- Fix zlib version detection (clamav-zlib-version.patch).

- bsc#1045490, CVE-2012-6706: VMSF_DELTA filter in libclamunrar
  allows arbitrary memory write (clamav-CVE-2012-6706.patch).
- Buildrequire curl-devel to enable clamsubmit.

OBS-URL: https://build.opensuse.org/package/show/security/clamav?expand=0&rev=155

clamav-CVE-2012-6706.patch

@@ -0,0 +1,36 @@
+--- libclamunrar/unrarvm.c.orig
++++ libclamunrar/unrarvm.c
+@@ -26,6 +26,13 @@
+ #include "libclamunrar/unrarvm.h"
+ #include "libclamunrar/unrarcmd.h"
+ 
++/*
++ * Limit maximum number of channels in RAR3 delta filter to some
++ * reasonable value to prevent too slow processing of corrupt archives
++ * with invalid channels number.
++ */
++#define MAX3_UNPACK_CHANNELS 1024
++
+ #ifdef RAR_HIGH_DEBUG
+ #define rar_dbgmsg printf
+ #else
+@@ -340,8 +347,8 @@ static void filter_itanium_setbits(unsig
+ static void execute_standard_filter(rarvm_data_t *rarvm_data, rarvm_standard_filters_t filter_type)
+ {
+ 	unsigned char *data, cmp_byte2, cur_byte, *src_data, *dest_data;
+-	int i, j, data_size, channels, src_pos, dest_pos, border, width, PosR;
+-	int op_type, cur_channel, byte_count, start_pos, pa, pb, pc;
++	int i, j, op_type, cur_channel, byte_count, start_pos, pa, pb, pc;
++	unsigned int data_size, channels, src_pos, dest_pos, border, width, PosR;
+ 	unsigned int file_offset, cur_pos, predicted;
+ 	int32_t offset, addr;
+ 	const int file_size=0x1000000;
+@@ -426,7 +433,7 @@ static void execute_standard_filter(rarv
+ 		border = data_size*2;
+ 		
+ 		SET_VALUE(FALSE, &rarvm_data->mem[VM_GLOBALMEMADDR+0x20], data_size);
+-		if ((unsigned int)data_size >= VM_GLOBALMEMADDR/2) {
++		if ((unsigned int)data_size >= VM_GLOBALMEMADDR/2 || channels > MAX3_UNPACK_CHANNELS) {
+ 			break;
+ 		}
+ 		for (cur_channel=0 ; cur_channel < channels ; cur_channel++) {

clamav-zlib-version.patch

@@ -0,0 +1,28 @@
+--- m4/reorganization/libs/libz.m4.orig
++++ m4/reorganization/libs/libz.m4
+@@ -29,9 +29,9 @@ then
+     AC_MSG_ERROR([Please install zlib and zlib-devel packages])
+ else
+ 
+-    vuln=`grep "ZLIB_VERSION \"1.2.0" $ZLIB_HOME/include/zlib.h`
++    vuln=`grep "ZLIB_VERSION \"1.2.0\"" $ZLIB_HOME/include/zlib.h`
+     if test -z "$vuln"; then
+-	vuln=`grep "ZLIB_VERSION \"1.2.1" $ZLIB_HOME/include/zlib.h`
++	vuln=`grep "ZLIB_VERSION \"1.2.1\"" $ZLIB_HOME/include/zlib.h`
+     fi
+ 
+     if test -n "$vuln"; then
+--- configure.orig
++++ configure
+@@ -18740,9 +18740,9 @@ then
+     as_fn_error $? "Please install zlib and zlib-devel packages" "$LINENO" 5
+ else
+ 
+-    vuln=`grep "ZLIB_VERSION \"1.2.0" $ZLIB_HOME/include/zlib.h`
++    vuln=`grep "ZLIB_VERSION \"1.2.0\"" $ZLIB_HOME/include/zlib.h`
+     if test -z "$vuln"; then
+-	vuln=`grep "ZLIB_VERSION \"1.2.1" $ZLIB_HOME/include/zlib.h`
++	vuln=`grep "ZLIB_VERSION \"1.2.1\"" $ZLIB_HOME/include/zlib.h`
+     fi
+ 
+     if test -n "$vuln"; then

clamav.changes

@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Wed Feb 14 12:21:39 UTC 2018 - max@suse.com
+
+- Fix zlib version detection (clamav-zlib-version.patch).
+- bsc#1045490, CVE-2012-6706: VMSF_DELTA filter in libclamunrar
+  allows arbitrary memory write (clamav-CVE-2012-6706.patch).
+- Buildrequire curl-devel to enable clamsubmit.
+
 -------------------------------------------------------------------
 Tue Feb 13 08:50:55 UTC 2018 - varkoly@suse.com
 

clamav.spec

@@ -33,6 +33,7 @@ BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  check-devel
 BuildRequires:  libbz2-devel
+BuildRequires:  libcurl-devel
 BuildRequires:  libopenssl-devel
 BuildRequires:  libtool
 BuildRequires:  libxml2-devel
@@ -62,6 +63,8 @@ Patch1:         clamav-conf.patch
 Patch3:         clamav-gcc47.patch
 Patch4:         clamav-disable-timestamps.patch
 Patch5:         clamav-fix_newer_zlib.patch
+Patch6:         clamav-zlib-version.patch
+Patch7:         clamav-CVE-2012-6706.patch
 BuildRequires:  systemd
 BuildRequires:  systemd-rpm-macros
 %systemd_requires
@@ -102,6 +105,8 @@ that want to make use of libclamav.
 %patch3 -p1
 %patch4 -p1
 %patch5 -p1
+%patch6
+%patch7
 
 %build
 CFLAGS="-fstack-protector"