pool/clamav
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 975241 from home:adkorte:branches:security

Browse Source 
- Update to 0.103.6
  * CVE-2022-20770: Fixed a possible infinite loop vulnerability in the CHM
    file parser. Issue affects versions 0.104.0 through 0.104.2 and LTS
    version 0.103.5 and prior versions.
  * CVE-2022-20796: Fixed a possible NULL-pointer dereference crash in the
    scan verdict cache check. Issue affects versions 0.103.4, 0.103.5,
    0.104.1, and 0.104.2.
  * CVE-2022-20771: Fixed a possible infinite loop vulnerability in the
    TIFF file parser. Issue affects versions 0.104.0 through 0.104.2 and
    LTS version 0.103.5 and prior versions. The issue only occurs if the
    "--alert-broken-media" ClamScan option is enabled. For ClamD, the
    affected option is "AlertBrokenMedia yes", and for libclamav it is the
    "CL_SCAN_HEURISTIC_BROKEN_MEDIA" scan option.
  * CVE-2022-20785: Fixed a possible memory leak in the HTML file parser /
    Javascript normalizer. Issue affects versions 0.104.0 through 0.104.2
    and LTS version 0.103.5 and prior versions.
  * CVE-2022-20792: Fixed a possible multi-byte heap buffer overflow write
    vulnerability in the signature database load module. The fix was to
    update the vendored regex library to the latest version. Issue affects
    versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior
    versions.
  * ClamOnAcc: Fixed a number of assorted stability issues and added
    niceties for debugging ClamOnAcc.
  * Fixed an issue causing byte-compare subsignatures to cause an alert
    when they match even if other conditions of the given logical
    signatures were not met.
  * Fix memleak when using multiple byte-compare subsignatures. This fix
    was backported from 0.104.0.
  * Assorted bug fixes and improvements.
- Remove upstreamed clamav-ck_assert_msg.patch

OBS-URL: https://build.opensuse.org/request/show/975241
OBS-URL: https://build.opensuse.org/package/show/security/clamav?expand=0&rev=232
This commit is contained in:
Robert Frohl 2022-05-06 09:28:32 +00:00 committed by Git OBS Bridge
parent 39f7a7c432
commit a2ea93b424
7 changed files with 54 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
clamav-0.103.5.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:1e74b1e1d2a8a9056449c313f48a6983b9d5ba0d6fb5ef0b2be6ad3c841a5426
size 16434316

16
clamav-0.103.5.tar.gz.sig
View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIcBAABAgAGBQJh3ZK/AAoJEGCbAk8rPt0HxwkP/iSf9aUJipn5YgqjqyVC1fKl
wUwvV8KoPH7C2kgo0AKZFTKRxaRahvL1WLx6PnnArl1ZVoH2JVrqm/1+Z8MT9U7J
YOKG3aI+KgBNG6ihxizsL37ZNn4aE7ne4SY7219rei7IW12OyiUvIkF3kA9lHtDX
/cqkrqu9GT7pB5dxt+GCQ/oX1cgMzV6/Hg9wE4DS0hSuQy74WRUZ/Rp+JAeQ7dUv
4u1dkGoUJQpo4g94amwOqcHlc+bBZMItTVSoJercjl8eOZqxSEN7kkHa2MrPFiaX
AJN4B4wMfrxi+jn+HUo7TshrRkzUzP0i+rIAn3hsvG4sjOxH/vWrCyfOGCIQb/l+
ug1gBJ4LDSoQ9rL41c1OBYFPKhbrTYCSs+TULoKSFCJv8RgQA7/Vu3bulIHFRhtp
Lpvhgo1fsb741EVSoPFqQJe+XUAdH5BsW03TZuHnuIEnLvHbctYDJlkg0KN2IYg+
4JgO65spoEHW2hldKR0A8W8U4+bPC2+94QuLoV6OXrnlL8qCj9RhRqywBM4gqSgC
p9rnx0E0tTrCDmevXn0IvTbwqxjtC8ig/mJejc4TiV70ps8xgLBeml4xsgr+PLYn
Obwf8/GOY3RwGQQMROLQSChenvXU/qnjqDRRzVtZSgBF7xBlGJ1xVm7pRLA/OF5d
sbOrPkTfkT+0ayLU46vg
=lf26
-----END PGP SIGNATURE-----

3
clamav-0.103.6.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:aaa12e3dc19f1d323b1c50d7a10fa8af557e4390149e864d59bde39b6ad9ba33
size 16491761

16
clamav-0.103.6.tar.gz.sig Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIcBAABAgAGBQJicDP4AAoJEGCbAk8rPt0HoMcP/i4uV0VatuqjIL1ULq5/Q7Wl
EQoo6J3SvnvbyDQSeQV/eBT3kmSvFonz1d2erg85uM/+JHzMPatFu44xJ8cXDmX8
RhjVeJepMnKkXnP3MIdIbXnQJFkFxlOrNuJQ19waDbbe0PSySj9Z8XjhepdnnWFW
bZH0Oo+EyXK/KGLQkdNEXJH0hJtcy2VowYizNO15xszTcZn/weiggzkVUOj99i8N
oLtnQ6g9gLZtI7AFSw35ISnJ4ZEGGsuOy7ABTzu0rgJEka2A5JxicNhh/X058EXe
7UmqDJWHpc6CCu9cip03M/q7yNFz3mO+Su7P3fPZ0q3wGuYbodIVXec57j7BvvMO
/ehEmUg9FAeQa6Y9ub6c2HNYRkt652uRYvpRBh/Fwd/Jlx14kddW3pfNq7TUDJaU
KHQuEyfXRs96kwzKI5SWb7T6/bdvwl8mxzIBbCvftsxtuRVbDsIsgzduq8Yyct1L
kcdzs5jPNzPeLPD02W/6GeVbaJiJC2P3Ic4u0EKBjjLHuTYwOtIqp+He76aBx09Y
/lMfkFCteld8ivy29IRuidgsbgx5fyp3pB7c6CWZJU1ks/6gxcfY6VGKDVdbRPiq
n1w0xG9leSX3C3aAsRNVAaTyifqrjZZurFZTLFeM9W8/pB02MvsNo2wx/ALEWKzc
YHfGNkn6ucI+Rf7ShWiq
=nD0e
-----END PGP SIGNATURE-----

22
clamav-ck_assert_msg.patch
View File

@ -1,22 +0,0 @@
From 58d199cbe00e8a5ef5858ffc7991a346b9f3469e Mon Sep 17 00:00:00 2001
From: Orion Poplawski <orion@nwra.com>
Date: Thu, 17 Sep 2020 22:26:04 -0600
Subject: [PATCH] Fix ck_assert_msg() call
---
unit_tests/check_jsnorm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/unit_tests/check_jsnorm.c b/unit_tests/check_jsnorm.c
index 5067a21a55..64f6bf8b37 100644
--- a/unit_tests/check_jsnorm.c
+++ b/unit_tests/check_jsnorm.c
@@ -247,7 +247,7 @@ static void tokenizer_test(const char *in, const char *expected, int split)
fd = open(filename, O_RDONLY);
if (fd < 0) {
jstest_teardown();
- ck_assert_msg("failed to open output file: %s", filename);
+ ck_assert_msg(0, "failed to open output file: %s", filename);
}
diff_file_mem(fd, expected, len);

34
clamav.changes
View File

@ -1,3 +1,37 @@
-------------------------------------------------------------------
Thu May 5 15:50:42 UTC 2022 - Arjen de Korte <suse+build@de-korte.org>
- Update to 0.103.6
* CVE-2022-20770: Fixed a possible infinite loop vulnerability in the CHM
file parser. Issue affects versions 0.104.0 through 0.104.2 and LTS
version 0.103.5 and prior versions.
* CVE-2022-20796: Fixed a possible NULL-pointer dereference crash in the
scan verdict cache check. Issue affects versions 0.103.4, 0.103.5,
0.104.1, and 0.104.2.
* CVE-2022-20771: Fixed a possible infinite loop vulnerability in the
TIFF file parser. Issue affects versions 0.104.0 through 0.104.2 and
LTS version 0.103.5 and prior versions. The issue only occurs if the
"--alert-broken-media" ClamScan option is enabled. For ClamD, the
affected option is "AlertBrokenMedia yes", and for libclamav it is the
"CL_SCAN_HEURISTIC_BROKEN_MEDIA" scan option.
* CVE-2022-20785: Fixed a possible memory leak in the HTML file parser /
Javascript normalizer. Issue affects versions 0.104.0 through 0.104.2
and LTS version 0.103.5 and prior versions.
* CVE-2022-20792: Fixed a possible multi-byte heap buffer overflow write
vulnerability in the signature database load module. The fix was to
update the vendored regex library to the latest version. Issue affects
versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior
versions.
* ClamOnAcc: Fixed a number of assorted stability issues and added
niceties for debugging ClamOnAcc.
* Fixed an issue causing byte-compare subsignatures to cause an alert
when they match even if other conditions of the given logical
signatures were not met.
* Fix memleak when using multiple byte-compare subsignatures. This fix
was backported from 0.104.0.
* Assorted bug fixes and improvements.
- Remove upstreamed clamav-ck_assert_msg.patch
-------------------------------------------------------------------
Tue Apr 12 13:56:37 UTC 2022 - Marcus Meissner <meissner@suse.com>

4
clamav.spec
View File

@ -19,7 +19,7 @@
%bcond_with clammspack
%bcond_with valgrind
Name: clamav
Version: 0.103.5
Version: 0.103.6
Release: 0
Summary: Antivirus Toolkit
License: GPL-2.0-only
@ -39,7 +39,6 @@ Patch1: clamav-conf.patch
Patch5: clamav-obsolete-config.patch
Patch6: clamav-disable-yara.patch
Patch12: clamav-fips.patch
Patch13: clamav-ck_assert_msg.patch
Patch14: clamav-document-maxsize.patch
BuildRequires: autoconf
@ -148,7 +147,6 @@ that want to make use of libclamav.
%patch5
%patch6
%patch12
%patch13 -p1
%patch14 -p1
%build