1 |
commit: 69c038dd6c5f79aa46eb92543bed649d50857b66 |
2 |
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org> |
3 |
AuthorDate: Fri Feb 23 19:00:09 2018 +0000 |
4 |
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org> |
5 |
CommitDate: Fri Feb 23 19:00:23 2018 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=69c038dd |
7 |
|
8 |
app-antivirus/clamav: Rev bump to add patch for CVE-2012-6706 |
9 |
|
10 |
...aka VMSF_DELTA Filter Signedness Error. |
11 |
|
12 |
Bug: https://bugs.gentoo.org/623534 |
13 |
Package-Manager: Portage-2.3.24, Repoman-2.3.6 |
14 |
|
15 |
app-antivirus/clamav/clamav-0.99.3-r2.ebuild | 160 ++++++++++++++++++ |
16 |
...lamav-0.99.3-VMSF_DELTA-fix-CVE-2012-6706.patch | 186 +++++++++++++++++++++ |
17 |
2 files changed, 346 insertions(+) |
18 |
|
19 |
diff --git a/app-antivirus/clamav/clamav-0.99.3-r2.ebuild b/app-antivirus/clamav/clamav-0.99.3-r2.ebuild |
20 |
new file mode 100644 |
21 |
index 00000000000..f0977dc5f0f |
22 |
--- /dev/null |
23 |
+++ b/app-antivirus/clamav/clamav-0.99.3-r2.ebuild |
24 |
@@ -0,0 +1,160 @@ |
25 |
+# Copyright 1999-2018 Gentoo Foundation |
26 |
+# Distributed under the terms of the GNU General Public License v2 |
27 |
+ |
28 |
+EAPI=6 |
29 |
+ |
30 |
+inherit autotools eutils flag-o-matic user systemd |
31 |
+ |
32 |
+DESCRIPTION="Clam Anti-Virus Scanner" |
33 |
+HOMEPAGE="http://www.clamav.net/" |
34 |
+SRC_URI="https://www.clamav.net/downloads/production/${P}.tar.gz" |
35 |
+ |
36 |
+LICENSE="GPL-2" |
37 |
+SLOT="0" |
38 |
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~sparc-solaris ~x86-solaris" |
39 |
+IUSE="bzip2 clamdtop iconv ipv6 libressl milter metadata-analysis-api selinux static-libs uclibc" |
40 |
+ |
41 |
+CDEPEND="bzip2? ( app-arch/bzip2 ) |
42 |
+ clamdtop? ( sys-libs/ncurses:0 ) |
43 |
+ iconv? ( virtual/libiconv ) |
44 |
+ metadata-analysis-api? ( dev-libs/json-c:= ) |
45 |
+ milter? ( || ( mail-filter/libmilter mail-mta/sendmail ) ) |
46 |
+ dev-libs/libtommath |
47 |
+ >=sys-libs/zlib-1.2.2:= |
48 |
+ !libressl? ( dev-libs/openssl:0= ) |
49 |
+ libressl? ( dev-libs/libressl:0= ) |
50 |
+ sys-devel/libtool |
51 |
+ || ( dev-libs/libpcre2 >dev-libs/libpcre-6 ) |
52 |
+ !!<app-antivirus/clamav-0.99" |
53 |
+# hard block clamav < 0.99 due to linking problems Bug #567680 |
54 |
+# openssl is now *required* see this link as to why |
55 |
+# http://blog.clamav.net/2014/02/introducing-openssl-as-dependency-to.html |
56 |
+DEPEND="${CDEPEND} |
57 |
+ virtual/pkgconfig" |
58 |
+RDEPEND="${CDEPEND} |
59 |
+ selinux? ( sec-policy/selinux-clamav )" |
60 |
+ |
61 |
+DOCS=( AUTHORS BUGS ChangeLog FAQ INSTALL NEWS README UPGRADE ) |
62 |
+PATCHES=( |
63 |
+ "${FILESDIR}"/${PN}-0.99.2-gcc-6.patch |
64 |
+ "${FILESDIR}"/${PN}-0.99.2-tinfo.patch |
65 |
+ "${FILESDIR}"/${PN}-0.99.2-bytecode_api.patch |
66 |
+ "${FILESDIR}"/${PN}-0.99.2-pcre2-compile-erroffset.patch |
67 |
+ "${FILESDIR}"/${PN}-0.99.3-fix-fd-leaks-in-cli_scanscript.patch |
68 |
+ "${FILESDIR}"/${PN}-0.99.3-VMSF_DELTA-fix-CVE-2012-6706.patch |
69 |
+) |
70 |
+ |
71 |
+pkg_setup() { |
72 |
+ enewgroup clamav |
73 |
+ enewuser clamav -1 -1 /dev/null clamav |
74 |
+} |
75 |
+ |
76 |
+src_prepare() { |
77 |
+ default |
78 |
+ |
79 |
+ eautoconf |
80 |
+} |
81 |
+ |
82 |
+src_configure() { |
83 |
+ use ppc64 && append-flags -mminimal-toc |
84 |
+ use uclibc && export ac_cv_type_error_t=yes |
85 |
+ |
86 |
+ econf \ |
87 |
+ $(use_enable bzip2) \ |
88 |
+ $(use_enable clamdtop) \ |
89 |
+ $(use_enable ipv6) \ |
90 |
+ $(use_enable milter) \ |
91 |
+ $(use_enable static-libs static) \ |
92 |
+ $(use_with iconv) \ |
93 |
+ $(use_with metadata-analysis-api libjson /usr) \ |
94 |
+ --cache-file="${S}"/config.cache \ |
95 |
+ --disable-experimental \ |
96 |
+ --disable-gcc-vcheck \ |
97 |
+ --disable-zlib-vcheck \ |
98 |
+ --enable-id-check \ |
99 |
+ --with-dbdir="${EPREFIX}"/var/lib/clamav \ |
100 |
+ --with-system-tommath \ |
101 |
+ --with-zlib="${EPREFIX}"/usr |
102 |
+} |
103 |
+ |
104 |
+src_install() { |
105 |
+ default |
106 |
+ |
107 |
+ rm -rf "${ED}"/var/lib/clamav |
108 |
+ newinitd "${FILESDIR}"/clamd.initd-r6 clamd |
109 |
+ newconfd "${FILESDIR}"/clamd.conf-r1 clamd |
110 |
+ |
111 |
+ systemd_dotmpfilesd "${FILESDIR}/tmpfiles.d/clamav.conf" |
112 |
+ systemd_newunit "${FILESDIR}/clamd_at.service" "clamd@.service" |
113 |
+ systemd_dounit "${FILESDIR}/clamd.service" |
114 |
+ systemd_dounit "${FILESDIR}/freshclamd.service" |
115 |
+ |
116 |
+ keepdir /var/lib/clamav |
117 |
+ fowners clamav:clamav /var/lib/clamav |
118 |
+ keepdir /var/log/clamav |
119 |
+ fowners clamav:clamav /var/log/clamav |
120 |
+ |
121 |
+ dodir /etc/logrotate.d |
122 |
+ insinto /etc/logrotate.d |
123 |
+ newins "${FILESDIR}"/clamav.logrotate clamav |
124 |
+ |
125 |
+ # Modify /etc/{clamd,freshclam}.conf to be usable out of the box |
126 |
+ sed -i -e "s:^\(Example\):\# \1:" \ |
127 |
+ -e "s:.*\(PidFile\) .*:\1 ${EPREFIX}/var/run/clamav/clamd.pid:" \ |
128 |
+ -e "s:.*\(LocalSocket\) .*:\1 ${EPREFIX}/var/run/clamav/clamd.sock:" \ |
129 |
+ -e "s:.*\(User\) .*:\1 clamav:" \ |
130 |
+ -e "s:^\#\(LogFile\) .*:\1 ${EPREFIX}/var/log/clamav/clamd.log:" \ |
131 |
+ -e "s:^\#\(LogTime\).*:\1 yes:" \ |
132 |
+ -e "s:^\#\(AllowSupplementaryGroups\).*:\1 yes:" \ |
133 |
+ "${ED}"/etc/clamd.conf.sample || die |
134 |
+ sed -i -e "s:^\(Example\):\# \1:" \ |
135 |
+ -e "s:.*\(PidFile\) .*:\1 ${EPREFIX}/var/run/clamav/freshclam.pid:" \ |
136 |
+ -e "s:.*\(DatabaseOwner\) .*:\1 clamav:" \ |
137 |
+ -e "s:^\#\(UpdateLogFile\) .*:\1 ${EPREFIX}/var/log/clamav/freshclam.log:" \ |
138 |
+ -e "s:^\#\(NotifyClamd\).*:\1 ${EPREFIX}/etc/clamd.conf:" \ |
139 |
+ -e "s:^\#\(ScriptedUpdates\).*:\1 yes:" \ |
140 |
+ -e "s:^\#\(AllowSupplementaryGroups\).*:\1 yes:" \ |
141 |
+ "${ED}"/etc/freshclam.conf.sample || die |
142 |
+ |
143 |
+ if use milter ; then |
144 |
+ # MilterSocket one to include ' /' because there is a 2nd line for |
145 |
+ # inet: which we want to leave |
146 |
+ dodoc "${FILESDIR}"/clamav-milter.README.gentoo |
147 |
+ sed -i -e "s:^\(Example\):\# \1:" \ |
148 |
+ -e "s:.*\(PidFile\) .*:\1 ${EPREFIX}/var/run/clamav/clamav-milter.pid:" \ |
149 |
+ -e "s+^\#\(ClamdSocket\) .*+\1 unix:${EPREFIX}/var/run/clamav/clamd.sock+" \ |
150 |
+ -e "s:.*\(User\) .*:\1 clamav:" \ |
151 |
+ -e "s+^\#\(MilterSocket\) /.*+\1 unix:${EPREFIX}/var/run/clamav/clamav-milter.sock+" \ |
152 |
+ -e "s:^\#\(AllowSupplementaryGroups\).*:\1 yes:" \ |
153 |
+ -e "s:^\#\(LogFile\) .*:\1 ${EPREFIX}/var/log/clamav/clamav-milter.log:" \ |
154 |
+ "${ED}"/etc/clamav-milter.conf.sample || die |
155 |
+ cat >> "${ED}"/etc/conf.d/clamd <<-EOF |
156 |
+ MILTER_NICELEVEL=19 |
157 |
+ START_MILTER=no |
158 |
+ EOF |
159 |
+ |
160 |
+ systemd_newunit "${FILESDIR}/clamav-milter.service-r1" clamav-milter.service |
161 |
+ fi |
162 |
+ |
163 |
+ for i in clamd freshclam clamav-milter |
164 |
+ do |
165 |
+ [[ -f "${D}"/etc/"${i}".conf.sample ]] && mv "${D}"/etc/"${i}".conf{.sample,} |
166 |
+ done |
167 |
+ |
168 |
+ prune_libtool_files --all |
169 |
+} |
170 |
+ |
171 |
+src_test() { |
172 |
+ emake quick-check |
173 |
+} |
174 |
+ |
175 |
+pkg_postinst() { |
176 |
+ if use milter ; then |
177 |
+ elog "For simple instructions how to setup the clamav-milter read the" |
178 |
+ elog "clamav-milter.README.gentoo in /usr/share/doc/${PF}" |
179 |
+ fi |
180 |
+ if test -z $(find "${ROOT}"var/lib/clamav -maxdepth 1 -name 'main.c*' -print -quit) ; then |
181 |
+ ewarn "You must run freshclam manually to populate the virus database files" |
182 |
+ ewarn "before starting clamav for the first time.\n" |
183 |
+ fi |
184 |
+} |
185 |
|
186 |
diff --git a/app-antivirus/clamav/files/clamav-0.99.3-VMSF_DELTA-fix-CVE-2012-6706.patch b/app-antivirus/clamav/files/clamav-0.99.3-VMSF_DELTA-fix-CVE-2012-6706.patch |
187 |
new file mode 100644 |
188 |
index 00000000000..90facf6eae0 |
189 |
--- /dev/null |
190 |
+++ b/app-antivirus/clamav/files/clamav-0.99.3-VMSF_DELTA-fix-CVE-2012-6706.patch |
191 |
@@ -0,0 +1,186 @@ |
192 |
+Apply proposed changes to fix RAR VMSF_DELTA Filter Signedness error (CVE-2012-6706) |
193 |
+ |
194 |
+Cherry picked from commit a7d8447bd9a4d5ae1fa970c1849c8caeb5f1a805 [Link 1] and |
195 |
+d4699442bce76574573dc564e7f2177d679b88bd [Link 2]. |
196 |
+ |
197 |
+Link 1: https://github.com/Cisco-Talos/clamav-devel/commit/a7d8447bd9a4d5ae1fa970c1849c8caeb5f1a805 |
198 |
+Link 2: https://github.com/Cisco-Talos/clamav-devel/commit/d4699442bce76574573dc564e7f2177d679b88bd |
199 |
+ |
200 |
+--- a/libclamunrar/unrarvm.c |
201 |
++++ b/libclamunrar/unrarvm.c |
202 |
+@@ -213,17 +213,20 @@ void rarvm_addbits(rarvm_input_t *rarvm_input, int bits) |
203 |
+ |
204 |
+ unsigned int rarvm_getbits(rarvm_input_t *rarvm_input) |
205 |
+ { |
206 |
+- unsigned int bit_field; |
207 |
++ unsigned int bit_field = 0; |
208 |
+ |
209 |
+- if (rarvm_input->in_addr+2 < rarvm_input->buf_size) { |
210 |
++ if (rarvm_input->in_addr < rarvm_input->buf_size) { |
211 |
+ bit_field = (unsigned int) rarvm_input->in_buf[rarvm_input->in_addr] << 16; |
212 |
+- bit_field |= (unsigned int) rarvm_input->in_buf[rarvm_input->in_addr+1] << 8; |
213 |
+- bit_field |= (unsigned int) rarvm_input->in_buf[rarvm_input->in_addr+2]; |
214 |
+- bit_field >>= (8-rarvm_input->in_bit); |
215 |
+- |
216 |
+- return (bit_field & 0xffff); |
217 |
++ if (rarvm_input->in_addr+1 < rarvm_input->buf_size) { |
218 |
++ bit_field |= (unsigned int) rarvm_input->in_buf[rarvm_input->in_addr+1] << 8; |
219 |
++ if (rarvm_input->in_addr+2 < rarvm_input->buf_size) { |
220 |
++ bit_field |= (unsigned int) rarvm_input->in_buf[rarvm_input->in_addr+2]; |
221 |
++ } |
222 |
++ } |
223 |
+ } |
224 |
+- return 0; |
225 |
++ bit_field >>= (8-rarvm_input->in_bit); |
226 |
++ |
227 |
++ return (bit_field & 0xffff); |
228 |
+ } |
229 |
+ |
230 |
+ unsigned int rarvm_read_data(rarvm_input_t *rarvm_input) |
231 |
+@@ -311,10 +314,10 @@ static unsigned int *rarvm_get_operand(rarvm_data_t *rarvm_data, |
232 |
+ } |
233 |
+ } |
234 |
+ |
235 |
+-static unsigned int filter_itanium_getbits(unsigned char *data, int bit_pos, int bit_count) |
236 |
++static unsigned int filter_itanium_getbits(unsigned char *data, unsigned int bit_pos, unsigned int bit_count) |
237 |
+ { |
238 |
+- int in_addr=bit_pos/8; |
239 |
+- int in_bit=bit_pos&7; |
240 |
++ unsigned int in_addr=bit_pos/8; |
241 |
++ unsigned int in_bit=bit_pos&7; |
242 |
+ unsigned int bit_field=(unsigned int)data[in_addr++]; |
243 |
+ bit_field|=(unsigned int)data[in_addr++] << 8; |
244 |
+ bit_field|=(unsigned int)data[in_addr++] << 16; |
245 |
+@@ -323,10 +326,10 @@ static unsigned int filter_itanium_getbits(unsigned char *data, int bit_pos, int |
246 |
+ return(bit_field & (0xffffffff>>(32-bit_count))); |
247 |
+ } |
248 |
+ |
249 |
+-static void filter_itanium_setbits(unsigned char *data, unsigned int bit_field, int bit_pos, int bit_count) |
250 |
++static void filter_itanium_setbits(unsigned char *data, unsigned int bit_field, unsigned int bit_pos, unsigned int bit_count) |
251 |
+ { |
252 |
+- int i, in_addr=bit_pos/8; |
253 |
+- int in_bit=bit_pos&7; |
254 |
++ unsigned int i, in_addr=bit_pos/8; |
255 |
++ unsigned int in_bit=bit_pos&7; |
256 |
+ unsigned int and_mask=0xffffffff>>(32-bit_count); |
257 |
+ and_mask=~(and_mask<<in_bit); |
258 |
+ |
259 |
+@@ -343,11 +346,12 @@ static void filter_itanium_setbits(unsigned char *data, unsigned int bit_field, |
260 |
+ static void execute_standard_filter(rarvm_data_t *rarvm_data, rarvm_standard_filters_t filter_type) |
261 |
+ { |
262 |
+ unsigned char *data, cmp_byte2, cur_byte, *src_data, *dest_data; |
263 |
+- int i, j, data_size, channels, src_pos, dest_pos, border, width, PosR; |
264 |
+- int op_type, cur_channel, byte_count, start_pos, pa, pb, pc; |
265 |
++ unsigned int i, j, data_size, channels, src_pos, dest_pos, border, width, PosR; |
266 |
++ unsigned int op_type, cur_channel, byte_count, start_pos; |
267 |
++ int pa, pb, pc; |
268 |
+ unsigned int file_offset, cur_pos, predicted; |
269 |
+- int32_t offset, addr; |
270 |
+- const int file_size=0x1000000; |
271 |
++ uint32_t offset, addr; |
272 |
++ const unsigned int file_size=0x1000000; |
273 |
+ |
274 |
+ switch(filter_type) { |
275 |
+ case VMSF_E8: |
276 |
+@@ -356,7 +360,7 @@ static void execute_standard_filter(rarvm_data_t *rarvm_data, rarvm_standard_fil |
277 |
+ data_size = rarvm_data->R[4]; |
278 |
+ file_offset = rarvm_data->R[6]; |
279 |
+ |
280 |
+- if (((unsigned int)data_size >= VM_GLOBALMEMADDR) || (data_size < 4)) { |
281 |
++ if ((data_size > VM_GLOBALMEMADDR) || (data_size < 4)) { |
282 |
+ break; |
283 |
+ } |
284 |
+ |
285 |
+@@ -367,12 +371,14 @@ static void execute_standard_filter(rarvm_data_t *rarvm_data, rarvm_standard_fil |
286 |
+ if (cur_byte==0xe8 || cur_byte==cmp_byte2) { |
287 |
+ offset = cur_pos+file_offset; |
288 |
+ addr = GET_VALUE(FALSE, data); |
289 |
+- if (addr < 0) { |
290 |
+- if (addr+offset >=0 ) { |
291 |
++ // We check 0x80000000 bit instead of '< 0' comparison |
292 |
++ // not assuming int32 presence or uint size and endianness. |
293 |
++ if ((addr & 0x80000000)!=0) { // addr<0 |
294 |
++ if (((addr+offset) & 0x80000000)==0) { // addr+offset>=0 |
295 |
+ SET_VALUE(FALSE, data, addr+file_size); |
296 |
+ } |
297 |
+ } else { |
298 |
+- if (addr<file_size) { |
299 |
++ if (((addr-file_size) & 0x80000000)!=0) { // addr<file_size |
300 |
+ SET_VALUE(FALSE, data, addr-offset); |
301 |
+ } |
302 |
+ } |
303 |
+@@ -386,7 +392,7 @@ static void execute_standard_filter(rarvm_data_t *rarvm_data, rarvm_standard_fil |
304 |
+ data_size = rarvm_data->R[4]; |
305 |
+ file_offset = rarvm_data->R[6]; |
306 |
+ |
307 |
+- if (((unsigned int)data_size >= VM_GLOBALMEMADDR) || (data_size < 21)) { |
308 |
++ if ((data_size > VM_GLOBALMEMADDR) || (data_size < 21)) { |
309 |
+ break; |
310 |
+ } |
311 |
+ |
312 |
+@@ -429,7 +435,7 @@ static void execute_standard_filter(rarvm_data_t *rarvm_data, rarvm_standard_fil |
313 |
+ border = data_size*2; |
314 |
+ |
315 |
+ SET_VALUE(FALSE, &rarvm_data->mem[VM_GLOBALMEMADDR+0x20], data_size); |
316 |
+- if ((unsigned int)data_size >= VM_GLOBALMEMADDR/2) { |
317 |
++ if (data_size > VM_GLOBALMEMADDR/2 || channels > 1024 || channels == 0) { |
318 |
+ break; |
319 |
+ } |
320 |
+ for (cur_channel=0 ; cur_channel < channels ; cur_channel++) { |
321 |
+@@ -440,7 +446,7 @@ static void execute_standard_filter(rarvm_data_t *rarvm_data, rarvm_standard_fil |
322 |
+ } |
323 |
+ break; |
324 |
+ case VMSF_RGB: { |
325 |
+- const int channels=3; |
326 |
++ const unsigned int channels=3; |
327 |
+ data_size = rarvm_data->R[4]; |
328 |
+ width = rarvm_data->R[0] - 3; |
329 |
+ PosR = rarvm_data->R[1]; |
330 |
+@@ -448,15 +454,14 @@ static void execute_standard_filter(rarvm_data_t *rarvm_data, rarvm_standard_fil |
331 |
+ dest_data = src_data + data_size; |
332 |
+ |
333 |
+ SET_VALUE(FALSE, &rarvm_data->mem[VM_GLOBALMEMADDR+0x20], data_size); |
334 |
+- if ((unsigned int)data_size >= VM_GLOBALMEMADDR/2) { |
335 |
++ if (data_size > VM_GLOBALMEMADDR/2 || data_size < 3 || width > data_size || PosR > 2) { |
336 |
+ break; |
337 |
+ } |
338 |
+ for (cur_channel=0 ; cur_channel < channels; cur_channel++) { |
339 |
+ unsigned int prev_byte = 0; |
340 |
+ for (i=cur_channel ; i<data_size ; i+=channels) { |
341 |
+- int upper_pos=i-width; |
342 |
+- if (upper_pos >= 3) { |
343 |
+- unsigned char *upper_data = dest_data+upper_pos; |
344 |
++ if (i >= width+3) { |
345 |
++ unsigned char *upper_data = dest_data+i-width; |
346 |
+ unsigned int upper_byte = *upper_data; |
347 |
+ unsigned int upper_left_byte = *(upper_data-3); |
348 |
+ predicted = prev_byte+upper_byte-upper_left_byte; |
349 |
+@@ -486,13 +491,14 @@ static void execute_standard_filter(rarvm_data_t *rarvm_data, rarvm_standard_fil |
350 |
+ break; |
351 |
+ } |
352 |
+ case VMSF_AUDIO: { |
353 |
+- int channels=rarvm_data->R[0]; |
354 |
++ unsigned int channels=rarvm_data->R[0]; |
355 |
+ data_size = rarvm_data->R[4]; |
356 |
+ src_data = rarvm_data->mem; |
357 |
+ dest_data = src_data + data_size; |
358 |
+ |
359 |
+ SET_VALUE(FALSE, &rarvm_data->mem[VM_GLOBALMEMADDR+0x20], data_size); |
360 |
+- if ((unsigned int)data_size >= VM_GLOBALMEMADDR/2) { |
361 |
++ // In fact, audio channels never exceed 4. |
362 |
++ if (data_size > VM_GLOBALMEMADDR/2 || channels > 128 || channels == 0) { |
363 |
+ break; |
364 |
+ } |
365 |
+ for (cur_channel=0 ; cur_channel < channels ; cur_channel++) { |
366 |
+@@ -553,7 +559,7 @@ static void execute_standard_filter(rarvm_data_t *rarvm_data, rarvm_standard_fil |
367 |
+ data_size = rarvm_data->R[4]; |
368 |
+ src_pos = 0; |
369 |
+ dest_pos = data_size; |
370 |
+- if ((unsigned int)data_size >= VM_GLOBALMEMADDR/2) { |
371 |
++ if (data_size > VM_GLOBALMEMADDR/2) { |
372 |
+ break; |
373 |
+ } |
374 |
+ while (src_pos < data_size) { |
375 |
+-- |
376 |
+2.16.2 |
377 |
+ |