diff --git a/clamav-0.102.2.tar.gz b/clamav-0.102.2.tar.gz deleted file mode 100644 index 6ceef16..0000000 --- a/clamav-0.102.2.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:89fcdcc0eba329ca84d270df09d2bb89ae55f5024b0c3bddb817512fb2c907d3 -size 13227538 diff --git a/clamav-0.102.2.tar.gz.sig b/clamav-0.102.2.tar.gz.sig deleted file mode 100644 index 3d6e27f..0000000 --- a/clamav-0.102.2.tar.gz.sig +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIcBAABAgAGBQJeOZwdAAoJEPE/nha8pb+tyTUP/A2vRvLI6+2QycpNvK8ByvMF -sh8w0f96FP4eYVezTtLI/YcciApKyexVJpopkG55K/dG6spC12WUDVSj+Vd/N3n6 -qTEKSCarUYxA3/Dh5wa+OJdf+EhrB2BPWyNQ7aY+IbbkXhjHep7zMg9XXtmSAans -VDLpqXwAIO5cn3Xft2gb8v21VtWjDGbAIG9FSHennp++1jF3xHo8k4tmWIWGRQxn -Bmx2q1D2tCGii/HTMSVFLl6MzKzPtQfNDNMptWyNqyMzh5L7GtqKYlF0I6lc33e8 -uHi0NnFRV+6jcWsztYpkugDunx+MHgz1kIpz6Bb63yNyHiS+g4guprTcW1OigNQ5 -8SdXrdbBrSjreNBzG0KBasQ63eLVjAuqLNDcuFJUKqInp9Xen6iVG4dRluZdqRBy -efhptqHLuQcIeb3bPMOeSgs5cD6jkNCSw++A8tNHeCGFhsbTN2UXCbBHIExPyRG5 -QQX3mBasYG+6ME0lYFZmMD3Z8v76jM0xikZf+Zj8MZtCAZfafsYLMEWdU0Oagw5d -djO/Ry3+LO+8lXGobbDTEjAr9Aim9HkTWwQRbr32HqydAbky19bI408QZbkd6SwC -qYKMMdya1Ng1lxUbkgndwFRaRmlQh7G95RO/vKFRvu9N3f/Lmz8VkKSxul0YlRna -JjZl7wJaWleprydQfqfa -=p9cv ------END PGP SIGNATURE----- diff --git a/clamav-0.102.3.tar.gz b/clamav-0.102.3.tar.gz new file mode 100644 index 0000000..efc4436 --- /dev/null +++ b/clamav-0.102.3.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:ed3050c4569989ee7ab54c7b87246b41ed808259632849be0706467442dc0693 +size 13226108 diff --git a/clamav-0.102.3.tar.gz.sig b/clamav-0.102.3.tar.gz.sig new file mode 100644 index 0000000..c40338a --- /dev/null +++ b/clamav-0.102.3.tar.gz.sig @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIcBAABAgAGBQJeuqCcAAoJEPE/nha8pb+tUXsP/Rq7nf3Z8JA/cakdVVqh1qPq +rr3+aHXgCK55exapNl/e3rXshqqXyDX0NFH+REf7yb1LArM6W89hZdY4WIcEJ6kt +FF2UpJTWKmLCQ69uTYUxs3vdN3UjmcRA5AVv4CPevANCY9y8+iNju+HDKlb9fFVC +aS2wdRNNIARI3C38STt3dYnhi1IHaK2vbld8a9MTN0BYPqFhFtPJjCkUTAG5J0yP ++BQlN/aqtZpQZblY1Bl/um6lTgizdcBikWJ28YxDPCVoWpVuUwDL10hQwtpL9WBB +ijmA5YuG4t6aHr+VcuFXa90DWnclGHhrNkA3+Pdaa0U/IUI+J8gZQnlEsXL+s67G +SPaLvKqLPRRN3h8gSfhMzhBCra6l+MMJX/IgGG+yNgxMl7dp72KflCHk54aF6/XG +LUEIiRvrbiVRh3YyAXJevAluXd8egwIDdE+QPlrZUHE205q8pCDUNYsBV5vYW0Vg +Drn2swhmXvFhlon/1QLBUqcsfrDNUlq3HhLonNRAuiwJ4162oZSajigfQPgeoUzU +OF8jm7iNNmq6sjh1huGOKreMxCn0oV3z7nT2UV5ecWpXFGBqe9tiXAg0VL8FBsJN +yijWJW4X6s3WD3SsjLORubCZ9lwGzG0+q2NlsojZDjdVcP7wk+3IZi+N4bdi46ud +sF6hgdqC/vPnL7zEHxRJ +=ecNL +-----END PGP SIGNATURE----- diff --git a/clamav-conf.patch b/clamav-conf.patch index b644adf..2fa9128 100644 --- a/clamav-conf.patch +++ b/clamav-conf.patch @@ -17,7 +17,7 @@ # Default: no default -#MilterSocket /tmp/clamav-milter.socket -#MilterSocket inet:7357 -+MilterSocket /var/run/clamav/clamav-milter-socket ++MilterSocket /run/clamav/clamav-milter-socket # Define the group ownership for the (unix) milter socket. # Default: disabled (the primary group of the user running clamd) @@ -35,7 +35,7 @@ # # Default: disabled -#PidFile /var/run/clamav-milter.pid -+PidFile /var/run/clamav/clamav-milter.pid ++PidFile /run/clamav/clamav-milter.pid # Optional path to the global temporary directory. # Default: system specific (usually /tmp or /var/tmp). @@ -44,7 +44,7 @@ # # Default: no default -#ClamdSocket tcp:scanner.mydomain:7357 -+ClamdSocket unix:/var/run/clamav/clamd-socket ++ClamdSocket unix:/run/clamav/clamd-socket ## @@ -100,7 +100,7 @@ # daemon (main thread). # Default: disabled -#PidFile /var/run/clamd.pid -+PidFile /var/run/clamav/clamd.pid ++PidFile /run/clamav/clamd.pid # Optional path to the global temporary directory. # Default: system specific (usually /tmp or /var/tmp). @@ -109,7 +109,7 @@ # Path to a local socket file the daemon will listen on. # Default: disabled (must be specified by a user) -#LocalSocket /tmp/clamd.socket -+LocalSocket /var/run/clamav/clamd-socket ++LocalSocket /run/clamav/clamd-socket # Sets the group ownership on the unix socket. # Default: disabled (the primary group of the user running clamd) @@ -176,7 +176,7 @@ # This option allows you to save the process identifier of the daemon # Default: disabled -#PidFile /var/run/freshclam.pid -+PidFile /var/run/clamav/freshclam.pid ++PidFile /run/clamav/freshclam.pid # By default when started freshclam drops privileges and switches to the # "clamav" user. This directive allows you to change the database owner. diff --git a/clamav-disable-timestamps.patch b/clamav-disable-timestamps.patch index 6faa43a..26d2415 100644 --- a/clamav-disable-timestamps.patch +++ b/clamav-disable-timestamps.patch @@ -82,4 +82,4 @@ Index: configure +_ACEOF - VERSION="0.102.2" + VERSION="0.102.3" diff --git a/clamav.changes b/clamav.changes index c182db4..43ca8eb 100644 --- a/clamav.changes +++ b/clamav.changes @@ -1,3 +1,21 @@ +------------------------------------------------------------------- +Tue May 12 17:31:15 UTC 2020 - Arjen de Korte + +- Update to 0.102.3 + * CVE-2020-3327: Fix a vulnerability in the ARJ archive parsing + module in ClamAV 0.102.2 that could cause a Denial-of-Service (DoS) + condition. Improper bounds checking of an unsigned variable results + in an out-of-bounds read which causes a crash. + * CVE-2020-3341: Fix a vulnerability in the PDF parsing module in + ClamAV 0.101 - 0.102.2 that could cause a Denial-of-Service (DoS) + condition. Improper size checking of a buffer used to initialize AES + decryption routines results in an out-of-bounds read which may cause + a crash. + * Fix "Attempt to allocate 0 bytes" error when parsing some PDF + documents. + * Fix a couple of minor memory leaks. + * Updated libclamunrar to UnRAR 5.9.2. + ------------------------------------------------------------------- Wed Apr 1 10:01:36 UTC 2020 - Martin Pluskal diff --git a/clamav.spec b/clamav.spec index 666e6cc..750f02d 100644 --- a/clamav.spec +++ b/clamav.spec @@ -19,7 +19,7 @@ %define clamav_check --enable-check %bcond_with clammspack Name: clamav -Version: 0.102.2 +Version: 0.102.3 Release: 0 Summary: Antivirus Toolkit License: GPL-2.0-only diff --git a/service.clamd b/service.clamd index 70b1aa6..17b222d 100644 --- a/service.clamd +++ b/service.clamd @@ -7,6 +7,7 @@ Requires=freshclam.service Type=forking ExecStart=/usr/sbin/clamd TimeoutStartSec=5min +ExecReload=/bin/kill -USR2 $MAINPID ;User=vscan ;Group=vscan ;PrivateTmp=yes