Hello community, here is the log from the commit of package clamav checked in at Sun Feb 25 12:09:42 CET 2007. -------- --- clamav/clamav.changes 2006-12-12 12:22:43.000000000 +0100 +++ /mounts/work_src_done/STABLE/clamav/clamav.changes 2007-02-20 14:56:26.000000000 +0100 @@ -1,0 +2,30 @@ +Tue Feb 20 14:55:04 CET 2007 - max@suse.de + +- Update to version 0.90 (#246214) to fix two Vulnerabilities: + - CAB File Denial of Service (CVE-2007-0897) + - MIME Parsing Directory Traversal (CVE-2007-0898) +- Other changes of 0.90 include: + - Changed config file syntax (automatic conversion is done by the + RPM on update) + - New unpacker for RAR3, RAR2 and RAR1 + - Rewritten unpackers for Zip and CAB files + - Support for RAR-SFX, Zip-SFX and CAB-SFX archives + - New PE parsing model + - Support for PE32+ (64-bit) executables + - Support for MD5 signatures based on PE sections (.mdb) + - ELF file parser + - Support for Sensory Networks' NodalCore hardware acceleration + technology + - Algorithmic detection can be controlled with CL_SCAN_ALGORITHMIC + - Support for new obfuscators: SUE, Y0da Cryptor, CryptFF + - Support for new packers: NsPack, wwpack32, MEW, Upack + - Support for SIS files (SymbianOS packages) + - Support for PDF and RTF files + - TCP and local sockets can be operated simultaneously + - New command: MULTISCAN (scan directory with multiple threads) +- There where also some API/ABI changes which might affect packages + that link against libclamav. Affected functions are: cl_loaddb, + cl_loaddir and cl_scanbuff. +- Cleaned up daemonizing of clamd and freshclam. + +------------------------------------------------------------------- Old: ---- clamav-0.88.7.tar.bz2 New: ---- clamav-0.90.tar.bz2 clamav-daemonize.patch clamav-updateclamconf ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ clamav.spec ++++++ --- /var/tmp/diff_new_pack.y29567/_old 2007-02-25 12:09:05.000000000 +0100 +++ /var/tmp/diff_new_pack.y29567/_new 2007-02-25 12:09:05.000000000 +0100 @@ -1,7 +1,7 @@ # -# spec file for package clamav (Version 0.88.7) +# spec file for package clamav (Version 0.90) # -# Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany. # This file and all modifications and additions to the pristine # package are under the same license as the package itself. # @@ -15,18 +15,20 @@ BuildRequires: bc curl-devel gmp-devel pkgconfig tcpd-devel %endif Summary: Antivirus Toolkit -Version: 0.88.7 +Version: 0.90 Release: 1 License: GNU General Public License (GPL) Group: Productivity/Security URL: http://www.clamav.net Requires: latex2html-pngicons Obsoletes: clamav-db < 0.88.3 -Prereq: /usr/sbin/groupadd /usr/sbin/useradd +Prereq: %_sbindir/groupadd %_sbindir/useradd /usr/bin/awk /bin/sed Source0: %{name}-%{version}.tar.bz2 Source1: clamav-rcclamd Source2: clamav-rcfreshclam +Source3: clamav-updateclamconf Patch1: %name-conf.patch +Patch2: clamav-daemonize.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -64,6 +66,7 @@ %prep %setup -q %patch1 +%patch2 %build %if %suse_version >= 1010 @@ -90,16 +93,20 @@ rm -rf %buildroot %makeinstall mkdir -p %buildroot/etc/init.d -install -m755 %{SOURCE1} %buildroot/etc/init.d/clamd -ln -s /etc/init.d/clamd %buildroot/usr/sbin/rcclamd -install -m755 %{SOURCE2} %buildroot/etc/init.d/freshclam -ln -s /etc/init.d/freshclam %buildroot/usr/sbin/rcfreshclam +install -m755 %SOURCE1 %buildroot/etc/init.d/clamd +ln -s /etc/init.d/clamd %buildroot%_sbindir/rcclamd +install -m755 %SOURCE2 %buildroot/etc/init.d/freshclam +ln -s /etc/init.d/freshclam %buildroot%_sbindir/rcfreshclam +install -m755 %SOURCE3 %buildroot%_sbindir/updateclamconf touch %buildroot/var/lib/clamav/{clamd,freshclam}.pid for f in %buildroot/var/lib/clamav/*.cvd; do mv $f $f.dist touch $f done mkdir -p %buildroot/var/spool/amavis +%if 0%{?suse_version:%suse_version} > 1020 +rm %buildroot/%_libdir/*.la +%endif %clean rm -rf %buildroot @@ -129,9 +136,29 @@ /var/lib/clamav/*.cvd.dist %pre -/usr/sbin/groupadd -r vscan 2> /dev/null || : -/usr/sbin/useradd -r -o -g vscan -u 65 -s /bin/false -c "Vscan account" -d /var/spool/amavis vscan 2> /dev/null || : -/usr/sbin/usermod vscan -g vscan 2> /dev/null || : + +%_sbindir/groupadd -r vscan 2> /dev/null || : + +%_sbindir/useradd -r -o -g vscan -u 65 -s /bin/false -c "Vscan account" -d /var/spool/amavis vscan 2> /dev/null || : + +%_sbindir/usermod vscan -g vscan 2> /dev/null || : + +%post +# merge config files on update +test "0$1" -lt 2 && exit 0 +# The old default to run clamd in foreground mode was wrong +OVERRIDE="Foreground no" +for f in /etc/clamd.conf /etc/freshclam.conf; do + if test -e $f.rpmnew; then + %_sbindir/updateclamconf -v override="$OVERRIDE" $f $f.rpmnew > $f.tmp + if test $? == 0; then + mv $f $f.old + mv $f.tmp $f + else + echo "Merging $f with $f.rpmnew failed" + fi + fi +done %triggerpostun -- %name < 0.88.3 # Move clamav.conf to clamd.conf when updating from an old version @@ -172,7 +199,34 @@ fi done -%changelog -n clamav +%changelog +* Tue Feb 20 2007 - max@suse.de +- Update to version 0.90 (#246214) to fix two Vulnerabilities: + - CAB File Denial of Service (CVE-2007-0897) + - MIME Parsing Directory Traversal (CVE-2007-0898) +- Other changes of 0.90 include: + - Changed config file syntax (automatic conversion is done by the + RPM on update) + - New unpacker for RAR3, RAR2 and RAR1 + - Rewritten unpackers for Zip and CAB files + - Support for RAR-SFX, Zip-SFX and CAB-SFX archives + - New PE parsing model + - Support for PE32+ (64-bit) executables + - Support for MD5 signatures based on PE sections (.mdb) + - ELF file parser + - Support for Sensory Networks' NodalCore hardware acceleration + technology + - Algorithmic detection can be controlled with CL_SCAN_ALGORITHMIC + - Support for new obfuscators: SUE, Y0da Cryptor, CryptFF + - Support for new packers: NsPack, wwpack32, MEW, Upack + - Support for SIS files (SymbianOS packages) + - Support for PDF and RTF files + - TCP and local sockets can be operated simultaneously + - New command: MULTISCAN (scan directory with multiple threads) +- There where also some API/ABI changes which might affect packages + that link against libclamav. Affected functions are: cl_loaddb, + cl_loaddir and cl_scanbuff. +- Cleaned up daemonizing of clamd and freshclam. * Tue Dec 12 2006 - max@suse.de - Security update: 0.88.7 (#227827, CVE-2006-5874) - handle consecutive errors in base64 decoding ++++++ clamav-0.88.7.tar.bz2 -> clamav-0.90.tar.bz2 ++++++ clamav/clamav-0.88.7.tar.bz2 /mounts/work_src_done/STABLE/clamav/clamav-0.90.tar.bz2 differ: byte 11, line 1 ++++++ clamav-conf.patch ++++++ --- /var/tmp/diff_new_pack.y29567/_old 2007-02-25 12:09:05.000000000 +0100 +++ /var/tmp/diff_new_pack.y29567/_new 2007-02-25 12:09:05.000000000 +0100 @@ -1,6 +1,9 @@ --- etc/clamd.conf +++ etc/clamd.conf -@@ -3,15 +3,11 @@ +@@ -1,12 +1,8 @@ + ## +-## Example config file for the Clam AV daemon ++## Config file for the Clam AV daemon ## Please read the clamd.conf(5) manual before editing this file. ## @@ -11,18 +14,12 @@ # Uncomment this option to enable logging. # LogFile must be writable for the user running daemon. # A full path is required. - # Default: disabled --#LogFile /tmp/clamd.log -+#LogFile /var/log/clamd - - # By default the log file is locked for writing - the lock protects against - # running clamd multiple times (if want to run another clamd, please @@ -40,12 +36,12 @@ # Use system logger (can work together with LogFile). - # Default: disabled --#LogSyslog -+LogSyslog + # Default: no +-#LogSyslog yes ++LogSyslog yes # Specify the type of syslog messages - please refer to 'man syslog' # for facility names. @@ -31,7 +28,7 @@ +LogFacility LOG_MAIL # Enable verbose logging. - # Default: disabled + # Default: no @@ -54,7 +50,7 @@ # This option allows you to save a process identifier of the listening # daemon (main thread). @@ -41,19 +38,20 @@ # Optional path to the global temporary directory. # Default: system specific (usually /tmp or /var/tmp). -@@ -69,7 +65,7 @@ +@@ -69,22 +65,22 @@ # Path to a local socket file the daemon will listen on. - # Default: disabled + # Default: disabled (must be specified by a user) -LocalSocket /tmp/clamd +#LocalSocket /var/lib/clamav/clamd-socket # Remove stale socket after unclean shutdown. - # Default: disabled -@@ -77,14 +73,14 @@ + # Default: no +-#FixStaleSocket yes ++FixStaleSocket yes # TCP port address. - # Default: disabled + # Default: no -#TCPSocket 3310 +TCPSocket 3310 @@ -61,34 +59,28 @@ # By default we bind to INADDR_ANY, probably not wise. # Enable the following to provide some degree of protection # from the outside world. - # Default: disabled + # Default: no -#TCPAddr 127.0.0.1 +TCPAddr 127.0.0.1 # Maximum length the queue of pending connections may grow to. # Default: 15 -@@ -141,7 +137,7 @@ - - # Run as a selected user (clamd must be started by root). - # Default: disabled +@@ -142,7 +138,7 @@ + # Run as another user (clamd must be started by root to make this option + # working). + # Default: don't drop privileges -#User clamav +User vscan # Initialize supplementary group access (clamd must be started by root). - # Default: disabled -@@ -152,7 +148,7 @@ - - # Don't fork into background. - # Default: disabled --#Foreground -+Foreground - - # Enable debug messages in libclamav. - # Default: disabled + # Default: no --- etc/freshclam.conf +++ etc/freshclam.conf -@@ -4,10 +4,6 @@ - ## This file may be optionally merged with clamd.conf. +@@ -1,12 +1,8 @@ + ## +-## Example config file for freshclam ++## Config file for freshclam + ## Please read the freshclam.conf(5) manual before editing this file. ## - @@ -98,12 +90,12 @@ # Path to the database directory. # WARNING: It must match clamd.conf's directive! # Default: hardcoded (depends on installation options) -@@ -23,21 +19,21 @@ +@@ -22,21 +18,21 @@ # Use system logger (can work together with UpdateLogFile). - # Default: disabled --#LogSyslog -+LogSyslog + # Default: no +-#LogSyslog yes ++LogSyslog yes # Specify the type of syslog messages - please refer to 'man syslog' # for facility names. @@ -123,13 +115,13 @@ +DatabaseOwner vscan # Initialize supplementary group access (freshclam must be started by root). - # Default: disabled -@@ -82,7 +78,7 @@ + # Default: no +@@ -92,7 +88,7 @@ # Send the RELOAD command to clamd. + # Default: no +-#NotifyClamd /path/to/clamd.conf ++NotifyClamd /etc/clamd.conf + + # Run command after successful database update. # Default: disabled --#NotifyClamd -+NotifyClamd - # By default it uses the hardcoded configuration file but you can force an - # another one. - #NotifyClamd /config/file/path ++++++ clamav-daemonize.patch ++++++ --- shared/misc.c +++ shared/misc.c @@ -319,18 +319,12 @@ fputs("Background mode is not supported on your operating system\n", stderr); return; #else - int i; - - - if((i = open("/dev/null", O_WRONLY)) == -1) { - for(i = 0; i <= 2; i++) - close(i); - - } else { - close(0); - dup2(i, 1); - dup2(i, 2); - } + close(0); + open("/dev/null", O_RDONLY); + close(1); + open("/dev/null", O_WRONLY); + close(2); + open("/dev/null", O_WRONLY); if(fork()) exit(0); ++++++ clamav-rcclamd ++++++ --- clamav/clamav-rcclamd 2006-02-09 15:31:46.000000000 +0100 +++ /mounts/work_src_done/STABLE/clamav/clamav-rcclamd 2007-02-19 14:05:01.000000000 +0100 @@ -160,7 +160,7 @@ else ## Start daemon with startproc(8). If this fails ## the return value is set appropriately by startproc. - startproc -q -p $CLAMD_PIDFILE $CLAMD_BIN + startproc -p $CLAMD_PIDFILE $CLAMD_BIN fi # Remember status and be verbose rc_status -v ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org
participants (1)
-
root@Hilbert.suse.de