aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLeo <thinkabit.ukim@gmail.com>2020-03-15 19:59:15 -0300
committerLeo <thinkabit.ukim@gmail.com>2020-03-15 23:22:51 -0300
commitc2274e2a2c1ca5483b797a79854cb460f7607a0f (patch)
treee5e93d0eeb26b8d12b2d12e547738ad52365dc46
parent101d06c973ccdc4688ca75bdb33538058c3c611c (diff)
downloadaports-c2274e2a2c1ca5483b797a79854cb460f7607a0f.tar.gz
aports-c2274e2a2c1ca5483b797a79854cb460f7607a0f.tar.bz2
aports-c2274e2a2c1ca5483b797a79854cb460f7607a0f.tar.xz
main/lz4: fix CVE-2019-17543
see #10919
-rw-r--r--main/lz4/APKBUILD13
-rw-r--r--main/lz4/CVE-2019-17543.patch77
2 files changed, 87 insertions, 3 deletions
diff --git a/main/lz4/APKBUILD b/main/lz4/APKBUILD
index ab7adf94f4..05badb0224 100644
--- a/main/lz4/APKBUILD
+++ b/main/lz4/APKBUILD
@@ -2,16 +2,22 @@
# Maintainer: Stuart Cardall <developer@it-offshore.co.uk>
pkgname=lz4
pkgver=1.9.1
-pkgrel=0
+pkgrel=1
pkgdesc="LZ4 is lossless compression algorithm with fast decoder @ multiple GB/s per core."
url="https://github.com/lz4/lz4"
arch="all"
license="BSD-2-Clause GPL-2.0-only"
checkdepends="diffutils"
subpackages="$pkgname-dev $pkgname-doc $pkgname-libs $pkgname-tests:tests"
-source="$pkgname-$pkgver.tar.gz::https://github.com/$pkgname/$pkgname/archive/v$pkgver.tar.gz"
+source="$pkgname-$pkgver.tar.gz::https://github.com/$pkgname/$pkgname/archive/v$pkgver.tar.gz
+ CVE-2019-17543.patch
+ "
builddir="$srcdir"/$pkgname-$pkgver
+# secfixes:
+# 1.9.1-r1:
+# - CVE-2019-17543
+
build() {
cd "$builddir"
make PREFIX="/usr"
@@ -34,4 +40,5 @@ package() {
make PREFIX="/usr" DESTDIR="$pkgdir" install
}
-sha512sums="536cdeb6dd73b4769cf9501ad312b004ab01699758534b47ca2eddbc815fd374a3caba40cde36f73a7a70e134065836b733e2b0c023c31740b877ef9317ccf3e lz4-1.9.1.tar.gz"
+sha512sums="536cdeb6dd73b4769cf9501ad312b004ab01699758534b47ca2eddbc815fd374a3caba40cde36f73a7a70e134065836b733e2b0c023c31740b877ef9317ccf3e lz4-1.9.1.tar.gz
+814a5319b220783e1f2c435797aada7a9aafee30b18ae850e293b0001068200b53620f668f8ef9c2822b2694020809c54a36671e26bae4fcebe11c903a4ba09f CVE-2019-17543.patch"
diff --git a/main/lz4/CVE-2019-17543.patch b/main/lz4/CVE-2019-17543.patch
new file mode 100644
index 0000000000..f8c03d27a5
--- /dev/null
+++ b/main/lz4/CVE-2019-17543.patch
@@ -0,0 +1,77 @@
+diff --git a/lib/lz4.c b/lib/lz4.c
+index e614c45..7572344 100644
+--- a/lib/lz4.c
++++ b/lib/lz4.c
+@@ -643,6 +643,18 @@ LZ4_FORCE_INLINE U32 LZ4_hashPosition(const void* const p, tableType_t const tab
+ return LZ4_hash4(LZ4_read32(p), tableType);
+ }
+
++static void LZ4_clearHash(U32 h, void* tableBase, tableType_t const tableType)
++{
++ switch (tableType)
++ {
++ default: /* fallthrough */
++ case clearedTable: { /* illegal! */ assert(0); return; }
++ case byPtr: { const BYTE** hashTable = (const BYTE**)tableBase; hashTable[h] = NULL; return; }
++ case byU32: { U32* hashTable = (U32*) tableBase; hashTable[h] = 0; return; }
++ case byU16: { U16* hashTable = (U16*) tableBase; hashTable[h] = 0; return; }
++ }
++}
++
+ static void LZ4_putIndexOnHash(U32 idx, U32 h, void* tableBase, tableType_t const tableType)
+ {
+ switch (tableType)
+@@ -841,6 +853,7 @@ LZ4_FORCE_INLINE int LZ4_compress_generic(
+ for ( ; ; ) {
+ const BYTE* match;
+ BYTE* token;
++ const BYTE* filledIp;
+
+ /* Find a match */
+ if (tableType == byPtr) {
+@@ -923,6 +936,7 @@ LZ4_FORCE_INLINE int LZ4_compress_generic(
+ }
+
+ /* Catch up */
++ filledIp = ip;
+ while (((ip>anchor) & (match > lowLimit)) && (unlikely(ip[-1]==match[-1]))) { ip--; match--; }
+
+ /* Encode Literals */
+@@ -1002,12 +1016,26 @@ _next_match:
+ }
+
+ if ((outputDirective) && /* Check output buffer overflow */
+- (unlikely(op + (1 + LASTLITERALS) + (matchCode>>8) > olimit)) ) {
++ (unlikely(op + (1 + LASTLITERALS) + (matchCode+240)/255 > olimit)) ) {
+ if (outputDirective == fillOutput) {
+ /* Match description too long : reduce it */
+- U32 newMatchCode = 15 /* in token */ - 1 /* to avoid needing a zero byte */ + ((U32)(olimit - op) - 2 - 1 - LASTLITERALS) * 255;
++ U32 newMatchCode = 15 /* in token */ - 1 /* to avoid needing a zero byte */ + ((U32)(olimit - op) - 1 - LASTLITERALS) * 255;
+ ip -= matchCode - newMatchCode;
++ assert(newMatchCode < matchCode);
+ matchCode = newMatchCode;
++ if (unlikely(ip < filledIp)) {
++ /* We have already filled up to filledIp so if ip ends up less than filledIp
++ * we have positions in the hash table beyond the current position. This is
++ * a problem if we reuse the hash table. So we have to remove these positions
++ * from the hash table.
++ */
++ const BYTE* ptr;
++ DEBUGLOG(5, "Clearing %u positions", (U32)(filledIp - ip));
++ for (ptr = ip; ptr <= filledIp; ++ptr) {
++ U32 const h = LZ4_hashPosition(ptr, tableType);
++ LZ4_clearHash(h, cctx->hashTable, tableType);
++ }
++ }
+ } else {
+ assert(outputDirective == limitedOutput);
+ return 0; /* cannot compress within `dst` budget. Stored indexes in hash table are nonetheless fine */
+@@ -1027,6 +1055,8 @@ _next_match:
+ } else
+ *token += (BYTE)(matchCode);
+ }
++ /* Ensure we have enough space for the last literals. */
++ assert(!(outputDirective == fillOutput && op + 1 + LASTLITERALS > olimit));
+
+ anchor = ip;
+