- Update to version 0.100.2:

* bsc#1110723, CVE-2018-15378: Vulnerability in ClamAV's MEW unpacking feature that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. * bsc#1103040, CVE-2018-14680, CVE-2018-14681, CVE-2018-14682: more fixes for embedded libmspack. * Make freshclam more robust against lagging signature mirrors. * On-Access "Extra Scanning", an opt-in minor feature of OnAccess scanning on Linux systems, has been disabled due to a known issue with resource cleanup OnAccessExtraScanning will be re-enabled in a future release when the issue is resolved. In the mean-time, users who enabled the feature in clamd.conf will see a warning informing them that the feature is not active. For details, see: https://bugzilla.clamav.net/show_bug.cgi?id=12048 - Restore exit code compatibility of freshclam with versions before 0.100.0 when the virus database is already up to date (bsc#1104457, clamav-freshclam-exit.patch). OBS-URL: https://build.opensuse.org/package/show/security/clamav?expand=0&rev=177
2018-10-04 09:52:49 +00:00 · 2018-10-04 09:52:49 +00:00 · 16df387343
commit 16df387343
parent c59655e8e2
8 changed files with 67 additions and 26 deletions
--- a/clamav-0.100.1.tar.gz
+++ b/clamav-0.100.1.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:84e026655152247de7237184ee13003701c40be030dd68e0316111049f58a59f
-size 16154415
--- a/clamav-0.100.1.tar.gz.sig
+++ b/clamav-0.100.1.tar.gz.sig
@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQIcBAABAgAGBQJbO66OAAoJEPE/nha8pb+t2SkP/0i9fOLm2FCBs/kRGiGgd4zn
-RxLwsW0Wskf0C/5dLhNHP/aeHSqeWZQdasmIgUzxxGhksp/gxwmH66h5y6qjACU2
-LnDytMr5DuM0rPAfNtOmnCQcpKVXvRA5utboCP7BWBLsfdfi1tF/Sw/JknDzDu5a
-AExBpiclix4EEHa4VkG+pMYpLLYUfxMZgKuq9b3ytWgNbCz0riSugr3hkoL72uRy
-xfrN2S0YkHy1Kw/7zohcHJa1qfPXZ/V6S1iSBCSfk3OTeExJhQIDxlLNTkcBr8L0
-H9Fo6RnQ2ttYtdphKU1suN4spFxBJD94zkOB+0cLfk6sCeYb4BXrqX6t19N+9Z9+
-m2fx2zay12skW/eABFtG82ToWTojCfHhKrRRDZRE8iXh2KUKMUkx7kSjhDRNR9eE
-WIpfAom4vdgDwDOgHwziUqr65l8Dr3NFC1LJl8F0uaFGshbjbtMufD88S0TQCvw6
-pJAZ8ZiTXqtmT9Uyw9aObffA2ekKWOY4k/6Z7ved76GkXC+e922Z+LpRE8wE05Cz
-sqwkzIQMLwwBo3468vB0RFxS14AVyLFVogmYxkhLcZC39yFBZVJF4++efsrlt+vq
-+OoJl7JF1NYp8KSGGAIuNY5dyJGtiu709n7ppU6JAY2uhAzEjHYeqM0caDjPDjT2
-/LK7EO0s7O30HEld5gDC
-=xbrK
-----END PGP SIGNATURE-----
--- a/clamav-0.100.2.tar.gz
+++ b/clamav-0.100.2.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:4a2e4f0cd41e62adb5a713b4a1857c49145cd09a69957e6d946ecad575206dd6
+size 15926420
--- a/clamav-0.100.2.tar.gz.sig
+++ b/clamav-0.100.2.tar.gz.sig
@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIcBAABAgAGBQJbq9rVAAoJEPE/nha8pb+tWtAQAIoac5u7/0ys8qxcVvE/e2R/
+JCZOkCc1BoVonc8yV9z/cn9/CFMoWq/n/pDZyCDKHU5x4rU+FuC1YolaoAyrF1Qi
+bx6byEg36+EPj/bz9Gp7C13oPAnNSN5vNU1Tpdgz57zxTZ+91aO9SWWiQuIRHZxa
+uNgjvUt55bhIRl6RggrCl1nmvL9OOyA0Vco0BdPZMUj/+hHMfmFHCWLwVzg8LbGq
+DJEKDkxoHXXg77zOAb49VozRKcfLtIPKwpu1JD6HxQwEhPvadc+PyVRbmfhhfrfx
+uFX/HXXSTo23zlgPFXG5K/GPhss8yUbviDZfduxXJENJwuHYvflMPZ5PMyECpTIR
+Kd3Kg6UkFyfUg1AsKx141cRyA8xI+pSCnjHee0rMDRifdCChwMFVrEG/YDmgxA3a
+ehrljZylEaTiT71LwA3RIB8DvTvCfBtRU7HgWsY5+fytPmf3XvugzI/A6c1rPcWs
+nmmvVwc6LInSqFqdEOOqxyOnKNgt+0qmLWHtM0g7Uqo/jfTZGMy1tdMfhSAtER7L
+oqL/r8Ul+/UfbGvbIpS8tWE/KAzQyCJ4wUjyHEGmbWgn1OTyFB8M7EJVXRbrECAP
+cMB6tpORPzNt4ReAsEHhHLE0d4GWuuG29HF8qH+wWspEWCSzXbGZ6zNrGkhFqDvN
+ae/hne2V6DXACNdcQWpG
+=ah8h
+-----END PGP SIGNATURE-----
--- a/clamav-disable-timestamps.patch
+++ b/clamav-disable-timestamps.patch
@ -27,7 +27,7 @@
       strncat(buf, "WARNING: sizeof(fp_digit) == sizeof(fp_word), this build is likely to not work properly.\n", 
 --- configure.orig
 +++ configure
-@@ -800,6 +800,7 @@ FGREP
+@@ -801,6 +801,7 @@ FGREP
 SED
 LIBTOOL
 LIBCLAMAV_VERSION
@ -35,7 +35,7 @@
 EGREP
 GREP
 CPP
-@@ -902,6 +903,7 @@ ac_user_opts='
+@@ -903,6 +904,7 @@ ac_user_opts='
 enable_option_checking
 enable_silent_rules
 enable_dependency_tracking
@ -43,7 +43,7 @@
 enable_static
 enable_shared
 with_pic
-@@ -1616,6 +1618,8 @@ Optional Features:
+@@ -1619,6 +1621,8 @@ Optional Features:
   --disable-dependency-tracking
                           speeds up one-time build
   --enable-static[=PKGS]  build static libraries [default=no]
@ -52,7 +52,7 @@
   --enable-shared[=PKGS]  build shared libraries [default=yes]
   --enable-fast-install[=PKGS]
                           optimize for fast installation [default=yes]
-@@ -5211,6 +5215,26 @@ $as_echo "$ac_cv_safe_to_define___extens
+@@ -5219,6 +5223,26 @@ $as_echo "$ac_cv_safe_to_define___extens
 
   $as_echo "#define _TANDEM_SOURCE 1" >>confdefs.h
 
@ -78,4 +78,4 @@
 +_ACEOF
 
 
- VERSION="0.100.1"
+ VERSION="0.100.2"
--- a/clamav-freshclam-exit.patch
+++ b/clamav-freshclam-exit.patch
@ -0,0 +1,15 @@
+--- freshclam/freshclam.c.orig
+++ freshclam/freshclam.c
+@@ -714,6 +714,12 @@ main (int argc, char **argv)
+             execute ("OnErrorExecute", opt->strarg, opts);
+     }
+ 
+    if (ret == FC_UPTODATE)
+    {
+	/* Restore exit code compatibility with ClamAV < 0.100.0 */
+	ret = 0;
+    }
+
+     if (pidfile)
+     {
+         unlink (pidfile);
--- a/clamav.changes
+++ b/clamav.changes
@ -1,3 +1,27 @@
+-------------------------------------------------------------------
+Thu Oct  4 09:04:01 UTC 2018 - Reinhard Max <max@suse.com>
+
+- Update to version 0.100.2:
+
+  * bsc#1110723, CVE-2018-15378: Vulnerability in ClamAV's MEW
+    unpacking feature that could allow an unauthenticated, remote
+    attacker to cause a denial of service (DoS) condition on an
+    affected device.
+  * bsc#1103040, CVE-2018-14680, CVE-2018-14681, CVE-2018-14682:
+    more fixes for embedded libmspack.
+  * Make freshclam more robust against lagging signature mirrors.
+  * On-Access "Extra Scanning", an opt-in minor feature of
+    OnAccess scanning on Linux systems, has been disabled due to a
+    known issue with resource cleanup OnAccessExtraScanning will
+    be re-enabled in a future release when the issue is
+    resolved. In the mean-time, users who enabled the feature in
+    clamd.conf will see a warning informing them that the feature
+    is not active. For details, see:
+    https://bugzilla.clamav.net/show_bug.cgi?id=12048
+- Restore exit code compatibility of freshclam with versions before
+  0.100.0 when the virus database is already up to date
+  (bsc#1104457, clamav-freshclam-exit.patch).
+
 -------------------------------------------------------------------
 Tue Jul 31 08:43:39 UTC 2018 - max@suse.com

--- a/clamav.spec
+++ b/clamav.spec
@ -12,13 +12,13 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.

-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
 #


 %define clamav_check --enable-check
 Name:           clamav
-Version:        0.100.1
+Version:        0.100.2
 Release:        0
 Summary:        Antivirus Toolkit
 License:        GPL-2.0-only
@ -36,6 +36,7 @@ Patch1:         clamav-conf.patch
 Patch4:         clamav-disable-timestamps.patch
 Patch5:         clamav-obsolete-config.patch
 Patch6:         clamav-disable-yara.patch
+Patch7:         clamav-freshclam-exit.patch
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  bc
@ -111,6 +112,7 @@ that want to make use of libclamav.
 %patch4
 %patch5
 %patch6
+%patch7

 %build
 CFLAGS="-fstack-protector"