[gentoo-commits] repo/gentoo:master commit in: app-arch/lz4/, app-arch/lz4/files/

Tue, 08 Jun 2021 04:42:28 -0700 

commit:     f063d9e1dcac596d0a15fab50c8d89c4d8a9d0e3
Author:     Michał Górny <mgorny <AT> gentoo <DOT> org>
AuthorDate: Tue Jun  8 11:34:45 2021 +0000
Commit:     Michał Górny <mgorny <AT> gentoo <DOT> org>
CommitDate: Tue Jun  8 11:42:14 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f063d9e1

app-arch/lz4: Backport memory corruption fix (CVE-2021-3520)

Bug: https://bugs.gentoo.org/791952
Signed-off-by: Michał Górny <mgorny <AT> gentoo.org>

 .../lz4/files/lz4-1.9.3-negative-memmove.patch     | 22 ++++++++++++++++++++++
 .../lz4/{lz4-1.9.3.ebuild => lz4-1.9.3-r1.ebuild}  |  4 ++++
 2 files changed, 26 insertions(+)

diff --git a/app-arch/lz4/files/lz4-1.9.3-negative-memmove.patch 
b/app-arch/lz4/files/lz4-1.9.3-negative-memmove.patch
new file mode 100644
index 00000000000..053958dfe87
--- /dev/null
+++ b/app-arch/lz4/files/lz4-1.9.3-negative-memmove.patch
@@ -0,0 +1,22 @@
+From 8301a21773ef61656225e264f4f06ae14462bca7 Mon Sep 17 00:00:00 2001
+From: Jasper Lievisse Adriaanse <[email protected]>
+Date: Fri, 26 Feb 2021 15:21:20 +0100
+Subject: [PATCH] Fix potential memory corruption with negative memmove() size
+
+---
+ lib/lz4.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/lz4.c b/lib/lz4.c
+index 5f524d01d..c2f504ef3 100644
+--- a/lib/lz4.c
++++ b/lib/lz4.c
+@@ -1749,7 +1749,7 @@ LZ4_decompress_generic(
+                  const size_t dictSize         /* note : = 0 if noDict */
+                  )
+ {
+-    if (src == NULL) { return -1; }
++    if ((src == NULL) || (outputSize < 0)) { return -1; }
+ 
+     {   const BYTE* ip = (const BYTE*) src;
+         const BYTE* const iend = ip + srcSize;

diff --git a/app-arch/lz4/lz4-1.9.3.ebuild b/app-arch/lz4/lz4-1.9.3-r1.ebuild
similarity index 93%
rename from app-arch/lz4/lz4-1.9.3.ebuild
rename to app-arch/lz4/lz4-1.9.3-r1.ebuild
index 02eac78fb6d..2282b90c9bc 100644
--- a/app-arch/lz4/lz4-1.9.3.ebuild
+++ b/app-arch/lz4/lz4-1.9.3-r1.ebuild
@@ -18,6 +18,10 @@ IUSE="static-libs"
 
 CMAKE_USE_DIR=${S}/build/cmake
 
+PATCHES=(
+       "${FILESDIR}"/${P}-negative-memmove.patch
+)
+
 multilib_src_configure() {
        local mycmakeargs=(
                -DBUILD_STATIC_LIBS=$(usex static-libs)

Reply via email to