diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..03eb444 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/lz4-1.9.3.tar.gz diff --git a/.lz4.metadata b/.lz4.metadata new file mode 100644 index 0000000..46dfab6 --- /dev/null +++ b/.lz4.metadata @@ -0,0 +1 @@ +5a19554ef404a609123b756ddcbbb677df838f05 SOURCES/lz4-1.9.3.tar.gz diff --git a/SOURCES/lz4-cve-2021-3520.patch b/SOURCES/lz4-cve-2021-3520.patch new file mode 100644 index 0000000..8a22dce --- /dev/null +++ b/SOURCES/lz4-cve-2021-3520.patch @@ -0,0 +1,22 @@ +From 8301a21773ef61656225e264f4f06ae14462bca7 Mon Sep 17 00:00:00 2001 +From: Jasper Lievisse Adriaanse +Date: Fri, 26 Feb 2021 15:21:20 +0100 +Subject: [PATCH] Fix potential memory corruption with negative memmove() size + +--- + lib/lz4.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/lz4.c b/lib/lz4.c +index 5f524d01..c2f504ef 100644 +--- a/lib/lz4.c ++++ b/lib/lz4.c +@@ -1749,7 +1749,7 @@ LZ4_decompress_generic( + const size_t dictSize /* note : = 0 if noDict */ + ) + { +- if (src == NULL) { return -1; } ++ if ((src == NULL) || (outputSize < 0)) { return -1; } + + { const BYTE* ip = (const BYTE*) src; + const BYTE* const iend = ip + srcSize; diff --git a/SPECS/lz4.spec b/SPECS/lz4.spec new file mode 100644 index 0000000..87faae3 --- /dev/null +++ b/SPECS/lz4.spec @@ -0,0 +1,276 @@ +%global _vpath_srcdir contrib/meson + +Name: lz4 +Version: 1.9.3 +Release: 5%{?dist} +Summary: Extremely fast compression algorithm + +License: GPLv2+ and BSD +URL: https://lz4.github.io/lz4/ +Source0: https://github.com/lz4/lz4/archive/v%{version}/%{name}-%{version}.tar.gz + +Obsoletes: %{name} < 1.7.5-3 + +BuildRequires: make +BuildRequires: gcc +BuildRequires: meson >= 0.43 + +Patch1: lz4-cve-2021-3520.patch +%description +LZ4 is an extremely fast loss-less compression algorithm, providing compression +speed at 400 MB/s per core, scalable with multi-core CPU. It also features +an extremely fast decoder, with speed in multiple GB/s per core, typically +reaching RAM speed limits on multi-core systems. + +%package libs +Summary: Libaries for lz4 +Obsoletes: %{name} < 1.7.5-3 + +%description libs +This package contains the libaries for lz4. + +%package devel +Summary: Development files for lz4 +Requires: %{name}-libs%{?_isa} = %{version}-%{release} + +%description devel +This package contains the header(.h) and library(.so) files required to build +applications using liblz4 library. + +%package static +Summary: Static library for lz4 + +%description static +LZ4 is an extremely fast loss-less compression algorithm. This package +contains static libraries for static linking of applications. + +%prep +%autosetup -p1 + +%build +%meson \ + -Dbin_programs=true \ + -Ddefault_library=both \ + %{nil} +%meson_build + +%install +%meson_install + +%files +%license programs/COPYING +%doc NEWS +%{_bindir}/lz4 +%{_bindir}/lz4c +%{_bindir}/lz4cat +%{_bindir}/unlz4 +%{_mandir}/man1/lz4.1* +%{_mandir}/man1/lz4c.1* +%{_mandir}/man1/lz4cat.1* +%{_mandir}/man1/unlz4.1* + +%files libs +%doc lib/LICENSE +%{_libdir}/liblz4.so.* + +%files devel +%{_includedir}/lz4*.h +%{_libdir}/liblz4.so +%{_libdir}/pkgconfig/liblz4.pc + +%files static +%doc lib/LICENSE +%{_libdir}/liblz4.a + +%changelog +* Mon Aug 09 2021 Mohan Boddu - 1.9.3-5 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Thu May 27 2021 Jakub Martisko - 1.9.3-4 +- Fix cve-2021-3520 +resolves: cve-2021-3520 + +* Fri Apr 16 2021 Mohan Boddu - 1.9.3-3 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Tue Jan 26 2021 Fedora Release Engineering - 1.9.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Wed Jan 06 2021 Timothée Ravier - 1.9.3-1 +- Update to 1.9.3 and switch to Meson + +* Tue Jul 28 2020 Fedora Release Engineering - 1.9.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Wed Jan 29 2020 Fedora Release Engineering - 1.9.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Wed Aug 14 2019 Igor Gnatenko - 1.9.1-1 +- Update to 1.9.1 + +* Thu Jul 25 2019 Fedora Release Engineering - 1.8.3-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Fri Feb 01 2019 Fedora Release Engineering - 1.8.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Mon Oct 29 2018 Zbigniew Jędrzejewski-Szmek - 1.8.3-1 +- Update to latest version + +* Fri Jul 13 2018 Fedora Release Engineering - 1.8.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Sat May 12 2018 Igor Gnatenko - 1.8.2-1 +- Update to 1.8.2 + +* Fri Feb 09 2018 Igor Gnatenko - 1.8.1.2-4 +- Escape macros in %%changelog + +* Thu Feb 08 2018 Fedora Release Engineering - 1.8.1.2-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Wed Jan 31 2018 Igor Gnatenko - 1.8.1.2-2 +- Switch to %%ldconfig_scriptlets + +* Mon Jan 15 2018 Igor Gnatenko - 1.8.1.2-1 +- Update to 1.8.1.2 + +* Sat Aug 19 2017 Igor Gnatenko - 1.8.0-1 +- Update to 1.8.0 + +* Thu Aug 03 2017 Fedora Release Engineering - 1.7.5-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 1.7.5-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Sat Jul 08 2017 Igor Gnatenko - 1.7.5-4 +- Split libs properly for multilib + +* Sat Mar 4 2017 Peter Robinson 1.7.5-3 +- Split libs out to a sub package + +* Fri Feb 10 2017 Fedora Release Engineering - 1.7.5-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Thu Jan 05 2017 Igor Gnatenko - 1.7.5-1 +- Update to 1.7.5 + +* Fri Nov 25 2016 Igor Gnatenko - 1.7.4.2-1 +- Update to 1.7.4.2 (RHBZ #1397373) + +* Sat Nov 19 2016 Igor Gnatenko - 1.7.3-1 +- Update to 1.7.3 (RHBZ #1395458) + +* Thu Feb 04 2016 Fedora Release Engineering - r131-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Mon Jul 06 2015 pjp - r131-1 +- New: Dos/DJGPP target #114. +- Added: Example using lz4frame library #118. +- Changed: liblz4.a no longer compiled with -fPIC by default. + +* Thu Jun 18 2015 pjp - r130-1 +- Fixed: incompatibility sparse mode vs console. +- Fixed: LZ4IO exits too early when frame crc not present. +- Fixed: incompatibility sparse mode vs append mode. +- Performance fix: big compression speed boost for clang(+30%%). + +* Wed Jun 17 2015 Fedora Release Engineering - r129-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Wed May 27 2015 pjp - r129-1 +- New LZ4_compress_fast() API. +- New LZ4 CLI improved performance with multiple files. +- Other bug fix and documentation updates. + +* Mon Apr 06 2015 pjp - r128-2 +- Update files section to install unlz4 & its manual + +* Wed Apr 01 2015 pjp - r128-1 +- lz4cli sparse file support +- Restored lz4hc compression ratio +- lz4 cli supports long commands +- Introduced lz4-static sub package BZ#1208203 + +* Thu Jan 08 2015 pjp - r127-2 +- Bump dist to override an earlier build. + +* Wed Jan 07 2015 pjp - r127-1 +- Fixed a bug in LZ4 HC streaming mode +- New lz4frame API integrated into liblz4 +- Fixed a GCC 4.9 bug on highest performance settings + +* Thu Nov 13 2014 pjp - r124-1 +- New LZ4 HC Streaming mode + +* Tue Sep 30 2014 pjp - r123-1 +- Added experimental lz4frame API. +- Fix s390x support. + +* Sat Aug 30 2014 pjp - r122-1 +- new release +- Fixed AIX & AIX64 support (SamG) +- Fixed mips 64-bits support (lew van) + +* Sun Aug 17 2014 Fedora Release Engineering - r121-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Fri Aug 08 2014 Igor Gnatenko - r121-2 +- fix destdir + +* Fri Aug 08 2014 pjp - r121-1 +- new release +- Added a pkg-config file. +- Fixed a LZ4 streaming crash bug. + +* Thu Jul 03 2014 pjp - r119-1 +- new release +- Fixed a high Address allocation issue in 32-bits mode. + +* Sat Jun 28 2014 pjp - r118-1 +- new release +- install libraries under appropriate _libdir directories. + +* Sat Jun 14 2014 pjp - r117-3 +- Move shared library object to -devel package. + +* Sat Jun 07 2014 pjp - r117-2 +- Skip static library from installation. + +* Sat Jun 07 2014 Fedora Release Engineering - r117-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Fri Jun 06 2014 pjp - r117-1 +- new release +- added lz4c & lz4cat manual pages. + +* Sun Apr 13 2014 pjp - r116-1 +- new release 116 +- added lz4cat utility for posix systems + +* Sat Mar 15 2014 pjp - r114-1 +- new release r114 +- added RPM_OPT_FLAGS to CFLAGS +- introduced a devel package to build liblz4 + +* Thu Jan 02 2014 pjp - r110-1 +- new release r110 + +* Sun Nov 10 2013 pjp - r108-1 +- new release r108 + +* Wed Oct 23 2013 pjp - r107-1 +- new release r107 + +* Mon Oct 07 2013 pjp - r106-3 +- fixed install section to replace /usr/ with a macro. + -> https://bugzilla.redhat.com/show_bug.cgi?id=1015263#c5 + +* Sat Oct 05 2013 pjp - r106-2 +- fixed install section above as suggested in the review. + -> https://bugzilla.redhat.com/show_bug.cgi?id=1015263#c1 + +* Sun Sep 22 2013 pjp - r106-1 +- Initial RPM release of lz4-r106