minilzo: Update to minilzo-2.08
This patch updates the miniLZO library to a newer version, which among other things fixes "CVE-2014-4607 - lzo: lzo1x_decompress_safe() integer overflow" that is present in the current used in GRUB. It also updates the "GRUB Developers Manual", to mention that the library is used and describes the process to update it to a newer release when needed. Resolves: http://savannah.gnu.org/bugs/?42635 Signed-off-by: Peter Jones <pjones@redhat.com> Signed-off-by: Javier Martinez Canillas <javierm@redhat.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
This commit is contained in:
Peter Jones
Daniel Kiper
parent
598de14d93
commit
3165efcfc2
5 changed files with 4769 additions and 2129 deletions
|
|
@ -491,6 +491,7 @@ to update it.
|
|||
@menu
|
||||
* Gnulib::
|
||||
* jsmn::
|
||||
* minilzo::
|
||||
@end menu
|
||||
|
||||
@node Gnulib
|
||||
|
|
@ -559,6 +560,25 @@ curl -L https://raw.githubusercontent.com/zserge/jsmn/v1.1.0/jsmn.h \
|
|||
-o grub-core/lib/json/jsmn.h
|
||||
@end example
|
||||
|
||||
@node minilzo
|
||||
@section minilzo
|
||||
|
||||
miniLZO is a very lightweight subset of the LZO library intended for easy
|
||||
inclusion in other projects. It is generated automatically from the LZO
|
||||
source code and contains the most important LZO functions.
|
||||
|
||||
To upgrade to a new version of the miniLZO library, download the release
|
||||
tarball and copy the files into the target directory:
|
||||
|
||||
@example
|
||||
curl -L -O http://www.oberhumer.com/opensource/lzo/download/minilzo-2.08.tar.gz
|
||||
tar -zxf minilzo-2.08.tar.gz
|
||||
rm minilzo-2.08/testmini.c
|
||||
rm -r grub-core/lib/minilzo/*
|
||||
cp minilzo-2.08/*.[hc] grub-core/lib/minilzo
|
||||
rm -r minilzo-2.08*
|
||||
@end example
|
||||
|
||||
@node Porting
|
||||
@chapter Porting
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue