Package: release.debian.org
User: release.debian....@packages.debian.org
Usertags: pu
Tags: stretch
Severity: normal
This updates clamav to its latest version provided by upstream. The
import part is the fix for CVE-2019-15961.
The attached debdiff has been created via
git diff -w -M -C -D debian-0.101.4+dfsg-0+deb9u1 ':!*.in' ':!configure'
':!docs/'
to filter out as much noise as possible.
Sebastian
diff -Nru clamav-0.101.2+dfsg/clamd/server-th.c clamav-0.101.4+dfsg/clamd/server-th.c
--- clamav-0.101.2+dfsg/clamd/server-th.c 2019-03-13 22:13:01.000000000 +0100
+++ clamav-0.101.4+dfsg/clamd/server-th.c 2019-08-20 18:08:49.000000000 +0200
@@ -88,7 +88,7 @@
#ifndef _WIN32
/* ignore all signals */
sigfillset(&sigset);
- /* The behavior of a process is undefined after it ignores a
+ /* The behavior of a process is undefined after it ignores a
* SIGFPE, SIGILL, SIGSEGV, or SIGBUS signal */
sigdelset(&sigset, SIGFPE);
sigdelset(&sigset, SIGILL);
@@ -552,7 +552,7 @@
/* no more commands are accepted */
conn->mode = MODE_WAITREPLY;
/* Stop monitoring this FD, it will be closed either
- * by us, or by the scanner thread.
+ * by us, or by the scanner thread.
* Never close a file descriptor that is being
* monitored by poll()/select() from another thread,
* because this can lead to subtle bugs such as:
@@ -631,7 +631,7 @@
int rc;
size_t pos = *ppos;
size_t cmdlen;
-
+
logg("$mode == MODE_STREAM\n");
/* we received some data, set readtimeout */
time(&buf->timeout_at);
@@ -754,12 +754,25 @@
memset(&options, 0, sizeof(struct cl_scan_options));
/* set up limits */
- if((opt = optget(opts, "MaxScanSize"))->active) {
- if((ret = cl_engine_set_num(engine, CL_ENGINE_MAX_SCANSIZE, opt->numarg))) {
- logg("!cl_engine_set_num(CL_ENGINE_MAX_SCANSIZE) failed: %s\n", cl_strerror(ret));
- cl_engine_free(engine);
- return 1;
- }
+ if ((opt = optget(opts, "MaxScanTime"))->active) {
+ if ((ret = cl_engine_set_num(engine, CL_ENGINE_MAX_SCANTIME, opt->numarg))) {
+ logg("!cl_engine_set_num(CL_ENGINE_MAX_SCANTIME) failed: %s\n", cl_strerror(ret));
+ cl_engine_free(engine);
+ return 1;
+ }
+ }
+ val = cl_engine_get_num(engine, CL_ENGINE_MAX_SCANTIME, NULL);
+ if (val)
+ logg("Limits: Global time limit set to %llu milliseconds.\n", val);
+ else
+ logg("^Limits: Global time limit protection disabled.\n");
+
+ if ((opt = optget(opts, "MaxScanSize"))->active) {
+ if ((ret = cl_engine_set_num(engine, CL_ENGINE_MAX_SCANSIZE, opt->numarg))) {
+ logg("!cl_engine_set_num(CL_ENGINE_MAX_SCANSIZE) failed: %s\n", cl_strerror(ret));
+ cl_engine_free(engine);
+ return 1;
+ }
}
val = cl_engine_get_num(engine, CL_ENGINE_MAX_SCANSIZE, NULL);
if(val)
@@ -1016,7 +1029,7 @@
/* TODO: Remove deprecated option in a future feature release */
if (optget(opts, "ScanPE")->enabled || optget(opts, "ScanELF")->enabled) {
- if ((optget(opts, "DetectBrokenExecutables")->enabled) ||
+ if ((optget(opts, "DetectBrokenExecutables")->enabled) ||
(optget(opts, "AlertBrokenExecutables")->enabled)) {
logg("Alerting on broken executables enabled.\n");
options.heuristic |= CL_SCAN_HEURISTIC_BROKEN;
@@ -1039,7 +1052,7 @@
if (optget(opts, "ScanOLE2")->enabled) {
logg("OLE2 support enabled.\n");
options.parse |= CL_SCAN_PARSE_OLE2;
-
+
/* TODO: Remove deprecated option in a future feature release */
if ((optget(opts, "OLE2BlockMacros")->enabled) ||
(optget(opts, "AlertOLE2Macros")->enabled)) {
@@ -1187,7 +1200,7 @@
int solaris_has_extended_stdio = 0;
#endif
/* Condition to not run out of file descriptors:
- * MaxThreads * MaxRecursion + (MaxQueue - MaxThreads) + CLAMDFILES < RLIMIT_NOFILE
+ * MaxThreads * MaxRecursion + (MaxQueue - MaxThreads) + CLAMDFILES < RLIMIT_NOFILE
* CLAMDFILES is 6: 3 standard FD + logfile + 2 FD for reloading the DB
* */
#ifdef C_SOLARIS
@@ -1314,12 +1327,12 @@
sigdelset(&sigset, SIGHUP);
sigdelset(&sigset, SIGPIPE);
sigdelset(&sigset, SIGUSR2);
- /* The behavior of a process is undefined after it ignores a
+ /* The behavior of a process is undefined after it ignores a
* SIGFPE, SIGILL, SIGSEGV, or SIGBUS signal */
sigdelset(&sigset, SIGFPE);
sigdelset(&sigset, SIGILL);
sigdelset(&sigset, SIGSEGV);
-#ifdef SIGBUS
+#ifdef SIGBUS
sigdelset(&sigset, SIGBUS);
#endif
sigdelset(&sigset, SIGTSTP);
@@ -1663,4 +1676,4 @@
logg("--- Stopped at %s", cli_ctime(¤t_time, timestr, sizeof(timestr)));
return ret;
-}
+}
diff -Nru clamav-0.101.2+dfsg/clamscan/clamscan.c clamav-0.101.4+dfsg/clamscan/clamscan.c
--- clamav-0.101.2+dfsg/clamscan/clamscan.c 2019-03-13 22:13:01.000000000 +0100
+++ clamav-0.101.4+dfsg/clamscan/clamscan.c 2019-08-20 18:08:49.000000000 +0200
@@ -145,7 +145,7 @@
optfree(opts);
return 2;
}
- } else
+ } else
logg_file = NULL;
if(actsetup(opts)) {
@@ -277,6 +277,7 @@
mprintf(" --nocerts Disable authenticode certificate chain verification in PE files\n");
mprintf(" --dumpcerts Dump authenticode certificate chain in PE files\n");
mprintf("\n");
+ mprintf(" --max-scantime=#n Scan time longer than this will be skipped and assumed clean\n");
mprintf(" --max-filesize=#n Files larger than this will be skipped and assumed clean\n");
mprintf(" --max-scansize=#n The maximum amount of data to scan for each container file (**)\n");
mprintf(" --max-files=#n The maximum number of files to scan for each container file (**)\n");
diff -Nru clamav-0.101.2+dfsg/clamscan/manager.c clamav-0.101.4+dfsg/clamscan/manager.c
--- clamav-0.101.2+dfsg/clamscan/manager.c 2019-03-13 22:13:01.000000000 +0100
+++ clamav-0.101.4+dfsg/clamscan/manager.c 2019-08-20 18:08:49.000000000 +0200
@@ -340,7 +340,7 @@
return;
}
-#endif
+#endif
if(!sb.st_size) {
if(!printinfected)
logg("~%s: Empty file\n", filename);
@@ -674,7 +674,7 @@
}
cl_engine_set_clcb_virus_found(engine, clamscan_virus_found_cb);
-
+
if (optget(opts, "disable-cache")->enabled)
cl_engine_set_num(engine, CL_ENGINE_DISABLE_CACHE, 1);
@@ -873,6 +873,24 @@
/* set limits */
+ /* TODO: Remove deprecated option in a future feature release */
+ if ((opt = optget(opts, "timelimit"))->active) {
+ if ((ret = cl_engine_set_num(engine, CL_ENGINE_MAX_SCANTIME, opt->numarg))) {
+ logg("!cli_engine_set_num(CL_ENGINE_MAX_SCANTIME) failed: %s\n", cl_strerror(ret));
+
+ cl_engine_free(engine);
+ return 2;
+ }
+ }
+ if ((opt = optget(opts, "max-scantime"))->active) {
+ if ((ret = cl_engine_set_num(engine, CL_ENGINE_MAX_SCANTIME, opt->numarg))) {
+ logg("!cli_engine_set_num(CL_ENGINE_MAX_SCANTIME) failed: %s\n", cl_strerror(ret));
+
+ cl_engine_free(engine);
+ return 2;
+ }
+ }
+
if((opt = optget(opts, "max-scansize"))->active) {
if((ret = cl_engine_set_num(engine, CL_ENGINE_MAX_SCANSIZE, opt->numarg))) {
logg("!cli_engine_set_num(CL_ENGINE_MAX_SCANSIZE) failed: %s\n", cl_strerror(ret));
@@ -994,15 +1012,6 @@
}
}
- if ((opt = optget(opts, "timelimit"))->active) {
- if ((ret = cl_engine_set_num(engine, CL_ENGINE_TIME_LIMIT, opt->numarg))) {
- logg("!cli_engine_set_num(CL_ENGINE_TIME_LIMIT) failed: %s\n", cl_strerror(ret));
-
- cl_engine_free(engine);
- return 2;
- }
- }
-
if ((opt = optget(opts, "pcre-max-filesize"))->active) {
if ((ret = cl_engine_set_num(engine, CL_ENGINE_PCRE_MAX_FILESIZE, opt->numarg))) {
logg("!cli_engine_set_num(CL_ENGINE_PCRE_MAX_FILESIZE) failed: %s\n", cl_strerror(ret));
@@ -1038,7 +1047,7 @@
options.parse |= CL_SCAN_PARSE_ARCHIVE;
/* TODO: Remove deprecated option in a future feature release */
- if ((optget(opts, "detect-broken")->enabled) ||
+ if ((optget(opts, "detect-broken")->enabled) ||
(optget(opts, "alert-broken")->enabled)) {
options.heuristic |= CL_SCAN_HEURISTIC_BROKEN;
}
@@ -1096,7 +1105,7 @@
}
/* TODO: Remove deprecated option in a future feature release */
- if ((optget(opts, "block-max")->enabled) ||
+ if ((optget(opts, "block-max")->enabled) ||
(optget(opts, "alert-exceeds-max")->enabled)) {
options.heuristic |= CL_SCAN_HEURISTIC_EXCEEDS_MAX;
}
diff -Nru clamav-0.101.2+dfsg/configure clamav-0.101.4+dfsg/configure
diff -Nru clamav-0.101.2+dfsg/configure.ac clamav-0.101.4+dfsg/configure.ac
--- clamav-0.101.2+dfsg/configure.ac 2019-03-30 14:57:20.000000000 +0100
+++ clamav-0.101.4+dfsg/configure.ac 2019-08-25 11:24:30.000000000 +0200
@@ -22,7 +22,7 @@
AC_PREREQ([2.59])
dnl For a release change [devel] to the real version [0.xy]
dnl also change VERSION below
-AC_INIT([ClamAV], [0.101.2], [https://bugzilla.clamav.net/], [clamav], [https://www.clamav.net/])
+AC_INIT([ClamAV], [0.101.4], [https://bugzilla.clamav.net/], [clamav], [https://www.clamav.net/])
dnl enable C++
AC_PROG_CXX()
@@ -252,7 +252,7 @@
if test "X$have_curl" != "Xyes" && test "X$have_json" != "Xyes"; then
CL_MSG_STATUS([clamsubmit ], [no (missing libjson-c-dev AND libcurl-devel. Use the website to submit FPs/FNs.)], [no])
else
- if test "X$have_curl" = "Xyes"; then
+ if test "X$have_curl" = "Xyes"; then
CL_MSG_STATUS([clamsubmit ], [no (missing libjson-c-dev. Use the website to submit FPs/FNs.)], [no])
else
CL_MSG_STATUS([clamsubmit ], [no (missing libcurl-devel. Use the website to submit FPs/FNs.)], [no])
@@ -294,7 +294,7 @@
CL_MSG_STATUS([pcre ],[$PCRE_HOME],[$have_pcre])
fi
CL_MSG_STATUS([libmspack ],[yes],[$mspack_msg])
-if test "x$XML_LIBS" = "x"; then
+if test "x$XML_LIBS" = "x"; then
CL_MSG_STATUS([libxml2 ],[no],[])
else
CL_MSG_STATUS([libxml2 ],[yes, from $XML_HOME],[])
diff -Nru clamav-0.101.2+dfsg/debian/changelog clamav-0.101.4+dfsg/debian/changelog
--- clamav-0.101.2+dfsg/debian/changelog 2019-04-05 22:07:01.000000000 +0200
+++ clamav-0.101.4+dfsg/debian/changelog 2019-08-25 14:08:40.000000000 +0200
@@ -1,3 +1,14 @@
+clamav (0.101.4+dfsg-0+deb9u1) stretch; urgency=medium
+
+ * Import 0.101.4 (Closes: 921190)
+ - CVE-2019-12625 (Add scan time limit to limit the processing zip-bombs)
+ (Closes:934359)
+ - CVE-2019-12900 (An out of bounds write was possible within ClamAV's
+ NSIS bzip)
+ - update symbols file (bump to 101.4 and drop unused cli_strnstr).
+
+ -- Sebastian Andrzej Siewior <sebast...@breakpoint.cc> Sun, 25 Aug 2019 14:08:40 +0200
+
clamav (0.101.2+dfsg-0+deb9u1) stretch; urgency=medium
* Import 0.101.2
diff -Nru clamav-0.101.2+dfsg/debian/clamav-daemon.postinst.in clamav-0.101.4+dfsg/debian/clamav-daemon.postinst.in
--- clamav-0.101.2+dfsg/debian/clamav-daemon.postinst.in 2019-04-05 22:07:01.000000000 +0200
+++ clamav-0.101.4+dfsg/debian/clamav-daemon.postinst.in 2019-08-25 14:08:40.000000000 +0200
@@ -211,6 +211,7 @@
[ -z "$StructuredDataDetection" ] && StructuredDataDetection=false
[ -z "$ScanHTML" ] && ScanHTML=true
[ -z "$ArchiveBlockEncrypted" ] && ArchiveBlockEncrypted=false
+ [ -z "$MaxScanTime" ] && MaxScanTime=120000
[ -z "$MaxScanSize" ] && MaxScanSize=100M
[ -z "$MaxFileSize" ] && MaxFileSize=25M
[ -z "$MaxRecursion" ] && MaxRecursion=16
@@ -331,6 +332,7 @@
ForceToDisk $ForceToDisk
DisableCertCheck $DisableCertCheck
DisableCache $DisableCache
+MaxScanTime $MaxScanTime
MaxScanSize $MaxScanSize
MaxFileSize $MaxFileSize
MaxRecursion $MaxRecursion
diff -Nru clamav-0.101.2+dfsg/debian/.git-dpm clamav-0.101.4+dfsg/debian/.git-dpm
--- clamav-0.101.2+dfsg/debian/.git-dpm 2019-04-05 22:07:01.000000000 +0200
+++ clamav-0.101.4+dfsg/debian/.git-dpm 2019-08-25 14:08:40.000000000 +0200
@@ -1,8 +1,8 @@
# see git-dpm(1) from git-dpm package
-2886e25ab1059591228f544e00baa3557309db00
-2886e25ab1059591228f544e00baa3557309db00
-5a612c89e68e5010b2cd71002ceb15efc03a2324
-5a612c89e68e5010b2cd71002ceb15efc03a2324
-clamav_0.101.2+dfsg.orig.tar.xz
-7f723ff0a4ce24ef821947fd3832e3f54e17a875
-4719692
+5a4e116e7acf06f0f718223e029558bf9c0b1f44
+5a4e116e7acf06f0f718223e029558bf9c0b1f44
+2ef384b1d0316b03c71b17de219c056c19169197
+2ef384b1d0316b03c71b17de219c056c19169197
+clamav_0.101.4+dfsg.orig.tar.xz
+ae609c30ebf523a2f5e1b5f3cf25332cbb48686d
+4975416
diff -Nru clamav-0.101.2+dfsg/debian/libclamav9.symbols clamav-0.101.4+dfsg/debian/libclamav9.symbols
--- clamav-0.101.2+dfsg/debian/libclamav9.symbols 2019-04-05 22:07:01.000000000 +0200
+++ clamav-0.101.4+dfsg/debian/libclamav9.symbols 2019-08-25 14:08:40.000000000 +0200
@@ -1,15 +1,15 @@
libclamav.so.9 libclamav9 #MINVER#
- CLAMAV_PRIVATE@CLAMAV_PRIVATE 0.101.2
+ CLAMAV_PRIVATE@CLAMAV_PRIVATE 0.101.4
CLAMAV_PUBLIC@CLAMAV_PUBLIC 0.101.0
- base64Flush@CLAMAV_PRIVATE 0.101.2
- blobAddData@CLAMAV_PRIVATE 0.101.2
- blobCreate@CLAMAV_PRIVATE 0.101.2
- blobDestroy@CLAMAV_PRIVATE 0.101.2
- cl_ASN1_GetTimeT@CLAMAV_PRIVATE 0.101.2
+ base64Flush@CLAMAV_PRIVATE 0.101.4
+ blobAddData@CLAMAV_PRIVATE 0.101.4
+ blobCreate@CLAMAV_PRIVATE 0.101.4
+ blobDestroy@CLAMAV_PRIVATE 0.101.4
+ cl_ASN1_GetTimeT@CLAMAV_PRIVATE 0.101.4
cl_always_gen_section_hash@CLAMAV_PUBLIC 0.101.0
- cl_base64_decode@CLAMAV_PRIVATE 0.101.2
- cl_base64_encode@CLAMAV_PRIVATE 0.101.2
- cl_cleanup_crypto@CLAMAV_PRIVATE 0.101.2
+ cl_base64_decode@CLAMAV_PRIVATE 0.101.4
+ cl_base64_encode@CLAMAV_PRIVATE 0.101.4
+ cl_cleanup_crypto@CLAMAV_PRIVATE 0.101.4
cl_countsigs@CLAMAV_PUBLIC 0.101.0
cl_cvdfree@CLAMAV_PUBLIC 0.101.0
cl_cvdhead@CLAMAV_PUBLIC 0.101.0
@@ -38,7 +38,7 @@
cl_engine_set_clcb_stats_remove_sample@CLAMAV_PUBLIC 0.101.0
cl_engine_set_clcb_stats_submit@CLAMAV_PUBLIC 0.101.0
cl_engine_set_clcb_virus_found@CLAMAV_PUBLIC 0.101.0
- cl_engine_set_num@CLAMAV_PUBLIC 0.101.0
+ cl_engine_set_num@CLAMAV_PUBLIC 0.101.4
cl_engine_set_stats_set_cbdata@CLAMAV_PUBLIC 0.101.0
cl_engine_set_str@CLAMAV_PUBLIC 0.101.0
cl_engine_settings_apply@CLAMAV_PUBLIC 0.101.0
@@ -49,21 +49,21 @@
cl_fmap_close@CLAMAV_PUBLIC 0.101.0
cl_fmap_open_handle@CLAMAV_PUBLIC 0.101.0
cl_fmap_open_memory@CLAMAV_PUBLIC 0.101.0
- cl_get_pkey_file@CLAMAV_PRIVATE 0.101.2
- cl_get_x509_from_mem@CLAMAV_PRIVATE 0.101.2
- cl_hash_data@CLAMAV_PRIVATE 0.101.2
+ cl_get_pkey_file@CLAMAV_PRIVATE 0.101.4
+ cl_get_x509_from_mem@CLAMAV_PRIVATE 0.101.4
+ cl_hash_data@CLAMAV_PRIVATE 0.101.4
cl_hash_destroy@CLAMAV_PUBLIC 0.101.0
- cl_hash_file_fd@CLAMAV_PRIVATE 0.101.2
- cl_hash_file_fd_ctx@CLAMAV_PRIVATE 0.101.2
- cl_hash_file_fp@CLAMAV_PRIVATE 0.101.2
+ cl_hash_file_fd@CLAMAV_PRIVATE 0.101.4
+ cl_hash_file_fd_ctx@CLAMAV_PRIVATE 0.101.4
+ cl_hash_file_fp@CLAMAV_PRIVATE 0.101.4
cl_hash_init@CLAMAV_PUBLIC 0.101.0
cl_init@CLAMAV_PUBLIC 0.101.0
- cl_initialize_crypto@CLAMAV_PRIVATE 0.101.2
+ cl_initialize_crypto@CLAMAV_PRIVATE 0.101.4
cl_load@CLAMAV_PUBLIC 0.101.0
- cl_load_cert@CLAMAV_PRIVATE 0.101.2
- cl_load_crl@CLAMAV_PRIVATE 0.101.2
+ cl_load_cert@CLAMAV_PRIVATE 0.101.4
+ cl_load_crl@CLAMAV_PRIVATE 0.101.4
cl_retdbdir@CLAMAV_PUBLIC 0.101.0
- cl_retflevel@CLAMAV_PUBLIC 0.101.1
+ cl_retflevel@CLAMAV_PUBLIC 0.101.4
cl_retver@CLAMAV_PUBLIC 0.101.0
cl_scandesc@CLAMAV_PUBLIC 0.101.0
cl_scandesc_callback@CLAMAV_PUBLIC 0.101.0
@@ -71,185 +71,184 @@
cl_scanfile_callback@CLAMAV_PUBLIC 0.101.0
cl_scanmap_callback@CLAMAV_PUBLIC 0.101.0
cl_set_clcb_msg@CLAMAV_PUBLIC 0.101.0
- cl_sha1@CLAMAV_PRIVATE 0.101.2
- cl_sha256@CLAMAV_PRIVATE 0.101.2
- cl_sign_data@CLAMAV_PRIVATE 0.101.2
- cl_sign_data_keyfile@CLAMAV_PRIVATE 0.101.2
- cl_sign_file_fd@CLAMAV_PRIVATE 0.101.2
- cl_sign_file_fp@CLAMAV_PRIVATE 0.101.2
+ cl_sha1@CLAMAV_PRIVATE 0.101.4
+ cl_sha256@CLAMAV_PRIVATE 0.101.4
+ cl_sign_data@CLAMAV_PRIVATE 0.101.4
+ cl_sign_data_keyfile@CLAMAV_PRIVATE 0.101.4
+ cl_sign_file_fd@CLAMAV_PRIVATE 0.101.4
+ cl_sign_file_fp@CLAMAV_PRIVATE 0.101.4
cl_statchkdir@CLAMAV_PUBLIC 0.101.0
cl_statfree@CLAMAV_PUBLIC 0.101.0
cl_statinidir@CLAMAV_PUBLIC 0.101.0
cl_strerror@CLAMAV_PUBLIC 0.101.0
cl_update_hash@CLAMAV_PUBLIC 0.101.0
- cl_validate_certificate_chain@CLAMAV_PRIVATE 0.101.2
- cl_validate_certificate_chain_ts_dir@CLAMAV_PRIVATE 0.101.2
- cl_verify_signature@CLAMAV_PRIVATE 0.101.2
- cl_verify_signature_fd@CLAMAV_PRIVATE 0.101.2
- cl_verify_signature_fd_x509@CLAMAV_PRIVATE 0.101.2
- cl_verify_signature_fd_x509_keyfile@CLAMAV_PRIVATE 0.101.2
- cl_verify_signature_hash@CLAMAV_PRIVATE 0.101.2
- cl_verify_signature_hash_x509@CLAMAV_PRIVATE 0.101.2
- cl_verify_signature_hash_x509_keyfile@CLAMAV_PRIVATE 0.101.2
- cl_verify_signature_x509@CLAMAV_PRIVATE 0.101.2
- cl_verify_signature_x509_keyfile@CLAMAV_PRIVATE 0.101.2
- cli_ac_buildtrie@CLAMAV_PRIVATE 0.101.2
- cli_ac_chklsig@CLAMAV_PRIVATE 0.101.2
- cli_ac_free@CLAMAV_PRIVATE 0.101.2
- cli_ac_freedata@CLAMAV_PRIVATE 0.101.2
- cli_ac_init@CLAMAV_PRIVATE 0.101.2
- cli_ac_initdata@CLAMAV_PRIVATE 0.101.2
- cli_ac_scanbuff@CLAMAV_PRIVATE 0.101.2
- cli_bm_free@CLAMAV_PRIVATE 0.101.2
- cli_bm_init@CLAMAV_PRIVATE 0.101.2
- cli_bm_scanbuff@CLAMAV_PRIVATE 0.101.2
- cli_build_regex_list@CLAMAV_PRIVATE 0.101.2
- cli_bytecode_context_alloc@CLAMAV_PRIVATE 0.101.2
- cli_bytecode_context_clear@CLAMAV_PRIVATE 0.101.2
- cli_bytecode_context_destroy@CLAMAV_PRIVATE 0.101.2
- cli_bytecode_context_getresult_int@CLAMAV_PRIVATE 0.101.2
- cli_bytecode_context_set_trace@CLAMAV_PRIVATE 0.101.2
- cli_bytecode_context_setfile@CLAMAV_PRIVATE 0.101.2
- cli_bytecode_context_setfuncid@CLAMAV_PRIVATE 0.101.2
- cli_bytecode_context_setparam_int@CLAMAV_PRIVATE 0.101.2
- cli_bytecode_context_setparam_ptr@CLAMAV_PRIVATE 0.101.2
- cli_bytecode_debug@CLAMAV_PRIVATE 0.101.2
- cli_bytecode_debug_printsrc@CLAMAV_PRIVATE 0.101.2
- cli_bytecode_describe@CLAMAV_PRIVATE 0.101.2
- cli_bytecode_destroy@CLAMAV_PRIVATE 0.101.2
- cli_bytecode_done@CLAMAV_PRIVATE 0.101.2
- cli_bytecode_init@CLAMAV_PRIVATE 0.101.2
- cli_bytecode_load@CLAMAV_PRIVATE 0.101.2
- cli_bytecode_prepare2@CLAMAV_PRIVATE 0.101.2
- cli_bytecode_printversion@CLAMAV_PRIVATE 0.101.2
- cli_bytecode_run@CLAMAV_PRIVATE 0.101.2
- cli_bytefunc_describe@CLAMAV_PRIVATE 0.101.2
- cli_byteinst_describe@CLAMAV_PRIVATE 0.101.2
- cli_bytetype_describe@CLAMAV_PRIVATE 0.101.2
- cli_bytevalue_describe@CLAMAV_PRIVATE 0.101.2
- cli_calloc@CLAMAV_PRIVATE 0.101.2
- cli_checkfp_pe@CLAMAV_PRIVATE 0.101.2
- cli_chomp@CLAMAV_PRIVATE 0.101.2
- cli_ctime@CLAMAV_PRIVATE 0.101.2
- cli_cvdunpack@CLAMAV_PRIVATE 0.101.2
- cli_dbgmsg_internal@CLAMAV_PRIVATE 0.101.2
- cli_dconf_init@CLAMAV_PRIVATE 0.101.2
- cli_debug_flag@CLAMAV_PRIVATE 0.101.2
- cli_detect_environment@CLAMAV_PRIVATE 0.101.2
- cli_disasm_one@CLAMAV_PRIVATE 0.101.2
- cli_errmsg@CLAMAV_PRIVATE 0.101.2
- cli_filecopy@CLAMAV_PRIVATE 0.101.2
- cli_fmap_scandesc@CLAMAV_PRIVATE 0.101.2
- cli_free_vba_project@CLAMAV_PRIVATE 0.101.2
- cli_ftw@CLAMAV_PRIVATE 0.101.2
- cli_genhash_pe@CLAMAV_PRIVATE 0.101.2
- cli_gentemp@CLAMAV_PRIVATE 0.101.2
- cli_gentempfd@CLAMAV_PRIVATE 0.101.2
- cli_gettmpdir@CLAMAV_PRIVATE 0.101.2
- cli_hashfile@CLAMAV_PRIVATE 0.101.2
- cli_hashset_destroy@CLAMAV_PRIVATE 0.101.2
- cli_hashstream@CLAMAV_PRIVATE 0.101.2
- cli_hex2str@CLAMAV_PRIVATE 0.101.2
- cli_hex2ui@CLAMAV_PRIVATE 0.101.2
- cli_initroots@CLAMAV_PRIVATE 0.101.2
- cli_isnumber@CLAMAV_PRIVATE 0.101.2
- cli_js_destroy@CLAMAV_PRIVATE 0.101.2
- cli_js_init@CLAMAV_PRIVATE 0.101.2
- cli_js_output@CLAMAV_PRIVATE 0.101.2
- cli_js_parse_done@CLAMAV_PRIVATE 0.101.2
- cli_js_process_buffer@CLAMAV_PRIVATE 0.101.2
- cli_ldbtokenize@CLAMAV_PRIVATE 0.101.2
- cli_malloc@CLAMAV_PRIVATE 0.101.2
- cli_memstr@CLAMAV_PRIVATE 0.101.2
- cli_ole2_extract@CLAMAV_PRIVATE 0.101.2
- cli_parse_add@CLAMAV_PRIVATE 0.101.2
- cli_pcre_build@CLAMAV_PRIVATE 0.101.2
- cli_pcre_freeoff@CLAMAV_PRIVATE 0.101.2
- cli_pcre_init@CLAMAV_PRIVATE 0.101.2
- cli_pcre_perf_events_destroy@CLAMAV_PRIVATE 0.101.2
- cli_pcre_perf_print@CLAMAV_PRIVATE 0.101.2
- cli_pcre_recaloff@CLAMAV_PRIVATE 0.101.2
- cli_pcre_scanbuf@CLAMAV_PRIVATE 0.101.2
- cli_ppt_vba_read@CLAMAV_PRIVATE 0.101.2
- cli_printcxxver@CLAMAV_PRIVATE 0.101.2
- cli_readn@CLAMAV_PRIVATE 0.101.2
- cli_realloc@CLAMAV_PRIVATE 0.101.2
- cli_regcomp@CLAMAV_PRIVATE 0.101.2
- cli_regex2suffix@CLAMAV_PRIVATE 0.101.2
- cli_regexec@CLAMAV_PRIVATE 0.101.2
- cli_regfree@CLAMAV_PRIVATE 0.101.2
- cli_rmdirs@CLAMAV_PRIVATE 0.101.2
- cli_rndnum@CLAMAV_PRIVATE 0.101.2
- cli_sanitize_filepath@CLAMAV_PRIVATE 0.101.2
- cli_scanbuff@CLAMAV_PRIVATE 0.101.2
- cli_sigopts_handler@CLAMAV_PRIVATE 0.101.2
- cli_sigperf_events_destroy@CLAMAV_PRIVATE 0.101.2
- cli_sigperf_print@CLAMAV_PRIVATE 0.101.2
- cli_str2hex@CLAMAV_PRIVATE 0.101.2
- cli_strbcasestr@CLAMAV_PRIVATE 0.101.2
- cli_strdup@CLAMAV_PRIVATE 0.101.2
- cli_strerror@CLAMAV_PRIVATE 0.101.2
- cli_strlcat@CLAMAV_PRIVATE 0.101.2
- cli_strlcpy@CLAMAV_PRIVATE 0.101.2
- cli_strnstr@CLAMAV_PRIVATE 0.101.2
- cli_strrcpy@CLAMAV_PRIVATE 0.101.2
- cli_strtok@CLAMAV_PRIVATE 0.101.2
- cli_strtokbuf@CLAMAV_PRIVATE 0.101.2
- cli_strtokenize@CLAMAV_PRIVATE 0.101.2
- cli_textbuffer_append_normalize@CLAMAV_PRIVATE 0.101.2
- cli_unescape@CLAMAV_PRIVATE 0.101.2
- cli_unlink@CLAMAV_PRIVATE 0.101.2
- cli_url_canon@CLAMAV_PRIVATE 0.101.2
- cli_utf16_to_utf8@CLAMAV_PRIVATE 0.101.2
- cli_utf16toascii@CLAMAV_PRIVATE 0.101.2
- cli_vba_inflate@CLAMAV_PRIVATE 0.101.2
- cli_vba_readdir@CLAMAV_PRIVATE 0.101.2
- cli_versig2@CLAMAV_PRIVATE 0.101.2
- cli_versig@CLAMAV_PRIVATE 0.101.2
- cli_warnmsg@CLAMAV_PRIVATE 0.101.2
- cli_wm_decrypt_macro@CLAMAV_PRIVATE 0.101.2
- cli_wm_readdir@CLAMAV_PRIVATE 0.101.2
- cli_writen@CLAMAV_PRIVATE 0.101.2
- decodeLine@CLAMAV_PRIVATE 0.101.2
- disasmbuf@CLAMAV_PRIVATE 0.101.2
- fmap@CLAMAV_PRIVATE 0.101.2
- get_fpu_endian@CLAMAV_PRIVATE 0.101.2
- have_clamjit@CLAMAV_PRIVATE 0.101.2
- have_rar@CLAMAV_PRIVATE 0.101.2
- html_normalise_map@CLAMAV_PRIVATE 0.101.2
- html_normalise_mem@CLAMAV_PRIVATE 0.101.2
- html_screnc_decode@CLAMAV_PRIVATE 0.101.2
- html_tag_arg_free@CLAMAV_PRIVATE 0.101.2
- init_domainlist@CLAMAV_PRIVATE 0.101.2
- init_regex_list@CLAMAV_PRIVATE 0.101.2
- init_whitelist@CLAMAV_PRIVATE 0.101.2
- is_regex_ok@CLAMAV_PRIVATE 0.101.2
- load_regex_matcher@CLAMAV_PRIVATE 0.101.2
+ cl_validate_certificate_chain@CLAMAV_PRIVATE 0.101.4
+ cl_validate_certificate_chain_ts_dir@CLAMAV_PRIVATE 0.101.4
+ cl_verify_signature@CLAMAV_PRIVATE 0.101.4
+ cl_verify_signature_fd@CLAMAV_PRIVATE 0.101.4
+ cl_verify_signature_fd_x509@CLAMAV_PRIVATE 0.101.4
+ cl_verify_signature_fd_x509_keyfile@CLAMAV_PRIVATE 0.101.4
+ cl_verify_signature_hash@CLAMAV_PRIVATE 0.101.4
+ cl_verify_signature_hash_x509@CLAMAV_PRIVATE 0.101.4
+ cl_verify_signature_hash_x509_keyfile@CLAMAV_PRIVATE 0.101.4
+ cl_verify_signature_x509@CLAMAV_PRIVATE 0.101.4
+ cl_verify_signature_x509_keyfile@CLAMAV_PRIVATE 0.101.4
+ cli_ac_buildtrie@CLAMAV_PRIVATE 0.101.4
+ cli_ac_chklsig@CLAMAV_PRIVATE 0.101.4
+ cli_ac_free@CLAMAV_PRIVATE 0.101.4
+ cli_ac_freedata@CLAMAV_PRIVATE 0.101.4
+ cli_ac_init@CLAMAV_PRIVATE 0.101.4
+ cli_ac_initdata@CLAMAV_PRIVATE 0.101.4
+ cli_ac_scanbuff@CLAMAV_PRIVATE 0.101.4
+ cli_bm_free@CLAMAV_PRIVATE 0.101.4
+ cli_bm_init@CLAMAV_PRIVATE 0.101.4
+ cli_bm_scanbuff@CLAMAV_PRIVATE 0.101.4
+ cli_build_regex_list@CLAMAV_PRIVATE 0.101.4
+ cli_bytecode_context_alloc@CLAMAV_PRIVATE 0.101.4
+ cli_bytecode_context_clear@CLAMAV_PRIVATE 0.101.4
+ cli_bytecode_context_destroy@CLAMAV_PRIVATE 0.101.4
+ cli_bytecode_context_getresult_int@CLAMAV_PRIVATE 0.101.4
+ cli_bytecode_context_set_trace@CLAMAV_PRIVATE 0.101.4
+ cli_bytecode_context_setfile@CLAMAV_PRIVATE 0.101.4
+ cli_bytecode_context_setfuncid@CLAMAV_PRIVATE 0.101.4
+ cli_bytecode_context_setparam_int@CLAMAV_PRIVATE 0.101.4
+ cli_bytecode_context_setparam_ptr@CLAMAV_PRIVATE 0.101.4
+ cli_bytecode_debug@CLAMAV_PRIVATE 0.101.4
+ cli_bytecode_debug_printsrc@CLAMAV_PRIVATE 0.101.4
+ cli_bytecode_describe@CLAMAV_PRIVATE 0.101.4
+ cli_bytecode_destroy@CLAMAV_PRIVATE 0.101.4
+ cli_bytecode_done@CLAMAV_PRIVATE 0.101.4
+ cli_bytecode_init@CLAMAV_PRIVATE 0.101.4
+ cli_bytecode_load@CLAMAV_PRIVATE 0.101.4
+ cli_bytecode_prepare2@CLAMAV_PRIVATE 0.101.4
+ cli_bytecode_printversion@CLAMAV_PRIVATE 0.101.4
+ cli_bytecode_run@CLAMAV_PRIVATE 0.101.4
+ cli_bytefunc_describe@CLAMAV_PRIVATE 0.101.4
+ cli_byteinst_describe@CLAMAV_PRIVATE 0.101.4
+ cli_bytetype_describe@CLAMAV_PRIVATE 0.101.4
+ cli_bytevalue_describe@CLAMAV_PRIVATE 0.101.4
+ cli_calloc@CLAMAV_PRIVATE 0.101.4
+ cli_checkfp_pe@CLAMAV_PRIVATE 0.101.4
+ cli_chomp@CLAMAV_PRIVATE 0.101.4
+ cli_ctime@CLAMAV_PRIVATE 0.101.4
+ cli_cvdunpack@CLAMAV_PRIVATE 0.101.4
+ cli_dbgmsg_internal@CLAMAV_PRIVATE 0.101.4
+ cli_dconf_init@CLAMAV_PRIVATE 0.101.4
+ cli_debug_flag@CLAMAV_PRIVATE 0.101.4
+ cli_detect_environment@CLAMAV_PRIVATE 0.101.4
+ cli_disasm_one@CLAMAV_PRIVATE 0.101.4
+ cli_errmsg@CLAMAV_PRIVATE 0.101.4
+ cli_filecopy@CLAMAV_PRIVATE 0.101.4
+ cli_fmap_scandesc@CLAMAV_PRIVATE 0.101.4
+ cli_free_vba_project@CLAMAV_PRIVATE 0.101.4
+ cli_ftw@CLAMAV_PRIVATE 0.101.4
+ cli_genhash_pe@CLAMAV_PRIVATE 0.101.4
+ cli_gentemp@CLAMAV_PRIVATE 0.101.4
+ cli_gentempfd@CLAMAV_PRIVATE 0.101.4
+ cli_gettmpdir@CLAMAV_PRIVATE 0.101.4
+ cli_hashfile@CLAMAV_PRIVATE 0.101.4
+ cli_hashset_destroy@CLAMAV_PRIVATE 0.101.4
+ cli_hashstream@CLAMAV_PRIVATE 0.101.4
+ cli_hex2str@CLAMAV_PRIVATE 0.101.4
+ cli_hex2ui@CLAMAV_PRIVATE 0.101.4
+ cli_initroots@CLAMAV_PRIVATE 0.101.4
+ cli_isnumber@CLAMAV_PRIVATE 0.101.4
+ cli_js_destroy@CLAMAV_PRIVATE 0.101.4
+ cli_js_init@CLAMAV_PRIVATE 0.101.4
+ cli_js_output@CLAMAV_PRIVATE 0.101.4
+ cli_js_parse_done@CLAMAV_PRIVATE 0.101.4
+ cli_js_process_buffer@CLAMAV_PRIVATE 0.101.4
+ cli_ldbtokenize@CLAMAV_PRIVATE 0.101.4
+ cli_malloc@CLAMAV_PRIVATE 0.101.4
+ cli_memstr@CLAMAV_PRIVATE 0.101.4
+ cli_ole2_extract@CLAMAV_PRIVATE 0.101.4
+ cli_parse_add@CLAMAV_PRIVATE 0.101.4
+ cli_pcre_build@CLAMAV_PRIVATE 0.101.4
+ cli_pcre_freeoff@CLAMAV_PRIVATE 0.101.4
+ cli_pcre_init@CLAMAV_PRIVATE 0.101.4
+ cli_pcre_perf_events_destroy@CLAMAV_PRIVATE 0.101.4
+ cli_pcre_perf_print@CLAMAV_PRIVATE 0.101.4
+ cli_pcre_recaloff@CLAMAV_PRIVATE 0.101.4
+ cli_pcre_scanbuf@CLAMAV_PRIVATE 0.101.4
+ cli_ppt_vba_read@CLAMAV_PRIVATE 0.101.4
+ cli_printcxxver@CLAMAV_PRIVATE 0.101.4
+ cli_readn@CLAMAV_PRIVATE 0.101.4
+ cli_realloc@CLAMAV_PRIVATE 0.101.4
+ cli_regcomp@CLAMAV_PRIVATE 0.101.4
+ cli_regex2suffix@CLAMAV_PRIVATE 0.101.4
+ cli_regexec@CLAMAV_PRIVATE 0.101.4
+ cli_regfree@CLAMAV_PRIVATE 0.101.4
+ cli_rmdirs@CLAMAV_PRIVATE 0.101.4
+ cli_rndnum@CLAMAV_PRIVATE 0.101.4
+ cli_sanitize_filepath@CLAMAV_PRIVATE 0.101.4
+ cli_scanbuff@CLAMAV_PRIVATE 0.101.4
+ cli_sigopts_handler@CLAMAV_PRIVATE 0.101.4
+ cli_sigperf_events_destroy@CLAMAV_PRIVATE 0.101.4
+ cli_sigperf_print@CLAMAV_PRIVATE 0.101.4
+ cli_str2hex@CLAMAV_PRIVATE 0.101.4
+ cli_strbcasestr@CLAMAV_PRIVATE 0.101.4
+ cli_strdup@CLAMAV_PRIVATE 0.101.4
+ cli_strerror@CLAMAV_PRIVATE 0.101.4
+ cli_strlcat@CLAMAV_PRIVATE 0.101.4
+ cli_strlcpy@CLAMAV_PRIVATE 0.101.4
+ cli_strrcpy@CLAMAV_PRIVATE 0.101.4
+ cli_strtok@CLAMAV_PRIVATE 0.101.4
+ cli_strtokbuf@CLAMAV_PRIVATE 0.101.4
+ cli_strtokenize@CLAMAV_PRIVATE 0.101.4
+ cli_textbuffer_append_normalize@CLAMAV_PRIVATE 0.101.4
+ cli_unescape@CLAMAV_PRIVATE 0.101.4
+ cli_unlink@CLAMAV_PRIVATE 0.101.4
+ cli_url_canon@CLAMAV_PRIVATE 0.101.4
+ cli_utf16_to_utf8@CLAMAV_PRIVATE 0.101.4
+ cli_utf16toascii@CLAMAV_PRIVATE 0.101.4
+ cli_vba_inflate@CLAMAV_PRIVATE 0.101.4
+ cli_vba_readdir@CLAMAV_PRIVATE 0.101.4
+ cli_versig2@CLAMAV_PRIVATE 0.101.4
+ cli_versig@CLAMAV_PRIVATE 0.101.4
+ cli_warnmsg@CLAMAV_PRIVATE 0.101.4
+ cli_wm_decrypt_macro@CLAMAV_PRIVATE 0.101.4
+ cli_wm_readdir@CLAMAV_PRIVATE 0.101.4
+ cli_writen@CLAMAV_PRIVATE 0.101.4
+ decodeLine@CLAMAV_PRIVATE 0.101.4
+ disasmbuf@CLAMAV_PRIVATE 0.101.4
+ fmap@CLAMAV_PRIVATE 0.101.4
+ get_fpu_endian@CLAMAV_PRIVATE 0.101.4
+ have_clamjit@CLAMAV_PRIVATE 0.101.4
+ have_rar@CLAMAV_PRIVATE 0.101.4
+ html_normalise_map@CLAMAV_PRIVATE 0.101.4
+ html_normalise_mem@CLAMAV_PRIVATE 0.101.4
+ html_screnc_decode@CLAMAV_PRIVATE 0.101.4
+ html_tag_arg_free@CLAMAV_PRIVATE 0.101.4
+ init_domainlist@CLAMAV_PRIVATE 0.101.4
+ init_regex_list@CLAMAV_PRIVATE 0.101.4
+ init_whitelist@CLAMAV_PRIVATE 0.101.4
+ is_regex_ok@CLAMAV_PRIVATE 0.101.4
+ load_regex_matcher@CLAMAV_PRIVATE 0.101.4
lsig_sub_matched@CLAMAV_PUBLIC 0.101.0
- messageCreate@CLAMAV_PRIVATE 0.101.2
- messageDestroy@CLAMAV_PRIVATE 0.101.2
- mpool_calloc@CLAMAV_PRIVATE 0.101.2
- mpool_create@CLAMAV_PRIVATE 0.101.2
- mpool_destroy@CLAMAV_PRIVATE 0.101.2
- mpool_free@CLAMAV_PRIVATE 0.101.2
- mpool_getstats@CLAMAV_PRIVATE 0.101.2
- phishingScan@CLAMAV_PRIVATE 0.101.2
- phishing_done@CLAMAV_PRIVATE 0.101.2
- phishing_init@CLAMAV_PRIVATE 0.101.2
- regex_list_add_pattern@CLAMAV_PRIVATE 0.101.2
- regex_list_done@CLAMAV_PRIVATE 0.101.2
- regex_list_match@CLAMAV_PRIVATE 0.101.2
- tableCreate@CLAMAV_PRIVATE 0.101.2
- tableDestroy@CLAMAV_PRIVATE 0.101.2
- tableFind@CLAMAV_PRIVATE 0.101.2
- tableInsert@CLAMAV_PRIVATE 0.101.2
- tableIterate@CLAMAV_PRIVATE 0.101.2
- tableRemove@CLAMAV_PRIVATE 0.101.2
- tableUpdate@CLAMAV_PRIVATE 0.101.2
- text_normalize_init@CLAMAV_PRIVATE 0.101.2
- text_normalize_map@CLAMAV_PRIVATE 0.101.2
- text_normalize_reset@CLAMAV_PRIVATE 0.101.2
- uniq_add@CLAMAV_PRIVATE 0.101.2
- uniq_free@CLAMAV_PRIVATE 0.101.2
- uniq_get@CLAMAV_PRIVATE 0.101.2
- uniq_init@CLAMAV_PRIVATE 0.101.2
+ messageCreate@CLAMAV_PRIVATE 0.101.4
+ messageDestroy@CLAMAV_PRIVATE 0.101.4
+ mpool_calloc@CLAMAV_PRIVATE 0.101.4
+ mpool_create@CLAMAV_PRIVATE 0.101.4
+ mpool_destroy@CLAMAV_PRIVATE 0.101.4
+ mpool_free@CLAMAV_PRIVATE 0.101.4
+ mpool_getstats@CLAMAV_PRIVATE 0.101.4
+ phishingScan@CLAMAV_PRIVATE 0.101.4
+ phishing_done@CLAMAV_PRIVATE 0.101.4
+ phishing_init@CLAMAV_PRIVATE 0.101.4
+ regex_list_add_pattern@CLAMAV_PRIVATE 0.101.4
+ regex_list_done@CLAMAV_PRIVATE 0.101.4
+ regex_list_match@CLAMAV_PRIVATE 0.101.4
+ tableCreate@CLAMAV_PRIVATE 0.101.4
+ tableDestroy@CLAMAV_PRIVATE 0.101.4
+ tableFind@CLAMAV_PRIVATE 0.101.4
+ tableInsert@CLAMAV_PRIVATE 0.101.4
+ tableIterate@CLAMAV_PRIVATE 0.101.4
+ tableRemove@CLAMAV_PRIVATE 0.101.4
+ tableUpdate@CLAMAV_PRIVATE 0.101.4
+ text_normalize_init@CLAMAV_PRIVATE 0.101.4
+ text_normalize_map@CLAMAV_PRIVATE 0.101.4
+ text_normalize_reset@CLAMAV_PRIVATE 0.101.4
+ uniq_add@CLAMAV_PRIVATE 0.101.4
+ uniq_free@CLAMAV_PRIVATE 0.101.4
+ uniq_get@CLAMAV_PRIVATE 0.101.4
+ uniq_init@CLAMAV_PRIVATE 0.101.4
diff -Nru clamav-0.101.2+dfsg/debian/patches/Add-support-for-LLVM-3.7.patch clamav-0.101.4+dfsg/debian/patches/Add-support-for-LLVM-3.7.patch
--- clamav-0.101.2+dfsg/debian/patches/Add-support-for-LLVM-3.7.patch 2019-04-05 22:07:01.000000000 +0200
+++ clamav-0.101.4+dfsg/debian/patches/Add-support-for-LLVM-3.7.patch 2019-08-25 14:08:40.000000000 +0200
@@ -1,4 +1,4 @@
-From 3bfb877f39017a607c1d76c0137323392538cb23 Mon Sep 17 00:00:00 2001
+From 0649b19b8c25b855b889cc1058a3e011b3cc6d7f Mon Sep 17 00:00:00 2001
From: Andreas Cadhalpun <andreas.cadhal...@googlemail.com>
Date: Fri, 14 Oct 2016 20:24:39 +0200
Subject: Add support for LLVM 3.7
diff -Nru clamav-0.101.2+dfsg/debian/patches/Add-support-for-LLVM-3.8.patch clamav-0.101.4+dfsg/debian/patches/Add-support-for-LLVM-3.8.patch
--- clamav-0.101.2+dfsg/debian/patches/Add-support-for-LLVM-3.8.patch 2019-04-05 22:07:01.000000000 +0200
+++ clamav-0.101.4+dfsg/debian/patches/Add-support-for-LLVM-3.8.patch 2019-08-25 14:08:40.000000000 +0200
@@ -1,4 +1,4 @@
-From 24247174316c5fac749b26f7be93c3ab19d39b6d Mon Sep 17 00:00:00 2001
+From 5a2272870a288a08a9f7d442708f5dced52828bb Mon Sep 17 00:00:00 2001
From: Andreas Cadhalpun <andreas.cadhal...@googlemail.com>
Date: Fri, 14 Oct 2016 20:24:48 +0200
Subject: Add support for LLVM 3.8
diff -Nru clamav-0.101.2+dfsg/debian/patches/Add-support-for-LLVM-3.9.patch clamav-0.101.4+dfsg/debian/patches/Add-support-for-LLVM-3.9.patch
--- clamav-0.101.2+dfsg/debian/patches/Add-support-for-LLVM-3.9.patch 2019-04-05 22:07:01.000000000 +0200
+++ clamav-0.101.4+dfsg/debian/patches/Add-support-for-LLVM-3.9.patch 2019-08-25 14:08:40.000000000 +0200
@@ -1,4 +1,4 @@
-From 3cd54e1cb2347b5e4f157b91db1675d37e381098 Mon Sep 17 00:00:00 2001
+From 60c1aceb751db52059111dea2a1a890cede29dfc Mon Sep 17 00:00:00 2001
From: Andreas Cadhalpun <andreas.cadhal...@googlemail.com>
Date: Fri, 14 Oct 2016 20:24:56 +0200
Subject: Add support for LLVM 3.9
diff -Nru clamav-0.101.2+dfsg/debian/patches/add-support-for-system-tomsfastmath.patch clamav-0.101.4+dfsg/debian/patches/add-support-for-system-tomsfastmath.patch
--- clamav-0.101.2+dfsg/debian/patches/add-support-for-system-tomsfastmath.patch 2019-04-05 22:07:01.000000000 +0200
+++ clamav-0.101.4+dfsg/debian/patches/add-support-for-system-tomsfastmath.patch 2019-08-25 14:08:40.000000000 +0200
@@ -1,4 +1,4 @@
-From 61724cb60d16244e85c25f2ecaaf6f84e5460244 Mon Sep 17 00:00:00 2001
+From 13e43ff48e81a325f94285fc62826f148e0923ff Mon Sep 17 00:00:00 2001
From: Andreas Cadhalpun <andreas.cadhal...@googlemail.com>
Date: Wed, 11 Mar 2015 20:03:15 +0100
Subject: add support for system tomsfastmath
@@ -14,7 +14,7 @@
create mode 100644 m4/reorganization/libs/tomsfastmath.m4
diff --git a/configure.ac b/configure.ac
-index 1a2431a..88ff4ff 100644
+index c0638fc..9a1cf02 100644
--- a/configure.ac
+++ b/configure.ac
@@ -96,6 +96,7 @@ m4_include([m4/reorganization/libs/libmspack.m4])
diff -Nru clamav-0.101.2+dfsg/debian/patches/Change-paths-in-sample-conf-file-to-match-Debian.patch clamav-0.101.4+dfsg/debian/patches/Change-paths-in-sample-conf-file-to-match-Debian.patch
--- clamav-0.101.2+dfsg/debian/patches/Change-paths-in-sample-conf-file-to-match-Debian.patch 2019-04-05 22:07:01.000000000 +0200
+++ clamav-0.101.4+dfsg/debian/patches/Change-paths-in-sample-conf-file-to-match-Debian.patch 2019-08-25 14:08:40.000000000 +0200
@@ -1,4 +1,4 @@
-From fc9b949d51290554edefdbb096efda1dc3b67575 Mon Sep 17 00:00:00 2001
+From 4349864c34f3e8415a234bb069ce6f80a3f219b5 Mon Sep 17 00:00:00 2001
From: Scott Kitterman <sc...@kitterman.com>
Date: Mon, 10 Mar 2014 19:20:18 -0400
Subject: Change paths in sample conf file to match Debian
diff -Nru clamav-0.101.2+dfsg/debian/patches/clamd_dont_depend_on_clamav_demon_socket.patch clamav-0.101.4+dfsg/debian/patches/clamd_dont_depend_on_clamav_demon_socket.patch
--- clamav-0.101.2+dfsg/debian/patches/clamd_dont_depend_on_clamav_demon_socket.patch 2019-04-05 22:07:01.000000000 +0200
+++ clamav-0.101.4+dfsg/debian/patches/clamd_dont_depend_on_clamav_demon_socket.patch 2019-08-25 14:08:40.000000000 +0200
@@ -1,4 +1,4 @@
-From 221dddd99e5f8d91544a47a0b39c2302ec70e35b Mon Sep 17 00:00:00 2001
+From 02a6bb9068e845ea0af8a8e486f7daee284b3720 Mon Sep 17 00:00:00 2001
From: Sebastian Andrzej Siewior <sebast...@breakpoint.cc>
Date: Thu, 11 Aug 2016 21:54:10 +0200
Subject: clamd: don't depend on clamav-demon.socket
diff -Nru clamav-0.101.2+dfsg/debian/patches/Deprecate-unused-options-instead-of-removing-it.patch clamav-0.101.4+dfsg/debian/patches/Deprecate-unused-options-instead-of-removing-it.patch
--- clamav-0.101.2+dfsg/debian/patches/Deprecate-unused-options-instead-of-removing-it.patch 2019-04-05 22:07:01.000000000 +0200
+++ clamav-0.101.4+dfsg/debian/patches/Deprecate-unused-options-instead-of-removing-it.patch 2019-08-25 14:08:40.000000000 +0200
@@ -1,4 +1,4 @@
-From 2886e25ab1059591228f544e00baa3557309db00 Mon Sep 17 00:00:00 2001
+From 5a4e116e7acf06f0f718223e029558bf9c0b1f44 Mon Sep 17 00:00:00 2001
From: Sebastian Andrzej Siewior <sebast...@breakpoint.cc>
Date: Wed, 4 Jul 2018 21:26:50 +0200
Subject: Deprecate unused options instead of removing it
@@ -27,7 +27,7 @@
1 file changed, 14 insertions(+)
diff --git a/shared/optparser.c b/shared/optparser.c
-index e429e61..fdd5ac3 100644
+index ffc706a..c6ae5d3 100644
--- a/shared/optparser.c
+++ b/shared/optparser.c
@@ -194,6 +194,14 @@ const struct clam_option __clam_options[] = {
diff -Nru clamav-0.101.2+dfsg/debian/rules clamav-0.101.4+dfsg/debian/rules
--- clamav-0.101.2+dfsg/debian/rules 2019-04-05 22:07:01.000000000 +0200
+++ clamav-0.101.4+dfsg/debian/rules 2019-08-25 14:08:40.000000000 +0200
@@ -96,7 +96,7 @@
fi;\
done; \
# Check for library features which may have been upgraded.
- if ! grep -q "CL_FLEVEL 102" libclamav/others.h ; then \
+ if ! grep -q "CL_FLEVEL 105" libclamav/others.h ; then \
echo "cl_retflevel needs boosting in symbol file"; \
touch debian/exit; \
fi;
diff -Nru clamav-0.101.2+dfsg/docs/html/UserManual/development.html clamav-0.101.4+dfsg/docs/html/UserManual/development.html
--- clamav-0.101.2+dfsg/docs/html/UserManual/development.html 2019-03-13 22:13:05.000000000 +0100
+++ clamav-0.101.4+dfsg/docs/html/UserManual/development.html 2019-08-20 18:09:29.000000000 +0200
@@ -196,7 +196,7 @@
<p>First, install <code>perf</code>, which on Linux can be done via:</p>
<div class="sourceCode"><pre class="sourceCode bash"><code class="sourceCode bash"><span class="ex">apt-get</span> install linux-tools-common linux-tools-generic linux-tools-<span class="kw">`</span><span class="fu">uname</span> -r<span class="kw">`</span></code></pre></div>
<p>Modify the system settings to allow <code>perf</code> record to be run by a standard user:</p>
-<div class="sourceCode"><pre class="sourceCode bash"><code class="sourceCode bash"><span class="fu">sudo</span> su <span class="co"># Run the following as root</span>
+<div class="sourceCode"><pre class="sourceCode bash"><code class="sourceCode bash"><span class="fu">sudo</span> su # Run the following as root
<span class="fu">cat</span> /proc/sys/kernel/perf_event_paranoid
<span class="bu">echo</span> <span class="st">"1"</span> <span class="op">></span> /proc/sys/kernel/perf_event_paranoid
<span class="bu">exit</span></code></pre></div>
diff -Nru clamav-0.101.2+dfsg/docs/html/UserManual/Installation-Unix/Steps-macOS.html clamav-0.101.4+dfsg/docs/html/UserManual/Installation-Unix/Steps-macOS.html
--- clamav-0.101.2+dfsg/docs/html/UserManual/Installation-Unix/Steps-macOS.html 2019-03-13 22:13:08.000000000 +0100
+++ clamav-0.101.4+dfsg/docs/html/UserManual/Installation-Unix/Steps-macOS.html 2019-08-20 18:09:34.000000000 +0200
@@ -245,11 +245,11 @@
<p>Then, these commands can be used to create the <code>clamav</code> group and <code>clamav</code> user.</p>
<div class="sourceCode"><pre class="sourceCode bash"><code class="sourceCode bash"><span class="fu">sudo</span> dscl . create /Groups/clamav
<span class="fu">sudo</span> dscl . create /Groups/clamav RealName <span class="st">"Clam Antivirus Group"</span>
-<span class="fu">sudo</span> dscl . create /Groups/clamav gid 799 <span class="co"># Ensure this is unique!</span>
+<span class="fu">sudo</span> dscl . create /Groups/clamav gid 799 # Ensure this is unique!
<span class="fu">sudo</span> dscl . create /Users/clamav
<span class="fu">sudo</span> dscl . create /Users/clamav RealName <span class="st">"Clam Antivirus User"</span>
<span class="fu">sudo</span> dscl . create /Users/clamav UserShell /bin/false
-<span class="fu">sudo</span> dscl . create /Users/clamav UniqueID 599 <span class="co"># Ensure this is unique!</span>
+<span class="fu">sudo</span> dscl . create /Users/clamav UniqueID 599 # Ensure this is unique!
<span class="fu">sudo</span> dscl . create /Users/clamav PrimaryGroupID 799 <span class="co"># Must match the above gid!</span></code></pre></div>
<p>Finally, you will want to set user ownership of the database directory.<br />
For example:</p>
diff -Nru clamav-0.101.2+dfsg/docs/html/UserManual/Installation-Windows.html clamav-0.101.4+dfsg/docs/html/UserManual/Installation-Windows.html
--- clamav-0.101.2+dfsg/docs/html/UserManual/Installation-Windows.html 2019-03-13 22:13:06.000000000 +0100
+++ clamav-0.101.4+dfsg/docs/html/UserManual/Installation-Windows.html 2019-08-20 18:09:27.000000000 +0200
@@ -14,9 +14,9 @@
<h2 id="install-using-the-clamav-windows-installer">Install using the ClamAV Windows Installer</h2>
<p>Important: Installing ClamAV using the Installer will require Administrator privileges.</p>
<ol>
-<li>Download: <a href="http://www.clamav.net/downloads/production/ClamAV-0.101.2.exe"; class="uri">http://www.clamav.net/downloads/production/ClamAV-0.101.2.exe</a></li>
+<li>Download: <a href="http://www.clamav.net/downloads/production/ClamAV-0.101.4.exe"; class="uri">http://www.clamav.net/downloads/production/ClamAV-0.101.4.exe</a></li>
<li>Locate the file in your Downloads directory.</li>
-<li>Right-click on <code>ClamAV-0.101.2.exe</code> and select <code>Run as administrator</code>. You may receive a warning message along the lines of "Windows protected your PC". Select <code>More info</code> and then select <code>Run anyway</code>.</li>
+<li>Right-click on <code>ClamAV-0.101.4.exe</code> and select <code>Run as administrator</code>. You may receive a warning message along the lines of "Windows protected your PC". Select <code>More info</code> and then select <code>Run anyway</code>.</li>
<li>Select <code>I accept the agreement</code> and click <code>Next</code>.</li>
<li>Click <code>Next</code> again. If you've removed a previous installation of ClamAV, you may receive the prompt "The folder ... already exists...". If you do, select <code>Yes</code>.</li>
<li>Click <code>Install</code>.</li>
@@ -30,9 +30,9 @@
<p>Continue on to "First Time Set-Up" below...</p>
<h2 id="install-using-the-clamav-portable-install-package">Install using the ClamAV Portable Install Package</h2>
<ol>
-<li>Download: <a href="https://www.clamav.net/downloads/production/clamav-0.101.2-win-x64-portable.zip"; class="uri">https://www.clamav.net/downloads/production/clamav-0.101.2-win-x64-portable.zip</a></li>
+<li>Download: <a href="https://www.clamav.net/downloads/production/clamav-0.101.4-win-x64-portable.zip"; class="uri">https://www.clamav.net/downloads/production/clamav-0.101.4-win-x64-portable.zip</a></li>
<li>Unzip it.</li>
-<li>Open the <code>clamav-0.101.2-win-x64-portable</code> directory.</li>
+<li>Open the <code>clamav-0.101.4-win-x64-portable</code> directory.</li>
<li>Hold down Shift and then right-click on the background in the current directory (but not on one of the files). Select <code>"Open PowerShell window here"</code>. If that option doesn't appear, try again.</li>
</ol>
<p>Continue on to "First Time Set-Up"...</p>
diff -Nru clamav-0.101.2+dfsg/docs/html/UserManual/Signatures/PhishSigs.html clamav-0.101.4+dfsg/docs/html/UserManual/Signatures/PhishSigs.html
--- clamav-0.101.2+dfsg/docs/html/UserManual/Signatures/PhishSigs.html 2019-03-13 22:13:11.000000000 +0100
+++ clamav-0.101.4+dfsg/docs/html/UserManual/Signatures/PhishSigs.html 2019-08-20 18:09:30.000000000 +0200
@@ -114,11 +114,11 @@
<ul>
<li><code>RealURL</code></li>
</ul>
-<p>is the URL the user is sent to, example: <em>href</em> attribute of an html anchor (<em>\<a\> tag</em>)</p>
+<p>is the URL the user is sent to, example: <em>href</em> attribute of an html anchor (<em><a> tag</em>)</p>
<ul>
<li><code>DisplayedURL</code></li>
</ul>
-<p>is the URL description displayed to the user, where its <em>claimed</em> they are sent, example: contents of an html anchor (<em>\<a\> tag</em>)</p>
+<p>is the URL description displayed to the user, where its <em>claimed</em> they are sent, example: contents of an html anchor (<em><a> tag</em>)</p>
<ul>
<li><code>DisplayedHostname</code></li>
</ul>
@@ -200,7 +200,7 @@
H:amazon.co.uk:0-20</code></pre>
<p>First line: engine versions 20, 21, ..., 29 can load it</p>
<p>Second line: engine versions >= 20 can load it</p>
-<p>Third line: engine versions \< 20 can load it</p>
+<p>Third line: engine versions < 20 can load it</p>
<p>In a real situation, you’d probably use the second form. A situation like that would be if you are using a feature of the signatures not available in earlier versions, or if earlier versions have bugs with your signature. Its neither case here, the above examples are for illustrative purposes only.</p>
<h2 id="examples-of-wdb-signatures">Examples of WDB signatures</h2>
<p>To allow amazon’s country specific domains and amazon.com, to mix domain names in DisplayedURL, and RealURL:</p>
@@ -331,22 +331,22 @@
<p>(anchor) the <em>href</em> is the realURL, its <em>contents</em> is the displayedURL</p>
<ul>
<li>contents<br />
-is the tag-stripped contents of the \<a\> tags, so for example \<b\> tags are stripped (but not their contents)</li>
+is the tag-stripped contents of the <a> tags, so for example <b> tags are stripped (but not their contents)</li>
</ul>
-<p>nesting another \<a\> tag withing an \<a\> tag (besides being invalid html) is treated as a \</a\>\<a..</p>
+<p>nesting another <a> tag withing an <a> tag (besides being invalid html) is treated as a </a><a..</p>
<ul>
<li><code>form</code></li>
</ul>
-<p>the <em>action</em> attribute is the realURL, and a nested \<a\> tag is the displayedURL</p>
+<p>the <em>action</em> attribute is the realURL, and a nested <a> tag is the displayedURL</p>
<ul>
<li><code>img/area</code></li>
</ul>
-<p>if nested within an <em>\<a\></em> tag, the realURL is the <em>href</em> of the a tag, and the <em>src/dynsrc/area</em> is the displayedURL of the img</p>
+<p>if nested within an <em><a></em> tag, the realURL is the <em>href</em> of the a tag, and the <em>src/dynsrc/area</em> is the displayedURL of the img</p>
<p>if nested withing a <em>form</em> tag, then the action attribute of the <em>form</em> tag is the realURL</p>
<ul>
<li><code>iframe</code></li>
</ul>
-<p>if nested withing an <em>\<a\></em> tag the <em>src</em> attribute is the displayedURL, and the <em>href</em> of its parent <em>a</em> tag is the realURL</p>
+<p>if nested withing an <em><a></em> tag the <em>src</em> attribute is the displayedURL, and the <em>href</em> of its parent <em>a</em> tag is the realURL</p>
<p>if nested withing a <em>form</em> tag, then the action attribute of the <em>form</em> tag is the realURL</p>
<h3 id="example">Example</h3>
<p>Consider this html file:</p>
diff -Nru clamav-0.101.2+dfsg/docs/html/UserManual.html clamav-0.101.4+dfsg/docs/html/UserManual.html
--- clamav-0.101.2+dfsg/docs/html/UserManual.html 2019-03-13 22:13:04.000000000 +0100
+++ clamav-0.101.4+dfsg/docs/html/UserManual.html 2019-08-20 18:09:26.000000000 +0200
@@ -9,7 +9,7 @@
<link rel="stylesheet" href="/en/github.css" type="text/css" />
</head>
<body>
-<h1 id="clam-antivirus-0.101.2-user-manual">Clam AntiVirus 0.101.2 <em>User Manual</em></h1>
+<h1 id="clam-antivirus-0.101.4-user-manual">Clam AntiVirus 0.101.4 <em>User Manual</em></h1>
<p><img src="UserManual/images/demon.png" alt="image" /></p>
<hr />
<p>Table Of Contents</p>
diff -Nru clamav-0.101.2+dfsg/docs/UserManual/Installation-Windows.md clamav-0.101.4+dfsg/docs/UserManual/Installation-Windows.md
--- clamav-0.101.2+dfsg/docs/UserManual/Installation-Windows.md 2019-03-13 22:13:01.000000000 +0100
+++ clamav-0.101.4+dfsg/docs/UserManual/Installation-Windows.md 2019-08-20 18:08:49.000000000 +0200
@@ -6,9 +6,9 @@
Important: Installing ClamAV using the Installer will require Administrator privileges.
-1. Download: http://www.clamav.net/downloads/production/ClamAV-0.101.2.exe
+1. Download: http://www.clamav.net/downloads/production/ClamAV-0.101.4.exe
2. Locate the file in your Downloads directory.
-3. Right-click on `ClamAV-0.101.2.exe` and select `Run as administrator`. You may receive a warning message along the lines of "Windows protected your PC". Select `More info` and then select `Run anyway`.
+3. Right-click on `ClamAV-0.101.4.exe` and select `Run as administrator`. You may receive a warning message along the lines of "Windows protected your PC". Select `More info` and then select `Run anyway`.
4. Select `I accept the agreement` and click `Next`.
5. Click `Next` again. If you've removed a previous installation of ClamAV, you may receive the prompt "The folder ... already exists...". If you do, select `Yes`.
6. Click `Install`.
@@ -28,9 +28,9 @@
## Install using the ClamAV Portable Install Package
-1. Download: https://www.clamav.net/downloads/production/clamav-0.101.2-win-x64-portable.zip
+1. Download: https://www.clamav.net/downloads/production/clamav-0.101.4-win-x64-portable.zip
2. Unzip it.
-3. Open the `clamav-0.101.2-win-x64-portable` directory.
+3. Open the `clamav-0.101.4-win-x64-portable` directory.
4. Hold down Shift and then right-click on the background in the current directory (but not on one of the files). Select `"Open PowerShell window here"`. If that option doesn't appear, try again.
Continue on to "First Time Set-Up"...
diff -Nru clamav-0.101.2+dfsg/docs/UserManual.md clamav-0.101.4+dfsg/docs/UserManual.md
--- clamav-0.101.2+dfsg/docs/UserManual.md 2019-03-13 22:13:01.000000000 +0100
+++ clamav-0.101.4+dfsg/docs/UserManual.md 2019-08-20 18:08:49.000000000 +0200
@@ -1,4 +1,4 @@
-# Clam AntiVirus 0.101.2 *User Manual*
+# Clam AntiVirus 0.101.4 *User Manual*
diff -Nru clamav-0.101.2+dfsg/etc/clamd.conf.sample clamav-0.101.4+dfsg/etc/clamd.conf.sample
--- clamav-0.101.2+dfsg/etc/clamd.conf.sample 2019-03-13 22:13:01.000000000 +0100
+++ clamav-0.101.4+dfsg/etc/clamd.conf.sample 2019-08-20 18:08:49.000000000 +0200
@@ -85,7 +85,7 @@
# Default: no
#OfficialDatabaseOnly no
-# The daemon can work in local mode, network mode or both.
+# The daemon can work in local mode, network mode or both.
# Due to security reasons we recommend the local mode.
# Path to a local socket file the daemon will listen on.
@@ -231,7 +231,7 @@
#DetectPUA yes
# Exclude a specific PUA category. This directive can be used multiple times.
-# See https://github.com/vrtadmin/clamav-faq/blob/master/faq/faq-pua.md for
+# See https://github.com/vrtadmin/clamav-faq/blob/master/faq/faq-pua.md for
# the complete list of PUA categories.
# Default: Load all categories (if DetectPUA is activated)
#ExcludePUA NetTool
@@ -271,9 +271,9 @@
# the end of a scan. If an archive contains both a heuristically detected
# virus/phish, and a real malware, the real malware will be reported
#
-# Keep this disabled if you intend to handle "*.Heuristics.*" viruses
+# Keep this disabled if you intend to handle "*.Heuristics.*" viruses
# differently from "real" malware.
-# If a non-heuristically-detected virus (signature-based) is found first,
+# If a non-heuristically-detected virus (signature-based) is found first,
# the scan is interrupted immediately, regardless of this config option.
#
# Default: no
@@ -475,6 +475,16 @@
# The options below protect your system against Denial of Service attacks
# using archive bombs.
+# This option sets the maximum amount of time to a scan may take.
+# In this version, this field only affects the scan time of ZIP archives.
+# Value of 0 disables the limit
+# Note: disabling this limit or setting it too high may result allow scanning
+# of certain files to lock up the scanning process/threads resulting in a Denial
+# of Service.
+# Time is in milliseconds.
+# Default: 120000
+#MaxScanTime 300000
+
# This option sets the maximum amount of data to be scanned for each input
# file.
# Archives and other containers are recursively extracted and scanned up to
@@ -697,7 +707,7 @@
## Bytecode
##
-# With this option enabled ClamAV will load bytecode from the database.
+# With this option enabled ClamAV will load bytecode from the database.
# It is highly recommended you keep this option on, otherwise you'll miss
# detections for many new viruses.
# Default: yes
@@ -721,7 +731,7 @@
#BytecodeSecurity TrustSigned
# Set bytecode timeout in milliseconds.
-#
+#
# Default: 5000
# BytecodeTimeout 1000
diff -Nru clamav-0.101.2+dfsg/freshclam/manager.c clamav-0.101.4+dfsg/freshclam/manager.c
--- clamav-0.101.2+dfsg/freshclam/manager.c 2019-03-13 22:13:01.000000000 +0100
+++ clamav-0.101.4+dfsg/freshclam/manager.c 2019-08-20 18:08:49.000000000 +0200
@@ -2105,7 +2105,7 @@
if(!tmpdir){
free(newfile);
return FCE_MEM;
- }
+ }
maxattempts = optget (opts, "MaxAttempts")->numarg;
for (i = currver + 1; i <= newver; i++)
@@ -2518,6 +2518,41 @@
return FC_SUCCESS;
}
+/**
+ * @brief Compare two version strings.
+ *
+ * @param v1 Version string 1
+ * @param v2 Version string 2
+ * @return int 1 if v1 is greater, 0 if equal, -1 if smaller.
+ */
+int version_string_compare(char *v1, size_t v1_len, char *v2, size_t v2_len)
+{
+ size_t i, j;
+ int vnum1 = 0, vnum2 = 0;
+
+ for (i = 0, j = 0; (i < v1_len || j < v2_len);) {
+ while (i < v1_len && v1[i] != '.') {
+ vnum1 = vnum1 * 10 + (v1[i] - '0');
+ i++;
+ }
+
+ while (j < v2_len && v2[j] != '.') {
+ vnum2 = vnum2 * 10 + (v2[j] - '0');
+ j++;
+ }
+
+ if (vnum1 > vnum2)
+ return 1;
+ if (vnum2 > vnum1)
+ return -1;
+
+ vnum1 = vnum2 = 0;
+ i++;
+ j++;
+ }
+ return 0;
+}
+
int
downloadmanager (const struct optstruct *opts, const char *hostname,
unsigned int attempt)
@@ -2605,8 +2640,8 @@
&& !strstr (vstr, "rc"))
{
pt = strchr (vstr, '-');
- if ((pt && strncmp (vstr, newver, pt - vstr))
- || (!pt && strcmp (vstr, newver)))
+ if ((pt && (0 > version_string_compare(vstr, pt - vstr, newver, strlen(newver)))) ||
+ (!pt && (0 > version_string_compare(vstr, strlen(vstr), newver, strlen(newver)))))
{
logg ("^Your ClamAV installation is OUTDATED!\n");
logg ("^Local version: %s Recommended version: %s\n", vstr, newver);
diff -Nru clamav-0.101.2+dfsg/libclamav/bytecode_api.h clamav-0.101.4+dfsg/libclamav/bytecode_api.h
--- clamav-0.101.2+dfsg/libclamav/bytecode_api.h 2019-03-13 22:13:01.000000000 +0100
+++ clamav-0.101.4+dfsg/libclamav/bytecode_api.h 2019-08-20 18:08:49.000000000 +0200
@@ -50,7 +50,7 @@
/**
\group_config
- * Specifies the bytecode type and how ClamAV executes it
+ * Specifies the bytecode type and how ClamAV executes it
*/
enum BytecodeKind {
/** generic bytecode, not tied a specific hook */
@@ -86,7 +86,7 @@
FUNC_LEVEL_096_2 = 54, /* LibClamAV release 0.96.2: PDF Hooks require this minimum level */
FUNC_LEVEL_096_2_dev = 55,
FUNC_LEVEL_096_3 = 55, /* LibClamAV release 0.96.3: BC_PE_ALL bytecodes require this minimum level */
- FUNC_LEVEL_096_4 = 56, /* LibClamAV release 0.96.4: minimum recommended engine version, older versions
+ FUNC_LEVEL_096_4 = 56, /* LibClamAV release 0.96.4: minimum recommended engine version, older versions
* have quadratic load time */
FUNC_LEVEL_096_5 = 58, /* LibClamAV release 0.96.5 */
FUNC_LEVEL_097 = 60, /* LibClamAV release 0.97.0: older bytecodes may incorrectly use 57 */
@@ -118,7 +118,9 @@
FUNC_LEVEL_0101_0_BETA = 100, /* LibClamAV beta release 0.101.0-beta */
FUNC_LEVEL_0101_0 = 101, /* LibClamAV release 0.101.0, 0.101.0-rc */
FUNC_LEVEL_0101_1 = 102, /* LibClamAV release 0.101.1 */
- FUNC_LEVEL_0101_2 = 103, /* LibClamAV release 0.101.3 */
+ FUNC_LEVEL_0101_2 = 102, /* LibClamAV release 0.101.2 */
+ FUNC_LEVEL_0101_3 = 102, /* LibClamAV release 0.101.3 */
+ FUNC_LEVEL_0101_4 = 105, /* LibClamAV release 0.101.4 */
FUNC_LEVEL_100 = 255 /* future release candidate */
};
@@ -136,7 +138,7 @@
/**
\group_pdf
- * PDF flags
+ * PDF flags
*/
enum pdf_flag {
BAD_PDF_VERSION=0, /* */
@@ -273,7 +275,7 @@
extern const struct cli_pe_hook_data __clambc_pedata;
/**
\group_globals
- * File size (max 4G).
+ * File size (max 4G).
*/
extern const uint32_t __clambc_filesize[1];
@@ -372,7 +374,7 @@
* @return 0 for success
*
* You can use lseek to disassemble starting from a different location.
- * This is a low-level API, the result is in ClamAV type-8 signature format
+ * This is a low-level API, the result is in ClamAV type-8 signature format
* (64 bytes/instruction).
* \sa DisassembleAt
*/
@@ -417,7 +419,7 @@
int32_t file_byteat(uint32_t offset);
/**
-\group_adt
+\group_adt
* Allocates memory. Currently this memory is freed automatically on exit
* from the bytecode, and there is no way to free it sooner.
* @param[in] size amount of memory to allocate in bytes
@@ -468,7 +470,7 @@
int32_t extract_new(int32_t id);
/**
-\group_file
+\group_file
* Reads a number in the specified radix starting from the current position.
* Non-numeric characters are ignored.
* @param[in] radix 10 or 16
@@ -507,7 +509,7 @@
* @param[in] hs ID of hashset (from hashset_new)
* @param[in] key the key to lookup
* @return 1 if found
- * @return 0 if not found
+ * @return 0 if not found
* @return <0 on invalid hashset ID
*/
int32_t hashset_contains(int32_t hs, uint32_t key);
@@ -667,8 +669,8 @@
\group_js
* Initializes JS normalizer for reading 'from_buffer'.
* Normalized JS will be written to a single tempfile,
- * one normalized JS per line, and automatically scanned
- * when the bytecode finishes execution.
+ * one normalized JS per line, and automatically scanned
+ * when the bytecode finishes execution.
* @param[in] from_buffer ID of buffer_pipe to read javascript from
* @return ID of JS normalizer, <0 on failure
*/
@@ -700,7 +702,7 @@
/**
\group_math
* Returns 2^26*log2(a/b)
- * @param[in] a input
+ * @param[in] a input
* @param[in] b input
* @return 2^26*log2(a/b)
*/
@@ -854,7 +856,7 @@
/**
\group_adt
- * Looks up key in map.
+ * Looks up key in map.
* The map remember the last looked up key (so you can retrieve the
* value).
* @param[in] id id of map
@@ -902,10 +904,10 @@
* specified position.
* @param[in] data the sequence of bytes to look for
* @param[in] len length of \p data, cannot be more than 1024
- * @param[in] maxpos maximum position to look for a match,
+ * @param[in] maxpos maximum position to look for a match,
* note that this is 1 byte after the end of last possible match:
* match_pos + \p len < \p maxpos
- * @return offset in the current file if match is found, -1 otherwise
+ * @return offset in the current file if match is found, -1 otherwise
*/
int32_t file_find_limit(const uint8_t *data, uint32_t len, int32_t maxpos);
@@ -930,7 +932,7 @@
/**
\group_engine
* Returns the current engine's scan options. **DEPRECATED**
- * @return CL_SCAN* flags
+ * @return CL_SCAN* flags
*/
uint32_t engine_scan_options(void);
@@ -1032,7 +1034,7 @@
/* --------------------- PDF APIs ----------------------------------- */
/**
\group_pdf
- * Return number of pdf objects
+ * Return number of pdf objects
* @return -1 - if not called from PDF hook
* @return >=0 - number of PDF objects
*/
@@ -1141,7 +1143,7 @@
/* ----------------------------- Icon APIs -------------------------- */
/**
-\group_icon
+\group_icon
* Attempts to match current executable's icon against the specified icon
* groups.
* @param[in] group1 - same as GROUP1 in LDB signatures
@@ -1236,7 +1238,7 @@
/**
\group_json
- * @return number of characters transferred (capped by str_len),
+ * @return number of characters transferred (capped by str_len),
* including terminating null-character
* @return -1 if an error has occurred
* @return -2 if object is not JSON_TYPE_STRING
@@ -1272,11 +1274,11 @@
\group_engine
* Check if any given scan option is enabled.
* Returns non-zero if the following named options are set:
- *
+ *
* "general allmatch" - all-match mode is enabled
* "general collect metadata" - --gen-json is enabled
* "general heuristics" - --gen-json is enabled
- *
+ *
* "parse archive" - archive parsing is enabled
* "parse pdf" - pdf parsing is enabled
* "parse swf" - swf parsing is enabled
@@ -1286,7 +1288,7 @@
* "parse ole2" - ole2 parsing is enabled
* "parse html" - html parsing is enabled
* "parse pe" - pe parsing is enabled
- *
+ *
* "heuristic precedence" - heuristic signatures are set to take precedence
* "heuristic broken" - broken pe heuristic is enabled
* "heuristic exceeds max" - heuristic for when max settings are exceeded is enabled
@@ -1298,14 +1300,14 @@
* "heuristic structured" - structured heuristic is enabled
* "heuristic structured ssn normal" - structured ssn normal heuristic is enabled
* "heuristic structured ssn stripped" - structured ssn stripped heuristic is enabled
- *
+ *
* "mail partial message" - parsing of partial mail messages is enabled
- *
+ *
* "dev collect sha" - --dev-collect-hashes is enabled
* "dev collect performance info" - --dev-performance is enabled
- *
+ *
* @param[in] scan_options enum value for desired scan option category.
- * @return CL_SCAN_<OPTION>_* flags
+ * @return CL_SCAN_<OPTION>_* flags
*/
uint32_t engine_scan_options_ex(const uint8_t *option_name, uint32_t name_len);
diff -Nru clamav-0.101.2+dfsg/libclamav/clamav.h clamav-0.101.4+dfsg/libclamav/clamav.h
--- clamav-0.101.2+dfsg/libclamav/clamav.h 2019-03-13 22:13:01.000000000 +0100
+++ clamav-0.101.4+dfsg/libclamav/clamav.h 2019-08-20 18:08:49.000000000 +0200
@@ -298,7 +298,7 @@
CL_ENGINE_MAX_PARTITIONS, /* uint32_t */
CL_ENGINE_MAX_ICONSPE, /* uint32_t */
CL_ENGINE_MAX_RECHWP3, /* uint32_t */
- CL_ENGINE_TIME_LIMIT, /* uint32_t */
+ CL_ENGINE_MAX_SCANTIME, /* uint32_t */
CL_ENGINE_PCRE_MATCH_LIMIT, /* uint64_t */
CL_ENGINE_PCRE_RECMATCH_LIMIT, /* uint64_t */
CL_ENGINE_PCRE_MAX_FILESIZE, /* uint64_t */
diff -Nru clamav-0.101.2+dfsg/libclamav/default.h clamav-0.101.4+dfsg/libclamav/default.h
--- clamav-0.101.2+dfsg/libclamav/default.h 2019-03-13 22:13:01.000000000 +0100
+++ clamav-0.101.4+dfsg/libclamav/default.h 2019-08-20 18:08:49.000000000 +0200
@@ -31,6 +31,7 @@
#define CLI_DEFAULT_BM_OFFMODE_FSIZE 262144
+#define CLI_DEFAULT_MAXSCANTIME 120000
#define CLI_DEFAULT_MAXSCANSIZE 104857600
#define CLI_DEFAULT_MAXFILESIZE 26214400
#define CLI_DEFAULT_MAXRECLEVEL 16
diff -Nru clamav-0.101.2+dfsg/libclamav/libclamav.map clamav-0.101.4+dfsg/libclamav/libclamav.map
--- clamav-0.101.2+dfsg/libclamav/libclamav.map 2019-03-13 22:13:01.000000000 +0100
+++ clamav-0.101.4+dfsg/libclamav/libclamav.map 2019-08-20 18:08:49.000000000 +0200
@@ -62,8 +62,8 @@
};
CLAMAV_PRIVATE {
global:
- cli_sigperf_print;
- cli_sigperf_events_destroy;
+ cli_sigperf_print;
+ cli_sigperf_events_destroy;
cli_pcre_perf_print;
cli_pcre_perf_events_destroy;
cli_pcre_init;
@@ -115,8 +115,6 @@
cli_malloc;
cli_memstr;
cli_strdup;
- cli_strndup;
- cli_strnstr;
cli_realloc;
cli_ctime;
tableCreate;
diff -Nru clamav-0.101.2+dfsg/libclamav/matcher-pcre.c clamav-0.101.4+dfsg/libclamav/matcher-pcre.c
--- clamav-0.101.2+dfsg/libclamav/matcher-pcre.c 2019-03-13 22:13:01.000000000 +0100
+++ clamav-0.101.4+dfsg/libclamav/matcher-pcre.c 2019-08-20 18:08:49.000000000 +0200
@@ -687,6 +687,12 @@
/* if the global flag is set, loop through the scanning */
do {
+ if (cli_checktimelimit(ctx) != CL_SUCCESS) {
+ cli_dbgmsg("cli_unzip: Time limit reached (max: %u)\n", ctx->engine->maxscantime);
+ ret = CL_ETIMEOUT;
+ break;
+ }
+
/* reset the match results */
if ((ret = cli_pcre_results_reset(&p_res, pd)) != CL_SUCCESS)
break;
diff -Nru clamav-0.101.2+dfsg/libclamav/nsis/bzlib.c clamav-0.101.4+dfsg/libclamav/nsis/bzlib.c
--- clamav-0.101.2+dfsg/libclamav/nsis/bzlib.c 2019-03-13 22:13:01.000000000 +0100
+++ clamav-0.101.4+dfsg/libclamav/nsis/bzlib.c 2019-08-20 18:08:49.000000000 +0200
@@ -155,11 +155,11 @@
/* /\* can a new run be started? *\/ */
/* if (s->nblock_used == s->save_nblock+1) return False; */
-
+
/* /\* Only caused by corrupt data stream? *\/ */
/* if (s->nblock_used > s->save_nblock+1) */
/* return True; */
-
+
/* s->state_out_len = 1; */
/* s->state_out_ch = s->k0; */
/* BZ_GET_FAST(k1); BZ_RAND_UPD_MASK; */
@@ -169,19 +169,19 @@
/* k1 ^= BZ_RAND_MASK; s->nblock_used++; */
/* if (s->nblock_used == s->save_nblock+1) continue; */
/* if (k1 != s->k0) { s->k0 = k1; continue; }; */
-
+
/* s->state_out_len = 2; */
/* BZ_GET_FAST(k1); BZ_RAND_UPD_MASK; */
/* k1 ^= BZ_RAND_MASK; s->nblock_used++; */
/* if (s->nblock_used == s->save_nblock+1) continue; */
/* if (k1 != s->k0) { s->k0 = k1; continue; }; */
-
+
/* s->state_out_len = 3; */
/* BZ_GET_FAST(k1); BZ_RAND_UPD_MASK; */
/* k1 ^= BZ_RAND_MASK; s->nblock_used++; */
/* if (s->nblock_used == s->save_nblock+1) continue; */
/* if (k1 != s->k0) { s->k0 = k1; continue; }; */
-
+
/* BZ_GET_FAST(k1); BZ_RAND_UPD_MASK; */
/* k1 ^= BZ_RAND_MASK; s->nblock_used++; */
/* s->state_out_len = ((Int32)k1) + 4; */
@@ -223,7 +223,7 @@
}
s_state_out_len_eq_one:
{
- if (cs_avail_out == 0) {
+ if (cs_avail_out == 0) {
c_state_out_len = 1; goto return_notr;
};
*cs_next_out = c_state_out_ch;
@@ -231,7 +231,7 @@
cs_next_out++;
cs_avail_out--;
}
- }
+ }
/* Only caused by corrupt data stream? */
if (c_nblock_used > s_save_nblockPP)
return True;
@@ -239,25 +239,25 @@
/* can a new run be started? */
if (c_nblock_used == s_save_nblockPP) {
c_state_out_len = 0; goto return_notr;
- };
+ };
c_state_out_ch = c_k0;
BZ_GET_FAST_C(k1); c_nblock_used++;
- if (k1 != c_k0) {
- c_k0 = k1; goto s_state_out_len_eq_one;
+ if (k1 != c_k0) {
+ c_k0 = k1; goto s_state_out_len_eq_one;
};
- if (c_nblock_used == s_save_nblockPP)
+ if (c_nblock_used == s_save_nblockPP)
goto s_state_out_len_eq_one;
-
+
c_state_out_len = 2;
BZ_GET_FAST_C(k1); c_nblock_used++;
if (c_nblock_used == s_save_nblockPP) continue;
if (k1 != c_k0) { c_k0 = k1; continue; };
-
+
c_state_out_len = 3;
BZ_GET_FAST_C(k1); c_nblock_used++;
if (c_nblock_used == s_save_nblockPP) continue;
if (k1 != c_k0) { c_k0 = k1; continue; };
-
+
BZ_GET_FAST_C(k1); c_nblock_used++;
c_state_out_len = ((Int32)k1) + 4;
BZ_GET_FAST_C(c_k0); c_nblock_used++;
@@ -309,33 +309,33 @@
/* s->strm->total_out_lo32++; */
/* if (s->strm->total_out_lo32 == 0) s->strm->total_out_hi32++; */
/* } */
-
+
/* /\* can a new run be started? *\/ */
/* if (s->nblock_used == s->save_nblock+1) return False; */
/* /\* Only caused by corrupt data stream? *\/ */
/* if (s->nblock_used > s->save_nblock+1) */
/* return True; */
-
+
/* s->state_out_len = 1; */
/* s->state_out_ch = s->k0; */
/* BZ_GET_SMALL(k1); BZ_RAND_UPD_MASK; */
/* k1 ^= BZ_RAND_MASK; s->nblock_used++; */
/* if (s->nblock_used == s->save_nblock+1) continue; */
/* if (k1 != s->k0) { s->k0 = k1; continue; }; */
-
+
/* s->state_out_len = 2; */
/* BZ_GET_SMALL(k1); BZ_RAND_UPD_MASK; */
/* k1 ^= BZ_RAND_MASK; s->nblock_used++; */
/* if (s->nblock_used == s->save_nblock+1) continue; */
/* if (k1 != s->k0) { s->k0 = k1; continue; }; */
-
+
/* s->state_out_len = 3; */
/* BZ_GET_SMALL(k1); BZ_RAND_UPD_MASK; */
/* k1 ^= BZ_RAND_MASK; s->nblock_used++; */
/* if (s->nblock_used == s->save_nblock+1) continue; */
/* if (k1 != s->k0) { s->k0 = k1; continue; }; */
-
+
/* BZ_GET_SMALL(k1); BZ_RAND_UPD_MASK; */
/* k1 ^= BZ_RAND_MASK; s->nblock_used++; */
/* s->state_out_len = ((Int32)k1) + 4; */
@@ -358,30 +358,30 @@
s->strm->total_out_lo32++;
if (s->strm->total_out_lo32 == 0) s->strm->total_out_hi32++;
}
-
+
/* can a new run be started? */
if (s->nblock_used == s->save_nblock+1) return False;
/* Only caused by corrupt data stream? */
if (s->nblock_used > s->save_nblock+1)
return True;
-
+
s->state_out_len = 1;
s->state_out_ch = s->k0;
BZ_GET_SMALL(k1); s->nblock_used++;
if (s->nblock_used == s->save_nblock+1) continue;
if (k1 != s->k0) { s->k0 = k1; continue; };
-
+
s->state_out_len = 2;
BZ_GET_SMALL(k1); s->nblock_used++;
if (s->nblock_used == s->save_nblock+1) continue;
if (k1 != s->k0) { s->k0 = k1; continue; };
-
+
s->state_out_len = 3;
BZ_GET_SMALL(k1); s->nblock_used++;
if (s->nblock_used == s->save_nblock+1) continue;
if (k1 != s->k0) { s->k0 = k1; continue; };
-
+
BZ_GET_SMALL(k1); s->nblock_used++;
s->state_out_len = ((Int32)k1) + 4;
BZ_GET_SMALL(s->k0); s->nblock_used++;
@@ -448,7 +448,7 @@
Int32 N;
Int32 curr;
Int32 zt;
- Int32 zn;
+ Int32 zn;
Int32 zvec;
Int32 zj;
Int32 gSel;
@@ -502,7 +502,7 @@
N = s->save_N;
curr = s->save_curr;
zt = s->save_zt;
- zn = s->save_zn;
+ zn = s->save_zn;
zvec = s->save_zvec;
zj = s->save_zj;
gSel = s->save_gSel;
@@ -526,7 +526,7 @@
if (uc != BZ_HDR_h) RETURN(BZ_DATA_ERROR_MAGIC);
GET_BITS(BZ_X_MAGIC_4, s->blockSize100k, 8)
- if (s->blockSize100k < (BZ_HDR_0 + 1) ||
+ if (s->blockSize100k < (BZ_HDR_0 + 1) ||
s->blockSize100k > (BZ_HDR_0 + 9)) RETURN(BZ_DATA_ERROR_MAGIC);
s->blockSize100k -= BZ_HDR_0;
*/
@@ -537,8 +537,8 @@
if (s->smallDecompress) {
s->ll16 = BZALLOC( s->blockSize100k * 100000 * sizeof(UInt16) );
- s->ll4 = BZALLOC(
- ((1 + s->blockSize100k * 100000) >> 1) * sizeof(UChar)
+ s->ll4 = BZALLOC(
+ ((1 + s->blockSize100k * 100000) >> 1) * sizeof(UChar)
);
if (s->ll16 == NULL || s->ll4 == NULL) RETURN(BZ_MEM_ERROR);
} else {
@@ -566,7 +566,7 @@
s->currBlockNo++;
if (s->verbosity >= 2)
VPrintf1 ( "\n [%d: huff+mtf ", s->currBlockNo );
-
+
s->storedBlockCRC = 0;
GET_UCHAR(BZ_X_BCRC_1, uc);
s->storedBlockCRC = (s->storedBlockCRC << 8) | ((UInt32)uc);
@@ -591,14 +591,14 @@
if (s->origPtr < 0)
RETURN(BZ_DATA_ERROR);
- if (s->origPtr > 10 + 100000*s->blockSize100k)
+ if (s->origPtr > 10 + 100000*s->blockSize100k)
RETURN(BZ_DATA_ERROR);
/*--- Receive the mapping table ---*/
for (i = 0; i < 16; i++) {
GET_BIT(BZ_X_MAPPING_1, uc);
- if (uc == 1)
- s->inUse16[i] = True; else
+ if (uc == 1)
+ s->inUse16[i] = True; else
s->inUse16[i] = False;
}
@@ -618,7 +618,7 @@
GET_BITS(BZ_X_SELECTOR_1, nGroups, 3);
if (nGroups < 2 || nGroups > 6) RETURN(BZ_DATA_ERROR);
GET_BITS(BZ_X_SELECTOR_2, nSelectors, 15);
- if (nSelectors < 1) RETURN(BZ_DATA_ERROR);
+ if (nSelectors < 1 || nSelectors > BZ_MAX_SELECTORS) RETURN(BZ_DATA_ERROR);
for (i = 0; i < nSelectors; i++) {
j = 0;
while (True) {
@@ -634,7 +634,7 @@
{
UChar pos[BZ_N_GROUPS], tmp, v;
for (v = 0; v < nGroups; v++) pos[v] = v;
-
+
for (i = 0; i < nSelectors; i++) {
v = s->selectorMtf[i];
tmp = pos[v];
@@ -667,10 +667,10 @@
if (s->len[t][i] > maxLen) maxLen = s->len[t][i];
if (s->len[t][i] < minLen) minLen = s->len[t][i];
}
- CreateDecodeTables (
- &(s->limit[t][0]),
- &(s->base[t][0]),
- &(s->perm[t][0]),
+ CreateDecodeTables (
+ &(s->limit[t][0]),
+ &(s->base[t][0]),
+ &(s->perm[t][0]),
&(s->len[t][0]),
minLen, maxLen, alphaSize
);
@@ -769,23 +769,23 @@
s->mtfa[(z)-3] = s->mtfa[(z)-4];
nn -= 4;
}
- while (nn > 0) {
- s->mtfa[(pp+nn)] = s->mtfa[(pp+nn)-1]; nn--;
+ while (nn > 0) {
+ s->mtfa[(pp+nn)] = s->mtfa[(pp+nn)-1]; nn--;
};
s->mtfa[pp] = uc;
- } else {
+ } else {
/* general case */
lno = nn / MTFL_SIZE;
off = nn % MTFL_SIZE;
pp = s->mtfbase[lno] + off;
uc = s->mtfa[pp];
- while (pp > s->mtfbase[lno]) {
- s->mtfa[pp] = s->mtfa[pp-1]; pp--;
+ while (pp > s->mtfbase[lno]) {
+ s->mtfa[pp] = s->mtfa[pp-1]; pp--;
};
s->mtfbase[lno]++;
while (lno > 0) {
s->mtfbase[lno]--;
- s->mtfa[s->mtfbase[lno]]
+ s->mtfa[s->mtfbase[lno]]
= s->mtfa[s->mtfbase[lno-1] + MTFL_SIZE - 1];
lno--;
}
@@ -880,7 +880,7 @@
if (s->blockRandomised) {
BZ_RAND_INIT_MASK;
BZ_GET_SMALL(s->k0); s->nblock_used++;
- BZ_RAND_UPD_MASK; s->k0 ^= BZ_RAND_MASK;
+ BZ_RAND_UPD_MASK; s->k0 ^= BZ_RAND_MASK;
} else */{
BZ_GET_SMALL(s->k0); s->nblock_used++;
}
@@ -900,7 +900,7 @@
if (s->blockRandomised) {
BZ_RAND_INIT_MASK;
BZ_GET_FAST(s->k0); s->nblock_used++;
- BZ_RAND_UPD_MASK; s->k0 ^= BZ_RAND_MASK;
+ BZ_RAND_UPD_MASK; s->k0 ^= BZ_RAND_MASK;
} else */{
BZ_GET_FAST(s->k0); s->nblock_used++;
}
@@ -971,7 +971,7 @@
s->save_gBase = gBase;
s->save_gPerm = gPerm;
- return retVal;
+ return retVal;
}
@@ -1003,8 +1003,8 @@
}
/*---------------------------------------------------*/
-int BZ_API(nsis_BZ2_bzDecompressInit)
- ( nsis_bzstream* strm,
+int BZ_API(nsis_BZ2_bzDecompressInit)
+ ( nsis_bzstream* strm,
int verbosity,
int small )
{
@@ -1081,7 +1081,7 @@
if (r == BZ_STREAM_END) {
/* aCaB
if (s->verbosity >= 3)
- VPrintf2 ( "\n combined CRCs: stored = 0x%08x, computed = 0x%08x",
+ VPrintf2 ( "\n combined CRCs: stored = 0x%08x, computed = 0x%08x",
s->storedCombinedCRC, s->calculatedCombinedCRC );
if (s->calculatedCombinedCRC != s->storedCombinedCRC)
return BZ_DATA_ERROR;
diff -Nru clamav-0.101.2+dfsg/libclamav/others.c clamav-0.101.4+dfsg/libclamav/others.c
--- clamav-0.101.2+dfsg/libclamav/others.c 2019-03-13 22:13:01.000000000 +0100
+++ clamav-0.101.4+dfsg/libclamav/others.c 2019-08-20 18:08:49.000000000 +0200
@@ -262,7 +262,7 @@
case CL_EMEM:
return "Can't allocate memory";
case CL_ETIMEOUT:
- return "Time limit reached";
+ return "CL_ETIMEOUT: Time limit reached";
/* internal (needed for debug messages) */
case CL_EMAXREC:
return "CL_EMAXREC";
@@ -324,6 +324,7 @@
}
/* Setup default limits */
+ new->maxscantime = CLI_DEFAULT_MAXSCANTIME;
new->maxscansize = CLI_DEFAULT_MAXSCANSIZE;
new->maxfilesize = CLI_DEFAULT_MAXFILESIZE;
new->maxreclevel = CLI_DEFAULT_MAXRECLEVEL;
@@ -616,9 +617,9 @@
case CL_ENGINE_MAX_RECHWP3:
engine->maxrechwp3 = (uint32_t)num;
break;
- case CL_ENGINE_TIME_LIMIT:
- engine->time_limit = (uint32_t)num;
- break;
+ case CL_ENGINE_MAX_SCANTIME:
+ engine->maxscantime = (uint32_t)num;
+ break;
case CL_ENGINE_PCRE_MATCH_LIMIT:
engine->pcre_match_limit = (uint64_t)num;
break;
@@ -717,8 +718,8 @@
return engine->maxiconspe;
case CL_ENGINE_MAX_RECHWP3:
return engine->maxrechwp3;
- case CL_ENGINE_TIME_LIMIT:
- return engine->time_limit;
+ case CL_ENGINE_MAX_SCANTIME:
+ return engine->maxscantime;
case CL_ENGINE_PCRE_MATCH_LIMIT:
return engine->pcre_match_limit;
case CL_ENGINE_PCRE_RECMATCH_LIMIT:
@@ -798,6 +799,7 @@
settings->ac_maxdepth = engine->ac_maxdepth;
settings->tmpdir = engine->tmpdir ? strdup(engine->tmpdir) : NULL;
settings->keeptmp = engine->keeptmp;
+ settings->maxscantime = engine->maxscantime;
settings->maxscansize = engine->maxscansize;
settings->maxfilesize = engine->maxfilesize;
settings->maxreclevel = engine->maxreclevel;
@@ -852,6 +854,7 @@
engine->ac_mindepth = settings->ac_mindepth;
engine->ac_maxdepth = settings->ac_maxdepth;
engine->keeptmp = settings->keeptmp;
+ engine->maxscantime = settings->maxscantime;
engine->maxscansize = settings->maxscansize;
engine->maxfilesize = settings->maxfilesize;
engine->maxreclevel = settings->maxreclevel;
@@ -940,8 +943,9 @@
}
}
-int cli_checklimits(const char *who, cli_ctx *ctx, unsigned long need1, unsigned long need2, unsigned long need3) {
- int ret = CL_SUCCESS;
+cl_error_t cli_checklimits(const char *who, cli_ctx *ctx, unsigned long need1, unsigned long need2, unsigned long need3)
+{
+ cl_error_t ret = CL_SUCCESS;
unsigned long needed;
/* if called without limits, go on, unpack, scan */
@@ -950,6 +954,9 @@
needed = (need1>need2)?need1:need2;
needed = (needed>need3)?needed:need3;
+ /* Enforce timelimit */
+ ret = cli_checktimelimit(ctx);
+
/* if we have global scan limits */
if(needed && ctx->engine->maxscansize) {
/* if the remaining scansize is too small... */
@@ -978,8 +985,9 @@
return ret;
}
-int cli_updatelimits(cli_ctx *ctx, unsigned long needed) {
- int ret=cli_checklimits("cli_updatelimits", ctx, needed, 0, 0);
+cl_error_t cli_updatelimits(cli_ctx *ctx, unsigned long needed)
+{
+ cl_error_t ret = cli_checklimits("cli_updatelimits", ctx, needed, 0, 0);
if (ret != CL_CLEAN) return ret;
ctx->scannedfiles++;
@@ -989,18 +997,33 @@
return CL_CLEAN;
}
-int cli_checktimelimit(cli_ctx *ctx)
+/**
+ * @brief Check if we've exceeded the time limit.
+ * If ctx is NULL, there can be no timelimit so just return success.
+ *
+ * @param ctx The scanning context.
+ * @return cl_error_t CL_SUCCESS if has not exceeded, CL_ETIMEOUT if has exceeded.
+ */
+cl_error_t cli_checktimelimit(cli_ctx *ctx)
{
+ cl_error_t ret = CL_SUCCESS;
+
+ if (NULL == ctx) {
+ goto done;
+ }
+
if (ctx->time_limit.tv_sec != 0) {
struct timeval now;
if (gettimeofday(&now, NULL) == 0) {
- if (now.tv_sec < ctx->time_limit.tv_sec)
- return CL_SUCCESS;
- if (now.tv_sec > ctx->time_limit.tv_sec || now.tv_usec > ctx->time_limit.tv_usec)
- return CL_ETIMEOUT;
+ if (now.tv_sec > ctx->time_limit.tv_sec)
+ ret = CL_ETIMEOUT;
+ else if (now.tv_sec == ctx->time_limit.tv_sec && now.tv_usec > ctx->time_limit.tv_usec)
+ ret = CL_ETIMEOUT;
}
}
- return CL_SUCCESS;
+
+done:
+ return ret;
}
/*
@@ -1078,7 +1101,7 @@
{
if (unlink(pathname) == -1) {
#ifdef _WIN32
- /* Windows may fail to unlink a file if it is marked read-only,
+ /* Windows may fail to unlink a file if it is marked read-only,
* even if the user has permissions to delete the file. */
if (-1 == _chmod(pathname, _S_IWRITE)) {
char err[128];
@@ -1105,7 +1128,7 @@
ctx->engine->cb_virus_found(fmap_fd(*ctx->fmap), (const char *)*ctx->virname, ctx->cb_ctx);
}
-int cli_append_possibly_unwanted(cli_ctx * ctx, const char * virname)
+cl_error_t cli_append_possibly_unwanted(cli_ctx *ctx, const char *virname)
{
if (SCAN_ALLMATCHES)
return cli_append_virus(ctx, virname);
@@ -1128,7 +1151,7 @@
if (!SCAN_ALLMATCHES && ctx->num_viruses != 0)
if (SCAN_HEURISTIC_PRECEDENCE)
return CL_CLEAN;
- if (ctx->limit_exceeded == 0 || SCAN_ALLMATCHES) {
+ if (ctx->limit_exceeded == 0 || SCAN_ALLMATCHES) {
ctx->num_viruses++;
*ctx->virname = virname;
cli_virus_found_cb(ctx);
@@ -1225,7 +1248,7 @@
cli_rmdirs(const char *name)
{
int rc;
- STATBUF statb;
+ STATBUF statb;
DIR *dd;
struct dirent *dent;
#if defined(HAVE_READDIR_R_3) || defined(HAVE_READDIR_R_2)
@@ -1288,7 +1311,7 @@
return -1;
}
- return rc;
+ return rc;
}
#else
int cli_rmdirs(const char *dirname)
@@ -1367,7 +1390,7 @@
rewinddir(dd);
}
- } else {
+ } else {
return -1;
}
@@ -1397,7 +1420,7 @@
bitset_t *cli_bitset_init(void)
{
bitset_t *bs;
-
+
bs = cli_malloc(sizeof(bitset_t));
if (!bs) {
cli_errmsg("cli_bitset_init: Unable to allocate memory for bs %llu\n", (long long unsigned)sizeof(bitset_t));
@@ -1428,7 +1451,7 @@
{
unsigned long new_length;
unsigned char *new_bitset;
-
+
new_length = nearest_power(min_size);
new_bitset = (unsigned char *) cli_realloc(bs->bitset, new_length);
if (!new_bitset) {
@@ -1443,7 +1466,7 @@
int cli_bitset_set(bitset_t *bs, unsigned long bit_offset)
{
unsigned long char_offset;
-
+
char_offset = bit_offset / BITS_PER_CHAR;
bit_offset = bit_offset % BITS_PER_CHAR;
@@ -1460,11 +1483,11 @@
int cli_bitset_test(bitset_t *bs, unsigned long bit_offset)
{
unsigned long char_offset;
-
+
char_offset = bit_offset / BITS_PER_CHAR;
bit_offset = bit_offset % BITS_PER_CHAR;
- if (char_offset >= bs->length) {
+ if (char_offset >= bs->length) {
return FALSE;
}
return (bs->bitset[char_offset] & ((unsigned char)1 << bit_offset));
diff -Nru clamav-0.101.2+dfsg/libclamav/others.h clamav-0.101.4+dfsg/libclamav/others.h
--- clamav-0.101.2+dfsg/libclamav/others.h 2019-03-13 22:13:01.000000000 +0100
+++ clamav-0.101.4+dfsg/libclamav/others.h 2019-08-20 18:08:49.000000000 +0200
@@ -71,7 +71,7 @@
* in re-enabling affected modules.
*/
-#define CL_FLEVEL 102
+#define CL_FLEVEL 105
#define CL_FLEVEL_DCONF CL_FLEVEL
#define CL_FLEVEL_SIGTOOL CL_FLEVEL
@@ -286,6 +286,7 @@
uint64_t engine_options;
/* Limits */
+ uint32_t maxscantime; /* Time limit (in milliseconds) */
uint64_t maxscansize; /* during the scanning of archives this size
* will never be exceeded
*/
@@ -405,9 +406,6 @@
uint32_t maxiconspe; /* max number of icons to scan for PE */
uint32_t maxrechwp3; /* max recursive calls for HWP3 parsing */
- /* millisecond time limit for preclassification scanning */
- uint32_t time_limit;
-
/* PCRE matching limitations */
uint64_t pcre_match_limit;
uint64_t pcre_recmatch_limit;
@@ -429,6 +427,7 @@
uint32_t ac_maxdepth;
char *tmpdir;
uint32_t keeptmp;
+ uint32_t maxscantime;
uint64_t maxscansize;
uint64_t maxfilesize;
uint32_t maxreclevel;
@@ -811,21 +810,20 @@
unsigned int cli_rndnum(unsigned int max);
int cli_filecopy(const char *src, const char *dest);
-int cli_mapscan(fmap_t *map, off_t offset, size_t size, cli_ctx *ctx, cli_file_t type);
bitset_t *cli_bitset_init(void);
void cli_bitset_free(bitset_t *bs);
int cli_bitset_set(bitset_t *bs, unsigned long bit_offset);
int cli_bitset_test(bitset_t *bs, unsigned long bit_offset);
const char* cli_ctime(const time_t *timep, char *buf, const size_t bufsize);
void cli_check_blockmax(cli_ctx *, int);
-int cli_checklimits(const char *, cli_ctx *, unsigned long, unsigned long, unsigned long);
-int cli_updatelimits(cli_ctx *, unsigned long);
+cl_error_t cli_checklimits(const char *, cli_ctx *, unsigned long, unsigned long, unsigned long);
+cl_error_t cli_updatelimits(cli_ctx *, unsigned long);
unsigned long cli_getsizelimit(cli_ctx *, unsigned long);
int cli_matchregex(const char *str, const char *regex);
void cli_qsort(void *a, size_t n, size_t es, int (*cmp)(const void *, const void *));
void cli_qsort_r(void *a, size_t n, size_t es, int (*cmp)(const void*, const void *, const void *), void *arg);
-int cli_checktimelimit(cli_ctx *ctx);
-int cli_append_possibly_unwanted(cli_ctx * ctx, const char * virname);
+cl_error_t cli_checktimelimit(cli_ctx *ctx);
+cl_error_t cli_append_possibly_unwanted(cli_ctx *ctx, const char *virname);
/* symlink behaviour */
#define CLI_FTW_FOLLOW_FILE_SYMLINK 0x01
diff -Nru clamav-0.101.2+dfsg/libclamav/scanners.c clamav-0.101.4+dfsg/libclamav/scanners.c
--- clamav-0.101.2+dfsg/libclamav/scanners.c 2019-03-13 22:13:01.000000000 +0100
+++ clamav-0.101.4+dfsg/libclamav/scanners.c 2019-08-20 18:08:49.000000000 +0200
@@ -3743,7 +3743,6 @@
case CL_ETMPFILE:
case CL_ETMPDIR:
case CL_EMEM:
- case CL_ETIMEOUT:
cli_dbgmsg("Descriptor[%d]: cli_scanraw error %s\n", fmap_fd(*ctx->fmap), cl_strerror(res));
cli_bitset_free(ctx->hook_lsig_matches);
ctx->hook_lsig_matches = old_hook_lsig_matches;
@@ -3756,7 +3755,15 @@
cli_bitset_free(ctx->hook_lsig_matches);
ctx->hook_lsig_matches = old_hook_lsig_matches;
return magic_scandesc_cleanup(ctx, type, hash, hashed_size, cache_clean, ret, parent_property);
- /* "MAX" conditions should still fully scan the current file */
+ /* The CL_ETIMEOUT "MAX" condition should set exceeds max flag and exit out quietly. */
+ case CL_ETIMEOUT:
+ cli_check_blockmax(ctx, ret);
+ cli_bitset_free(ctx->hook_lsig_matches);
+ ctx->hook_lsig_matches = old_hook_lsig_matches;
+ cli_dbgmsg("Descriptor[%d]: Stopping after cli_scanraw reached %s\n",
+ fmap_fd(*ctx->fmap), cl_strerror(res));
+ return magic_scandesc_cleanup(ctx, type, hash, hashed_size, cache_clean, CL_CLEAN, parent_property);
+ /* All other "MAX" conditions should still fully scan the current file */
case CL_EMAXREC:
case CL_EMAXSIZE:
case CL_EMAXFILES:
@@ -3820,14 +3827,16 @@
switch (ret)
{
- /* Malformed file cases */
- case CL_EFORMAT:
- case CL_EREAD:
- case CL_EUNPACK:
/* Limits exceeded */
+ case CL_ETIMEOUT:
case CL_EMAXREC:
case CL_EMAXSIZE:
case CL_EMAXFILES:
+ cli_check_blockmax(ctx, ret);
+ /* Malformed file cases */
+ case CL_EFORMAT:
+ case CL_EREAD:
+ case CL_EUNPACK:
cli_dbgmsg("Descriptor[%d]: %s\n", fmap_fd(*ctx->fmap), cl_strerror(ret));
#if HAVE_JSON
ctx->wrkproperty = parent_property;
@@ -3868,7 +3877,7 @@
status = CL_ESTAT;
cli_dbgmsg("cli_magic_scandesc: returning %d %s (no post, no cache)\n", status, __AT__);
- goto done;
+ goto done;
}
if (sb.st_size <= 5)
{
@@ -3876,7 +3885,7 @@
status = CL_CLEAN;
cli_dbgmsg("cli_magic_scandesc: returning %d %s (no post, no cache)\n", status, __AT__);
- goto done;
+ goto done;
}
ctx->fmap++;
@@ -3889,7 +3898,7 @@
status = CL_EMEM;
cli_dbgmsg("cli_magic_scandesc: returning %d %s (no post, no cache)\n", status, __AT__);
- goto done;
+ goto done;
}
perf_stop(ctx, PERFT_MAP);
@@ -4144,12 +4153,12 @@
}
perf_init(&ctx);
- if (ctx.options->general & CL_SCAN_GENERAL_COLLECT_METADATA && ctx.engine->time_limit != 0)
+ if (ctx.engine->maxscantime != 0)
{
if (gettimeofday(&ctx.time_limit, NULL) == 0)
{
- uint32_t secs = ctx.engine->time_limit / 1000;
- uint32_t usecs = (ctx.engine->time_limit % 1000) * 1000;
+ uint32_t secs = ctx.engine->maxscantime / 1000;
+ uint32_t usecs = (ctx.engine->maxscantime % 1000) * 1000;
ctx.time_limit.tv_sec += secs;
ctx.time_limit.tv_usec += usecs;
if (ctx.time_limit.tv_usec >= 1000000)
@@ -4161,7 +4170,7 @@
else
{
char buf[64];
- cli_dbgmsg("scan_common; gettimeofday error: %s\n", cli_strerror(errno, buf, 64));
+ cli_dbgmsg("scan_common: gettimeofday error: %s\n", cli_strerror(errno, buf, 64));
}
}
diff -Nru clamav-0.101.2+dfsg/libclamav/unzip.c clamav-0.101.4+dfsg/libclamav/unzip.c
--- clamav-0.101.2+dfsg/libclamav/unzip.c 2019-03-13 22:13:01.000000000 +0100
+++ clamav-0.101.4+dfsg/libclamav/unzip.c 2019-08-20 18:08:49.000000000 +0200
@@ -54,6 +54,8 @@
#define UNZIP_PRIVATE
#include "unzip.h"
+#define ZIP_MAX_NUM_OVERLAPPING_FILES 5
+
#define ZIP_CRC32(r,c,b,l) \
do { \
r = crc32(~c,b,l); \
@@ -493,14 +495,14 @@
if (pass_zip)
pass_zip = pass_zip->next;
else
- pass_any = pass_any->next;
+ pass_any = pass_any->next;
}
cli_dbgmsg("cli_unzip: decrypt - skipping encrypted file, no valid passwords\n");
return CL_SUCCESS;
}
-static unsigned int lhdr(fmap_t *map, uint32_t loff,uint32_t zsize, unsigned int *fu, unsigned int fc, const uint8_t *ch, int *ret, cli_ctx *ctx, char *tmpd, int detect_encrypted, zip_cb zcb) {
+static unsigned int lhdr(fmap_t *map, uint32_t loff,uint32_t zsize, unsigned int *fu, unsigned int fc, const uint8_t *ch, int *ret, cli_ctx *ctx, char *tmpd, int detect_encrypted, zip_cb zcb, uint32_t *file_local_header_size, uint32_t* file_local_data_size) {
const uint8_t *lh, *zip;
char name[256];
uint32_t csize, usize;
@@ -563,7 +565,7 @@
}
virus_found = 1;
}
-
+
if(LH_flags & F_USEDD) {
cli_dbgmsg("cli_unzip: lh - has data desc\n");
if(!ch) {
@@ -581,6 +583,11 @@
zip+=LH_elen;
zsize-=LH_elen;
+ if (NULL != file_local_header_size)
+ *file_local_header_size = zip - lh;
+ if (NULL != file_local_data_size)
+ *file_local_data_size = csize;
+
if (!csize) { /* FIXME: what's used for method0 files? csize or usize? Nothing in the specs, needs testing */
cli_dbgmsg("cli_unzip: lh - skipping empty file\n");
} else {
@@ -589,6 +596,7 @@
fmap_unneed_off(map, loff, SIZEOF_LH);
return 0;
}
+
if(LH_flags & F_ENCR) {
if(fmap_need_ptr_once(map, zip, csize))
*ret = zdecrypt(zip, csize, usize, lh, fu, ctx, tmpd, zcb);
@@ -624,12 +632,19 @@
return zip-lh;
}
-static unsigned int chdr(fmap_t *map, uint32_t coff, uint32_t zsize, unsigned int *fu, unsigned int fc, int *ret, cli_ctx *ctx, char *tmpd, struct zip_requests *requests) {
+static unsigned int chdr(fmap_t *map, uint32_t coff, uint32_t zsize, unsigned int *fu, unsigned int fc, int *ret, cli_ctx *ctx, char *tmpd, struct zip_requests *requests, uint32_t *file_local_offset, uint32_t *file_local_header_size, uint32_t *file_local_data_size) {
char name[256];
int last = 0;
const uint8_t *ch;
int virus_found = 0;
+ if (NULL != file_local_offset)
+ *file_local_offset = 0;
+ if (NULL != file_local_header_size)
+ *file_local_header_size = 0;
+ if (NULL != file_local_data_size)
+ *file_local_data_size = 0;
+
if(!(ch = fmap_need_off(map, coff, SIZEOF_CH)) || CH_magic != 0x02014b50) {
if(ch) fmap_unneed_ptr(map, ch, SIZEOF_CH);
cli_dbgmsg("cli_unzip: ch - wrkcomplete\n");
@@ -674,7 +689,9 @@
if (!requests) {
if(CH_off<zsize-SIZEOF_LH) {
- lhdr(map, CH_off, zsize-CH_off, fu, fc, ch, ret, ctx, tmpd, 1, zip_scan_cb);
+ if (NULL != file_local_offset)
+ *file_local_offset = CH_off;
+ lhdr(map, CH_off, zsize-CH_off, fu, fc, ch, ret, ctx, tmpd, 1, zip_scan_cb, file_local_header_size, file_local_data_size);
} else cli_dbgmsg("cli_unzip: ch - local hdr out of file\n");
}
else {
@@ -685,7 +702,7 @@
for (i = 0; i < requests->namecnt; ++i) {
cli_dbgmsg("checking for %i: %s\n", i, requests->names[i]);
- len = MIN(sizeof(name)-1, requests->namelens[i]);
+ len = MIN(sizeof(name)-1, requests->namelens[i]);
if (!strncmp(requests->names[i], name, len)) {
requests->match = 1;
requests->found = i;
@@ -712,6 +729,13 @@
#if HAVE_JSON
int toval = 0;
#endif
+ int bZipBombDetected = 0;
+ uint32_t cur_file_local_offset = 0;
+ uint32_t cur_file_local_header_size = 0;
+ uint32_t cur_file_local_data_size = 0;
+ uint32_t prev_file_local_offset = 0;
+ uint32_t prev_file_local_header_size = 0;
+ uint32_t prev_file_local_data_size = 0;
cli_dbgmsg("in cli_unzip\n");
fsize = (uint32_t)map->len;
@@ -744,20 +768,53 @@
}
if(coff) {
+ uint32_t nOverlappingFiles = 0;
+
cli_dbgmsg("cli_unzip: central @%x\n", coff);
- while((coff=chdr(map, coff, fsize, &fu, fc+1, &ret, ctx, tmpd, NULL))) {
+ while((coff=chdr(map, coff, fsize, &fu, fc+1, &ret, ctx, tmpd, NULL, &cur_file_local_offset, &cur_file_local_header_size, &cur_file_local_data_size))) {
fc++;
if (ctx->engine->maxfiles && fu>=ctx->engine->maxfiles) {
cli_dbgmsg("cli_unzip: Files limit reached (max: %u)\n", ctx->engine->maxfiles);
ret=CL_EMAXFILES;
}
+
+ if (cli_checktimelimit(ctx) != CL_SUCCESS) {
+ cli_dbgmsg("cli_unzip: Time limit reached (max: %u)\n", ctx->engine->maxscantime);
+ ret = CL_ETIMEOUT;
+ }
+ /*
+ * Detect overlapping files and zip bombs.
+ */
+ if ((((cur_file_local_offset > prev_file_local_offset) && (cur_file_local_offset < prev_file_local_offset + prev_file_local_header_size + prev_file_local_data_size)) ||
+ ((prev_file_local_offset > cur_file_local_offset) && (prev_file_local_offset < cur_file_local_offset + cur_file_local_header_size + cur_file_local_data_size))) &&
+ (cur_file_local_header_size + cur_file_local_data_size > 0)) {
+ /* Overlapping file detected */
+ nOverlappingFiles++;
+
+ cli_dbgmsg("cli_unzip: Overlapping files detected.\n");
+ cli_dbgmsg(" previous file end: %u\n", prev_file_local_offset + prev_file_local_header_size + prev_file_local_data_size);
+ cli_dbgmsg(" current file start: %u\n", cur_file_local_offset);
+ if (ZIP_MAX_NUM_OVERLAPPING_FILES < nOverlappingFiles) {
+ if (SCAN_HEURISTICS) {
+ ret = cli_append_virus(ctx, "Heuristics.Zip.OverlappingFiles");
+ virus_found = 1;
+ } else {
+ ret = CL_EFORMAT;
+ }
+ bZipBombDetected = 1;
+ }
+ }
+ prev_file_local_offset = cur_file_local_offset;
+ prev_file_local_header_size = cur_file_local_header_size;
+ prev_file_local_data_size = cur_file_local_data_size;
+
#if HAVE_JSON
if (cli_json_timeout_cycle_check(ctx, &toval) != CL_SUCCESS) {
ret=CL_ETIMEOUT;
}
#endif
if (ret != CL_CLEAN) {
- if (ret == CL_VIRUS && SCAN_ALLMATCHES) {
+ if (ret == CL_VIRUS && SCAN_ALLMATCHES && !bZipBombDetected) {
ret = CL_CLEAN;
virus_found = 1;
} else
@@ -769,7 +826,7 @@
ret = CL_VIRUS;
if(fu<=(fc/4)) { /* FIXME: make up a sane ratio or remove the whole logic */
fc = 0;
- while (ret==CL_CLEAN && lhoff<fsize && (coff=lhdr(map, lhoff, fsize-lhoff, &fu, fc+1, NULL, &ret, ctx, tmpd, 1, zip_scan_cb))) {
+ while (ret==CL_CLEAN && lhoff<fsize && (coff=lhdr(map, lhoff, fsize-lhoff, &fu, fc+1, NULL, &ret, ctx, tmpd, 1, zip_scan_cb, NULL, NULL))) {
fc++;
lhoff+=coff;
if (SCAN_ALLMATCHES && ret == CL_VIRUS) {
@@ -816,7 +873,7 @@
return CL_CLEAN;
}
- lhdr(map, lhoffl, fsize, &fu, 0, NULL, &ret, ctx, NULL, 0, zcb);
+ lhdr(map, lhoffl, fsize, &fu, 0, NULL, &ret, ctx, NULL, 0, zcb, NULL, NULL);
return ret;
}
@@ -886,7 +943,7 @@
if(coff) {
cli_dbgmsg("unzip_search: central @%x\n", coff);
- while(ret==CL_CLEAN && (coff=chdr(zmap, coff, fsize, NULL, fc+1, &ret, ctx, NULL, requests))) {
+ while(ret==CL_CLEAN && (coff=chdr(zmap, coff, fsize, NULL, fc+1, &ret, ctx, NULL, requests, NULL, NULL, NULL))) {
if (requests->match) {
ret=CL_VIRUS;
}
diff -Nru clamav-0.101.2+dfsg/libclamav/version.h clamav-0.101.4+dfsg/libclamav/version.h
--- clamav-0.101.2+dfsg/libclamav/version.h 2019-03-13 22:13:33.000000000 +0100
+++ clamav-0.101.4+dfsg/libclamav/version.h 2019-08-20 18:10:12.000000000 +0200
@@ -1 +0,0 @@
-#define REPO_VERSION "devel-clamav-0.101.1-30-g5e0e479ad"
diff -Nru clamav-0.101.2+dfsg/m4/reorganization/version.m4 clamav-0.101.4+dfsg/m4/reorganization/version.m4
--- clamav-0.101.2+dfsg/m4/reorganization/version.m4 2019-03-13 22:13:01.000000000 +0100
+++ clamav-0.101.4+dfsg/m4/reorganization/version.m4 2019-08-20 18:08:50.000000000 +0200
@@ -1,9 +1,9 @@
dnl change this on a release
dnl VERSION="devel-`date +%Y%m%d`"
-VERSION="0.101.2"
+VERSION="0.101.4"
LC_CURRENT=9
-LC_REVISION=2
+LC_REVISION=4
LC_AGE=0
LIBCLAMAV_VERSION="$LC_CURRENT":"$LC_REVISION":"$LC_AGE"
AC_SUBST([LIBCLAMAV_VERSION])
diff -Nru clamav-0.101.2+dfsg/NEWS.md clamav-0.101.4+dfsg/NEWS.md
--- clamav-0.101.2+dfsg/NEWS.md 2019-03-13 22:13:01.000000000 +0100
+++ clamav-0.101.4+dfsg/NEWS.md 2019-08-20 18:08:49.000000000 +0200
@@ -3,6 +3,59 @@
Note: This file refers to the source tarball. Things described here may differ
slightly from the binary packages.
+## 0.101.4
+
+ClamAV 0.101.4 is a security patch release that addresses the following issues.
+
+- An out of bounds write was possible within ClamAV's NSIS bzip2 library when
+ attempting decompression in cases where the number of selectors exceeded the
+ max limit set by the library (CVE-2019-12900). The issue has been resolved
+ by respecting that limit.
+
+ Thanks to Martin Simmons for reporting the issue [here](https://bugzilla.clamav.net/show_bug.cgi?id=12371)
+
+- The zip bomb vulnerability mitigated in 0.101.3 has been assigned the
+ CVE identifier CVE-2019-12625. Unfortunately, a workaround for the zip-bomb
+ mitigation was immediately identified. To remediate the zip-bomb scantime
+ issue, a scan time limit has been introduced in 0.101.4. This limit now
+ resolves ClamAV's vulnerability to CVE-2019-12625.
+
+ The default scan time limit is 2 minutes (120000 milliseconds).
+
+ To customize the time limit:
+
+ - use the `clamscan` `--max-scantime` option
+ - use the `clamd` `MaxScanTime` config option
+
+ Libclamav users may customize the time limit using the `cl_engine_set_num`
+ function. For example:
+
+ ```c
+ cl_engine_set_num(engine, CL_ENGINE_MAX_SCANTIME, time_limit_milliseconds)
+ ```
+
+ Thanks to David Fifield for reviewing the zip-bomb mitigation in 0.101.3
+ and reporting the issue.
+
+## 0.101.3
+
+ClamAV 0.101.3 is a patch release to address a vulnerability to non-recursive
+zip bombs.
+
+A Denial-of-Service (DoS) vulnerability may occur when scanning a zip bomb as a
+result of excessively long scan times. The issue is resolved by detecting the
+overlapping local file headers which characterize the non-recursive zip bomb
+described by David Fifield,
+[here](https://www.bamsoftware.com/hacks/zipbomb/).
+
+Thank you to Hanno Böck for reporting the issue as it relates to ClamAV,
+[here](https://bugzilla.clamav.net/show_bug.cgi?id=12356).
+
+Also included in 0.101.3:
+
+- Update of bundled the libmspack library from 0.8alpha to 0.10alpha, to
+ address a buffer overflow vulnerability in libmspack < 0.9.1α.
+
## 0.101.2
ClamAV 0.101.2 is a patch release to address a handful of security related bugs.
@@ -508,7 +561,7 @@
a handful of other important bugs, including patches to support g++ 6, C++11.
Thank you to the following ClamAV community members for your code
-submissions and bug reports!
+submissions and bug reports!
Alberto Garcia
Bernhard Vogel
@@ -550,7 +603,7 @@
- fix ups improving the reliability of several ClamAV file parsers.
- sigtool now decodes file type signatures (e.g., daily.ftm CVD file).
- now supporting libpcre2 in addition to libpcre.
-- systemd support for clamd and freshclam. Patch provided by
+- systemd support for clamd and freshclam. Patch provided by
Andreas Cadhalpun.
- fixed builds on Mac OS X 10.10 & 10.11.
- improved debug info for certificate metadata.
@@ -592,7 +645,7 @@
## 0.99
-ClamAV 0.99 contains major new features and changes. YARA rules,
+ClamAV 0.99 contains major new features and changes. YARA rules,
Perl Compatible Regular Expressions, revamped on-access scanning
for Linux, and other new features join the many great features of ClamAV:
@@ -603,10 +656,10 @@
for full details.
- New and improved on-access scanning for Linux. See the recent blog
post and clamdoc.pdf for details on the new on-access capabilities.
-- A new ClamAV API callback function that is invoked when a virus
- is found. This is intended primarily for applications running in
- all-match mode. Any applications using all-match mode must use
- the new callback function to record and report detected viruses.
+- A new ClamAV API callback function that is invoked when a virus
+ is found. This is intended primarily for applications running in
+ all-match mode. Any applications using all-match mode must use
+ the new callback function to record and report detected viruses.
- Configurable default password list to attempt zip file decryption.
- TIFF file support.
- Upgrade Windows pthread library to 2.9.1.
@@ -643,7 +696,7 @@
## 0.98.7
ClamAV 0.98.7 is here! This release contains new scanning features
-and bug fixes.
+and bug fixes.
- Improvements to PDF processing: decryption, escape sequence
handling, and file property collection.
@@ -663,7 +716,7 @@
CVE-2015-2668.
- Fix compilation error after ./configure --disable-pthreads.
Reported and fix suggested by John E. Krokes.
-- Apply upstream patch for possible heap overflow in Henry Spencer's
+- Apply upstream patch for possible heap overflow in Henry Spencer's
regex library. CVE-2015-2305.
- Fix crash in upx decoder with crafted file. Discovered and patch
supplied by Sebastian Andrzej Siewior. CVE-2015-2170.
@@ -704,7 +757,7 @@
- Compensate a crash due to incorrect compiler optimization when
handling crafted petite packer files. This issue was discovered
by Sebastian Andrzej Siewior.
-
+
Thanks to the following ClamAV community members for code submissions
and bug reporting included in ClamAV 0.98.6:
@@ -803,17 +856,17 @@
about OpenIOC.
- All ClamAV sockets (clamd, freshclam, clamav-milter, clamdscan, clamdtop)
now support IPV6 addresses and configuration parameters.
-- Use OpenSSL file hash functions for improved performance. OpenSSL
+- Use OpenSSL file hash functions for improved performance. OpenSSL
is now prerequisite software for ClamAV 0.98.2.
- Improved detection of malware scripts within image files. Issue reported
by Maarten Broekman.
- Change to circumvent possible denial of service when processing icons within
specially crafted PE files. Icon limits are now in place with corresponding
- clamd and clamscan configuration parameters. This issue was reported by
+ clamd and clamscan configuration parameters. This issue was reported by
Joxean Koret.
- Improvements to the fidelity of the ClamAV pattern matcher, an issue
reported by Christian Blichmann.
-- Opt-in collection of statistics. Statistics collected are: sizes and MD5
+- Opt-in collection of statistics. Statistics collected are: sizes and MD5
hashes of files, PE file section counts and section MD5 hashes, and names
and counts of detected viruses. Enable statistics collection with the
--enable-stats clamscan flag or StatsEnabled clamd configuration
@@ -822,7 +875,7 @@
assistance and suggestions by Sebastian Andrzej Siewior, Scott Kitterman,
and Dave Simonson.
- Patch by Arkadiusz Miskiewicz to improve error handling in freshclam.
-- ClamAV 0.98.2 also includes miscellaneous bug fixes and documentation
+- ClamAV 0.98.2 also includes miscellaneous bug fixes and documentation
improvements.
Thanks to the following ClamAV community members for sending patches or reporting
@@ -841,7 +894,7 @@
REGARDING OPENSSL
In addition, as a special exception, the copyright holders give
-permission to link the code of portions of this program with the
+permission to link the code of portions of this program with the
OpenSSL library under certain conditions as described in each
individual source file, and distribute linked combinations
including the two.
@@ -849,20 +902,20 @@
You must obey the GNU General Public License in all respects
for all of the code used other than OpenSSL. If you modify
file(s) with this exception, you may extend this exception to your
-version of the file(s), but you are not obligated to do so. If you
+version of the file(s), but you are not obligated to do so. If you
do not wish to do so, delete this exception statement from your
version. If you delete this exception statement from all source
files in the program, then also delete it here.
## 0.98.1
-ClamAV 0.98.1 provides improved support of Mac OS X platform, support for new file types, and
+ClamAV 0.98.1 provides improved support of Mac OS X platform, support for new file types, and
quality improvements. These include:
- Extraction, decompression, and scanning of files within Apple Disk Image (DMG) format.
- Extraction, decompression, and scanning of files within Extensible Archive (XAR) format.
- XAR format is commonly used for software packaging, such as PKG and RPM, as well as
+ XAR format is commonly used for software packaging, such as PKG and RPM, as well as
general archival.
- Decompression and scanning of files in "Xz" compression format.
@@ -877,7 +930,7 @@
performance cost. This should only be needed when callback functions are used
that need file access.
-- Various improvements to ClamAV configuration, support of third party libraries,
+- Various improvements to ClamAV configuration, support of third party libraries,
and unit tests.
## 0.98
@@ -915,8 +968,8 @@
- New callbacks added to the API: The libclamav API has additional hooks
for developers to use when wrapping ClamAV scanning. These function
- types are prefixed with "clcb_" and allow developers to add logic at
- certain steps of the scanning process without directly modifying the
+ types are prefixed with "clcb_" and allow developers to add logic at
+ certain steps of the scanning process without directly modifying the
library. For more details refer to the clamav.h file.
- More configurable limits: Several hardcoded values are now configurable
@@ -962,20 +1015,20 @@
## 0.97.5
-ClamAV 0.97.5 addresses possible evasion cases in some archive formats
-(CVE-2012-1457, CVE-2012-1458, CVE-2012-1459). It also addresses stability
-issues in portions of the bytecode engine. This release is recommended for
+ClamAV 0.97.5 addresses possible evasion cases in some archive formats
+(CVE-2012-1457, CVE-2012-1458, CVE-2012-1459). It also addresses stability
+issues in portions of the bytecode engine. This release is recommended for
all users.
## 0.97.4
-ClamAV 0.97.4 includes minor bugfixes, detection improvements and initial
-support for on-access scanning under Mac OS X (see contrib/ClamAuth).
+ClamAV 0.97.4 includes minor bugfixes, detection improvements and initial
+support for on-access scanning under Mac OS X (see contrib/ClamAuth).
This update is recommended for all users.
## 0.97.3
-ClamAV 0.97.3 is a minor bugfix release and is recommended for all
+ClamAV 0.97.3 is a minor bugfix release and is recommended for all
users. Please refer to the ChangeLog file for details.
## 0.97.2
@@ -996,9 +1049,9 @@
ClamAV 0.97 brings many improvements, including complete Windows support
(all major components compile out-of-box under Visual Studio), support for
-signatures based on SHA1 and SHA256, better error detection, as well as
-speed and memory optimizations. The complete list of changes is available
-in the ChangeLog file. For upgrade notes and tips please see:
+signatures based on SHA1 and SHA256, better error detection, as well as
+speed and memory optimizations. The complete list of changes is available
+in the ChangeLog file. For upgrade notes and tips please see:
https://wiki.clamav.net/Main/UpgradeNotes097
With Sourcefire, Inc. acquisition of Immunet Corp., ClamAV for Windows
@@ -1009,7 +1062,7 @@
and creation of custom signatures on any platform running Immunet 3.0,
powered by ClamAV. If you run Windows systems in your environment and
need an AV solution to protect them, give Immunet 3.0, powered by ClamAV
-a try; you can download it from https://www.clamav.net/download.html#otherversions
+a try; you can download it from https://www.clamav.net/download.html#otherversions
--
The ClamAV team (https://www.clamav.net/about.html#credits)
@@ -1401,7 +1454,7 @@
## 0.90.3
This release fixes some security bugs in libclamav and improves stability
-under Solaris. Please see ChangeLog for complete list of changes.
+under Solaris. Please see ChangeLog for complete list of changes.
If your system is suffering from long clamscan startup times, please
consider installing 0.91rc1 which is due to be released shortly
@@ -1455,9 +1508,9 @@
improvements in terms of detection rate and performances. If you find a bug,
please take some time to report it on our bugzilla: https://bugzilla.clamav.net.
Your help in testing the new code is really appreciated. The experimental code
-introduces many improvements in terms of detection rate and performances.
+introduces many improvements in terms of detection rate and performances.
-RAR3, SIS and SFX archives support is finally available together with
+RAR3, SIS and SFX archives support is finally available together with
new unpackers and decryptors: pespin, sue, yc, wwpack32, nspack, mew, upack
and others. Additionally, ClamAV now includes better mechanisms for scanning
ELF, PDF and tar files. The email decoding has been improved to reduce both
@@ -1466,10 +1519,10 @@
As part of the Google Summer of Code program, we have introduced support for
a new phishing signatures format that has proved very effective in detecting
phishing emails. The ClamAV phishing module allows better and more generic
-detection of phishing emails by searching for URLs in email messages, and
-comparing the real site with the URL displayed to the user in the message.
+detection of phishing emails by searching for URLs in email messages, and
+comparing the real site with the URL displayed to the user in the message.
-On the performance side, support for the MULTISCAN command has been
+On the performance side, support for the MULTISCAN command has been
implemented in clamd, allowing to scan multiple files simultaneously.
Support for Sensory Networks' NodalCore acceleration technology
(https://www.clamav.net/nodalcore/) is now available in ClamAV and will be
@@ -1568,7 +1621,7 @@
- mod_streamav - a ClamAV based antivirus filter for Apache 2
- pyClamd - a python interface to Clamd
-More information at https://www.clamav.net/download.html#tools
+More information at https://www.clamav.net/download.html#tools
--
The ClamAV team (https://www.clamav.net/about.html#credits)
@@ -1622,7 +1675,7 @@
Following the 0.88.1 release some portals and security related websites
published incorrect information on security problems of 0.88. To avoid
such incidents in the future, every new ClamAV package will be released
-together with detailed information about security bugs it fixes.
+together with detailed information about security bugs it fixes.
--
The ClamAV team (https://www.clamav.net/about.html#credits)
@@ -1892,7 +1945,7 @@
- simscan - an e-mail and spam filter for qmail
- smtpfilter - scan SMTP session for viruses
- snort-inline - scan your network traffic for viruses with ClamAV
- - SquidClamAV Redirector - a Squid helper script which adds virus scanning
+ - SquidClamAV Redirector - a Squid helper script which adds virus scanning
- WRAVLib - a library for a-v integration with Mono/.NET applications
--
@@ -2050,7 +2103,7 @@
SourceWear.com is selling some very nice t-shirts and polo shirts powered by
ClamAV. Wear them and virus writers will stay away from you :- A quarter out
of every dollar profited from the sale of these shirts will go to the ClamAV
-project. Visit http://www.sourcewear.com and click on ClamAV logo!
+project. Visit http://www.sourcewear.com and click on ClamAV logo!
--
The ClamAV team (https://www.clamav.net/about.html#credits)
@@ -2071,7 +2124,7 @@
we plan to drop support for ClamAV 0.60 on September 1st.
We encourage _all_ users to upgrade to the latest release available.
-People running an old version of ClamAV are missing many viruses and
+People running an old version of ClamAV are missing many viruses and
may experience stability problems.
On non-production systems you can try the latest development version.
@@ -2109,7 +2162,7 @@
## 0.73
This version fixes memory management problems in the OLE2 decoder and
-improves mail scanning.
+improves mail scanning.
Thank you for using ClamAV !
@@ -2132,7 +2185,7 @@
the noteworthy changes include:
- libclamav:
- - support nested OLE2 files
+ - support nested OLE2 files
- support Word6 macro code
- ignore popular file types (media, graphics)
- support compress.exe (SZDD) compression (test/test.msc)
@@ -2367,7 +2420,7 @@
New mirroring mechanisms. Luca Gibelli (ClamAV) and mirror administrators
(22 sites) are converting mirrors to new "push mirroring"
method. It uses advanced techniques to ensure all the mirrors are up to date.
-More info: https://www.clamav.net/documents/introduction
+More info: https://www.clamav.net/documents/introduction
We would like to thank our donors:
@@ -2540,7 +2593,7 @@
- various mbox code updates (fixed memory leak; added support for decoding
viruses sent in message bodies, detection of viruses that put their
payloads after the end of message marker (thanks to Stephen White
- <step...@earth.li> for the bug report and useful CGI tools);
+ <step...@earth.li> for the bug report and useful CGI tools);
- zziplib updated to 0.10.81 (some problems with older version were reported
by Martin Schitter)
@@ -2681,7 +2734,7 @@
## 0.52
This version contains a portability fixes - it should compile on OpenBSD,
-MacOSX and NetBSD (support for them was broken in 0.51).
+MacOSX and NetBSD (support for them was broken in 0.51).
- clamd: various fixes:
- drop supplementary groups (suggested by Enrico Scholz
@@ -2751,7 +2804,7 @@
- clamd: a modern anti-virus daemon. It uses configuration file clamav.conf
described in the clamav.conf(5) manual. The program was written with
- security as a goal.
+ security as a goal.
- clamuko: on-access scanning under Linux. It utilizes Dazuko kernel module
(GPL, http://dazuko.org) and is clamd-based.
diff -Nru clamav-0.101.2+dfsg/shared/optparser.c clamav-0.101.4+dfsg/shared/optparser.c
--- clamav-0.101.2+dfsg/shared/optparser.c 2019-03-13 22:13:01.000000000 +0100
+++ clamav-0.101.4+dfsg/shared/optparser.c 2019-08-20 18:08:50.000000000 +0200
@@ -288,13 +288,13 @@
/* Scan options */
{ "Bytecode", "bytecode", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "With this option enabled ClamAV will load bytecode from the database. It is highly recommended you keep this option on, otherwise you'll miss detections for many new viruses.", "yes" },
- { "BytecodeSecurity", NULL, 0, CLOPT_TYPE_STRING, "^(TrustSigned|Paranoid)$", -1, "TrustSigned", 0, OPT_CLAMD,
+ { "BytecodeSecurity", NULL, 0, CLOPT_TYPE_STRING, "^(TrustSigned|Paranoid)$", -1, "TrustSigned", 0, OPT_CLAMD,
"Set bytecode security level.\nPossible values:\n\tTrustSigned - trust bytecode loaded from signed .c[lv]d files,\n\t\t insert runtime safety checks for bytecode loaded from other sources\n\tParanoid - don't trust any bytecode, insert runtime checks for all\nRecommended: TrustSigned, because bytecode in .cvd files already has these checks.","TrustSigned"},
- { "BytecodeTimeout", "bytecode-timeout", 0, CLOPT_TYPE_NUMBER, MATCH_NUMBER, 5000, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN,
+ { "BytecodeTimeout", "bytecode-timeout", 0, CLOPT_TYPE_NUMBER, MATCH_NUMBER, 5000, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN,
"Set bytecode timeout in milliseconds.","5000"},
- { "BytecodeUnsigned", "bytecode-unsigned", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN,
+ { "BytecodeUnsigned", "bytecode-unsigned", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN,
"Allow loading bytecode from outside digitally signed .c[lv]d files.","no"},
{ "BytecodeMode", "bytecode-mode", 0, CLOPT_TYPE_STRING, "^(Auto|ForceJIT|ForceInterpreter|Test)$", -1, "Auto", FLAG_REQUIRED, OPT_CLAMD | OPT_CLAMSCAN,
@@ -366,6 +366,8 @@
{ "ForceToDisk", "force-to-disk", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "This option causes memory or nested map scans to dump the content to disk.\nIf you turn on this option, more data is written to disk and is available\nwhen the leave-temps option is enabled at the cost of more disk writes.", "no" },
+ { "MaxScanTime", "max-scantime", 0, CLOPT_TYPE_NUMBER, MATCH_NUMBER, 0, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "This option sets the maximum amount of time a scan may take to complete.\nIn this version, this field only affects the scan time of ZIP archives.\nThe value of 0 disables the limit.\nWARNING: disabling this limit or setting it too high may result allow scanning\nof certain files to lock up the scanning process/threads resulting in a Denial of Service.\nThe value is in milliseconds.", "120000"},
+
{ "MaxScanSize", "max-scansize", 0, CLOPT_TYPE_SIZE, MATCH_SIZE, CLI_DEFAULT_MAXSCANSIZE, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "This option sets the maximum amount of data to be scanned for each input file.\nArchives and other containers are recursively extracted and scanned up to this\nvalue.\nThe value of 0 disables the limit.\nWARNING: disabling this limit or setting it too high may result in severe\ndamage.", "100M" },
{ "MaxFileSize", "max-filesize", 0, CLOPT_TYPE_SIZE, MATCH_SIZE, CLI_DEFAULT_MAXFILESIZE, NULL, 0, OPT_CLAMD | OPT_MILTER | OPT_CLAMSCAN, "Files/messages larger than this limit won't be scanned. Affects the input\nfile itself as well as files contained inside it (when the input file is\nan archive, a document or some other kind of container).\nThe value of 0 disables the limit.\nWARNING: disabling this limit or setting it too high may result in severe\ndamage to the system.", "25M" },
@@ -391,8 +393,6 @@
{ "MaxRecHWP3", "max-rechwp3", 0, CLOPT_TYPE_NUMBER, MATCH_NUMBER, CLI_DEFAULT_MAXRECHWP3, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "This option sets the maximum recursive calls to HWP3 parsing function.\nHWP3 files using more than this limit will be terminated and alert the user.\nScans will be unable to scan any HWP3 attachments if the recursive limit is reached.\nNegative values are not allowed.\nWARNING: setting this limit too high may result in severe damage or impact performance.", "16" },
- { "TimeLimit", "timelimit", 0, CLOPT_TYPE_NUMBER, MATCH_NUMBER, 0, NULL, 0, OPT_CLAMSCAN, "This clamscan option is currently for testing only. It sets the engine parameter CL_ENGINE_TIME_LIMIT. The value is in milliseconds.", "0" },
-
{ "PCREMatchLimit", "pcre-match-limit", 0, CLOPT_TYPE_NUMBER, MATCH_NUMBER, CLI_DEFAULT_PCRE_MATCH_LIMIT, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "This option sets the maximum calls to the PCRE match function during an instance of regex matching.\nInstances using more than this limit will be terminated and alert the user but the scan will continue.\nFor more information on match_limit, see the PCRE documentation.\nNegative values are not allowed.\nWARNING: setting this limit too high may severely impact performance.", "100000" },
{ "PCRERecMatchLimit", "pcre-recmatch-limit", 0, CLOPT_TYPE_NUMBER, MATCH_NUMBER, CLI_DEFAULT_PCRE_RECMATCH_LIMIT, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "This option sets the maximum recursive calls to the PCRE match function during an instance of regex matching.\nInstances using more than this limit will be terminated and alert the user but the scan will continue.\nFor more information on match_limit_recursion, see the PCRE documentation.\nNegative values are not allowed and values > PCREMatchLimit are superfluous.\nWARNING: setting this limit too high may severely impact performance.", "5000" },
@@ -491,6 +491,7 @@
/* Deprecated options */
+ { "TimeLimit", "timelimit", 0, CLOPT_TYPE_NUMBER, MATCH_NUMBER, 0, NULL, 0, OPT_CLAMSCAN | OPT_DEPRECATED, "Deprecated option to set the max-scantime.\nThe value is in milliseconds.", "120000"},
{ "DetectBrokenExecutables", "detect-broken", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN | OPT_DEPRECATED, "Deprecated option to alert on broken PE and ELF executable files.", "no" },
{ "AlgorithmicDetection", "algorithmic-detection", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "Deprecated option to enable heuristic alerts (e.g. \"Heuristics.<sig name>\")", "no" },
{ "BlockMax", "block-max", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "", "" },
@@ -1188,39 +1189,39 @@
long long numarg, lnumarg;
int regflags = REG_EXTENDED | REG_NOSUB;
const struct clam_option *optentry = NULL;
-
+
if(oldopts)
opts = oldopts;
-
-
+
+
for(i = 0; ; i++) {
optentry = &clam_options[i];
if(!optentry->name && !optentry->longopt)
break;
-
+
if(((optentry->owner & toolmask) && ((optentry->owner & toolmask) != OPT_DEPRECATED)) || (ignore && (optentry->owner & ignore))) {
if(!oldopts && optadd(&opts, &opts_last, optentry->name, optentry->longopt, optentry->strarg, optentry->numarg, optentry->flags, i) < 0) {
fprintf(stderr, "ERROR: optparse: Can't register new option (not enough memory)\n");
optfree(opts);
return NULL;
}
-
+
}
}
-
+
if(MAX(sc, lc) > MAXCMDOPTS) {
fprintf(stderr, "ERROR: optparse: (short|long)opts[] is too small\n");
optfree(opts);
return NULL;
}
-
+
while(1) {
if(!name) {
fprintf(stderr, "ERROR: Problem parsing options (name == NULL)\n");
err = 1;
break;
}
-
+
opt = optget_i(opts, name);
if(!opt) {
if(verbose)
@@ -1229,13 +1230,13 @@
break;
}
optentry = &clam_options[opt->idx];
-
+
if(ignore && (optentry->owner & ignore) && !(optentry->owner & toolmask)) {
if(verbose)
fprintf(stderr, "WARNING: Ignoring unsupported option %s\n", opt->name);
continue;
}
-
+
if(optentry->owner & OPT_DEPRECATED) {
if(toolmask & OPT_DEPRECATED) {
if(optaddarg(opts, name, "foo", 1) < 0) {
@@ -1249,11 +1250,11 @@
}
continue;
}
-
+
if(optentry->regex) {
if(!(optentry->flags & FLAG_REG_CASE))
regflags |= REG_ICASE;
-
+
if(cli_regcomp(®ex, optentry->regex, regflags)) {
fprintf(stderr, "ERROR: optparse: Can't compile regular expression %s for option %s\n", optentry->regex, name);
err = 1;
@@ -1267,15 +1268,15 @@
break;
}
}
-
+
numarg = -1;
switch(optentry->argtype) {
case CLOPT_TYPE_STRING:
if(!arg)
arg = optentry->strarg;
-
+
break;
-
+
case CLOPT_TYPE_NUMBER:
if (arg)
numarg = atoi(arg);
@@ -1283,7 +1284,7 @@
numarg = 0;
arg = NULL;
break;
-
+
case CLOPT_TYPE_SIZE:
errno = 0;
if(arg)
@@ -1311,41 +1312,41 @@
err = 1;
}
}
-
+
arg = NULL;
if(err) break;
if(errno == ERANGE) {
fprintf(stderr, "WARNING: Numerical value for option %s too high, resetting to 4G\n", name);
lnumarg = UINT_MAX;
}
-
+
numarg = lnumarg ? lnumarg : UINT_MAX;
break;
-
+
case CLOPT_TYPE_BOOL:
if(!strcasecmp(arg, "yes") || !strcmp(arg, "1") || !strcasecmp(arg, "true"))
numarg = 1;
else
numarg = 0;
-
+
arg = NULL;
break;
}
-
+
if(err)
break;
-
+
if(optaddarg(opts, name, arg, numarg) < 0) {
fprintf(stderr, "ERROR: Can't register argument for option --%s\n", optentry->longopt);
err = 1;
}
break;
}
-
+
if(err) {
optfree(opts);
return NULL;
}
-
+
return opts;
}
diff -Nru clamav-0.101.2+dfsg/unit_tests/valgrind.supp clamav-0.101.4+dfsg/unit_tests/valgrind.supp
--- clamav-0.101.2+dfsg/unit_tests/valgrind.supp 2019-03-13 22:13:01.000000000 +0100
+++ clamav-0.101.4+dfsg/unit_tests/valgrind.supp 2019-08-20 18:08:50.000000000 +0200
@@ -259,3 +259,36 @@
fun:_ZN4llvm19MachineFunctionPass13runOnFunctionERNS_8FunctionE
fun:_ZN4llvm13FPPassManager13runOnFunctionERNS_8FunctionE
}
+{
+ unrar-wcsrtombs
+ Memcheck:Cond
+ fun:internal_ascii_loop
+ fun:__gconv_transform_internal_ascii
+ fun:wcsrtombs
+ fun:wcsrtombs
+ ...
+}
+{
+ unrar-wcsrtombs-2
+ Memcheck:Cond
+ fun:__wcsnlen_avx2
+ fun:wcsrtombs
+ fun:wcsrtombs
+ ...
+}
+{
+ unrar-wcsrtombs-3
+ Memcheck:Cond
+ fun:__wcsnlen_sse4_1
+ fun:wcsrtombs
+ fun:wcsrtombs
+ ...
+}
+{
+ binhex-overlapping-memmove
+ Memcheck:Overlap
+ fun:__memcpy_chk
+ fun:memmove
+ fun:cli_binhex
+ ...
+}
