On Tue, Jan 10, 2017 at 11:00:32AM +0100, Greg KH wrote: > On Tue, Jan 10, 2017 at 10:21:16AM +0100, Sven Schmidt wrote: > > On 01/08/2017 12:25 PM, Greg KH wrote: > > >On Sat, Jan 07, 2017 at 05:55:42PM +0100, Sven Schmidt wrote: > > >> This patch updates LZ4 kernel module to LZ4 v1.7.2 by Yann Collet. > > >> The kernel module is inspired by the previous work by Chanho Min. > > >> The updated LZ4 module will not break existing code since there were alias > > >> methods added to ensure backwards compatibility. > > > > > > Meta-comment. Does this update include all of the security fixes that > > > we have made over the past few years to the lz4 code? I don't want to > > > be adding back insecure functions that will cause us problems. > > > > > > Specifically look at the changes I made in 2014 in this directory for an > > > example of what I am talking about here. > > > > > > > Hi Greg, > > > > it doesn't. I didn't have that in mind until now. > > Ick, those changes never got made "upstream"? Not good, but makes sense > as we couldn't really find an "upstream" when we made them :( I *seem* to remember that some of these changes were specific to our implementation, and were discovered during a review after we worked on the the LZO implementation bugs, though I could be wrong. If this is the case, it is one more reason for being extra careful. > As you took this code from somewhere, you might want to also push your > changes for these issues there as well, so that others don't run into > them in the future. Agreed! Willy -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html