NetBSD Problem Report #54420
From www@netbsd.org Mon Jul 29 14:26:13 2019
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
by mollari.NetBSD.org (Postfix) with ESMTPS id 4DF5F7A167
for <gnats-bugs@gnats.NetBSD.org>; Mon, 29 Jul 2019 14:26:13 +0000 (UTC)
Message-Id: <20190729142612.684127A1D3@mollari.NetBSD.org>
Date: Mon, 29 Jul 2019 14:26:12 +0000 (UTC)
From: prlw1@cam.ac.uk
Reply-To: prlw1@cam.ac.uk
To: gnats-bugs@NetBSD.org
Subject: pkgsrc (wrappers?) break libtool -dlopen
X-Send-Pr-Version: www-1.0
>Number: 54420
>Category: pkg
>Synopsis: pkgsrc (wrappers?) break libtool -dlopen
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: pkg-manager
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Mon Jul 29 14:30:01 +0000 2019
>Last-Modified: Wed Jan 22 00:35:01 +0000 2020
>Originator: Patrick Welche
>Release: NetBSD-8.99.51/amd64 & today's pkgsrc
>Organization:
>Environment:
>Description:
(Not a new problem though)
In essence
libtool --mode=relink -dlopen some.la
gets rewritten to
libtool --mode=relink -dlopen -Lsomepath some.la
at which point libtool complains that -dlopen hasn't been handed an argument.
>How-To-Repeat:
Try to update security/clamav to e.g. version 0.101.2
>Fix:
My guess is that pkgtools/cwrappers/files/bin/fixup-libtool.c:process_option() might be a good place to look.
(For clamav, build from source outside of pkgsrc framework.)
>Audit-Trail:
From: "Patrick Welche" <prlw1@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/54420 CVS commit: pkgsrc/security/clamav
Date: Mon, 5 Aug 2019 14:44:20 +0000
Module Name: pkgsrc
Committed By: prlw1
Date: Mon Aug 5 14:44:20 UTC 2019
Modified Files:
pkgsrc/security/clamav: Makefile Makefile.common PLIST buildlink3.mk
distinfo options.mk
pkgsrc/security/clamav/patches: patch-Makefile.in patch-ab
Log Message:
Update clamav to 0.101.2
Remove rar support to workaround PR pkg/54420
This release includes 3 extra security related bug fixes that do not
apply to prior versions. In addition, it includes a number of minor bug
fixes and improvements.
* Fixes for the following vulnerabilities affecting 0.101.1 and
prior:
+ CVE-2019-1787: An out-of-bounds heap read condition may occur
when scanning PDF documents. The defect is a failure to
correctly keep track of the number of bytes remaining in a
buffer when indexing file data.
+ CVE-2019-1789: An out-of-bounds heap read condition may occur
when scanning PE files (i.e. Windows EXE and DLL files) that
have been packed using Aspack as a result of inadequate
bound-checking.
+ CVE-2019-1788: An out-of-bounds heap write condition may occur
when scanning OLE2 files such as Microsoft Office 97-2003
documents. The invalid write happens when an invalid pointer
is mistakenly used to initialize a 32bit integer to zero. This
is likely to crash the application.
* Fixes for the following ClamAV vulnerabilities:
+ CVE-2018-15378: Vulnerability in ClamAV's MEW unpacking
feature that could allow an unauthenticated, remote attacker
to cause a denial of service (DoS) condition on an affected
device. Reported by Secunia Research at Flexera.
+ Fix for a 2-byte buffer over-read bug in ClamAV's PDF parsing
code. Reported by Alex Gaynor.
* Fixes for the following vulnerabilities in bundled third-party
libraries:
+ CVE-2018-14680: An issue was discovered in mspack/chmd.c in
libmspack before 0.7alpha. It does not reject blank CHM
filenames.
+ CVE-2018-14681: An issue was discovered in kwajd_read_headers
in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file
header extensions could cause a one or two byte overwrite.
+ CVE-2018-14682: An issue was discovered in mspack/chmd.c in
libmspack before 0.7alpha. There is an off-by-one error in the
TOLOWER() macro for CHM decompression.
+ Additionally, 0.100.2 reverted 0.100.1's patch for
CVE-2018-14679, and applied libmspack's version of the fix in
its place.
* Fixes for the following CVE's:
+ CVE-2017-16932: Vulnerability in libxml2 dependency (affects
ClamAV on Windows only).
+ CVE-2018-0360: HWP integer overflow, infinite loop
vulnerability. Reported by Secunia Research at Flexera.
+ CVE-2018-0361: ClamAV PDF object length check, unreasonably
long time to parse relatively small file. Reported by aCaB.
For the full release notes, see:
https://github.com/Cisco-Talos/clamav-devel/blob/clamav-0.101.2/NEWS.md
To generate a diff of this commit:
cvs rdiff -u -r1.50 -r1.51 pkgsrc/security/clamav/Makefile
cvs rdiff -u -r1.10 -r1.11 pkgsrc/security/clamav/Makefile.common
cvs rdiff -u -r1.6 -r1.7 pkgsrc/security/clamav/PLIST
cvs rdiff -u -r1.7 -r1.8 pkgsrc/security/clamav/buildlink3.mk
cvs rdiff -u -r1.27 -r1.28 pkgsrc/security/clamav/distinfo
cvs rdiff -u -r1.5 -r1.6 pkgsrc/security/clamav/options.mk
cvs rdiff -u -r1.4 -r1.5 pkgsrc/security/clamav/patches/patch-Makefile.in
cvs rdiff -u -r1.1.1.1 -r1.2 pkgsrc/security/clamav/patches/patch-ab
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: "Benny Siegert" <bsiegert@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/54420 CVS commit: [pkgsrc-2019Q2] pkgsrc/security/clamav
Date: Thu, 5 Sep 2019 09:26:26 +0000
Module Name: pkgsrc
Committed By: bsiegert
Date: Thu Sep 5 09:26:25 UTC 2019
Modified Files:
pkgsrc/security/clamav [pkgsrc-2019Q2]: Makefile Makefile.common PLIST
buildlink3.mk distinfo options.mk
pkgsrc/security/clamav/patches [pkgsrc-2019Q2]: patch-Makefile.in
patch-ab
Log Message:
Pullup ticket #6036 - requested by taca
security/clamav: security fix
Revisions pulled up:
- security/clamav/Makefile 1.51
- security/clamav/Makefile.common 1.11
- security/clamav/PLIST 1.7
- security/clamav/buildlink3.mk 1.8
- security/clamav/distinfo 1.28
- security/clamav/options.mk 1.6
- security/clamav/patches/patch-Makefile.in 1.5
- security/clamav/patches/patch-ab 1.2
---
Module Name: pkgsrc
Committed By: wiz
Date: Sat Jul 20 22:46:59 UTC 2019
Modified Files:
pkgsrc/security/clamav: Makefile
Log Message:
*: recursive bump for nettle 3.5.1
---
Module Name: pkgsrc
Committed By: prlw1
Date: Mon Aug 5 14:44:20 UTC 2019
Modified Files:
pkgsrc/security/clamav: Makefile Makefile.common PLIST buildlink3.mk
distinfo options.mk
pkgsrc/security/clamav/patches: patch-Makefile.in patch-ab
Log Message:
Update clamav to 0.101.2
Remove rar support to workaround PR pkg/54420
This release includes 3 extra security related bug fixes that do not
apply to prior versions. In addition, it includes a number of minor bug
fixes and improvements.
* Fixes for the following vulnerabilities affecting 0.101.1 and
prior:
+ CVE-2019-1787: An out-of-bounds heap read condition may occur
when scanning PDF documents. The defect is a failure to
correctly keep track of the number of bytes remaining in a
buffer when indexing file data.
+ CVE-2019-1789: An out-of-bounds heap read condition may occur
when scanning PE files (i.e. Windows EXE and DLL files) that
have been packed using Aspack as a result of inadequate
bound-checking.
+ CVE-2019-1788: An out-of-bounds heap write condition may occur
when scanning OLE2 files such as Microsoft Office 97-2003
documents. The invalid write happens when an invalid pointer
is mistakenly used to initialize a 32bit integer to zero. This
is likely to crash the application.
* Fixes for the following ClamAV vulnerabilities:
+ CVE-2018-15378: Vulnerability in ClamAV's MEW unpacking
feature that could allow an unauthenticated, remote attacker
to cause a denial of service (DoS) condition on an affected
device. Reported by Secunia Research at Flexera.
+ Fix for a 2-byte buffer over-read bug in ClamAV's PDF parsing
code. Reported by Alex Gaynor.
* Fixes for the following vulnerabilities in bundled third-party
libraries:
+ CVE-2018-14680: An issue was discovered in mspack/chmd.c in
libmspack before 0.7alpha. It does not reject blank CHM
filenames.
+ CVE-2018-14681: An issue was discovered in kwajd_read_headers
in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file
header extensions could cause a one or two byte overwrite.
+ CVE-2018-14682: An issue was discovered in mspack/chmd.c in
libmspack before 0.7alpha. There is an off-by-one error in the
TOLOWER() macro for CHM decompression.
+ Additionally, 0.100.2 reverted 0.100.1's patch for
CVE-2018-14679, and applied libmspack's version of the fix in
its place.
* Fixes for the following CVE's:
+ CVE-2017-16932: Vulnerability in libxml2 dependency (affects
ClamAV on Windows only).
+ CVE-2018-0360: HWP integer overflow, infinite loop
vulnerability. Reported by Secunia Research at Flexera.
+ CVE-2018-0361: ClamAV PDF object length check, unreasonably
long time to parse relatively small file. Reported by aCaB.
For the full release notes, see:
https://github.com/Cisco-Talos/clamav-devel/blob/clamav-0.101.2/NEWS.md
To generate a diff of this commit:
cvs rdiff -u -r1.48 -r1.48.2.1 pkgsrc/security/clamav/Makefile
cvs rdiff -u -r1.10 -r1.10.12.1 pkgsrc/security/clamav/Makefile.common
cvs rdiff -u -r1.6 -r1.6.44.1 pkgsrc/security/clamav/PLIST
cvs rdiff -u -r1.7 -r1.7.18.1 pkgsrc/security/clamav/buildlink3.mk
cvs rdiff -u -r1.27 -r1.27.2.1 pkgsrc/security/clamav/distinfo
cvs rdiff -u -r1.5 -r1.5.30.1 pkgsrc/security/clamav/options.mk
cvs rdiff -u -r1.4 -r1.4.28.1 \
pkgsrc/security/clamav/patches/patch-Makefile.in
cvs rdiff -u -r1.1.1.1 -r1.1.1.1.72.1 pkgsrc/security/clamav/patches/patch-ab
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: Matthias Ferdinand <mf+ml.pkgsrc-users@netzwerkagentursaarland.de>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: pkg/54420
Date: Tue, 21 Jan 2020 10:32:55 +0100
--3lcZGd9BuhuYXNfi
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Hi,
I created a crude workaround for this problem to be applied to
devel/libtool-base.
Wrappers are presumed to misorder arguments to libtool, leading to build
failure (in "bmake package" phase) for security/clamav (when unrar is
not disabled as it currently is).
This workaround adds a pre-check inside bin/libtool, which reorders
"-dlopen -L./.libs" to "-L./.libs -dlopen" and reexecs.
First try was patching it into m4/libtool.m4, but that failed.
NOTE:
- this is for bash, not sure how recent bash must be. Can it be
assumed that libtool always runs in bash-like shell under pkgsrc?
- cat/head/cp (Makefile patch) may need to be replaced with pkgsrc
vars
With this patch, security/clamav can be reverted to re-enable unrar
support and still build successfully. Leaving unrar disabled in clamav
makes it a security loophole.
Attached file check_dlopen_L_libs_misorder.sh should be placed under
devel/libtool-base/files/
Regards
Matthias Ferdinand
--3lcZGd9BuhuYXNfi
Content-Type: text/plain; charset=utf-8
Content-Disposition: attachment;
filename=patch_pr54420_devel_libtool-base_Makefile
--- devel/libtool-base/Makefile.orig 2020-01-21 10:00:45.295354436 +0100
+++ devel/libtool-base/Makefile 2020-01-21 10:02:14.863354436 +0100
@@ -81,6 +81,7 @@ post-build:
post-install:
${INSTALL_SCRIPT} ${WRKSRC}/shlibtool ${DESTDIR}${PREFIX}/bin/shlibtool
+ cp -p ${DESTDIR}${PREFIX}/bin/libtool ${DESTDIR}${PREFIX}/bin/__libtool && (head -n 1 ${DESTDIR}${PREFIX}/bin/libtool; cat ${FILESDIR}/check_dlopen_L_libs_misorder.sh ${DESTDIR}${PREFIX}/bin/libtool) >${DESTDIR}${PREFIX}/bin/__libtool && mv ${DESTDIR}${PREFIX}/bin/__libtool ${DESTDIR}${PREFIX}/bin/libtool
BUILDLINK_DEPMETHOD.dlcompat= build
--3lcZGd9BuhuYXNfi
Content-Type: application/x-sh
Content-Disposition: attachment; filename="check_dlopen_L_libs_misorder.sh"
Content-Transfer-Encoding: quoted-printable
=0A# crude workaround for PR pkg/54420 (clamav libunrar)=0Afunction ____che=
ck_dlopen_L_libs_misorder ()=0A{ local x y newargv=0A=0A for x in $(se=
q 0 $#); do=0A # echo x: ${!x}=0A y=3D$((x+1))=0A # ec=
ho y: ${!y}=0A if [ "${!x}" =3D "-dlopen" -a "${!y}" =3D "-L./.libs"=
]; then=0A declare -a newargv=0A # newargv indices a=
re 0-based, $1..$# are 1-based; reposition index var y=0A y=3D$(=
(x-1))=0A newargv=3D( ${1+"$@"} )=0A newargv[$y]=3D"-=
L./.libs"=0A newargv[$x]=3D"-dlopen"=0A echo "# modif=
ied at pos. $x"=0A sleep 1=0A exec $0 ${newargv[@]}=
=0A fi=0A done=0A}=0A____check_dlopen_L_libs_misorder ${1+"$@"}=
=0A=0A
--3lcZGd9BuhuYXNfi--
From: Patrick Welche <prlw1@cam.ac.uk>
To: gnats-bugs@netbsd.org
Cc:
Subject: Re: pkg/54420
Date: Tue, 21 Jan 2020 15:31:08 +0000
A hopefully correctly unmunged version of Matthias' script:
# crude workaround for PR pkg/54420 (clamav libunrar)
function ____check_dlopen_L_libs_misorder ()
{ local x y newargv
for x in $(seq 0 $#); do
# echo x: ${!x}
y=$((x+1))
# echo y: ${!y}
if [ "${!x}" = "-dlopen" -a "${!y}" = "-L./.libs" ]; then
declare -a newargv
# newargv indices are 0-based, $1..$
# are 1-based; reposition index var y
y=$((x-1))
newargv=( ${1+"$@"} )
newargv[$y]="-L./.libs"
newargv[$x]="-dlopen"
echo "# modified at pos. $x"
sleep 1
exec $0 ${newargv[@]}
fi
done
}
____check_dlopen_L_libs_misorder ${1+"$@"}
From: Thomas Klausner <wiz@NetBSD.org>
To: NetBSD bugtracking <gnats-bugs@NetBSD.org>
Cc:
Subject: Re: pkg/54420
Date: Tue, 21 Jan 2020 17:00:52 +0100
On Tue, Jan 21, 2020 at 09:35:01AM +0000, Matthias Ferdinand wrote:
> post-install:
> ${INSTALL_SCRIPT} ${WRKSRC}/shlibtool ${DESTDIR}${PREFIX}/bin/shlibtool
> + cp -p ${DESTDIR}${PREFIX}/bin/libtool ${DESTDIR}${PREFIX}/bin/__libtool && (head -n 1 ${DESTDIR}${PREFIX}/bin/libtool; cat ${FILESDIR}/check_dlopen_L_libs_misorder.sh ${DESTDIR}${PREFIX}/bin/libtool) >${DESTDIR}${PREFIX}/bin/__libtool && mv ${DESTDIR}${PREFIX}/bin/__libtool ${DESTDIR}${PREFIX}/bin/libtool
This will probably need a chmod +x for the new libtool script if it is
adopted.
Thomas
From: Joerg Sonnenberger <joerg@bec.de>
To: gnats-bugs@netbsd.org
Cc: pkg-manager@netbsd.org, gnats-admin@netbsd.org, pkgsrc-bugs@netbsd.org,
prlw1@cam.ac.uk
Subject: Re: pkg/54420
Date: Wed, 22 Jan 2020 01:31:04 +0100
Why not just drop -dlopen in first place? I'm trying to remember if we
need it on any platform at all.
Joerg
(Contact us)
$NetBSD: query-full-pr,v 1.46 2020/01/03 16:35:01 leot Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2020
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.