| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 10 Jan 2017 10:21:16 +0100
From: Sven Schmidt <4sschmid@...ormatik.uni-hamburg.de>
To: gregkh@...uxfoundation.org
Cc: akpm@...ux-foundation.org, bongkyu.kim@....com,
rsalvaterra@...il.com, sergey.senozhatsky@...il.com,
linux-kernel@...r.kernel.org, herbert@...dor.apana.org.au,
davem@...emloft.net, linux-crypto@...r.kernel.org,
anton@...msg.org, ccross@...roid.com, keescook@...omium.org,
tony.luck@...el.com, phillip@...ashfs.org.uk,
Sven Schmidt <4sschmid@...ormatik.uni-hamburg.de>
Subject: Re: [PATCH v2 1/4] lib: Update LZ4 compressor module based on LZ4 v1.7.2.
On 01/08/2017 12:25 PM, Greg KH wrote:
>On Sat, Jan 07, 2017 at 05:55:42PM +0100, Sven Schmidt wrote:
>> This patch updates LZ4 kernel module to LZ4 v1.7.2 by Yann Collet.
>> The kernel module is inspired by the previous work by Chanho Min.
>> The updated LZ4 module will not break existing code since there were alias
>> methods added to ensure backwards compatibility.
>
> Meta-comment. Does this update include all of the security fixes that
> we have made over the past few years to the lz4 code? I don't want to
> be adding back insecure functions that will cause us problems.
>
> Specifically look at the changes I made in 2014 in this directory for an
> example of what I am talking about here.
>
Hi Greg,
it doesn't. I didn't have that in mind until now.
But I had a look at the related commits after I received your E-Mail and will review what I have to change
(and, obviously, do the changes :)).
Thanks,
Sven
Powered by blists - more mailing lists