Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update o3de to use lz4 1.9.4 #15345

Merged
merged 4 commits into from Mar 27, 2023
Merged

Update o3de to use lz4 1.9.4 #15345

merged 4 commits into from Mar 27, 2023

Conversation

lemonade-dm
Copy link
Contributor

Updates references to lz4 compression library from version 1.9.3 to 1.9.4 to address security vulnerability referenced in the linked GHI
fixes #9007

How was this PR tested?

Ran the MultiplayerCompression Gem Unit Test for Windows, Linux and MacOS successfully.
Used the lz4 1.9.4 library with the new compression LZ4 gem in its unit test #15326

@lemonade-dm lemonade-dm requested review from lmbr-pip and a team March 24, 2023 00:10
@lemonade-dm lemonade-dm requested review from a team as code owners March 24, 2023 00:10
@lmbr-pip
Copy link
Contributor

lmbr-pip commented Mar 27, 2023
edited

Is there a plan to move this to stabilization? We should strongly consider patching it in the release version as well.

@lmbr-pip lmbr-pip added this to the Release/2305 Stabilization milestone Mar 27, 2023
@lemonade-dm
Copy link
Contributor Author

lemonade-dm commented Mar 27, 2023
edited

Is there a plan to move this to stabilization? We should strongly consider patching it in the release version as well.

I'll just rebase this change to stabilization.

Edit: Done

@lemonade-dm
Update the lz4 package on linux to use version 1.9.4
04d50b1 
resolves o3de#9007

Signed-off-by: lumberyard-employee-dm <56135373+lumberyard-employee-dm@users.noreply.github.com>
@lemonade-dm
Updating Windows and Android to use the lz4 1.9.4 package
1767e96 
Signed-off-by: lumberyard-employee-dm <56135373+lumberyard-employee-dm@users.noreply.github.com>
@lemonade-dm
Updating Mac and iOS to use the lz4 1.9.4 package
5dbbec5 
Signed-off-by: lumberyard-employee-dm <56135373+lumberyard-employee-dm@users.noreply.github.com>
@lemonade-dm
Update the Linux packages of lz4 1.9.4 to rev2
8a6d9fb 
The rev1 Linux packages contained shared libraries for lz4 instead of the static library of `liblz4.a`

Signed-off-by: lumberyard-employee-dm <56135373+lumberyard-employee-dm@users.noreply.github.com>
@lemonade-dm lemonade-dm requested review from a team as code owners March 27, 2023 18:13
@lemonade-dm lemonade-dm changed the base branch from development to stabilization/2305 March 27, 2023 18:14
@lemonade-dm lemonade-dm merged commit 5989990 into o3de:stabilization/2305 Mar 27, 2023
2 checks passed
@lemonade-dm lemonade-dm deleted the lz4-1.9.4-update branch March 27, 2023 22:25
@lemonade-dm lemonade-dm mentioned this pull request Sep 27, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@SelfishOlex SelfishOlex SelfishOlex approved these changes

@cgalvan cgalvan cgalvan approved these changes

@lmbr-pip lmbr-pip lmbr-pip approved these changes

@amzn-changml amzn-changml amzn-changml approved these changes

@spham-amzn spham-amzn spham-amzn approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
Release/2305 Stabilization
Development

Successfully merging this pull request may close these issues.

lz4 1.9.3 is vulnerable according to NVD
6 participants
@lemonade-dm @lmbr-pip @SelfishOlex @cgalvan @amzn-changml @spham-amzn