diff --git a/SPECS/lz4/CVE-2025-62813.patch b/SPECS/lz4/CVE-2025-62813.patch new file mode 100644 index 00000000000..64c69860257 --- /dev/null +++ b/SPECS/lz4/CVE-2025-62813.patch @@ -0,0 +1,71 @@ +From 128dc65c43f971d67157e25dbd5b63e94d3c42c4 Mon Sep 17 00:00:00 2001 +From: louislafosse +Date: Mon, 31 Mar 2025 20:48:52 +0200 +Subject: [PATCH] fix(null) : improve error handlings when passing a null + pointer to some functions from lz4frame + +Signed-off-by: Azure Linux Security Servicing Account +Upstream-reference: https://github.com/lz4/lz4/pull/1593.patch +--- + lib/lz4frame.c | 15 +++++++++++++-- + tests/frametest.c | 9 ++++++--- + 2 files changed, 19 insertions(+), 5 deletions(-) + +diff --git a/lib/lz4frame.c b/lib/lz4frame.c +index 174f9ae..cc6ed6f 100644 +--- a/lib/lz4frame.c ++++ b/lib/lz4frame.c +@@ -530,9 +530,16 @@ LZ4F_CDict* + LZ4F_createCDict_advanced(LZ4F_CustomMem cmem, const void* dictBuffer, size_t dictSize) + { + const char* dictStart = (const char*)dictBuffer; +- LZ4F_CDict* const cdict = (LZ4F_CDict*)LZ4F_malloc(sizeof(*cdict), cmem); ++ LZ4F_CDict* cdict = NULL; ++ + DEBUGLOG(4, "LZ4F_createCDict_advanced"); +- if (!cdict) return NULL; ++ ++ if (!dictStart) ++ return NULL; ++ cdict = (LZ4F_CDict*)LZ4F_malloc(sizeof(*cdict), cmem); ++ if (!cdict) ++ return NULL; ++ + cdict->cmem = cmem; + if (dictSize > 64 KB) { + dictStart += dictSize - 64 KB; +@@ -1429,6 +1436,10 @@ LZ4F_errorCode_t LZ4F_getFrameInfo(LZ4F_dctx* dctx, + LZ4F_frameInfo_t* frameInfoPtr, + const void* srcBuffer, size_t* srcSizePtr) + { ++ assert(dctx != NULL); ++ RETURN_ERROR_IF(frameInfoPtr == NULL, parameter_null); ++ RETURN_ERROR_IF(srcSizePtr == NULL, parameter_null); ++ + LZ4F_STATIC_ASSERT(dstage_getFrameHeader < dstage_storeFrameHeader); + if (dctx->dStage > dstage_storeFrameHeader) { + /* frameInfo already decoded */ +diff --git a/tests/frametest.c b/tests/frametest.c +index 3301955..523e35d 100644 +--- a/tests/frametest.c ++++ b/tests/frametest.c +@@ -589,10 +589,13 @@ int basicTests(U32 seed, double compressibility) + size_t const srcSize = 65 KB; /* must be > 64 KB to avoid short-size optimizations */ + size_t const dstCapacity = LZ4F_compressFrameBound(srcSize, NULL); + size_t cSizeNoDict, cSizeWithDict; +- LZ4F_CDict* const cdict = LZ4F_createCDict(CNBuffer, dictSize); +- if (cdict == NULL) goto _output_error; +- CHECK( LZ4F_createCompressionContext(&cctx, LZ4F_VERSION) ); ++ LZ4F_CDict* cdict = NULL; + ++ CHECK( LZ4F_createCompressionContext(&cctx, LZ4F_VERSION) ); ++ cdict = LZ4F_createCDict(CNBuffer, dictSize); ++ if (cdict == NULL) ++ goto _output_error; ++ + DISPLAYLEVEL(3, "Testing LZ4F_createCDict_advanced : "); + { LZ4F_CDict* const cda = LZ4F_createCDict_advanced(lz4f_cmem_test, CNBuffer, dictSize); + if (cda == NULL) goto _output_error; +-- +2.45.4 + diff --git a/SPECS/lz4/lz4.spec b/SPECS/lz4/lz4.spec index a277791caaa..d8366ca86e2 100644 --- a/SPECS/lz4/lz4.spec +++ b/SPECS/lz4/lz4.spec @@ -1,7 +1,7 @@ Summary: Extremely fast compression. Name: lz4 Version: 1.9.4 -Release: 1%{?dist} +Release: 2%{?dist} License: BSD 2-Clause and GPLv2 Vendor: Microsoft Corporation Distribution: Mariner @@ -14,7 +14,8 @@ Source0: https://github.com/lz4/lz4/archive/v%{version}/%{name}-%{version # *** NOTE: Leave this patch definition because the CVE Scan tool will flag the # CVE due to the above version format change. # CVE-2014-4715 applies to versions r* before r119. -Patch0: CVE-2014-4715.nopatch +#Patch0: CVE-2014-4715.nopatch +Patch1: CVE-2025-62813.patch %description LZ4 is lossless compression algorithm, providing compression speed at 400 MB/s per core, scalable with multi-cores CPU. @@ -28,7 +29,7 @@ Requires: %{name} = %{version}-%{release} Static libraries and header files for the support library for lz4. %prep -%setup -q +%autosetup -p1 %build make %{?_smp_mflags} all @@ -56,6 +57,9 @@ make install DESTDIR=%{buildroot} LIBDIR=%{_libdir} PREFIX=%{_prefix} %{_includedir}/* %changelog +* Sat Oct 25 2025 Azure Linux Security Servicing Account - 1.9.4-2 +- Patch for CVE-2025-62813 + * Mon Feb 05 2024 Rohit Rawat - 1.9.4-1 - Upgrade to 1.9.4-1 to fix CVE-2021-3520 @@ -66,7 +70,7 @@ make install DESTDIR=%{buildroot} LIBDIR=%{_libdir} PREFIX=%{_prefix} * Fri Jun 12 2020 Eric Li 1.9.2-2 - Mark CVE-2014-4715 as not applicable due to version format change -* Tue May 18 2020 Andrew Phelps 1.9.2-1 +* Mon May 18 2020 Andrew Phelps 1.9.2-1 - Update to version 1.9.2 * Sat May 09 2020 Nick Samson 1.8.2-3 diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index 3ca6c798965..7fe3d178d28 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -222,9 +222,9 @@ lua-libs-5.4.4-1.cm2.aarch64.rpm lua-rpm-macros-1-6.cm2.noarch.rpm lua-srpm-macros-1-6.cm2.noarch.rpm lua-static-5.4.4-1.cm2.aarch64.rpm -lz4-1.9.4-1.cm2.aarch64.rpm -lz4-debuginfo-1.9.4-1.cm2.aarch64.rpm -lz4-devel-1.9.4-1.cm2.aarch64.rpm +lz4-1.9.4-2.cm2.aarch64.rpm +lz4-debuginfo-1.9.4-2.cm2.aarch64.rpm +lz4-devel-1.9.4-2.cm2.aarch64.rpm m4-1.4.19-2.cm2.aarch64.rpm m4-debuginfo-1.4.19-2.cm2.aarch64.rpm make-4.3-3.cm2.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index e87893911b8..2af814a041f 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -228,9 +228,9 @@ lua-libs-5.4.4-1.cm2.x86_64.rpm lua-rpm-macros-1-6.cm2.noarch.rpm lua-srpm-macros-1-6.cm2.noarch.rpm lua-static-5.4.4-1.cm2.x86_64.rpm -lz4-1.9.4-1.cm2.x86_64.rpm -lz4-debuginfo-1.9.4-1.cm2.x86_64.rpm -lz4-devel-1.9.4-1.cm2.x86_64.rpm +lz4-1.9.4-2.cm2.x86_64.rpm +lz4-debuginfo-1.9.4-2.cm2.x86_64.rpm +lz4-devel-1.9.4-2.cm2.x86_64.rpm m4-1.4.19-2.cm2.x86_64.rpm m4-debuginfo-1.4.19-2.cm2.x86_64.rpm make-4.3-3.cm2.x86_64.rpm