[Frugalware-darcs] frugalware-0.6: clamav-0.90.2-1terminus2-i686

voroskoi voroskoi at frugalware.org
Sun Jul 1 11:40:58 CEST 2007


Darcsweb-Url: http://darcs.frugalware.org/darcsweb/darcsweb.cgi?r=frugalware-0.6;a=darcs_commitdiff;h=20070701093650-dd049-8112cd06509e789a8292c1679bff81c6bbbda314.gz;

[clamav-0.90.2-1terminus2-i686
voroskoi <voroskoi at frugalware.org>**20070701093650
 secfix bump, closes #2042
] {
addfile ./source/apps-extra/clamav/28_ole2_extract.c.CVE-2007-2650.dpatch.diff
hunk ./source/apps-extra/clamav/28_ole2_extract.c.CVE-2007-2650.dpatch.diff 1
+## 28_ole2_extract.c.CVE-2007-2650.dpatch by <sgran at debian.org>
+Index: libclamav/ole2_extract.c
+===================================================================
+--- a/libclamav/ole2_extract.c	(revision 406)
++++ b/libclamav/ole2_extract.c	(working copy)
+@@ -1,7 +1,7 @@
+ /*
+  *  Extract component parts of OLE2 files (e.g. MS Office Documents)
+  *
+- *  Copyright (C) 2004 trog at uncon.org
++ *  Copyright (C) 2004-2007 trog at uncon.org
+  *
+  *  This code is based on the OpenOffice and libgsf sources.
+  *                  
+@@ -585,6 +585,7 @@
+ 	unsigned char *buff;
+ 	int32_t current_block, ofd, len, offset;
+ 	char *name, *newname;
++	bitset_t *blk_bitset;
+ 
+ 	if (prop->type != 2) {
+ 		/* Not a file */
+@@ -635,14 +636,33 @@
+ 		close(ofd);
+ 		return FALSE;
+ 	}
+-
++	
++	blk_bitset = cli_bitset_init();
++	if (!blk_bitset) {
++		cli_errmsg("ERROR [handler_writefile]: init bitset failed\n");
++		close(ofd);
++		return FALSE;
++	}
+ 	while((current_block >= 0) && (len > 0)) {
++		/* Check we aren't in a loop */
++		if (cli_bitset_test(blk_bitset, (unsigned long) current_block)) {
++			/* Loop in block list */
++			cli_dbgmsg("OLE2: Block list loop detected\n");
++			close(ofd);
++			free(buff);
++			cli_bitset_free(blk_bitset);
++			return FALSE;
++		}
++		if (!cli_bitset_set(blk_bitset, (unsigned long) current_block)) {
++			return FALSE;
++		}			
+ 		if (prop->size < (int64_t)hdr->sbat_cutoff) {
+ 			/* Small block file */
+ 			if (!ole2_get_sbat_data_block(fd, hdr, buff, current_block)) {
+ 				cli_dbgmsg("ole2_get_sbat_data_block failed\n");
+ 				close(ofd);
+ 				free(buff);
++				cli_bitset_free(blk_bitset);
+ 				return FALSE;
+ 			}
+ 			/* buff now contains the block with 8 small blocks in it */
+@@ -650,6 +670,7 @@
+ 			if (cli_writen(ofd, &buff[offset], MIN(len,64)) != MIN(len,64)) {
+ 				close(ofd);
+ 				free(buff);
++				cli_bitset_free(blk_bitset);
+ 				return FALSE;
+ 			}
+ 
+@@ -660,12 +681,14 @@
+ 			if (!ole2_read_block(fd, hdr, buff, current_block)) {
+ 				close(ofd);
+ 				free(buff);
++				cli_bitset_free(blk_bitset);
+ 				return FALSE;
+ 			}
+ 			if (cli_writen(ofd, buff, MIN(len,(1 << hdr->log2_big_block_size))) !=
+ 							MIN(len,(1 << hdr->log2_big_block_size))) {
+ 				close(ofd);
+ 				free(buff);
++				cli_bitset_free(blk_bitset);
+ 				return FALSE;
+ 			}
+ 
+@@ -675,6 +698,7 @@
+ 	}
+ 	close(ofd);
+ 	free(buff);
++	cli_bitset_free(blk_bitset);
+ 	return TRUE;
+ }
+ 
addfile ./source/apps-extra/clamav/29_unsp.c.CVE-2007-3023.dpatch.diff
hunk ./source/apps-extra/clamav/29_unsp.c.CVE-2007-3023.dpatch.diff 1
+## 29_unsp.c.CVE-XXXX-XXXX.dpatch by <sgran at debian.org>
+Index: libclamav/unsp.c
+===================================================================
+--- a/libclamav/unsp.c	(revision 406)
++++ b/libclamav/unsp.c	(working copy)
+@@ -152,7 +151,11 @@
+   
+   dsize = cli_readint32(start_of_stuff+9);
+   ssize = cli_readint32(start_of_stuff+5);
+-  
++  if (ssize <= 13) {
++  	free(table);
++  	return 1;
++  }
++
+   tre = very_real_unpack(table,tablesz,tre,allocsz,firstbyte,src,ssize,dst,dsize);
+   free(table);
+   if (tre) return 1;
+@@ -195,7 +198,7 @@
+   read_struct.oldval = 0;
+   read_struct.src_curr = src;
+   read_struct.bitmap = 0xffffffff;
+-  read_struct.src_end = src + ssize;
++  read_struct.src_end = src + ssize - 13;
+   read_struct.table = (char *)table;
+   read_struct.tablesz = tablesz;
+ 
addfile ./source/apps-extra/clamav/30_unrar.c.CVE-2007-3122_3123.dpatch.diff
hunk ./source/apps-extra/clamav/30_unrar.c.CVE-2007-3122_3123.dpatch.diff 1
+## 30_unrar.c.CVE-XXXX-XXXX.dpatch by <sgran at debian.org>
+Index: libclamav/unrar/unrar.c
+===================================================================
+--- a/libclamav/unrar/unrar.c	(revision 406)
++++ b/libclamav/unrar/unrar.c	(working copy)
+@@ -942,8 +942,8 @@
+ 	}
+ 	if (new_filter) {
+ 		vm_codesize = rarvm_read_data(&rarvm_input);
+-		if (vm_codesize >= 0x1000 || vm_codesize == 0) {
+-			cli_dbgmsg("ERROR: vm_codesize=0x%x\n", vm_codesize);
++		if (vm_codesize >= 0x1000 || vm_codesize == 0 || (vm_codesize > rarvm_input.buf_size)) {
++			cli_dbgmsg("ERROR: vm_codesize=0x%x buf_size=0x%x\n", vm_codesize, rarvm_input.buf_size);
+ 			return FALSE;
+ 		}
+ 		vm_code = (unsigned char *) cli_malloc(vm_codesize);
+@@ -1015,6 +1015,10 @@
+ 		}
+ 		global_data = &stack_filter->prg.global_data[VM_FIXEDGLOBALSIZE];
+ 		for (i=0 ; i< data_size ; i++) {
++			if ((rarvm_input.in_addr+2) > rarvm_input.buf_size) {
++				cli_dbgmsg("Buffer truncated\n");
++				return FALSE;
++			}
+ 			global_data[i] = rarvm_getbits(&rarvm_input) >> 8;
+ 			rar_dbgmsg("global_data[%d] = %d\n", i, global_data[i]);
+ 			rarvm_addbits(&rarvm_input, 8);
+@@ -1635,15 +1639,12 @@
+ 						((state->main_hdr->flags&MHD_SOLID)!=0), state->unpack_data);
+ 			} else {
+ 				if ((state->file_count == 1) && (state->file_header->flags & LHD_SOLID)) {
+-					cli_warnmsg("RAR: First file can't be SOLID.\n");
+-					
+-					free(state->file_header->filename);
+-					free(state->file_header);
+-					return CL_ERAR;
+-				} else {
+-					retval = rar_unpack(state->fd, state->file_header->unpack_ver,
++					cli_warnmsg("RAR: Bad header. First file can't be SOLID.\n");
++					cli_warnmsg("RAR: Clearing flag and continuing.\n");
++					state->file_header->flags -= LHD_SOLID;
++				}
++				retval = rar_unpack(state->fd, state->file_header->unpack_ver,
+ 							state->file_header->flags & LHD_SOLID,	state->unpack_data);
+-				}
+ 			}
+ 			cli_dbgmsg("Expected File CRC: 0x%x\n", state->file_header->file_crc);
+ 			cli_dbgmsg("Computed File CRC: 0x%x\n", state->unpack_data->unp_crc^0xffffffff);
addfile ./source/apps-extra/clamav/31_others.c.CVE-2007-3024.dpatch.diff
hunk ./source/apps-extra/clamav/31_others.c.CVE-2007-3024.dpatch.diff 1
+## 31_others.c.CVE-XXXX-XXXX.dpatch by <sgran at debian.org>
+Index: libclamav/others.c
+===================================================================
+--- a/libclamav/others.c	(revision 406)
++++ b/libclamav/others.c	(working copy)
+@@ -531,16 +531,22 @@
+ char *cli_gentempstream(const char *dir, FILE **fs)
+ {
+ 	char *name;
++	mode_t omask;
+ 
++
+     name = cli_gentempname(dir);
++    if(!name)
++	return NULL;
+ 
+-    if(name && ((*fs = fopen(name, "wb+")) == NULL)) {
++    omask = umask(077);
++    if((*fs = fopen(name, "wb+")) == NULL) {
+ 	cli_dbgmsg("cli_gentempstream(): can't create temp file: %s\n", name);
+         free(name);
+         name = NULL;
+     }
++    umask(omask);
+ 
+-    return(name);
++    return name;
+ }
+ 
+ #ifdef	C_WINDOWS
hunk ./source/apps-extra/clamav/FrugalBuild 6
-pkgrel=1terminus1
+pkgrel=1terminus2
hunk ./source/apps-extra/clamav/FrugalBuild 14
-source=($source rc.clamav rc.clamav-hu.po)
+source=($source rc.clamav rc.clamav-hu.po \
+	28_ole2_extract.c.CVE-2007-2650.dpatch.diff \
+	29_unsp.c.CVE-2007-3023.dpatch.diff \
+	30_unrar.c.CVE-2007-3122_3123.dpatch.diff \
+	31_others.c.CVE-2007-3024.dpatch.diff)
hunk ./source/apps-extra/clamav/FrugalBuild 35
-sha1sums=('ecc72d212a27eef1aa40e61a0b2705e4e42996ce'\
-          '90b22c99927b56992ac05042029d2702db79a8b0'\
-          '57d36966c45adfd6b3ebd10b91874194924ab2c3')
+sha1sums=('ecc72d212a27eef1aa40e61a0b2705e4e42996ce' \
+          '90b22c99927b56992ac05042029d2702db79a8b0' \
+          '57d36966c45adfd6b3ebd10b91874194924ab2c3' \
+          '7f0c1be227dbec90bf4da99506e9c296788e7dd8' \
+          '94e7ebf648f14f822f8ac540998fa48651b27f81' \
+          'd1256bcf5d753cd267a33334486d5bc24b663e71' \
+          '766cd15c0856b328520f603dfe1fd75f84f78621')
}


More information about the Frugalware-darcs mailing list