From 1c2fe924d178462f33aa4be72b5f9f00533d1da4a5bf9afdb5be39f0e382c03e Mon Sep 17 00:00:00 2001 From: Reinhard Max Date: Wed, 7 Mar 2018 13:46:42 +0000 Subject: [PATCH] - Update to security release 0.99.4 (bsc#1083915): * CVE-2012-6706 * CVE-2017-6419 * CVE-2017-11423 * CVE-2018-1000085 (bsc#1082858) * CVE-2018-0202 - Obsolete patches: * clamav-CVE-2012-6706.patch * clamav-gcc47.patch OBS-URL: https://build.opensuse.org/package/show/security/clamav?expand=0&rev=159 --- clamav-0.99.3.tar.gz | 3 --- clamav-0.99.4.tar.gz | 3 +++ clamav-CVE-2012-6706.patch | 36 --------------------------------- clamav-disable-timestamps.patch | 22 +++++++++----------- clamav-gcc47.patch | 12 ----------- clamav.changes | 13 ++++++++++++ clamav.spec | 8 ++------ 7 files changed, 27 insertions(+), 70 deletions(-) delete mode 100644 clamav-0.99.3.tar.gz create mode 100644 clamav-0.99.4.tar.gz delete mode 100644 clamav-CVE-2012-6706.patch delete mode 100644 clamav-gcc47.patch diff --git a/clamav-0.99.3.tar.gz b/clamav-0.99.3.tar.gz deleted file mode 100644 index 651622f..0000000 --- a/clamav-0.99.3.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:00fa5292a6e00a3a4035b826267748965d5d2c4943d8ff417d740238263e8e84 -size 16082645 diff --git a/clamav-0.99.4.tar.gz b/clamav-0.99.4.tar.gz new file mode 100644 index 0000000..46cba59 --- /dev/null +++ b/clamav-0.99.4.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:d72ac3273bde8d2e5e28ec9978373ee3ab4529fd868bc3fc4d2d2671228f2461 +size 16083015 diff --git a/clamav-CVE-2012-6706.patch b/clamav-CVE-2012-6706.patch deleted file mode 100644 index 2d2deff..0000000 --- a/clamav-CVE-2012-6706.patch +++ /dev/null @@ -1,36 +0,0 @@ ---- libclamunrar/unrarvm.c.orig -+++ libclamunrar/unrarvm.c -@@ -26,6 +26,13 @@ - #include "libclamunrar/unrarvm.h" - #include "libclamunrar/unrarcmd.h" - -+/* -+ * Limit maximum number of channels in RAR3 delta filter to some -+ * reasonable value to prevent too slow processing of corrupt archives -+ * with invalid channels number. -+ */ -+#define MAX3_UNPACK_CHANNELS 1024 -+ - #ifdef RAR_HIGH_DEBUG - #define rar_dbgmsg printf - #else -@@ -340,8 +347,8 @@ static void filter_itanium_setbits(unsig - static void execute_standard_filter(rarvm_data_t *rarvm_data, rarvm_standard_filters_t filter_type) - { - unsigned char *data, cmp_byte2, cur_byte, *src_data, *dest_data; -- int i, j, data_size, channels, src_pos, dest_pos, border, width, PosR; -- int op_type, cur_channel, byte_count, start_pos, pa, pb, pc; -+ int i, j, op_type, cur_channel, byte_count, start_pos, pa, pb, pc; -+ unsigned int data_size, channels, src_pos, dest_pos, border, width, PosR; - unsigned int file_offset, cur_pos, predicted; - int32_t offset, addr; - const int file_size=0x1000000; -@@ -426,7 +433,7 @@ static void execute_standard_filter(rarv - border = data_size*2; - - SET_VALUE(FALSE, &rarvm_data->mem[VM_GLOBALMEMADDR+0x20], data_size); -- if ((unsigned int)data_size >= VM_GLOBALMEMADDR/2) { -+ if ((unsigned int)data_size >= VM_GLOBALMEMADDR/2 || channels > MAX3_UNPACK_CHANNELS) { - break; - } - for (cur_channel=0 ; cur_channel < channels ; cur_channel++) { diff --git a/clamav-disable-timestamps.patch b/clamav-disable-timestamps.patch index 6758a0a..14dbe38 100644 --- a/clamav-disable-timestamps.patch +++ b/clamav-disable-timestamps.patch @@ -1,7 +1,5 @@ -Index: clamav-0.99.3/libclamav/tomsfastmath/misc/fp_ident.c -=================================================================== ---- clamav-0.99.3.orig/libclamav/tomsfastmath/misc/fp_ident.c 2018-01-26 16:31:35.516009696 +0100 -+++ clamav-0.99.3/libclamav/tomsfastmath/misc/fp_ident.c 2018-01-26 16:31:36.912029598 +0100 +--- libclamav/tomsfastmath/misc/fp_ident.c.orig ++++ libclamav/tomsfastmath/misc/fp_ident.c @@ -15,7 +15,11 @@ const char *fp_ident(void) memset(buf, 0, sizeof(buf)); @@ -27,11 +25,9 @@ Index: clamav-0.99.3/libclamav/tomsfastmath/misc/fp_ident.c if (sizeof(fp_digit) == sizeof(fp_word)) { strncat(buf, "WARNING: sizeof(fp_digit) == sizeof(fp_word), this build is likely to not work properly.\n", -Index: clamav-0.99.3/configure -=================================================================== ---- clamav-0.99.3.orig/configure 2018-01-26 16:31:35.532009924 +0100 -+++ clamav-0.99.3/configure 2018-01-26 16:32:20.112645407 +0100 -@@ -783,6 +783,7 @@ FGREP +--- configure.orig ++++ configure +@@ -785,6 +785,7 @@ FGREP SED LIBTOOL LIBCLAMAV_VERSION @@ -39,7 +35,7 @@ Index: clamav-0.99.3/configure EGREP GREP CPP -@@ -885,6 +886,7 @@ ac_user_opts=' +@@ -887,6 +888,7 @@ ac_user_opts=' enable_option_checking enable_silent_rules enable_dependency_tracking @@ -47,7 +43,7 @@ Index: clamav-0.99.3/configure enable_static enable_shared with_pic -@@ -1591,6 +1593,8 @@ Optional Features: +@@ -1594,6 +1596,8 @@ Optional Features: --disable-dependency-tracking speeds up one-time build --enable-dependency-tracking do not reject slow dependency extractors --enable-static[=PKGS] build static libraries [default=no] @@ -56,7 +52,7 @@ Index: clamav-0.99.3/configure --enable-shared[=PKGS] build shared libraries [default=yes] --enable-fast-install[=PKGS] optimize for fast installation [default=yes] -@@ -4967,6 +4971,26 @@ $as_echo "$ac_cv_safe_to_define___extens +@@ -4989,6 +4993,26 @@ $as_echo "$ac_cv_safe_to_define___extens $as_echo "#define _TANDEM_SOURCE 1" >>confdefs.h @@ -82,4 +78,4 @@ Index: clamav-0.99.3/configure +_ACEOF - VERSION="0.99.3" + VERSION="0.99.4" diff --git a/clamav-gcc47.patch b/clamav-gcc47.patch deleted file mode 100644 index 89beae1..0000000 --- a/clamav-gcc47.patch +++ /dev/null @@ -1,12 +0,0 @@ -Index: clamav-0.97.3/libclamav/c++/llvm/lib/ExecutionEngine/JIT/Intercept.cpp -=================================================================== ---- clamav-0.97.3.orig/libclamav/c++/llvm/lib/ExecutionEngine/JIT/Intercept.cpp -+++ clamav-0.97.3/libclamav/c++/llvm/lib/ExecutionEngine/JIT/Intercept.cpp -@@ -15,6 +15,7 @@ - // - //===----------------------------------------------------------------------===// - -+#include - #include "JIT.h" - #include "llvm/Support/ErrorHandling.h" - #include "llvm/System/DynamicLibrary.h" diff --git a/clamav.changes b/clamav.changes index 0b55fd4..71a4b95 100644 --- a/clamav.changes +++ b/clamav.changes @@ -1,3 +1,16 @@ +------------------------------------------------------------------- +Wed Mar 7 13:15:11 UTC 2018 - max@suse.com + +- Update to security release 0.99.4 (bsc#1083915): + * CVE-2012-6706 + * CVE-2017-6419 + * CVE-2017-11423 + * CVE-2018-1000085 (bsc#1082858) + * CVE-2018-0202 +- Obsolete patches: + * clamav-CVE-2012-6706.patch + * clamav-gcc47.patch + ------------------------------------------------------------------- Wed Feb 14 12:21:39 UTC 2018 - max@suse.com diff --git a/clamav.spec b/clamav.spec index 457bab5..85ff4ed 100644 --- a/clamav.spec +++ b/clamav.spec @@ -44,7 +44,7 @@ BuildRequires: python-devel Summary: Antivirus Toolkit License: GPL-2.0 Group: Productivity/Security -Version: 0.99.3 +Version: 0.99.4 Release: 0 Url: http://www.clamav.net Obsoletes: clamav-db < 0.88.3 @@ -60,10 +60,8 @@ Source7: service.clamd Source8: service.freshclam Source9: service.clamav-milter Patch1: clamav-conf.patch -Patch3: clamav-gcc47.patch Patch4: clamav-disable-timestamps.patch Patch5: clamav-fix_newer_zlib.patch -Patch6: clamav-CVE-2012-6706.patch BuildRequires: systemd BuildRequires: systemd-rpm-macros %systemd_requires @@ -101,10 +99,8 @@ that want to make use of libclamav. %prep %setup -q %patch1 -p1 -%patch3 -p1 -%patch4 -p1 +%patch4 %patch5 -p1 -%patch6 %build CFLAGS="-fstack-protector"