Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Thomas Deutschmann <whissi@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: app-antivirus/clamav/files/, app-antivirus/clamav/
Date: Fri, 23 Feb 2018 19:00:45
Message-Id: 1519412423.69c038dd6c5f79aa46eb92543bed649d50857b66.whissi@gentoo
1 commit: 69c038dd6c5f79aa46eb92543bed649d50857b66
2 Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
3 AuthorDate: Fri Feb 23 19:00:09 2018 +0000
4 Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
5 CommitDate: Fri Feb 23 19:00:23 2018 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=69c038dd
7
8 app-antivirus/clamav: Rev bump to add patch for CVE-2012-6706
9
10 ...aka VMSF_DELTA Filter Signedness Error.
11
12 Bug: https://bugs.gentoo.org/623534
13 Package-Manager: Portage-2.3.24, Repoman-2.3.6
14
15 app-antivirus/clamav/clamav-0.99.3-r2.ebuild | 160 ++++++++++++++++++
16 ...lamav-0.99.3-VMSF_DELTA-fix-CVE-2012-6706.patch | 186 +++++++++++++++++++++
17 2 files changed, 346 insertions(+)
18
19 diff --git a/app-antivirus/clamav/clamav-0.99.3-r2.ebuild b/app-antivirus/clamav/clamav-0.99.3-r2.ebuild
20 new file mode 100644
21 index 00000000000..f0977dc5f0f
22 --- /dev/null
23 +++ b/app-antivirus/clamav/clamav-0.99.3-r2.ebuild
24 @@ -0,0 +1,160 @@
25 +# Copyright 1999-2018 Gentoo Foundation
26 +# Distributed under the terms of the GNU General Public License v2
27 +
28 +EAPI=6
29 +
30 +inherit autotools eutils flag-o-matic user systemd
31 +
32 +DESCRIPTION="Clam Anti-Virus Scanner"
33 +HOMEPAGE="http://www.clamav.net/"
34 +SRC_URI="https://www.clamav.net/downloads/production/${P}.tar.gz"
35 +
36 +LICENSE="GPL-2"
37 +SLOT="0"
38 +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~sparc-solaris ~x86-solaris"
39 +IUSE="bzip2 clamdtop iconv ipv6 libressl milter metadata-analysis-api selinux static-libs uclibc"
40 +
41 +CDEPEND="bzip2? ( app-arch/bzip2 )
42 + clamdtop? ( sys-libs/ncurses:0 )
43 + iconv? ( virtual/libiconv )
44 + metadata-analysis-api? ( dev-libs/json-c:= )
45 + milter? ( || ( mail-filter/libmilter mail-mta/sendmail ) )
46 + dev-libs/libtommath
47 + >=sys-libs/zlib-1.2.2:=
48 + !libressl? ( dev-libs/openssl:0= )
49 + libressl? ( dev-libs/libressl:0= )
50 + sys-devel/libtool
51 + || ( dev-libs/libpcre2 >dev-libs/libpcre-6 )
52 + !!<app-antivirus/clamav-0.99"
53 +# hard block clamav < 0.99 due to linking problems Bug #567680
54 +# openssl is now *required* see this link as to why
55 +# http://blog.clamav.net/2014/02/introducing-openssl-as-dependency-to.html
56 +DEPEND="${CDEPEND}
57 + virtual/pkgconfig"
58 +RDEPEND="${CDEPEND}
59 + selinux? ( sec-policy/selinux-clamav )"
60 +
61 +DOCS=( AUTHORS BUGS ChangeLog FAQ INSTALL NEWS README UPGRADE )
62 +PATCHES=(
63 + "${FILESDIR}"/${PN}-0.99.2-gcc-6.patch
64 + "${FILESDIR}"/${PN}-0.99.2-tinfo.patch
65 + "${FILESDIR}"/${PN}-0.99.2-bytecode_api.patch
66 + "${FILESDIR}"/${PN}-0.99.2-pcre2-compile-erroffset.patch
67 + "${FILESDIR}"/${PN}-0.99.3-fix-fd-leaks-in-cli_scanscript.patch
68 + "${FILESDIR}"/${PN}-0.99.3-VMSF_DELTA-fix-CVE-2012-6706.patch
69 +)
70 +
71 +pkg_setup() {
72 + enewgroup clamav
73 + enewuser clamav -1 -1 /dev/null clamav
74 +}
75 +
76 +src_prepare() {
77 + default
78 +
79 + eautoconf
80 +}
81 +
82 +src_configure() {
83 + use ppc64 && append-flags -mminimal-toc
84 + use uclibc && export ac_cv_type_error_t=yes
85 +
86 + econf \
87 + $(use_enable bzip2) \
88 + $(use_enable clamdtop) \
89 + $(use_enable ipv6) \
90 + $(use_enable milter) \
91 + $(use_enable static-libs static) \
92 + $(use_with iconv) \
93 + $(use_with metadata-analysis-api libjson /usr) \
94 + --cache-file="${S}"/config.cache \
95 + --disable-experimental \
96 + --disable-gcc-vcheck \
97 + --disable-zlib-vcheck \
98 + --enable-id-check \
99 + --with-dbdir="${EPREFIX}"/var/lib/clamav \
100 + --with-system-tommath \
101 + --with-zlib="${EPREFIX}"/usr
102 +}
103 +
104 +src_install() {
105 + default
106 +
107 + rm -rf "${ED}"/var/lib/clamav
108 + newinitd "${FILESDIR}"/clamd.initd-r6 clamd
109 + newconfd "${FILESDIR}"/clamd.conf-r1 clamd
110 +
111 + systemd_dotmpfilesd "${FILESDIR}/tmpfiles.d/clamav.conf"
112 + systemd_newunit "${FILESDIR}/clamd_at.service" "clamd@.service"
113 + systemd_dounit "${FILESDIR}/clamd.service"
114 + systemd_dounit "${FILESDIR}/freshclamd.service"
115 +
116 + keepdir /var/lib/clamav
117 + fowners clamav:clamav /var/lib/clamav
118 + keepdir /var/log/clamav
119 + fowners clamav:clamav /var/log/clamav
120 +
121 + dodir /etc/logrotate.d
122 + insinto /etc/logrotate.d
123 + newins "${FILESDIR}"/clamav.logrotate clamav
124 +
125 + # Modify /etc/{clamd,freshclam}.conf to be usable out of the box
126 + sed -i -e "s:^\(Example\):\# \1:" \
127 + -e "s:.*\(PidFile\) .*:\1 ${EPREFIX}/var/run/clamav/clamd.pid:" \
128 + -e "s:.*\(LocalSocket\) .*:\1 ${EPREFIX}/var/run/clamav/clamd.sock:" \
129 + -e "s:.*\(User\) .*:\1 clamav:" \
130 + -e "s:^\#\(LogFile\) .*:\1 ${EPREFIX}/var/log/clamav/clamd.log:" \
131 + -e "s:^\#\(LogTime\).*:\1 yes:" \
132 + -e "s:^\#\(AllowSupplementaryGroups\).*:\1 yes:" \
133 + "${ED}"/etc/clamd.conf.sample || die
134 + sed -i -e "s:^\(Example\):\# \1:" \
135 + -e "s:.*\(PidFile\) .*:\1 ${EPREFIX}/var/run/clamav/freshclam.pid:" \
136 + -e "s:.*\(DatabaseOwner\) .*:\1 clamav:" \
137 + -e "s:^\#\(UpdateLogFile\) .*:\1 ${EPREFIX}/var/log/clamav/freshclam.log:" \
138 + -e "s:^\#\(NotifyClamd\).*:\1 ${EPREFIX}/etc/clamd.conf:" \
139 + -e "s:^\#\(ScriptedUpdates\).*:\1 yes:" \
140 + -e "s:^\#\(AllowSupplementaryGroups\).*:\1 yes:" \
141 + "${ED}"/etc/freshclam.conf.sample || die
142 +
143 + if use milter ; then
144 + # MilterSocket one to include ' /' because there is a 2nd line for
145 + # inet: which we want to leave
146 + dodoc "${FILESDIR}"/clamav-milter.README.gentoo
147 + sed -i -e "s:^\(Example\):\# \1:" \
148 + -e "s:.*\(PidFile\) .*:\1 ${EPREFIX}/var/run/clamav/clamav-milter.pid:" \
149 + -e "s+^\#\(ClamdSocket\) .*+\1 unix:${EPREFIX}/var/run/clamav/clamd.sock+" \
150 + -e "s:.*\(User\) .*:\1 clamav:" \
151 + -e "s+^\#\(MilterSocket\) /.*+\1 unix:${EPREFIX}/var/run/clamav/clamav-milter.sock+" \
152 + -e "s:^\#\(AllowSupplementaryGroups\).*:\1 yes:" \
153 + -e "s:^\#\(LogFile\) .*:\1 ${EPREFIX}/var/log/clamav/clamav-milter.log:" \
154 + "${ED}"/etc/clamav-milter.conf.sample || die
155 + cat >> "${ED}"/etc/conf.d/clamd <<-EOF
156 + MILTER_NICELEVEL=19
157 + START_MILTER=no
158 + EOF
159 +
160 + systemd_newunit "${FILESDIR}/clamav-milter.service-r1" clamav-milter.service
161 + fi
162 +
163 + for i in clamd freshclam clamav-milter
164 + do
165 + [[ -f "${D}"/etc/"${i}".conf.sample ]] && mv "${D}"/etc/"${i}".conf{.sample,}
166 + done
167 +
168 + prune_libtool_files --all
169 +}
170 +
171 +src_test() {
172 + emake quick-check
173 +}
174 +
175 +pkg_postinst() {
176 + if use milter ; then
177 + elog "For simple instructions how to setup the clamav-milter read the"
178 + elog "clamav-milter.README.gentoo in /usr/share/doc/${PF}"
179 + fi
180 + if test -z $(find "${ROOT}"var/lib/clamav -maxdepth 1 -name 'main.c*' -print -quit) ; then
181 + ewarn "You must run freshclam manually to populate the virus database files"
182 + ewarn "before starting clamav for the first time.\n"
183 + fi
184 +}
185
186 diff --git a/app-antivirus/clamav/files/clamav-0.99.3-VMSF_DELTA-fix-CVE-2012-6706.patch b/app-antivirus/clamav/files/clamav-0.99.3-VMSF_DELTA-fix-CVE-2012-6706.patch
187 new file mode 100644
188 index 00000000000..90facf6eae0
189 --- /dev/null
190 +++ b/app-antivirus/clamav/files/clamav-0.99.3-VMSF_DELTA-fix-CVE-2012-6706.patch
191 @@ -0,0 +1,186 @@
192 +Apply proposed changes to fix RAR VMSF_DELTA Filter Signedness error (CVE-2012-6706)
193 +
194 +Cherry picked from commit a7d8447bd9a4d5ae1fa970c1849c8caeb5f1a805 [Link 1] and
195 +d4699442bce76574573dc564e7f2177d679b88bd [Link 2].
196 +
197 +Link 1: https://github.com/Cisco-Talos/clamav-devel/commit/a7d8447bd9a4d5ae1fa970c1849c8caeb5f1a805
198 +Link 2: https://github.com/Cisco-Talos/clamav-devel/commit/d4699442bce76574573dc564e7f2177d679b88bd
199 +
200 +--- a/libclamunrar/unrarvm.c
201 ++++ b/libclamunrar/unrarvm.c
202 +@@ -213,17 +213,20 @@ void rarvm_addbits(rarvm_input_t *rarvm_input, int bits)
203 +
204 + unsigned int rarvm_getbits(rarvm_input_t *rarvm_input)
205 + {
206 +- unsigned int bit_field;
207 ++ unsigned int bit_field = 0;
208 +
209 +- if (rarvm_input->in_addr+2 < rarvm_input->buf_size) {
210 ++ if (rarvm_input->in_addr < rarvm_input->buf_size) {
211 + bit_field = (unsigned int) rarvm_input->in_buf[rarvm_input->in_addr] << 16;
212 +- bit_field |= (unsigned int) rarvm_input->in_buf[rarvm_input->in_addr+1] << 8;
213 +- bit_field |= (unsigned int) rarvm_input->in_buf[rarvm_input->in_addr+2];
214 +- bit_field >>= (8-rarvm_input->in_bit);
215 +-
216 +- return (bit_field & 0xffff);
217 ++ if (rarvm_input->in_addr+1 < rarvm_input->buf_size) {
218 ++ bit_field |= (unsigned int) rarvm_input->in_buf[rarvm_input->in_addr+1] << 8;
219 ++ if (rarvm_input->in_addr+2 < rarvm_input->buf_size) {
220 ++ bit_field |= (unsigned int) rarvm_input->in_buf[rarvm_input->in_addr+2];
221 ++ }
222 ++ }
223 + }
224 +- return 0;
225 ++ bit_field >>= (8-rarvm_input->in_bit);
226 ++
227 ++ return (bit_field & 0xffff);
228 + }
229 +
230 + unsigned int rarvm_read_data(rarvm_input_t *rarvm_input)
231 +@@ -311,10 +314,10 @@ static unsigned int *rarvm_get_operand(rarvm_data_t *rarvm_data,
232 + }
233 + }
234 +
235 +-static unsigned int filter_itanium_getbits(unsigned char *data, int bit_pos, int bit_count)
236 ++static unsigned int filter_itanium_getbits(unsigned char *data, unsigned int bit_pos, unsigned int bit_count)
237 + {
238 +- int in_addr=bit_pos/8;
239 +- int in_bit=bit_pos&7;
240 ++ unsigned int in_addr=bit_pos/8;
241 ++ unsigned int in_bit=bit_pos&7;
242 + unsigned int bit_field=(unsigned int)data[in_addr++];
243 + bit_field|=(unsigned int)data[in_addr++] << 8;
244 + bit_field|=(unsigned int)data[in_addr++] << 16;
245 +@@ -323,10 +326,10 @@ static unsigned int filter_itanium_getbits(unsigned char *data, int bit_pos, int
246 + return(bit_field & (0xffffffff>>(32-bit_count)));
247 + }
248 +
249 +-static void filter_itanium_setbits(unsigned char *data, unsigned int bit_field, int bit_pos, int bit_count)
250 ++static void filter_itanium_setbits(unsigned char *data, unsigned int bit_field, unsigned int bit_pos, unsigned int bit_count)
251 + {
252 +- int i, in_addr=bit_pos/8;
253 +- int in_bit=bit_pos&7;
254 ++ unsigned int i, in_addr=bit_pos/8;
255 ++ unsigned int in_bit=bit_pos&7;
256 + unsigned int and_mask=0xffffffff>>(32-bit_count);
257 + and_mask=~(and_mask<<in_bit);
258 +
259 +@@ -343,11 +346,12 @@ static void filter_itanium_setbits(unsigned char *data, unsigned int bit_field,
260 + static void execute_standard_filter(rarvm_data_t *rarvm_data, rarvm_standard_filters_t filter_type)
261 + {
262 + unsigned char *data, cmp_byte2, cur_byte, *src_data, *dest_data;
263 +- int i, j, data_size, channels, src_pos, dest_pos, border, width, PosR;
264 +- int op_type, cur_channel, byte_count, start_pos, pa, pb, pc;
265 ++ unsigned int i, j, data_size, channels, src_pos, dest_pos, border, width, PosR;
266 ++ unsigned int op_type, cur_channel, byte_count, start_pos;
267 ++ int pa, pb, pc;
268 + unsigned int file_offset, cur_pos, predicted;
269 +- int32_t offset, addr;
270 +- const int file_size=0x1000000;
271 ++ uint32_t offset, addr;
272 ++ const unsigned int file_size=0x1000000;
273 +
274 + switch(filter_type) {
275 + case VMSF_E8:
276 +@@ -356,7 +360,7 @@ static void execute_standard_filter(rarvm_data_t *rarvm_data, rarvm_standard_fil
277 + data_size = rarvm_data->R[4];
278 + file_offset = rarvm_data->R[6];
279 +
280 +- if (((unsigned int)data_size >= VM_GLOBALMEMADDR) || (data_size < 4)) {
281 ++ if ((data_size > VM_GLOBALMEMADDR) || (data_size < 4)) {
282 + break;
283 + }
284 +
285 +@@ -367,12 +371,14 @@ static void execute_standard_filter(rarvm_data_t *rarvm_data, rarvm_standard_fil
286 + if (cur_byte==0xe8 || cur_byte==cmp_byte2) {
287 + offset = cur_pos+file_offset;
288 + addr = GET_VALUE(FALSE, data);
289 +- if (addr < 0) {
290 +- if (addr+offset >=0 ) {
291 ++ // We check 0x80000000 bit instead of '< 0' comparison
292 ++ // not assuming int32 presence or uint size and endianness.
293 ++ if ((addr & 0x80000000)!=0) { // addr<0
294 ++ if (((addr+offset) & 0x80000000)==0) { // addr+offset>=0
295 + SET_VALUE(FALSE, data, addr+file_size);
296 + }
297 + } else {
298 +- if (addr<file_size) {
299 ++ if (((addr-file_size) & 0x80000000)!=0) { // addr<file_size
300 + SET_VALUE(FALSE, data, addr-offset);
301 + }
302 + }
303 +@@ -386,7 +392,7 @@ static void execute_standard_filter(rarvm_data_t *rarvm_data, rarvm_standard_fil
304 + data_size = rarvm_data->R[4];
305 + file_offset = rarvm_data->R[6];
306 +
307 +- if (((unsigned int)data_size >= VM_GLOBALMEMADDR) || (data_size < 21)) {
308 ++ if ((data_size > VM_GLOBALMEMADDR) || (data_size < 21)) {
309 + break;
310 + }
311 +
312 +@@ -429,7 +435,7 @@ static void execute_standard_filter(rarvm_data_t *rarvm_data, rarvm_standard_fil
313 + border = data_size*2;
314 +
315 + SET_VALUE(FALSE, &rarvm_data->mem[VM_GLOBALMEMADDR+0x20], data_size);
316 +- if ((unsigned int)data_size >= VM_GLOBALMEMADDR/2) {
317 ++ if (data_size > VM_GLOBALMEMADDR/2 || channels > 1024 || channels == 0) {
318 + break;
319 + }
320 + for (cur_channel=0 ; cur_channel < channels ; cur_channel++) {
321 +@@ -440,7 +446,7 @@ static void execute_standard_filter(rarvm_data_t *rarvm_data, rarvm_standard_fil
322 + }
323 + break;
324 + case VMSF_RGB: {
325 +- const int channels=3;
326 ++ const unsigned int channels=3;
327 + data_size = rarvm_data->R[4];
328 + width = rarvm_data->R[0] - 3;
329 + PosR = rarvm_data->R[1];
330 +@@ -448,15 +454,14 @@ static void execute_standard_filter(rarvm_data_t *rarvm_data, rarvm_standard_fil
331 + dest_data = src_data + data_size;
332 +
333 + SET_VALUE(FALSE, &rarvm_data->mem[VM_GLOBALMEMADDR+0x20], data_size);
334 +- if ((unsigned int)data_size >= VM_GLOBALMEMADDR/2) {
335 ++ if (data_size > VM_GLOBALMEMADDR/2 || data_size < 3 || width > data_size || PosR > 2) {
336 + break;
337 + }
338 + for (cur_channel=0 ; cur_channel < channels; cur_channel++) {
339 + unsigned int prev_byte = 0;
340 + for (i=cur_channel ; i<data_size ; i+=channels) {
341 +- int upper_pos=i-width;
342 +- if (upper_pos >= 3) {
343 +- unsigned char *upper_data = dest_data+upper_pos;
344 ++ if (i >= width+3) {
345 ++ unsigned char *upper_data = dest_data+i-width;
346 + unsigned int upper_byte = *upper_data;
347 + unsigned int upper_left_byte = *(upper_data-3);
348 + predicted = prev_byte+upper_byte-upper_left_byte;
349 +@@ -486,13 +491,14 @@ static void execute_standard_filter(rarvm_data_t *rarvm_data, rarvm_standard_fil
350 + break;
351 + }
352 + case VMSF_AUDIO: {
353 +- int channels=rarvm_data->R[0];
354 ++ unsigned int channels=rarvm_data->R[0];
355 + data_size = rarvm_data->R[4];
356 + src_data = rarvm_data->mem;
357 + dest_data = src_data + data_size;
358 +
359 + SET_VALUE(FALSE, &rarvm_data->mem[VM_GLOBALMEMADDR+0x20], data_size);
360 +- if ((unsigned int)data_size >= VM_GLOBALMEMADDR/2) {
361 ++ // In fact, audio channels never exceed 4.
362 ++ if (data_size > VM_GLOBALMEMADDR/2 || channels > 128 || channels == 0) {
363 + break;
364 + }
365 + for (cur_channel=0 ; cur_channel < channels ; cur_channel++) {
366 +@@ -553,7 +559,7 @@ static void execute_standard_filter(rarvm_data_t *rarvm_data, rarvm_standard_fil
367 + data_size = rarvm_data->R[4];
368 + src_pos = 0;
369 + dest_pos = data_size;
370 +- if ((unsigned int)data_size >= VM_GLOBALMEMADDR/2) {
371 ++ if (data_size > VM_GLOBALMEMADDR/2) {
372 + break;
373 + }
374 + while (src_pos < data_size) {
375 +--
376 +2.16.2
377 +
Report Message
Find on MARC Find on Google Groups