[lz4] Patch for CVE-2021-3520#25421
Merged
dan-shaw merged 2 commits intomicrosoft:masterfrom Jun 29, 2022
Merged
Conversation
See https://nvd.nist.gov/vuln/detail/CVE-2021-3520 for more details This is the upstream patch by Jasper Lievisse Adriaanse. "Fix potential memory corruption with negative memmove() size" lz4/lz4#972
|
|
JackBoosY
added
the
category:port-bug
Contributor
|
Please sign the CLA first. |
Contributor
Author
Done. Note that Jasper Lievisse Adriaanse is the author of the upstream patch. |
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
You have modified or added at least one vcpkg.json where you should check the license field.
Details
If you feel able to do so, please consider adding a "license" field to the following files:
ports/lz4/vcpkg.json
Valid values for the license field can be found in the documentation
Cheney-W
added
the
info:needs-maintainer-attention
There was a problem hiding this comment.
This is a new experimental fast check for PR issues. Please let us know if this bot is helpful!
PRs must add only one version and must not modify any published versions
When making any changes to a library, the version or port-version in vcpkg.json or CONTROL must be modified.
error: checked-in files for lz4 have changed but the version was not updated
version: 1.9.3#4
old SHA: c0b8b0721a7f78c9cc15b3be583143b4e621ca7f
new SHA: f3b3f8d7799086d118dd166c346665ad71b66c19
Did you remember to update the version or port version?
Use --overwrite-version to bypass this check
***No files were updated***
Contributor
|
Please run |
Contributor
Author
Done. Thanks for your help. |
Contributor
Author
Cheney-W
added
the
info:needs-maintainer-attention
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See https://nvd.nist.gov/vuln/detail/CVE-2021-3520 for more details
This is the upstream patch by Jasper Lievisse Adriaanse.
Commit message of upstream patch: "Fix potential memory corruption with negative memmove() size"
Merged upstream pull request lz4/lz4#972
Which triplets are supported/not supported? Have you updated the CI baseline?
No change to triplets.
Does your PR follow the maintainer guide?
Yes
If you have added/updated a port: Have you run
./vcpkg x-add-version --alland committed the result?Yes