pool/clamav
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 1231926 from security

Browse Source 
- fix factory submission (clam.tcl, clamscan.log) (forwarded request 1231922 from AndreasStieger)

OBS-URL: https://build.opensuse.org/request/show/1231926
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/clamav?expand=0&rev=127
This commit is contained in:
Ana Guerrero 2024-12-18 19:11:19 +00:00 committed by Git OBS Bridge
commit 0c3339881d
10 changed files with 84 additions and 2293 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2255
1305.patch
View File

File diff suppressed because it is too large Load Diff

3
clamav-1.3.1.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:12a3035bf26f55f71e3106a51a5fa8d7b744572df98a63920a9cff876a7dcce4
size 54554712

16
clamav-1.3.1.tar.gz.sig
View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIcBAABAgAGBQJmH9VrAAoJEMzg39Iewam/XfwP/ic9ZUe5KxhdFroBzjm4arRp
+/oMZ68d5sa5TVyDvCDOa1b+ttcV7KtUw6/h3itPKAJ4DHt9gq1qtFK9C5GSjIgI
jGCzwOzD0tPM56hPQQ5fo6md9fb5np1UQAG+tKmd02v1Yq80eQTimdpQr6TuHcI7
PBg7ku7c3lfqmXgGbb+AsBQr/x+MJTN8QH2VUP3L6iUkl96iSaYN9FTr0VkjeU13
Ir77fXd4jfcgpBdSJtLjBuCBpjyCSvw2x0Vp3TIjKi4FRGp5x0YkAdoQ/UDMh4+Y
u1gICsROL967/9gEr4d7zwBv5UNPDWO4HNUC5+uBurUfF1WCoF0WAqtuzNpdAYGE
2sMQc7HnRJKo6KchtU5kLZeAqgqL+k70VBTBjgqdi4YzvsX62SatJPHdRvkaf00H
LojUD7f0CpPFtkfftZ16SPAb65x3mtdFfYSXaIVKhWsTJoCFy/HnuXNWnW4W/HwX
RSQTFE3rUad/MEhJzfo8debwVWPAHf4RrNmkOkQ/co/NswUB+3rsZLpcj3ULEcqL
WDx8/lPDZsyvaosB4JIZLJaECq8TTUZswHsV/K7vdO/S994Ndc+QhXPF75lg33hu
eCIUF/6ZxMfKyeJre3KWeUmBKRMZZ4WJ6MEmSomL2BSYLSeRkvHY21v9InOK0w1f
VUaK04HxPJTun12AFAZk
=9gDC
-----END PGP SIGNATURE-----

3
clamav-1.4.1.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:a318e780ac39a6b3d6c46971382f96edde97ce48b8e361eb80e63415ed416ad8
size 50078871

16
clamav-1.4.1.tar.gz.sig Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIcBAABAgAGBQJm12IWAAoJEMzg39Iewam/rIQQAKv+zANPKfIta+VJRKkD0Wxa
LJGDBKKifqyM1HiR+YxGMUuElgmpRvozfZ7ifBGvz/IxjPmUag/BNfOl4JVsSAnL
WsOhUMSEYxLtpJUywFakI58O/yDSvYlpzfcks0nAIjfeQkhTz0vqqYlyEXR7aDCe
G/5yOGJtuwAiKclgLCTwqlevZ15ff+3z/UIJ9yAfqM9WPXPQA/lJk1Mp1FmIwVfw
T/0p8kJJj4Z8aH+jXqOXrKnw9L4Acig3axSneN8QcL5tNosMAQOxhkQuYc6g4V+h
vDX7N3G5UdPo6jpGoF8NmLu2VFGfWEymBzftMqYZ84Jli9t9RGN8UBEueGERjMsh
9/3NSAdxeDlR5ELB565a+x/pIOOjovERZdXs9UW8U8NXPeDnIuTTFnqip3e21OGY
WP3ioP85ixzLFDfZVTaLN97ym2+STiPt+KN7QBEUW0cP/wJFlEcXgRHyY3uQ/iET
grCTApBuNdOzzgm9lSka653AexhaFTAXtp4NJ5xXThQcFzJ+urDAc6LfPzyknHDx
+lfI5bMeW9I6E7CbkFOELqInzAk6uMZFxbp4Qte8so3GFdCTPtFVTbS4v+Ctx3oi
r6oIEFLzhbbNz8lX4JrmXTO1WLiy8uoS4xCEEpITAG9iDvPZ2N7iaTiBgI1B4jNN
W/t/iIUkO7udL0eyZBzF
=6wKd
-----END PGP SIGNATURE-----

10
clamav-conf.patch
View File

@ -123,7 +123,7 @@
# Stop daemon when libclamav reports out of memory condition. # Stop daemon when libclamav reports out of memory condition.
#ExitOnOOM yes #ExitOnOOM yes
@@ -708,7 +704,7 @@ Example @@ -727,7 +723,7 @@ Example
# multiple OnAccessIncludePath directives but each directory must be added # multiple OnAccessIncludePath directives but each directory must be added
# in a separate line. # in a separate line.
# Default: disabled # Default: disabled
@ -132,7 +132,7 @@
#OnAccessIncludePath /students #OnAccessIncludePath /students
# Set the exclude paths. All subdirectories are also excluded. # Set the exclude paths. All subdirectories are also excluded.
@@ -778,7 +774,7 @@ Example @@ -797,7 +793,7 @@ Example
# It has the same potential race condition limitations of the # It has the same potential race condition limitations of the
# OnAccessExcludeUID option. # OnAccessExcludeUID option.
# Default: disabled # Default: disabled
@ -156,8 +156,8 @@
- -
# Path to the database directory. # Path to the database directory.
# WARNING: It must match clamd.conf's directive! # WARNING: It must match clamd.conf's directive!
# Default: hardcoded (depends on installation options) # WARNING: It must already exist, be an absolute path, be writeable by
@@ -52,12 +48,12 @@ Example @@ -54,12 +50,12 @@ Example
# It is recommended that the directory where this file is stored is # It is recommended that the directory where this file is stored is
# also owned by root to keep other users from tampering with it. # also owned by root to keep other users from tampering with it.
# Default: disabled # Default: disabled
@ -172,7 +172,7 @@
# Use DNS to verify virus database version. FreshClam uses DNS TXT records # Use DNS to verify virus database version. FreshClam uses DNS TXT records
# to verify database and software versions. With this directive you can change # to verify database and software versions. With this directive you can change
@@ -148,7 +144,7 @@ DatabaseMirror database.clamav.net @@ -150,7 +146,7 @@ DatabaseMirror database.clamav.net
# Send the RELOAD command to clamd. # Send the RELOAD command to clamd.
# Default: no # Default: no

14
clamav-format.patch
View File

@ -64,7 +64,7 @@
} }
--- libclamav/pe.c.orig --- libclamav/pe.c.orig
+++ libclamav/pe.c +++ libclamav/pe.c
@@ -5185,12 +5185,12 @@ cl_error_t cli_peheader(fmap_t *map, str @@ -5117,12 +5117,12 @@ cl_error_t cli_peheader(fmap_t *map, str
/* If a section is truncated, adjust its size value */ /* If a section is truncated, adjust its size value */
if (!CLI_ISCONTAINED_0_TO(fsize, section->raw, section->rsz)) { if (!CLI_ISCONTAINED_0_TO(fsize, section->raw, section->rsz)) {
@ -81,7 +81,7 @@
} }
--- libfreshclam/libfreshclam_internal.c.orig --- libfreshclam/libfreshclam_internal.c.orig
+++ libfreshclam/libfreshclam_internal.c +++ libfreshclam/libfreshclam_internal.c
@@ -226,7 +226,7 @@ fc_error_t load_freshclam_dat(void) @@ -229,7 +229,7 @@ fc_error_t load_freshclam_dat(void)
if (-1 == lseek(handle, strlen(MIRRORS_DAT_MAGIC), SEEK_SET)) { if (-1 == lseek(handle, strlen(MIRRORS_DAT_MAGIC), SEEK_SET)) {
char error_message[260]; char error_message[260];
cli_strerror(errno, error_message, 260); cli_strerror(errno, error_message, 260);
@ -92,7 +92,7 @@
--- unit_tests/check_clamav.c.orig --- unit_tests/check_clamav.c.orig
+++ unit_tests/check_clamav.c +++ unit_tests/check_clamav.c
@@ -1939,7 +1939,7 @@ void diff_file_mem(int fd, const char *r @@ -1925,7 +1925,7 @@ void diff_file_mem(int fd, const char *r
ck_assert_msg(!!buf, "unable to malloc buffer: %zu", len); ck_assert_msg(!!buf, "unable to malloc buffer: %zu", len);
p = read(fd, buf, len); p = read(fd, buf, len);
@ -101,7 +101,7 @@
p = 0; p = 0;
while (len > 0) { while (len > 0) {
c1 = ref[p]; c1 = ref[p];
@@ -1950,10 +1950,10 @@ void diff_file_mem(int fd, const char *r @@ -1936,10 +1936,10 @@ void diff_file_mem(int fd, const char *r
len--; len--;
} }
if (len > 0) if (len > 0)
@ -114,7 +114,7 @@
close(fd); close(fd);
} }
@@ -1969,7 +1969,7 @@ void diff_files(int fd, int ref_fd) @@ -1955,7 +1955,7 @@ void diff_files(int fd, int ref_fd)
ck_assert_msg(lseek(ref_fd, 0, SEEK_SET) == 0, "lseek failed"); ck_assert_msg(lseek(ref_fd, 0, SEEK_SET) == 0, "lseek failed");
nread = read(ref_fd, ref, siz); nread = read(ref_fd, ref, siz);
@ -154,7 +154,7 @@
rc = memcmp(p, expect, expect_len); rc = memcmp(p, expect, expect_len);
--- libclamav/others_common.c.orig --- libclamav/others_common.c.orig
+++ libclamav/others_common.c +++ libclamav/others_common.c
@@ -312,7 +312,7 @@ char *cli_strdup(const char *s) @@ -362,7 +362,7 @@ char *cli_safer_strdup(const char *s)
} }
alloc = strdup(s); alloc = strdup(s);
@ -162,4 +162,4 @@
+ +
if (!alloc) { if (!alloc) {
perror("strdup_problem"); perror("strdup_problem");
cli_errmsg("cli_strdup(): Can't allocate memory (%u bytes).\n", (unsigned int)strlen(s)); cli_errmsg("cli_safer_strdup(): Can't allocate memory (%u bytes).\n", (unsigned int)strlen(s));

2
clamav-obsolete-config.patch
View File

@ -1,6 +1,6 @@
--- common/optparser.c.orig --- common/optparser.c.orig
+++ common/optparser.c +++ common/optparser.c
@@ -598,6 +598,13 @@ const struct clam_option __clam_options[ @@ -602,6 +602,13 @@ const struct clam_option __clam_options[
{"MailFollowURLs", "mail-follow-urls", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, -1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN | OPT_DEPRECATED, "", ""}, {"MailFollowURLs", "mail-follow-urls", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, -1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN | OPT_DEPRECATED, "", ""},
{"AllowSupplementaryGroups", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_MILTER | OPT_DEPRECATED, "Initialize a supplementary group access (the process must be started by root).", "no"}, {"AllowSupplementaryGroups", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_MILTER | OPT_DEPRECATED, "Initialize a supplementary group access (the process must be started by root).", "no"},
{"ScanOnAccess", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, -1, NULL, 0, OPT_CLAMD | OPT_DEPRECATED, "", ""}, {"ScanOnAccess", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, -1, NULL, 0, OPT_CLAMD | OPT_DEPRECATED, "", ""},

48
clamav.changes
View File

@ -1,3 +1,51 @@
-------------------------------------------------------------------
Wed Dec 18 16:00:45 UTC 2024 - Andreas Stieger <andreas.stieger@gmx.de>
- fix factory submission (clam.tcl, clamscan.log)
-------------------------------------------------------------------
Tue Sep 10 13:05:08 UTC 2024 - Reinhard Max <max@suse.com>
- New version 1.4.1:
* [CVE-2024-20506, bsc#1230162]: Changed the logging module to
disable following symlinks on Linux and Unix systems so as to
prevent an attacker with existing access to the 'clamd' or
'freshclam' services from using a symlink to corrupt system
files.
* [CVE-2024-20505, bsc#1230161]: Fixed a possible out-of-bounds
read bug in the PDF file parser that could cause a
denial-of-service (DoS) condition.
* https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html
- New version 1.4.0:
* Added support for extracting ALZ archives.
* Added support for extracting LHA/LZH archives.
* Added the ability to disable image fuzzy hashing, if needed.
For context, image fuzzy hashing is a detection mechanism
useful for identifying malware by matching images included with
the malware or phishing email/document.
* https://blog.clamav.net/2024/08/clamav-140-feature-release-and-clamav.html
-------------------------------------------------------------------
Wed Sep 4 19:29:48 UTC 2024 - Arjen de Korte <suse+build@de-korte.org>
- New version 1.3.2:
* CVE-2024-20506: Changed the logging module to disable following
symlinks on Linux and Unix systems so as to prevent an attacker
with existing access to the 'clamd' or 'freshclam' services from
using a symlink to corrupt system files.
* CVE-2024-20505: Fixed a possible out-of-bounds read bug in the PDF
file parser that could cause a denial-of-service condition.
* Removed unused Python modules from freshclam tests including
deprecated 'cgi' module that is expected to cause test failures in
Python 3.13.
* Fix unit test caused by expiring signing certificate.
* Fixed a build issue on Windows with newer versions of Rust. Also
upgraded GitHub Actions imports to fix CI failures.
* Fixed an unaligned pointer dereference issue on select architectures.
* Fixes to Jenkins CI pipeline.
- Remove upstreamed 1305.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Jul 29 07:03:44 UTC 2024 - Bernhard Wiedemann <bwiedemann@suse.com> Mon Jul 29 07:03:44 UTC 2024 - Bernhard Wiedemann <bwiedemann@suse.com>

10
clamav.spec
View File

@ -2,6 +2,7 @@
# spec file for package clamav # spec file for package clamav
# #
# Copyright (c) 2024 SUSE LLC # Copyright (c) 2024 SUSE LLC
# Copyright (c) 2024 Andreas Stieger <Andreas.Stieger@gmx.de>
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -25,14 +26,14 @@
%if 0%{?suse_version} <= 1500 %if 0%{?suse_version} <= 1500
%define vgcc 13 %define vgcc 13
%if 0%{?sle_version} < 150400 %if 0%{?sle_version} < 150400
%define vrust 1.69 %define vrust 1.78
%define vcmake 3 %define vcmake 3
%endif %endif
%endif %endif
%global confdir %_prefix%_sysconfdir %global confdir %_prefix%_sysconfdir
Name: clamav Name: clamav
Version: 1.3.1 Version: 1.4.1
Release: 0 Release: 0
Summary: Antivirus Toolkit Summary: Antivirus Toolkit
License: GPL-2.0-only License: GPL-2.0-only
@ -55,15 +56,12 @@ Patch5: clamav-obsolete-config.patch
Patch12: clamav-fips.patch Patch12: clamav-fips.patch
Patch14: clamav-document-maxsize.patch Patch14: clamav-document-maxsize.patch
Patch15: clamav-format.patch Patch15: clamav-format.patch
Patch16: https://github.com/Cisco-Talos/clamav/pull/1305.patch
ExcludeArch: %{arml} ExcludeArch: %{arml}
BuildRequires: cargo%{?vrust} BuildRequires: cargo%{?vrust}
BuildRequires: cmake%{?vcmake} BuildRequires: cmake%{?vcmake}
BuildRequires: gcc%{?vgcc} BuildRequires: gcc%{?vgcc}
BuildRequires: gcc%{?vgcc}-c++ BuildRequires: gcc%{?vgcc}-c++
# temp for Patch16
BuildRequires: git-core
BuildRequires: libbz2-devel BuildRequires: libbz2-devel
BuildRequires: libjson-c-devel BuildRequires: libjson-c-devel
BuildRequires: libopenssl-devel >= 1.0.2 BuildRequires: libopenssl-devel >= 1.0.2
@ -187,7 +185,6 @@ that want to make use of libclamav.
%patch -P 12 %patch -P 12
%patch -P 14 %patch -P 14
%patch -P 15 %patch -P 15
git apply %{PATCH16}
chmod -x docs/html/images/flamegraph.svg chmod -x docs/html/images/flamegraph.svg
%build %build
@ -209,6 +206,7 @@ chmod -x docs/html/images/flamegraph.svg
-DENABLE_CLAMONACC=ON \ -DENABLE_CLAMONACC=ON \
-DENABLE_MILTER=ON \ -DENABLE_MILTER=ON \
-DSYSTEMD_UNIT_DIR=%{_unitdir} \ -DSYSTEMD_UNIT_DIR=%{_unitdir} \
-DPCRE2_LIBRARY=%{_libdir}/libpcre2-8.so \
%if %{without clammspack} %if %{without clammspack}
-DENABLE_EXTERNAL_MSPACK=ON -DENABLE_EXTERNAL_MSPACK=ON
%endif %endif