diff --git a/clamav-0.102.3.tar.gz b/clamav-0.102.3.tar.gz deleted file mode 100644 index efc4436..0000000 --- a/clamav-0.102.3.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:ed3050c4569989ee7ab54c7b87246b41ed808259632849be0706467442dc0693 -size 13226108 diff --git a/clamav-0.102.3.tar.gz.sig b/clamav-0.102.3.tar.gz.sig deleted file mode 100644 index c40338a..0000000 --- a/clamav-0.102.3.tar.gz.sig +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIcBAABAgAGBQJeuqCcAAoJEPE/nha8pb+tUXsP/Rq7nf3Z8JA/cakdVVqh1qPq -rr3+aHXgCK55exapNl/e3rXshqqXyDX0NFH+REf7yb1LArM6W89hZdY4WIcEJ6kt -FF2UpJTWKmLCQ69uTYUxs3vdN3UjmcRA5AVv4CPevANCY9y8+iNju+HDKlb9fFVC -aS2wdRNNIARI3C38STt3dYnhi1IHaK2vbld8a9MTN0BYPqFhFtPJjCkUTAG5J0yP -+BQlN/aqtZpQZblY1Bl/um6lTgizdcBikWJ28YxDPCVoWpVuUwDL10hQwtpL9WBB -ijmA5YuG4t6aHr+VcuFXa90DWnclGHhrNkA3+Pdaa0U/IUI+J8gZQnlEsXL+s67G -SPaLvKqLPRRN3h8gSfhMzhBCra6l+MMJX/IgGG+yNgxMl7dp72KflCHk54aF6/XG -LUEIiRvrbiVRh3YyAXJevAluXd8egwIDdE+QPlrZUHE205q8pCDUNYsBV5vYW0Vg -Drn2swhmXvFhlon/1QLBUqcsfrDNUlq3HhLonNRAuiwJ4162oZSajigfQPgeoUzU -OF8jm7iNNmq6sjh1huGOKreMxCn0oV3z7nT2UV5ecWpXFGBqe9tiXAg0VL8FBsJN -yijWJW4X6s3WD3SsjLORubCZ9lwGzG0+q2NlsojZDjdVcP7wk+3IZi+N4bdi46ud -sF6hgdqC/vPnL7zEHxRJ -=ecNL ------END PGP SIGNATURE----- diff --git a/clamav-0.102.4.tar.gz b/clamav-0.102.4.tar.gz new file mode 100644 index 0000000..1e066d2 --- /dev/null +++ b/clamav-0.102.4.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:eebd426a68020ecad0d2084b8c763e6898ccfd5febcae833d719640bb3ff391b +size 13234444 diff --git a/clamav-0.102.4.tar.gz.sig b/clamav-0.102.4.tar.gz.sig new file mode 100644 index 0000000..3487fd9 --- /dev/null +++ b/clamav-0.102.4.tar.gz.sig @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIcBAABAgAGBQJfD5GjAAoJEPE/nha8pb+tICwP/jLhv1LzuxcvHxxbjWK14+SQ +rY9DazbS7yxnCR62Esy/kbiyjq/EWTLGmWH1U95T1dde+RfBI5dUpcNVvgx2gO+f +tXn4Y9kdN/Zuu6QgD8aqgJ9+jwgdkaoh2a5DpBYM58dsjQuDfPMR61QWMUJBag36 +0g9XniENUiTS/a4Sff1U58tnHoj0VM9R6Zf7NktscomeQ7yy3g7ShPAttdcGVje6 +CECoeZFUO0C8YlgRqBC7O1d3xYusjUeudaYcVu0toeieRK8t2Imbl3XzYmb5T4sK +ZY7ORRPE+z4mT3zaJ+zOrk6mZROUKjt1tgWG4TJEl/tDaQJrJnp8AJpfBtmn8EzP +MAeHyeKF1wNH8cQJzQoZUgaz+mJvVCUWlzRNLaZqi65TZwmxRMF8EPFx5sBPbf/S +bp1fS7NThOTBucjFoZmD6j09YTW1Qs/Zk17naPS61oOReZXdTaojeZoLa+l+JJk/ +Ds6D5TMu+qIAGGGhN70KYsHfH6EmnaDcoUQjUs1nAQ8p+1r7oHhaZFBuhWGZstak +eoTO6jr7KjvwpkkQ+lSeOE+G/sNwZ2PktCVZ8y5S40U8JbWYr6TBBbGwbqSeNckc +ZZkP5Uh/8E6Z9TfoeuXwbHcEG2XQtYjtuDG3JWwAOEk8RpEjqz7E0rjkG4DEHQma +SuDZ2RZq4zwHaZEIA9ja +=K+Ht +-----END PGP SIGNATURE----- diff --git a/clamav-disable-timestamps.patch b/clamav-disable-timestamps.patch index 26d2415..a67f322 100644 --- a/clamav-disable-timestamps.patch +++ b/clamav-disable-timestamps.patch @@ -82,4 +82,4 @@ Index: configure +_ACEOF - VERSION="0.102.3" + VERSION="0.102.4" diff --git a/clamav.changes b/clamav.changes index 43ca8eb..e1c1291 100644 --- a/clamav.changes +++ b/clamav.changes @@ -1,3 +1,27 @@ +------------------------------------------------------------------- +Thu Jul 16 20:02:03 UTC 2020 - Arjen de Korte + +- Update to 0.102.4 + * CVE-2020-3350: Fix a vulnerability wherein a malicious user could + replace a scan target's directory with a symlink to another path + to trick clamscan, clamdscan, or clamonacc into removing or moving + a different file (eg. a critical system file). The issue would + affect users that use the --move or --remove options for clamscan, + clamdscan, and clamonacc. + * CVE-2020-3327: Fix a vulnerability in the ARJ archive parsing + module in ClamAV 0.102.3 that could cause a Denial-of-Service + (DoS) condition. Improper bounds checking results in an + out-of-bounds read which could cause a crash. The previous fix for + this CVE in 0.102.3 was incomplete. This fix correctly resolves + the issue. + * CVE-2020-3481: Fix a vulnerability in the EGG archive module in + ClamAV 0.102.0 - 0.102.3 could cause a Denial-of-Service (DoS) + condition. Improper error handling may result in a crash due to a + NULL pointer dereference. This vulnerability is mitigated for + those using the official ClamAV signature databases because the + file type signatures in daily.cvd will not enable the EGG archive + parser in versions affected by the vulnerability. + ------------------------------------------------------------------- Tue May 12 17:31:15 UTC 2020 - Arjen de Korte diff --git a/clamav.spec b/clamav.spec index 750f02d..8b74662 100644 --- a/clamav.spec +++ b/clamav.spec @@ -19,7 +19,7 @@ %define clamav_check --enable-check %bcond_with clammspack Name: clamav -Version: 0.102.3 +Version: 0.102.4 Release: 0 Summary: Antivirus Toolkit License: GPL-2.0-only @@ -153,7 +153,7 @@ CFLAGS="$CFLAGS -DFP_64BIT" --with-system-libmspack %endif -make V=1 %?_smp_mflags +%make_build %install %make_install @@ -247,7 +247,7 @@ getent passwd vscan >/dev/null || \ %service_add_pre clamd.service freshclam.service clamav-milter.service %post -systemd-tmpfiles --create %_tmpfilesdir/clamav.conf +%tmpfiles_create %_tmpfilesdir/clamav.conf %service_add_post clamd.service freshclam.service clamav-milter.service %preun