Andreas Stieger
1ca8804a22
- Update to version 0.100.1
* CVE-2017-16932: Vulnerability in libxml2 dependency (affects
ClamAV on Windows only).
* CVE-2018-0360: HWP integer overflow, infinite loop
vulnerability. Reported by Secunia Research at Flexera.
* CVE-2018-0361: ClamAV PDF object length check, unreasonably
long time to parse relatively small file. Reported by aCaB.
* Buffer over-read in unRAR code due to missing max value checks
in table initialization. Reported by Rui Reis.
* Libmspack heap buffer over-read in CHM parser. Reported by
Hanno Böck.
* Buffer length checks when reading integers from non-NULL
terminated strings.
* Buffer length tracking when reading strings from dictionary
objects.
* HTTPS support for clamsubmit.
* Fix for DNS resolution for users on IPv4-only machines where
IPv6 is not available or is link-local only. Patch provided by
Guilherme Benkenstein.
OBS-URL: https://build.opensuse.org/request/show/622505
OBS-URL: https://build.opensuse.org/package/show/security/clamav?expand=0&rev=168
82 lines
2.2 KiB
Diff
82 lines
2.2 KiB
Diff
--- libclamav/tomsfastmath/misc/fp_ident.c.orig
|
|
+++ libclamav/tomsfastmath/misc/fp_ident.c
|
|
@@ -15,7 +15,11 @@ const char *fp_ident(void)
|
|
|
|
memset(buf, 0, sizeof(buf));
|
|
snprintf(buf, sizeof(buf)-1,
|
|
-"TomsFastMath (%s)\n"
|
|
+#if (ENABLE_TIMESTAMPS == 1)
|
|
+ "TomsFastMath (%s)\n"
|
|
+#else
|
|
+ "TomsFastMath\n"
|
|
+#endif
|
|
"\n"
|
|
"Sizeofs\n"
|
|
"\tfp_digit = %llu\n"
|
|
@@ -70,7 +74,11 @@ const char *fp_ident(void)
|
|
#ifdef TFM_HUGE
|
|
" TFM_HUGE "
|
|
#endif
|
|
+#if (ENABLE_TIMESTAMPS == 1)
|
|
"\n", __DATE__, (long long unsigned)sizeof(fp_digit), (long long unsigned)sizeof(fp_word), FP_MAX_SIZE);
|
|
+#else
|
|
+ "\n", (long long unsigned)sizeof(fp_digit), (long long unsigned)sizeof(fp_word), FP_MAX_SIZE);
|
|
+#endif
|
|
|
|
if (sizeof(fp_digit) == sizeof(fp_word)) {
|
|
strncat(buf, "WARNING: sizeof(fp_digit) == sizeof(fp_word), this build is likely to not work properly.\n",
|
|
--- configure.orig
|
|
+++ configure
|
|
@@ -800,6 +800,7 @@ FGREP
|
|
SED
|
|
LIBTOOL
|
|
LIBCLAMAV_VERSION
|
|
+ENABLE_TIMESTAMPS
|
|
EGREP
|
|
GREP
|
|
CPP
|
|
@@ -902,6 +903,7 @@ ac_user_opts='
|
|
enable_option_checking
|
|
enable_silent_rules
|
|
enable_dependency_tracking
|
|
+enable_timestamps
|
|
enable_static
|
|
enable_shared
|
|
with_pic
|
|
@@ -1616,6 +1618,8 @@ Optional Features:
|
|
--disable-dependency-tracking
|
|
speeds up one-time build
|
|
--enable-static[=PKGS] build static libraries [default=no]
|
|
+ --enable-timestamps Enable embedding timestamp information in build
|
|
+ (default is YES)
|
|
--enable-shared[=PKGS] build shared libraries [default=yes]
|
|
--enable-fast-install[=PKGS]
|
|
optimize for fast installation [default=yes]
|
|
@@ -5211,6 +5215,26 @@ $as_echo "$ac_cv_safe_to_define___extens
|
|
|
|
$as_echo "#define _TANDEM_SOURCE 1" >>confdefs.h
|
|
|
|
+# Check whether --enable-timestamps was given.
|
|
+if test "${enable_timestamps+set}" = set; then :
|
|
+ enableval=$enable_timestamps;
|
|
+else
|
|
+ enableval=default
|
|
+fi
|
|
+
|
|
+case "$enableval" in
|
|
+ yes) ENABLE_TIMESTAMPS=1
|
|
+ ;;
|
|
+ no) ENABLE_TIMESTAMPS=0
|
|
+ ;;
|
|
+ default) ENABLE_TIMESTAMPS=1
|
|
+ ;;
|
|
+ *) as_fn_error $? "Invalid setting for --enable-timestamps. Use \"yes\" or \"no\"" "$LINENO" 5 ;;
|
|
+esac
|
|
+
|
|
+cat >>confdefs.h <<_ACEOF
|
|
+#define ENABLE_TIMESTAMPS $ENABLE_TIMESTAMPS
|
|
+_ACEOF
|
|
|
|
|
|
VERSION="0.100.1"
|