[AUH] lz4: upgrading to 1.9.4 SUCCEEDED

[AUH] lz4: upgrading to 1.9.4 SUCCEEDED

[auh]

[-- Attachment #1: Type: text/plain, Size: 950 bytes --]

Hello,

this email is a notification from the Auto Upgrade Helper
that the automatic attempt to upgrade the recipe *lz4* to *1.9.4* has Succeeded.

Next steps:
    - apply the patch: git am 0001-lz4-upgrade-1.9.3-1.9.4.patch
    - check the changes to upstream patches and summarize them in the commit message,
    - compile an image that contains the package
    - perform some basic sanity tests
    - amend the patch and sign it off: git commit -s --reset-author --amend
    - send it to the appropriate mailing list

Alternatively, if you believe the recipe should not be upgraded at this time,
you can fill RECIPE_NO_UPDATE_REASON in respective recipe file so that
automatic upgrades would no longer be attempted.

Please review the attached files for further information and build/update failures.
Any problem please file a bug at https://bugzilla.yoctoproject.org/enter_bug.cgi?product=Automated%20Update%20Handler

Regards,
The Upgrade Helper

[-- Attachment #2: buildhistory-diff-full.txt --]
[-- Type: text/plain, Size: 3476 bytes --]

packages/core2-32-poky-linux/lz4: PKGV changed from 1.9.3 [default] to 1.9.4 [default]
packages/core2-32-poky-linux/lz4: PV changed from "1.9.3" to "1.9.4"
packages/core2-32-poky-linux/lz4: SRC_URI changed from "git://github.com/lz4/lz4.git;branch=release;protocol=https file://CVE-2021-3520.patch" to "git://github.com/lz4/lz4.git;branch=release;protocol=https"
packages/core2-32-poky-linux/lz4/lz4-dbg: FILELIST: removed "/usr/lib/.debug/liblz4.so.1.9.3", added "/usr/lib/.debug/liblz4.so.1.9.4"
packages/core2-32-poky-linux/lz4/lz4-dbg: PKGV changed from 1.9.3 [default] to 1.9.4 [default]
packages/core2-32-poky-linux/lz4/lz4-dbg: PV changed from "1.9.3" to "1.9.4"
packages/core2-32-poky-linux/lz4/lz4-dbg: PKGSIZE changed from 1865220 to 1949408 (+5%)
packages/core2-32-poky-linux/lz4/lz4-dev: PKGV changed from 1.9.3 [default] to 1.9.4 [default]
packages/core2-32-poky-linux/lz4/lz4-dev: PV changed from "1.9.3" to "1.9.4"
packages/core2-32-poky-linux/lz4/lz4-dev: PKGSIZE changed from 90317 to 96595 (+7%)
packages/core2-32-poky-linux/lz4/lz4-doc: PKGV changed from 1.9.3 [default] to 1.9.4 [default]
packages/core2-32-poky-linux/lz4/lz4-doc: PV changed from "1.9.3" to "1.9.4"
packages/core2-32-poky-linux/lz4/lz4-doc: PKGSIZE changed from 9092 to 9277 (+2%)
packages/core2-32-poky-linux/lz4/lz4-locale: PKGV changed from 1.9.3 [default] to 1.9.4 [default]
packages/core2-32-poky-linux/lz4/lz4-locale: PV changed from "1.9.3" to "1.9.4"
packages/core2-32-poky-linux/lz4/lz4-src: FILELIST: directory renamed /usr/src/debug/lz4/1_1.9.3-r0/programs -> /usr/src/debug/lz4/1_1.9.4-r0/programs, removed "/usr/src/debug/lz4/1_1.9.3-r0/lib/lz4frame.h /usr/src/debug/lz4/1_1.9.3-r0/lib/lz4.c /usr/src/debug/lz4/1_1.9.3-r0/lib/lz4hc.c /usr/src/debug/lz4/1_1.9.3-r0/lib/lz4hc.h /usr/src/debug/lz4/1_1.9.3-r0/lib/lz4frame.c /usr/src/debug/lz4/1_1.9.3-r0/lib/xxhash.h /usr/src/debug/lz4/1_1.9.3-r0/lib/lz4.h /usr/src/debug/lz4/1_1.9.3-r0/lib/xxhash.c", added "/usr/src/debug/lz4/1_1.9.4-r0/lib/lz4.h /usr/src/debug/lz4/1_1.9.4-r0/lib/xxhash.h /usr/src/debug/lz4/1_1.9.4-r0/lib/lz4.c /usr/src/debug/lz4/1_1.9.4-r0/lib/lz4file.c /usr/src/debug/lz4/1_1.9.4-r0/lib/lz4hc.h /usr/src/debug/lz4/1_1.9.4-r0/lib/lz4hc.c /usr/src/debug/lz4/1_1.9.4-r0/lib/lz4frame.h /usr/src/debug/lz4/1_1.9.4-r0/lib/xxhash.c /usr/src/debug/lz4/1_1.9.4-r0/lib/lz4frame.c /usr/src/debug/lz4/1_1.9.4-r0/lib/lz4file.h"
packages/core2-32-poky-linux/lz4/lz4-src: PKGV changed from 1.9.3 [default] to 1.9.4 [default]
packages/core2-32-poky-linux/lz4/lz4-src: PV changed from "1.9.3" to "1.9.4"
packages/core2-32-poky-linux/lz4/lz4-src: PKGSIZE changed from 555348 to 601695 (+8%)
packages/core2-32-poky-linux/lz4/lz4-staticdev: PKGV changed from 1.9.3 [default] to 1.9.4 [default]
packages/core2-32-poky-linux/lz4/lz4-staticdev: PV changed from "1.9.3" to "1.9.4"
packages/core2-32-poky-linux/lz4/lz4: FILELIST: removed "/usr/lib/liblz4.so.1.9.3", added "/usr/lib/liblz4.so.1.9.4"
packages/core2-32-poky-linux/lz4/lz4: PKGV changed from 1.9.3 [default] to 1.9.4 [default]
packages/core2-32-poky-linux/lz4/lz4: PV changed from "1.9.3" to "1.9.4"
packages/core2-32-poky-linux/lz4/lz4: PKGSIZE changed from 355100 to 383772 (+8%)
Changes to packages/core2-32-poky-linux/lz4 (sysroot):
  /usr/lib/liblz4.so.1 changed symlink target from liblz4.so.1.9.3 to liblz4.so.1.9.4
  /usr/lib/liblz4.so changed symlink target from liblz4.so.1.9.3 to liblz4.so.1.9.4
  /usr/lib/liblz4.so.1.9.3 moved to /usr/lib/liblz4.so.1.9.4

[-- Attachment #3: 0001-lz4-upgrade-1.9.3-1.9.4.patch --]
[-- Type: application/octet-stream, Size: 4516 bytes --]

From 8639efa46d53140f30cf4911cc779fb4aa20b8c7 Mon Sep 17 00:00:00 2001
From: Upgrade Helper <auh@yoctoproject.org>
Date: Thu, 1 Sep 2022 13:50:20 +0000
Subject: [PATCH] lz4: upgrade 1.9.3 -> 1.9.4

---
 .../lz4/files/CVE-2021-3520.patch             | 27 -------------
 .../lz4/{lz4_1.9.3.bb => lz4_1.9.4.bb}        | 39 ++++++++++++++++---
 2 files changed, 33 insertions(+), 33 deletions(-)
 delete mode 100644 meta/recipes-support/lz4/files/CVE-2021-3520.patch
 rename meta/recipes-support/lz4/{lz4_1.9.3.bb => lz4_1.9.4.bb} (43%)

diff --git a/meta/recipes-support/lz4/files/CVE-2021-3520.patch b/meta/recipes-support/lz4/files/CVE-2021-3520.patch
deleted file mode 100644
index 5ac8f6691f..0000000000
--- a/meta/recipes-support/lz4/files/CVE-2021-3520.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From 8301a21773ef61656225e264f4f06ae14462bca7 Mon Sep 17 00:00:00 2001
-From: Jasper Lievisse Adriaanse <j@jasper.la>
-Date: Fri, 26 Feb 2021 15:21:20 +0100
-Subject: [PATCH] Fix potential memory corruption with negative memmove() size
-
-Upstream-Status: Backport
-https://github.com/lz4/lz4/commit/8301a21773ef61656225e264f4f06ae14462bca7#diff-7055e9cf14c488aea9837aaf9f528b58ee3c22988d7d0d81d172ec62d94a88a7
-CVE: CVE-2021-3520
-Signed-off-by: Armin Kuster <akuster@mvista.com>
-
----
- lib/lz4.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-Index: git/lib/lz4.c
-===================================================================
---- git.orig/lib/lz4.c
-+++ git/lib/lz4.c
-@@ -1665,7 +1665,7 @@ LZ4_decompress_generic(
-                  const size_t dictSize         /* note : = 0 if noDict */
-                  )
- {
--    if (src == NULL) { return -1; }
-+    if ((src == NULL) || (outputSize < 0)) { return -1; }
- 
-     {   const BYTE* ip = (const BYTE*) src;
-         const BYTE* const iend = ip + srcSize;
diff --git a/meta/recipes-support/lz4/lz4_1.9.3.bb b/meta/recipes-support/lz4/lz4_1.9.4.bb
similarity index 43%
rename from meta/recipes-support/lz4/lz4_1.9.3.bb
rename to meta/recipes-support/lz4/lz4_1.9.4.bb
index 129a86b681..d67461eb89 100644
--- a/meta/recipes-support/lz4/lz4_1.9.3.bb
+++ b/meta/recipes-support/lz4/lz4_1.9.4.bb
@@ -1,20 +1,47 @@
+# FIXME: the LIC_FILES_CHKSUM values have been updated by 'devtool upgrade'.
+# The following is the difference between the old and the new license text.
+# Please update the LICENSE value if needed, and summarize the changes in
+# the commit message via 'License-Update:' tag.
+# (example: 'License-Update: copyright years updated.')
+#
+# The changes:
+#
+# --- lib/LICENSE
+# +++ lib/LICENSE
+# @@ -1,5 +1,5 @@
+#  LZ4 Library
+# -Copyright (c) 2011-2016, Yann Collet
+# +Copyright (c) 2011-2020, Yann Collet
+#  All rights reserved.
+#  
+#  Redistribution and use in source and binary forms, with or without modification,
+# --- LICENSE
+# +++ LICENSE
+# @@ -8,4 +8,5 @@
+#  This model is selected to emphasize that
+#  files in the `lib` directory are designed to be included into 3rd party applications,
+#  while all other files, in `programs`, `tests` or `examples`,
+# -receive more limited attention and support for such scenario.
+# +are intended to be used "as is", as part of their intended scenarios,
+# +with no intention to support 3rd party integration use cases.
+# 
+#
+
 SUMMARY = "Extremely Fast Compression algorithm"
 DESCRIPTION = "LZ4 is a very fast lossless compression algorithm, providing compression speed at 400 MB/s per core, scalable with multi-cores CPU. It also features an extremely fast decoder, with speed in multiple GB/s per core, typically reaching RAM speed limits on multi-core systems."
 HOMEPAGE = "https://github.com/lz4/lz4"
 
 LICENSE = "BSD-2-Clause | GPL-2.0-only"
-LIC_FILES_CHKSUM = "file://lib/LICENSE;md5=ebc2ea4814a64de7708f1571904b32cc \
+LIC_FILES_CHKSUM = "file://lib/LICENSE;md5=5cd5f851b52ec832b10eedb3f01f885a \
                     file://programs/COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
-                    file://LICENSE;md5=d57c0d21cb917fb4e0af2454aa48b956 \
+                    file://LICENSE;md5=c5cc3cd6f9274b4d32988096df9c3ec3 \
                     "
 
 PE = "1"
 
-SRCREV = "d44371841a2f1728a3f36839fd4b7e872d0927d3"
+SRCREV = "5ff839680134437dbf4678f3d0c7b371d84f4964"
 
-SRC_URI = "git://github.com/lz4/lz4.git;branch=release;protocol=https \
-           file://CVE-2021-3520.patch \
-           "
+SRC_URI = "git://github.com/lz4/lz4.git;branch=release;protocol=https"
 UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>.*)"
 
 S = "${WORKDIR}/git"
-- 
2.31.1


[-- Attachment #4: buildhistory-diff.txt --]
[-- Type: text/plain, Size: 403 bytes --]

packages/core2-32-poky-linux/lz4/lz4: FILELIST: removed "/usr/lib/liblz4.so.1.9.3", added "/usr/lib/liblz4.so.1.9.4"
Changes to packages/core2-32-poky-linux/lz4 (sysroot):
  /usr/lib/liblz4.so.1 changed symlink target from liblz4.so.1.9.3 to liblz4.so.1.9.4
  /usr/lib/liblz4.so changed symlink target from liblz4.so.1.9.3 to liblz4.so.1.9.4
  /usr/lib/liblz4.so.1.9.3 moved to /usr/lib/liblz4.so.1.9.4