diff --git a/lz4-1.8.3.tar.gz b/lz4-1.8.3.tar.gz deleted file mode 100644 index 653709c2796751b6d858e29cd3d8e371512b258a..0000000000000000000000000000000000000000 Binary files a/lz4-1.8.3.tar.gz and /dev/null differ diff --git a/lz4-1.9.4.tar.gz b/lz4-1.9.4.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..b3e2eb945e367f6dc7b5bb5c80546f3e460a3b6d Binary files /dev/null and b/lz4-1.9.4.tar.gz differ diff --git a/lz4-cve-2021-3520.patch b/lz4-cve-2021-3520.patch deleted file mode 100644 index 677d1aa248f847e06e7c33284f43e1a3df3ce264..0000000000000000000000000000000000000000 --- a/lz4-cve-2021-3520.patch +++ /dev/null @@ -1,24 +0,0 @@ -From 97f58e5fe5ff44fc9f7c86f6f67a11223379e640 Mon Sep 17 00:00:00 2001 -From: Jakub Martisko -Date: Fri, 7 May 2021 13:08:24 +0200 -Subject: [PATCH] Fix: cve-2021-3520 - ---- - lib/lz4.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/lib/lz4.c b/lib/lz4.c -index 4046102..c18c1f6 100644 ---- a/lib/lz4.c -+++ b/lib/lz4.c -@@ -1437,6 +1437,7 @@ LZ4_decompress_generic( - /* Special cases */ - assert(lowPrefix <= op); - assert(src != NULL); -+ if (outputSize < 0) {return -1;}; - if ((endOnInput) && (unlikely(outputSize==0))) return ((srcSize==1) && (*ip==0)) ? 0 : -1; /* Empty output buffer */ - if ((!endOnInput) && (unlikely(outputSize==0))) return (*ip==0 ? 1 : -1); - if ((endOnInput) && unlikely(srcSize==0)) return -1; --- -2.30.1 - diff --git a/lz4.spec b/lz4.spec index 95ed8bd27d2583ca223df67827c70e19afecb6cb..0145c4b1537812eea8a9bdcf4f284595a1902938 100644 --- a/lz4.spec +++ b/lz4.spec @@ -1,22 +1,35 @@ +%define anolis_release 1 + +# relative to the RPM build directory +%global _vpath_srcdir contrib/meson Name: lz4 -Version: 1.8.3 -Release: 3%{?dist} +Version: 1.9.4 +Release: %{anolis_release}%{?dist} Summary: Extremely fast compression algorithm License: GPLv2+ and BSD URL: https://lz4.github.io/lz4/ -Source0: https://github.com/Cyan4973/lz4/archive/v%{version}/%{name}-%{version}.tar.gz +Source0: https://github.com/lz4/lz4/archive/v%{version}/%{name}-%{version}.tar.gz Obsoletes: %{name} < 1.7.5-3 -Patch1: lz4-cve-2021-3520.patch +BuildRequires: make +BuildRequires: gcc %description LZ4 is an extremely fast loss-less compression algorithm, providing compression -speed at 400 MB/s per core, scalable with multi-core CPU. It also features +speed > 500 MB/s per core, scalable with multi-core CPU. It also features an extremely fast decoder, with speed in multiple GB/s per core, typically reaching RAM speed limits on multi-core systems. +%package doc +Summary: Documentation files for %{name} +Requires: %{name} = %{version}-%{release} +BuildArch: noarch + +%description doc +The %{name}-doc package contains documentation files for %{name}. + %package libs Summary: Libaries for lz4 Obsoletes: %{name} < 1.7.5-3 @@ -54,10 +67,11 @@ chmod +x ./configure %make_install LIBDIR=%{_libdir} PREFIX=%{_prefix} %ldconfig_scriptlets libs +%check +make check %files %license programs/COPYING -%doc NEWS %{_bindir}/lz4 %{_bindir}/lz4c %{_bindir}/lz4cat @@ -67,6 +81,9 @@ chmod +x ./configure %{_mandir}/man1/lz4cat.1* %{_mandir}/man1/unlz4.1* +%files doc +%doc NEWS + %files libs %doc lib/LICENSE %{_libdir}/liblz4.so.* @@ -81,6 +98,10 @@ chmod +x ./configure %{_libdir}/liblz4.a %changelog +* Fri Oct 13 2023 Gao Xiang - 1.9.4-1 +- Update to 1.9.4 in sync with Anolis 23 +- Switch back from Meson since its version is too low on Anolis 8. + * Fri May 07 2021 Jakub Martisko - 1.8.3-3 - Fix memory corruption due to an integer overflow _ Resolves: CVE-2021-3520