summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas Deutschmann <whissi@gentoo.org>2018-02-23 20:00:09 +0100
committerThomas Deutschmann <whissi@gentoo.org>2018-02-23 20:00:23 +0100
commit69c038dd6c5f79aa46eb92543bed649d50857b66 (patch)
tree851f05a3f54c1bc0d42622308f03fac46e953866 /app-antivirus/clamav
parentapp-crypt/hashcat: bump (diff)
downloadgentoo-69c038dd6c5f79aa46eb92543bed649d50857b66.tar.gz
gentoo-69c038dd6c5f79aa46eb92543bed649d50857b66.tar.bz2
gentoo-69c038dd6c5f79aa46eb92543bed649d50857b66.zip
app-antivirus/clamav: Rev bump to add patch for CVE-2012-6706
...aka VMSF_DELTA Filter Signedness Error. Bug: https://bugs.gentoo.org/623534 Package-Manager: Portage-2.3.24, Repoman-2.3.6
Diffstat (limited to 'app-antivirus/clamav')
-rw-r--r--app-antivirus/clamav/clamav-0.99.3-r2.ebuild160
-rw-r--r--app-antivirus/clamav/files/clamav-0.99.3-VMSF_DELTA-fix-CVE-2012-6706.patch186
2 files changed, 346 insertions, 0 deletions
diff --git a/app-antivirus/clamav/clamav-0.99.3-r2.ebuild b/app-antivirus/clamav/clamav-0.99.3-r2.ebuild
new file mode 100644
index 000000000000..f0977dc5f0ff
--- /dev/null
+++ b/app-antivirus/clamav/clamav-0.99.3-r2.ebuild
@@ -0,0 +1,160 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit autotools eutils flag-o-matic user systemd
+
+DESCRIPTION="Clam Anti-Virus Scanner"
+HOMEPAGE="http://www.clamav.net/"
+SRC_URI="https://www.clamav.net/downloads/production/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~sparc-solaris ~x86-solaris"
+IUSE="bzip2 clamdtop iconv ipv6 libressl milter metadata-analysis-api selinux static-libs uclibc"
+
+CDEPEND="bzip2? ( app-arch/bzip2 )
+ clamdtop? ( sys-libs/ncurses:0 )
+ iconv? ( virtual/libiconv )
+ metadata-analysis-api? ( dev-libs/json-c:= )
+ milter? ( || ( mail-filter/libmilter mail-mta/sendmail ) )
+ dev-libs/libtommath
+ >=sys-libs/zlib-1.2.2:=
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:0= )
+ sys-devel/libtool
+ || ( dev-libs/libpcre2 >dev-libs/libpcre-6 )
+ !!<app-antivirus/clamav-0.99"
+# hard block clamav < 0.99 due to linking problems Bug #567680
+# openssl is now *required* see this link as to why
+# http://blog.clamav.net/2014/02/introducing-openssl-as-dependency-to.html
+DEPEND="${CDEPEND}
+ virtual/pkgconfig"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-clamav )"
+
+DOCS=( AUTHORS BUGS ChangeLog FAQ INSTALL NEWS README UPGRADE )
+PATCHES=(
+ "${FILESDIR}"/${PN}-0.99.2-gcc-6.patch
+ "${FILESDIR}"/${PN}-0.99.2-tinfo.patch
+ "${FILESDIR}"/${PN}-0.99.2-bytecode_api.patch
+ "${FILESDIR}"/${PN}-0.99.2-pcre2-compile-erroffset.patch
+ "${FILESDIR}"/${PN}-0.99.3-fix-fd-leaks-in-cli_scanscript.patch
+ "${FILESDIR}"/${PN}-0.99.3-VMSF_DELTA-fix-CVE-2012-6706.patch
+)
+
+pkg_setup() {
+ enewgroup clamav
+ enewuser clamav -1 -1 /dev/null clamav
+}
+
+src_prepare() {
+ default
+
+ eautoconf
+}
+
+src_configure() {
+ use ppc64 && append-flags -mminimal-toc
+ use uclibc && export ac_cv_type_error_t=yes
+
+ econf \
+ $(use_enable bzip2) \
+ $(use_enable clamdtop) \
+ $(use_enable ipv6) \
+ $(use_enable milter) \
+ $(use_enable static-libs static) \
+ $(use_with iconv) \
+ $(use_with metadata-analysis-api libjson /usr) \
+ --cache-file="${S}"/config.cache \
+ --disable-experimental \
+ --disable-gcc-vcheck \
+ --disable-zlib-vcheck \
+ --enable-id-check \
+ --with-dbdir="${EPREFIX}"/var/lib/clamav \
+ --with-system-tommath \
+ --with-zlib="${EPREFIX}"/usr
+}
+
+src_install() {
+ default
+
+ rm -rf "${ED}"/var/lib/clamav
+ newinitd "${FILESDIR}"/clamd.initd-r6 clamd
+ newconfd "${FILESDIR}"/clamd.conf-r1 clamd
+
+ systemd_dotmpfilesd "${FILESDIR}/tmpfiles.d/clamav.conf"
+ systemd_newunit "${FILESDIR}/clamd_at.service" "clamd@.service"
+ systemd_dounit "${FILESDIR}/clamd.service"
+ systemd_dounit "${FILESDIR}/freshclamd.service"
+
+ keepdir /var/lib/clamav
+ fowners clamav:clamav /var/lib/clamav
+ keepdir /var/log/clamav
+ fowners clamav:clamav /var/log/clamav
+
+ dodir /etc/logrotate.d
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/clamav.logrotate clamav
+
+ # Modify /etc/{clamd,freshclam}.conf to be usable out of the box
+ sed -i -e "s:^\(Example\):\# \1:" \
+ -e "s:.*\(PidFile\) .*:\1 ${EPREFIX}/var/run/clamav/clamd.pid:" \
+ -e "s:.*\(LocalSocket\) .*:\1 ${EPREFIX}/var/run/clamav/clamd.sock:" \
+ -e "s:.*\(User\) .*:\1 clamav:" \
+ -e "s:^\#\(LogFile\) .*:\1 ${EPREFIX}/var/log/clamav/clamd.log:" \
+ -e "s:^\#\(LogTime\).*:\1 yes:" \
+ -e "s:^\#\(AllowSupplementaryGroups\).*:\1 yes:" \
+ "${ED}"/etc/clamd.conf.sample || die
+ sed -i -e "s:^\(Example\):\# \1:" \
+ -e "s:.*\(PidFile\) .*:\1 ${EPREFIX}/var/run/clamav/freshclam.pid:" \
+ -e "s:.*\(DatabaseOwner\) .*:\1 clamav:" \
+ -e "s:^\#\(UpdateLogFile\) .*:\1 ${EPREFIX}/var/log/clamav/freshclam.log:" \
+ -e "s:^\#\(NotifyClamd\).*:\1 ${EPREFIX}/etc/clamd.conf:" \
+ -e "s:^\#\(ScriptedUpdates\).*:\1 yes:" \
+ -e "s:^\#\(AllowSupplementaryGroups\).*:\1 yes:" \
+ "${ED}"/etc/freshclam.conf.sample || die
+
+ if use milter ; then
+ # MilterSocket one to include ' /' because there is a 2nd line for
+ # inet: which we want to leave
+ dodoc "${FILESDIR}"/clamav-milter.README.gentoo
+ sed -i -e "s:^\(Example\):\# \1:" \
+ -e "s:.*\(PidFile\) .*:\1 ${EPREFIX}/var/run/clamav/clamav-milter.pid:" \
+ -e "s+^\#\(ClamdSocket\) .*+\1 unix:${EPREFIX}/var/run/clamav/clamd.sock+" \
+ -e "s:.*\(User\) .*:\1 clamav:" \
+ -e "s+^\#\(MilterSocket\) /.*+\1 unix:${EPREFIX}/var/run/clamav/clamav-milter.sock+" \
+ -e "s:^\#\(AllowSupplementaryGroups\).*:\1 yes:" \
+ -e "s:^\#\(LogFile\) .*:\1 ${EPREFIX}/var/log/clamav/clamav-milter.log:" \
+ "${ED}"/etc/clamav-milter.conf.sample || die
+ cat >> "${ED}"/etc/conf.d/clamd <<-EOF
+ MILTER_NICELEVEL=19
+ START_MILTER=no
+ EOF
+
+ systemd_newunit "${FILESDIR}/clamav-milter.service-r1" clamav-milter.service
+ fi
+
+ for i in clamd freshclam clamav-milter
+ do
+ [[ -f "${D}"/etc/"${i}".conf.sample ]] && mv "${D}"/etc/"${i}".conf{.sample,}
+ done
+
+ prune_libtool_files --all
+}
+
+src_test() {
+ emake quick-check
+}
+
+pkg_postinst() {
+ if use milter ; then
+ elog "For simple instructions how to setup the clamav-milter read the"
+ elog "clamav-milter.README.gentoo in /usr/share/doc/${PF}"
+ fi
+ if test -z $(find "${ROOT}"var/lib/clamav -maxdepth 1 -name 'main.c*' -print -quit) ; then
+ ewarn "You must run freshclam manually to populate the virus database files"
+ ewarn "before starting clamav for the first time.\n"
+ fi
+}
diff --git a/app-antivirus/clamav/files/clamav-0.99.3-VMSF_DELTA-fix-CVE-2012-6706.patch b/app-antivirus/clamav/files/clamav-0.99.3-VMSF_DELTA-fix-CVE-2012-6706.patch
new file mode 100644
index 000000000000..90facf6eae06
--- /dev/null
+++ b/app-antivirus/clamav/files/clamav-0.99.3-VMSF_DELTA-fix-CVE-2012-6706.patch
@@ -0,0 +1,186 @@
+Apply proposed changes to fix RAR VMSF_DELTA Filter Signedness error (CVE-2012-6706)
+
+Cherry picked from commit a7d8447bd9a4d5ae1fa970c1849c8caeb5f1a805 [Link 1] and
+d4699442bce76574573dc564e7f2177d679b88bd [Link 2].
+
+Link 1: https://github.com/Cisco-Talos/clamav-devel/commit/a7d8447bd9a4d5ae1fa970c1849c8caeb5f1a805
+Link 2: https://github.com/Cisco-Talos/clamav-devel/commit/d4699442bce76574573dc564e7f2177d679b88bd
+
+--- a/libclamunrar/unrarvm.c
++++ b/libclamunrar/unrarvm.c
+@@ -213,17 +213,20 @@ void rarvm_addbits(rarvm_input_t *rarvm_input, int bits)
+
+ unsigned int rarvm_getbits(rarvm_input_t *rarvm_input)
+ {
+- unsigned int bit_field;
++ unsigned int bit_field = 0;
+
+- if (rarvm_input->in_addr+2 < rarvm_input->buf_size) {
++ if (rarvm_input->in_addr < rarvm_input->buf_size) {
+ bit_field = (unsigned int) rarvm_input->in_buf[rarvm_input->in_addr] << 16;
+- bit_field |= (unsigned int) rarvm_input->in_buf[rarvm_input->in_addr+1] << 8;
+- bit_field |= (unsigned int) rarvm_input->in_buf[rarvm_input->in_addr+2];
+- bit_field >>= (8-rarvm_input->in_bit);
+-
+- return (bit_field & 0xffff);
++ if (rarvm_input->in_addr+1 < rarvm_input->buf_size) {
++ bit_field |= (unsigned int) rarvm_input->in_buf[rarvm_input->in_addr+1] << 8;
++ if (rarvm_input->in_addr+2 < rarvm_input->buf_size) {
++ bit_field |= (unsigned int) rarvm_input->in_buf[rarvm_input->in_addr+2];
++ }
++ }
+ }
+- return 0;
++ bit_field >>= (8-rarvm_input->in_bit);
++
++ return (bit_field & 0xffff);
+ }
+
+ unsigned int rarvm_read_data(rarvm_input_t *rarvm_input)
+@@ -311,10 +314,10 @@ static unsigned int *rarvm_get_operand(rarvm_data_t *rarvm_data,
+ }
+ }
+
+-static unsigned int filter_itanium_getbits(unsigned char *data, int bit_pos, int bit_count)
++static unsigned int filter_itanium_getbits(unsigned char *data, unsigned int bit_pos, unsigned int bit_count)
+ {
+- int in_addr=bit_pos/8;
+- int in_bit=bit_pos&7;
++ unsigned int in_addr=bit_pos/8;
++ unsigned int in_bit=bit_pos&7;
+ unsigned int bit_field=(unsigned int)data[in_addr++];
+ bit_field|=(unsigned int)data[in_addr++] << 8;
+ bit_field|=(unsigned int)data[in_addr++] << 16;
+@@ -323,10 +326,10 @@ static unsigned int filter_itanium_getbits(unsigned char *data, int bit_pos, int
+ return(bit_field & (0xffffffff>>(32-bit_count)));
+ }
+
+-static void filter_itanium_setbits(unsigned char *data, unsigned int bit_field, int bit_pos, int bit_count)
++static void filter_itanium_setbits(unsigned char *data, unsigned int bit_field, unsigned int bit_pos, unsigned int bit_count)
+ {
+- int i, in_addr=bit_pos/8;
+- int in_bit=bit_pos&7;
++ unsigned int i, in_addr=bit_pos/8;
++ unsigned int in_bit=bit_pos&7;
+ unsigned int and_mask=0xffffffff>>(32-bit_count);
+ and_mask=~(and_mask<<in_bit);
+
+@@ -343,11 +346,12 @@ static void filter_itanium_setbits(unsigned char *data, unsigned int bit_field,
+ static void execute_standard_filter(rarvm_data_t *rarvm_data, rarvm_standard_filters_t filter_type)
+ {
+ unsigned char *data, cmp_byte2, cur_byte, *src_data, *dest_data;
+- int i, j, data_size, channels, src_pos, dest_pos, border, width, PosR;
+- int op_type, cur_channel, byte_count, start_pos, pa, pb, pc;
++ unsigned int i, j, data_size, channels, src_pos, dest_pos, border, width, PosR;
++ unsigned int op_type, cur_channel, byte_count, start_pos;
++ int pa, pb, pc;
+ unsigned int file_offset, cur_pos, predicted;
+- int32_t offset, addr;
+- const int file_size=0x1000000;
++ uint32_t offset, addr;
++ const unsigned int file_size=0x1000000;
+
+ switch(filter_type) {
+ case VMSF_E8:
+@@ -356,7 +360,7 @@ static void execute_standard_filter(rarvm_data_t *rarvm_data, rarvm_standard_fil
+ data_size = rarvm_data->R[4];
+ file_offset = rarvm_data->R[6];
+
+- if (((unsigned int)data_size >= VM_GLOBALMEMADDR) || (data_size < 4)) {
++ if ((data_size > VM_GLOBALMEMADDR) || (data_size < 4)) {
+ break;
+ }
+
+@@ -367,12 +371,14 @@ static void execute_standard_filter(rarvm_data_t *rarvm_data, rarvm_standard_fil
+ if (cur_byte==0xe8 || cur_byte==cmp_byte2) {
+ offset = cur_pos+file_offset;
+ addr = GET_VALUE(FALSE, data);
+- if (addr < 0) {
+- if (addr+offset >=0 ) {
++ // We check 0x80000000 bit instead of '< 0' comparison
++ // not assuming int32 presence or uint size and endianness.
++ if ((addr & 0x80000000)!=0) { // addr<0
++ if (((addr+offset) & 0x80000000)==0) { // addr+offset>=0
+ SET_VALUE(FALSE, data, addr+file_size);
+ }
+ } else {
+- if (addr<file_size) {
++ if (((addr-file_size) & 0x80000000)!=0) { // addr<file_size
+ SET_VALUE(FALSE, data, addr-offset);
+ }
+ }
+@@ -386,7 +392,7 @@ static void execute_standard_filter(rarvm_data_t *rarvm_data, rarvm_standard_fil
+ data_size = rarvm_data->R[4];
+ file_offset = rarvm_data->R[6];
+
+- if (((unsigned int)data_size >= VM_GLOBALMEMADDR) || (data_size < 21)) {
++ if ((data_size > VM_GLOBALMEMADDR) || (data_size < 21)) {
+ break;
+ }
+
+@@ -429,7 +435,7 @@ static void execute_standard_filter(rarvm_data_t *rarvm_data, rarvm_standard_fil
+ border = data_size*2;
+
+ SET_VALUE(FALSE, &rarvm_data->mem[VM_GLOBALMEMADDR+0x20], data_size);
+- if ((unsigned int)data_size >= VM_GLOBALMEMADDR/2) {
++ if (data_size > VM_GLOBALMEMADDR/2 || channels > 1024 || channels == 0) {
+ break;
+ }
+ for (cur_channel=0 ; cur_channel < channels ; cur_channel++) {
+@@ -440,7 +446,7 @@ static void execute_standard_filter(rarvm_data_t *rarvm_data, rarvm_standard_fil
+ }
+ break;
+ case VMSF_RGB: {
+- const int channels=3;
++ const unsigned int channels=3;
+ data_size = rarvm_data->R[4];
+ width = rarvm_data->R[0] - 3;
+ PosR = rarvm_data->R[1];
+@@ -448,15 +454,14 @@ static void execute_standard_filter(rarvm_data_t *rarvm_data, rarvm_standard_fil
+ dest_data = src_data + data_size;
+
+ SET_VALUE(FALSE, &rarvm_data->mem[VM_GLOBALMEMADDR+0x20], data_size);
+- if ((unsigned int)data_size >= VM_GLOBALMEMADDR/2) {
++ if (data_size > VM_GLOBALMEMADDR/2 || data_size < 3 || width > data_size || PosR > 2) {
+ break;
+ }
+ for (cur_channel=0 ; cur_channel < channels; cur_channel++) {
+ unsigned int prev_byte = 0;
+ for (i=cur_channel ; i<data_size ; i+=channels) {
+- int upper_pos=i-width;
+- if (upper_pos >= 3) {
+- unsigned char *upper_data = dest_data+upper_pos;
++ if (i >= width+3) {
++ unsigned char *upper_data = dest_data+i-width;
+ unsigned int upper_byte = *upper_data;
+ unsigned int upper_left_byte = *(upper_data-3);
+ predicted = prev_byte+upper_byte-upper_left_byte;
+@@ -486,13 +491,14 @@ static void execute_standard_filter(rarvm_data_t *rarvm_data, rarvm_standard_fil
+ break;
+ }
+ case VMSF_AUDIO: {
+- int channels=rarvm_data->R[0];
++ unsigned int channels=rarvm_data->R[0];
+ data_size = rarvm_data->R[4];
+ src_data = rarvm_data->mem;
+ dest_data = src_data + data_size;
+
+ SET_VALUE(FALSE, &rarvm_data->mem[VM_GLOBALMEMADDR+0x20], data_size);
+- if ((unsigned int)data_size >= VM_GLOBALMEMADDR/2) {
++ // In fact, audio channels never exceed 4.
++ if (data_size > VM_GLOBALMEMADDR/2 || channels > 128 || channels == 0) {
+ break;
+ }
+ for (cur_channel=0 ; cur_channel < channels ; cur_channel++) {
+@@ -553,7 +559,7 @@ static void execute_standard_filter(rarvm_data_t *rarvm_data, rarvm_standard_fil
+ data_size = rarvm_data->R[4];
+ src_pos = 0;
+ dest_pos = data_size;
+- if ((unsigned int)data_size >= VM_GLOBALMEMADDR/2) {
++ if (data_size > VM_GLOBALMEMADDR/2) {
+ break;
+ }
+ while (src_pos < data_size) {
+--
+2.16.2
+