419e234024
- update to 0.102.1 * CVE-2019-15961: A Denial-of-Service (DoS) vulnerability may occur when scanning a specially crafted email file as a result of excessively long scan times. The issue is resolved by implementing several maximums in parsing MIME messages and by optimizing use of memory allocation. * Build system fixes to build clamav-milter, to correctly link with libxml2 when detected, and to correctly detect fanotify for on-access scanning feature support. * Signature load time is significantly reduced by changing to a more efficient algorithm for loading signature patterns and allocating the AC trie. Patch courtesy of Alberto Wu. * Introduced a new configure option to statically link libjson-c with libclamav. Static linking with libjson is highly recommended to prevent crashes in applications that use libclamav alongside another JSON parsing library. * Null-dereference fix in email parser when using the --gen-json metadata option. * Fixes for Authenticode parsing and certificate signature (.crb database) bugs. - dropped clamav-fix_building_milter.patch (upstreamed) - update to 0.102.0 * The On-Access Scanning feature has been migrated out of clamd and into a brand new utility named clamonacc. This utility is similar to clamdscan and clamav-milter in that it acts as a client to clamd. This separation from clamd means that clamd no longer needs to run with root privileges while scanning potentially malicious files. Instead, clamd may drop privileges to run under an account that does not have super-user. In addition to improving the security posture of running clamd with On-Access enabled, this update fixed a few outstanding defects: - On-Access scanning for created and moved files (Extra-Scanning) is fixed. - VirusEvent for On-Access scans is fixed. - With clamonacc, it is now possible to copy, move, or remove a file if the scan triggered an alert, just like with clamdscan. * The freshclam database update utility has undergone a significant update. This includes: - Added support for HTTPS. - Support for database mirrors hosted on ports other than 80. - Removal of the mirror management feature (mirrors.dat). - An all new libfreshclam library API. - created new subpackage libfreshclam2 - dropped clamav-max_patch.patch (upstreamed) - added clamav-fix_building_milter.patch to fix build of milter OBS-URL: https://build.opensuse.org/request/show/750749 OBS-URL: https://build.opensuse.org/package/show/security/clamav?expand=0&rev=193
86 lines
2.5 KiB
Diff
86 lines
2.5 KiB
Diff
Index: libclamav/tomsfastmath/misc/fp_ident.c
|
|
===================================================================
|
|
--- libclamav/tomsfastmath/misc/fp_ident.c.orig
|
|
+++ libclamav/tomsfastmath/misc/fp_ident.c
|
|
@@ -15,7 +15,11 @@ const char *fp_ident(void)
|
|
|
|
memset(buf, 0, sizeof(buf));
|
|
snprintf(buf, sizeof(buf)-1,
|
|
-"TomsFastMath (%s)\n"
|
|
+#if (ENABLE_TIMESTAMPS == 1)
|
|
+ "TomsFastMath (%s)\n"
|
|
+#else
|
|
+ "TomsFastMath\n"
|
|
+#endif
|
|
"\n"
|
|
"Sizeofs\n"
|
|
"\tfp_digit = %llu\n"
|
|
@@ -70,7 +74,11 @@ const char *fp_ident(void)
|
|
#ifdef TFM_HUGE
|
|
" TFM_HUGE "
|
|
#endif
|
|
+#if (ENABLE_TIMESTAMPS == 1)
|
|
"\n", __DATE__, (long long unsigned)sizeof(fp_digit), (long long unsigned)sizeof(fp_word), FP_MAX_SIZE);
|
|
+#else
|
|
+ "\n", (long long unsigned)sizeof(fp_digit), (long long unsigned)sizeof(fp_word), FP_MAX_SIZE);
|
|
+#endif
|
|
|
|
if (sizeof(fp_digit) == sizeof(fp_word)) {
|
|
strncat(buf, "WARNING: sizeof(fp_digit) == sizeof(fp_word), this build is likely to not work properly.\n",
|
|
Index: configure
|
|
===================================================================
|
|
--- configure.orig
|
|
+++ configure
|
|
@@ -814,6 +814,7 @@ FGREP
|
|
LIBFRESHCLAM_VERSION
|
|
LIBCLAMAV_VERSION_NUM
|
|
LIBCLAMAV_VERSION
|
|
+ENABLE_TIMESTAMPS
|
|
PACKAGE_VERSION_NUM
|
|
EGREP
|
|
GREP
|
|
@@ -924,6 +925,7 @@ ac_user_opts='
|
|
enable_mmap_for_cross_compiling
|
|
enable_dependency_tracking
|
|
enable_silent_rules
|
|
+enable_timestamps
|
|
enable_static
|
|
enable_shared
|
|
with_pic
|
|
@@ -1644,6 +1646,8 @@ Optional Features:
|
|
--enable-silent-rules less verbose build output (undo: "make V=1")
|
|
--disable-silent-rules verbose build output (undo: "make V=0")
|
|
--enable-static[=PKGS] build static libraries [default=no]
|
|
+ --enable-timestamps Enable embedding timestamp information in build
|
|
+ (default is YES)
|
|
--enable-shared[=PKGS] build shared libraries [default=yes]
|
|
--enable-fast-install[=PKGS]
|
|
optimize for fast installation [default=yes]
|
|
@@ -5927,6 +5931,26 @@ $as_echo "$ac_cv_safe_to_define___extens
|
|
|
|
$as_echo "#define _TANDEM_SOURCE 1" >>confdefs.h
|
|
|
|
+# Check whether --enable-timestamps was given.
|
|
+if test "${enable_timestamps+set}" = set; then :
|
|
+ enableval=$enable_timestamps;
|
|
+else
|
|
+ enableval=default
|
|
+fi
|
|
+
|
|
+case "$enableval" in
|
|
+ yes) ENABLE_TIMESTAMPS=1
|
|
+ ;;
|
|
+ no) ENABLE_TIMESTAMPS=0
|
|
+ ;;
|
|
+ default) ENABLE_TIMESTAMPS=1
|
|
+ ;;
|
|
+ *) as_fn_error $? "Invalid setting for --enable-timestamps. Use \"yes\" or \"no\"" "$LINENO" 5 ;;
|
|
+esac
|
|
+
|
|
+cat >>confdefs.h <<_ACEOF
|
|
+#define ENABLE_TIMESTAMPS $ENABLE_TIMESTAMPS
|
|
+_ACEOF
|
|
|
|
|
|
VERSION="0.102.1"
|