From 16df387343361f7eafbfe4c29044ca11eb5e23f9d7179edf2365b371b538065d Mon Sep 17 00:00:00 2001 From: Reinhard Max Date: Thu, 4 Oct 2018 09:52:49 +0000 Subject: [PATCH] - Update to version 0.100.2: * bsc#1110723, CVE-2018-15378: Vulnerability in ClamAV's MEW unpacking feature that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. * bsc#1103040, CVE-2018-14680, CVE-2018-14681, CVE-2018-14682: more fixes for embedded libmspack. * Make freshclam more robust against lagging signature mirrors. * On-Access "Extra Scanning", an opt-in minor feature of OnAccess scanning on Linux systems, has been disabled due to a known issue with resource cleanup OnAccessExtraScanning will be re-enabled in a future release when the issue is resolved. In the mean-time, users who enabled the feature in clamd.conf will see a warning informing them that the feature is not active. For details, see: https://bugzilla.clamav.net/show_bug.cgi?id=12048 - Restore exit code compatibility of freshclam with versions before 0.100.0 when the virus database is already up to date (bsc#1104457, clamav-freshclam-exit.patch). OBS-URL: https://build.opensuse.org/package/show/security/clamav?expand=0&rev=177 --- clamav-0.100.1.tar.gz | 3 --- clamav-0.100.1.tar.gz.sig | 16 ---------------- clamav-0.100.2.tar.gz | 3 +++ clamav-0.100.2.tar.gz.sig | 16 ++++++++++++++++ clamav-disable-timestamps.patch | 10 +++++----- clamav-freshclam-exit.patch | 15 +++++++++++++++ clamav.changes | 24 ++++++++++++++++++++++++ clamav.spec | 6 ++++-- 8 files changed, 67 insertions(+), 26 deletions(-) delete mode 100644 clamav-0.100.1.tar.gz delete mode 100644 clamav-0.100.1.tar.gz.sig create mode 100644 clamav-0.100.2.tar.gz create mode 100644 clamav-0.100.2.tar.gz.sig create mode 100644 clamav-freshclam-exit.patch diff --git a/clamav-0.100.1.tar.gz b/clamav-0.100.1.tar.gz deleted file mode 100644 index 64ffae6..0000000 --- a/clamav-0.100.1.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:84e026655152247de7237184ee13003701c40be030dd68e0316111049f58a59f -size 16154415 diff --git a/clamav-0.100.1.tar.gz.sig b/clamav-0.100.1.tar.gz.sig deleted file mode 100644 index c0a7516..0000000 --- a/clamav-0.100.1.tar.gz.sig +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIcBAABAgAGBQJbO66OAAoJEPE/nha8pb+t2SkP/0i9fOLm2FCBs/kRGiGgd4zn -RxLwsW0Wskf0C/5dLhNHP/aeHSqeWZQdasmIgUzxxGhksp/gxwmH66h5y6qjACU2 -LnDytMr5DuM0rPAfNtOmnCQcpKVXvRA5utboCP7BWBLsfdfi1tF/Sw/JknDzDu5a -AExBpiclix4EEHa4VkG+pMYpLLYUfxMZgKuq9b3ytWgNbCz0riSugr3hkoL72uRy -xfrN2S0YkHy1Kw/7zohcHJa1qfPXZ/V6S1iSBCSfk3OTeExJhQIDxlLNTkcBr8L0 -H9Fo6RnQ2ttYtdphKU1suN4spFxBJD94zkOB+0cLfk6sCeYb4BXrqX6t19N+9Z9+ -m2fx2zay12skW/eABFtG82ToWTojCfHhKrRRDZRE8iXh2KUKMUkx7kSjhDRNR9eE -WIpfAom4vdgDwDOgHwziUqr65l8Dr3NFC1LJl8F0uaFGshbjbtMufD88S0TQCvw6 -pJAZ8ZiTXqtmT9Uyw9aObffA2ekKWOY4k/6Z7ved76GkXC+e922Z+LpRE8wE05Cz -sqwkzIQMLwwBo3468vB0RFxS14AVyLFVogmYxkhLcZC39yFBZVJF4++efsrlt+vq -+OoJl7JF1NYp8KSGGAIuNY5dyJGtiu709n7ppU6JAY2uhAzEjHYeqM0caDjPDjT2 -/LK7EO0s7O30HEld5gDC -=xbrK ------END PGP SIGNATURE----- diff --git a/clamav-0.100.2.tar.gz b/clamav-0.100.2.tar.gz new file mode 100644 index 0000000..012c408 --- /dev/null +++ b/clamav-0.100.2.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:4a2e4f0cd41e62adb5a713b4a1857c49145cd09a69957e6d946ecad575206dd6 +size 15926420 diff --git a/clamav-0.100.2.tar.gz.sig b/clamav-0.100.2.tar.gz.sig new file mode 100644 index 0000000..68d4413 --- /dev/null +++ b/clamav-0.100.2.tar.gz.sig @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIcBAABAgAGBQJbq9rVAAoJEPE/nha8pb+tWtAQAIoac5u7/0ys8qxcVvE/e2R/ +JCZOkCc1BoVonc8yV9z/cn9/CFMoWq/n/pDZyCDKHU5x4rU+FuC1YolaoAyrF1Qi +bx6byEg36+EPj/bz9Gp7C13oPAnNSN5vNU1Tpdgz57zxTZ+91aO9SWWiQuIRHZxa +uNgjvUt55bhIRl6RggrCl1nmvL9OOyA0Vco0BdPZMUj/+hHMfmFHCWLwVzg8LbGq +DJEKDkxoHXXg77zOAb49VozRKcfLtIPKwpu1JD6HxQwEhPvadc+PyVRbmfhhfrfx +uFX/HXXSTo23zlgPFXG5K/GPhss8yUbviDZfduxXJENJwuHYvflMPZ5PMyECpTIR +Kd3Kg6UkFyfUg1AsKx141cRyA8xI+pSCnjHee0rMDRifdCChwMFVrEG/YDmgxA3a +ehrljZylEaTiT71LwA3RIB8DvTvCfBtRU7HgWsY5+fytPmf3XvugzI/A6c1rPcWs +nmmvVwc6LInSqFqdEOOqxyOnKNgt+0qmLWHtM0g7Uqo/jfTZGMy1tdMfhSAtER7L +oqL/r8Ul+/UfbGvbIpS8tWE/KAzQyCJ4wUjyHEGmbWgn1OTyFB8M7EJVXRbrECAP +cMB6tpORPzNt4ReAsEHhHLE0d4GWuuG29HF8qH+wWspEWCSzXbGZ6zNrGkhFqDvN +ae/hne2V6DXACNdcQWpG +=ah8h +-----END PGP SIGNATURE----- diff --git a/clamav-disable-timestamps.patch b/clamav-disable-timestamps.patch index d636fd8..656d341 100644 --- a/clamav-disable-timestamps.patch +++ b/clamav-disable-timestamps.patch @@ -27,7 +27,7 @@ strncat(buf, "WARNING: sizeof(fp_digit) == sizeof(fp_word), this build is likely to not work properly.\n", --- configure.orig +++ configure -@@ -800,6 +800,7 @@ FGREP +@@ -801,6 +801,7 @@ FGREP SED LIBTOOL LIBCLAMAV_VERSION @@ -35,7 +35,7 @@ EGREP GREP CPP -@@ -902,6 +903,7 @@ ac_user_opts=' +@@ -903,6 +904,7 @@ ac_user_opts=' enable_option_checking enable_silent_rules enable_dependency_tracking @@ -43,7 +43,7 @@ enable_static enable_shared with_pic -@@ -1616,6 +1618,8 @@ Optional Features: +@@ -1619,6 +1621,8 @@ Optional Features: --disable-dependency-tracking speeds up one-time build --enable-static[=PKGS] build static libraries [default=no] @@ -52,7 +52,7 @@ --enable-shared[=PKGS] build shared libraries [default=yes] --enable-fast-install[=PKGS] optimize for fast installation [default=yes] -@@ -5211,6 +5215,26 @@ $as_echo "$ac_cv_safe_to_define___extens +@@ -5219,6 +5223,26 @@ $as_echo "$ac_cv_safe_to_define___extens $as_echo "#define _TANDEM_SOURCE 1" >>confdefs.h @@ -78,4 +78,4 @@ +_ACEOF - VERSION="0.100.1" + VERSION="0.100.2" diff --git a/clamav-freshclam-exit.patch b/clamav-freshclam-exit.patch new file mode 100644 index 0000000..bc2f4a1 --- /dev/null +++ b/clamav-freshclam-exit.patch @@ -0,0 +1,15 @@ +--- freshclam/freshclam.c.orig ++++ freshclam/freshclam.c +@@ -714,6 +714,12 @@ main (int argc, char **argv) + execute ("OnErrorExecute", opt->strarg, opts); + } + ++ if (ret == FC_UPTODATE) ++ { ++ /* Restore exit code compatibility with ClamAV < 0.100.0 */ ++ ret = 0; ++ } ++ + if (pidfile) + { + unlink (pidfile); diff --git a/clamav.changes b/clamav.changes index 5b964b4..a9c82c7 100644 --- a/clamav.changes +++ b/clamav.changes @@ -1,3 +1,27 @@ +------------------------------------------------------------------- +Thu Oct 4 09:04:01 UTC 2018 - Reinhard Max + +- Update to version 0.100.2: + + * bsc#1110723, CVE-2018-15378: Vulnerability in ClamAV's MEW + unpacking feature that could allow an unauthenticated, remote + attacker to cause a denial of service (DoS) condition on an + affected device. + * bsc#1103040, CVE-2018-14680, CVE-2018-14681, CVE-2018-14682: + more fixes for embedded libmspack. + * Make freshclam more robust against lagging signature mirrors. + * On-Access "Extra Scanning", an opt-in minor feature of + OnAccess scanning on Linux systems, has been disabled due to a + known issue with resource cleanup OnAccessExtraScanning will + be re-enabled in a future release when the issue is + resolved. In the mean-time, users who enabled the feature in + clamd.conf will see a warning informing them that the feature + is not active. For details, see: + https://bugzilla.clamav.net/show_bug.cgi?id=12048 +- Restore exit code compatibility of freshclam with versions before + 0.100.0 when the virus database is already up to date + (bsc#1104457, clamav-freshclam-exit.patch). + ------------------------------------------------------------------- Tue Jul 31 08:43:39 UTC 2018 - max@suse.com diff --git a/clamav.spec b/clamav.spec index 771914b..a6e6bb4 100644 --- a/clamav.spec +++ b/clamav.spec @@ -12,13 +12,13 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # %define clamav_check --enable-check Name: clamav -Version: 0.100.1 +Version: 0.100.2 Release: 0 Summary: Antivirus Toolkit License: GPL-2.0-only @@ -36,6 +36,7 @@ Patch1: clamav-conf.patch Patch4: clamav-disable-timestamps.patch Patch5: clamav-obsolete-config.patch Patch6: clamav-disable-yara.patch +Patch7: clamav-freshclam-exit.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: bc @@ -111,6 +112,7 @@ that want to make use of libclamav. %patch4 %patch5 %patch6 +%patch7 %build CFLAGS="-fstack-protector"