Accepting request 803374 from home:adkorte

- Update to 0.102.3 * CVE-2020-3327: Fix a vulnerability in the ARJ archive parsing module in ClamAV 0.102.2 that could cause a Denial-of-Service (DoS) condition. Improper bounds checking of an unsigned variable results in an out-of-bounds read which causes a crash. * CVE-2020-3341: Fix a vulnerability in the PDF parsing module in ClamAV 0.101 - 0.102.2 that could cause a Denial-of-Service (DoS) condition. Improper size checking of a buffer used to initialize AES decryption routines results in an out-of-bounds read which may cause a crash. * Fix "Attempt to allocate 0 bytes" error when parsing some PDF documents. * Fix a couple of minor memory leaks. * Updated libclamunrar to UnRAR 5.9.2. OBS-URL: https://build.opensuse.org/request/show/803374 OBS-URL: https://build.opensuse.org/package/show/security/clamav?expand=0&rev=205
2020-05-12 18:00:54 +00:00 · 2020-05-12 18:00:54 +00:00 · 1c959d22c6
commit 1c959d22c6
parent 2f95031a55
9 changed files with 46 additions and 27 deletions
--- a/clamav-0.102.2.tar.gz
+++ b/clamav-0.102.2.tar.gz
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:89fcdcc0eba329ca84d270df09d2bb89ae55f5024b0c3bddb817512fb2c907d3
 size 13227538
--- a/clamav-0.102.2.tar.gz.sig
+++ b/clamav-0.102.2.tar.gz.sig
@ -1,16 +0,0 @@
 -----BEGIN PGP SIGNATURE-----
 iQIcBAABAgAGBQJeOZwdAAoJEPE/nha8pb+tyTUP/A2vRvLI6+2QycpNvK8ByvMF
 sh8w0f96FP4eYVezTtLI/YcciApKyexVJpopkG55K/dG6spC12WUDVSj+Vd/N3n6
 qTEKSCarUYxA3/Dh5wa+OJdf+EhrB2BPWyNQ7aY+IbbkXhjHep7zMg9XXtmSAans
 VDLpqXwAIO5cn3Xft2gb8v21VtWjDGbAIG9FSHennp++1jF3xHo8k4tmWIWGRQxn
 Bmx2q1D2tCGii/HTMSVFLl6MzKzPtQfNDNMptWyNqyMzh5L7GtqKYlF0I6lc33e8
 uHi0NnFRV+6jcWsztYpkugDunx+MHgz1kIpz6Bb63yNyHiS+g4guprTcW1OigNQ5
 8SdXrdbBrSjreNBzG0KBasQ63eLVjAuqLNDcuFJUKqInp9Xen6iVG4dRluZdqRBy
 efhptqHLuQcIeb3bPMOeSgs5cD6jkNCSw++A8tNHeCGFhsbTN2UXCbBHIExPyRG5
 QQX3mBasYG+6ME0lYFZmMD3Z8v76jM0xikZf+Zj8MZtCAZfafsYLMEWdU0Oagw5d
 djO/Ry3+LO+8lXGobbDTEjAr9Aim9HkTWwQRbr32HqydAbky19bI408QZbkd6SwC
 qYKMMdya1Ng1lxUbkgndwFRaRmlQh7G95RO/vKFRvu9N3f/Lmz8VkKSxul0YlRna
 JjZl7wJaWleprydQfqfa
 =p9cv
 -----END PGP SIGNATURE-----
--- a/clamav-0.102.3.tar.gz
+++ b/clamav-0.102.3.tar.gz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:ed3050c4569989ee7ab54c7b87246b41ed808259632849be0706467442dc0693
 size 13226108
--- a/clamav-0.102.3.tar.gz.sig
+++ b/clamav-0.102.3.tar.gz.sig
@ -0,0 +1,16 @@
 -----BEGIN PGP SIGNATURE-----
 iQIcBAABAgAGBQJeuqCcAAoJEPE/nha8pb+tUXsP/Rq7nf3Z8JA/cakdVVqh1qPq
 rr3+aHXgCK55exapNl/e3rXshqqXyDX0NFH+REf7yb1LArM6W89hZdY4WIcEJ6kt
 FF2UpJTWKmLCQ69uTYUxs3vdN3UjmcRA5AVv4CPevANCY9y8+iNju+HDKlb9fFVC
 aS2wdRNNIARI3C38STt3dYnhi1IHaK2vbld8a9MTN0BYPqFhFtPJjCkUTAG5J0yP
 +BQlN/aqtZpQZblY1Bl/um6lTgizdcBikWJ28YxDPCVoWpVuUwDL10hQwtpL9WBB
 ijmA5YuG4t6aHr+VcuFXa90DWnclGHhrNkA3+Pdaa0U/IUI+J8gZQnlEsXL+s67G
 SPaLvKqLPRRN3h8gSfhMzhBCra6l+MMJX/IgGG+yNgxMl7dp72KflCHk54aF6/XG
 LUEIiRvrbiVRh3YyAXJevAluXd8egwIDdE+QPlrZUHE205q8pCDUNYsBV5vYW0Vg
 Drn2swhmXvFhlon/1QLBUqcsfrDNUlq3HhLonNRAuiwJ4162oZSajigfQPgeoUzU
 OF8jm7iNNmq6sjh1huGOKreMxCn0oV3z7nT2UV5ecWpXFGBqe9tiXAg0VL8FBsJN
 yijWJW4X6s3WD3SsjLORubCZ9lwGzG0+q2NlsojZDjdVcP7wk+3IZi+N4bdi46ud
 sF6hgdqC/vPnL7zEHxRJ
 =ecNL
 -----END PGP SIGNATURE-----
--- a/clamav-conf.patch
+++ b/clamav-conf.patch
@ -17,7 +17,7 @@
 # Default: no default
 -#MilterSocket /tmp/clamav-milter.socket
 -#MilterSocket inet:7357
-+MilterSocket /var/run/clamav/clamav-milter-socket
+MilterSocket /run/clamav/clamav-milter-socket
 # Define the group ownership for the (unix) milter socket.
 # Default: disabled (the primary group of the user running clamd)
@ -35,7 +35,7 @@
 #
 # Default: disabled
 -#PidFile /var/run/clamav-milter.pid
-+PidFile /var/run/clamav/clamav-milter.pid
+PidFile /run/clamav/clamav-milter.pid
 # Optional path to the global temporary directory.
 # Default: system specific (usually /tmp or /var/tmp).
@ -44,7 +44,7 @@
 #
 # Default: no default
 -#ClamdSocket tcp:scanner.mydomain:7357
-+ClamdSocket unix:/var/run/clamav/clamd-socket
+ClamdSocket unix:/run/clamav/clamd-socket
 ##
@ -100,7 +100,7 @@
 # daemon (main thread).
 # Default: disabled
 -#PidFile /var/run/clamd.pid
-+PidFile /var/run/clamav/clamd.pid
+PidFile /run/clamav/clamd.pid
 # Optional path to the global temporary directory.
 # Default: system specific (usually /tmp or /var/tmp).
@ -109,7 +109,7 @@
 # Path to a local socket file the daemon will listen on.
 # Default: disabled (must be specified by a user)
 -#LocalSocket /tmp/clamd.socket
-+LocalSocket /var/run/clamav/clamd-socket
+LocalSocket /run/clamav/clamd-socket
 # Sets the group ownership on the unix socket.
 # Default: disabled (the primary group of the user running clamd)
@ -176,7 +176,7 @@
 # This option allows you to save the process identifier of the daemon
 # Default: disabled
 -#PidFile /var/run/freshclam.pid
-+PidFile /var/run/clamav/freshclam.pid
+PidFile /run/clamav/freshclam.pid
 # By default when started freshclam drops privileges and switches to the
 # "clamav" user. This directive allows you to change the database owner.
--- a/clamav-disable-timestamps.patch
+++ b/clamav-disable-timestamps.patch
@ -82,4 +82,4 @@ Index: configure
 +_ACEOF
- VERSION="0.102.2"
+ VERSION="0.102.3"
--- a/clamav.changes
+++ b/clamav.changes
@ -1,3 +1,21 @@
 -------------------------------------------------------------------
 Tue May 12 17:31:15 UTC 2020 - Arjen de Korte <suse+build@de-korte.org>
 - Update to 0.102.3
  * CVE-2020-3327: Fix a vulnerability in the ARJ archive parsing
    module in ClamAV 0.102.2 that could cause a Denial-of-Service (DoS)
    condition. Improper bounds checking of an unsigned variable results
    in an out-of-bounds read which causes a crash.
  * CVE-2020-3341: Fix a vulnerability in the PDF parsing module in
    ClamAV 0.101 - 0.102.2 that could cause a Denial-of-Service (DoS)
    condition. Improper size checking of a buffer used to initialize AES
    decryption routines results in an out-of-bounds read which may cause
    a crash.
  * Fix "Attempt to allocate 0 bytes" error when parsing some PDF
    documents.
  * Fix a couple of minor memory leaks.
  * Updated libclamunrar to UnRAR 5.9.2.
 -------------------------------------------------------------------
 Wed Apr  1 10:01:36 UTC 2020 - Martin Pluskal <mpluskal@suse.com>
--- a/clamav.spec
+++ b/clamav.spec
@ -19,7 +19,7 @@
 %define clamav_check --enable-check
 %bcond_with clammspack
 Name:           clamav
-Version:        0.102.2
+Version:        0.102.3
 Release:        0
 Summary:        Antivirus Toolkit
 License:        GPL-2.0-only
--- a/service.clamd
+++ b/service.clamd
@ -7,6 +7,7 @@ Requires=freshclam.service
 Type=forking
 ExecStart=/usr/sbin/clamd
 TimeoutStartSec=5min
 ExecReload=/bin/kill -USR2 $MAINPID
 ;User=vscan
 ;Group=vscan
 ;PrivateTmp=yes
`@ -82,4 +82,4 @@ Index: configure`
	`+_ACEOF`	`+_ACEOF`


	`VERSION="0.102.2"`	`VERSION="0.102.3"`