Hello community,
here is the log from the commit of package clamav for openSUSE:Factory checked in at 2019-04-04 15:22:20
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/clamav (Old)
and /work/SRC/openSUSE:Factory/.clamav.new.3908 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "clamav"
Thu Apr 4 15:22:20 2019 rev:97 rq:689824 version:0.101.2
Changes:
--------
--- /work/SRC/openSUSE:Factory/clamav/clamav.changes 2018-10-04 19:03:39.787066400 +0200
+++ /work/SRC/openSUSE:Factory/.clamav.new.3908/clamav.changes 2019-04-04 15:27:39.818903976 +0200
@@ -1,0 +2,38 @@
+Wed Mar 27 17:30:05 UTC 2019 - Andrey Karepin
+
+- Update to version 0.101.2 (bsc#1130721)
+ * CVE-2019-1787:
+ An out-of-bounds heap read condition may occur when scanning PDF
+ documents. The defect is a failure to correctly keep track of the number
+ of bytes remaining in a buffer when indexing file data.
+ * CVE-2019-1789:
+ An out-of-bounds heap read condition may occur when scanning PE files
+ (i.e. Windows EXE and DLL files) that have been packed using Aspack as a
+ result of inadequate bound-checking.
+ * CVE-2019-1788:
+ An out-of-bounds heap write condition may occur when scanning OLE2 files
+ such as Microsoft Office 97-2003 documents. The invalid write happens when
+ an invalid pointer is mistakenly used to initialize a 32bit integer to
+ zero. This is likely to crash the application.
+ * CVE-2019-1786:
+ An out-of-bounds heap read condition may occur when scanning malformed
+ PDF documents as a result of improper bounds-checking.
+ * CVE-2019-1785:
+ A path-traversal write condition may occur as a result of improper
+ input validation when scanning RAR archives.
+ * CVE-2019-1798:
+ A use-after-free condition may occur as a result of improper error
+ handling when scanning nested RAR archives.
+
+- added clamav-max_patch.patch to fix build
+- dropped clamav-freshclam-exit.patch
+
+-------------------------------------------------------------------
+Mon Jan 21 17:30:15 UTC 2019 - Reinhard Max
+
+- Update to version 0.101.1:
+ * Add missing headers to fix build of packages against libclamav.
+- Add missing include for str.h to libclamav/others_common.c
+ (clamav-str-h.patch)
+
+-------------------------------------------------------------------
Old:
----
clamav-0.100.2.tar.gz
clamav-0.100.2.tar.gz.sig
clamav-freshclam-exit.patch
New:
----
clamav-0.101.2.tar.gz
clamav-0.101.2.tar.gz.sig
clamav-max_patch.patch
clamav-str-h.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ clamav.spec ++++++
--- /var/tmp/diff_new_pack.XithNk/_old 2019-04-04 15:27:43.422905362 +0200
+++ /var/tmp/diff_new_pack.XithNk/_new 2019-04-04 15:27:43.422905362 +0200
@@ -1,7 +1,7 @@
#
# spec file for package clamav
#
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -16,14 +16,16 @@
#
+%bcond_with clammspack
+
%define clamav_check --enable-check
Name: clamav
-Version: 0.100.2
+Version: 0.101.2
Release: 0
Summary: Antivirus Toolkit
License: GPL-2.0-only
Group: Productivity/Security
-URL: http://www.clamav.net
+Url: http://www.clamav.net
Source0: http://www.clamav.net/downloads/production/%name-%version.tar.gz
Source1: http://www.clamav.net/downloads/production/%name-%version.tar.gz.sig
Source4: clamav-rpmlintrc
@@ -36,14 +38,20 @@
Patch4: clamav-disable-timestamps.patch
Patch5: clamav-obsolete-config.patch
Patch6: clamav-disable-yara.patch
-Patch7: clamav-freshclam-exit.patch
+Patch7: clamav-str-h.patch
+#PATCH-FIX-UPSTREAM clamav-max_patch.patch
+Patch8: clamav-max_patch.patch
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: bc
BuildRequires: check-devel
+BuildRequires: gcc-c++
BuildRequires: libbz2-devel
BuildRequires: libcurl-devel
BuildRequires: libjson-c-devel
+%if %{without clammspack}
+BuildRequires: libmspack-devel
+%endif
BuildRequires: libopenssl-devel
BuildRequires: libtool
BuildRequires: libxml2-devel
@@ -78,11 +86,11 @@
support, archive support, and multiple signature languages for
detecting threats.
-%package -n libclamav7
+%package -n libclamav9
Summary: ClamAV antivirus engine runtime
Group: System/Libraries
-%description -n libclamav7
+%description -n libclamav9
ClamAV is an antivirus engine designed for detecting trojans,
viruses, malware and other malicious threats.
@@ -97,7 +105,7 @@
%package devel
Summary: Development files for libclamav, an antivirus engine
Group: Development/Libraries/C and C++
-Requires: libclamav7 = %version
+Requires: libclamav9 = %version
%description devel
ClamAV is an antivirus engine designed for detecting trojans,
@@ -113,6 +121,7 @@
%patch5
%patch6
%patch7
+%patch8
%build
CFLAGS="-fstack-protector"
@@ -135,7 +144,10 @@
--enable-clamdtop \
--disable-zlib-vcheck \
--disable-timestamps \
- --disable-yara
+ --disable-yara \
+%if %{without clammspack}
+ --with-system-libmspack
+%endif
make V=1 %?_smp_mflags
@@ -150,8 +162,8 @@
# libclammspack is not meant to be linked against by anything but
# libclamav
-rm %buildroot%_libdir/pkgconfig/libclammspack.pc
-rm %buildroot%_libdir/libclammspack.so
+rm -f %buildroot%_libdir/pkgconfig/libclammspack.pc
+rm -f %buildroot%_libdir/libclammspack.so
# fix the new config file names
pushd %buildroot%_sysconfdir
@@ -181,8 +193,8 @@
VALGRIND_GENSUP=1 make check
%endif
-%post -n libclamav7 -p /sbin/ldconfig
-%postun -n libclamav7 -p /sbin/ldconfig
+%post -n libclamav9 -p /sbin/ldconfig
+%postun -n libclamav9 -p /sbin/ldconfig
%post -n libclammspack0 -p /sbin/ldconfig
%postun -n libclammspack0 -p /sbin/ldconfig
@@ -194,7 +206,7 @@
%_unitdir/clamav-milter.service
%_tmpfilesdir
%license COPYING*
-%doc docs/*.pdf docs/html
+%doc docs/html/*
%_mandir/*/*
%_bindir/*
%_sbindir/*
@@ -203,11 +215,13 @@
%dir /var/lib/clamav
%ghost %attr(755,vscan,vscan) /run/clamav
-%files -n libclamav7
-%_libdir/libclam*.so.7*
+%files -n libclamav9
+%_libdir/libclam*.so.9*
+%if %{with clammspack}
%files -n libclammspack0
%_libdir/libclammspack.so.0*
+%endif
%files devel
%_libdir/pkgconfig/*
++++++ clamav-0.100.2.tar.gz -> clamav-0.101.2.tar.gz ++++++
/work/SRC/openSUSE:Factory/clamav/clamav-0.100.2.tar.gz /work/SRC/openSUSE:Factory/.clamav.new.3908/clamav-0.101.2.tar.gz differ: char 5, line 1
++++++ clamav-conf.patch ++++++
--- /var/tmp/diff_new_pack.XithNk/_old 2019-04-04 15:27:43.478905385 +0200
+++ /var/tmp/diff_new_pack.XithNk/_new 2019-04-04 15:27:43.478905385 +0200
@@ -140,7 +140,7 @@
# Stop daemon when libclamav reports out of memory condition.
#ExitOnOOM yes
-@@ -598,6 +594,10 @@ Example
+@@ -613,6 +609,10 @@ Example
##
## On-access Scan Settings
##
@@ -197,7 +197,7 @@
# Use DNS to verify virus database version. Freshclam uses DNS TXT records
# to verify database and software versions. With this directive you can change
-@@ -132,7 +128,7 @@ DatabaseMirror database.clamav.net
+@@ -127,7 +123,7 @@ DatabaseMirror database.clamav.net
# Send the RELOAD command to clamd.
# Default: no
++++++ clamav-disable-timestamps.patch ++++++
--- /var/tmp/diff_new_pack.XithNk/_old 2019-04-04 15:27:43.486905388 +0200
+++ /var/tmp/diff_new_pack.XithNk/_new 2019-04-04 15:27:43.486905388 +0200
@@ -27,7 +27,7 @@
strncat(buf, "WARNING: sizeof(fp_digit) == sizeof(fp_word), this build is likely to not work properly.\n",
--- configure.orig
+++ configure
-@@ -801,6 +801,7 @@ FGREP
+@@ -812,6 +812,7 @@ FGREP
SED
LIBTOOL
LIBCLAMAV_VERSION
@@ -35,24 +35,24 @@
EGREP
GREP
CPP
-@@ -903,6 +904,7 @@ ac_user_opts='
+@@ -922,6 +923,7 @@ ac_user_opts='
enable_option_checking
- enable_silent_rules
enable_dependency_tracking
+ enable_silent_rules
+enable_timestamps
enable_static
enable_shared
with_pic
-@@ -1619,6 +1621,8 @@ Optional Features:
- --disable-dependency-tracking
- speeds up one-time build
+@@ -1641,6 +1643,8 @@ Optional Features:
+ --enable-silent-rules less verbose build output (undo: "make V=1")
+ --disable-silent-rules verbose build output (undo: "make V=0")
--enable-static[=PKGS] build static libraries [default=no]
+ --enable-timestamps Enable embedding timestamp information in build
+ (default is YES)
--enable-shared[=PKGS] build shared libraries [default=yes]
--enable-fast-install[=PKGS]
optimize for fast installation [default=yes]
-@@ -5219,6 +5223,26 @@ $as_echo "$ac_cv_safe_to_define___extens
+@@ -5923,6 +5927,26 @@ $as_echo "$ac_cv_safe_to_define___extens
$as_echo "#define _TANDEM_SOURCE 1" >>confdefs.h
@@ -78,4 +78,4 @@
+_ACEOF
- VERSION="0.100.2"
+ VERSION="0.101.2"
++++++ clamav-disable-yara.patch ++++++
--- /var/tmp/diff_new_pack.XithNk/_old 2019-04-04 15:27:43.494905390 +0200
+++ /var/tmp/diff_new_pack.XithNk/_new 2019-04-04 15:27:43.494905390 +0200
@@ -29,7 +29,7 @@
# ----------- clamd tests --------------------------------------------------------
--- configure.orig
+++ configure
-@@ -24324,6 +24324,7 @@ if test "$enable_yara" = "yes"; then
+@@ -28446,6 +28446,7 @@ if test "$enable_yara" = "yes"; then
$as_echo "#define HAVE_YARA 1" >>confdefs.h
++++++ clamav-max_patch.patch ++++++
--- libclamav/others_common.c.orig
+++ libclamav/others_common.c
@@ -855,7 +855,7 @@
size_t sanitized_index = 0;
char* sanitized_filepath = NULL;
- if((NULL == filepath) || (0 == filepath_len) || (MAX_PATH < filepath_len)) {
+ if((NULL == filepath) || (0 == filepath_len) || (PATH_MAX < filepath_len)) {
goto done;
}
++++++ clamav-obsolete-config.patch ++++++
--- /var/tmp/diff_new_pack.XithNk/_old 2019-04-04 15:27:43.506905395 +0200
+++ /var/tmp/diff_new_pack.XithNk/_new 2019-04-04 15:27:43.506905395 +0200
@@ -1,6 +1,6 @@
--- shared/optparser.c.orig
+++ shared/optparser.c
-@@ -505,6 +505,13 @@ const struct clam_option __clam_options[
+@@ -517,6 +517,13 @@ const struct clam_option __clam_options[
{ "ClamukoExcludeUID", NULL, 0, CLOPT_TYPE_NUMBER, MATCH_NUMBER, -1, NULL, FLAG_MULTIPLE, OPT_CLAMD | OPT_DEPRECATED, "", "" },
{ "ClamukoMaxFileSize", NULL, 0, CLOPT_TYPE_SIZE, MATCH_SIZE, 5242880, NULL, 0, OPT_CLAMD | OPT_DEPRECATED, "", "" },
{ "AllowSupplementaryGroups", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_MILTER | OPT_DEPRECATED, "Initialize a supplementary group access (the process must be started by root).", "no" },
++++++ clamav-str-h.patch ++++++
--- libclamav/others_common.c.orig
+++ libclamav/others_common.c
@@ -54,6 +54,7 @@
#endif
#include "clamav.h"
+#include "str.h"
#include "others.h"
#include "platform.h"
#include "regex/regex.h"