diff --git a/clamav-0.101.4.tar.gz b/clamav-0.101.4.tar.gz deleted file mode 100644 index 2302324..0000000 --- a/clamav-0.101.4.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:0bf094f0919d158a578421d66bc2569c8c8181233ba162bb51722f98c802bccd -size 21408145 diff --git a/clamav-0.101.4.tar.gz.sig b/clamav-0.101.4.tar.gz.sig deleted file mode 100644 index d02a7df..0000000 --- a/clamav-0.101.4.tar.gz.sig +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIcBAABAgAGBQJdXCszAAoJEPE/nha8pb+tAjsP/RsKRXprSsubOacVYYaz5ItZ -psOcDrqf+u7K+fWKx9lQzIEfyeD6BcH75WRU+juPvuWCkEVrKBaU0Xm3FtZKr589 -mUzT7GpALdkIQor5gc2dqYmM2d3ajcoYFBVwvkMmUuaaz1UBdT7DcL+m56I5gqZr -IDs7072Ve58drkTm6wGBuawVSgO99w4EKjBDDk+GS9c52BYGUyDp2n65VjMrN+wj -sSPx19nzRXCNFHQUrPa4Xnz1sE2POuY5HaOEQDHQHOYQp2mFVtmxZjAJqSxwUdY8 -hJgryjQBV+hbgA+1ffNK9EKLzkZLZiSzaA3kkMW3ILzCGc2Wq8iHsKgO/y/DJVE3 -Vb3tEcnToss9wFNm710Ykn15+xvYn+5FcNE5MgUk8pmYqwWkSF3qv4pycnTLGW1e -lK6+o37tsDsC8ZBTRtrkePmpw1VG+21peaBEWFZ5BMmN7Lg/HkilAzoq5+Q8ECnJ -tg43n7Mc+w8LwfDfUtcPxQ395kOyMt5vqJ92XJiGoKW2I12YUetYiYkUKACxEVN8 -wTi4P13iIDPxGGmdpEAONI+ow4vKRk8zFLHuP54fqUYGR+mRV8uz5X6i8j0mWWXa -ZiD2Mmgk5kkDJ87bWxEjAtLKw/3yHxYt4YjhVXz/7a2rog8f5L65RRazKDiduGa/ -g6v2vqvhQ2r1gnkOfbW4 -=teQA ------END PGP SIGNATURE----- diff --git a/clamav-0.102.1.tar.gz b/clamav-0.102.1.tar.gz new file mode 100644 index 0000000..02e22e3 --- /dev/null +++ b/clamav-0.102.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:0dbda8d0d990d068732966f13049d112a26dce62145d234383467c1d877dedd6 +size 13215586 diff --git a/clamav-0.102.1.tar.gz.sig b/clamav-0.102.1.tar.gz.sig new file mode 100644 index 0000000..725f7d7 Binary files /dev/null and b/clamav-0.102.1.tar.gz.sig differ diff --git a/clamav-conf.patch b/clamav-conf.patch index c42a1ab..b644adf 100644 --- a/clamav-conf.patch +++ b/clamav-conf.patch @@ -140,17 +140,6 @@ # Stop daemon when libclamav reports out of memory condition. #ExitOnOOM yes -@@ -613,6 +609,10 @@ Example - ## - ## On-access Scan Settings - ## -+# -+# When enabling this, you most probably have to set "User root" above, -+# so that clamav can access the files to be scanned. -+# - - # Enable on-access scanning. Currently, this is supported via fanotify. - # Clamuko/Dazuko support has been deprecated. --- etc/freshclam.conf.sample.orig +++ etc/freshclam.conf.sample @@ -1,12 +1,8 @@ diff --git a/clamav-disable-timestamps.patch b/clamav-disable-timestamps.patch index 1a5f4b8..6f04698 100644 --- a/clamav-disable-timestamps.patch +++ b/clamav-disable-timestamps.patch @@ -32,15 +32,15 @@ Index: configure --- configure.orig +++ configure @@ -814,6 +814,7 @@ FGREP - SED - LIBTOOL + LIBFRESHCLAM_VERSION + LIBCLAMAV_VERSION_NUM LIBCLAMAV_VERSION +ENABLE_TIMESTAMPS + PACKAGE_VERSION_NUM EGREP GREP - CPP @@ -924,6 +925,7 @@ ac_user_opts=' - enable_option_checking + enable_mmap_for_cross_compiling enable_dependency_tracking enable_silent_rules +enable_timestamps @@ -82,4 +82,4 @@ Index: configure +_ACEOF - VERSION="0.101.4" + VERSION="0.102.1" diff --git a/clamav-max_patch.patch b/clamav-max_patch.patch deleted file mode 100644 index 099a074..0000000 --- a/clamav-max_patch.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- libclamav/others_common.c.orig -+++ libclamav/others_common.c -@@ -855,7 +855,7 @@ - size_t sanitized_index = 0; - char* sanitized_filepath = NULL; - -- if((NULL == filepath) || (0 == filepath_len) || (MAX_PATH < filepath_len)) { -+ if((NULL == filepath) || (0 == filepath_len) || (PATH_MAX < filepath_len)) { - goto done; - } - diff --git a/clamav-obsolete-config.patch b/clamav-obsolete-config.patch index 962e7dc..73df3cd 100644 --- a/clamav-obsolete-config.patch +++ b/clamav-obsolete-config.patch @@ -1,9 +1,9 @@ --- shared/optparser.c.orig +++ shared/optparser.c @@ -517,6 +517,13 @@ const struct clam_option __clam_options[ - { "ClamukoExcludeUID", NULL, 0, CLOPT_TYPE_NUMBER, MATCH_NUMBER, -1, NULL, FLAG_MULTIPLE, OPT_CLAMD | OPT_DEPRECATED, "", "" }, - { "ClamukoMaxFileSize", NULL, 0, CLOPT_TYPE_SIZE, MATCH_SIZE, 5242880, NULL, 0, OPT_CLAMD | OPT_DEPRECATED, "", "" }, - { "AllowSupplementaryGroups", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_MILTER | OPT_DEPRECATED, "Initialize a supplementary group access (the process must be started by root).", "no" }, + {"MailFollowURLs", "mail-follow-urls", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, -1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN | OPT_DEPRECATED, "", ""}, + {"AllowSupplementaryGroups", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_MILTER | OPT_DEPRECATED, "Initialize a supplementary group access (the process must be started by root).", "no"}, + {"ScanOnAccess", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, -1, NULL, 0, OPT_CLAMD | OPT_DEPRECATED, "", ""}, + { "StatsHostID", "stats-host-id", 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_CLAMD | OPT_CLAMSCAN | OPT_DEPRECATED, "", "" }, + { "StatsEnabled", "enable-stats", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_CLAMSCAN | OPT_DEPRECATED, "", "" }, + { "StatsPEDisabled", "disable-pe-stats", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN | OPT_DEPRECATED, "", "" }, diff --git a/clamav.changes b/clamav.changes index c45309a..43e0503 100644 --- a/clamav.changes +++ b/clamav.changes @@ -1,3 +1,56 @@ +------------------------------------------------------------------- +Wed Nov 20 19:01:10 UTC 2019 - Arjen de Korte + +- update to 0.102.1 + * CVE-2019-15961: A Denial-of-Service (DoS) vulnerability may + occur when scanning a specially crafted email file as a result + of excessively long scan times. The issue is resolved by + implementing several maximums in parsing MIME messages and by + optimizing use of memory allocation. + * Build system fixes to build clamav-milter, to correctly link + with libxml2 when detected, and to correctly detect fanotify + for on-access scanning feature support. + * Signature load time is significantly reduced by changing to a + more efficient algorithm for loading signature patterns and + allocating the AC trie. Patch courtesy of Alberto Wu. + * Introduced a new configure option to statically link libjson-c + with libclamav. Static linking with libjson is highly + recommended to prevent crashes in applications that use + libclamav alongside another JSON parsing library. + * Null-dereference fix in email parser when using the + --gen-json metadata option. + * Fixes for Authenticode parsing and certificate signature + (.crb database) bugs. +- dropped clamav-fix_building_milter.patch (upstreamed) + +------------------------------------------------------------------- +Fri Nov 1 09:46:17 UTC 2019 - Arjen de Korte + +- update to 0.102.0 + * The On-Access Scanning feature has been migrated out of clamd + and into a brand new utility named clamonacc. This utility is + similar to clamdscan and clamav-milter in that it acts as a + client to clamd. This separation from clamd means that clamd no + longer needs to run with root privileges while scanning potentially + malicious files. Instead, clamd may drop privileges to run under an + account that does not have super-user. In addition to improving the + security posture of running clamd with On-Access enabled, this + update fixed a few outstanding defects: + - On-Access scanning for created and moved files (Extra-Scanning) + is fixed. + - VirusEvent for On-Access scans is fixed. + - With clamonacc, it is now possible to copy, move, or remove a + file if the scan triggered an alert, just like with clamdscan. + * The freshclam database update utility has undergone a significant + update. This includes: + - Added support for HTTPS. + - Support for database mirrors hosted on ports other than 80. + - Removal of the mirror management feature (mirrors.dat). + - An all new libfreshclam library API. +- created new subpackage libfreshclam2 +- dropped clamav-max_patch.patch (upstreamed) +- added clamav-fix_building_milter.patch to fix build of milter + ------------------------------------------------------------------- Fri Oct 25 14:53:06 UTC 2019 - Reinhard Max diff --git a/clamav.spec b/clamav.spec index ea4cf50..6bcb8ff 100644 --- a/clamav.spec +++ b/clamav.spec @@ -1,7 +1,7 @@ # # spec file for package clamav # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -20,12 +20,12 @@ %define clamav_check --enable-check Name: clamav -Version: 0.101.4 +Version: 0.102.1 Release: 0 Summary: Antivirus Toolkit License: GPL-2.0-only Group: Productivity/Security -Url: http://www.clamav.net +URL: http://www.clamav.net Source0: http://www.clamav.net/downloads/production/%name-%version.tar.gz Source1: http://www.clamav.net/downloads/production/%name-%version.tar.gz.sig Source4: clamav-rpmlintrc @@ -39,8 +39,6 @@ Patch4: clamav-disable-timestamps.patch Patch5: clamav-obsolete-config.patch Patch6: clamav-disable-yara.patch Patch7: clamav-str-h.patch -#PATCH-FIX-UPSTREAM clamav-max_patch.patch -Patch8: clamav-max_patch.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: bc @@ -94,6 +92,14 @@ Group: System/Libraries ClamAV is an antivirus engine designed for detecting trojans, viruses, malware and other malicious threats. +%package -n libfreshclam2 +Summary: ClamAV updater library +Group: System/Libraries + +%description -n libfreshclam2 +ClamAV is an antivirus engine designed for detecting trojans, +viruses, malware and other malicious threats. + %package -n libclammspack0 Summary: ClamAV antivirus engine runtime Group: System/Libraries @@ -106,6 +112,7 @@ viruses, malware and other malicious threats. Summary: Development files for libclamav, an antivirus engine Group: Development/Libraries/C and C++ Requires: libclamav9 = %version +Requires: libfreshclam2 = %version %description devel ClamAV is an antivirus engine designed for detecting trojans, @@ -121,7 +128,6 @@ that want to make use of libclamav. %patch5 %patch6 %patch7 -%patch8 %build CFLAGS="-fstack-protector" @@ -195,7 +201,9 @@ VALGRIND_GENSUP=1 make check %post -n libclamav9 -p /sbin/ldconfig %postun -n libclamav9 -p /sbin/ldconfig -%post -n libclammspack0 -p /sbin/ldconfig +%post -n libfreshclam2 -p /sbin/ldconfig +%postun -n libfreshclam2 -p /sbin/ldconfig +%post -n libclammspack0 -p /sbin/ldconfig %postun -n libclammspack0 -p /sbin/ldconfig %files @@ -218,6 +226,9 @@ VALGRIND_GENSUP=1 make check %files -n libclamav9 %_libdir/libclam*.so.9* +%files -n libfreshclam2 +%_libdir/libfreshclam.so.2* + %if %{with clammspack} %files -n libclammspack0 %_libdir/libclammspack.so.0* @@ -226,6 +237,7 @@ VALGRIND_GENSUP=1 make check %files devel %_libdir/pkgconfig/* %_libdir/libclam*.so +%_libdir/libfreshclam*.so %_includedir/* %pre