diff --git a/clamav-0.103.5.tar.gz b/clamav-0.103.5.tar.gz deleted file mode 100644 index c8ad812..0000000 --- a/clamav-0.103.5.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:1e74b1e1d2a8a9056449c313f48a6983b9d5ba0d6fb5ef0b2be6ad3c841a5426 -size 16434316 diff --git a/clamav-0.103.5.tar.gz.sig b/clamav-0.103.5.tar.gz.sig deleted file mode 100644 index 2335009..0000000 --- a/clamav-0.103.5.tar.gz.sig +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIcBAABAgAGBQJh3ZK/AAoJEGCbAk8rPt0HxwkP/iSf9aUJipn5YgqjqyVC1fKl -wUwvV8KoPH7C2kgo0AKZFTKRxaRahvL1WLx6PnnArl1ZVoH2JVrqm/1+Z8MT9U7J -YOKG3aI+KgBNG6ihxizsL37ZNn4aE7ne4SY7219rei7IW12OyiUvIkF3kA9lHtDX -/cqkrqu9GT7pB5dxt+GCQ/oX1cgMzV6/Hg9wE4DS0hSuQy74WRUZ/Rp+JAeQ7dUv -4u1dkGoUJQpo4g94amwOqcHlc+bBZMItTVSoJercjl8eOZqxSEN7kkHa2MrPFiaX -AJN4B4wMfrxi+jn+HUo7TshrRkzUzP0i+rIAn3hsvG4sjOxH/vWrCyfOGCIQb/l+ -ug1gBJ4LDSoQ9rL41c1OBYFPKhbrTYCSs+TULoKSFCJv8RgQA7/Vu3bulIHFRhtp -Lpvhgo1fsb741EVSoPFqQJe+XUAdH5BsW03TZuHnuIEnLvHbctYDJlkg0KN2IYg+ -4JgO65spoEHW2hldKR0A8W8U4+bPC2+94QuLoV6OXrnlL8qCj9RhRqywBM4gqSgC -p9rnx0E0tTrCDmevXn0IvTbwqxjtC8ig/mJejc4TiV70ps8xgLBeml4xsgr+PLYn -Obwf8/GOY3RwGQQMROLQSChenvXU/qnjqDRRzVtZSgBF7xBlGJ1xVm7pRLA/OF5d -sbOrPkTfkT+0ayLU46vg -=lf26 ------END PGP SIGNATURE----- diff --git a/clamav-0.103.6.tar.gz b/clamav-0.103.6.tar.gz new file mode 100644 index 0000000..8d8780f --- /dev/null +++ b/clamav-0.103.6.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:aaa12e3dc19f1d323b1c50d7a10fa8af557e4390149e864d59bde39b6ad9ba33 +size 16491761 diff --git a/clamav-0.103.6.tar.gz.sig b/clamav-0.103.6.tar.gz.sig new file mode 100644 index 0000000..4a2fcfa --- /dev/null +++ b/clamav-0.103.6.tar.gz.sig @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIcBAABAgAGBQJicDP4AAoJEGCbAk8rPt0HoMcP/i4uV0VatuqjIL1ULq5/Q7Wl +EQoo6J3SvnvbyDQSeQV/eBT3kmSvFonz1d2erg85uM/+JHzMPatFu44xJ8cXDmX8 +RhjVeJepMnKkXnP3MIdIbXnQJFkFxlOrNuJQ19waDbbe0PSySj9Z8XjhepdnnWFW +bZH0Oo+EyXK/KGLQkdNEXJH0hJtcy2VowYizNO15xszTcZn/weiggzkVUOj99i8N +oLtnQ6g9gLZtI7AFSw35ISnJ4ZEGGsuOy7ABTzu0rgJEka2A5JxicNhh/X058EXe +7UmqDJWHpc6CCu9cip03M/q7yNFz3mO+Su7P3fPZ0q3wGuYbodIVXec57j7BvvMO +/ehEmUg9FAeQa6Y9ub6c2HNYRkt652uRYvpRBh/Fwd/Jlx14kddW3pfNq7TUDJaU +KHQuEyfXRs96kwzKI5SWb7T6/bdvwl8mxzIBbCvftsxtuRVbDsIsgzduq8Yyct1L +kcdzs5jPNzPeLPD02W/6GeVbaJiJC2P3Ic4u0EKBjjLHuTYwOtIqp+He76aBx09Y +/lMfkFCteld8ivy29IRuidgsbgx5fyp3pB7c6CWZJU1ks/6gxcfY6VGKDVdbRPiq +n1w0xG9leSX3C3aAsRNVAaTyifqrjZZurFZTLFeM9W8/pB02MvsNo2wx/ALEWKzc +YHfGNkn6ucI+Rf7ShWiq +=nD0e +-----END PGP SIGNATURE----- diff --git a/clamav-ck_assert_msg.patch b/clamav-ck_assert_msg.patch deleted file mode 100644 index 29554cd..0000000 --- a/clamav-ck_assert_msg.patch +++ /dev/null @@ -1,22 +0,0 @@ -From 58d199cbe00e8a5ef5858ffc7991a346b9f3469e Mon Sep 17 00:00:00 2001 -From: Orion Poplawski -Date: Thu, 17 Sep 2020 22:26:04 -0600 -Subject: [PATCH] Fix ck_assert_msg() call - ---- - unit_tests/check_jsnorm.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/unit_tests/check_jsnorm.c b/unit_tests/check_jsnorm.c -index 5067a21a55..64f6bf8b37 100644 ---- a/unit_tests/check_jsnorm.c -+++ b/unit_tests/check_jsnorm.c -@@ -247,7 +247,7 @@ static void tokenizer_test(const char *in, const char *expected, int split) - fd = open(filename, O_RDONLY); - if (fd < 0) { - jstest_teardown(); -- ck_assert_msg("failed to open output file: %s", filename); -+ ck_assert_msg(0, "failed to open output file: %s", filename); - } - - diff_file_mem(fd, expected, len); diff --git a/clamav.changes b/clamav.changes index b438f1d..08d63c5 100644 --- a/clamav.changes +++ b/clamav.changes @@ -1,3 +1,37 @@ +------------------------------------------------------------------- +Thu May 5 15:50:42 UTC 2022 - Arjen de Korte + +- Update to 0.103.6 + * CVE-2022-20770: Fixed a possible infinite loop vulnerability in the CHM + file parser. Issue affects versions 0.104.0 through 0.104.2 and LTS + version 0.103.5 and prior versions. + * CVE-2022-20796: Fixed a possible NULL-pointer dereference crash in the + scan verdict cache check. Issue affects versions 0.103.4, 0.103.5, + 0.104.1, and 0.104.2. + * CVE-2022-20771: Fixed a possible infinite loop vulnerability in the + TIFF file parser. Issue affects versions 0.104.0 through 0.104.2 and + LTS version 0.103.5 and prior versions. The issue only occurs if the + "--alert-broken-media" ClamScan option is enabled. For ClamD, the + affected option is "AlertBrokenMedia yes", and for libclamav it is the + "CL_SCAN_HEURISTIC_BROKEN_MEDIA" scan option. + * CVE-2022-20785: Fixed a possible memory leak in the HTML file parser / + Javascript normalizer. Issue affects versions 0.104.0 through 0.104.2 + and LTS version 0.103.5 and prior versions. + * CVE-2022-20792: Fixed a possible multi-byte heap buffer overflow write + vulnerability in the signature database load module. The fix was to + update the vendored regex library to the latest version. Issue affects + versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior + versions. + * ClamOnAcc: Fixed a number of assorted stability issues and added + niceties for debugging ClamOnAcc. + * Fixed an issue causing byte-compare subsignatures to cause an alert + when they match even if other conditions of the given logical + signatures were not met. + * Fix memleak when using multiple byte-compare subsignatures. This fix + was backported from 0.104.0. + * Assorted bug fixes and improvements. +- Remove upstreamed clamav-ck_assert_msg.patch + ------------------------------------------------------------------- Tue Apr 12 13:56:37 UTC 2022 - Marcus Meissner diff --git a/clamav.spec b/clamav.spec index b886909..b12d28d 100644 --- a/clamav.spec +++ b/clamav.spec @@ -19,7 +19,7 @@ %bcond_with clammspack %bcond_with valgrind Name: clamav -Version: 0.103.5 +Version: 0.103.6 Release: 0 Summary: Antivirus Toolkit License: GPL-2.0-only @@ -39,7 +39,6 @@ Patch1: clamav-conf.patch Patch5: clamav-obsolete-config.patch Patch6: clamav-disable-yara.patch Patch12: clamav-fips.patch -Patch13: clamav-ck_assert_msg.patch Patch14: clamav-document-maxsize.patch BuildRequires: autoconf @@ -148,7 +147,6 @@ that want to make use of libclamav. %patch5 %patch6 %patch12 -%patch13 -p1 %patch14 -p1 %build