similarity index 99%
rename from meta/recipes-support/lz4/lz4/CVE-2025-62813.patch
rename to meta/recipes-support/lz4/lz4/fix-null-error-handling.patch
@@ -4,7 +4,6 @@ Date: Mon, 31 Mar 2025 20:48:52 +0200
Subject: [PATCH] fix(null) : improve error handlings when passing a null
pointer to some functions from lz4frame
-CVE: CVE-2025-62813
Upstream-Status: Backport [https://github.com/lz4/lz4/commit/f64efec011c058bd70348576438abac222fe6c82]
Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
@@ -15,7 +15,7 @@ SRCREV = "ebb370ca83af193212df4dcbadcc5d87bc0de2f0"
SRC_URI = "git://github.com/lz4/lz4.git;branch=release;protocol=https \
file://reproducibility.patch \
file://run-ptest \
- file://CVE-2025-62813.patch \
+ file://fix-null-error-handling.patch \
"
UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>.*)"
The CVE-2025-62813 is rejected so do not reference it anymore. So keep the patch but without referencing the CVE identifier. The CVE database indicates the following reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Signed-off-by: Benjamin Robin (Schneider Electric) <benjamin.robin@bootlin.com> --- .../lz4/lz4/{CVE-2025-62813.patch => fix-null-error-handling.patch} | 1 - meta/recipes-support/lz4/lz4_1.10.0.bb | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-)