Accepting request 803374 from home:adkorte

- Update to 0.102.3
  * CVE-2020-3327: Fix a vulnerability in the ARJ archive parsing
    module in ClamAV 0.102.2 that could cause a Denial-of-Service (DoS)
    condition. Improper bounds checking of an unsigned variable results
    in an out-of-bounds read which causes a crash.
  * CVE-2020-3341: Fix a vulnerability in the PDF parsing module in
    ClamAV 0.101 - 0.102.2 that could cause a Denial-of-Service (DoS)
    condition. Improper size checking of a buffer used to initialize AES
    decryption routines results in an out-of-bounds read which may cause
    a crash.
  * Fix "Attempt to allocate 0 bytes" error when parsing some PDF
    documents.
  * Fix a couple of minor memory leaks.
  * Updated libclamunrar to UnRAR 5.9.2.

OBS-URL: https://build.opensuse.org/request/show/803374
OBS-URL: https://build.opensuse.org/package/show/security/clamav?expand=0&rev=205

clamav-0.102.2.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:89fcdcc0eba329ca84d270df09d2bb89ae55f5024b0c3bddb817512fb2c907d3
-size 13227538

clamav-0.102.2.tar.gz.sig

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIcBAABAgAGBQJeOZwdAAoJEPE/nha8pb+tyTUP/A2vRvLI6+2QycpNvK8ByvMF
-sh8w0f96FP4eYVezTtLI/YcciApKyexVJpopkG55K/dG6spC12WUDVSj+Vd/N3n6
-qTEKSCarUYxA3/Dh5wa+OJdf+EhrB2BPWyNQ7aY+IbbkXhjHep7zMg9XXtmSAans
-VDLpqXwAIO5cn3Xft2gb8v21VtWjDGbAIG9FSHennp++1jF3xHo8k4tmWIWGRQxn
-Bmx2q1D2tCGii/HTMSVFLl6MzKzPtQfNDNMptWyNqyMzh5L7GtqKYlF0I6lc33e8
-uHi0NnFRV+6jcWsztYpkugDunx+MHgz1kIpz6Bb63yNyHiS+g4guprTcW1OigNQ5
-8SdXrdbBrSjreNBzG0KBasQ63eLVjAuqLNDcuFJUKqInp9Xen6iVG4dRluZdqRBy
-efhptqHLuQcIeb3bPMOeSgs5cD6jkNCSw++A8tNHeCGFhsbTN2UXCbBHIExPyRG5
-QQX3mBasYG+6ME0lYFZmMD3Z8v76jM0xikZf+Zj8MZtCAZfafsYLMEWdU0Oagw5d
-djO/Ry3+LO+8lXGobbDTEjAr9Aim9HkTWwQRbr32HqydAbky19bI408QZbkd6SwC
-qYKMMdya1Ng1lxUbkgndwFRaRmlQh7G95RO/vKFRvu9N3f/Lmz8VkKSxul0YlRna
-JjZl7wJaWleprydQfqfa
-=p9cv
------END PGP SIGNATURE-----

clamav-0.102.3.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:ed3050c4569989ee7ab54c7b87246b41ed808259632849be0706467442dc0693
+size 13226108

clamav-0.102.3.tar.gz.sig

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIcBAABAgAGBQJeuqCcAAoJEPE/nha8pb+tUXsP/Rq7nf3Z8JA/cakdVVqh1qPq
+rr3+aHXgCK55exapNl/e3rXshqqXyDX0NFH+REf7yb1LArM6W89hZdY4WIcEJ6kt
+FF2UpJTWKmLCQ69uTYUxs3vdN3UjmcRA5AVv4CPevANCY9y8+iNju+HDKlb9fFVC
+aS2wdRNNIARI3C38STt3dYnhi1IHaK2vbld8a9MTN0BYPqFhFtPJjCkUTAG5J0yP
++BQlN/aqtZpQZblY1Bl/um6lTgizdcBikWJ28YxDPCVoWpVuUwDL10hQwtpL9WBB
+ijmA5YuG4t6aHr+VcuFXa90DWnclGHhrNkA3+Pdaa0U/IUI+J8gZQnlEsXL+s67G
+SPaLvKqLPRRN3h8gSfhMzhBCra6l+MMJX/IgGG+yNgxMl7dp72KflCHk54aF6/XG
+LUEIiRvrbiVRh3YyAXJevAluXd8egwIDdE+QPlrZUHE205q8pCDUNYsBV5vYW0Vg
+Drn2swhmXvFhlon/1QLBUqcsfrDNUlq3HhLonNRAuiwJ4162oZSajigfQPgeoUzU
+OF8jm7iNNmq6sjh1huGOKreMxCn0oV3z7nT2UV5ecWpXFGBqe9tiXAg0VL8FBsJN
+yijWJW4X6s3WD3SsjLORubCZ9lwGzG0+q2NlsojZDjdVcP7wk+3IZi+N4bdi46ud
+sF6hgdqC/vPnL7zEHxRJ
+=ecNL
+-----END PGP SIGNATURE-----

clamav-conf.patch

@@ -17,7 +17,7 @@
  # Default: no default
 -#MilterSocket /tmp/clamav-milter.socket
 -#MilterSocket inet:7357
-+MilterSocket /var/run/clamav/clamav-milter-socket
++MilterSocket /run/clamav/clamav-milter-socket
  
  # Define the group ownership for the (unix) milter socket.
  # Default: disabled (the primary group of the user running clamd)
@@ -35,7 +35,7 @@
  #
  # Default: disabled
 -#PidFile /var/run/clamav-milter.pid
-+PidFile /var/run/clamav/clamav-milter.pid
++PidFile /run/clamav/clamav-milter.pid
  
  # Optional path to the global temporary directory.
  # Default: system specific (usually /tmp or /var/tmp).
@@ -44,7 +44,7 @@
  #
  # Default: no default
 -#ClamdSocket tcp:scanner.mydomain:7357
-+ClamdSocket unix:/var/run/clamav/clamd-socket
++ClamdSocket unix:/run/clamav/clamd-socket
  
  
  ##
@@ -100,7 +100,7 @@
  # daemon (main thread).
  # Default: disabled
 -#PidFile /var/run/clamd.pid
-+PidFile /var/run/clamav/clamd.pid
++PidFile /run/clamav/clamd.pid
  
  # Optional path to the global temporary directory.
  # Default: system specific (usually /tmp or /var/tmp).
@@ -109,7 +109,7 @@
  # Path to a local socket file the daemon will listen on.
  # Default: disabled (must be specified by a user)
 -#LocalSocket /tmp/clamd.socket
-+LocalSocket /var/run/clamav/clamd-socket
++LocalSocket /run/clamav/clamd-socket
  
  # Sets the group ownership on the unix socket.
  # Default: disabled (the primary group of the user running clamd)
@@ -176,7 +176,7 @@
  # This option allows you to save the process identifier of the daemon
  # Default: disabled
 -#PidFile /var/run/freshclam.pid
-+PidFile /var/run/clamav/freshclam.pid
++PidFile /run/clamav/freshclam.pid
  
  # By default when started freshclam drops privileges and switches to the
  # "clamav" user. This directive allows you to change the database owner.

clamav-disable-timestamps.patch

@@ -82,4 +82,4 @@ Index: configure
 +_ACEOF
  
  
- VERSION="0.102.2"
+ VERSION="0.102.3"

clamav.changes

@@ -1,3 +1,21 @@
+-------------------------------------------------------------------
+Tue May 12 17:31:15 UTC 2020 - Arjen de Korte <suse+build@de-korte.org>
+
+- Update to 0.102.3
+  * CVE-2020-3327: Fix a vulnerability in the ARJ archive parsing
+    module in ClamAV 0.102.2 that could cause a Denial-of-Service (DoS)
+    condition. Improper bounds checking of an unsigned variable results
+    in an out-of-bounds read which causes a crash.
+  * CVE-2020-3341: Fix a vulnerability in the PDF parsing module in
+    ClamAV 0.101 - 0.102.2 that could cause a Denial-of-Service (DoS)
+    condition. Improper size checking of a buffer used to initialize AES
+    decryption routines results in an out-of-bounds read which may cause
+    a crash.
+  * Fix "Attempt to allocate 0 bytes" error when parsing some PDF
+    documents.
+  * Fix a couple of minor memory leaks.
+  * Updated libclamunrar to UnRAR 5.9.2.
+
 -------------------------------------------------------------------
 Wed Apr  1 10:01:36 UTC 2020 - Martin Pluskal <mpluskal@suse.com>
 

clamav.spec

@@ -19,7 +19,7 @@
 %define clamav_check --enable-check
 %bcond_with clammspack
 Name:           clamav
-Version:        0.102.2
+Version:        0.102.3
 Release:        0
 Summary:        Antivirus Toolkit
 License:        GPL-2.0-only

service.clamd

@@ -7,6 +7,7 @@ Requires=freshclam.service
 Type=forking
 ExecStart=/usr/sbin/clamd
 TimeoutStartSec=5min
+ExecReload=/bin/kill -USR2 $MAINPID
 ;User=vscan
 ;Group=vscan
 ;PrivateTmp=yes