lz4: upgrade to 1.9.4

Fix-Data-Corruption-Bug-when-Streaming-with-an-Attac.patch

@@ -1,38 +0,0 @@
-From 2c67902d594f7ae37b68cef1692b823b4b497e92 Mon Sep 17 00:00:00 2001
-From: "W. Felix Handte" <w@felixhandte.com>
-Date: Thu, 18 Jul 2019 12:41:12 -0400
-Subject: [PATCH 3/3] Fix Data Corruption Bug when Streaming with an Attached
- Dict in HC Mode
-
-This diff fixes an issue in which we failed to clear the `dictCtx` in HC
-compression. The `dictCtx` is not supposed to be used when an `extDict` is
-present: matches found in the `dictCtx` do not account for the presence of an
-`extDict` segment, and their offsets are therefore miscalculated when one is
-present. This can lead to data corruption.
-
-This diff clears the `dictCtx` whenever setting an `extDict`.
-
-This issue was uncovered by @terrelln's fuzzing work.
----
- lib/lz4hc.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/lib/lz4hc.c b/lib/lz4hc.c
-index b62e085..98813a6 100644
---- a/lib/lz4hc.c
-+++ b/lib/lz4hc.c
-@@ -940,6 +940,11 @@ static void LZ4HC_setExternalDict(LZ4HC_CCtx_internal* ctxPtr, const BYTE* newBl
-     if (ctxPtr->end >= ctxPtr->base + ctxPtr->dictLimit + 4)
-         LZ4HC_Insert (ctxPtr, ctxPtr->end-3);   /* Referencing remaining dictionary content */
- 
-+    /* cannot reference an extDict and a dictCtx at the same time */
-+    if (ctxPtr->dictCtx != NULL) {
-+        ctxPtr->dictCtx = NULL;
-+    }
-+
-     /* Only one memory segment for extDict, so any previous extDict is lost at this stage */
-     ctxPtr->lowLimit  = ctxPtr->dictLimit;
-     ctxPtr->dictLimit = (U32)(ctxPtr->end - ctxPtr->base);
--- 
-1.8.3.1
-

backport-CVE-2021-3520.patch

@@ -1,22 +0,0 @@
-From 8301a21773ef61656225e264f4f06ae14462bca7 Mon Sep 17 00:00:00 2001
-From: Jasper Lievisse Adriaanse <j@jasper.la>
-Date: Fri, 26 Feb 2021 15:21:20 +0100
-Subject: [PATCH] Fix potential memory corruption with negative memmove() size
-
----
- lib/lz4.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/lib/lz4.c b/lib/lz4.c
-index 5f524d01d..c2f504ef3 100644
---- a/lib/lz4.c
-+++ b/lib/lz4.c
-@@ -1749,7 +1749,7 @@ LZ4_decompress_generic(
-                  const size_t dictSize         /* note : = 0 if noDict */
-                  )
- {
--    if (src == NULL) { return -1; }
-+    if ((src == NULL) || (outputSize < 0)) { return -1; }
- 
-     {   const BYTE* ip = (const BYTE*) src;
-         const BYTE* const iend = ip + srcSize;

lz4.spec

@@ -1,13 +1,11 @@
 Name:           lz4
-Version:        1.9.3
-Release:        4
+Version:        1.9.4
+Release:        1
 Summary:        Extremely fast compression algorithm
 
 License:        GPLv2+ and BSD
 URL:            https://lz4.github.io/lz4/
 Source0:        https://github.com/lz4/lz4/archive/v%{version}/%{name}-%{version}.tar.gz
-Patch6000:      Fix-Data-Corruption-Bug-when-Streaming-with-an-Attac.patch
-Patch6001:      backport-CVE-2021-3520.patch
 
 Provides:       %{name}-libs = %{version}-%{release}
 Obsoletes:      %{name} < 1.7.5-3
@@ -69,6 +67,9 @@ export MOREFLAGS="-g -D_FORTIFY_SOURCE=2 -O2"
 %{_mandir}/man1/unlz4.1*
 
 %changelog
+* Thu Jan 19 2023 Lv Ying <lvying6@huawei.com> - 1.9.4-1
+- upgrade to 1.9.4-1
+
 * Mon Jun 20 2022 renhongxun <renhongxun@h-partners.com> - 1.9.3-4
 - add _FORTIFY_SOURCE add enable check