From 55bf9502fd043535012dc99d9496f9a74007ce7af42d7c61946c25e12853244a Mon Sep 17 00:00:00 2001 From: Reinhard Max Date: Wed, 14 Feb 2018 12:23:33 +0000 Subject: [PATCH] - Fix zlib version detection (clamav-zlib-version.patch). - bsc#1045490, CVE-2012-6706: VMSF_DELTA filter in libclamunrar allows arbitrary memory write (clamav-CVE-2012-6706.patch). - Buildrequire curl-devel to enable clamsubmit. OBS-URL: https://build.opensuse.org/package/show/security/clamav?expand=0&rev=155 --- clamav-CVE-2012-6706.patch | 36 ++++++++++++++++++++++++++++++++++++ clamav-zlib-version.patch | 28 ++++++++++++++++++++++++++++ clamav.changes | 8 ++++++++ clamav.spec | 5 +++++ 4 files changed, 77 insertions(+) create mode 100644 clamav-CVE-2012-6706.patch create mode 100644 clamav-zlib-version.patch diff --git a/clamav-CVE-2012-6706.patch b/clamav-CVE-2012-6706.patch new file mode 100644 index 0000000..2d2deff --- /dev/null +++ b/clamav-CVE-2012-6706.patch @@ -0,0 +1,36 @@ +--- libclamunrar/unrarvm.c.orig ++++ libclamunrar/unrarvm.c +@@ -26,6 +26,13 @@ + #include "libclamunrar/unrarvm.h" + #include "libclamunrar/unrarcmd.h" + ++/* ++ * Limit maximum number of channels in RAR3 delta filter to some ++ * reasonable value to prevent too slow processing of corrupt archives ++ * with invalid channels number. ++ */ ++#define MAX3_UNPACK_CHANNELS 1024 ++ + #ifdef RAR_HIGH_DEBUG + #define rar_dbgmsg printf + #else +@@ -340,8 +347,8 @@ static void filter_itanium_setbits(unsig + static void execute_standard_filter(rarvm_data_t *rarvm_data, rarvm_standard_filters_t filter_type) + { + unsigned char *data, cmp_byte2, cur_byte, *src_data, *dest_data; +- int i, j, data_size, channels, src_pos, dest_pos, border, width, PosR; +- int op_type, cur_channel, byte_count, start_pos, pa, pb, pc; ++ int i, j, op_type, cur_channel, byte_count, start_pos, pa, pb, pc; ++ unsigned int data_size, channels, src_pos, dest_pos, border, width, PosR; + unsigned int file_offset, cur_pos, predicted; + int32_t offset, addr; + const int file_size=0x1000000; +@@ -426,7 +433,7 @@ static void execute_standard_filter(rarv + border = data_size*2; + + SET_VALUE(FALSE, &rarvm_data->mem[VM_GLOBALMEMADDR+0x20], data_size); +- if ((unsigned int)data_size >= VM_GLOBALMEMADDR/2) { ++ if ((unsigned int)data_size >= VM_GLOBALMEMADDR/2 || channels > MAX3_UNPACK_CHANNELS) { + break; + } + for (cur_channel=0 ; cur_channel < channels ; cur_channel++) { diff --git a/clamav-zlib-version.patch b/clamav-zlib-version.patch new file mode 100644 index 0000000..cf24781 --- /dev/null +++ b/clamav-zlib-version.patch @@ -0,0 +1,28 @@ +--- m4/reorganization/libs/libz.m4.orig ++++ m4/reorganization/libs/libz.m4 +@@ -29,9 +29,9 @@ then + AC_MSG_ERROR([Please install zlib and zlib-devel packages]) + else + +- vuln=`grep "ZLIB_VERSION \"1.2.0" $ZLIB_HOME/include/zlib.h` ++ vuln=`grep "ZLIB_VERSION \"1.2.0\"" $ZLIB_HOME/include/zlib.h` + if test -z "$vuln"; then +- vuln=`grep "ZLIB_VERSION \"1.2.1" $ZLIB_HOME/include/zlib.h` ++ vuln=`grep "ZLIB_VERSION \"1.2.1\"" $ZLIB_HOME/include/zlib.h` + fi + + if test -n "$vuln"; then +--- configure.orig ++++ configure +@@ -18740,9 +18740,9 @@ then + as_fn_error $? "Please install zlib and zlib-devel packages" "$LINENO" 5 + else + +- vuln=`grep "ZLIB_VERSION \"1.2.0" $ZLIB_HOME/include/zlib.h` ++ vuln=`grep "ZLIB_VERSION \"1.2.0\"" $ZLIB_HOME/include/zlib.h` + if test -z "$vuln"; then +- vuln=`grep "ZLIB_VERSION \"1.2.1" $ZLIB_HOME/include/zlib.h` ++ vuln=`grep "ZLIB_VERSION \"1.2.1\"" $ZLIB_HOME/include/zlib.h` + fi + + if test -n "$vuln"; then diff --git a/clamav.changes b/clamav.changes index 535d09d..b540993 100644 --- a/clamav.changes +++ b/clamav.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Wed Feb 14 12:21:39 UTC 2018 - max@suse.com + +- Fix zlib version detection (clamav-zlib-version.patch). +- bsc#1045490, CVE-2012-6706: VMSF_DELTA filter in libclamunrar + allows arbitrary memory write (clamav-CVE-2012-6706.patch). +- Buildrequire curl-devel to enable clamsubmit. + ------------------------------------------------------------------- Tue Feb 13 08:50:55 UTC 2018 - varkoly@suse.com diff --git a/clamav.spec b/clamav.spec index 30ff650..2db9812 100644 --- a/clamav.spec +++ b/clamav.spec @@ -33,6 +33,7 @@ BuildRequires: autoconf BuildRequires: automake BuildRequires: check-devel BuildRequires: libbz2-devel +BuildRequires: libcurl-devel BuildRequires: libopenssl-devel BuildRequires: libtool BuildRequires: libxml2-devel @@ -62,6 +63,8 @@ Patch1: clamav-conf.patch Patch3: clamav-gcc47.patch Patch4: clamav-disable-timestamps.patch Patch5: clamav-fix_newer_zlib.patch +Patch6: clamav-zlib-version.patch +Patch7: clamav-CVE-2012-6706.patch BuildRequires: systemd BuildRequires: systemd-rpm-macros %systemd_requires @@ -102,6 +105,8 @@ that want to make use of libclamav. %patch3 -p1 %patch4 -p1 %patch5 -p1 +%patch6 +%patch7 %build CFLAGS="-fstack-protector"