From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-1291558-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id EB58113835B
	for <garchives@archives.gentoo.org>; Tue,  8 Jun 2021 11:42:23 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 160D1E085B;
	Tue,  8 Jun 2021 11:42:23 +0000 (UTC)
Received: from smtp.gentoo.org (mail.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id EF8ACE085B
	for <gentoo-commits@lists.gentoo.org>; Tue,  8 Jun 2021 11:42:22 +0000 (UTC)
Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id E941B340C23
	for <gentoo-commits@lists.gentoo.org>; Tue,  8 Jun 2021 11:42:21 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id 4E4177A8
	for <gentoo-commits@lists.gentoo.org>; Tue,  8 Jun 2021 11:42:19 +0000 (UTC)
From: "Michał Górny" <mgorny@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Michał Górny" <mgorny@gentoo.org>
Message-ID: <1623152534.f063d9e1dcac596d0a15fab50c8d89c4d8a9d0e3.mgorny@gentoo>
Subject: [gentoo-commits] repo/gentoo:master commit in: app-arch/lz4/, app-arch/lz4/files/
X-VCS-Repository: repo/gentoo
X-VCS-Files: app-arch/lz4/files/lz4-1.9.3-negative-memmove.patch app-arch/lz4/lz4-1.9.3-r1.ebuild app-arch/lz4/lz4-1.9.3.ebuild
X-VCS-Directories: app-arch/lz4/ app-arch/lz4/files/
X-VCS-Committer: mgorny
X-VCS-Committer-Name: Michał Górny
X-VCS-Revision: f063d9e1dcac596d0a15fab50c8d89c4d8a9d0e3
X-VCS-Branch: master
Date: Tue,  8 Jun 2021 11:42:19 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
X-Archives-Salt: e16e4298-3f3c-4372-bb53-d355c2b10425
X-Archives-Hash: 59ba5dfaf164da81f59b0296f109c969

commit:     f063d9e1dcac596d0a15fab50c8d89c4d8a9d0e3
Author:     Michał Górny <mgorny <AT> gentoo <DOT> org>
AuthorDate: Tue Jun  8 11:34:45 2021 +0000
Commit:     Michał Górny <mgorny <AT> gentoo <DOT> org>
CommitDate: Tue Jun  8 11:42:14 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f063d9e1

app-arch/lz4: Backport memory corruption fix (CVE-2021-3520)

Bug: https://bugs.gentoo.org/791952
Signed-off-by: Michał Górny <mgorny <AT> gentoo.org>

 .../lz4/files/lz4-1.9.3-negative-memmove.patch     | 22 ++++++++++++++++++++++
 .../lz4/{lz4-1.9.3.ebuild => lz4-1.9.3-r1.ebuild}  |  4 ++++
 2 files changed, 26 insertions(+)

diff --git a/app-arch/lz4/files/lz4-1.9.3-negative-memmove.patch b/app-arch/lz4/files/lz4-1.9.3-negative-memmove.patch
new file mode 100644
index 00000000000..053958dfe87
--- /dev/null
+++ b/app-arch/lz4/files/lz4-1.9.3-negative-memmove.patch
@@ -0,0 +1,22 @@
+From 8301a21773ef61656225e264f4f06ae14462bca7 Mon Sep 17 00:00:00 2001
+From: Jasper Lievisse Adriaanse <j@jasper.la>
+Date: Fri, 26 Feb 2021 15:21:20 +0100
+Subject: [PATCH] Fix potential memory corruption with negative memmove() size
+
+---
+ lib/lz4.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/lz4.c b/lib/lz4.c
+index 5f524d01d..c2f504ef3 100644
+--- a/lib/lz4.c
++++ b/lib/lz4.c
+@@ -1749,7 +1749,7 @@ LZ4_decompress_generic(
+                  const size_t dictSize         /* note : = 0 if noDict */
+                  )
+ {
+-    if (src == NULL) { return -1; }
++    if ((src == NULL) || (outputSize < 0)) { return -1; }
+ 
+     {   const BYTE* ip = (const BYTE*) src;
+         const BYTE* const iend = ip + srcSize;

diff --git a/app-arch/lz4/lz4-1.9.3.ebuild b/app-arch/lz4/lz4-1.9.3-r1.ebuild
similarity index 93%
rename from app-arch/lz4/lz4-1.9.3.ebuild
rename to app-arch/lz4/lz4-1.9.3-r1.ebuild
index 02eac78fb6d..2282b90c9bc 100644
--- a/app-arch/lz4/lz4-1.9.3.ebuild
+++ b/app-arch/lz4/lz4-1.9.3-r1.ebuild
@@ -18,6 +18,10 @@ IUSE="static-libs"
 
 CMAKE_USE_DIR=${S}/build/cmake
 
+PATCHES=(
+	"${FILESDIR}"/${P}-negative-memmove.patch
+)
+
 multilib_src_configure() {
 	local mycmakeargs=(
 		-DBUILD_STATIC_LIBS=$(usex static-libs)