commit fb68e7b155e4c3438eed2a0741b4515c1424d9a7 Author: Danny Rawlins <contact@romster.me> Date: Sun Sep 12 13:28:11 2021 +1000 [notify] lz4: Backport memory corruption fix (CVE-2021-3520) diff --git a/lz4/.signature b/lz4/.signature index a395434c4..90255c2f7 100644 --- a/lz4/.signature +++ b/lz4/.signature @@ -1,5 +1,6 @@ untrusted comment: verify with /etc/ports/contrib.pub -RWSagIOpLGJF3/9G8jV6Mhct9mNsS0oU28nYDXRjr2leM9tVFZyM+afK8kxBjhy7fqF6vqLwDa6hY2YUsaz9XvkqmHaiX2LGagU= -SHA256 (Pkgfile) = cd7ac45f2f1bf7abf25497c1d7a1211549cadecf8a3560d7057809b40e39350a +RWSagIOpLGJF33M9dX5wPDqPSLsPxegfmqjgj/2+95yILfZt79v17p/MPUSUEs32pmrkpuz6t2JgcprItK9mo+U5kyEL4yqCJg0= +SHA256 (Pkgfile) = 8de158f16af5ff4d1c739237bff3a2fe862727cc80d2626099f4508434246269 SHA256 (.footprint) = b54711d20c7de6fc0ffa92a1f97ecbcfe55fe0ad50c2cf2aee77a330a6610aa3 SHA256 (lz4-1.9.3.tar.gz) = 030644df4611007ff7dc962d981f390361e6c97a34e5cbc393ddfbe019ffe2c1 +SHA256 (lz4-1.9.3-negative-memmove.patch) = c99da650a79a42db4db23e72146701cce9106383ba45709c5ac89022e36dcfb2 diff --git a/lz4/Pkgfile b/lz4/Pkgfile index f4544d481..bd2964e34 100644 --- a/lz4/Pkgfile +++ b/lz4/Pkgfile @@ -4,12 +4,16 @@ name=lz4 version=1.9.3 -release=1 -source=(https://github.com/$name/$name/archive/v$version/$name-$version.tar.gz) +release=2 +source=(https://github.com/$name/$name/archive/v$version/$name-$version.tar.gz + lz4-1.9.3-negative-memmove.patch) build() { cd $name-$version + # https://github.com/lz4/lz4/commit/8301a21773ef61656225e264f4f06ae14462bca7 + # Fix potential memory corruption with negative memmove() size + patch -p1 -i $SRC/lz4-1.9.3-negative-memmove.patch make -C lib PREFIX=/usr make -C programs PREFIX=/usr lz4 lz4c make install PREFIX=/usr DESTDIR=$PKG diff --git a/lz4/lz4-1.9.3-negative-memmove.patch b/lz4/lz4-1.9.3-negative-memmove.patch new file mode 100644 index 000000000..053958dfe --- /dev/null +++ b/lz4/lz4-1.9.3-negative-memmove.patch @@ -0,0 +1,22 @@ +From 8301a21773ef61656225e264f4f06ae14462bca7 Mon Sep 17 00:00:00 2001 +From: Jasper Lievisse Adriaanse <j@jasper.la> +Date: Fri, 26 Feb 2021 15:21:20 +0100 +Subject: [PATCH] Fix potential memory corruption with negative memmove() size + +--- + lib/lz4.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/lz4.c b/lib/lz4.c +index 5f524d01d..c2f504ef3 100644 +--- a/lib/lz4.c ++++ b/lib/lz4.c +@@ -1749,7 +1749,7 @@ LZ4_decompress_generic( + const size_t dictSize /* note : = 0 if noDict */ + ) + { +- if (src == NULL) { return -1; } ++ if ((src == NULL) || (outputSize < 0)) { return -1; } + + { const BYTE* ip = (const BYTE*) src; + const BYTE* const iend = ip + srcSize;