Accepting request 125380 from home:AndreasStieger:branches:security

- update to 0.95.5 [bnc#767574]
- addresses possible evasion cases in some archive formats
- CVE-2012-1457: allows to bypass malware detection via a TAR archive
  entry with a length field that exceeds the total TAR file size
- CVE-2012-1458: allows to bypass malware detection via a crafted
  reset interval in the LZXC header of a CHM file
- CVE-2012-1459: allows to bypass malware detection via a TAR archive
  entry with a length field corresponding to that entire entry, plus
  part of the header of the next entry
- also addresses stability issues in portions of the bytecode engine
- update clamav-conf.patch for moved lines
- add a definitions snapshot as {main,daily}.cvd no longer in tarball
- fix file-contains-date-and-time rpmlint warning

OBS-URL: https://build.opensuse.org/request/show/125380
OBS-URL: https://build.opensuse.org/package/show/security/clamav?expand=0&rev=62

.gitattributes

@@ -21,3 +21,6 @@
 *.xz filter=lfs diff=lfs merge=lfs -text
 *.zip filter=lfs diff=lfs merge=lfs -text
 *.zst filter=lfs diff=lfs merge=lfs -text
+## Specific LFS patterns
+daily-15055.cvd filter=lfs diff=lfs merge=lfs -text
+main-54.cvd filter=lfs diff=lfs merge=lfs -text

clamav-0.97.4.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:958dd09c9da9ceb50c9e556b3ced9cbdf40e836d2bdc98286ce96e84fd4a5a53
-size 48386114

clamav-0.97.5.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:db6c5e1a5ec8ca0b8006cf82661d3158d3365ba1b4bc14c03c5d0bca89a93c0d
+size 14754465

clamav-conf.patch

@@ -1,7 +1,7 @@
 Index: etc/clamav-milter.conf
 ===================================================================
---- etc/clamav-milter.conf.orig
+--- etc/clamav-milter.conf.orig	2012-06-12 14:36:05.000000000 +0100
-+++ etc/clamav-milter.conf
++++ etc/clamav-milter.conf	2012-06-18 22:49:23.000000000 +0100
 @@ -2,10 +2,6 @@
  ## Example config file for clamav-milter
  ##
@@ -68,8 +68,8 @@ Index: etc/clamav-milter.conf
  #
 Index: etc/clamd.conf
 ===================================================================
---- etc/clamd.conf.orig
+--- etc/clamd.conf.orig	2012-06-12 14:03:26.000000000 +0100
-+++ etc/clamd.conf
++++ etc/clamd.conf	2012-06-18 22:49:23.000000000 +0100
 @@ -1,12 +1,8 @@
  ##
 -## Example config file for the Clam AV daemon
@@ -134,7 +134,7 @@ Index: etc/clamd.conf
  
  # Maximum length the queue of pending connections may grow to.
  # Default: 200
-@@ -187,7 +183,7 @@ Example
+@@ -186,7 +182,7 @@ Example
  
  # Run as another user (clamd must be started by root for this option to work)
  # Default: don't drop privileges
@@ -143,7 +143,7 @@ Index: etc/clamd.conf
  
  # Initialize supplementary group access (clamd must be started by root).
  # Default: no
-@@ -428,6 +424,10 @@ Example
+@@ -440,6 +436,10 @@ Example
  # Enable Clamuko. Dazuko must be configured and running. Clamuko supports
  # both Dazuko (/dev/dazuko) and DazukoFS (/dev/dazukofs.ctrl). DazukoFS
  # is the preferred option. For more information please visit www.dazuko.org
@@ -156,8 +156,8 @@ Index: etc/clamd.conf
  
 Index: etc/freshclam.conf
 ===================================================================
---- etc/freshclam.conf.orig
+--- etc/freshclam.conf.orig	2012-06-12 14:36:05.000000000 +0100
-+++ etc/freshclam.conf
++++ etc/freshclam.conf	2012-06-18 22:49:23.000000000 +0100
 @@ -1,12 +1,8 @@
  ##
 -## Example config file for freshclam

clamav.changes

@@ -1,3 +1,20 @@
+-------------------------------------------------------------------
+Tue Jun 19 00:31:03 UTC 2012 - andreas.stieger@gmx.de
+
+- update to 0.95.5 [bnc#767574]
+- addresses possible evasion cases in some archive formats
+- CVE-2012-1457: allows to bypass malware detection via a TAR archive
+  entry with a length field that exceeds the total TAR file size
+- CVE-2012-1458: allows to bypass malware detection via a crafted
+  reset interval in the LZXC header of a CHM file
+- CVE-2012-1459: allows to bypass malware detection via a TAR archive
+  entry with a length field corresponding to that entire entry, plus
+  part of the header of the next entry
+- also addresses stability issues in portions of the bytecode engine
+- update clamav-conf.patch for moved lines
+- add a definitions snapshot as {main,daily}.cvd no longer in tarball
+- fix file-contains-date-and-time rpmlint warning
+
 -------------------------------------------------------------------
 Sat Mar 17 19:36:17 UTC 2012 - dimstar@opensuse.org
 

clamav.spec

@@ -45,7 +45,7 @@ BuildRequires:  bzip2
 Summary:        Antivirus Toolkit
 License:        GPL-2.0
 Group:          Productivity/Security
-Version:        0.97.4
+Version:        0.97.5
 Release:        0
 Url:            http://www.clamav.net
 Requires:       latex2html-pngicons
@@ -59,6 +59,10 @@ Source2:        clamav-rcfreshclam
 Source3:        clamav-updateclamconf
 Source4:        clamav-rpmlintrc
 Source5:        clamav-rcmilter
+# http://db.local.clamav.net/main.cvd
+Source6:        main-54.cvd
+# http://db.local.clamav.net/daily.cvd
+Source7:        daily-15055.cvd
 Patch1:         clamav-conf.patch
 Patch2:         clamav-sles9.patch
 Patch3:         clamav-gcc47.patch
@@ -157,7 +161,8 @@ CFLAGS="$CFLAGS -D_FFR_QUARANTINE -D_FFR_SMFI_OPENSOCKET"
 	%clamav_check \
 	%llvm \
 	--disable-zlib-vcheck \
-	--enable-clamdtop
+	--enable-clamdtop \
+	--disable-timestamps
 
 make %{?jobs:-j%jobs}
 
@@ -175,7 +180,10 @@ ln -s /etc/init.d/freshclam %buildroot%_sbindir/rcfreshclam
 install -m755 %SOURCE5 %buildroot/etc/init.d/clamav-milter
 ln -s /etc/init.d/clamav-milter %buildroot%_sbindir/rcclamav-milter
 install -m755 %SOURCE3 %buildroot%_sbindir/updateclamconf
+install -d -m755 %buildroot/var/lib/clamav
 touch %buildroot/var/lib/clamav/{clamd,freshclam}.pid
+install -m755 %SOURCE6 %buildroot/var/lib/clamav/main.cvd
+install -m755 %SOURCE7 %buildroot/var/lib/clamav/daily.cvd
 for f in %buildroot/var/lib/clamav/*.cvd; do
 	mv $f $f.dist
 	touch $f

daily-15055.cvd

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:c33f5ae2805a5ce6b30dc391b2b455d1e6fc30607e4c56f5358031fd2630b9bd
+size 5204809

main-54.cvd

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:1cf30db1c9a0755daff25e63f6ad9af191157275ebd843ca0f5e1b4f955fb737
+size 30750647