deleted file mode 100644
@@ -1,26 +0,0 @@
-From 8301a21773ef61656225e264f4f06ae14462bca7 Mon Sep 17 00:00:00 2001
-From: Jasper Lievisse Adriaanse <j@jasper.la>
-Date: Fri, 26 Feb 2021 15:21:20 +0100
-Subject: [PATCH] Fix potential memory corruption with negative memmove() size
-
-Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
----
- lib/lz4.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/lib/lz4.c b/lib/lz4.c
-index 5f524d0..c2f504e 100644
---- a/lib/lz4.c
-+++ b/lib/lz4.c
-@@ -1749,7 +1749,7 @@ LZ4_decompress_generic(
- const size_t dictSize /* note : = 0 if noDict */
- )
- {
-- if (src == NULL) { return -1; }
-+ if ((src == NULL) || (outputSize < 0)) { return -1; }
-
- { const BYTE* ip = (const BYTE*) src;
- const BYTE* const iend = ip + srcSize;
-2.20.1
-
@@ -1,4 +1,4 @@
# sha256 locally computed
-sha256 030644df4611007ff7dc962d981f390361e6c97a34e5cbc393ddfbe019ffe2c1 lz4-1.9.3.tar.gz
-sha256 d15d99c8dc6b0ec22174c0e563a95bc40f9363ca7f9d9d793bb5c5a8e8d0af71 lib/LICENSE
+sha256 0b0e3aa07c8c063ddf40b082bdf7e37a1562bda40a0ff5272957f3e987e0e54b lz4-1.9.4.tar.gz
+sha256 8b58c446121a109ccf32edc094bba3010a3d85e4ee3702950db55e4d3e87736c lib/LICENSE
sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 programs/COPYING
@@ -4,16 +4,13 @@
#
################################################################################
-LZ4_VERSION = 1.9.3
+LZ4_VERSION = 1.9.4
LZ4_SITE = $(call github,lz4,lz4,v$(LZ4_VERSION))
LZ4_INSTALL_STAGING = YES
LZ4_LICENSE = BSD-2-Clause (library), GPL-2.0+ (programs)
LZ4_LICENSE_FILES = lib/LICENSE programs/COPYING
LZ4_CPE_ID_VENDOR = lz4_project
-# 0001-Fix-potential-memory-corruption-with-negative-memmov.patch
-LZ4_IGNORE_CVES += CVE-2021-3520
-
ifeq ($(BR2_STATIC_LIBS),y)
LZ4_MAKE_OPTS += BUILD_SHARED=no
else ifeq ($(BR2_SHARED_LIBS),y)
LZ4 v1.9.4 is a maintenance release, featuring a substantial amount (~350 commits) of minor fixes and improvements, making it a recommended upgrade. The stable portion of liblz4 API is unmodified, making this release a drop-in replacement for existing features. - Drop patch (already in version) - Update hash of lib/LICENSE (update in year with https://github.com/lz4/lz4/commit/87a80acbe7872b9da7d56f7005ffd1b715e87c93) https://github.com/lz4/lz4/releases/tag/v1.9.4 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> --- ...mory-corruption-with-negative-memmov.patch | 26 ------------------- package/lz4/lz4.hash | 4 +-- package/lz4/lz4.mk | 5 +--- 3 files changed, 3 insertions(+), 32 deletions(-) delete mode 100644 package/lz4/0001-Fix-potential-memory-corruption-with-negative-memmov.patch