OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/clamav?expand=0&rev=13

clamav-0.91.2.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:73e0b9e80da9fd30e4c8bee293fd39a220fc73af67e126d44ac0df1c2bfe1f44
-size 12967327

clamav-0.92.1.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:5c694084f662d294ed18820e460a60d65774711f5dd383af18324a8e2e77705f
+size 14869157

clamav-conf.patch

@@ -38,17 +38,16 @@
  
  # Optional path to the global temporary directory.
  # Default: system specific (usually /tmp or /var/tmp).
-@@ -69,22 +65,22 @@
+@@ -69,7 +65,7 @@
  
  # Path to a local socket file the daemon will listen on.
  # Default: disabled (must be specified by a user)
 -LocalSocket /tmp/clamd.socket
-+#LocalSocket /var/lib/clamav/clamd-socket
++LocalSocket /var/lib/clamav/clamd-socket
  
  # Remove stale socket after unclean shutdown.
  # Default: no
--#FixStaleSocket yes
-+FixStaleSocket yes
+@@ -77,14 +73,14 @@
  
  # TCP port address.
  # Default: no
@@ -65,16 +64,16 @@
  
  # Maximum length the queue of pending connections may grow to.
  # Default: 15
-@@ -142,7 +138,7 @@
- # Run as another user (clamd must be started by root to make this option
- # working).
+@@ -141,7 +137,7 @@
+ 
+ # Run as another user (clamd must be started by root for this option to work)
  # Default: don't drop privileges
 -#User clamav
 +User vscan
  
  # Initialize supplementary group access (clamd must be started by root).
  # Default: no
-@@ -323,6 +319,10 @@
+@@ -326,6 +322,10 @@
  ##
  
  # Enable Clamuko. Dazuko (/dev/dazuko) must be configured and running.

clamav-milter-sysconfig

@@ -0,0 +1 @@
+CLAMAV_MILTER_OPTIONS=""

clamav-open.patch

@@ -1,11 +0,0 @@
---- shared/misc.c
-+++ shared/misc.c
-@@ -165,7 +165,7 @@
-     if((s = open(src, O_RDONLY|O_BINARY)) == -1)
- 	return -1;
- 
--    if((d = open(dest, O_CREAT|O_WRONLY|O_TRUNC|O_BINARY)) == -1) {
-+    if((d = open(dest, O_CREAT|O_WRONLY|O_TRUNC|O_BINARY, 0600)) == -1) {
- 	close(s);
- 	return -1;
-     }

clamav-rcmilter

@@ -0,0 +1,171 @@
+#!/bin/sh
+#
+#     SUSE system startup script for clamav-milter
+#     Copyright (C) 1995--2005  Kurt Garloff, SUSE / Novell Inc.
+#     Copyright (C) 2007  Reinhard Max, SUSE / Novell Inc.
+#          
+#     This library is free software; you can redistribute it and/or modify it
+#     under the terms of the GNU Lesser General Public License as published by
+#     the Free Software Foundation; either version 2.1 of the License, or (at
+#     your option) any later version.
+#			      
+#     This library is distributed in the hope that it will be useful, but
+#     WITHOUT ANY WARRANTY; without even the implied warranty of
+#     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#     Lesser General Public License for more details.
+#      
+#     You should have received a copy of the GNU Lesser General Public
+#     License along with this library; if not, write to the Free Software
+#     Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307,
+#     USA.
+#
+# /etc/init.d/clamav-milter
+#   and its symbolic link
+# /(usr/)sbin/rcclamav-milter
+#
+
+### BEGIN INIT INFO
+# Provides:          clamav-milter
+# Required-Start:    clamd $syslog $remote_fs
+# Required-Stop:     clamd $syslog $remote_fs
+# Default-Start:     3 5
+# Default-Stop:      0 1 2 6
+# Short-Description: milter compatible mail scanner
+# Description:       Start clamav-milter, which is needed to 
+#	use ClamAV for virus scanning in a sendmail environment.
+### END INIT INFO
+
+
+# Check for missing binaries (stale symlinks should not happen)
+# Note: Special treatment of stop for LSB conformance
+CLAMAV_MILTER_BIN=/usr/sbin/clamav-milter
+PIDFILE=/var/lib/clamav/clamav-milter.pid
+test -x $CLAMAV_MILTER_BIN || { echo "$CLAMAV_MILTER_BIN not installed"; 
+	if [ "$1" = "stop" ]; then exit 0;
+	else exit 5; fi; }
+
+# Check for existence of needed config file and read it
+CLAMAV_MILTER_CONFIG=/etc/sysconfig/clamav-milter
+test -r $CLAMAV_MILTER_CONFIG || { echo "$CLAMAV_MILTER_CONFIG not existing";
+	if [ "$1" = "stop" ]; then exit 0;
+	else exit 6; fi; }
+
+# Read config	
+. $CLAMAV_MILTER_CONFIG
+
+# Source LSB init functions
+. /etc/rc.status
+
+# Reset status of this service
+rc_reset
+
+# Return values acc. to LSB for all commands but status:
+# 0	  - success
+# 1       - generic or unspecified error
+# 2       - invalid or excess argument(s)
+# 3       - unimplemented feature (e.g. "reload")
+# 4       - user had insufficient privileges
+# 5       - program is not installed
+# 6       - program is not configured
+# 7       - program is not running
+# 8--199  - reserved (8--99 LSB, 100--149 distrib, 150--199 appl)
+# 
+# Note that starting an already running service, stopping
+# or restarting a not-running service as well as the restart
+# with force-reload (in case signaling is not supported) are
+# considered a success.
+
+case "$1" in
+    start)
+	echo -n "Starting clamav-milter "
+	## Start daemon with startproc(8). If this fails
+	## the return value is set appropriately by startproc.
+	/sbin/startproc -p $PIDFILE $CLAMAV_MILTER_BIN -i $PIDFILE
+
+	# Remember status and be verbose
+	rc_status -v
+	;;
+    stop)
+	echo -n "Shutting down clamav-milter "
+	## Stop daemon with killproc(8) and if this fails
+	## killproc sets the return value according to LSB.
+
+	/sbin/killproc -TERM -p $PIDFILE $CLAMAV_MILTER_BIN
+
+	# Remember status and be verbose
+	rc_status -v
+	;;
+    try-restart|condrestart)
+	## Do a restart only if the service was active before.
+	## Note: try-restart is now part of LSB (as of 1.9).
+	## RH has a similar command named condrestart.
+	if test "$1" = "condrestart"; then
+		echo "${attn} Use try-restart ${done}(LSB)${attn} rather than condrestart ${warn}(RH)${norm}"
+	fi
+	$0 status
+	if test $? = 0; then
+		$0 restart
+	else
+		rc_reset	# Not running is not a failure.
+	fi
+	# Remember status and be quiet
+	rc_status
+	;;
+    restart)
+	## Stop the service and regardless of whether it was
+	## running or not, start it again.
+	$0 stop
+	$0 start
+
+	# Remember status and be quiet
+	rc_status
+	;;
+    force-reload)
+	## Signal the daemon to reload its config. Most daemons
+	## do this on signal 1 (SIGHUP).
+	## If it does not support it, restart the service if it
+	## is running.
+	$0 try-restart
+	rc_status
+	;;
+    reload)
+	## Like force-reload, but if daemon does not support
+	## signaling, do nothing (!)
+
+	rc_failed 3
+	rc_status -v
+	;;
+    status)
+	echo -n "Checking for clamav-milter "
+	## Check status with checkproc(8), if process is running
+	## checkproc will return with exit status 0.
+
+	# Return value is slightly different for the status command:
+	# 0 - service up and running
+	# 1 - service dead, but /var/run/  pid  file exists
+	# 2 - service dead, but /var/lock/ lock file exists
+	# 3 - service not running (unused)
+	# 4 - service status unknown :-(
+	# 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.)
+	
+	# NOTE: checkproc returns LSB compliant status values.
+	/sbin/checkproc -p $PIDFILE $CLAMAV_MILTER_BIN
+	# NOTE: rc_status knows that we called this init script with
+	# "status" option and adapts its messages accordingly.
+	rc_status -v
+	;;
+    probe)
+	## Optional: Probe for the necessity of a reload, print out the
+	## argument to this init script which is required for a reload.
+	## Note: probe is not (yet) part of LSB (as of 1.9)
+
+	test /etc/clamd.conf -nt $PIDFILE -o \
+	    /etc/sysconfig/clamav-milter -nt $PIDFILE \
+	    && echo reload
+	;;
+    *)
+	echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}"
+	exit 1
+	;;
+esac
+rc_exit

clamav-regex.patch

@@ -0,0 +1,10 @@
+--- libclamav/regex/engine.c
++++ libclamav/regex/engine.c
+@@ -662,6 +662,7 @@
+ 	/* "can't happen" */
+ 	assert(nope);
+ 	/* NOTREACHED */
++	return(NULL);
+ }
+ 
+ /*

clamav-rpmlintrc

@@ -1,2 +1,3 @@
 addFilter("non-standard-uid.*")
 addFilter("devel-file-in-non-devel-package.*")
+addFilter("obsolete-not-provided")

clamav.changes

@@ -1,8 +1,31 @@
+-------------------------------------------------------------------
+Wed Feb 13 12:12:56 CET 2008 - max@suse.de
+
+- Security update 0.92.1: (bnc#361374)
+  * CVE-2008-0318: libclamav PE File Integer Overflow Vulnerability
+  * CVE-2008-0728: heap corruption
+
 -------------------------------------------------------------------
 Tue Jan 15 21:21:41 CET 2008 - aj@suse.de
 
 - Fix open call to build again.
 
+-------------------------------------------------------------------
+Fri Dec 14 14:56:29 CET 2007 - max@suse.de
+
+- Security update 0.92 (#343277):
+  * CVE-2007-6335 - MEW PE File Integer Overflow
+  * CVE-2007-6336 - Off-by-one error in LZX_READ_HUFFSYM()
+  * CVE-2007-6337 - bzlib issue
+- Make clamd error out if /dev/null can't be opened (#300019).
+
+-------------------------------------------------------------------
+Mon Nov  5 16:50:30 CET 2007 - max@suse.de
+
+- Added sendmail and sendmail-devel to BuildRequires.
+- Enabled clamav-milter and added an init script for it.
+  (fate#302362)
+
 -------------------------------------------------------------------
 Tue Aug 21 18:55:36 CEST 2007 - max@suse.de
 

clamav.spec

@@ -1,5 +1,5 @@
 #
-# spec file for package clamav (Version 0.91.2)
+# spec file for package clamav (Version 0.92.1)
 #
 # Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
 # This file and all modifications and additions to the pristine
@@ -10,20 +10,26 @@
 
 # norootforbuild
 
+
 Name:           clamav
 %if 0%{?suse_version} >= 1010 || 0%{!?suse_version:1}
-BuildRequires:  bc gmp-devel pkgconfig tcpd-devel zlib-devel
+BuildRequires:  bc gmp-devel pkgconfig zlib-devel
 %endif
 %if 0%{?suse_version} > 1020
 BuildRequires:  pwdutils
 %endif
+%if 0%{?suse_version} >= 0910
+BuildRequires:  tcpd-devel
+%endif
+BuildRequires:  sendmail sendmail-devel
 Summary:        Antivirus Toolkit
-Version:        0.91.2
-Release:        34
+Version:        0.92.1
+Release:        1
 License:        GPL v2 or later
 Group:          Productivity/Security
 Url:            http://www.clamav.net
 Requires:       latex2html-pngicons
+PreReq:         %insserv_prereq %fillup_prereq
 Obsoletes:      clamav-db < 0.88.3
 PreReq:         %_sbindir/groupadd %_sbindir/useradd /usr/bin/awk /bin/sed
 Source0:        %{name}-%{version}.tar.bz2
@@ -31,8 +37,10 @@ Source1:        clamav-rcclamd
 Source2:        clamav-rcfreshclam
 Source3:        clamav-updateclamconf
 Source4:        clamav-rpmlintrc
-Patch1:         %name-conf.patch
-Patch2:         %name-open.patch
+Source5:        clamav-rcmilter
+Source6:        clamav-milter-sysconfig
+Patch1:         clamav-conf.patch
+Patch3:         clamav-regex.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
 %description
@@ -53,7 +61,7 @@ Authors:
 %package db
 Group:          Productivity/Security
 Summary:        Virus Database for ClamAV
-PreReq:         clamav sed
+PreReq:         clamav sed /bin/cp
 
 %description db
 This package contains a snapshot of the virus description database for
@@ -70,7 +78,7 @@ Authors:
 %prep
 %setup -q
 %patch1
-%patch2
+%patch3
 
 %build
 %if %suse_version >= 1010
@@ -89,7 +97,8 @@ export CFLAGS="%optflags -fno-strict-aliasing $SP"
 	--with-group=vscan \
 	--with-tcpwrappers \
 	--with-libcurl \
-	--disable-zlib-vcheck
+	--disable-zlib-vcheck \
+	--enable-milter
 make %{?jobs:-j%jobs}
 # SLES8 does not support %check
 %if 0%{?suse_version} > 810 || 0%{!?suse_version:1}
@@ -99,13 +108,17 @@ make %{?jobs:-j%jobs}
 make check
 
 %install
-rm -rf %buildroot
 %makeinstall
+ln -sf docs/html/{clamdoc,index}.html
 mkdir -p %buildroot/etc/init.d
 install -m755 %SOURCE1 %buildroot/etc/init.d/clamd
 ln -s /etc/init.d/clamd %buildroot%_sbindir/rcclamd
 install -m755 %SOURCE2 %buildroot/etc/init.d/freshclam
 ln -s /etc/init.d/freshclam %buildroot%_sbindir/rcfreshclam
+install -m755 %SOURCE5 %buildroot/etc/init.d/clamav-milter
+ln -s /etc/init.d/clamav-milter %buildroot%_sbindir/rcclamav-milter
+mkdir -p %buildroot/var/adm/fillup-templates
+install -m644 %SOURCE6 %buildroot/var/adm/fillup-templates/sysconfig.clamav-milter
 install -m755 %SOURCE3 %buildroot%_sbindir/updateclamconf
 touch %buildroot/var/lib/clamav/{clamd,freshclam}.pid
 for f in %buildroot/var/lib/clamav/*.cvd; do
@@ -137,6 +150,7 @@ rm -rf %buildroot
 %dir /var/lib/clamav
 %ghost /var/lib/clamav/*.pid
 %ghost /var/lib/clamav/*.cvd
+/var/adm/fillup-templates/*
 
 %files db
 %defattr(-,vscan,vscan)
@@ -150,12 +164,14 @@ rm -rf %buildroot
 
 %post
 %run_ldconfig
+%{?fillup_only:%fillup_only -n clamav-milter}
 # merge config files on update
 test "0$1" -lt 2 && exit 0
 # The old default to run clamd in foreground mode was wrong
 OVERRIDE="Foreground no"
 for f in /etc/clamd.conf /etc/freshclam.conf; do
   if test -e $f.rpmnew; then
+    echo "Merging $f and $f.rpmnew"
     %_sbindir/updateclamconf -v override="$OVERRIDE" $f $f.rpmnew > $f.tmp
     if test $? == 0; then
       mv $f $f.old
@@ -207,8 +223,22 @@ for distfile in {main,daily}.cvd.dist; do
 done
 
 %changelog
+* Wed Feb 13 2008 max@suse.de
+- Security update 0.92.1: (bnc#361374)
+  * CVE-2008-0318: libclamav PE File Integer Overflow Vulnerability
+  * CVE-2008-0728: heap corruption
 * Tue Jan 15 2008 aj@suse.de
 - Fix open call to build again.
+* Fri Dec 14 2007 max@suse.de
+- Security update 0.92 (#343277):
+  * CVE-2007-6335 - MEW PE File Integer Overflow
+  * CVE-2007-6336 - Off-by-one error in LZX_READ_HUFFSYM()
+  * CVE-2007-6337 - bzlib issue
+- Make clamd error out if /dev/null can't be opened (#300019).
+* Mon Nov 05 2007 max@suse.de
+- Added sendmail and sendmail-devel to BuildRequires.
+- Enabled clamav-milter and added an init script for it.
+  (fate#302362)
 * Tue Aug 21 2007 max@suse.de
 - Bugfix update 0.91.2.
 - Fixes some NULL dereferences and variable initialisation problems