pool/clamav
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 626690 from security

Browse Source 
- bsc#1101654: Disable YARA support for licensing reasons
  (clamav-disable-yara.patch).
- Do not ignore errors from useradd et al.
- Unclutter the spec file.

- Update dendencies (pcre2, libjson-c and systemd)
- Modernise spec file with spec-cleaner

- fix library-without-ldconfig warnings on libclammspack

- Update to version 0.100.1
  * CVE-2018-0360: HWP integer overflow, infinite loop
    vulnerability (bsc#1101410)
  * CVE-2018-0361: PDF object length check, unreasonably long time
    to parse relatively small file (bsc#1101412) 
  * Buffer over-read in unRAR code due to missing max value checks
    in table initialization
  * Libmspack heap buffer over-read in CHM parser
  * PDF parser bugs
  * Add HTTPS support for clamsubmit
  * Fix for DNS resolution for users on IPv4-only machines where
    IPv6 is not available or is link-local only

OBS-URL: https://build.opensuse.org/request/show/626690
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/clamav?expand=0&rev=95
This commit is contained in:
Dominique Leuenberger 2018-08-02 12:58:41 +00:00 committed by Git OBS Bridge
commit 7d39e7c08c
8 changed files with 152 additions and 68 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
clamav-0.100.0.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:c5c5edaf75a3c53ac0f271148fd6447310bce53f448ec7e6205124a25918f65c
size 16036757

16
clamav-0.100.0.tar.gz.sig
View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIcBAABAgAGBQJay4N+AAoJEPE/nha8pb+tUiEP/isw/OZ5t183XjjPVV3wtIH1
xbPkCG5/842Ui8Dd2G14VUEW+abUDueBU1Fn4hPixGVOmXiEmltwlM2R6+qjutVO
al18jCkJXMq9sfqO0pMom8NDf3mNu9sy3oqARekrnLO1JZI0w5HKAAJg3VaCBBEZ
YD7XxtuO8R1R9BBSAwx4E1NG9skQ+WAJVlT7ckWCuqW6SafIsqnM2f9KV1lYitod
7mXl72nPQA3xkiqri1XLZrkiViZyzX5q3LRYdADlHk79MmDZuaaVIfza42SEYjQm
TYTh5vvi1yUz6qhALFfbqOdOTQLri0gZp00xlmH+5MhVcnHZVAfzA3R57VcleD+o
LpC9WUAEUL3D15KQlLhrV7Y0D82M79jJDXExRM2TozjUnA3WrQRZZqlJg5iEBHcu
VP/O7hLNslm8SFRd1SHQ7C4D7X9odW3D64QySEpx9TyUWSesQg/hSO3F9Xj6eBRy
JWYc90iu8DFedR+QrkwnMIbgbTeYxVjnPwKfI1E8vGrojYFKI3nFATQERRAcnrSz
FjaffXxkMPULKCi8JqcvomlZkj+W1LvZ9OEdtD92nz4mX/C6tHaPy6A2alByHElp
CMXYc8IIT3WWFV73O17xBdLhpyJRnmuHQ3IpJMKXh89lgX+t/ABAkWlmQsLy9PpH
SlfPF6qoRTu2fSlQmEJu
=KvcM
-----END PGP SIGNATURE-----

3
clamav-0.100.1.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:84e026655152247de7237184ee13003701c40be030dd68e0316111049f58a59f
size 16154415

16
clamav-0.100.1.tar.gz.sig Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIcBAABAgAGBQJbO66OAAoJEPE/nha8pb+t2SkP/0i9fOLm2FCBs/kRGiGgd4zn
RxLwsW0Wskf0C/5dLhNHP/aeHSqeWZQdasmIgUzxxGhksp/gxwmH66h5y6qjACU2
LnDytMr5DuM0rPAfNtOmnCQcpKVXvRA5utboCP7BWBLsfdfi1tF/Sw/JknDzDu5a
AExBpiclix4EEHa4VkG+pMYpLLYUfxMZgKuq9b3ytWgNbCz0riSugr3hkoL72uRy
xfrN2S0YkHy1Kw/7zohcHJa1qfPXZ/V6S1iSBCSfk3OTeExJhQIDxlLNTkcBr8L0
H9Fo6RnQ2ttYtdphKU1suN4spFxBJD94zkOB+0cLfk6sCeYb4BXrqX6t19N+9Z9+
m2fx2zay12skW/eABFtG82ToWTojCfHhKrRRDZRE8iXh2KUKMUkx7kSjhDRNR9eE
WIpfAom4vdgDwDOgHwziUqr65l8Dr3NFC1LJl8F0uaFGshbjbtMufD88S0TQCvw6
pJAZ8ZiTXqtmT9Uyw9aObffA2ekKWOY4k/6Z7ved76GkXC+e922Z+LpRE8wE05Cz
sqwkzIQMLwwBo3468vB0RFxS14AVyLFVogmYxkhLcZC39yFBZVJF4++efsrlt+vq
+OoJl7JF1NYp8KSGGAIuNY5dyJGtiu709n7ppU6JAY2uhAzEjHYeqM0caDjPDjT2
/LK7EO0s7O30HEld5gDC
=xbrK
-----END PGP SIGNATURE-----

2
clamav-disable-timestamps.patch
View File

@ -78,4 +78,4 @@
+_ACEOF +_ACEOF
VERSION="0.100.0" VERSION="0.100.1"

39
clamav-disable-yara.patch Normal file
View File

@ -0,0 +1,39 @@
--- m4/reorganization/yara.m4.orig
+++ m4/reorganization/yara.m4
@@ -6,7 +6,7 @@ enable_yara=$enableval, enable_yara="yes
if test "$enable_yara" = "yes"; then
AC_DEFINE([HAVE_YARA],1,[yara sources are compiled in])
- AC_SUBST([HAVE_YARA])
+ AC_SUBST([HAVE_YARA], 1)
fi
--- unit_tests/check_common.sh.orig
+++ unit_tests/check_common.sh
@@ -222,6 +222,7 @@ EOF
scan_failed clamscan4.log "clamscan has detected spurious VI's"
fi
+if test "x$HAVE_YARA" = "x1"; then
cat <<EOF >test-db/test.yara
rule yara_at_offset {strings: \$tar_magic = { 75 73 74 61 72 } condition: \$tar_magic at 257}
EOF
@@ -249,6 +250,7 @@ EOF
fi
test_end $1
+fi
}
# ----------- clamd tests --------------------------------------------------------
--- configure.orig
+++ configure
@@ -24324,6 +24324,7 @@ if test "$enable_yara" = "yes"; then
$as_echo "#define HAVE_YARA 1" >>confdefs.h
+ HAVE_YARA=1
fi

35
clamav.changes
View File

@ -1,3 +1,38 @@
-------------------------------------------------------------------
Tue Jul 31 08:43:39 UTC 2018 - max@suse.com
- bsc#1101654: Disable YARA support for licensing reasons
(clamav-disable-yara.patch).
- Do not ignore errors from useradd et al.
- Unclutter the spec file.
-------------------------------------------------------------------
Wed Jul 25 16:23:09 UTC 2018 - mpluskal@suse.com
- Update dendencies (pcre2, libjson-c and systemd)
- Modernise spec file with spec-cleaner
-------------------------------------------------------------------
Tue Jul 17 14:21:35 UTC 2018 - security@suse.com
- fix library-without-ldconfig warnings on libclammspack
-------------------------------------------------------------------
Tue Jul 10 08:06:33 UTC 2018 - egdfree@opensuse.org
- Update to version 0.100.1
* CVE-2018-0360: HWP integer overflow, infinite loop
vulnerability (bsc#1101410)
* CVE-2018-0361: PDF object length check, unreasonably long time
to parse relatively small file (bsc#1101412)
* Buffer over-read in unRAR code due to missing max value checks
in table initialization
* Libmspack heap buffer over-read in CHM parser
* PDF parser bugs
* Add HTTPS support for clamsubmit
* Fix for DNS resolution for users on IPv4-only machines where
IPv6 is not available or is link-local only
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Apr 26 15:35:15 UTC 2018 - max@suse.com Thu Apr 26 15:35:15 UTC 2018 - max@suse.com

104
clamav.spec
View File

@ -16,49 +16,55 @@
# #
%define clamav_check --enable-check
Name: clamav Name: clamav
Version: 0.100.1
Release: 0
Summary: Antivirus Toolkit
License: GPL-2.0-only
Group: Productivity/Security
URL: http://www.clamav.net
Source0: http://www.clamav.net/downloads/production/%name-%version.tar.gz
Source1: http://www.clamav.net/downloads/production/%name-%version.tar.gz.sig
Source4: clamav-rpmlintrc
Source6: clamav-tmpfiles.conf
Source7: service.clamd
Source8: service.freshclam
Source9: service.clamav-milter
Source11: clamav.keyring
Patch1: clamav-conf.patch
Patch4: clamav-disable-timestamps.patch
Patch5: clamav-obsolete-config.patch
Patch6: clamav-disable-yara.patch
BuildRequires: autoconf BuildRequires: autoconf
BuildRequires: automake BuildRequires: automake
BuildRequires: bc BuildRequires: bc
BuildRequires: check-devel BuildRequires: check-devel
BuildRequires: libbz2-devel BuildRequires: libbz2-devel
BuildRequires: libcurl-devel BuildRequires: libcurl-devel
BuildRequires: libjson-c-devel
BuildRequires: libopenssl-devel BuildRequires: libopenssl-devel
BuildRequires: libtool BuildRequires: libtool
BuildRequires: libxml2-devel BuildRequires: libxml2-devel
BuildRequires: ncurses-devel BuildRequires: ncurses-devel
BuildRequires: pcre-devel BuildRequires: pcre2-devel
BuildRequires: pkgconfig BuildRequires: pkgconfig
BuildRequires: pwdutils BuildRequires: pwdutils
BuildRequires: python-devel BuildRequires: python-devel
BuildRequires: sed BuildRequires: sed
BuildRequires: sendmail-devel BuildRequires: sendmail-devel
BuildRequires: zlib-devel BuildRequires: systemd-devel
%define clamav_check --enable-check
Summary: Antivirus Toolkit
License: GPL-2.0-only
Group: Productivity/Security
Version: 0.100.0
Release: 0
Url: http://www.clamav.net
Obsoletes: clamav-db < 0.88.3
Provides: clamav-nodb = %{version}
Obsoletes: clamav-nodb <= 0.98.4
Requires(pre): %_sbindir/groupadd %_sbindir/useradd %_sbindir/usermod
Requires(pre): /usr/bin/awk /bin/sed /bin/tar
Source0: http://www.clamav.net/downloads/production/%{name}-%{version}.tar.gz
Source1: http://www.clamav.net/downloads/production/%{name}-%{version}.tar.gz.sig
Source11: clamav.keyring
Source4: clamav-rpmlintrc
Source6: clamav-tmpfiles.conf
Source7: service.clamd
Source8: service.freshclam
Source9: service.clamav-milter
Patch1: clamav-conf.patch
Patch4: clamav-disable-timestamps.patch
Patch5: clamav-obsolete-config.patch
BuildRequires: systemd
BuildRequires: systemd-rpm-macros BuildRequires: systemd-rpm-macros
BuildRequires: zlib-devel
Requires(pre): %_bindir/awk
Requires(pre): %_sbindir/groupadd
Requires(pre): %_sbindir/useradd
Requires(pre): %_sbindir/usermod
Requires(pre): /bin/sed
Requires(pre): /bin/tar
Obsoletes: clamav-db < 0.88.3
Provides: clamav-nodb = %version
Obsoletes: clamav-nodb <= 0.98.4
%systemd_requires %systemd_requires
%description %description
@ -104,6 +110,7 @@ that want to make use of libclamav.
%patch1 %patch1
%patch4 %patch4
%patch5 %patch5
%patch6
%build %build
CFLAGS="-fstack-protector" CFLAGS="-fstack-protector"
@ -125,18 +132,19 @@ CFLAGS="$CFLAGS -DFP_64BIT"
%clamav_check \ %clamav_check \
--enable-clamdtop \ --enable-clamdtop \
--disable-zlib-vcheck \ --disable-zlib-vcheck \
--disable-timestamps --disable-timestamps \
--disable-yara
make V=1 %{?_smp_mflags} make V=1 %?_smp_mflags
%install %install
%make_install %make_install
install -d -m755 %buildroot/var/lib/clamav install -d -m755 %buildroot/var/lib/clamav
install -d -m755 %buildroot/%_tmpfilesdir install -d -m755 %buildroot/%_tmpfilesdir
install -m644 %{S:6} %buildroot%_tmpfilesdir/clamav.conf install -m644 %SOURCE6 %buildroot%_tmpfilesdir/clamav.conf
mkdir -p %buildroot/var/spool/amavis mkdir -p %buildroot/var/spool/amavis
mkdir -p -m 0755 %buildroot/run/clamav mkdir -p -m 0755 %buildroot/run/clamav
rm %buildroot/%_libdir/*.la find %buildroot -type f -name "*.la" -delete -print
# libclammspack is not meant to be linked against by anything but # libclammspack is not meant to be linked against by anything but
# libclamav # libclamav
@ -144,24 +152,24 @@ rm %buildroot%_libdir/pkgconfig/libclammspack.pc
rm %buildroot%_libdir/libclammspack.so rm %buildroot%_libdir/libclammspack.so
# fix the new config file names # fix the new config file names
pushd %buildroot/etc pushd %buildroot%_sysconfdir
mv clamd.conf.sample clamd.conf mv clamd.conf.sample clamd.conf
mv clamav-milter.conf.sample clamav-milter.conf mv clamav-milter.conf.sample clamav-milter.conf
mv freshclam.conf.sample freshclam.conf mv freshclam.conf.sample freshclam.conf
popd popd
# Systemd... # Systemd...
install -d -m 0755 %buildroot/%{_unitdir} install -d -m 0755 %buildroot/%_unitdir
install -m 0644 %{S:7} %buildroot/%{_unitdir}/clamd.service install -m 0644 %SOURCE7 %buildroot/%_unitdir/clamd.service
install -m 0644 %{S:8} %buildroot/%{_unitdir}/freshclam.service install -m 0644 %SOURCE8 %buildroot/%_unitdir/freshclam.service
install -m 0644 %{S:9} %buildroot/%{_unitdir}/clamav-milter.service install -m 0644 %SOURCE9 %buildroot/%_unitdir/clamav-milter.service
rm -f %buildroot/%{_unitdir}/clamav-daemon.service rm -f %buildroot/%_unitdir/clamav-daemon.service
rm -f %buildroot/%{_unitdir}/clamav-daemon.socket rm -f %buildroot/%_unitdir/clamav-daemon.socket
rm -f %buildroot/%{_unitdir}/clamav-freshclam.service rm -f %buildroot/%_unitdir/clamav-freshclam.service
# this is broken if system does not have systemd so don't # this is broken if system does not have systemd so don't
# use it at all on systems without mandatory systemd # use it at all on systems without mandatory systemd
for srvname in clamd freshclam clamav-milter;do for srvname in clamd freshclam clamav-milter;do
(export PATH=/usr/sbin:/sbin:$PATH ;ln -sf $(which service) %{buildroot}/%{_sbindir}/rc${srvname}) (export PATH=%_prefix/sbin:/sbin:$PATH ;ln -sf $(which service) %buildroot/%_sbindir/rc${srvname})
done done
%check %check
@ -173,17 +181,19 @@ VALGRIND_GENSUP=1 make check
%post -n libclamav7 -p /sbin/ldconfig %post -n libclamav7 -p /sbin/ldconfig
%postun -n libclamav7 -p /sbin/ldconfig %postun -n libclamav7 -p /sbin/ldconfig
%post -n libclammspack0 -p /sbin/ldconfig
%postun -n libclammspack0 -p /sbin/ldconfig
%files %files
%config(noreplace) %_sysconfdir/*.conf %config(noreplace) %_sysconfdir/*.conf
#systemd... #systemd...
%{_unitdir}/clamd.service %_unitdir/clamd.service
%{_unitdir}/freshclam.service %_unitdir/freshclam.service
%{_unitdir}/clamav-milter.service %_unitdir/clamav-milter.service
%_tmpfilesdir %_tmpfilesdir
%doc COPYING* %license COPYING*
%doc docs/*.pdf docs/html %doc docs/*.pdf docs/html
%doc %_mandir/*/* %_mandir/*/*
%_bindir/* %_bindir/*
%_sbindir/* %_sbindir/*
%defattr(-,vscan,vscan) %defattr(-,vscan,vscan)
@ -203,11 +213,11 @@ VALGRIND_GENSUP=1 make check
%_includedir/* %_includedir/*
%pre %pre
getent group vscan >/dev/null || %_sbindir/groupadd -r vscan || : getent group vscan >/dev/null || %_sbindir/groupadd -r vscan
getent passwd vscan >/dev/null || \ getent passwd vscan >/dev/null || \
%_sbindir/useradd -r -o -g vscan -u 65 -s /bin/false \ %_sbindir/useradd -r -o -g vscan -u 65 -s /bin/false \
-c "Vscan account" -d /var/spool/amavis vscan || : -c "Vscan account" -d /var/spool/amavis vscan
%_sbindir/usermod vscan -g vscan 2> /dev/null || : %_sbindir/usermod vscan -g vscan
%service_add_pre clamd.service freshclam.service clamav-milter.service %service_add_pre clamd.service freshclam.service clamav-milter.service
%post %post