_scmsync.obsinfo

@@ -0,0 +1,4 @@
+mtime: 1723665497
+commit: 45c107641fe2b47b8d433842d0ff23738f0534636749a260257bbee35bab5e5e
+url: https://src.opensuse.org/jengelh/lz4
+revision: master

build.specials.obscpio

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:6bd3160d7eb4abbe7e759a6e3da1d2bbad4a25e9cac2050d87f3aec89af99e4a
+size 256

lz4-CVE-2025-62813.patch

@@ -0,0 +1,55 @@
+Index: lz4-1.10.0/lib/lz4frame.c
+===================================================================
+--- lz4-1.10.0.orig/lib/lz4frame.c
++++ lz4-1.10.0/lib/lz4frame.c
+@@ -539,9 +539,16 @@ LZ4F_CDict*
+ LZ4F_createCDict_advanced(LZ4F_CustomMem cmem, const void* dictBuffer, size_t dictSize)
+ {
+     const char* dictStart = (const char*)dictBuffer;
+-    LZ4F_CDict* const cdict = (LZ4F_CDict*)LZ4F_malloc(sizeof(*cdict), cmem);
++    LZ4F_CDict* cdict = NULL;
++
+     DEBUGLOG(4, "LZ4F_createCDict_advanced");
+-    if (!cdict) return NULL;
++
++    if (!dictStart)
++        return NULL;
++    cdict = (LZ4F_CDict*)LZ4F_malloc(sizeof(*cdict), cmem);
++    if (!cdict)
++        return NULL;
++
+     cdict->cmem = cmem;
+     if (dictSize > 64 KB) {
+         dictStart += dictSize - 64 KB;
+@@ -1486,6 +1493,10 @@ LZ4F_errorCode_t LZ4F_getFrameInfo(LZ4F_
+                                    LZ4F_frameInfo_t* frameInfoPtr,
+                              const void* srcBuffer, size_t* srcSizePtr)
+ {
++    assert(dctx != NULL);
++    RETURN_ERROR_IF(frameInfoPtr == NULL, parameter_null);
++    RETURN_ERROR_IF(srcSizePtr == NULL, parameter_null);
++
+     LZ4F_STATIC_ASSERT(dstage_getFrameHeader < dstage_storeFrameHeader);
+     if (dctx->dStage > dstage_storeFrameHeader) {
+         /* frameInfo already decoded */
+Index: lz4-1.10.0/tests/frametest.c
+===================================================================
+--- lz4-1.10.0.orig/tests/frametest.c
++++ lz4-1.10.0/tests/frametest.c
+@@ -714,10 +714,13 @@ static int unitTests(U32 seed, double co
+         size_t const srcSize = 65 KB; /* must be > 64 KB to avoid short-size optimizations */
+         size_t const dstCapacity = LZ4F_compressFrameBound(srcSize, NULL);
+         size_t cSizeNoDict, cSizeWithDict;
+-        LZ4F_CDict* const cdict = LZ4F_createCDict(CNBuffer, dictSize);
+-        if (cdict == NULL) goto _output_error;
+-        CHECK( LZ4F_createCompressionContext(&cctx, LZ4F_VERSION) );
++        LZ4F_CDict* cdict = NULL;
+ 
++        CHECK( LZ4F_createCompressionContext(&cctx, LZ4F_VERSION) );
++        cdict = LZ4F_createCDict(CNBuffer, dictSize);
++        if (cdict == NULL)
++            goto _output_error;
++
+         DISPLAYLEVEL(3, "Testing LZ4F_createCDict_advanced : ");
+         {   LZ4F_CDict* const cda = LZ4F_createCDict_advanced(lz4f_cmem_test, CNBuffer, dictSize);
+             if (cda == NULL) goto _output_error;

lz4.changes

@@ -1,3 +1,27 @@
+-------------------------------------------------------------------
+Wed Oct 29 10:49:47 UTC 2025 - pgajdos@suse.com
+
+- security update
+- added patches
+  CVE-2025-62813 [bsc#1252557], incorrect error handling when passing
+   a NULL pointer to lz4frame functions allows for application crash
+   when processing untrusted LZ4 frames
+  * lz4-CVE-2025-62813.patch
+
+-------------------------------------------------------------------
+Wed Aug 14 16:09:45 UTC 2024 - Ben Greiner <code@bnavigator.de>
+
+- Switch to cmake build system: Creates extra cmake modules for
+  consuming projects
+
+-------------------------------------------------------------------
+Mon Jul 22 11:45:03 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
+
+- Update to release 1.10.0
+  * Support for multithreading
+  * Full support for dictionary compression
+  * New compression level 2
+
 -------------------------------------------------------------------
 Wed Mar  8 09:55:21 UTC 2023 - Martin Pluskal <mpluskal@suse.com>
 

lz4.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package lz4
 #
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -18,7 +18,7 @@
 
 %define lname	liblz4-1
 Name:           lz4
-Version:        1.9.4
+Version:        1.10.0
 Release:        0
 Summary:        Hash-based Predictive Lempel–Ziv compressor
 License:        BSD-2-Clause AND GPL-2.0-or-later
@@ -29,7 +29,10 @@ URL:            https://lz4.github.io/lz4/
 Source:         https://github.com/lz4/lz4/archive/v%version.tar.gz
 Source99:       baselibs.conf
 Patch2:         lz-export.diff
+Patch3:         lz4-CVE-2025-62813.patch
 BuildRequires:  pkgconfig
+BuildRequires:  cmake
+BuildRequires:  fdupes
 %{?suse_build_hwcaps_libs}
 
 %description
@@ -71,16 +74,18 @@ applications that want to make use of liblz4.
 %autosetup -p1
 
 %build
-V=1 %make_build CFLAGS="%optflags"
+%define __sourcedir build/cmake
+%cmake \
+  -DBUILD_STATIC_LIBS:BOOL=OFF
+%cmake_build
 
 %install
-%make_install PREFIX="%_prefix" LIBDIR="%_libdir"
-rm -f "%buildroot/%_libdir"/*.a
+%cmake_install
+%fdupes %{buildroot}/%{_mandir}
 
 %check
 LD_LIBRARY_PATH="%buildroot/%_libdir" ldd -r "%buildroot/%_bindir/lz4"
-# TS fails on its own help output
-%make_build check -k || :
+%make_build check -k
 
 %post   -n %lname -p /sbin/ldconfig
 %postun -n %lname -p /sbin/ldconfig
@@ -97,5 +102,6 @@ LD_LIBRARY_PATH="%buildroot/%_libdir" ldd -r "%buildroot/%_bindir/lz4"
 %_includedir/lz4*.h
 %_libdir/liblz4.so
 %_libdir/pkgconfig/*.pc
+%_libdir/cmake/lz4
 
 %changelog