From fb45a6895ca2949bc37c0c45cf36a0e93cd8d1c5a55adea49acaf96037257cfc Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Tue, 19 Jun 2012 20:15:38 +0000 Subject: [PATCH] Accepting request 125380 from home:AndreasStieger:branches:security - update to 0.95.5 [bnc#767574] - addresses possible evasion cases in some archive formats - CVE-2012-1457: allows to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size - CVE-2012-1458: allows to bypass malware detection via a crafted reset interval in the LZXC header of a CHM file - CVE-2012-1459: allows to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry - also addresses stability issues in portions of the bytecode engine - update clamav-conf.patch for moved lines - add a definitions snapshot as {main,daily}.cvd no longer in tarball - fix file-contains-date-and-time rpmlint warning OBS-URL: https://build.opensuse.org/request/show/125380 OBS-URL: https://build.opensuse.org/package/show/security/clamav?expand=0&rev=62 --- .gitattributes | 3 +++ clamav-0.97.4.tar.gz | 3 --- clamav-0.97.5.tar.gz | 3 +++ clamav-conf.patch | 16 ++++++++-------- clamav.changes | 17 +++++++++++++++++ clamav.spec | 12 ++++++++++-- daily-15055.cvd | 3 +++ main-54.cvd | 3 +++ 8 files changed, 47 insertions(+), 13 deletions(-) delete mode 100644 clamav-0.97.4.tar.gz create mode 100644 clamav-0.97.5.tar.gz create mode 100644 daily-15055.cvd create mode 100644 main-54.cvd diff --git a/.gitattributes b/.gitattributes index 9b03811..f4178ea 100644 --- a/.gitattributes +++ b/.gitattributes @@ -21,3 +21,6 @@ *.xz filter=lfs diff=lfs merge=lfs -text *.zip filter=lfs diff=lfs merge=lfs -text *.zst filter=lfs diff=lfs merge=lfs -text +## Specific LFS patterns +daily-15055.cvd filter=lfs diff=lfs merge=lfs -text +main-54.cvd filter=lfs diff=lfs merge=lfs -text diff --git a/clamav-0.97.4.tar.gz b/clamav-0.97.4.tar.gz deleted file mode 100644 index 138609e..0000000 --- a/clamav-0.97.4.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:958dd09c9da9ceb50c9e556b3ced9cbdf40e836d2bdc98286ce96e84fd4a5a53 -size 48386114 diff --git a/clamav-0.97.5.tar.gz b/clamav-0.97.5.tar.gz new file mode 100644 index 0000000..f3ae87d --- /dev/null +++ b/clamav-0.97.5.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:db6c5e1a5ec8ca0b8006cf82661d3158d3365ba1b4bc14c03c5d0bca89a93c0d +size 14754465 diff --git a/clamav-conf.patch b/clamav-conf.patch index c020cea..7900267 100644 --- a/clamav-conf.patch +++ b/clamav-conf.patch @@ -1,7 +1,7 @@ Index: etc/clamav-milter.conf =================================================================== ---- etc/clamav-milter.conf.orig -+++ etc/clamav-milter.conf +--- etc/clamav-milter.conf.orig 2012-06-12 14:36:05.000000000 +0100 ++++ etc/clamav-milter.conf 2012-06-18 22:49:23.000000000 +0100 @@ -2,10 +2,6 @@ ## Example config file for clamav-milter ## @@ -68,8 +68,8 @@ Index: etc/clamav-milter.conf # Index: etc/clamd.conf =================================================================== ---- etc/clamd.conf.orig -+++ etc/clamd.conf +--- etc/clamd.conf.orig 2012-06-12 14:03:26.000000000 +0100 ++++ etc/clamd.conf 2012-06-18 22:49:23.000000000 +0100 @@ -1,12 +1,8 @@ ## -## Example config file for the Clam AV daemon @@ -134,7 +134,7 @@ Index: etc/clamd.conf # Maximum length the queue of pending connections may grow to. # Default: 200 -@@ -187,7 +183,7 @@ Example +@@ -186,7 +182,7 @@ Example # Run as another user (clamd must be started by root for this option to work) # Default: don't drop privileges @@ -143,7 +143,7 @@ Index: etc/clamd.conf # Initialize supplementary group access (clamd must be started by root). # Default: no -@@ -428,6 +424,10 @@ Example +@@ -440,6 +436,10 @@ Example # Enable Clamuko. Dazuko must be configured and running. Clamuko supports # both Dazuko (/dev/dazuko) and DazukoFS (/dev/dazukofs.ctrl). DazukoFS # is the preferred option. For more information please visit www.dazuko.org @@ -156,8 +156,8 @@ Index: etc/clamd.conf Index: etc/freshclam.conf =================================================================== ---- etc/freshclam.conf.orig -+++ etc/freshclam.conf +--- etc/freshclam.conf.orig 2012-06-12 14:36:05.000000000 +0100 ++++ etc/freshclam.conf 2012-06-18 22:49:23.000000000 +0100 @@ -1,12 +1,8 @@ ## -## Example config file for freshclam diff --git a/clamav.changes b/clamav.changes index 9f023ad..9c4a94f 100644 --- a/clamav.changes +++ b/clamav.changes @@ -1,3 +1,20 @@ +------------------------------------------------------------------- +Tue Jun 19 00:31:03 UTC 2012 - andreas.stieger@gmx.de + +- update to 0.95.5 [bnc#767574] +- addresses possible evasion cases in some archive formats +- CVE-2012-1457: allows to bypass malware detection via a TAR archive + entry with a length field that exceeds the total TAR file size +- CVE-2012-1458: allows to bypass malware detection via a crafted + reset interval in the LZXC header of a CHM file +- CVE-2012-1459: allows to bypass malware detection via a TAR archive + entry with a length field corresponding to that entire entry, plus + part of the header of the next entry +- also addresses stability issues in portions of the bytecode engine +- update clamav-conf.patch for moved lines +- add a definitions snapshot as {main,daily}.cvd no longer in tarball +- fix file-contains-date-and-time rpmlint warning + ------------------------------------------------------------------- Sat Mar 17 19:36:17 UTC 2012 - dimstar@opensuse.org diff --git a/clamav.spec b/clamav.spec index 4ee4f3b..193c340 100644 --- a/clamav.spec +++ b/clamav.spec @@ -45,7 +45,7 @@ BuildRequires: bzip2 Summary: Antivirus Toolkit License: GPL-2.0 Group: Productivity/Security -Version: 0.97.4 +Version: 0.97.5 Release: 0 Url: http://www.clamav.net Requires: latex2html-pngicons @@ -59,6 +59,10 @@ Source2: clamav-rcfreshclam Source3: clamav-updateclamconf Source4: clamav-rpmlintrc Source5: clamav-rcmilter +# http://db.local.clamav.net/main.cvd +Source6: main-54.cvd +# http://db.local.clamav.net/daily.cvd +Source7: daily-15055.cvd Patch1: clamav-conf.patch Patch2: clamav-sles9.patch Patch3: clamav-gcc47.patch @@ -157,7 +161,8 @@ CFLAGS="$CFLAGS -D_FFR_QUARANTINE -D_FFR_SMFI_OPENSOCKET" %clamav_check \ %llvm \ --disable-zlib-vcheck \ - --enable-clamdtop + --enable-clamdtop \ + --disable-timestamps make %{?jobs:-j%jobs} @@ -175,7 +180,10 @@ ln -s /etc/init.d/freshclam %buildroot%_sbindir/rcfreshclam install -m755 %SOURCE5 %buildroot/etc/init.d/clamav-milter ln -s /etc/init.d/clamav-milter %buildroot%_sbindir/rcclamav-milter install -m755 %SOURCE3 %buildroot%_sbindir/updateclamconf +install -d -m755 %buildroot/var/lib/clamav touch %buildroot/var/lib/clamav/{clamd,freshclam}.pid +install -m755 %SOURCE6 %buildroot/var/lib/clamav/main.cvd +install -m755 %SOURCE7 %buildroot/var/lib/clamav/daily.cvd for f in %buildroot/var/lib/clamav/*.cvd; do mv $f $f.dist touch $f diff --git a/daily-15055.cvd b/daily-15055.cvd new file mode 100644 index 0000000..98c14c9 --- /dev/null +++ b/daily-15055.cvd @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:c33f5ae2805a5ce6b30dc391b2b455d1e6fc30607e4c56f5358031fd2630b9bd +size 5204809 diff --git a/main-54.cvd b/main-54.cvd new file mode 100644 index 0000000..acecc52 --- /dev/null +++ b/main-54.cvd @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:1cf30db1c9a0755daff25e63f6ad9af191157275ebd843ca0f5e1b4f955fb737 +size 30750647