4_hashPosition(ptr, tableType);
+                            LZ4_clearHash(h, cctx->hashTable, tableType);
+                        }
+                    }
+                 }
+             }
+             if (matchCode >= ML_MASK) {
+@@ -1038,6 +1066,8 @@ LZ4_FORCE_INLINE int LZ4_compress_generic(
+             } else
+                 *token += (BYTE)(matchCode);
+         }
+        /* Ensure we have enough space for the last literals. */
+        assert(!(outputLimited  == fillOutput && op + 1 + LASTLITERALS > olimit));
+ 
+         anchor = ip;
+ 
--- a/SOURCES/cve-2019-17543-part3.patch
+++ b/SOURCES/cve-2019-17543-part3.patch
@ -0,0 +1,22 @@
+From 13a2d9e34ffc4170720ce417c73e396d0ac1471a Mon Sep 17 00:00:00 2001
+From: Nick Terrell <terrelln@fb.com>
+Date: Wed, 17 Jul 2019 11:50:47 -0700
+Subject: [PATCH] [LZ4_compress_destSize] Fix overflow condition
+
+---
+ lib/lz4.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/lz4.c b/lib/lz4.c
+index 461644da0..74a9247ec 100644
+--- a/lib/lz4.c
+++ b/lib/lz4.c
+@@ -1027,7 +1027,7 @@ LZ4_FORCE_INLINE int LZ4_compress_generic(
+             }
+ 
+             if ((outputLimited) &&    /* Check output buffer overflow */
+-                (unlikely(op + (1 + LASTLITERALS) + (matchCode>>8) > olimit)) ) {
+                (unlikely(op + (1 + LASTLITERALS) + (matchCode+240)/255 > olimit)) ) {
+                 if (outputLimited == limitedOutput)
+                   return 0;
+                 if (outputLimited == fillOutput) {
--- a/SOURCES/lz4-cve-2021-3520.patch
+++ b/SOURCES/lz4-cve-2021-3520.patch
@ -1,22 +1,24 @@
-From 8301a21773ef61656225e264f4f06ae14462bca7 Mon Sep 17 00:00:00 2001
-From: Jasper Lievisse Adriaanse <j@jasper.la>
-Date: Fri, 26 Feb 2021 15:21:20 +0100
-Subject: [PATCH] Fix potential memory corruption with negative memmove() size
+From 97f58e5fe5ff44fc9f7c86f6f67a11223379e640 Mon Sep 17 00:00:00 2001
+From: Jakub Martisko <jamartis@redhat.com>
+Date: Fri, 7 May 2021 13:08:24 +0200
+Subject: [PATCH] Fix: cve-2021-3520

 ---
- lib/lz4.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
+ lib/lz4.c | 1 +
+ 1 file changed, 1 insertion(+)

 diff --git a/lib/lz4.c b/lib/lz4.c
-index 5f524d01..c2f504ef 100644
+index 4046102..c18c1f6 100644
 --- a/lib/lz4.c
 +++ b/lib/lz4.c
-@@ -1749,7 +1749,7 @@ LZ4_decompress_generic(
-                  const size_t dictSize         /* note : = 0 if noDict */
-                  )
- {
-    if (src == NULL) { return -1; }
-+    if ((src == NULL) || (outputSize < 0)) { return -1; }
- 
-     {   const BYTE* ip = (const BYTE*) src;
-         const BYTE* const iend = ip + srcSize;
+@@ -1437,6 +1437,7 @@ LZ4_decompress_generic(
+     /* Special cases */
+     assert(lowPrefix <= op);
+     assert(src != NULL);
+    if (outputSize < 0) {return -1;};
+     if ((endOnInput) && (unlikely(outputSize==0))) return ((srcSize==1) && (*ip==0)) ? 0 : -1;  /* Empty output buffer */
+     if ((!endOnInput) && (unlikely(outputSize==0))) return (*ip==0 ? 1 : -1);
+     if ((endOnInput) && unlikely(srcSize==0)) return -1;
+-- 
+2.30.1
+
--- a/SPECS/lz4.spec
+++ b/SPECS/lz4.spec
@ -1,21 +1,19 @@
-%global _vpath_srcdir contrib/meson
-
 Name:           lz4
-Version:        1.9.3
+Version:        1.8.3
 Release:        5%{?dist}
 Summary:        Extremely fast compression algorithm

 License:        GPLv2+ and BSD
 URL:            https://lz4.github.io/lz4/
-Source0:        https://github.com/lz4/lz4/archive/v%{version}/%{name}-%{version}.tar.gz
+Source0:        https://github.com/Cyan4973/lz4/archive/v%{version}/%{name}-%{version}.tar.gz

 Obsoletes:      %{name} < 1.7.5-3

-BuildRequires: make
-BuildRequires:  gcc
-BuildRequires:  meson >= 0.43
-
 Patch1: lz4-cve-2021-3520.patch
+Patch2: cve-2019-17543-part1.patch
+Patch3: cve-2019-17543-part2.patch
+Patch4: cve-2019-17543-part3.patch
+
 %description
 LZ4 is an extremely fast loss-less compression algorithm, providing compression
 speed at 400 MB/s per core, scalable with multi-core CPU. It also features
@ -46,16 +44,19 @@ contains static libraries for static linking of applications.

 %prep
 %autosetup -p1
+echo '#!/bin/sh' > ./configure
+chmod +x ./configure

 %build
-%meson \
-  -Dbin_programs=true \
-  -Ddefault_library=both \
-  %{nil}
-%meson_build
+%configure
+%make_build

 %install
-%meson_install
+%configure
+# Someone thinks that plain Makefiles are good for bigger projects than hello world..
+%make_install LIBDIR=%{_libdir} PREFIX=%{_prefix}
+
+%ldconfig_scriptlets libs

 %files
 %license programs/COPYING
@ -83,46 +84,26 @@ contains static libraries for static linking of applications.
 %{_libdir}/liblz4.a

 %changelog
-* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.9.3-5
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
-  Related: rhbz#1991688
+* Fri Jun 20 2025 Jakub Martisko <jamartis@redhat.com> - 1.8.3-5
+- Fix a renamed variable in one of the patches
+- Since the variable was used in an assert, the regular build did not fail, but the QA builds did.
+- Related: RHEL-87362

-* Thu May 27 2021 Jakub Martisko <jamartis@redhat.com> - 1.9.3-4
- Fix cve-2021-3520
-resolves: cve-2021-3520
+* Thu Jun 19 2025 Jakub Martisko <jamartis@redhat.com> - 1.8.3-4
+- Fix CVE-2019-17543
+- Resolves: RHEL-87362

-* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.9.3-3
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
+* Fri May 07 2021 Jakub Martisko <jamartis@redhat.com> - 1.8.3-3
+- Fix memory corruption due to an integer overflow
+_ Resolves: CVE-2021-3520

-* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+* Tue May 26 2020 Jakub Martisko <jamartis@redhat.com> - 1.8.3-2
+- Rebuilding with the new gating tests
+- Related: 1840046

-* Wed Jan 06 2021 Timothée Ravier <travier@redhat.com> - 1.9.3-1
- Update to 1.9.3 and switch to Meson
-
-* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
-
-* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
-
-* Wed Aug 14 2019 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1.9.1-1
- Update to 1.9.1
-
-* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
-
-* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
-
-* Mon Oct 29 2018 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 1.8.3-1
- Update to latest version
-
-* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
-
-* Sat May 12 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1.8.2-1
- Update to 1.8.2
+* Mon Apr 06 2020 Jakub Martisko <jamartis@redhat.com> - 1.8.3-1
+- Rebase to 1.8.3
+- Resolves: #1821237

 * Fri Feb 09 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1.8.1.2-4
 - Escape macros in %%changelog