Accepting request 125380 from home:AndreasStieger:branches:security

- update to 0.95.5 [bnc#767574] - addresses possible evasion cases in some archive formats - CVE-2012-1457: allows to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size - CVE-2012-1458: allows to bypass malware detection via a crafted reset interval in the LZXC header of a CHM file - CVE-2012-1459: allows to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry - also addresses stability issues in portions of the bytecode engine - update clamav-conf.patch for moved lines - add a definitions snapshot as {main,daily}.cvd no longer in tarball - fix file-contains-date-and-time rpmlint warning OBS-URL: https://build.opensuse.org/request/show/125380 OBS-URL: https://build.opensuse.org/package/show/security/clamav?expand=0&rev=62
2012-06-19 20:15:38 +00:00 · 2012-06-19 20:15:38 +00:00 · fb45a6895c
commit fb45a6895c
parent 59675fea51
8 changed files with 47 additions and 13 deletions
--- a/.gitattributes
+++ b/.gitattributes
@ -21,3 +21,6 @@
 *.xz filter=lfs diff=lfs merge=lfs -text
 *.zip filter=lfs diff=lfs merge=lfs -text
 *.zst filter=lfs diff=lfs merge=lfs -text
+## Specific LFS patterns
+daily-15055.cvd filter=lfs diff=lfs merge=lfs -text
+main-54.cvd filter=lfs diff=lfs merge=lfs -text
--- a/clamav-0.97.4.tar.gz
+++ b/clamav-0.97.4.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:958dd09c9da9ceb50c9e556b3ced9cbdf40e836d2bdc98286ce96e84fd4a5a53
-size 48386114
--- a/clamav-0.97.5.tar.gz
+++ b/clamav-0.97.5.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:db6c5e1a5ec8ca0b8006cf82661d3158d3365ba1b4bc14c03c5d0bca89a93c0d
+size 14754465
--- a/clamav-conf.patch
+++ b/clamav-conf.patch
@ -1,7 +1,7 @@
 Index: etc/clamav-milter.conf
 ===================================================================
--- etc/clamav-milter.conf.orig
-+++ etc/clamav-milter.conf
+--- etc/clamav-milter.conf.orig	2012-06-12 14:36:05.000000000 +0100
+++ etc/clamav-milter.conf	2012-06-18 22:49:23.000000000 +0100
@@ -2,10 +2,6 @@
 ## Example config file for clamav-milter
 ##
@ -68,8 +68,8 @@ Index: etc/clamav-milter.conf
 #
 Index: etc/clamd.conf
 ===================================================================
--- etc/clamd.conf.orig
-+++ etc/clamd.conf
+--- etc/clamd.conf.orig	2012-06-12 14:03:26.000000000 +0100
+++ etc/clamd.conf	2012-06-18 22:49:23.000000000 +0100
@@ -1,12 +1,8 @@
 ##
 -## Example config file for the Clam AV daemon
@ -134,7 +134,7 @@ Index: etc/clamd.conf
 
 # Maximum length the queue of pending connections may grow to.
 # Default: 200
-@@ -187,7 +183,7 @@ Example
+@@ -186,7 +182,7 @@ Example
 
 # Run as another user (clamd must be started by root for this option to work)
 # Default: don't drop privileges
@ -143,7 +143,7 @@ Index: etc/clamd.conf
 
 # Initialize supplementary group access (clamd must be started by root).
 # Default: no
-@@ -428,6 +424,10 @@ Example
+@@ -440,6 +436,10 @@ Example
 # Enable Clamuko. Dazuko must be configured and running. Clamuko supports
 # both Dazuko (/dev/dazuko) and DazukoFS (/dev/dazukofs.ctrl). DazukoFS
 # is the preferred option. For more information please visit www.dazuko.org
@ -156,8 +156,8 @@ Index: etc/clamd.conf
 
 Index: etc/freshclam.conf
 ===================================================================
--- etc/freshclam.conf.orig
-+++ etc/freshclam.conf
+--- etc/freshclam.conf.orig	2012-06-12 14:36:05.000000000 +0100
+++ etc/freshclam.conf	2012-06-18 22:49:23.000000000 +0100
@@ -1,12 +1,8 @@
 ##
 -## Example config file for freshclam
--- a/clamav.changes
+++ b/clamav.changes
@ -1,3 +1,20 @@
+-------------------------------------------------------------------
+Tue Jun 19 00:31:03 UTC 2012 - andreas.stieger@gmx.de
+
+- update to 0.95.5 [bnc#767574]
+- addresses possible evasion cases in some archive formats
+- CVE-2012-1457: allows to bypass malware detection via a TAR archive
+  entry with a length field that exceeds the total TAR file size
+- CVE-2012-1458: allows to bypass malware detection via a crafted
+  reset interval in the LZXC header of a CHM file
+- CVE-2012-1459: allows to bypass malware detection via a TAR archive
+  entry with a length field corresponding to that entire entry, plus
+  part of the header of the next entry
+- also addresses stability issues in portions of the bytecode engine
+- update clamav-conf.patch for moved lines
+- add a definitions snapshot as {main,daily}.cvd no longer in tarball
+- fix file-contains-date-and-time rpmlint warning
+
 -------------------------------------------------------------------
 Sat Mar 17 19:36:17 UTC 2012 - dimstar@opensuse.org

--- a/clamav.spec
+++ b/clamav.spec
@ -45,7 +45,7 @@ BuildRequires:  bzip2
 Summary:        Antivirus Toolkit
 License:        GPL-2.0
 Group:          Productivity/Security
-Version:        0.97.4
+Version:        0.97.5
 Release:        0
 Url:            http://www.clamav.net
 Requires:       latex2html-pngicons
@ -59,6 +59,10 @@ Source2:        clamav-rcfreshclam
 Source3:        clamav-updateclamconf
 Source4:        clamav-rpmlintrc
 Source5:        clamav-rcmilter
+# http://db.local.clamav.net/main.cvd
+Source6:        main-54.cvd
+# http://db.local.clamav.net/daily.cvd
+Source7:        daily-15055.cvd
 Patch1:         clamav-conf.patch
 Patch2:         clamav-sles9.patch
 Patch3:         clamav-gcc47.patch
@ -157,7 +161,8 @@ CFLAGS="$CFLAGS -D_FFR_QUARANTINE -D_FFR_SMFI_OPENSOCKET"
 	%clamav_check \
 	%llvm \
 	--disable-zlib-vcheck \
-	--enable-clamdtop
+	--enable-clamdtop \
+	--disable-timestamps

 make %{?jobs:-j%jobs}

@ -175,7 +180,10 @@ ln -s /etc/init.d/freshclam %buildroot%_sbindir/rcfreshclam
 install -m755 %SOURCE5 %buildroot/etc/init.d/clamav-milter
 ln -s /etc/init.d/clamav-milter %buildroot%_sbindir/rcclamav-milter
 install -m755 %SOURCE3 %buildroot%_sbindir/updateclamconf
+install -d -m755 %buildroot/var/lib/clamav
 touch %buildroot/var/lib/clamav/{clamd,freshclam}.pid
+install -m755 %SOURCE6 %buildroot/var/lib/clamav/main.cvd
+install -m755 %SOURCE7 %buildroot/var/lib/clamav/daily.cvd
 for f in %buildroot/var/lib/clamav/*.cvd; do
 	mv $f $f.dist
 	touch $f
--- a/daily-15055.cvd
+++ b/daily-15055.cvd
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:c33f5ae2805a5ce6b30dc391b2b455d1e6fc30607e4c56f5358031fd2630b9bd
+size 5204809
--- a/main-54.cvd
+++ b/main-54.cvd
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:1cf30db1c9a0755daff25e63f6ad9af191157275ebd843ca0f5e1b4f955fb737
+size 30750647