pool/clamav
SHA256
12
0
Fork 1
Code Issues Pull Requests Activity

Accepting request 750886 from security

Browse Source 
OBS-URL: https://build.opensuse.org/request/show/750886
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/clamav?expand=0&rev=101
This commit is contained in:
Dominique Leuenberger
2019-11-26 16:02:30 +00:00
committed by Git OBS Bridge
parent 0fad9da013 419e234024
commit 4ea5453cce
10 changed files with 83 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
clamav-0.101.4.tar.gz
View File

@@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:0bf094f0919d158a578421d66bc2569c8c8181233ba162bb51722f98c802bccd
size 21408145

16
clamav-0.101.4.tar.gz.sig
View File

@@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIcBAABAgAGBQJdXCszAAoJEPE/nha8pb+tAjsP/RsKRXprSsubOacVYYaz5ItZ
psOcDrqf+u7K+fWKx9lQzIEfyeD6BcH75WRU+juPvuWCkEVrKBaU0Xm3FtZKr589
mUzT7GpALdkIQor5gc2dqYmM2d3ajcoYFBVwvkMmUuaaz1UBdT7DcL+m56I5gqZr
IDs7072Ve58drkTm6wGBuawVSgO99w4EKjBDDk+GS9c52BYGUyDp2n65VjMrN+wj
sSPx19nzRXCNFHQUrPa4Xnz1sE2POuY5HaOEQDHQHOYQp2mFVtmxZjAJqSxwUdY8
hJgryjQBV+hbgA+1ffNK9EKLzkZLZiSzaA3kkMW3ILzCGc2Wq8iHsKgO/y/DJVE3
Vb3tEcnToss9wFNm710Ykn15+xvYn+5FcNE5MgUk8pmYqwWkSF3qv4pycnTLGW1e
lK6+o37tsDsC8ZBTRtrkePmpw1VG+21peaBEWFZ5BMmN7Lg/HkilAzoq5+Q8ECnJ
tg43n7Mc+w8LwfDfUtcPxQ395kOyMt5vqJ92XJiGoKW2I12YUetYiYkUKACxEVN8
wTi4P13iIDPxGGmdpEAONI+ow4vKRk8zFLHuP54fqUYGR+mRV8uz5X6i8j0mWWXa
ZiD2Mmgk5kkDJ87bWxEjAtLKw/3yHxYt4YjhVXz/7a2rog8f5L65RRazKDiduGa/
g6v2vqvhQ2r1gnkOfbW4
=teQA
-----END PGP SIGNATURE-----

3
clamav-0.102.1.tar.gz Normal file
View File

@@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:0dbda8d0d990d068732966f13049d112a26dce62145d234383467c1d877dedd6
size 13215586

BIN
clamav-0.102.1.tar.gz.sig Normal file
View File

Binary file not shown.

11
clamav-conf.patch
View File

@@ -140,17 +140,6 @@
# Stop daemon when libclamav reports out of memory condition.
#ExitOnOOM yes
@@ -613,6 +609,10 @@ Example
##
## On-access Scan Settings
##
+#
+# When enabling this, you most probably have to set "User root" above,
+# so that clamav can access the files to be scanned.
+#
# Enable on-access scanning. Currently, this is supported via fanotify.
# Clamuko/Dazuko support has been deprecated.
--- etc/freshclam.conf.sample.orig
+++ etc/freshclam.conf.sample
@@ -1,12 +1,8 @@

10
clamav-disable-timestamps.patch
View File

@@ -32,15 +32,15 @@ Index: configure
--- configure.orig
+++ configure
@@ -814,6 +814,7 @@ FGREP
SED
LIBTOOL
LIBFRESHCLAM_VERSION
LIBCLAMAV_VERSION_NUM
LIBCLAMAV_VERSION
+ENABLE_TIMESTAMPS
PACKAGE_VERSION_NUM
EGREP
GREP
CPP
@@ -924,6 +925,7 @@ ac_user_opts='
enable_option_checking
enable_mmap_for_cross_compiling
enable_dependency_tracking
enable_silent_rules
+enable_timestamps
@@ -82,4 +82,4 @@ Index: configure
+_ACEOF
VERSION="0.101.4"
VERSION="0.102.1"

11
clamav-max_patch.patch
View File

@@ -1,11 +0,0 @@
--- libclamav/others_common.c.orig
+++ libclamav/others_common.c
@@ -855,7 +855,7 @@
size_t sanitized_index = 0;
char* sanitized_filepath = NULL;
- if((NULL == filepath) || (0 == filepath_len) || (MAX_PATH < filepath_len)) {
+ if((NULL == filepath) || (0 == filepath_len) || (PATH_MAX < filepath_len)) {
goto done;
}

6
clamav-obsolete-config.patch
View File

@@ -1,9 +1,9 @@
--- shared/optparser.c.orig
+++ shared/optparser.c
@@ -517,6 +517,13 @@ const struct clam_option __clam_options[
{ "ClamukoExcludeUID", NULL, 0, CLOPT_TYPE_NUMBER, MATCH_NUMBER, -1, NULL, FLAG_MULTIPLE, OPT_CLAMD | OPT_DEPRECATED, "", "" },
{ "ClamukoMaxFileSize", NULL, 0, CLOPT_TYPE_SIZE, MATCH_SIZE, 5242880, NULL, 0, OPT_CLAMD | OPT_DEPRECATED, "", "" },
{ "AllowSupplementaryGroups", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_MILTER | OPT_DEPRECATED, "Initialize a supplementary group access (the process must be started by root).", "no" },
{"MailFollowURLs", "mail-follow-urls", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, -1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN | OPT_DEPRECATED, "", ""},
{"AllowSupplementaryGroups", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_MILTER | OPT_DEPRECATED, "Initialize a supplementary group access (the process must be started by root).", "no"},
{"ScanOnAccess", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, -1, NULL, 0, OPT_CLAMD | OPT_DEPRECATED, "", ""},
+ { "StatsHostID", "stats-host-id", 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_CLAMD | OPT_CLAMSCAN | OPT_DEPRECATED, "", "" },
+ { "StatsEnabled", "enable-stats", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_CLAMSCAN | OPT_DEPRECATED, "", "" },
+ { "StatsPEDisabled", "disable-pe-stats", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN | OPT_DEPRECATED, "", "" },

53
clamav.changes
View File

@@ -1,3 +1,56 @@
-------------------------------------------------------------------
Wed Nov 20 19:01:10 UTC 2019 - Arjen de Korte <suse+build@de-korte.org>
- update to 0.102.1
* CVE-2019-15961: A Denial-of-Service (DoS) vulnerability may
occur when scanning a specially crafted email file as a result
of excessively long scan times. The issue is resolved by
implementing several maximums in parsing MIME messages and by
optimizing use of memory allocation.
* Build system fixes to build clamav-milter, to correctly link
with libxml2 when detected, and to correctly detect fanotify
for on-access scanning feature support.
* Signature load time is significantly reduced by changing to a
more efficient algorithm for loading signature patterns and
allocating the AC trie. Patch courtesy of Alberto Wu.
* Introduced a new configure option to statically link libjson-c
with libclamav. Static linking with libjson is highly
recommended to prevent crashes in applications that use
libclamav alongside another JSON parsing library.
* Null-dereference fix in email parser when using the
--gen-json metadata option.
* Fixes for Authenticode parsing and certificate signature
(.crb database) bugs.
- dropped clamav-fix_building_milter.patch (upstreamed)
-------------------------------------------------------------------
Fri Nov 1 09:46:17 UTC 2019 - Arjen de Korte <suse+build@de-korte.org>
- update to 0.102.0
* The On-Access Scanning feature has been migrated out of clamd
and into a brand new utility named clamonacc. This utility is
similar to clamdscan and clamav-milter in that it acts as a
client to clamd. This separation from clamd means that clamd no
longer needs to run with root privileges while scanning potentially
malicious files. Instead, clamd may drop privileges to run under an
account that does not have super-user. In addition to improving the
security posture of running clamd with On-Access enabled, this
update fixed a few outstanding defects:
- On-Access scanning for created and moved files (Extra-Scanning)
is fixed.
- VirusEvent for On-Access scans is fixed.
- With clamonacc, it is now possible to copy, move, or remove a
file if the scan triggered an alert, just like with clamdscan.
* The freshclam database update utility has undergone a significant
update. This includes:
- Added support for HTTPS.
- Support for database mirrors hosted on ports other than 80.
- Removal of the mirror management feature (mirrors.dat).
- An all new libfreshclam library API.
- created new subpackage libfreshclam2
- dropped clamav-max_patch.patch (upstreamed)
- added clamav-fix_building_milter.patch to fix build of milter
-------------------------------------------------------------------
Fri Oct 25 14:53:06 UTC 2019 - Reinhard Max <max@suse.com>

26
clamav.spec
View File

@@ -1,7 +1,7 @@
#
# spec file for package clamav
#
# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
# Copyright (c) 2019 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -20,12 +20,12 @@
%define clamav_check --enable-check
Name: clamav
Version: 0.101.4
Version: 0.102.1
Release: 0
Summary: Antivirus Toolkit
License: GPL-2.0-only
Group: Productivity/Security
Url: http://www.clamav.net
URL: http://www.clamav.net
Source0: http://www.clamav.net/downloads/production/%name-%version.tar.gz
Source1: http://www.clamav.net/downloads/production/%name-%version.tar.gz.sig
Source4: clamav-rpmlintrc
@@ -39,8 +39,6 @@ Patch4: clamav-disable-timestamps.patch
Patch5: clamav-obsolete-config.patch
Patch6: clamav-disable-yara.patch
Patch7: clamav-str-h.patch
#PATCH-FIX-UPSTREAM clamav-max_patch.patch
Patch8: clamav-max_patch.patch
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: bc
@@ -94,6 +92,14 @@ Group: System/Libraries
ClamAV is an antivirus engine designed for detecting trojans,
viruses, malware and other malicious threats.
%package -n libfreshclam2
Summary: ClamAV updater library
Group: System/Libraries
%description -n libfreshclam2
ClamAV is an antivirus engine designed for detecting trojans,
viruses, malware and other malicious threats.
%package -n libclammspack0
Summary: ClamAV antivirus engine runtime
Group: System/Libraries
@@ -106,6 +112,7 @@ viruses, malware and other malicious threats.
Summary: Development files for libclamav, an antivirus engine
Group: Development/Libraries/C and C++
Requires: libclamav9 = %version
Requires: libfreshclam2 = %version
%description devel
ClamAV is an antivirus engine designed for detecting trojans,
@@ -121,7 +128,6 @@ that want to make use of libclamav.
%patch5
%patch6
%patch7
%patch8
%build
CFLAGS="-fstack-protector"
@@ -195,7 +201,9 @@ VALGRIND_GENSUP=1 make check
%post -n libclamav9 -p /sbin/ldconfig
%postun -n libclamav9 -p /sbin/ldconfig
%post -n libclammspack0 -p /sbin/ldconfig
%post -n libfreshclam2 -p /sbin/ldconfig
%postun -n libfreshclam2 -p /sbin/ldconfig
%post -n libclammspack0 -p /sbin/ldconfig
%postun -n libclammspack0 -p /sbin/ldconfig
%files
@@ -218,6 +226,9 @@ VALGRIND_GENSUP=1 make check
%files -n libclamav9
%_libdir/libclam*.so.9*
%files -n libfreshclam2
%_libdir/libfreshclam.so.2*
%if %{with clammspack}
%files -n libclammspack0
%_libdir/libclammspack.so.0*
@@ -226,6 +237,7 @@ VALGRIND_GENSUP=1 make check
%files devel
%_libdir/pkgconfig/*
%_libdir/libclam*.so
%_libdir/libfreshclam*.so
%_includedir/*
%pre