[Frugalware-git] frugalware-0.7: clamav-0.91.2-2sayshell1-x86_64

voroskoi Sun, 20 Jan 2008 03:55:55 -0800

Git-Url: 
http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-0.7.git;a=commitdiff;h=c69672d8143aa174eff7f36376bc96e279af25a6


commit c69672d8143aa174eff7f36376bc96e279af25a6
Author: voroskoi <[EMAIL PROTECTED]>
Date:   Sun Jan 20 12:55:06 2008 +0100

clamav-0.91.2-2sayshell1-x86_64
added fixes for CVE-2007-6335, CVE-2007-6336 and CVE-2007-6337
closes #2679

diff --git a/source/apps-extra/clamav/FrugalBuild 
b/source/apps-extra/clamav/FrugalBuild
index c33cb15..d87e1c6 100644
--- a/source/apps-extra/clamav/FrugalBuild
+++ b/source/apps-extra/clamav/FrugalBuild
@@ -3,7 +3,7 @@

pkgname=clamav
pkgver=0.91.2
-pkgrel=1
+pkgrel=2sayshell1
pkgdesc="Clam AntiVirus is a GPL anti-virus toolkit for UNIX"
depends=('gmp' 'bzip2' 'curl>=7.16.0')
rodepends=('shadow')
@@ -11,10 +11,16 @@ backup=(etc/{freshclam,clamd}.conf)
groups=('apps-extra')
archs=('i686' 'x86_64')
Finclude sourceforge
-source=($source rc.clamav rc.clamav-hu.po)
+source=($source rc.clamav rc.clamav-hu.po \
+       clamav-0.91.2-CVE-2007-6335.patch \
+       clamav-0.91.2-CVE-2007-6336.patch \
+       clamav-0.91.2-CVE-2007-6337.patch)
sha1sums=('f18007c3045a1d78967adad805c6934d46ca6419' \
'90b22c99927b56992ac05042029d2702db79a8b0' \
-          '57d36966c45adfd6b3ebd10b91874194924ab2c3')
+          '57d36966c45adfd6b3ebd10b91874194924ab2c3' \
+          '48707d513348dd87ff74beaff7370a91a097acec' \
+          '482fa318c9d1172c1a2b3a652936e8a417e11817' \
+          'e02199c35043a1811a077e7fb6a7044dd820d12b')

build()
{
diff --git a/source/apps-extra/clamav/clamav-0.91.2-CVE-2007-6335.patch 
b/source/apps-extra/clamav/clamav-0.91.2-CVE-2007-6335.patch
new file mode 100644
index 0000000..d879eb7
--- /dev/null
+++ b/source/apps-extra/clamav/clamav-0.91.2-CVE-2007-6335.patch
@@ -0,0 +1,52 @@
+Thu Dec  6 15:22:27 CET 2007 (tk)
+---------------------------------
+  * libclamav/pe.c: fix possible integer overflow in MEW related code
+                    Reported by iDefense [IDEF2842]
+
+    Backported by <[EMAIL PROTECTED]>
+
+    SVN r3376
+
+Index: clamav-0.91.2/libclamav/pe.c
+===================================================================
+--- clamav-0.91.2.orig/libclamav/pe.c
++++ clamav-0.91.2/libclamav/pe.c
+@@ -80,6 +80,18 @@
+ #define PEALIGN(o,a) (((a))?(((o)/(a))*(a)):(o))
+ #define PESALIGN(o,a) (((a))?(((o)/(a)+((o)%(a)!=0))*(a)):(o))
+
++#define CLI_UNPSIZELIMITS(NAME,CHK) \
++if(ctx->limits && ctx->limits->maxfilesize && (CHK) > 
ctx->limits->maxfilesize) { \
++    cli_dbgmsg(NAME": Sizes exceeded (%lu > %lu)\n", (CHK), 
ctx->limits->maxfilesize); \
++    free(exe_sections); \
++    if(BLOCKMAX) { \
++        *ctx->virname = "PE."NAME".ExceededFileSize"; \
++        return CL_VIRUS; \
++    } else { \
++        return CL_CLEAN; \
++    } \
++}
++
+ extern short cli_leavetemps_flag;
+
+ struct offset_list {
+@@ -1153,16 +1165,9 @@ int cli_scanpe(int desc, cli_ctx *ctx)
+               dsize = exe_sections[i].vsz;
+
+               cli_dbgmsg("MEW: ssize %08x dsize %08x offdiff: %08x\n", ssize, 
dsize, offdiff);
+-              if(ctx->limits && ctx->limits->maxfilesize && (ssize + dsize > 
ctx->limits->maxfilesize || exe_sections[i + 1].rsz > 
ctx->limits->maxfilesize)) {
+-                  cli_dbgmsg("MEW: Sizes exceeded (ssize: %u, dsize: %u, max: 
%lu)\n", ssize, dsize , ctx->limits->maxfilesize);
+-                  free(exe_sections);
+-                  if(BLOCKMAX) {
+-                      *ctx->virname = "PE.MEW.ExceededFileSize";
+-                      return CL_VIRUS;
+-                  } else {
+-                      return CL_CLEAN;
+-                  }
+-              }
++
++              CLI_UNPSIZELIMITS("MEW", MAX(ssize, dsize));
++              CLI_UNPSIZELIMITS("MEW", MAX(ssize + dsize, exe_sections[i + 
1].rsz));
+
+               /* allocate needed buffer */
+               if (!(src = cli_calloc (ssize + dsize, sizeof(char)))) {
diff --git a/source/apps-extra/clamav/clamav-0.91.2-CVE-2007-6336.patch 
b/source/apps-extra/clamav/clamav-0.91.2-CVE-2007-6336.patch
new file mode 100644
index 0000000..41cc474
--- /dev/null
+++ b/source/apps-extra/clamav/clamav-0.91.2-CVE-2007-6336.patch
@@ -0,0 +1,21 @@
+Thu Dec  6 15:15:45 CET 2007 (tk)
+---------------------------------
+  * libclamav/mspack.c: fix off-by-one error in LZX_READ_HUFFSYM() (bb#663)
+
+     https://wwws.clamav.net/bugzilla/show_bug.cgi?id=663
+
+     SVN r3374
+
+Index: clamav-0.91.2/libclamav/mspack.c
+===================================================================
+--- clamav-0.91.2.orig/libclamav/mspack.c
++++ clamav-0.91.2/libclamav/mspack.c
+@@ -734,7 +734,7 @@ void mszip_free(struct mszip_stream *zip
+
+ #define LZX_ENSURE_BITS(nbits)                                              \
+   while (bits_left < (nbits)) {                                         \
+-    if (i_ptr >= i_end) {                                               \
++    if (i_ptr + 1 >= i_end) {                                               \
+       if (lzx_read_input(lzx)) return lzx->error;                      \
+       i_ptr = lzx->i_ptr;                                               \
+       i_end = lzx->i_end;                                               \
diff --git a/source/apps-extra/clamav/clamav-0.91.2-CVE-2007-6337.patch 
b/source/apps-extra/clamav/clamav-0.91.2-CVE-2007-6337.patch
new file mode 100644
index 0000000..71edc47
--- /dev/null
+++ b/source/apps-extra/clamav/clamav-0.91.2-CVE-2007-6337.patch
@@ -0,0 +1,24 @@
+Mon Dec 10 15:54:20 CET 2007 (tk)
+---------------------------------
+  * libclamav/nsis/bzlib_private.h: fix bzlib bug (aCaB)
+
+    SVN r3387
+
+Index: clamav-0.91.2/libclamav/nsis/bzlib_private.h
+===================================================================
+--- clamav-0.91.2.orig/libclamav/nsis/bzlib_private.h
++++ clamav-0.91.2/libclamav/nsis/bzlib_private.h
+@@ -422,11 +422,13 @@ typedef
+ /*-- Macros for decompression. --*/
+
+ #define BZ_GET_FAST(cccc)                     \
++    if (s->tPos >= s->blockSize100k * 100000) return True; \
+     s->tPos = s->tt[s->tPos];                 \
+     cccc = (UChar)(s->tPos & 0xff);           \
+     s->tPos >>= 8;
+
+ #define BZ_GET_FAST_C(cccc)                   \
++    if (c_tPos >= s->blockSize100k * 100000) return True; \
+     c_tPos = c_tt[c_tPos];                    \
+     cccc = (UChar)(c_tPos & 0xff);            \
+     c_tPos >>= 8;
_______________________________________________
Frugalware-git mailing list
[email protected]
http://frugalware.org/mailman/listinfo/frugalware-git

[Frugalware-git] frugalware-0.7: clamav-0.91.2-2sayshell1-x86_64

Reply via email to