- Update to security release 0.99.4 (bsc#1083915):

* CVE-2012-6706 * CVE-2017-6419 * CVE-2017-11423 * CVE-2018-1000085 (bsc#1082858) * CVE-2018-0202 - Obsolete patches: * clamav-CVE-2012-6706.patch * clamav-gcc47.patch OBS-URL: https://build.opensuse.org/package/show/security/clamav?expand=0&rev=159
2018-03-07 13:46:42 +00:00 · 2018-03-07 13:46:42 +00:00 · 1c2fe924d1
commit 1c2fe924d1
parent 5c457ced49
7 changed files with 27 additions and 70 deletions
--- a/clamav-0.99.3.tar.gz
+++ b/clamav-0.99.3.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:00fa5292a6e00a3a4035b826267748965d5d2c4943d8ff417d740238263e8e84
-size 16082645
--- a/clamav-0.99.4.tar.gz
+++ b/clamav-0.99.4.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:d72ac3273bde8d2e5e28ec9978373ee3ab4529fd868bc3fc4d2d2671228f2461
+size 16083015
--- a/clamav-CVE-2012-6706.patch
+++ b/clamav-CVE-2012-6706.patch
@ -1,36 +0,0 @@
--- libclamunrar/unrarvm.c.orig
-+++ libclamunrar/unrarvm.c
-@@ -26,6 +26,13 @@
- #include "libclamunrar/unrarvm.h"
- #include "libclamunrar/unrarcmd.h"
- 
-+/*
-+ * Limit maximum number of channels in RAR3 delta filter to some
-+ * reasonable value to prevent too slow processing of corrupt archives
-+ * with invalid channels number.
-+ */
-+#define MAX3_UNPACK_CHANNELS 1024
-+
- #ifdef RAR_HIGH_DEBUG
- #define rar_dbgmsg printf
- #else
-@@ -340,8 +347,8 @@ static void filter_itanium_setbits(unsig
- static void execute_standard_filter(rarvm_data_t *rarvm_data, rarvm_standard_filters_t filter_type)
- {
- 	unsigned char *data, cmp_byte2, cur_byte, *src_data, *dest_data;
-	int i, j, data_size, channels, src_pos, dest_pos, border, width, PosR;
-	int op_type, cur_channel, byte_count, start_pos, pa, pb, pc;
-+	int i, j, op_type, cur_channel, byte_count, start_pos, pa, pb, pc;
-+	unsigned int data_size, channels, src_pos, dest_pos, border, width, PosR;
- 	unsigned int file_offset, cur_pos, predicted;
- 	int32_t offset, addr;
- 	const int file_size=0x1000000;
-@@ -426,7 +433,7 @@ static void execute_standard_filter(rarv
- 		border = data_size*2;
- 		
- 		SET_VALUE(FALSE, &rarvm_data->mem[VM_GLOBALMEMADDR+0x20], data_size);
-		if ((unsigned int)data_size >= VM_GLOBALMEMADDR/2) {
-+		if ((unsigned int)data_size >= VM_GLOBALMEMADDR/2 || channels > MAX3_UNPACK_CHANNELS) {
- 			break;
- 		}
- 		for (cur_channel=0 ; cur_channel < channels ; cur_channel++) {
--- a/clamav-disable-timestamps.patch
+++ b/clamav-disable-timestamps.patch
@ -1,7 +1,5 @@
-Index: clamav-0.99.3/libclamav/tomsfastmath/misc/fp_ident.c
-===================================================================
--- clamav-0.99.3.orig/libclamav/tomsfastmath/misc/fp_ident.c	2018-01-26 16:31:35.516009696 +0100
-+++ clamav-0.99.3/libclamav/tomsfastmath/misc/fp_ident.c	2018-01-26 16:31:36.912029598 +0100
+--- libclamav/tomsfastmath/misc/fp_ident.c.orig
+++ libclamav/tomsfastmath/misc/fp_ident.c
@@ -15,7 +15,11 @@ const char *fp_ident(void)
 
    memset(buf, 0, sizeof(buf));
@ -27,11 +25,9 @@ Index: clamav-0.99.3/libclamav/tomsfastmath/misc/fp_ident.c
 
    if (sizeof(fp_digit) == sizeof(fp_word)) {
       strncat(buf, "WARNING: sizeof(fp_digit) == sizeof(fp_word), this build is likely to not work properly.\n", 
-Index: clamav-0.99.3/configure
-===================================================================
--- clamav-0.99.3.orig/configure	2018-01-26 16:31:35.532009924 +0100
-+++ clamav-0.99.3/configure	2018-01-26 16:32:20.112645407 +0100
-@@ -783,6 +783,7 @@ FGREP
+--- configure.orig
+++ configure
+@@ -785,6 +785,7 @@ FGREP
 SED
 LIBTOOL
 LIBCLAMAV_VERSION
@ -39,7 +35,7 @@ Index: clamav-0.99.3/configure
 EGREP
 GREP
 CPP
-@@ -885,6 +886,7 @@ ac_user_opts='
+@@ -887,6 +888,7 @@ ac_user_opts='
 enable_option_checking
 enable_silent_rules
 enable_dependency_tracking
@ -47,7 +43,7 @@ Index: clamav-0.99.3/configure
 enable_static
 enable_shared
 with_pic
-@@ -1591,6 +1593,8 @@ Optional Features:
+@@ -1594,6 +1596,8 @@ Optional Features:
   --disable-dependency-tracking  speeds up one-time build
   --enable-dependency-tracking   do not reject slow dependency extractors
   --enable-static[=PKGS]  build static libraries [default=no]
@ -56,7 +52,7 @@ Index: clamav-0.99.3/configure
   --enable-shared[=PKGS]  build shared libraries [default=yes]
   --enable-fast-install[=PKGS]
                           optimize for fast installation [default=yes]
-@@ -4967,6 +4971,26 @@ $as_echo "$ac_cv_safe_to_define___extens
+@@ -4989,6 +4993,26 @@ $as_echo "$ac_cv_safe_to_define___extens
 
   $as_echo "#define _TANDEM_SOURCE 1" >>confdefs.h
 
@ -82,4 +78,4 @@ Index: clamav-0.99.3/configure
 +_ACEOF
 
 
- VERSION="0.99.3"
+ VERSION="0.99.4"
--- a/clamav-gcc47.patch
+++ b/clamav-gcc47.patch
@ -1,12 +0,0 @@
-Index: clamav-0.97.3/libclamav/c++/llvm/lib/ExecutionEngine/JIT/Intercept.cpp
-===================================================================
--- clamav-0.97.3.orig/libclamav/c++/llvm/lib/ExecutionEngine/JIT/Intercept.cpp
-+++ clamav-0.97.3/libclamav/c++/llvm/lib/ExecutionEngine/JIT/Intercept.cpp
-@@ -15,6 +15,7 @@
- //
- //===----------------------------------------------------------------------===//
- 
-+#include <unistd.h>
- #include "JIT.h"
- #include "llvm/Support/ErrorHandling.h"
- #include "llvm/System/DynamicLibrary.h"
--- a/clamav.changes
+++ b/clamav.changes
@ -1,3 +1,16 @@
+-------------------------------------------------------------------
+Wed Mar  7 13:15:11 UTC 2018 - max@suse.com
+
+- Update to security release 0.99.4 (bsc#1083915):
+  * CVE-2012-6706
+  * CVE-2017-6419
+  * CVE-2017-11423
+  * CVE-2018-1000085 (bsc#1082858)
+  * CVE-2018-0202
+- Obsolete patches:
+  * clamav-CVE-2012-6706.patch
+  * clamav-gcc47.patch
+
 -------------------------------------------------------------------
 Wed Feb 14 12:21:39 UTC 2018 - max@suse.com

--- a/clamav.spec
+++ b/clamav.spec
@ -44,7 +44,7 @@ BuildRequires:  python-devel
 Summary:        Antivirus Toolkit
 License:        GPL-2.0
 Group:          Productivity/Security
-Version:        0.99.3
+Version:        0.99.4
 Release:        0
 Url:            http://www.clamav.net
 Obsoletes:      clamav-db < 0.88.3
@ -60,10 +60,8 @@ Source7:        service.clamd
 Source8:        service.freshclam
 Source9:        service.clamav-milter
 Patch1:         clamav-conf.patch
-Patch3:         clamav-gcc47.patch
 Patch4:         clamav-disable-timestamps.patch
 Patch5:         clamav-fix_newer_zlib.patch
-Patch6:         clamav-CVE-2012-6706.patch
 BuildRequires:  systemd
 BuildRequires:  systemd-rpm-macros
 %systemd_requires
@ -101,10 +99,8 @@ that want to make use of libclamav.
 %prep
 %setup -q
 %patch1 -p1
-%patch3 -p1
-%patch4 -p1
+%patch4
 %patch5 -p1
-%patch6

 %build
 CFLAGS="-fstack-protector"