pool/clamav
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- Update to security release 0.99.4 (bsc#1083915):

Browse Source 
* CVE-2012-6706
  * CVE-2017-6419
  * CVE-2017-11423
  * CVE-2018-1000085 (bsc#1082858)
  * CVE-2018-0202
- Obsolete patches:
  * clamav-CVE-2012-6706.patch
  * clamav-gcc47.patch

OBS-URL: https://build.opensuse.org/package/show/security/clamav?expand=0&rev=159
This commit is contained in:
Reinhard Max 2018-03-07 13:46:42 +00:00 committed by Git OBS Bridge
parent 5c457ced49
commit 1c2fe924d1
7 changed files with 27 additions and 70 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
clamav-0.99.3.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:00fa5292a6e00a3a4035b826267748965d5d2c4943d8ff417d740238263e8e84
size 16082645

3
clamav-0.99.4.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:d72ac3273bde8d2e5e28ec9978373ee3ab4529fd868bc3fc4d2d2671228f2461
size 16083015

36
clamav-CVE-2012-6706.patch
View File

@ -1,36 +0,0 @@
--- libclamunrar/unrarvm.c.orig
+++ libclamunrar/unrarvm.c
@@ -26,6 +26,13 @@
#include "libclamunrar/unrarvm.h"
#include "libclamunrar/unrarcmd.h"
+/*
+ * Limit maximum number of channels in RAR3 delta filter to some
+ * reasonable value to prevent too slow processing of corrupt archives
+ * with invalid channels number.
+ */
+#define MAX3_UNPACK_CHANNELS 1024
+
#ifdef RAR_HIGH_DEBUG
#define rar_dbgmsg printf
#else
@@ -340,8 +347,8 @@ static void filter_itanium_setbits(unsig
static void execute_standard_filter(rarvm_data_t *rarvm_data, rarvm_standard_filters_t filter_type)
{
unsigned char *data, cmp_byte2, cur_byte, *src_data, *dest_data;
- int i, j, data_size, channels, src_pos, dest_pos, border, width, PosR;
- int op_type, cur_channel, byte_count, start_pos, pa, pb, pc;
+ int i, j, op_type, cur_channel, byte_count, start_pos, pa, pb, pc;
+ unsigned int data_size, channels, src_pos, dest_pos, border, width, PosR;
unsigned int file_offset, cur_pos, predicted;
int32_t offset, addr;
const int file_size=0x1000000;
@@ -426,7 +433,7 @@ static void execute_standard_filter(rarv
border = data_size*2;
SET_VALUE(FALSE, &rarvm_data->mem[VM_GLOBALMEMADDR+0x20], data_size);
- if ((unsigned int)data_size >= VM_GLOBALMEMADDR/2) {
+ if ((unsigned int)data_size >= VM_GLOBALMEMADDR/2 || channels > MAX3_UNPACK_CHANNELS) {
break;
}
for (cur_channel=0 ; cur_channel < channels ; cur_channel++) {

22
clamav-disable-timestamps.patch
View File

@ -1,7 +1,5 @@
Index: clamav-0.99.3/libclamav/tomsfastmath/misc/fp_ident.c --- libclamav/tomsfastmath/misc/fp_ident.c.orig
=================================================================== +++ libclamav/tomsfastmath/misc/fp_ident.c
--- clamav-0.99.3.orig/libclamav/tomsfastmath/misc/fp_ident.c 2018-01-26 16:31:35.516009696 +0100
+++ clamav-0.99.3/libclamav/tomsfastmath/misc/fp_ident.c 2018-01-26 16:31:36.912029598 +0100
@@ -15,7 +15,11 @@ const char *fp_ident(void) @@ -15,7 +15,11 @@ const char *fp_ident(void)
memset(buf, 0, sizeof(buf)); memset(buf, 0, sizeof(buf));
@ -27,11 +25,9 @@ Index: clamav-0.99.3/libclamav/tomsfastmath/misc/fp_ident.c
if (sizeof(fp_digit) == sizeof(fp_word)) { if (sizeof(fp_digit) == sizeof(fp_word)) {
strncat(buf, "WARNING: sizeof(fp_digit) == sizeof(fp_word), this build is likely to not work properly.\n", strncat(buf, "WARNING: sizeof(fp_digit) == sizeof(fp_word), this build is likely to not work properly.\n",
Index: clamav-0.99.3/configure --- configure.orig
=================================================================== +++ configure
--- clamav-0.99.3.orig/configure 2018-01-26 16:31:35.532009924 +0100 @@ -785,6 +785,7 @@ FGREP
+++ clamav-0.99.3/configure 2018-01-26 16:32:20.112645407 +0100
@@ -783,6 +783,7 @@ FGREP
SED SED
LIBTOOL LIBTOOL
LIBCLAMAV_VERSION LIBCLAMAV_VERSION
@ -39,7 +35,7 @@ Index: clamav-0.99.3/configure
EGREP EGREP
GREP GREP
CPP CPP
@@ -885,6 +886,7 @@ ac_user_opts=' @@ -887,6 +888,7 @@ ac_user_opts='
enable_option_checking enable_option_checking
enable_silent_rules enable_silent_rules
enable_dependency_tracking enable_dependency_tracking
@ -47,7 +43,7 @@ Index: clamav-0.99.3/configure
enable_static enable_static
enable_shared enable_shared
with_pic with_pic
@@ -1591,6 +1593,8 @@ Optional Features: @@ -1594,6 +1596,8 @@ Optional Features:
--disable-dependency-tracking speeds up one-time build --disable-dependency-tracking speeds up one-time build
--enable-dependency-tracking do not reject slow dependency extractors --enable-dependency-tracking do not reject slow dependency extractors
--enable-static[=PKGS] build static libraries [default=no] --enable-static[=PKGS] build static libraries [default=no]
@ -56,7 +52,7 @@ Index: clamav-0.99.3/configure
--enable-shared[=PKGS] build shared libraries [default=yes] --enable-shared[=PKGS] build shared libraries [default=yes]
--enable-fast-install[=PKGS] --enable-fast-install[=PKGS]
optimize for fast installation [default=yes] optimize for fast installation [default=yes]
@@ -4967,6 +4971,26 @@ $as_echo "$ac_cv_safe_to_define___extens @@ -4989,6 +4993,26 @@ $as_echo "$ac_cv_safe_to_define___extens
$as_echo "#define _TANDEM_SOURCE 1" >>confdefs.h $as_echo "#define _TANDEM_SOURCE 1" >>confdefs.h
@ -82,4 +78,4 @@ Index: clamav-0.99.3/configure
+_ACEOF +_ACEOF
VERSION="0.99.3" VERSION="0.99.4"

12
clamav-gcc47.patch
View File

@ -1,12 +0,0 @@
Index: clamav-0.97.3/libclamav/c++/llvm/lib/ExecutionEngine/JIT/Intercept.cpp
===================================================================
--- clamav-0.97.3.orig/libclamav/c++/llvm/lib/ExecutionEngine/JIT/Intercept.cpp
+++ clamav-0.97.3/libclamav/c++/llvm/lib/ExecutionEngine/JIT/Intercept.cpp
@@ -15,6 +15,7 @@
//
//===----------------------------------------------------------------------===//
+#include <unistd.h>
#include "JIT.h"
#include "llvm/Support/ErrorHandling.h"
#include "llvm/System/DynamicLibrary.h"

13
clamav.changes
View File

@ -1,3 +1,16 @@
-------------------------------------------------------------------
Wed Mar 7 13:15:11 UTC 2018 - max@suse.com
- Update to security release 0.99.4 (bsc#1083915):
* CVE-2012-6706
* CVE-2017-6419
* CVE-2017-11423
* CVE-2018-1000085 (bsc#1082858)
* CVE-2018-0202
- Obsolete patches:
* clamav-CVE-2012-6706.patch
* clamav-gcc47.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Feb 14 12:21:39 UTC 2018 - max@suse.com Wed Feb 14 12:21:39 UTC 2018 - max@suse.com

8
clamav.spec
View File

@ -44,7 +44,7 @@ BuildRequires: python-devel
Summary: Antivirus Toolkit Summary: Antivirus Toolkit
License: GPL-2.0 License: GPL-2.0
Group: Productivity/Security Group: Productivity/Security
Version: 0.99.3 Version: 0.99.4
Release: 0 Release: 0
Url: http://www.clamav.net Url: http://www.clamav.net
Obsoletes: clamav-db < 0.88.3 Obsoletes: clamav-db < 0.88.3
@ -60,10 +60,8 @@ Source7: service.clamd
Source8: service.freshclam Source8: service.freshclam
Source9: service.clamav-milter Source9: service.clamav-milter
Patch1: clamav-conf.patch Patch1: clamav-conf.patch
Patch3: clamav-gcc47.patch
Patch4: clamav-disable-timestamps.patch Patch4: clamav-disable-timestamps.patch
Patch5: clamav-fix_newer_zlib.patch Patch5: clamav-fix_newer_zlib.patch
Patch6: clamav-CVE-2012-6706.patch
BuildRequires: systemd BuildRequires: systemd
BuildRequires: systemd-rpm-macros BuildRequires: systemd-rpm-macros
%systemd_requires %systemd_requires
@ -101,10 +99,8 @@ that want to make use of libclamav.
%prep %prep
%setup -q %setup -q
%patch1 -p1 %patch1 -p1
%patch3 -p1 %patch4
%patch4 -p1
%patch5 -p1 %patch5 -p1
%patch6
%build %build
CFLAGS="-fstack-protector" CFLAGS="-fstack-protector"