From 201de5a035f088454ca48971e9a6a672cc0095b9e04ffb7824e4789f696c419a Mon Sep 17 00:00:00 2001
From: Reinhard Max <max@suse.com>
Date: Thu, 6 Feb 2020 15:31:51 +0000
Subject: [PATCH] Accepting request 770381 from home:adkorte:branches:security

- update to 0.102.2
  * CVE-2020-3123: A denial-of-service (DoS) condition may occur when
    using the optional credit card data-loss-prevention (DLP) feature.
    Improper bounds checking of an unsigned variable resulted in an
    out-of-bounds read, which causes a crash.
  * Significantly improved the scan speed of PDF files on Windows.
  * Re-applied a fix to alleviate file access issues when scanning RAR
    files in downstream projects that use libclamav where the scanning
    engine is operating in a low-privilege process. This bug was originally
    fixed in 0.101.2 and the fix was mistakenly omitted from 0.102.0.
  * Fixed an issue where freshclam failed to update if the database version
    downloaded is one version older than advertised. This situation may
    occur after a new database version is published. The issue affected
    users downloading the whole CVD database file.
  * Changed the default freshclam ReceiveTimeout setting to 0 (infinite).
    The ReceiveTimeout had caused needless database update failures for
    users with slower internet connections.
  * Correctly display the number of kilobytes (KiB) in progress bar and
    reduced the size of the progress bar to accommodate 80-character width
    terminals.
  * Fixed an issue where running freshclam manually causes a daemonized
    freshclam process to fail when it updates because the manual instance
    deletes the temporary download directory. The freshclam temporary files
    will now download to a unique directory created at the time of an update
    instead of using a hardcoded directory created/destroyed at the program
    start/exit.
  * Fix for freshclam's OnOutdatedExecute config option.
  * Fixes a memory leak in the error condition handling for the email
    parser.
  * Improved bound checking and error handling in ARJ archive parser.
  * Improved error handling in PDF parser.
  * Fix for memory leak in byte-compare signature handler.

OBS-URL: https://build.opensuse.org/request/show/770381
OBS-URL: https://build.opensuse.org/package/show/security/clamav?expand=0&rev=201
---
 clamav-0.102.1.tar.gz           |   3 ---
 clamav-0.102.1.tar.gz.sig       | Bin 543 -> 0 bytes
 clamav-0.102.2.tar.gz           |   3 +++
 clamav-0.102.2.tar.gz.sig       |  16 ++++++++++++++
 clamav-disable-timestamps.patch |   8 +++----
 clamav.changes                  |  36 ++++++++++++++++++++++++++++++++
 clamav.spec                     |   6 +++---
 7 files changed, 62 insertions(+), 10 deletions(-)
 delete mode 100644 clamav-0.102.1.tar.gz
 delete mode 100644 clamav-0.102.1.tar.gz.sig
 create mode 100644 clamav-0.102.2.tar.gz
 create mode 100644 clamav-0.102.2.tar.gz.sig

diff --git a/clamav-0.102.1.tar.gz b/clamav-0.102.1.tar.gz
deleted file mode 100644
index 02e22e3..0000000
--- a/clamav-0.102.1.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:0dbda8d0d990d068732966f13049d112a26dce62145d234383467c1d877dedd6
-size 13215586
diff --git a/clamav-0.102.1.tar.gz.sig b/clamav-0.102.1.tar.gz.sig
deleted file mode 100644
index 725f7d7ee116b81cb655f4ad5e5b42eeb63887f7eeab0a9650b58fdbd718ff74..0000000000000000000000000000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 543
zcmV+)0^t3L0vrSY0RjL91p-~wKcoN(2@vr=o))~NzpaEh5B(IMuR#&dMZ2Y*U((9-
zFs`Zf+>mz8451<be^`1@sQYrMtGTURL>~7A*!<y}V3FTBa6^M=cE?U&Ge^6q$CZ(B
zf&a-bn2f_tDaWNF!Q{*v=z|m63qRV`ENHA|{72K&ajS<ojP!oz$O8JAG3@`J3vGgf
zQA2M>n_jK2HCeb*i6^f=w>8++Bo2O_rsq{2r%@i9inZUkv>UXF3%RZ7Sz|(_yu4tJ
zCFAo-J-gQe+*J1CL-U?zB^%|{$`026;J^CW<7!EzyQw;3n;Wx;Nh7&6ZK;T_m|J_=
zY8$g3@>`^OGdW0v1u4;dA=1TiiN#>lK3G34Q1Tl2ox{Z98PAtAi|ds(=LFZel@p+I
zUC%X|F8MY^>(1}^b}rp+)CY8<fzGLhFvcU0PY?9Gu@7@4MFzzb9ajJNvMTmhl6ws`
zxbl7$N=;m(B%9Z3WzxTD!Rw|(9>IYA$LjWee3<5IcEI@*yb@{ma%&08EZ8iLoklML
zVvo}F>oKrvKhzxHkmq!MD5ndwv20cd?#5<`1UinV&YC4jxXBCyNE`q5wS8DeY|P*Y
zPGbwGekX4DLR?{L=eJ}nTR<5Cz<ZIDXJZTBi^c858{+k4vS#CL2pY`E<f0{r8Xj^$
h5a!i8k61y$OeT4*BV&j8wE>s0%OB})@;pw2gs`;h5P$#x

diff --git a/clamav-0.102.2.tar.gz b/clamav-0.102.2.tar.gz
new file mode 100644
index 0000000..6ceef16
--- /dev/null
+++ b/clamav-0.102.2.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:89fcdcc0eba329ca84d270df09d2bb89ae55f5024b0c3bddb817512fb2c907d3
+size 13227538
diff --git a/clamav-0.102.2.tar.gz.sig b/clamav-0.102.2.tar.gz.sig
new file mode 100644
index 0000000..3d6e27f
--- /dev/null
+++ b/clamav-0.102.2.tar.gz.sig
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIcBAABAgAGBQJeOZwdAAoJEPE/nha8pb+tyTUP/A2vRvLI6+2QycpNvK8ByvMF
+sh8w0f96FP4eYVezTtLI/YcciApKyexVJpopkG55K/dG6spC12WUDVSj+Vd/N3n6
+qTEKSCarUYxA3/Dh5wa+OJdf+EhrB2BPWyNQ7aY+IbbkXhjHep7zMg9XXtmSAans
+VDLpqXwAIO5cn3Xft2gb8v21VtWjDGbAIG9FSHennp++1jF3xHo8k4tmWIWGRQxn
+Bmx2q1D2tCGii/HTMSVFLl6MzKzPtQfNDNMptWyNqyMzh5L7GtqKYlF0I6lc33e8
+uHi0NnFRV+6jcWsztYpkugDunx+MHgz1kIpz6Bb63yNyHiS+g4guprTcW1OigNQ5
+8SdXrdbBrSjreNBzG0KBasQ63eLVjAuqLNDcuFJUKqInp9Xen6iVG4dRluZdqRBy
+efhptqHLuQcIeb3bPMOeSgs5cD6jkNCSw++A8tNHeCGFhsbTN2UXCbBHIExPyRG5
+QQX3mBasYG+6ME0lYFZmMD3Z8v76jM0xikZf+Zj8MZtCAZfafsYLMEWdU0Oagw5d
+djO/Ry3+LO+8lXGobbDTEjAr9Aim9HkTWwQRbr32HqydAbky19bI408QZbkd6SwC
+qYKMMdya1Ng1lxUbkgndwFRaRmlQh7G95RO/vKFRvu9N3f/Lmz8VkKSxul0YlRna
+JjZl7wJaWleprydQfqfa
+=p9cv
+-----END PGP SIGNATURE-----
diff --git a/clamav-disable-timestamps.patch b/clamav-disable-timestamps.patch
index 6f04698..6faa43a 100644
--- a/clamav-disable-timestamps.patch
+++ b/clamav-disable-timestamps.patch
@@ -37,8 +37,8 @@ Index: configure
  LIBCLAMAV_VERSION
 +ENABLE_TIMESTAMPS
  PACKAGE_VERSION_NUM
- EGREP
- GREP
+ ac_ct_AR
+ AR
 @@ -924,6 +925,7 @@ ac_user_opts='
  enable_mmap_for_cross_compiling
  enable_dependency_tracking
@@ -58,8 +58,8 @@ Index: configure
                            optimize for fast installation [default=yes]
 @@ -5927,6 +5931,26 @@ $as_echo "$ac_cv_safe_to_define___extens
  
-   $as_echo "#define _TANDEM_SOURCE 1" >>confdefs.h
  
+ $as_echo "#define PACKAGE PACKAGE_NAME" >>confdefs.h
 +# Check whether --enable-timestamps was given.
 +if test "${enable_timestamps+set}" = set; then :
 +  enableval=$enable_timestamps;
@@ -82,4 +82,4 @@ Index: configure
 +_ACEOF
  
  
- VERSION="0.102.1"
+ VERSION="0.102.2"
diff --git a/clamav.changes b/clamav.changes
index 6aed06b..ab9972d 100644
--- a/clamav.changes
+++ b/clamav.changes
@@ -1,3 +1,39 @@
+-------------------------------------------------------------------
+Wed Feb  5 18:31:17 UTC 2020 - Arjen de Korte <suse+build@de-korte.org>
+
+- update to 0.102.2
+  * CVE-2020-3123: A denial-of-service (DoS) condition may occur when
+    using the optional credit card data-loss-prevention (DLP) feature.
+    Improper bounds checking of an unsigned variable resulted in an
+    out-of-bounds read, which causes a crash.
+  * Significantly improved the scan speed of PDF files on Windows.
+  * Re-applied a fix to alleviate file access issues when scanning RAR
+    files in downstream projects that use libclamav where the scanning
+    engine is operating in a low-privilege process. This bug was originally
+    fixed in 0.101.2 and the fix was mistakenly omitted from 0.102.0.
+  * Fixed an issue where freshclam failed to update if the database version
+    downloaded is one version older than advertised. This situation may
+    occur after a new database version is published. The issue affected
+    users downloading the whole CVD database file.
+  * Changed the default freshclam ReceiveTimeout setting to 0 (infinite).
+    The ReceiveTimeout had caused needless database update failures for
+    users with slower internet connections.
+  * Correctly display the number of kilobytes (KiB) in progress bar and
+    reduced the size of the progress bar to accommodate 80-character width
+    terminals.
+  * Fixed an issue where running freshclam manually causes a daemonized
+    freshclam process to fail when it updates because the manual instance
+    deletes the temporary download directory. The freshclam temporary files
+    will now download to a unique directory created at the time of an update
+    instead of using a hardcoded directory created/destroyed at the program
+    start/exit.
+  * Fix for freshclam's OnOutdatedExecute config option.
+  * Fixes a memory leak in the error condition handling for the email
+    parser.
+  * Improved bound checking and error handling in ARJ archive parser.
+  * Improved error handling in PDF parser.
+  * Fix for memory leak in byte-compare signature handler.
+
 -------------------------------------------------------------------
 Tue Dec 24 10:49:25 UTC 2019 - Arjen de Korte <suse+build@de-korte.org>
 
diff --git a/clamav.spec b/clamav.spec
index e9ff08d..d9ed8f2 100644
--- a/clamav.spec
+++ b/clamav.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package clamav
 #
-# Copyright (c) 2019 SUSE LLC
+# Copyright (c) 2020 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -20,7 +20,7 @@
 
 %define clamav_check --enable-check
 Name:           clamav
-Version:        0.102.1
+Version:        0.102.2
 Release:        0
 Summary:        Antivirus Toolkit
 License:        GPL-2.0-only
@@ -60,9 +60,9 @@ BuildRequires:  pwdutils
 BuildRequires:  python-devel
 BuildRequires:  sed
 BuildRequires:  sendmail-devel
-BuildRequires:  pkgconfig(libsystemd)
 BuildRequires:  systemd-rpm-macros
 BuildRequires:  zlib-devel
+BuildRequires:  pkgconfig(libsystemd)
 Requires(pre):  %_bindir/awk
 Requires(pre):  %_sbindir/groupadd
 Requires(pre):  %_sbindir/useradd