Update to 0.102.3 (bz#1834910)

Security fixes CVE-2020-3341
2020-05-13 18:34:25 -06:00 · 2020-05-13 18:34:25 -06:00 · ff339dd10d
commit ff339dd10d
parent c899b0eb29
4 changed files with 11 additions and 99 deletions
--- a/0e865c4f0e5ea5c4879681d843a9b93fc871fd90.patch
+++ b/0e865c4f0e5ea5c4879681d843a9b93fc871fd90.patch
@ -1,89 +0,0 @@
-From 0e865c4f0e5ea5c4879681d843a9b93fc871fd90 Mon Sep 17 00:00:00 2001
-From: "Micah Snyder (micasnyd)" <micasnyd@cisco.com>
-Date: Mon, 6 Apr 2020 15:03:20 -0700
-Subject: [PATCH] PDF: Fix error Attempt to allocate 0 bytes
-
-The PDF parser currently prints verbose error messages when attempting
-to shrink a buffer down to actual data length after decoding if it turns
-out that the decoded stream was empty (0 bytes).  With exception to the
-verbose error messages, there's no real behavior issue.
-
-This commit fixes the issue by checking if any bytes were decoded before
-attempting to shrink the buffer.
---
- libclamav/pdfdecode.c | 27 ++++++++++++++++++---------
- 1 file changed, 18 insertions(+), 9 deletions(-)
-
-diff --git a/libclamav/pdfdecode.c b/libclamav/pdfdecode.c
-index 8315f3a761..d63f7b1cd4 100644
--- a/libclamav/pdfdecode.c
-+++ b/libclamav/pdfdecode.c
-@@ -638,8 +638,11 @@ static cl_error_t filter_rldecode(struct pdf_struct *pdf, struct pdf_obj *obj, s
-     }
- 
-     if (rc == CL_SUCCESS) {
-        /* Shrink output buffer to final the decoded data length to minimize RAM usage */
-        if (!(temp = cli_realloc(decoded, declen))) {
-+        if (declen == 0) {
-+            cli_dbgmsg("cli_pdf: empty stream after inflation completed.\n");
-+            rc = CL_BREAK;
-+        } else if (!(temp = cli_realloc(decoded, declen))) {
-+            /* Shrink output buffer to final the decoded data length to minimize RAM usage */
-             cli_errmsg("cli_pdf: cannot reallocate memory for decoded output\n");
-             rc = CL_EMEM;
-         } else {
-@@ -647,7 +650,7 @@ static cl_error_t filter_rldecode(struct pdf_struct *pdf, struct pdf_obj *obj, s
-         }
-     }
- 
-    if (rc == CL_SUCCESS) {
-+    if (rc == CL_SUCCESS || rc == CL_BREAK) {
-         free(token->content);
- 
-         cli_dbgmsg("cli_pdf: decoded %lu bytes from %lu total bytes\n",
-@@ -817,8 +820,11 @@ static cl_error_t filter_flatedecode(struct pdf_struct *pdf, struct pdf_obj *obj
-     (void)inflateEnd(&stream);
- 
-     if (rc == CL_SUCCESS) {
-        /* Shrink output buffer to final the decoded data length to minimize RAM usage */
-        if (!(temp = cli_realloc(decoded, declen))) {
-+        if (declen == 0) {
-+            cli_dbgmsg("cli_pdf: empty stream after inflation completed.\n");
-+            rc = CL_BREAK;
-+        } else if (!(temp = cli_realloc(decoded, declen))) {
-+            /* Shrink output buffer to final the decoded data length to minimize RAM usage */
-             cli_errmsg("cli_pdf: cannot reallocate memory for decoded output\n");
-             rc = CL_EMEM;
-         } else {
-@@ -826,7 +832,7 @@ static cl_error_t filter_flatedecode(struct pdf_struct *pdf, struct pdf_obj *obj
-         }
-     }
- 
-    if (rc == CL_SUCCESS) {
-+    if (rc == CL_SUCCESS || rc == CL_BREAK) {
-         free(token->content);
- 
-         token->content = decoded;
-@@ -1099,8 +1105,11 @@ static cl_error_t filter_lzwdecode(struct pdf_struct *pdf, struct pdf_obj *obj,
-     (void)lzwInflateEnd(&stream);
- 
-     if (rc == CL_SUCCESS) {
-        /* Shrink output buffer to final the decoded data length to minimize RAM usage */
-        if (!(temp = cli_realloc(decoded, declen))) {
-+        if (declen == 0) {
-+            cli_dbgmsg("cli_pdf: empty stream after inflation completed.\n");
-+            rc = CL_BREAK;
-+        } else if (!(temp = cli_realloc(decoded, declen))) {
-+            /* Shrink output buffer to final the decoded data length to minimize RAM usage */
-             cli_errmsg("cli_pdf: cannot reallocate memory for decoded output\n");
-             rc = CL_EMEM;
-         } else {
-@@ -1108,7 +1117,7 @@ static cl_error_t filter_lzwdecode(struct pdf_struct *pdf, struct pdf_obj *obj,
-         }
-     }
- 
-    if (rc == CL_SUCCESS) {
-+    if (rc == CL_SUCCESS || rc == CL_BREAK) {
-         free(token->content);
- 
-         token->content = decoded;
--- a/clamav-clean.sh
+++ b/clamav-clean.sh
@ -1,4 +1,4 @@
-VERSION=0.102.2
+VERSION=0.102.3
 NAME=clamav
 TARBALL_CLEAN=${NAME}-${VERSION}-norar.tar.xz
 TARBALL=${NAME}-${VERSION}.tar.gz
--- a/clamav.spec
+++ b/clamav.spec
@ -40,8 +40,8 @@

 Summary:    End-user tools for the Clam Antivirus scanner
 Name:       clamav
-Version:    0.102.2
-Release:    9%{?dist}
+Version:    0.102.3
+Release:    1%{?dist}
 License:    %{?with_unrar:proprietary}%{!?with_unrar:GPLv2}
 URL:        https://www.clamav.net/
 %if %{with unrar}
@ -64,7 +64,7 @@ Source5:    clamd-README
 #http://database.clamav.net/main.cvd
 Source10:   main-59.cvd
 #http://database.clamav.net/daily.cvd
-Source11:   daily-25719.cvd
+Source11:   daily-25811.cvd
 #http://database.clamav.net/bytecode.cvd
 Source12:   bytecode-331.cvd
 #for clamonacc
@ -91,8 +91,6 @@ Patch1:     clamav-default_confs.patch
 Patch2:     clamav-0.99-private.patch
 # Patch to use EL7 libcurl
 Patch3:     clamav-curl.patch
-# Upstream fix for "Attempt to allocate 0 bytes" while scanning PDFs
-Patch4:     https://github.com/Cisco-Talos/clamav-devel/commit/0e865c4f0e5ea5c4879681d843a9b93fc871fd90.patch

 BuildRequires:  autoconf automake gettext-devel libtool libtool-ltdl-devel
 BuildRequires:  gcc-c++
@ -255,7 +253,6 @@ This package contains files which are needed to run the clamav-milter.
 %patch2 -p1 -b .private
 # Patch to use older libcurl
 %{?el7:%patch3 -p1 -b .curl}
-%patch4 -p1 -b .pdf

 install -p -m0644 %SOURCE300 clamav-milter/

@ -618,6 +615,10 @@ fi


 %changelog
+* Thu May 14 2020 Orion Poplawski <orion@nwra.com> - 0.102.3-1
+- Update to 0.102.3 (bz#1834910)
+- Security fixes CVE-2020-3341
+
 * Sat May 02 2020 Orion Poplawski <orion@nwra.com> - 0.102.2-9
 - Add upstream patch to fix "Attempt to allocate 0 bytes" errors while scanning
  certain PDFs
--- a/6
+++ b/6
@ -1,4 +1,4 @@
-SHA512 (clamav-0.102.2-norar.tar.xz) = e03368f37a3d98c6301924c21cf5af815e01238a022d87f572fcbc8452844e83c5fca92135a88e967a67671fb3b3e3ecb9b621f4937aa4ce44ba4b1c1fe1eedc
-SHA512 (main-59.cvd) = c01792bdb9e07889af04ead91ba49f440cd4510b81b1c83bdfb10c65f099cf29416699f5485cc13b07c4d24195c81abc0b1c4439f5ba6d5d391b7406ba9fe26c
+SHA512 (clamav-0.102.3-norar.tar.xz) = edf7c8405159c5230331e410d45208770b3fa7d4763990dffec20dd2842c92624dcc1ee1ec455e09b61632c2023a4046b8fd73b64baa9babfa4505da6cca9f4a
 SHA512 (bytecode-331.cvd) = 41957106337cb28fd0eb6459bd70ab23b4ce218b3691d592e0f1bc14841696b36b1fbbc4feaef64f7b572b6cbe400f5d44fc4efedd07afe37921a9044a1a8f53
-SHA512 (daily-25719.cvd) = 652320ff562862d7daa93020173ff43791c4b34618b725879b6ce520f8b364687a8ad7a851a4ffe6d4d4631ec2d527641c70c5678a15bf3733b0914ad9c57822
+SHA512 (daily-25811.cvd) = 938bf443d59cbb946aefcd2eabfdb856c8cd6f98ec54f1f8c62fe0633e136e56ca20024ecfb04606e4a5265a5a83d86a76819e66d51e948d8a81cbdcabd5226d
+SHA512 (main-59.cvd) = c01792bdb9e07889af04ead91ba49f440cd4510b81b1c83bdfb10c65f099cf29416699f5485cc13b07c4d24195c81abc0b1c4439f5ba6d5d391b7406ba9fe26c