Package: release.debian.org Control: affects -1 + src:clamav X-Debbugs-Cc: cla...@packages.debian.org User: release.debian....@packages.debian.org Usertags: pu Tags: bookworm Severity: normal
This is an update to the latest clamav release in the 1.0.x series. This update closes two CVEs: - CVE-2024-20290: Fixed a possible heap overflow read bug in the OLE2 file parser that could cause a denial-of-service (DoS) condition. - CVE-2024-20328: Fixed a possible command injection vulnerability in the "VirusEvent" feature of ClamAV's ClamD service. To fix this issue, we disabled the '%f' format string parameter. ClamD administrators may continue to use the `CLAM_VIRUSEVENT_FILENAME` environment variable, instead of '%f'. But you should do so only from within an executable, such as a Python script, and not directly in the clamd.conf "VirusEvent" command. Announcement by upstream: https://blog.clamav.net/2023/11/clamav-130-122-105-released.html The previous 1.0.4 release was in unstable since 2024-01-20 and migrated to testing on 2024-01-22. The 1.0.5 release is in unstable since 2024-02-08 and I have reports of issues so far. The attached debdiff is against the current version in Bookworm and has the libclamav_rust/.cargo/ folder omitted. Otherwise the diff grows to over 100MiB. Sebastian
diff --git a/.github/workflows/cmake.yml b/.github/workflows/cmake.yml index 6208c93..422e291 100644 --- a/.github/workflows/cmake.yml +++ b/.github/workflows/cmake.yml @@ -24,6 +24,10 @@ name: CMake Build runs-on: windows-2019 steps: + - name: Die, link!!!!! + run: rm /usr/bin/link.exe + shell: bash + - uses: actions/checkout@v1 - name: Install Build Tools diff --git a/CMakeLists.txt b/CMakeLists.txt index cfeeb49..b2c6533 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -22,7 +22,7 @@ string(TIMESTAMP TODAY "%Y%m%d") set(VERSION_SUFFIX "") project( ClamAV - VERSION "1.0.3" + VERSION "1.0.5" DESCRIPTION "ClamAV open source email, web, and end-point anti-virus toolkit." ) set(CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/cmake" ${CMAKE_MODULE_PATH}) @@ -676,13 +676,13 @@ check_type_size("ssize_t" SIZEOF_SSIZE_T) if(SIZEOF_SSIZE_T STREQUAL "") # ssize_t is a signed type in POSIX storing at least -1. # Set it to "int" to match the behavior of AC_TYPE_SSIZE_T (autotools). - set(ssize_t int) + set(SSIZE_T_DEF "typedef int ssize_t;") endif() check_type_size("off_t" SIZEOF_OFF_T) if(SIZEOF_OFF_T STREQUAL "") # off_t is a signed type in POSIX no narrower than int. # Set it to "long int" to match the behavior of AC_TYPE_OFF_T (autotools). - set(off_t long int) + set(OFF_T_DEF "typedef long int off_t;") endif() check_type_size("int" SIZEOF_INT) diff --git a/Cargo.lock b/Cargo.lock index e06ab2a..05e6643 100755 --- a/Cargo.lock +++ b/Cargo.lock @@ -8,26 +8,6 @@ version = "1.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe" -[[package]] -name = "ansi_term" -version = "0.12.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d52a9bb7ec0cf484c551830a7ce27bd20d67eac647e1befb56b0be4ee39a55d2" -dependencies = [ - "winapi", -] - -[[package]] -name = "atty" -version = "0.2.14" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d9b39be18770d11421cdb1b9947a45dd3f37e93092cbf377614828a319d5fee8" -dependencies = [ - "hermit-abi 0.1.19", - "libc", - "winapi", -] - [[package]] name = "autocfg" version = "1.1.0" @@ -102,7 +82,6 @@ version = "0.20.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "51e3973b165dc0f435831a9e426de67e894de532754ff7a3f307c03ee5dec7dc" dependencies = [ - "clap", "heck", "indexmap", "log", @@ -115,6 +94,15 @@ dependencies = [ "toml", ] +[[package]] +name = "cc" +version = "1.0.83" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f1174fb0b6ec23863f8b971027804a42614e347eafb0a95bf0b12cdae21fc4d0" +dependencies = [ + "libc", +] + [[package]] name = "cexpr" version = "0.6.0" @@ -160,21 +148,6 @@ dependencies = [ "libloading", ] -[[package]] -name = "clap" -version = "2.34.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a0610544180c38b88101fecf2dd634b174a62eef6946f84dfc6a7127512b381c" -dependencies = [ - "ansi_term", - "atty", - "bitflags", - "strsim", - "textwrap", - "unicode-width", - "vec_map", -] - [[package]] name = "color_quant" version = "1.1.0" @@ -201,9 +174,9 @@ dependencies = [ [[package]] name = "crossbeam-channel" -version = "0.5.6" +version = "0.5.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c2dd04ddaf88237dc3b8d8f9a3c1004b506b54b3313403944054d23c0870c521" +checksum = "a33c2bf77f2df06183c3aa30d1e96c0695a313d4f9c453cc3762a6db39f99200" dependencies = [ "cfg-if", "crossbeam-utils", @@ -274,6 +247,27 @@ version = "1.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7fcaabb2fef8c910e7f4c7ce9f67a1283a1715879a7c230ca9d6d1ae31f16d91" +[[package]] +name = "errno" +version = "0.3.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "136526188508e25c6fef639d7927dfb3e0e3084488bf202267829cf7fc23dbdd" +dependencies = [ + "errno-dragonfly", + "libc", + "windows-sys 0.48.0", +] + +[[package]] +name = "errno-dragonfly" +version = "0.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "aa68f1b12764fab894d2755d2518754e71b4fd80ecfb822714a1206c2aab39bf" +dependencies = [ + "cc", + "libc", +] + [[package]] name = "exr" version = "1.5.3" @@ -397,15 +391,6 @@ dependencies = [ "unicode-segmentation", ] -[[package]] -name = "hermit-abi" -version = "0.1.19" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "62b467343b94ba476dcb2500d242dadbb39557df889310ac77c5d99100aaac33" -dependencies = [ - "libc", -] - [[package]] name = "hermit-abi" version = "0.2.6" @@ -415,6 +400,12 @@ dependencies = [ "libc", ] +[[package]] +name = "hermit-abi" +version = "0.3.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d77f7ec81a6d05a3abb01ab6eb7590f6083d08449fe5a1c8b1e620283546ccb7" + [[package]] name = "hex" version = "0.4.3" @@ -459,6 +450,17 @@ dependencies = [ "cfg-if", ] +[[package]] +name = "io-lifetimes" +version = "1.0.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "eae7b9aee968036d54dce06cebaefd919e4472e753296daccd6d344e3e2df0c2" +dependencies = [ + "hermit-abi 0.3.3", + "libc", + "windows-sys 0.48.0", +] + [[package]] name = "itoa" version = "1.0.5" @@ -517,6 +519,12 @@ dependencies = [ "winapi", ] +[[package]] +name = "linux-raw-sys" +version = "0.1.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f051f77a7c8e6957c0696eac88f26b0117e54f52d3fc682ab19397a8812846a4" + [[package]] name = "lock_api" version = "0.4.9" @@ -761,15 +769,6 @@ version = "0.6.28" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "456c603be3e8d448b072f410900c09faf164fbce2d480456f50eea6e25f9c848" -[[package]] -name = "remove_dir_all" -version = "0.5.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3acd125665422973a33ac9d3dd2df85edad0f4ae9b00dafb1a05e43a9f5ef8e7" -dependencies = [ - "winapi", -] - [[package]] name = "rustc-hash" version = "1.1.0" @@ -800,6 +799,20 @@ dependencies = [ "version_check", ] +[[package]] +name = "rustix" +version = "0.36.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c37f1bd5ef1b5422177b7646cba67430579cfe2ace80f284fee876bca52ad941" +dependencies = [ + "bitflags", + "errno", + "io-lifetimes", + "libc", + "linux-raw-sys", + "windows-sys 0.45.0", +] + [[package]] name = "ryu" version = "1.0.12" @@ -880,9 +893,9 @@ checksum = "a507befe795404456341dfab10cef66ead4c041f62b8b11bbb92bffe5d0953e0" [[package]] name = "spin" -version = "0.9.5" +version = "0.9.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7dccf47db1b41fa1573ed27ccf5e08e3ca771cb994f776668c5ebda893b248fc" +checksum = "6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67" dependencies = [ "lock_api", ] @@ -893,12 +906,6 @@ version = "0.2.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "fe895eb47f22e2ddd4dabc02bce419d2e643c8e3b585c78158b349195bc24d82" -[[package]] -name = "strsim" -version = "0.8.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8ea5119cdb4c55b55d432abb513a0429384878c15dde60cc77b1c99de1a95a6a" - [[package]] name = "syn" version = "1.0.107" @@ -923,25 +930,15 @@ dependencies = [ [[package]] name = "tempfile" -version = "3.3.0" +version = "3.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5cdb1ef4eaeeaddc8fbd371e5017057064af0911902ef36b39801f67cc6d79e4" +checksum = "af18f7ae1acd354b992402e9ec5864359d693cd8a79dcbef59f76891701c1e95" dependencies = [ "cfg-if", "fastrand", - "libc", "redox_syscall", - "remove_dir_all", - "winapi", -] - -[[package]] -name = "textwrap" -version = "0.11.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d326610f408c7a4eb6f51c37c330e496b08506c9457c9d34287ecc38809fb060" -dependencies = [ - "unicode-width", + "rustix", + "windows-sys 0.42.0", ] [[package]] @@ -1021,18 +1018,6 @@ version = "1.10.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1dd624098567895118886609431a7c3b8f516e41d30e0643f03d94592a147e36" -[[package]] -name = "unicode-width" -version = "0.1.10" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c0edd1e5b14653f783770bce4a4dabb4a5108a5370a5f5d8cfe8710c361f6c8b" - -[[package]] -name = "vec_map" -version = "0.8.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f1bddf1187be692e79c5ffeab891132dfb0f236ed36a43c7ed39f1165ee20191" - [[package]] name = "version_check" version = "0.9.4" @@ -1138,6 +1123,153 @@ version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" +[[package]] +name = "windows-sys" +version = "0.42.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5a3e1820f08b8513f676f7ab6c1f99ff312fb97b553d30ff4dd86f9f15728aa7" +dependencies = [ + "windows_aarch64_gnullvm 0.42.2", + "windows_aarch64_msvc 0.42.2", + "windows_i686_gnu 0.42.2", + "windows_i686_msvc 0.42.2", + "windows_x86_64_gnu 0.42.2", + "windows_x86_64_gnullvm 0.42.2", + "windows_x86_64_msvc 0.42.2", +] + +[[package]] +name = "windows-sys" +version = "0.45.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "75283be5efb2831d37ea142365f009c02ec203cd29a3ebecbc093d52315b66d0" +dependencies = [ + "windows-targets 0.42.2", +] + +[[package]] +name = "windows-sys" +version = "0.48.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "677d2418bec65e3338edb076e806bc1ec15693c5d0104683f2efe857f61056a9" +dependencies = [ + "windows-targets 0.48.5", +] + +[[package]] +name = "windows-targets" +version = "0.42.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8e5180c00cd44c9b1c88adb3693291f1cd93605ded80c250a75d472756b4d071" +dependencies = [ + "windows_aarch64_gnullvm 0.42.2", + "windows_aarch64_msvc 0.42.2", + "windows_i686_gnu 0.42.2", + "windows_i686_msvc 0.42.2", + "windows_x86_64_gnu 0.42.2", + "windows_x86_64_gnullvm 0.42.2", + "windows_x86_64_msvc 0.42.2", +] + +[[package]] +name = "windows-targets" +version = "0.48.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9a2fa6e2155d7247be68c096456083145c183cbbbc2764150dda45a87197940c" +dependencies = [ + "windows_aarch64_gnullvm 0.48.5", + "windows_aarch64_msvc 0.48.5", + "windows_i686_gnu 0.48.5", + "windows_i686_msvc 0.48.5", + "windows_x86_64_gnu 0.48.5", + "windows_x86_64_gnullvm 0.48.5", + "windows_x86_64_msvc 0.48.5", +] + +[[package]] +name = "windows_aarch64_gnullvm" +version = "0.42.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "597a5118570b68bc08d8d59125332c54f1ba9d9adeedeef5b99b02ba2b0698f8" + +[[package]] +name = "windows_aarch64_gnullvm" +version = "0.48.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2b38e32f0abccf9987a4e3079dfb67dcd799fb61361e53e2882c3cbaf0d905d8" + +[[package]] +name = "windows_aarch64_msvc" +version = "0.42.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e08e8864a60f06ef0d0ff4ba04124db8b0fb3be5776a5cd47641e942e58c4d43" + +[[package]] +name = "windows_aarch64_msvc" +version = "0.48.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dc35310971f3b2dbbf3f0690a219f40e2d9afcf64f9ab7cc1be722937c26b4bc" + +[[package]] +name = "windows_i686_gnu" +version = "0.42.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c61d927d8da41da96a81f029489353e68739737d3beca43145c8afec9a31a84f" + +[[package]] +name = "windows_i686_gnu" +version = "0.48.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a75915e7def60c94dcef72200b9a8e58e5091744960da64ec734a6c6e9b3743e" + +[[package]] +name = "windows_i686_msvc" +version = "0.42.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "44d840b6ec649f480a41c8d80f9c65108b92d89345dd94027bfe06ac444d1060" + +[[package]] +name = "windows_i686_msvc" +version = "0.48.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8f55c233f70c4b27f66c523580f78f1004e8b5a8b659e05a4eb49d4166cca406" + +[[package]] +name = "windows_x86_64_gnu" +version = "0.42.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8de912b8b8feb55c064867cf047dda097f92d51efad5b491dfb98f6bbb70cb36" + +[[package]] +name = "windows_x86_64_gnu" +version = "0.48.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "53d40abd2583d23e4718fddf1ebec84dbff8381c07cae67ff7768bbf19c6718e" + +[[package]] +name = "windows_x86_64_gnullvm" +version = "0.42.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "26d41b46a36d453748aedef1486d5c7a85db22e56aff34643984ea85514e94a3" + +[[package]] +name = "windows_x86_64_gnullvm" +version = "0.48.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0b7b52767868a23d5bab768e390dc5f5c55825b6d30b86c844ff2dc7414044cc" + +[[package]] +name = "windows_x86_64_msvc" +version = "0.42.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9aec5da331524158c6d1a4ac0ab1541149c0b9505fde06423b02f5ef0106b9f0" + +[[package]] +name = "windows_x86_64_msvc" +version = "0.48.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ed94fce61571a4006852b7389a063ab983c02eb1bb37b47f8272ce92d06d9538" + [[package]] name = "zune-inflate" version = "0.2.42" diff --git a/Jenkinsfile b/Jenkinsfile index a3996e8..d59bea5 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -10,7 +10,7 @@ properties( parameters( [ string(name: 'VERSION', - defaultValue: '1.0.3', + defaultValue: '1.0.5', description: 'ClamAV version string'), string(name: 'FRAMEWORK_BRANCH', defaultValue: '1.0', diff --git a/NEWS.md b/NEWS.md index d11b535..ac59506 100644 --- a/NEWS.md +++ b/NEWS.md @@ -3,6 +3,66 @@ Note: This file refers to the official packages. Things described here may differ slightly from third-party binary packages. +## 1.0.5 + +ClamAV 1.0.5 is a critical patch release with the following fixes: + +- [CVE-2024-20290](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20290): + Fixed a possible heap overflow read bug in the OLE2 file parser that could + cause a denial-of-service (DoS) condition. + + Affected versions: + - 1.0.0 through 1.0.4 (LTS) + - 1.1 (all patch versions) + - 1.2.0 and 1.2.1 + + Thank you to OSS-Fuzz for identifying this issue. + +- [CVE-2024-20328](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20328): + Fixed a possible command injection vulnerability in the `VirusEvent` feature + of ClamAV's ClamD service. + + To fix this issue, we disabled the '%f' format string parameter. + ClamD administrators may continue to use the `CLAM_VIRUSEVENT_FILENAME` + environment variable, instead of '%f'. But you should do so only from within + an executable, such as a Python script, and not directly in the `clamd.conf` + `VirusEvent` command. + + Affected versions: + - 0.104 (all patch versions) + - 0.105 (all patch versions) + - 1.0.0 through 1.0.4 (LTS) + - 1.1 (all patch versions) + - 1.2.0 and 1.2.1 + + Thank you to Amit Schendel for identifying this issue. + +## 1.0.4 + +ClamAV 1.0.4 is a patch release with the following fixes: + +- Eliminate security warning about unused "atty" dependency. + - GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/1035 + +- Upgrade the bundled UnRAR library (libclamunrar) to version 6.2.12. + - GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/1054 + +- Windows: libjson-c 0.17 compatibility fix. with ssize_t type definition. + - GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/1064 + +- Freshclam: Removed a verbose warning printed for each Freshclam HTTP request. + - GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/1042 + +- Build system: Fix link error with Clang/LLVM/LLD version 17. + Patch courtesy of Yasuhiro Kimura. + - GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/1058 + +- Fix alert-exceeds-max feature for files > 2GB and < max-filesize. + - GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/1041 + +Special thanks to the following people for code contributions and bug reports: +- Yasuhiro Kimura + ## 1.0.3 ClamAV 1.0.3 is a critical patch release with the following fixes: diff --git a/clamav-config.h.cmake.in b/clamav-config.h.cmake.in index b21af87..4f3b837 100644 --- a/clamav-config.h.cmake.in +++ b/clamav-config.h.cmake.in @@ -587,11 +587,22 @@ #define inline @INLINE_KEYWORD@ #endif -/* Define to `long int' if <sys/types.h> does not define. */ -#cmakedefine off_t @off_t@ - /* Define to `int' if <sys/types.h> does not define. */ -#cmakedefine ssize_t @ssize_t@ +#ifndef SSIZE_T_DEFINED + #if defined(_MSC_VER) + #include <BaseTsd.h> + typedef SSIZE_T ssize_t; + #else + @SSIZE_T_DEF@ + #endif + # define SSIZE_T_DEFINED +#endif + +/* Define to `long int' if <sys/types.h> does not define. */ +#ifndef OFF_T_DEFINED + @OFF_T_DEF@ + #define OFF_T_DEFINED +#endif /* Define to the equivalent of the C99 'restrict' keyword, or to nothing if this is not supported. Do not define if restrict is diff --git a/clamd/clamd_others.c b/clamd/clamd_others.c index 23f3b02..32d0701 100644 --- a/clamd/clamd_others.c +++ b/clamd/clamd_others.c @@ -101,6 +101,8 @@ void virusaction(const char *filename, const char *virname, #define VE_FILENAME "CLAM_VIRUSEVENT_FILENAME" #define VE_VIRUSNAME "CLAM_VIRUSEVENT_VIRUSNAME" +#define FILENAME_DISABLED_MESSAGE "The filename format character has been disabled due to security concerns, use the 'CLAM_VIRUSEVENT_FILENAME' environment variable instead." + void virusaction(const char *filename, const char *virname, const struct optstruct *opts) { @@ -145,7 +147,7 @@ void virusaction(const char *filename, const char *virname, } len = strlen(opt->strarg); buffer_cmd = - (char *)calloc(len + v * strlen(virname) + f * strlen(filename) + 1, sizeof(char)); + (char *)calloc(len + v * strlen(virname) + f * strlen(FILENAME_DISABLED_MESSAGE) + 1, sizeof(char)); if (!buffer_cmd) { if (path) xfree(env[0]); @@ -160,8 +162,8 @@ void virusaction(const char *filename, const char *virname, j += strlen(virname); i++; } else if (i + 1 < len && opt->strarg[i] == '%' && opt->strarg[i + 1] == 'f') { - strcat(buffer_cmd, filename); - j += strlen(filename); + strcat(buffer_cmd, FILENAME_DISABLED_MESSAGE); + j += strlen(FILENAME_DISABLED_MESSAGE); i++; } else { buffer_cmd[j++] = opt->strarg[i]; diff --git a/common/optparser.c b/common/optparser.c index a7bdbee..1be7afe 100644 --- a/common/optparser.c +++ b/common/optparser.c @@ -333,7 +333,7 @@ const struct clam_option __clam_options[] = { {"DisableCache", "disable-cache", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "This option allows you to disable clamd's caching feature.", "no"}, - {"VirusEvent", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_CLAMD, "Execute a command when a virus is found. In the command string %v will be\nreplaced with the virus name and %f will be replaced with the file name.\nAdditionally, two environment variables will be defined: $CLAM_VIRUSEVENT_FILENAME\nand $CLAM_VIRUSEVENT_VIRUSNAME.", "/usr/bin/mailx -s \"ClamAV VIRUS ALERT: %v\" alert < /dev/null"}, + {"VirusEvent", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_CLAMD, "Execute a command when virus is found.\nUse the following environment variables to identify the file and virus names:\n- $CLAM_VIRUSEVENT_FILENAME\n- $CLAM_VIRUSEVENT_VIRUSNAME\nIn the command string, '%v' will also be replaced with the virus name.\nNote: The '%f' filename format character has been disabled and will no longer\nbe replaced with the file name, due to command injection security concerns.\nUse the 'CLAM_VIRUSEVENT_FILENAME' environment variable instead.\nFor the same reason, you should NOT use the environment variables in the\ncommand directly, but should use it carefully from your executed script.", "/opt/send_virus_alert_sms.sh"}, {"ExitOnOOM", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD, "Stop the daemon when libclamav reports an out of memory condition.", "yes"}, diff --git a/debian/.git-dpm b/debian/.git-dpm index dafa965..b364a80 100644 --- a/debian/.git-dpm +++ b/debian/.git-dpm @@ -1,8 +1,8 @@ # see git-dpm(1) from git-dpm package -b6798c1c1c1bd4e43f1ffbc36748adb5cf07787a -b6798c1c1c1bd4e43f1ffbc36748adb5cf07787a -6aeff1ef1ff425a1a201d8e3f2c5b8b1f8a60fdb -6aeff1ef1ff425a1a201d8e3f2c5b8b1f8a60fdb -clamav_1.0.3+dfsg.orig.tar.xz -329456b2e5930a422859b00ed0e08cc8ab53e2b3 -14191252 +62cd02dc40f3fd1a26496091133787db33dd65e7 +62cd02dc40f3fd1a26496091133787db33dd65e7 +3075ec387d1332975da55d4c08f4463a4fc82909 +3075ec387d1332975da55d4c08f4463a4fc82909 +clamav_1.0.5+dfsg.orig.tar.xz +f4f5016ce9ff75ad1db40f3475c100dc5fd87243 +25821000 diff --git a/debian/changelog b/debian/changelog index 36fd23b..158545e 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,21 @@ +clamav (1.0.5+dfsg-1~deb12u1) bookworm; urgency=medium + + * Import 1.0.4 (Closes: #1063479). + - Update symbols. + - CVE-2024-20290 (Fixed a possible heap overflow read bug in the OLE2 file + parser that could cause a denial-of-service (DoS) condition.) + - CVE-2024-20328 (Fixed a possible command injection vulnerability in the + "VirusEvent" feature of ClamAV's ClamD service. + + -- Sebastian Andrzej Siewior <sebast...@breakpoint.cc> Thu, 08 Feb 2024 21:58:26 +0100 + +clamav (1.0.4+dfsg-1~deb12u1) bookworm; urgency=medium + + * Import 1.0.4 + - Update symbols. + + -- Sebastian Andrzej Siewior <sebast...@breakpoint.cc> Sun, 04 Feb 2024 11:45:46 +0100 + clamav (1.0.3+dfsg-1~deb12u1) bookworm; urgency=medium * Import 1.0.3 diff --git a/debian/libclamav11.symbols b/debian/libclamav11.symbols index 909b601..b451f3a 100644 --- a/debian/libclamav11.symbols +++ b/debian/libclamav11.symbols @@ -1,25 +1,25 @@ libclamav.so.11 libclamav11 #MINVER# * Build-Depends-Package: libclamav-dev - CLAMAV_PRIVATE@CLAMAV_PRIVATE 1.0.3 + CLAMAV_PRIVATE@CLAMAV_PRIVATE 1.0.5 CLAMAV_PUBLIC@CLAMAV_PUBLIC 1.0.0 - __cli_strcasestr@CLAMAV_PRIVATE 1.0.3 - __cli_strndup@CLAMAV_PRIVATE 1.0.3 - __cli_strnlen@CLAMAV_PRIVATE 1.0.3 - __cli_strnstr@CLAMAV_PRIVATE 1.0.3 - base64Flush@CLAMAV_PRIVATE 1.0.3 - blobAddData@CLAMAV_PRIVATE 1.0.3 - blobCreate@CLAMAV_PRIVATE 1.0.3 - blobDestroy@CLAMAV_PRIVATE 1.0.3 - cl_ASN1_GetTimeT@CLAMAV_PRIVATE 1.0.3 + __cli_strcasestr@CLAMAV_PRIVATE 1.0.5 + __cli_strndup@CLAMAV_PRIVATE 1.0.5 + __cli_strnlen@CLAMAV_PRIVATE 1.0.5 + __cli_strnstr@CLAMAV_PRIVATE 1.0.5 + base64Flush@CLAMAV_PRIVATE 1.0.5 + blobAddData@CLAMAV_PRIVATE 1.0.5 + blobCreate@CLAMAV_PRIVATE 1.0.5 + blobDestroy@CLAMAV_PRIVATE 1.0.5 + cl_ASN1_GetTimeT@CLAMAV_PRIVATE 1.0.5 cl_always_gen_section_hash@CLAMAV_PUBLIC 1.0.0 - cl_base64_decode@CLAMAV_PRIVATE 1.0.3 - cl_base64_encode@CLAMAV_PRIVATE 1.0.3 - cl_cleanup_crypto@CLAMAV_PRIVATE 1.0.3 + cl_base64_decode@CLAMAV_PRIVATE 1.0.5 + cl_base64_encode@CLAMAV_PRIVATE 1.0.5 + cl_cleanup_crypto@CLAMAV_PRIVATE 1.0.5 cl_countsigs@CLAMAV_PUBLIC 1.0.0 cl_cvdfree@CLAMAV_PUBLIC 1.0.0 cl_cvdhead@CLAMAV_PUBLIC 1.0.0 cl_cvdparse@CLAMAV_PUBLIC 1.0.0 - cl_cvdunpack@CLAMAV_PRIVATE 1.0.3 + cl_cvdunpack@CLAMAV_PRIVATE 1.0.5 cl_cvdverify@CLAMAV_PUBLIC 1.0.0 cl_debug@CLAMAV_PUBLIC 1.0.0 cl_engine_addref@CLAMAV_PUBLIC 1.0.0 @@ -28,7 +28,7 @@ libclamav.so.11 libclamav11 #MINVER# cl_engine_get_num@CLAMAV_PUBLIC 1.0.0 cl_engine_get_str@CLAMAV_PUBLIC 1.0.0 cl_engine_new@CLAMAV_PUBLIC 1.0.0 - cl_engine_set_clcb_engine_compile_progress@CLAMAV_PRIVATE 1.0.3 + cl_engine_set_clcb_engine_compile_progress@CLAMAV_PRIVATE 1.0.5 cl_engine_set_clcb_file_inspection@CLAMAV_PUBLIC 1.0.0 cl_engine_set_clcb_file_props@CLAMAV_PUBLIC 1.0.0 cl_engine_set_clcb_hash@CLAMAV_PUBLIC 1.0.0 @@ -37,7 +37,7 @@ libclamav.so.11 libclamav11 #MINVER# cl_engine_set_clcb_pre_cache@CLAMAV_PUBLIC 1.0.0 cl_engine_set_clcb_pre_scan@CLAMAV_PUBLIC 1.0.0 cl_engine_set_clcb_sigload@CLAMAV_PUBLIC 1.0.0 - cl_engine_set_clcb_sigload_progress@CLAMAV_PRIVATE 1.0.3 + cl_engine_set_clcb_sigload_progress@CLAMAV_PRIVATE 1.0.5 cl_engine_set_clcb_stats_add_sample@CLAMAV_PUBLIC 1.0.0 cl_engine_set_clcb_stats_decrement_count@CLAMAV_PUBLIC 1.0.0 cl_engine_set_clcb_stats_flush@CLAMAV_PUBLIC 1.0.0 @@ -58,21 +58,21 @@ libclamav.so.11 libclamav11 #MINVER# cl_fmap_close@CLAMAV_PUBLIC 1.0.0 cl_fmap_open_handle@CLAMAV_PUBLIC 1.0.0 cl_fmap_open_memory@CLAMAV_PUBLIC 1.0.0 - cl_get_pkey_file@CLAMAV_PRIVATE 1.0.3 - cl_get_x509_from_mem@CLAMAV_PRIVATE 1.0.3 - cl_hash_data@CLAMAV_PRIVATE 1.0.3 + cl_get_pkey_file@CLAMAV_PRIVATE 1.0.5 + cl_get_x509_from_mem@CLAMAV_PRIVATE 1.0.5 + cl_hash_data@CLAMAV_PRIVATE 1.0.5 cl_hash_destroy@CLAMAV_PUBLIC 1.0.0 - cl_hash_file_fd@CLAMAV_PRIVATE 1.0.3 - cl_hash_file_fd_ctx@CLAMAV_PRIVATE 1.0.3 - cl_hash_file_fp@CLAMAV_PRIVATE 1.0.3 + cl_hash_file_fd@CLAMAV_PRIVATE 1.0.5 + cl_hash_file_fd_ctx@CLAMAV_PRIVATE 1.0.5 + cl_hash_file_fp@CLAMAV_PRIVATE 1.0.5 cl_hash_init@CLAMAV_PUBLIC 1.0.0 cl_init@CLAMAV_PUBLIC 1.0.0 - cl_initialize_crypto@CLAMAV_PRIVATE 1.0.3 + cl_initialize_crypto@CLAMAV_PRIVATE 1.0.5 cl_load@CLAMAV_PUBLIC 1.0.0 - cl_load_cert@CLAMAV_PRIVATE 1.0.3 - cl_load_crl@CLAMAV_PRIVATE 1.0.3 + cl_load_cert@CLAMAV_PRIVATE 1.0.5 + cl_load_crl@CLAMAV_PRIVATE 1.0.5 cl_retdbdir@CLAMAV_PUBLIC 1.0.0 - cl_retflevel@CLAMAV_PUBLIC 1.0.3 + cl_retflevel@CLAMAV_PUBLIC 1.0.5 cl_retver@CLAMAV_PUBLIC 1.0.0 cl_scandesc@CLAMAV_PUBLIC 1.0.0 cl_scandesc_callback@CLAMAV_PUBLIC 1.0.0 @@ -80,203 +80,203 @@ libclamav.so.11 libclamav11 #MINVER# cl_scanfile_callback@CLAMAV_PUBLIC 1.0.0 cl_scanmap_callback@CLAMAV_PUBLIC 1.0.0 cl_set_clcb_msg@CLAMAV_PUBLIC 1.0.0 - cl_sha1@CLAMAV_PRIVATE 1.0.3 - cl_sha256@CLAMAV_PRIVATE 1.0.3 - cl_sign_data@CLAMAV_PRIVATE 1.0.3 - cl_sign_data_keyfile@CLAMAV_PRIVATE 1.0.3 - cl_sign_file_fd@CLAMAV_PRIVATE 1.0.3 - cl_sign_file_fp@CLAMAV_PRIVATE 1.0.3 + cl_sha1@CLAMAV_PRIVATE 1.0.5 + cl_sha256@CLAMAV_PRIVATE 1.0.5 + cl_sign_data@CLAMAV_PRIVATE 1.0.5 + cl_sign_data_keyfile@CLAMAV_PRIVATE 1.0.5 + cl_sign_file_fd@CLAMAV_PRIVATE 1.0.5 + cl_sign_file_fp@CLAMAV_PRIVATE 1.0.5 cl_statchkdir@CLAMAV_PUBLIC 1.0.0 cl_statfree@CLAMAV_PUBLIC 1.0.0 cl_statinidir@CLAMAV_PUBLIC 1.0.0 cl_strerror@CLAMAV_PUBLIC 1.0.0 cl_update_hash@CLAMAV_PUBLIC 1.0.0 - cl_validate_certificate_chain@CLAMAV_PRIVATE 1.0.3 - cl_validate_certificate_chain_ts_dir@CLAMAV_PRIVATE 1.0.3 - cl_verify_signature@CLAMAV_PRIVATE 1.0.3 - cl_verify_signature_fd@CLAMAV_PRIVATE 1.0.3 - cl_verify_signature_fd_x509@CLAMAV_PRIVATE 1.0.3 - cl_verify_signature_fd_x509_keyfile@CLAMAV_PRIVATE 1.0.3 - cl_verify_signature_hash@CLAMAV_PRIVATE 1.0.3 - cl_verify_signature_hash_x509@CLAMAV_PRIVATE 1.0.3 - cl_verify_signature_hash_x509_keyfile@CLAMAV_PRIVATE 1.0.3 - cl_verify_signature_x509@CLAMAV_PRIVATE 1.0.3 - cl_verify_signature_x509_keyfile@CLAMAV_PRIVATE 1.0.3 - cli_ac_buildtrie@CLAMAV_PRIVATE 1.0.3 - cli_ac_chklsig@CLAMAV_PRIVATE 1.0.3 - cli_ac_free@CLAMAV_PRIVATE 1.0.3 - cli_ac_freedata@CLAMAV_PRIVATE 1.0.3 - cli_ac_init@CLAMAV_PRIVATE 1.0.3 - cli_ac_initdata@CLAMAV_PRIVATE 1.0.3 - cli_ac_scanbuff@CLAMAV_PRIVATE 1.0.3 - cli_add_content_match_pattern@CLAMAV_PRIVATE 1.0.3 - cli_basename@CLAMAV_PRIVATE 1.0.3 - cli_bm_free@CLAMAV_PRIVATE 1.0.3 - cli_bm_init@CLAMAV_PRIVATE 1.0.3 - cli_bm_scanbuff@CLAMAV_PRIVATE 1.0.3 - cli_build_regex_list@CLAMAV_PRIVATE 1.0.3 - cli_bytecode_context_alloc@CLAMAV_PRIVATE 1.0.3 - cli_bytecode_context_destroy@CLAMAV_PRIVATE 1.0.3 - cli_bytecode_context_getresult_int@CLAMAV_PRIVATE 1.0.3 - cli_bytecode_context_set_trace@CLAMAV_PRIVATE 1.0.3 - cli_bytecode_context_setfile@CLAMAV_PRIVATE 1.0.3 - cli_bytecode_context_setfuncid@CLAMAV_PRIVATE 1.0.3 - cli_bytecode_context_setparam_int@CLAMAV_PRIVATE 1.0.3 - cli_bytecode_context_setparam_ptr@CLAMAV_PRIVATE 1.0.3 - cli_bytecode_debug@CLAMAV_PRIVATE 1.0.3 - cli_bytecode_debug_printsrc@CLAMAV_PRIVATE 1.0.3 - cli_bytecode_describe@CLAMAV_PRIVATE 1.0.3 - cli_bytecode_destroy@CLAMAV_PRIVATE 1.0.3 - cli_bytecode_done@CLAMAV_PRIVATE 1.0.3 - cli_bytecode_init@CLAMAV_PRIVATE 1.0.3 - cli_bytecode_load@CLAMAV_PRIVATE 1.0.3 - cli_bytecode_prepare2@CLAMAV_PRIVATE 1.0.3 - cli_bytecode_printversion@CLAMAV_PRIVATE 1.0.3 - cli_bytecode_run@CLAMAV_PRIVATE 1.0.3 - cli_bytefunc_describe@CLAMAV_PRIVATE 1.0.3 - cli_byteinst_describe@CLAMAV_PRIVATE 1.0.3 - cli_bytetype_describe@CLAMAV_PRIVATE 1.0.3 - cli_bytevalue_describe@CLAMAV_PRIVATE 1.0.3 - cli_calloc@CLAMAV_PRIVATE 1.0.3 - cli_check_auth_header@CLAMAV_PRIVATE 1.0.3 - cli_chomp@CLAMAV_PRIVATE 1.0.3 - cli_codepage_to_utf8@CLAMAV_PRIVATE 1.0.3 - cli_ctime@CLAMAV_PRIVATE 1.0.3 - cli_dbgmsg@CLAMAV_PRIVATE 1.0.3 - cli_dbgmsg_no_inline@CLAMAV_PRIVATE 1.0.3 - cli_dconf_init@CLAMAV_PRIVATE 1.0.3 - cli_debug_flag@CLAMAV_PRIVATE 1.0.3 - cli_detect_environment@CLAMAV_PRIVATE 1.0.3 - cli_disasm_one@CLAMAV_PRIVATE 1.0.3 - cli_errmsg@CLAMAV_PRIVATE 1.0.3 - cli_filecopy@CLAMAV_PRIVATE 1.0.3 - cli_free_vba_project@CLAMAV_PRIVATE 1.0.3 - cli_ftw@CLAMAV_PRIVATE 1.0.3 - cli_genhash_pe@CLAMAV_PRIVATE 1.0.3 - cli_gentemp@CLAMAV_PRIVATE 1.0.3 - cli_gentemp_with_prefix@CLAMAV_PRIVATE 1.0.3 - cli_gentempfd@CLAMAV_PRIVATE 1.0.3 - cli_gentempfd_with_prefix@CLAMAV_PRIVATE 1.0.3 - cli_get_debug_flag@CLAMAV_PRIVATE 1.0.3 - cli_get_filepath_from_filedesc@CLAMAV_PRIVATE 1.0.3 - cli_get_last_virus_str@CLAMAV_PRIVATE 1.0.3 - cli_getdsig@CLAMAV_PRIVATE 1.0.3 - cli_gettmpdir@CLAMAV_PRIVATE 1.0.3 - cli_hashfile@CLAMAV_PRIVATE 1.0.3 - cli_hashset_destroy@CLAMAV_PRIVATE 1.0.3 - cli_hashstream@CLAMAV_PRIVATE 1.0.3 - cli_hex2str@CLAMAV_PRIVATE 1.0.3 - cli_hex2ui@CLAMAV_PRIVATE 1.0.3 - cli_infomsg_simple@CLAMAV_PRIVATE 1.0.3 - cli_initroots@CLAMAV_PRIVATE 1.0.3 - cli_isnumber@CLAMAV_PRIVATE 1.0.3 - cli_js_destroy@CLAMAV_PRIVATE 1.0.3 - cli_js_init@CLAMAV_PRIVATE 1.0.3 - cli_js_output@CLAMAV_PRIVATE 1.0.3 - cli_js_parse_done@CLAMAV_PRIVATE 1.0.3 - cli_js_process_buffer@CLAMAV_PRIVATE 1.0.3 - cli_ldbtokenize@CLAMAV_PRIVATE 1.0.3 - cli_malloc@CLAMAV_PRIVATE 1.0.3 - cli_memstr@CLAMAV_PRIVATE 1.0.3 - cli_ole2_extract@CLAMAV_PRIVATE 1.0.3 - cli_pcre_build@CLAMAV_PRIVATE 1.0.3 - cli_pcre_freeoff@CLAMAV_PRIVATE 1.0.3 - cli_pcre_init@CLAMAV_PRIVATE 1.0.3 - cli_pcre_perf_events_destroy@CLAMAV_PRIVATE 1.0.3 - cli_pcre_perf_print@CLAMAV_PRIVATE 1.0.3 - cli_pcre_recaloff@CLAMAV_PRIVATE 1.0.3 - cli_pcre_scanbuf@CLAMAV_PRIVATE 1.0.3 - cli_ppt_vba_read@CLAMAV_PRIVATE 1.0.3 - cli_printcxxver@CLAMAV_PRIVATE 1.0.3 - cli_readn@CLAMAV_PRIVATE 1.0.3 - cli_realloc@CLAMAV_PRIVATE 1.0.3 - cli_realpath@CLAMAV_PRIVATE 1.0.3 - cli_regcomp@CLAMAV_PRIVATE 1.0.3 - cli_regex2suffix@CLAMAV_PRIVATE 1.0.3 - cli_regexec@CLAMAV_PRIVATE 1.0.3 - cli_regfree@CLAMAV_PRIVATE 1.0.3 - cli_rmdirs@CLAMAV_PRIVATE 1.0.3 - cli_rndnum@CLAMAV_PRIVATE 1.0.3 - cli_sanitize_filepath@CLAMAV_PRIVATE 1.0.3 - cli_scan_buff@CLAMAV_PRIVATE 1.0.3 - cli_scan_fmap@CLAMAV_PRIVATE 1.0.3 - cli_set_debug_flag@CLAMAV_PRIVATE 1.0.3 - cli_sigopts_handler@CLAMAV_PRIVATE 1.0.3 - cli_sigperf_events_destroy@CLAMAV_PRIVATE 1.0.3 - cli_sigperf_print@CLAMAV_PRIVATE 1.0.3 - cli_str2hex@CLAMAV_PRIVATE 1.0.3 - cli_strbcasestr@CLAMAV_PRIVATE 1.0.3 - cli_strdup@CLAMAV_PRIVATE 1.0.3 - cli_strerror@CLAMAV_PRIVATE 1.0.3 - cli_strlcat@CLAMAV_PRIVATE 1.0.3 - cli_strlcpy@CLAMAV_PRIVATE 1.0.3 - cli_strntoul@CLAMAV_PRIVATE 1.0.3 - cli_strrcpy@CLAMAV_PRIVATE 1.0.3 - cli_strtok@CLAMAV_PRIVATE 1.0.3 - cli_strtokbuf@CLAMAV_PRIVATE 1.0.3 - cli_strtokenize@CLAMAV_PRIVATE 1.0.3 - cli_textbuffer_append_normalize@CLAMAV_PRIVATE 1.0.3 - cli_unescape@CLAMAV_PRIVATE 1.0.3 - cli_unlink@CLAMAV_PRIVATE 1.0.3 - cli_url_canon@CLAMAV_PRIVATE 1.0.3 - cli_utf16_to_utf8@CLAMAV_PRIVATE 1.0.3 - cli_utf16toascii@CLAMAV_PRIVATE 1.0.3 - cli_vba_inflate@CLAMAV_PRIVATE 1.0.3 - cli_vba_readdir@CLAMAV_PRIVATE 1.0.3 - cli_versig2@CLAMAV_PRIVATE 1.0.3 - cli_versig@CLAMAV_PRIVATE 1.0.3 - cli_warnmsg@CLAMAV_PRIVATE 1.0.3 - cli_wm_decrypt_macro@CLAMAV_PRIVATE 1.0.3 - cli_wm_readdir@CLAMAV_PRIVATE 1.0.3 - cli_writen@CLAMAV_PRIVATE 1.0.3 - decodeLine@CLAMAV_PRIVATE 1.0.3 - disasmbuf@CLAMAV_PRIVATE 1.0.3 - fmap@CLAMAV_PRIVATE 1.0.3 - fmap_dump_to_file@CLAMAV_PRIVATE 1.0.3 - fmap_duplicate@CLAMAV_PRIVATE 1.0.3 - free_duplicate_fmap@CLAMAV_PRIVATE 1.0.3 - get_fpu_endian@CLAMAV_PRIVATE 1.0.3 - have_clamjit@CLAMAV_PRIVATE 1.0.3 - have_rar@CLAMAV_PRIVATE 1.0.3 - html_normalise_map@CLAMAV_PRIVATE 1.0.3 - html_normalise_mem@CLAMAV_PRIVATE 1.0.3 - html_screnc_decode@CLAMAV_PRIVATE 1.0.3 - html_tag_arg_free@CLAMAV_PRIVATE 1.0.3 - init_allow_list@CLAMAV_PRIVATE 1.0.3 - init_domain_list@CLAMAV_PRIVATE 1.0.3 - init_regex_list@CLAMAV_PRIVATE 1.0.3 - is_regex_ok@CLAMAV_PRIVATE 1.0.3 - load_regex_matcher@CLAMAV_PRIVATE 1.0.3 - lsig_increment_subsig_match@CLAMAV_PRIVATE 1.0.3 + cl_validate_certificate_chain@CLAMAV_PRIVATE 1.0.5 + cl_validate_certificate_chain_ts_dir@CLAMAV_PRIVATE 1.0.5 + cl_verify_signature@CLAMAV_PRIVATE 1.0.5 + cl_verify_signature_fd@CLAMAV_PRIVATE 1.0.5 + cl_verify_signature_fd_x509@CLAMAV_PRIVATE 1.0.5 + cl_verify_signature_fd_x509_keyfile@CLAMAV_PRIVATE 1.0.5 + cl_verify_signature_hash@CLAMAV_PRIVATE 1.0.5 + cl_verify_signature_hash_x509@CLAMAV_PRIVATE 1.0.5 + cl_verify_signature_hash_x509_keyfile@CLAMAV_PRIVATE 1.0.5 + cl_verify_signature_x509@CLAMAV_PRIVATE 1.0.5 + cl_verify_signature_x509_keyfile@CLAMAV_PRIVATE 1.0.5 + cli_ac_buildtrie@CLAMAV_PRIVATE 1.0.5 + cli_ac_chklsig@CLAMAV_PRIVATE 1.0.5 + cli_ac_free@CLAMAV_PRIVATE 1.0.5 + cli_ac_freedata@CLAMAV_PRIVATE 1.0.5 + cli_ac_init@CLAMAV_PRIVATE 1.0.5 + cli_ac_initdata@CLAMAV_PRIVATE 1.0.5 + cli_ac_scanbuff@CLAMAV_PRIVATE 1.0.5 + cli_add_content_match_pattern@CLAMAV_PRIVATE 1.0.5 + cli_basename@CLAMAV_PRIVATE 1.0.5 + cli_bm_free@CLAMAV_PRIVATE 1.0.5 + cli_bm_init@CLAMAV_PRIVATE 1.0.5 + cli_bm_scanbuff@CLAMAV_PRIVATE 1.0.5 + cli_build_regex_list@CLAMAV_PRIVATE 1.0.5 + cli_bytecode_context_alloc@CLAMAV_PRIVATE 1.0.5 + cli_bytecode_context_destroy@CLAMAV_PRIVATE 1.0.5 + cli_bytecode_context_getresult_int@CLAMAV_PRIVATE 1.0.5 + cli_bytecode_context_set_trace@CLAMAV_PRIVATE 1.0.5 + cli_bytecode_context_setfile@CLAMAV_PRIVATE 1.0.5 + cli_bytecode_context_setfuncid@CLAMAV_PRIVATE 1.0.5 + cli_bytecode_context_setparam_int@CLAMAV_PRIVATE 1.0.5 + cli_bytecode_context_setparam_ptr@CLAMAV_PRIVATE 1.0.5 + cli_bytecode_debug@CLAMAV_PRIVATE 1.0.5 + cli_bytecode_debug_printsrc@CLAMAV_PRIVATE 1.0.5 + cli_bytecode_describe@CLAMAV_PRIVATE 1.0.5 + cli_bytecode_destroy@CLAMAV_PRIVATE 1.0.5 + cli_bytecode_done@CLAMAV_PRIVATE 1.0.5 + cli_bytecode_init@CLAMAV_PRIVATE 1.0.5 + cli_bytecode_load@CLAMAV_PRIVATE 1.0.5 + cli_bytecode_prepare2@CLAMAV_PRIVATE 1.0.5 + cli_bytecode_printversion@CLAMAV_PRIVATE 1.0.5 + cli_bytecode_run@CLAMAV_PRIVATE 1.0.5 + cli_bytefunc_describe@CLAMAV_PRIVATE 1.0.5 + cli_byteinst_describe@CLAMAV_PRIVATE 1.0.5 + cli_bytetype_describe@CLAMAV_PRIVATE 1.0.5 + cli_bytevalue_describe@CLAMAV_PRIVATE 1.0.5 + cli_calloc@CLAMAV_PRIVATE 1.0.5 + cli_check_auth_header@CLAMAV_PRIVATE 1.0.5 + cli_chomp@CLAMAV_PRIVATE 1.0.5 + cli_codepage_to_utf8@CLAMAV_PRIVATE 1.0.5 + cli_ctime@CLAMAV_PRIVATE 1.0.5 + cli_dbgmsg@CLAMAV_PRIVATE 1.0.5 + cli_dbgmsg_no_inline@CLAMAV_PRIVATE 1.0.5 + cli_dconf_init@CLAMAV_PRIVATE 1.0.5 + cli_debug_flag@CLAMAV_PRIVATE 1.0.5 + cli_detect_environment@CLAMAV_PRIVATE 1.0.5 + cli_disasm_one@CLAMAV_PRIVATE 1.0.5 + cli_errmsg@CLAMAV_PRIVATE 1.0.5 + cli_filecopy@CLAMAV_PRIVATE 1.0.5 + cli_free_vba_project@CLAMAV_PRIVATE 1.0.5 + cli_ftw@CLAMAV_PRIVATE 1.0.5 + cli_genhash_pe@CLAMAV_PRIVATE 1.0.5 + cli_gentemp@CLAMAV_PRIVATE 1.0.5 + cli_gentemp_with_prefix@CLAMAV_PRIVATE 1.0.5 + cli_gentempfd@CLAMAV_PRIVATE 1.0.5 + cli_gentempfd_with_prefix@CLAMAV_PRIVATE 1.0.5 + cli_get_debug_flag@CLAMAV_PRIVATE 1.0.5 + cli_get_filepath_from_filedesc@CLAMAV_PRIVATE 1.0.5 + cli_get_last_virus_str@CLAMAV_PRIVATE 1.0.5 + cli_getdsig@CLAMAV_PRIVATE 1.0.5 + cli_gettmpdir@CLAMAV_PRIVATE 1.0.5 + cli_hashfile@CLAMAV_PRIVATE 1.0.5 + cli_hashset_destroy@CLAMAV_PRIVATE 1.0.5 + cli_hashstream@CLAMAV_PRIVATE 1.0.5 + cli_hex2str@CLAMAV_PRIVATE 1.0.5 + cli_hex2ui@CLAMAV_PRIVATE 1.0.5 + cli_infomsg_simple@CLAMAV_PRIVATE 1.0.5 + cli_initroots@CLAMAV_PRIVATE 1.0.5 + cli_isnumber@CLAMAV_PRIVATE 1.0.5 + cli_js_destroy@CLAMAV_PRIVATE 1.0.5 + cli_js_init@CLAMAV_PRIVATE 1.0.5 + cli_js_output@CLAMAV_PRIVATE 1.0.5 + cli_js_parse_done@CLAMAV_PRIVATE 1.0.5 + cli_js_process_buffer@CLAMAV_PRIVATE 1.0.5 + cli_ldbtokenize@CLAMAV_PRIVATE 1.0.5 + cli_malloc@CLAMAV_PRIVATE 1.0.5 + cli_memstr@CLAMAV_PRIVATE 1.0.5 + cli_ole2_extract@CLAMAV_PRIVATE 1.0.5 + cli_pcre_build@CLAMAV_PRIVATE 1.0.5 + cli_pcre_freeoff@CLAMAV_PRIVATE 1.0.5 + cli_pcre_init@CLAMAV_PRIVATE 1.0.5 + cli_pcre_perf_events_destroy@CLAMAV_PRIVATE 1.0.5 + cli_pcre_perf_print@CLAMAV_PRIVATE 1.0.5 + cli_pcre_recaloff@CLAMAV_PRIVATE 1.0.5 + cli_pcre_scanbuf@CLAMAV_PRIVATE 1.0.5 + cli_ppt_vba_read@CLAMAV_PRIVATE 1.0.5 + cli_printcxxver@CLAMAV_PRIVATE 1.0.5 + cli_readn@CLAMAV_PRIVATE 1.0.5 + cli_realloc@CLAMAV_PRIVATE 1.0.5 + cli_realpath@CLAMAV_PRIVATE 1.0.5 + cli_regcomp@CLAMAV_PRIVATE 1.0.5 + cli_regex2suffix@CLAMAV_PRIVATE 1.0.5 + cli_regexec@CLAMAV_PRIVATE 1.0.5 + cli_regfree@CLAMAV_PRIVATE 1.0.5 + cli_rmdirs@CLAMAV_PRIVATE 1.0.5 + cli_rndnum@CLAMAV_PRIVATE 1.0.5 + cli_sanitize_filepath@CLAMAV_PRIVATE 1.0.5 + cli_scan_buff@CLAMAV_PRIVATE 1.0.5 + cli_scan_fmap@CLAMAV_PRIVATE 1.0.5 + cli_set_debug_flag@CLAMAV_PRIVATE 1.0.5 + cli_sigopts_handler@CLAMAV_PRIVATE 1.0.5 + cli_sigperf_events_destroy@CLAMAV_PRIVATE 1.0.5 + cli_sigperf_print@CLAMAV_PRIVATE 1.0.5 + cli_str2hex@CLAMAV_PRIVATE 1.0.5 + cli_strbcasestr@CLAMAV_PRIVATE 1.0.5 + cli_strdup@CLAMAV_PRIVATE 1.0.5 + cli_strerror@CLAMAV_PRIVATE 1.0.5 + cli_strlcat@CLAMAV_PRIVATE 1.0.5 + cli_strlcpy@CLAMAV_PRIVATE 1.0.5 + cli_strntoul@CLAMAV_PRIVATE 1.0.5 + cli_strrcpy@CLAMAV_PRIVATE 1.0.5 + cli_strtok@CLAMAV_PRIVATE 1.0.5 + cli_strtokbuf@CLAMAV_PRIVATE 1.0.5 + cli_strtokenize@CLAMAV_PRIVATE 1.0.5 + cli_textbuffer_append_normalize@CLAMAV_PRIVATE 1.0.5 + cli_unescape@CLAMAV_PRIVATE 1.0.5 + cli_unlink@CLAMAV_PRIVATE 1.0.5 + cli_url_canon@CLAMAV_PRIVATE 1.0.5 + cli_utf16_to_utf8@CLAMAV_PRIVATE 1.0.5 + cli_utf16toascii@CLAMAV_PRIVATE 1.0.5 + cli_vba_inflate@CLAMAV_PRIVATE 1.0.5 + cli_vba_readdir@CLAMAV_PRIVATE 1.0.5 + cli_versig2@CLAMAV_PRIVATE 1.0.5 + cli_versig@CLAMAV_PRIVATE 1.0.5 + cli_warnmsg@CLAMAV_PRIVATE 1.0.5 + cli_wm_decrypt_macro@CLAMAV_PRIVATE 1.0.5 + cli_wm_readdir@CLAMAV_PRIVATE 1.0.5 + cli_writen@CLAMAV_PRIVATE 1.0.5 + decodeLine@CLAMAV_PRIVATE 1.0.5 + disasmbuf@CLAMAV_PRIVATE 1.0.5 + fmap@CLAMAV_PRIVATE 1.0.5 + fmap_dump_to_file@CLAMAV_PRIVATE 1.0.5 + fmap_duplicate@CLAMAV_PRIVATE 1.0.5 + free_duplicate_fmap@CLAMAV_PRIVATE 1.0.5 + get_fpu_endian@CLAMAV_PRIVATE 1.0.5 + have_clamjit@CLAMAV_PRIVATE 1.0.5 + have_rar@CLAMAV_PRIVATE 1.0.5 + html_normalise_map@CLAMAV_PRIVATE 1.0.5 + html_normalise_mem@CLAMAV_PRIVATE 1.0.5 + html_screnc_decode@CLAMAV_PRIVATE 1.0.5 + html_tag_arg_free@CLAMAV_PRIVATE 1.0.5 + init_allow_list@CLAMAV_PRIVATE 1.0.5 + init_domain_list@CLAMAV_PRIVATE 1.0.5 + init_regex_list@CLAMAV_PRIVATE 1.0.5 + is_regex_ok@CLAMAV_PRIVATE 1.0.5 + load_regex_matcher@CLAMAV_PRIVATE 1.0.5 + lsig_increment_subsig_match@CLAMAV_PRIVATE 1.0.5 lsig_sub_matched@CLAMAV_PUBLIC 1.0.0 - messageCreate@CLAMAV_PRIVATE 1.0.3 - messageDestroy@CLAMAV_PRIVATE 1.0.3 - mpool_calloc@CLAMAV_PRIVATE 1.0.3 - mpool_create@CLAMAV_PRIVATE 1.0.3 - mpool_destroy@CLAMAV_PRIVATE 1.0.3 - mpool_free@CLAMAV_PRIVATE 1.0.3 - mpool_getstats@CLAMAV_PRIVATE 1.0.3 - phishingScan@CLAMAV_PRIVATE 1.0.3 - phishing_done@CLAMAV_PRIVATE 1.0.3 - phishing_init@CLAMAV_PRIVATE 1.0.3 - readdb_parse_ldb_subsignature@CLAMAV_PRIVATE 1.0.3 - regex_list_add_pattern@CLAMAV_PRIVATE 1.0.3 - regex_list_done@CLAMAV_PRIVATE 1.0.3 - regex_list_match@CLAMAV_PRIVATE 1.0.3 - tableCreate@CLAMAV_PRIVATE 1.0.3 - tableDestroy@CLAMAV_PRIVATE 1.0.3 - tableFind@CLAMAV_PRIVATE 1.0.3 - tableInsert@CLAMAV_PRIVATE 1.0.3 - tableIterate@CLAMAV_PRIVATE 1.0.3 - tableRemove@CLAMAV_PRIVATE 1.0.3 - tableUpdate@CLAMAV_PRIVATE 1.0.3 - text_normalize_init@CLAMAV_PRIVATE 1.0.3 - text_normalize_map@CLAMAV_PRIVATE 1.0.3 - text_normalize_reset@CLAMAV_PRIVATE 1.0.3 - uniq_add@CLAMAV_PRIVATE 1.0.3 - uniq_free@CLAMAV_PRIVATE 1.0.3 - uniq_get@CLAMAV_PRIVATE 1.0.3 - uniq_init@CLAMAV_PRIVATE 1.0.3 + messageCreate@CLAMAV_PRIVATE 1.0.5 + messageDestroy@CLAMAV_PRIVATE 1.0.5 + mpool_calloc@CLAMAV_PRIVATE 1.0.5 + mpool_create@CLAMAV_PRIVATE 1.0.5 + mpool_destroy@CLAMAV_PRIVATE 1.0.5 + mpool_free@CLAMAV_PRIVATE 1.0.5 + mpool_getstats@CLAMAV_PRIVATE 1.0.5 + phishingScan@CLAMAV_PRIVATE 1.0.5 + phishing_done@CLAMAV_PRIVATE 1.0.5 + phishing_init@CLAMAV_PRIVATE 1.0.5 + readdb_parse_ldb_subsignature@CLAMAV_PRIVATE 1.0.5 + regex_list_add_pattern@CLAMAV_PRIVATE 1.0.5 + regex_list_done@CLAMAV_PRIVATE 1.0.5 + regex_list_match@CLAMAV_PRIVATE 1.0.5 + tableCreate@CLAMAV_PRIVATE 1.0.5 + tableDestroy@CLAMAV_PRIVATE 1.0.5 + tableFind@CLAMAV_PRIVATE 1.0.5 + tableInsert@CLAMAV_PRIVATE 1.0.5 + tableIterate@CLAMAV_PRIVATE 1.0.5 + tableRemove@CLAMAV_PRIVATE 1.0.5 + tableUpdate@CLAMAV_PRIVATE 1.0.5 + text_normalize_init@CLAMAV_PRIVATE 1.0.5 + text_normalize_map@CLAMAV_PRIVATE 1.0.5 + text_normalize_reset@CLAMAV_PRIVATE 1.0.5 + uniq_add@CLAMAV_PRIVATE 1.0.5 + uniq_free@CLAMAV_PRIVATE 1.0.5 + uniq_get@CLAMAV_PRIVATE 1.0.5 + uniq_init@CLAMAV_PRIVATE 1.0.5 libfreshclam.so.2 libclamav11 #MINVER# FRESHCLAM_PRIVATE@FRESHCLAM_PRIVATE 1.0.1 FRESHCLAM_PUBLIC@FRESHCLAM_PUBLIC 1.0.0 diff --git a/debian/patches/Add-a-version-script-for-libclamav-and-libfreshclam.patch b/debian/patches/Add-a-version-script-for-libclamav-and-libfreshclam.patch index 04b3b35..b8dc842 100644 --- a/debian/patches/Add-a-version-script-for-libclamav-and-libfreshclam.patch +++ b/debian/patches/Add-a-version-script-for-libclamav-and-libfreshclam.patch @@ -1,4 +1,4 @@ -From 02e81d7f161a4dce9f9bd20b0fb02b1bbe0ec232 Mon Sep 17 00:00:00 2001 +From 0c3d501051dd0ef760ea0aeb8598ce8872f24080 Mon Sep 17 00:00:00 2001 From: Sebastian Andrzej Siewior <sebast...@breakpoint.cc> Date: Mon, 2 Jan 2023 15:51:42 +0100 Subject: Add a version script for libclamav and libfreshclam diff --git a/debian/patches/Add-an-option-to-avoid-setting-RPATH-on-unix-systems.patch b/debian/patches/Add-an-option-to-avoid-setting-RPATH-on-unix-systems.patch index 068ea04..a949023 100644 --- a/debian/patches/Add-an-option-to-avoid-setting-RPATH-on-unix-systems.patch +++ b/debian/patches/Add-an-option-to-avoid-setting-RPATH-on-unix-systems.patch @@ -1,4 +1,4 @@ -From 41cd9840d6d746fb3206daadda59e0030f5631a8 Mon Sep 17 00:00:00 2001 +From 75139abae87f22d070f53dc85d4803cb09309859 Mon Sep 17 00:00:00 2001 From: Sebastian Andrzej Siewior <sebast...@breakpoint.cc> Date: Fri, 6 Jan 2023 23:11:00 +0100 Subject: Add an option to avoid setting RPATH on unix systems. @@ -16,7 +16,7 @@ Signed-off-by: Sebastian Andrzej Siewior <sebast...@breakpoint.cc> 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt -index a15ea12..cfeeb49 100644 +index e414ae6..b2c6533 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -174,13 +174,13 @@ endif() diff --git a/debian/patches/Change-paths-in-sample-conf-file-to-match-Debian.patch b/debian/patches/Change-paths-in-sample-conf-file-to-match-Debian.patch index da68c75..169bde6 100644 --- a/debian/patches/Change-paths-in-sample-conf-file-to-match-Debian.patch +++ b/debian/patches/Change-paths-in-sample-conf-file-to-match-Debian.patch @@ -1,4 +1,4 @@ -From 57f08c063a67798b1403e75fad6a629d2ee907db Mon Sep 17 00:00:00 2001 +From 1cc4c5c049acec79a134e35895ae0df6f2781d86 Mon Sep 17 00:00:00 2001 From: Scott Kitterman <sc...@kitterman.com> Date: Mon, 10 Mar 2014 19:20:18 -0400 Subject: Change paths in sample conf file to match Debian diff --git a/debian/patches/Freshclam-remove-curl-result-warning.patch b/debian/patches/Freshclam-remove-curl-result-warning.patch deleted file mode 100644 index 7282f51..0000000 --- a/debian/patches/Freshclam-remove-curl-result-warning.patch +++ /dev/null @@ -1,27 +0,0 @@ -From b6798c1c1c1bd4e43f1ffbc36748adb5cf07787a Mon Sep 17 00:00:00 2001 -From: Micah Snyder <micas...@cisco.com> -Date: Tue, 30 May 2023 16:07:45 -0700 -Subject: Freshclam: remove curl result warning - -A warning printing the HTTP code and file size was accidentally -committed at the end of ClamAV 1.1.0 dev when fixing a bug. -Remove this warning. - -Resolves: https://github.com/Cisco-Talos/clamav/issues/930 -Patch-Name: Freshclam-remove-curl-result-warning.patch ---- - libfreshclam/libfreshclam_internal.c | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/libfreshclam/libfreshclam_internal.c b/libfreshclam/libfreshclam_internal.c -index e1ffeb1..c96b488 100644 ---- a/libfreshclam/libfreshclam_internal.c -+++ b/libfreshclam/libfreshclam_internal.c -@@ -1300,7 +1300,6 @@ static fc_error_t downloadFile( - - /* Check HTTP code */ - curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &http_code); -- logg(LOGG_WARNING, " ******* RESULT %ld, SIZE: %zu ******* \n", http_code, receivedFile.size); - switch (http_code) { - case 200: - case 206: { diff --git a/debian/patches/Remove-bundled-tomfastmath-library.patch b/debian/patches/Remove-bundled-tomfastmath-library.patch index 579b20d..14af913 100644 --- a/debian/patches/Remove-bundled-tomfastmath-library.patch +++ b/debian/patches/Remove-bundled-tomfastmath-library.patch @@ -1,4 +1,4 @@ -From 7161ab29bd364366b61ee3b963c4cb2e8a8ffee9 Mon Sep 17 00:00:00 2001 +From 62cd02dc40f3fd1a26496091133787db33dd65e7 Mon Sep 17 00:00:00 2001 From: Sebastian Andrzej Siewior <sebast...@breakpoint.cc> Date: Sat, 18 Feb 2023 10:45:50 +0100 Subject: Remove bundled tomfastmath library. @@ -43,7 +43,7 @@ index 548d672..68dec8c 100644 - Yara has since switched to the BSD 3-Clause License; Our source is out-of-date and needs to be updated. diff --git a/clamav-config.h.cmake.in b/clamav-config.h.cmake.in -index 5de4cbf..b21af87 100644 +index 8153ff5..4f3b837 100644 --- a/clamav-config.h.cmake.in +++ b/clamav-config.h.cmake.in @@ -401,9 +401,6 @@ diff --git a/debian/patches/cargo-Remove-windows-referenfes.patch b/debian/patches/cargo-Remove-windows-referenfes.patch index 5e96642..8371e9f 100644 --- a/debian/patches/cargo-Remove-windows-referenfes.patch +++ b/debian/patches/cargo-Remove-windows-referenfes.patch @@ -1,4 +1,4 @@ -From 2082ccf539724ebe2552e816c27271aa37f51fd0 Mon Sep 17 00:00:00 2001 +From 596400ea97297ee38482a785bc631ceb74217986 Mon Sep 17 00:00:00 2001 From: Scott Kitterman <sc...@kitterman.com> Date: Sat, 31 Dec 2022 12:12:58 +0100 Subject: cargo: Remove windows referenfes. @@ -10,66 +10,14 @@ complain about it. Patch-Name: cargo-Remove-windows-referenfes.patch --- - .../.cargo/vendor/ansi_term/.cargo-checksum.json | 2 +- - libclamav_rust/.cargo/vendor/ansi_term/Cargo.toml | 6 +++--- - .../.cargo/vendor/atty/.cargo-checksum.json | 2 +- - libclamav_rust/.cargo/vendor/atty/Cargo.toml | 6 +++--- .../.cargo/vendor/libloading/.cargo-checksum.json | 2 +- libclamav_rust/.cargo/vendor/libloading/Cargo.toml | 12 ++++++------ - .../vendor/remove_dir_all/.cargo-checksum.json | 2 +- - .../.cargo/vendor/remove_dir_all/Cargo.toml | 4 ++-- .../.cargo/vendor/tempfile/.cargo-checksum.json | 2 +- - libclamav_rust/.cargo/vendor/tempfile/Cargo.toml | 6 +++--- + libclamav_rust/.cargo/vendor/tempfile/Cargo.toml | 12 ++++++------ .../.cargo/vendor/which/.cargo-checksum.json | 2 +- libclamav_rust/.cargo/vendor/which/Cargo.toml | 4 ++-- - 12 files changed, 25 insertions(+), 25 deletions(-) + 6 files changed, 17 insertions(+), 17 deletions(-) -diff --git a/libclamav_rust/.cargo/vendor/ansi_term/.cargo-checksum.json b/libclamav_rust/.cargo/vendor/ansi_term/.cargo-checksum.json -index ee41459..2c87a6d 100644 ---- a/libclamav_rust/.cargo/vendor/ansi_term/.cargo-checksum.json -+++ b/libclamav_rust/.cargo/vendor/ansi_term/.cargo-checksum.json -@@ -1 +1 @@ --{"files":{"Cargo.lock":"31bb7b361278d99a00595cbd916c444e6fd193b5f0b1ea0cf2d9454440739501","Cargo.toml":"4ca681d6949661455ac88541ffa68ebc7db50cb2b6e9a2134e6d0687da4997c3","LICENCE":"2762990c7fbba9d550802a2593c1d857dcd52596bb0f9f192a97e9a7ac5f4f9e","README.md":"8d983e1bb3cc99724010d9073a5be6452cd49bd57a877525fd0a5dd41e6591d5","examples/256_colours.rs":"5f2845068bc2d93cff4a61f18ffa44fbbbc91be771dfd686d537d343f37041da","examples/basic_colours.rs":"d610795f3743d10d90ec4e5ab32cc09fb16640896cecd2f93fca434a0920397c","examples/rgb_colours.rs":"8399e5131e959a56c932036b790e601fb4ad658856112daf87f933889b443f2c","src/ansi.rs":"988fb87936064fa006fcc9474ac62099c8d6e98d38bb80cec2cd864066482a08","src/debug.rs":"61343f8bf13695020102c033aeaacd9ccd3ec830eacbf9011127e61829451d20","src/difference.rs":"9b4b8f91c72932bfda262abdceff0ec124a5a8dd27d07bd4d2e5e7889135c6c9","src/display.rs":"c04f2397d1d1d86a5e2188c2840c505cb0baeaf9706a88d4bbe56eadc67811b9","src/lib.rs":"b85df4b9b8832cda777db049efa2ec84b9847438fa3feaf8540e597ce2532a47","src/style.rs":"1042fc973f5ea8bbb2a2faec334aad530520b53edc9b3296174ae38c1060490b","src/util.rs":"07c127f732887573a1c9126fc0288e13e7a8f1f803513b95e50aac2905171b0d","src/windows.rs":"7ce7dd6738b9728fcd3908c284b6f29a9bdfb34af761b4c7385cf7e3e1b20e64","src/write.rs":"c9ec03764ad1ecea8b680243c9cafc5e70919fcea7500cc18246ffd8f6bb4b33"},"package":"d52a9bb7ec0cf484c551830a7ce27bd20d67eac647e1befb56b0be4ee39a55d2"} -\ No newline at end of file -+{"files":{"Cargo.lock":"31bb7b361278d99a00595cbd916c444e6fd193b5f0b1ea0cf2d9454440739501","LICENCE":"2762990c7fbba9d550802a2593c1d857dcd52596bb0f9f192a97e9a7ac5f4f9e","README.md":"8d983e1bb3cc99724010d9073a5be6452cd49bd57a877525fd0a5dd41e6591d5","examples/256_colours.rs":"5f2845068bc2d93cff4a61f18ffa44fbbbc91be771dfd686d537d343f37041da","examples/basic_colours.rs":"d610795f3743d10d90ec4e5ab32cc09fb16640896cecd2f93fca434a0920397c","examples/rgb_colours.rs":"8399e5131e959a56c932036b790e601fb4ad658856112daf87f933889b443f2c","src/ansi.rs":"988fb87936064fa006fcc9474ac62099c8d6e98d38bb80cec2cd864066482a08","src/debug.rs":"61343f8bf13695020102c033aeaacd9ccd3ec830eacbf9011127e61829451d20","src/difference.rs":"9b4b8f91c72932bfda262abdceff0ec124a5a8dd27d07bd4d2e5e7889135c6c9","src/display.rs":"c04f2397d1d1d86a5e2188c2840c505cb0baeaf9706a88d4bbe56eadc67811b9","src/lib.rs":"b85df4b9b8832cda777db049efa2ec84b9847438fa3feaf8540e597ce2532a47","src/style.rs":"1042fc973f5ea8bbb2a2faec334aad530520b53edc9b3296174ae38c1060490b","src/util.rs":"07c127f732887573a1c9126fc0288e13e7a8f1f803513b95e50aac2905171b0d","src/windows.rs":"7ce7dd6738b9728fcd3908c284b6f29a9bdfb34af761b4c7385cf7e3e1b20e64","src/write.rs":"c9ec03764ad1ecea8b680243c9cafc5e70919fcea7500cc18246ffd8f6bb4b33"},"package":"d52a9bb7ec0cf484c551830a7ce27bd20d67eac647e1befb56b0be4ee39a55d2"} -diff --git a/libclamav_rust/.cargo/vendor/ansi_term/Cargo.toml b/libclamav_rust/.cargo/vendor/ansi_term/Cargo.toml -index 0e5feba..3314b47 100644 ---- a/libclamav_rust/.cargo/vendor/ansi_term/Cargo.toml -+++ b/libclamav_rust/.cargo/vendor/ansi_term/Cargo.toml -@@ -38,6 +38,6 @@ version = "1.0.39" - - [features] - derive_serde_style = ["serde"] --[target."cfg(target_os=\"windows\")".dependencies.winapi] --version = "0.3.4" --features = ["consoleapi", "errhandlingapi", "fileapi", "handleapi", "processenv"] -+#[target."cfg(target_os=\"windows\")".dependencies.winapi] -+#version = "0.3.4" -+#features = ["consoleapi", "errhandlingapi", "fileapi", "handleapi", "processenv"] -diff --git a/libclamav_rust/.cargo/vendor/atty/.cargo-checksum.json b/libclamav_rust/.cargo/vendor/atty/.cargo-checksum.json -index a68b85b..8a392c5 100644 ---- a/libclamav_rust/.cargo/vendor/atty/.cargo-checksum.json -+++ b/libclamav_rust/.cargo/vendor/atty/.cargo-checksum.json -@@ -1 +1 @@ --{"files":{"CHANGELOG.md":"70db121262d72acc472ad1a90b78c42de570820e65b566c6b9339b62e636d572","Cargo.lock":"6868f02a96413bcba37a06f01c6bf87e6331dea9461681a47a561cec6acd2546","Cargo.toml":"3af88a07af6a4adb84373fc3cd4920884b0b12b338cdb55ef598fd512ee1a790","LICENSE":"99fa95ba4e4cdaf71c27d73260ea069fc4515b3d02fde3020c5b562280006cbc","README.md":"e559a69c0b2bd20bffcede64fd548df6c671b0d1504613c5e3e5d884d759caea","examples/atty.rs":"1551387a71474d9ac1b5153231f884e9e05213badcfaa3494ad2cb7ea958374a","rustfmt.toml":"8e6ea1bcb79c505490034020c98e9b472f4ac4113f245bae90f5e1217b1ec65a","src/lib.rs":"d5abf6a54e8c496c486572bdc91eef10480f6ad126c4287f039df5feff7a9bbb"},"package":"d9b39be18770d11421cdb1b9947a45dd3f37e93092cbf377614828a319d5fee8"} -\ No newline at end of file -+{"files":{"CHANGELOG.md":"70db121262d72acc472ad1a90b78c42de570820e65b566c6b9339b62e636d572","Cargo.lock":"6868f02a96413bcba37a06f01c6bf87e6331dea9461681a47a561cec6acd2546","LICENSE":"99fa95ba4e4cdaf71c27d73260ea069fc4515b3d02fde3020c5b562280006cbc","README.md":"e559a69c0b2bd20bffcede64fd548df6c671b0d1504613c5e3e5d884d759caea","examples/atty.rs":"1551387a71474d9ac1b5153231f884e9e05213badcfaa3494ad2cb7ea958374a","rustfmt.toml":"8e6ea1bcb79c505490034020c98e9b472f4ac4113f245bae90f5e1217b1ec65a","src/lib.rs":"d5abf6a54e8c496c486572bdc91eef10480f6ad126c4287f039df5feff7a9bbb"},"package":"d9b39be18770d11421cdb1b9947a45dd3f37e93092cbf377614828a319d5fee8"} -diff --git a/libclamav_rust/.cargo/vendor/atty/Cargo.toml b/libclamav_rust/.cargo/vendor/atty/Cargo.toml -index d6bf2d0..f846a68 100644 ---- a/libclamav_rust/.cargo/vendor/atty/Cargo.toml -+++ b/libclamav_rust/.cargo/vendor/atty/Cargo.toml -@@ -27,8 +27,8 @@ version = "0.1.6" - [target."cfg(unix)".dependencies.libc] - version = "0.2" - default-features = false --[target."cfg(windows)".dependencies.winapi] --version = "0.3" --features = ["consoleapi", "processenv", "minwinbase", "minwindef", "winbase"] -+#[target."cfg(windows)".dependencies.winapi] -+#version = "0.3" -+#features = ["consoleapi", "processenv", "minwinbase", "minwindef", "winbase"] - [badges.travis-ci] - repository = "softprops/atty" diff --git a/libclamav_rust/.cargo/vendor/libloading/.cargo-checksum.json b/libclamav_rust/.cargo/vendor/libloading/.cargo-checksum.json index 0416401..884f3c8 100644 --- a/libclamav_rust/.cargo/vendor/libloading/.cargo-checksum.json @@ -98,49 +46,34 @@ index 65168d5..a43837f 100644 +# "errhandlingapi", +# "libloaderapi", +#] -diff --git a/libclamav_rust/.cargo/vendor/remove_dir_all/.cargo-checksum.json b/libclamav_rust/.cargo/vendor/remove_dir_all/.cargo-checksum.json -index bc449a2..b5d9233 100644 ---- a/libclamav_rust/.cargo/vendor/remove_dir_all/.cargo-checksum.json -+++ b/libclamav_rust/.cargo/vendor/remove_dir_all/.cargo-checksum.json -@@ -1 +1 @@ --{"files":{"Cargo.toml":"1e90fb0b342a93a8bd2d593c71bef703e69b760801099d31202556d3a4db0007","LICENCE-APACHE":"c6c8c9dbe29fb4d68d829c7a402f9f6baae3472ecf107cc2a57c75a9a8d1b85c","LICENCE-MIT":"db264505cb1856383e255c8373da9e5aeadc1cd92b570fcc94fd1fb7d892db78","README.md":"167f3796d716e1bb4a6b98d706fd3c02012dff55d488a24e7de822d896d3cc5a","src/fs.rs":"a7137d7f3a5769cd547daf2be2096a7a664d6114107a3f143c921c4aaab97719","src/lib.rs":"8155ac516b4d054de00d78ce70501175bea7248c0436e4a7f0d35823299f7dc2"},"package":"3acd125665422973a33ac9d3dd2df85edad0f4ae9b00dafb1a05e43a9f5ef8e7"} -\ No newline at end of file -+{"files":{"LICENCE-APACHE":"c6c8c9dbe29fb4d68d829c7a402f9f6baae3472ecf107cc2a57c75a9a8d1b85c","LICENCE-MIT":"db264505cb1856383e255c8373da9e5aeadc1cd92b570fcc94fd1fb7d892db78","README.md":"167f3796d716e1bb4a6b98d706fd3c02012dff55d488a24e7de822d896d3cc5a","src/fs.rs":"a7137d7f3a5769cd547daf2be2096a7a664d6114107a3f143c921c4aaab97719","src/lib.rs":"8155ac516b4d054de00d78ce70501175bea7248c0436e4a7f0d35823299f7dc2"},"package":"3acd125665422973a33ac9d3dd2df85edad0f4ae9b00dafb1a05e43a9f5ef8e7"} -diff --git a/libclamav_rust/.cargo/vendor/remove_dir_all/Cargo.toml b/libclamav_rust/.cargo/vendor/remove_dir_all/Cargo.toml -index a847288..f9cdf30 100644 ---- a/libclamav_rust/.cargo/vendor/remove_dir_all/Cargo.toml -+++ b/libclamav_rust/.cargo/vendor/remove_dir_all/Cargo.toml -@@ -23,6 +23,6 @@ license = "MIT/Apache-2.0" - repository = "https://github.com/XAMPPRocky/remove_dir_all.git" - [dev-dependencies.doc-comment] - version = "0.3" --[target."cfg(windows)".dependencies.winapi] --version = "0.3" -+#[target."cfg(windows)".dependencies.winapi] -+#version = "0.3" - features = ["std", "errhandlingapi", "winerror", "fileapi", "winbase"] diff --git a/libclamav_rust/.cargo/vendor/tempfile/.cargo-checksum.json b/libclamav_rust/.cargo/vendor/tempfile/.cargo-checksum.json -index 26f8560..9102e3d 100644 +index 472e033..5274ccf 100644 --- a/libclamav_rust/.cargo/vendor/tempfile/.cargo-checksum.json +++ b/libclamav_rust/.cargo/vendor/tempfile/.cargo-checksum.json @@ -1 +1 @@ --{"files":{"Cargo.toml":"685243e302f6e014de9c8e9b95596e5f63c7bf7fde42e8e66a41a6bc7fd5e803","LICENSE-APACHE":"a60eea817514531668d7e00765731449fe14d059d3249e0bc93b36de45f759f2","LICENSE-MIT":"8b427f5bc501764575e52ba4f9d95673cf8f6d80a86d0d06599852e1a9a20a36","NEWS":"4255c86ac140a4d08423cd05cbd0aa42ff796bb4b38579dd19cde289ee3baecd","README.md":"db6717cbd0b3cbbce5f3cdb8a80d8f2d90b1be251b4c1c647557ae0f78ec9748","src/dir.rs":"4499ff439b740f8d2f01458664e2bf72bbfdd1206226780c6a91fb309ef15707","src/error.rs":"cc7d8eace0fff11cb342158d2885d5637bfb14b24ef30755e808554772039c5f","src/file/imp/mod.rs":"f6da9fcd93f11889670a251fdd8231b5f4614e5a971b7b183f52b44af68568d5","src/file/imp/other.rs":"99c8f9f3251199fc31e7b88810134712e5725fb6fa14648696ed5cbea980fc5b","src/file/imp/unix.rs":"cf8eeceecfddc37c9eaf95a1ebe088314dc468f07fe357961d80817eef619ca4","src/file/imp/windows.rs":"03d81d71c404f0d448e1162825d6fbd57a78b4af8d4dc5287ec2e7c5a873d7cc","src/file/mod.rs":"bda4ee3998106089a4c0ccbc8e46dc22b7d3aec427487fd4e414fb132b378736","src/lib.rs":"e2b0df7e17cc6680a5bb0829d0433f069c6bf9eede2007d21e3b01a595df41a8","src/spooled.rs":"51fa1d7639027234e257d343a5d3c95f2e47899ba6a24f0abec8d4d729eba6d6","src/util.rs":"2bd80ee69009e7e36b596d0105bb00184cff04e899e9fcce2e4cc21f23dda073","tests/namedtempfile.rs":"0031cb33ae6faf45be103869b4d98af63bef4040dc489b323212eb7a7ef72a9a","tests/spooled.rs":"29e797d486d867cb6ac46d4cf126eb5868a069a4070c3f50ffa02fbb0b887934","tests/tempdir.rs":"771d555d4eaa410207d212eb3744e016e0b5a22f1f1b7199636a4fac5daaf952","tests/tempfile.rs":"92078a1e20a39af77c1daa9a422345d20c41584dd2010b4829911c8741d1c628"},"package":"5cdb1ef4eaeeaddc8fbd371e5017057064af0911902ef36b39801f67cc6d79e4"} +-{"files":{"Cargo.toml":"77fb468567c7fcf9a59e458288686210470400d0c3b6e34b3d0321f1f3899354","LICENSE-APACHE":"a60eea817514531668d7e00765731449fe14d059d3249e0bc93b36de45f759f2","LICENSE-MIT":"8b427f5bc501764575e52ba4f9d95673cf8f6d80a86d0d06599852e1a9a20a36","NEWS":"96e2737f84c972d967d5bb7b3b7cae77aa014f3d322d58fc53a1feabbdd86bdc","README.md":"5fb03bad7838354c686bab80e30323385f07efeb2aa1c5c35bdff7ec203dc5fa","src/dir.rs":"7efb94008d9d14dd3c19c105f2a0dd0695e102a1057ad91d80eed2bcb97e5bd0","src/error.rs":"cc7d8eace0fff11cb342158d2885d5637bfb14b24ef30755e808554772039c5f","src/file/imp/mod.rs":"f6da9fcd93f11889670a251fdd8231b5f4614e5a971b7b183f52b44af68568d5","src/file/imp/other.rs":"99c8f9f3251199fc31e7b88810134712e5725fb6fa14648696ed5cbea980fc5b","src/file/imp/unix.rs":"fd0d514d61ed122f4d79c63c9f34809631ba78ffa41eea1632bf332137d22895","src/file/imp/windows.rs":"3c064beb4b70677929bfe6372dba113756fbd8ea27aa6a36e86090d7b860f566","src/file/mod.rs":"a469b69a2cfcf94804f26f18a77fd96777dfe3a3d3761872c507da913c666878","src/lib.rs":"6303e7470c680ad785f32eb717de2e512b88c2c5da0e1684e3704471fabd7398","src/spooled.rs":"05eef6a7aa9441ab834e602c0dd3df2222dcd4bcca91c5dfbc88591fb61a391f","src/util.rs":"6761c241cc6f4b99a85e45a827acd26b4d3bdf1d4efcb43a277f788b262ce0dc","tests/namedtempfile.rs":"93b8f2e609711047fe9649e4bce8e5bfaeeedd54f2ec871a994ea2b619283d7a","tests/spooled.rs":"29e797d486d867cb6ac46d4cf126eb5868a069a4070c3f50ffa02fbb0b887934","tests/tempdir.rs":"abf08594f9d9ddc6c417de413bf63f9026150378af319d857e5ac8578f3fb665","tests/tempfile.rs":"9a2f8142151a6aa2fd047aa3749f9982ece4b080a3ace0d3c58d6bdb3f883c81"},"package":"af18f7ae1acd354b992402e9ec5864359d693cd8a79dcbef59f76891701c1e95"} \ No newline at end of file -+{"files":{"LICENSE-APACHE":"a60eea817514531668d7e00765731449fe14d059d3249e0bc93b36de45f759f2","LICENSE-MIT":"8b427f5bc501764575e52ba4f9d95673cf8f6d80a86d0d06599852e1a9a20a36","NEWS":"4255c86ac140a4d08423cd05cbd0aa42ff796bb4b38579dd19cde289ee3baecd","README.md":"db6717cbd0b3cbbce5f3cdb8a80d8f2d90b1be251b4c1c647557ae0f78ec9748","src/dir.rs":"4499ff439b740f8d2f01458664e2bf72bbfdd1206226780c6a91fb309ef15707","src/error.rs":"cc7d8eace0fff11cb342158d2885d5637bfb14b24ef30755e808554772039c5f","src/file/imp/mod.rs":"f6da9fcd93f11889670a251fdd8231b5f4614e5a971b7b183f52b44af68568d5","src/file/imp/other.rs":"99c8f9f3251199fc31e7b88810134712e5725fb6fa14648696ed5cbea980fc5b","src/file/imp/unix.rs":"cf8eeceecfddc37c9eaf95a1ebe088314dc468f07fe357961d80817eef619ca4","src/file/imp/windows.rs":"03d81d71c404f0d448e1162825d6fbd57a78b4af8d4dc5287ec2e7c5a873d7cc","src/file/mod.rs":"bda4ee3998106089a4c0ccbc8e46dc22b7d3aec427487fd4e414fb132b378736","src/lib.rs":"e2b0df7e17cc6680a5bb0829d0433f069c6bf9eede2007d21e3b01a595df41a8","src/spooled.rs":"51fa1d7639027234e257d343a5d3c95f2e47899ba6a24f0abec8d4d729eba6d6","src/util.rs":"2bd80ee69009e7e36b596d0105bb00184cff04e899e9fcce2e4cc21f23dda073","tests/namedtempfile.rs":"0031cb33ae6faf45be103869b4d98af63bef4040dc489b323212eb7a7ef72a9a","tests/spooled.rs":"29e797d486d867cb6ac46d4cf126eb5868a069a4070c3f50ffa02fbb0b887934","tests/tempdir.rs":"771d555d4eaa410207d212eb3744e016e0b5a22f1f1b7199636a4fac5daaf952","tests/tempfile.rs":"92078a1e20a39af77c1daa9a422345d20c41584dd2010b4829911c8741d1c628"},"package":"5cdb1ef4eaeeaddc8fbd371e5017057064af0911902ef36b39801f67cc6d79e4"} ++{"files":{"LICENSE-APACHE":"a60eea817514531668d7e00765731449fe14d059d3249e0bc93b36de45f759f2","LICENSE-MIT":"8b427f5bc501764575e52ba4f9d95673cf8f6d80a86d0d06599852e1a9a20a36","NEWS":"96e2737f84c972d967d5bb7b3b7cae77aa014f3d322d58fc53a1feabbdd86bdc","README.md":"5fb03bad7838354c686bab80e30323385f07efeb2aa1c5c35bdff7ec203dc5fa","src/dir.rs":"7efb94008d9d14dd3c19c105f2a0dd0695e102a1057ad91d80eed2bcb97e5bd0","src/error.rs":"cc7d8eace0fff11cb342158d2885d5637bfb14b24ef30755e808554772039c5f","src/file/imp/mod.rs":"f6da9fcd93f11889670a251fdd8231b5f4614e5a971b7b183f52b44af68568d5","src/file/imp/other.rs":"99c8f9f3251199fc31e7b88810134712e5725fb6fa14648696ed5cbea980fc5b","src/file/imp/unix.rs":"fd0d514d61ed122f4d79c63c9f34809631ba78ffa41eea1632bf332137d22895","src/file/imp/windows.rs":"3c064beb4b70677929bfe6372dba113756fbd8ea27aa6a36e86090d7b860f566","src/file/mod.rs":"a469b69a2cfcf94804f26f18a77fd96777dfe3a3d3761872c507da913c666878","src/lib.rs":"6303e7470c680ad785f32eb717de2e512b88c2c5da0e1684e3704471fabd7398","src/spooled.rs":"05eef6a7aa9441ab834e602c0dd3df2222dcd4bcca91c5dfbc88591fb61a391f","src/util.rs":"6761c241cc6f4b99a85e45a827acd26b4d3bdf1d4efcb43a277f788b262ce0dc","tests/namedtempfile.rs":"93b8f2e609711047fe9649e4bce8e5bfaeeedd54f2ec871a994ea2b619283d7a","tests/spooled.rs":"29e797d486d867cb6ac46d4cf126eb5868a069a4070c3f50ffa02fbb0b887934","tests/tempdir.rs":"abf08594f9d9ddc6c417de413bf63f9026150378af319d857e5ac8578f3fb665","tests/tempfile.rs":"9a2f8142151a6aa2fd047aa3749f9982ece4b080a3ace0d3c58d6bdb3f883c81"},"package":"af18f7ae1acd354b992402e9ec5864359d693cd8a79dcbef59f76891701c1e95"} diff --git a/libclamav_rust/.cargo/vendor/tempfile/Cargo.toml b/libclamav_rust/.cargo/vendor/tempfile/Cargo.toml -index 253f866..51daf19 100644 +index 0e0722c..a925f08 100644 --- a/libclamav_rust/.cargo/vendor/tempfile/Cargo.toml +++ b/libclamav_rust/.cargo/vendor/tempfile/Cargo.toml -@@ -38,6 +38,6 @@ nightly = [] - version = "0.2.27" +@@ -50,9 +50,9 @@ features = ["fs"] [target."cfg(target_os = \"redox\")".dependencies.redox_syscall] version = "0.2.9" --[target."cfg(windows)".dependencies.winapi] --version = "0.3" --features = ["fileapi", "handleapi", "winbase"] -+#[target."cfg(windows)".dependencies.winapi] -+#version = "0.3" -+#features = ["fileapi", "handleapi", "winbase"] + +-[target."cfg(windows)".dependencies.windows-sys] +-version = "0.42" +-features = [ +- "Win32_Storage_FileSystem", +- "Win32_Foundation", +-] ++# [target."cfg(windows)".dependencies.windows-sys] ++# version = "0.42" ++# features = [ ++# "Win32_Storage_FileSystem", ++# "Win32_Foundation", ++# ] diff --git a/libclamav_rust/.cargo/vendor/which/.cargo-checksum.json b/libclamav_rust/.cargo/vendor/which/.cargo-checksum.json index 7b3c3ca..69fea07 100644 --- a/libclamav_rust/.cargo/vendor/which/.cargo-checksum.json diff --git a/debian/patches/libclamav-Add-missing-symbols.patch b/debian/patches/libclamav-Add-missing-symbols.patch index fe02243..a93250c 100644 --- a/debian/patches/libclamav-Add-missing-symbols.patch +++ b/debian/patches/libclamav-Add-missing-symbols.patch @@ -1,4 +1,4 @@ -From cde2569b3aae83e63013dc5f0c835cf8dc8e0333 Mon Sep 17 00:00:00 2001 +From a6aba92521bf5b8badb77f10777b9724895e7c6b Mon Sep 17 00:00:00 2001 From: Sebastian Andrzej Siewior <sebast...@breakpoint.cc> Date: Mon, 2 Jan 2023 16:20:39 +0100 Subject: libclamav: Add missing symbols. @@ -13,92 +13,30 @@ Signed-off-by: Sebastian Andrzej Siewior <sebast...@breakpoint.cc> 1 file changed, 17 insertions(+) diff --git a/libclamav/libclamav.map b/libclamav/libclamav.map -index ae95c44..eecf2bb 100644 +index 7ef5864..0dd0f38 100644 --- a/libclamav/libclamav.map +++ b/libclamav/libclamav.map -@@ -75,6 +75,9 @@ CLAMAV_PRIVATE { - cl_base64_decode; - cl_base64_encode; - cl_cleanup_crypto; +@@ -267,6 +267,23 @@ CLAMAV_PRIVATE { + __cli_strndup; + __cli_strnlen; + __cli_strnstr; ++ + cl_cvdunpack; + cl_engine_set_clcb_engine_compile_progress; + cl_engine_set_clcb_sigload_progress; - cl_get_pkey_file; - cl_get_x509_from_mem; - cl_hash_data; -@@ -108,6 +111,7 @@ CLAMAV_PRIVATE { - cli_ac_init; - cli_ac_initdata; - cli_ac_scanbuff; + cli_add_content_match_pattern; - cli_basename; - cli_bm_free; - cli_bm_init; -@@ -142,7 +146,10 @@ CLAMAV_PRIVATE { - cli_codepage_to_utf8; - cli_ctime; - cli_cvdunpack; + cli_dbgmsg; -+ cli_dbgmsg; - cli_dbgmsg_internal; + cli_dbgmsg_no_inline; - cli_dconf_init; - cli_debug_flag; - cli_detect_environment; -@@ -156,13 +163,17 @@ CLAMAV_PRIVATE { - cli_gentemp_with_prefix; - cli_gentempfd; - cli_gentempfd_with_prefix; + cli_get_debug_flag; - cli_get_filepath_from_filedesc; + cli_get_last_virus_str; + cli_getdsig; - cli_gettmpdir; - cli_hashfile; - cli_hashset_destroy; - cli_hashstream; - cli_hex2str; - cli_hex2ui; + cli_infomsg_simple; - cli_initroots; - cli_isnumber; - cli_js_destroy; -@@ -196,6 +207,7 @@ CLAMAV_PRIVATE { - cli_sanitize_filepath; - cli_scan_buff; - cli_scan_fmap; + cli_set_debug_flag; - cli_sigopts_handler; - cli_sigperf_events_destroy; - cli_sigperf_print; -@@ -227,6 +239,7 @@ CLAMAV_PRIVATE { - decodeLine; - disasmbuf; - fmap; + fmap_dump_to_file; - fmap_duplicate; - free_duplicate_fmap; - get_fpu_endian; -@@ -236,11 +249,14 @@ CLAMAV_PRIVATE { - html_normalise_mem; - html_screnc_decode; - html_tag_arg_free; + init_allow_list; + init_domain_list; - init_domainlist; - init_regex_list; - init_whitelist; - is_regex_ok; - load_regex_matcher; + lsig_increment_subsig_match; - messageCreate; - messageDestroy; - mpool_calloc; -@@ -251,6 +267,7 @@ CLAMAV_PRIVATE { - phishingScan; - phishing_done; - phishing_init; + readdb_parse_ldb_subsignature; - regex_list_add_pattern; - regex_list_done; - regex_list_match; + local: + *; + }; diff --git a/debian/patches/libclamav-Sort-libclamav.map-and-libfreshclam.map.patch b/debian/patches/libclamav-Sort-libclamav.map-and-libfreshclam.map.patch deleted file mode 100644 index e072c79..0000000 --- a/debian/patches/libclamav-Sort-libclamav.map-and-libfreshclam.map.patch +++ /dev/null @@ -1,584 +0,0 @@ -From eaf028e244ac58bf130b2011dacd83ee5d6a90cc Mon Sep 17 00:00:00 2001 -From: Sebastian Andrzej Siewior <sebast...@breakpoint.cc> -Date: Mon, 2 Jan 2023 16:13:35 +0100 -Subject: libclamav: Sort libclamav.map and libfreshclam.map - -Sort libclamav.map and libfreshclam.map so adding new symbols can be -added in one place. - -Patch-Name: libclamav-Sort-libclamav.map-and-libfreshclam.map.patch -Signed-off-by: Sebastian Andrzej Siewior <sebast...@breakpoint.cc> ---- - libclamav/libclamav.map | 444 +++++++++++++++++----------------- - libfreshclam/libfreshclam.map | 40 +-- - 2 files changed, 240 insertions(+), 244 deletions(-) - -diff --git a/libclamav/libclamav.map b/libclamav/libclamav.map -index 05519b2..ae95c44 100644 ---- a/libclamav/libclamav.map -+++ b/libclamav/libclamav.map -@@ -1,32 +1,49 @@ - CLAMAV_PUBLIC { - global: -+ cl_always_gen_section_hash; -+ cl_countsigs; - cl_cvdfree; - cl_cvdhead; - cl_cvdparse; - cl_cvdverify; - cl_debug; -- cl_init; -- cl_engine_new; -- cl_engine_set_num; -+ cl_engine_addref; -+ cl_engine_compile; -+ cl_engine_free; - cl_engine_get_num; -- cl_engine_set_str; - cl_engine_get_str; -+ cl_engine_new; -+ cl_engine_set_clcb_file_inspection; -+ cl_engine_set_clcb_file_props; - cl_engine_set_clcb_hash; - cl_engine_set_clcb_meta; -- cl_engine_set_clcb_file_props; -- cl_set_clcb_msg; -- cl_engine_set_clcb_file_inspection; -- cl_engine_set_clcb_pre_scan; - cl_engine_set_clcb_post_scan; -- cl_engine_set_clcb_virus_found; -- cl_engine_set_clcb_sigload; - cl_engine_set_clcb_pre_cache; -- cl_engine_settings_copy; -+ cl_engine_set_clcb_pre_scan; -+ cl_engine_set_clcb_sigload; -+ cl_engine_set_clcb_stats_add_sample; -+ cl_engine_set_clcb_stats_decrement_count; -+ cl_engine_set_clcb_stats_flush; -+ cl_engine_set_clcb_stats_get_hostid; -+ cl_engine_set_clcb_stats_get_num; -+ cl_engine_set_clcb_stats_get_size; -+ cl_engine_set_clcb_stats_remove_sample; -+ cl_engine_set_clcb_stats_submit; -+ cl_engine_set_clcb_virus_found; -+ cl_engine_set_num; -+ cl_engine_set_stats_set_cbdata; -+ cl_engine_set_str; - cl_engine_settings_apply; -+ cl_engine_settings_copy; - cl_engine_settings_free; -- cl_engine_compile; -- cl_engine_addref; -- cl_engine_free; -+ cl_engine_stats_enable; -+ cl_finish_hash; -+ cl_fmap_close; -+ cl_fmap_open_handle; -+ cl_fmap_open_memory; -+ cl_hash_destroy; -+ cl_hash_init; -+ cl_init; - cl_load; - cl_retdbdir; - cl_retflevel; -@@ -35,243 +52,222 @@ CLAMAV_PUBLIC { - cl_scandesc_callback; - cl_scanfile; - cl_scanfile_callback; -+ cl_scanmap_callback; -+ cl_set_clcb_msg; - cl_statchkdir; - cl_statfree; - cl_statinidir; -- cl_countsigs; - cl_strerror; -- cl_fmap_open_handle; -- cl_fmap_open_memory; -- cl_scanmap_callback; -- cl_fmap_close; -- cl_always_gen_section_hash; -- cl_engine_set_stats_set_cbdata; -- cl_engine_set_clcb_stats_add_sample; -- cl_engine_set_clcb_stats_remove_sample; -- cl_engine_set_clcb_stats_decrement_count; -- cl_engine_set_clcb_stats_submit; -- cl_engine_set_clcb_stats_flush; -- cl_engine_set_clcb_stats_get_num; -- cl_engine_set_clcb_stats_get_size; -- cl_engine_set_clcb_stats_get_hostid; -- cl_hash_init; - cl_update_hash; -- cl_finish_hash; -- cl_hash_destroy; -- cl_engine_stats_enable; - lsig_sub_matched; - }; - CLAMAV_PRIVATE { - global: -- cli_sigperf_print; -- cli_sigperf_events_destroy; -- cli_pcre_perf_print; -- cli_pcre_perf_events_destroy; -- cli_pcre_init; -- cli_pcre_build; -- cli_pcre_scanbuf; -- cli_pcre_recaloff; -- cli_pcre_freeoff; -- -- cli_gettmpdir; -- cli_strtok; -- cli_strtokenize; -- cli_ldbtokenize; -- cli_strlcat; -- cli_strlcpy; -- cli_strntoul; -- cli_cvdunpack; -- cli_regcomp; -- cli_regexec; -- cli_regfree; -- cli_strrcpy; -- cli_strbcasestr; -- cli_isnumber; -- cli_gentemp; -- cli_gentempfd; -- cli_rmdirs; -- cli_chomp; -- cli_rndnum; -- -- cli_calloc; -- cli_ole2_extract; -- cli_errmsg; -- cli_debug_flag; -- cli_dbgmsg_internal; -- cli_vba_readdir; -- cli_vba_inflate; -- cli_ppt_vba_read; -- cli_wm_readdir; -- cli_wm_decrypt_macro; -- cli_free_vba_project; -- cli_readn; -- cli_str2hex; -- cli_hashfile; -- cli_hashstream; -- text_normalize_init; -- text_normalize_reset; -- text_normalize_map; -- html_normalise_map; -- cli_utf16toascii; -- -- cli_malloc; -- cli_memstr; -- cli_strdup; -- cli_realloc; -- cli_ctime; -- tableCreate; -- tableDestroy; -- tableRemove; -- tableFind; -- tableIterate; -- tableUpdate; -- tableInsert; -- cli_warnmsg; -- cli_strtokbuf; -- cli_js_init; -- cli_js_process_buffer; -- cli_js_parse_done; -- cli_js_destroy; -- cli_js_output; -- cli_unescape; -- cli_textbuffer_append_normalize; -- cli_dconf_init; -- cli_regex2suffix; -- html_normalise_mem; -- init_regex_list; -- is_regex_ok; -- regex_list_done; -- regex_list_add_pattern; -- cli_build_regex_list; -- regex_list_match; -- cli_hashset_destroy; -- phishing_init; -- init_domainlist; -- init_whitelist; -- phishing_done; -- blobCreate; -- blobAddData; -- phishingScan; -- blobDestroy; -- load_regex_matcher; -- html_tag_arg_free; -- disasmbuf; -- uniq_init; -- uniq_free; -- uniq_add; -- uniq_get; -- cli_hex2str; -- cli_ac_init; -- cli_ac_initdata; -- cli_ac_buildtrie; -- cli_ac_scanbuff; -- cli_ac_freedata; -- cli_ac_free; -- cli_ac_chklsig; -- cli_sigopts_handler; -- cli_parse_add; -- cli_bm_init; -- cli_bm_scanbuff; -- cli_bm_free; -- cli_initroots; -- cli_scan_buff; -- cli_scan_fmap; -- cli_check_auth_header; -- cli_genhash_pe; -- html_screnc_decode; -- mpool_create; -- mpool_calloc; -- mpool_destroy; -- mpool_free; -- mpool_getstats; -- cli_versig; -- cli_versig2; -- cli_filecopy; -- cli_ftw; -- cli_unlink; -- cli_writen; -- cli_url_canon; -- cli_strerror; -- decodeLine; -- messageCreate; -- messageDestroy; -+ __cli_strcasestr; -+ __cli_strndup; -+ __cli_strnlen; -+ __cli_strnstr; - base64Flush; -- have_rar; -- have_clamjit; -- cli_bytecode_load; -- cli_bytecode_prepare2; -- cli_bytecode_run; -- cli_bytecode_destroy; -- cli_bytecode_context_alloc; -- cli_bytecode_context_destroy; -- cli_bytecode_context_setfuncid; -- cli_bytecode_context_setparam_int; -- cli_bytecode_context_setparam_ptr; -- cli_bytecode_context_setfile; -- cli_bytecode_context_getresult_int; -- cli_bytecode_context_clear; -- cli_bytecode_init; -- cli_bytecode_done; -- cli_bytecode_debug; -- cli_hex2ui; -- fmap; -- cli_bytecode_context_set_trace; -- cli_bytecode_debug_printsrc; -- cli_bytecode_printversion; -- cli_bytecode_describe; -- cli_bytetype_describe; -- cli_bytevalue_describe; -- cli_byteinst_describe; -- cli_bytefunc_describe; -- cli_printcxxver; -- cli_detect_environment; -- cli_disasm_one; -- cli_utf16_to_utf8; -- get_fpu_endian; -- cl_initialize_crypto; -+ blobAddData; -+ blobCreate; -+ blobDestroy; -+ cl_ASN1_GetTimeT; -+ cl_base64_decode; -+ cl_base64_encode; - cl_cleanup_crypto; -+ cl_get_pkey_file; -+ cl_get_x509_from_mem; - cl_hash_data; - cl_hash_file_fd; -- cl_hash_file_fp; - cl_hash_file_fd_ctx; -- cl_sha256; -+ cl_hash_file_fp; -+ cl_initialize_crypto; -+ cl_load_cert; -+ cl_load_crl; - cl_sha1; -- cl_verify_signature; -- cl_verify_signature_x509_keyfile; -- cl_verify_signature_x509; -- cl_get_x509_from_mem; -- cl_validate_certificate_chain_ts_dir; -+ cl_sha256; -+ cl_sign_data; -+ cl_sign_data_keyfile; -+ cl_sign_file_fd; -+ cl_sign_file_fp; - cl_validate_certificate_chain; -+ cl_validate_certificate_chain_ts_dir; -+ cl_verify_signature; - cl_verify_signature_fd; - cl_verify_signature_fd_x509; - cl_verify_signature_fd_x509_keyfile; - cl_verify_signature_hash; - cl_verify_signature_hash_x509; - cl_verify_signature_hash_x509_keyfile; -- cl_load_cert; -- cl_ASN1_GetTimeT; -- cl_load_crl; -- cl_sign_data_keyfile; -- cl_sign_data; -- cl_sign_file_fd; -- cl_sign_file_fp; -- cl_get_pkey_file; -- cl_base64_decode; -- cl_base64_encode; -- cli_sanitize_filepath; -- cli_gentemp_with_prefix; -- cli_gentempfd_with_prefix; -+ cl_verify_signature_x509; -+ cl_verify_signature_x509_keyfile; -+ cli_ac_buildtrie; -+ cli_ac_chklsig; -+ cli_ac_free; -+ cli_ac_freedata; -+ cli_ac_init; -+ cli_ac_initdata; -+ cli_ac_scanbuff; - cli_basename; -- cli_realpath; -+ cli_bm_free; -+ cli_bm_init; -+ cli_bm_scanbuff; -+ cli_build_regex_list; -+ cli_bytecode_context_alloc; -+ cli_bytecode_context_clear; -+ cli_bytecode_context_destroy; -+ cli_bytecode_context_getresult_int; -+ cli_bytecode_context_set_trace; -+ cli_bytecode_context_setfile; -+ cli_bytecode_context_setfuncid; -+ cli_bytecode_context_setparam_int; -+ cli_bytecode_context_setparam_ptr; -+ cli_bytecode_debug; -+ cli_bytecode_debug_printsrc; -+ cli_bytecode_describe; -+ cli_bytecode_destroy; -+ cli_bytecode_done; -+ cli_bytecode_init; -+ cli_bytecode_load; -+ cli_bytecode_prepare2; -+ cli_bytecode_printversion; -+ cli_bytecode_run; -+ cli_bytefunc_describe; -+ cli_byteinst_describe; -+ cli_bytetype_describe; -+ cli_bytevalue_describe; -+ cli_calloc; -+ cli_check_auth_header; -+ cli_chomp; - cli_codepage_to_utf8; -+ cli_ctime; -+ cli_cvdunpack; -+ cli_dbgmsg_internal; -+ cli_dconf_init; -+ cli_debug_flag; -+ cli_detect_environment; -+ cli_disasm_one; -+ cli_errmsg; -+ cli_filecopy; -+ cli_free_vba_project; -+ cli_ftw; -+ cli_genhash_pe; -+ cli_gentemp; -+ cli_gentemp_with_prefix; -+ cli_gentempfd; -+ cli_gentempfd_with_prefix; - cli_get_filepath_from_filedesc; -+ cli_gettmpdir; -+ cli_hashfile; -+ cli_hashset_destroy; -+ cli_hashstream; -+ cli_hex2str; -+ cli_hex2ui; -+ cli_initroots; -+ cli_isnumber; -+ cli_js_destroy; -+ cli_js_init; -+ cli_js_output; -+ cli_js_parse_done; -+ cli_js_process_buffer; -+ cli_ldbtokenize; -+ cli_malloc; -+ cli_memstr; -+ cli_ole2_extract; -+ cli_parse_add; -+ cli_pcre_build; -+ cli_pcre_freeoff; -+ cli_pcre_init; -+ cli_pcre_perf_events_destroy; -+ cli_pcre_perf_print; -+ cli_pcre_recaloff; -+ cli_pcre_scanbuf; -+ cli_ppt_vba_read; -+ cli_printcxxver; -+ cli_readn; -+ cli_realloc; -+ cli_realpath; -+ cli_regcomp; -+ cli_regex2suffix; -+ cli_regexec; -+ cli_regfree; -+ cli_rmdirs; -+ cli_rndnum; -+ cli_sanitize_filepath; -+ cli_scan_buff; -+ cli_scan_fmap; -+ cli_sigopts_handler; -+ cli_sigperf_events_destroy; -+ cli_sigperf_print; -+ cli_str2hex; -+ cli_strbcasestr; -+ cli_strdup; -+ cli_strerror; -+ cli_strlcat; -+ cli_strlcpy; -+ cli_strntoul; -+ cli_strrcpy; -+ cli_strtok; -+ cli_strtokbuf; -+ cli_strtokenize; -+ cli_textbuffer_append_normalize; -+ cli_unescape; -+ cli_unlink; -+ cli_url_canon; -+ cli_utf16_to_utf8; -+ cli_utf16toascii; -+ cli_vba_inflate; -+ cli_vba_readdir; -+ cli_versig2; -+ cli_versig; -+ cli_warnmsg; -+ cli_wm_decrypt_macro; -+ cli_wm_readdir; -+ cli_writen; -+ decodeLine; -+ disasmbuf; -+ fmap; - fmap_duplicate; - free_duplicate_fmap; -- -- __cli_strcasestr; -- __cli_strndup; -- __cli_strnlen; -- __cli_strnstr; -+ get_fpu_endian; -+ have_clamjit; -+ have_rar; -+ html_normalise_map; -+ html_normalise_mem; -+ html_screnc_decode; -+ html_tag_arg_free; -+ init_domainlist; -+ init_regex_list; -+ init_whitelist; -+ is_regex_ok; -+ load_regex_matcher; -+ messageCreate; -+ messageDestroy; -+ mpool_calloc; -+ mpool_create; -+ mpool_destroy; -+ mpool_free; -+ mpool_getstats; -+ phishingScan; -+ phishing_done; -+ phishing_init; -+ regex_list_add_pattern; -+ regex_list_done; -+ regex_list_match; -+ tableCreate; -+ tableDestroy; -+ tableFind; -+ tableInsert; -+ tableIterate; -+ tableRemove; -+ tableUpdate; -+ text_normalize_init; -+ text_normalize_map; -+ text_normalize_reset; -+ uniq_add; -+ uniq_free; -+ uniq_get; -+ uniq_init; - local: - *; - }; -diff --git a/libfreshclam/libfreshclam.map b/libfreshclam/libfreshclam.map -index 51841b0..a0756fe 100644 ---- a/libfreshclam/libfreshclam.map -+++ b/libfreshclam/libfreshclam.map -@@ -1,43 +1,43 @@ - FRESHCLAM_PUBLIC { - global: -- fc_strerror; -- fc_initialize; - fc_cleanup; -- fc_prune_database_directory; -- fc_test_database; - fc_dns_query_update_info; - fc_download_url_database; - fc_download_url_databases; -+ fc_initialize; -+ fc_prune_database_directory; -+ fc_set_fccb_download_complete; -+ fc_strerror; -+ fc_test_database; - fc_update_database; - fc_update_databases; -- fc_set_fccb_download_complete; - logg; - logg_close; -- mprintf; -- logg_verbose; -+ logg_file; - logg_nowarn; -- logg_time; - logg_rotate; - logg_size; -- logg_file; -- mprintf_verbose; -- mprintf_quiet; -- mprintf_nowarn; -- mprintf_stdout; -- mprintf_progress; -+ logg_time; -+ logg_verbose; -+ mprintf; - mprintf_disabled; -+ mprintf_nowarn; -+ mprintf_progress; -+ mprintf_quiet; -+ mprintf_stdout; -+ mprintf_verbose; - }; - FRESHCLAM_PRIVATE { - global: -- optparse; -- optget; -- optfree; -- get_version; -- print_version; - check_flevel; -- drop_privileges; - daemonize_parent_wait; - daemonize_signal_parent; -+ drop_privileges; -+ get_version; -+ optfree; -+ optget; -+ optparse; -+ print_version; - sendln; - local: - *; diff --git a/debian/patches/libclamav-Use-OpenSSL-BN-instead-tomfastmath.patch b/debian/patches/libclamav-Use-OpenSSL-BN-instead-tomfastmath.patch index b898950..78a6f76 100644 --- a/debian/patches/libclamav-Use-OpenSSL-BN-instead-tomfastmath.patch +++ b/debian/patches/libclamav-Use-OpenSSL-BN-instead-tomfastmath.patch @@ -1,4 +1,4 @@ -From 4072cc5efe8e420a23e7a8c96fe4e9f413f05a2c Mon Sep 17 00:00:00 2001 +From c6760160548d8acfc67f4ef209d9e7f6b646e34c Mon Sep 17 00:00:00 2001 From: Sebastian Andrzej Siewior <sebast...@breakpoint.cc> Date: Sat, 18 Feb 2023 10:47:53 +0100 Subject: libclamav: Use OpenSSL' BN instead tomfastmath. diff --git a/debian/patches/libclamav-pe-Use-endian-wrapper-in-more-places.patch b/debian/patches/libclamav-pe-Use-endian-wrapper-in-more-places.patch index 95702fe..199d9c4 100644 --- a/debian/patches/libclamav-pe-Use-endian-wrapper-in-more-places.patch +++ b/debian/patches/libclamav-pe-Use-endian-wrapper-in-more-places.patch @@ -1,4 +1,4 @@ -From d383be28e1c8a71bb8de4bae70474f366990cc86 Mon Sep 17 00:00:00 2001 +From ae4ce83e43f5be9bd8b51d32eeac46f58519762c Mon Sep 17 00:00:00 2001 From: Sebastian Andrzej Siewior <sebast...@breakpoint.cc> Date: Fri, 6 Jan 2023 21:42:30 +0100 Subject: libclamav/pe: Use endian wrapper in more places. diff --git a/debian/patches/series b/debian/patches/series index 2e0da6e..959f698 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,10 +1,8 @@ Change-paths-in-sample-conf-file-to-match-Debian.patch cargo-Remove-windows-referenfes.patch -libclamav-Sort-libclamav.map-and-libfreshclam.map.patch libclamav-Add-missing-symbols.patch Add-a-version-script-for-libclamav-and-libfreshclam.patch libclamav-pe-Use-endian-wrapper-in-more-places.patch Add-an-option-to-avoid-setting-RPATH-on-unix-systems.patch libclamav-Use-OpenSSL-BN-instead-tomfastmath.patch Remove-bundled-tomfastmath-library.patch -Freshclam-remove-curl-result-warning.patch diff --git a/debian/rules b/debian/rules index a34204c..86199b4 100755 --- a/debian/rules +++ b/debian/rules @@ -80,7 +80,7 @@ CONFIG := -DENABLE_EXTERNAL_MSPACK=ON -DENABLE_UNRAR=OFF -DENABLE_EXTERNAL_TOMFA fi;\ done; \ # Check for library features which may have been upgraded. - if ! grep -q "CL_FLEVEL 163" libclamav/others.h ; then \ + if ! grep -q "CL_FLEVEL 165" libclamav/others.h ; then \ echo "cl_retflevel needs boosting in symbol file"; \ touch debian/exit; \ fi; diff --git a/docs/man/clamd.conf.5.in b/docs/man/clamd.conf.5.in index 2d9748a..a992653 100644 --- a/docs/man/clamd.conf.5.in +++ b/docs/man/clamd.conf.5.in @@ -240,10 +240,16 @@ Enable non-blocking (multi-threaded/concurrent) database reloads. This feature w Default: yes .TP \fBVirusEvent COMMAND\fR -Execute a command when a virus is found. In the command string %v will be -replaced with the virus name and %f will be replaced with the file name. -Additionally, two environment variables will be defined: $CLAM_VIRUSEVENT_FILENAME -and $CLAM_VIRUSEVENT_VIRUSNAME. +Execute a command when virus is found. +Use the following environment variables to identify the file and virus names: +- $CLAM_VIRUSEVENT_FILENAME +- $CLAM_VIRUSEVENT_VIRUSNAME +In the command string, '%v' will also be replaced with the virus name. +Note: The '%f' filename format character has been disabled and will no longer +be replaced with the file name, due to command injection security concerns. +Use the 'CLAM_VIRUSEVENT_FILENAME' environment variable instead. +For the same reason, you should NOT use the environment variables in the +command directly, but should use it carefully from your executed script. \fR .br Default: disabled diff --git a/etc/clamd.conf.sample b/etc/clamd.conf.sample index 37fb03b..5473812 100644 --- a/etc/clamd.conf.sample +++ b/etc/clamd.conf.sample @@ -209,12 +209,18 @@ Example # Default: yes #ConcurrentDatabaseReload no -# Execute a command when virus is found. In the command string %v will -# be replaced with the virus name and %f will be replaced with the file name. -# Additionally, two environment variables will be defined: $CLAM_VIRUSEVENT_FILENAME -# and $CLAM_VIRUSEVENT_VIRUSNAME. +# Execute a command when virus is found. +# Use the following environment variables to identify the file and virus names: +# - $CLAM_VIRUSEVENT_FILENAME +# - $CLAM_VIRUSEVENT_VIRUSNAME +# In the command string, '%v' will also be replaced with the virus name. +# Note: The '%f' filename format character has been disabled and will no longer +# be replaced with the file name, due to command injection security concerns. +# Use the 'CLAM_VIRUSEVENT_FILENAME' environment variable instead. +# For the same reason, you should NOT use the environment variables in the +# command directly, but should use it carefully from your executed script. # Default: no -#VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v in %f" +#VirusEvent /opt/send_virus_alert_sms.sh # Run as another user (clamd must be started by root for this option to work) # Default: don't drop privileges diff --git a/libclamav/bytecode_api.h b/libclamav/bytecode_api.h index ebb58df..753a0bc 100644 --- a/libclamav/bytecode_api.h +++ b/libclamav/bytecode_api.h @@ -167,6 +167,8 @@ enum FunctionalityLevels { FUNC_LEVEL_1_0_1 = 161, /**< LibClamAV release 1.0.1 */ FUNC_LEVEL_1_0_2 = 162, /**< LibClamAV release 1.0.2 */ FUNC_LEVEL_1_0_3 = 163, /**< LibClamAV release 1.0.3 */ + FUNC_LEVEL_1_0_4 = 164, /**< LibClamAV release 1.0.4 */ + FUNC_LEVEL_1_0_5 = 165, /**< LibClamAV release 1.0.5 */ }; /** diff --git a/libclamav/libclamav.map b/libclamav/libclamav.map index eecf2bb..0dd0f38 100644 --- a/libclamav/libclamav.map +++ b/libclamav/libclamav.map @@ -1,49 +1,32 @@ CLAMAV_PUBLIC { global: - cl_always_gen_section_hash; - cl_countsigs; cl_cvdfree; cl_cvdhead; cl_cvdparse; cl_cvdverify; cl_debug; - cl_engine_addref; - cl_engine_compile; - cl_engine_free; - cl_engine_get_num; - cl_engine_get_str; + cl_init; cl_engine_new; - cl_engine_set_clcb_file_inspection; - cl_engine_set_clcb_file_props; + cl_engine_set_num; + cl_engine_get_num; + cl_engine_set_str; + cl_engine_get_str; cl_engine_set_clcb_hash; cl_engine_set_clcb_meta; - cl_engine_set_clcb_post_scan; - cl_engine_set_clcb_pre_cache; + cl_engine_set_clcb_file_props; + cl_set_clcb_msg; + cl_engine_set_clcb_file_inspection; cl_engine_set_clcb_pre_scan; - cl_engine_set_clcb_sigload; - cl_engine_set_clcb_stats_add_sample; - cl_engine_set_clcb_stats_decrement_count; - cl_engine_set_clcb_stats_flush; - cl_engine_set_clcb_stats_get_hostid; - cl_engine_set_clcb_stats_get_num; - cl_engine_set_clcb_stats_get_size; - cl_engine_set_clcb_stats_remove_sample; - cl_engine_set_clcb_stats_submit; + cl_engine_set_clcb_post_scan; cl_engine_set_clcb_virus_found; - cl_engine_set_num; - cl_engine_set_stats_set_cbdata; - cl_engine_set_str; - cl_engine_settings_apply; + cl_engine_set_clcb_sigload; + cl_engine_set_clcb_pre_cache; cl_engine_settings_copy; + cl_engine_settings_apply; cl_engine_settings_free; - cl_engine_stats_enable; - cl_finish_hash; - cl_fmap_close; - cl_fmap_open_handle; - cl_fmap_open_memory; - cl_hash_destroy; - cl_hash_init; - cl_init; + cl_engine_compile; + cl_engine_addref; + cl_engine_free; cl_load; cl_retdbdir; cl_retflevel; @@ -52,239 +35,255 @@ CLAMAV_PUBLIC { cl_scandesc_callback; cl_scanfile; cl_scanfile_callback; - cl_scanmap_callback; - cl_set_clcb_msg; cl_statchkdir; cl_statfree; cl_statinidir; + cl_countsigs; cl_strerror; + cl_fmap_open_handle; + cl_fmap_open_memory; + cl_scanmap_callback; + cl_fmap_close; + cl_always_gen_section_hash; + cl_engine_set_stats_set_cbdata; + cl_engine_set_clcb_stats_add_sample; + cl_engine_set_clcb_stats_remove_sample; + cl_engine_set_clcb_stats_decrement_count; + cl_engine_set_clcb_stats_submit; + cl_engine_set_clcb_stats_flush; + cl_engine_set_clcb_stats_get_num; + cl_engine_set_clcb_stats_get_size; + cl_engine_set_clcb_stats_get_hostid; + cl_hash_init; cl_update_hash; + cl_finish_hash; + cl_hash_destroy; + cl_engine_stats_enable; lsig_sub_matched; }; CLAMAV_PRIVATE { global: - __cli_strcasestr; - __cli_strndup; - __cli_strnlen; - __cli_strnstr; - base64Flush; - blobAddData; + cli_sigperf_print; + cli_sigperf_events_destroy; + cli_pcre_perf_print; + cli_pcre_perf_events_destroy; + cli_pcre_init; + cli_pcre_build; + cli_pcre_scanbuf; + cli_pcre_recaloff; + cli_pcre_freeoff; + + cli_gettmpdir; + cli_strtok; + cli_strtokenize; + cli_ldbtokenize; + cli_strlcat; + cli_strlcpy; + cli_strntoul; + cli_regcomp; + cli_regexec; + cli_regfree; + cli_strrcpy; + cli_strbcasestr; + cli_isnumber; + cli_gentemp; + cli_gentempfd; + cli_rmdirs; + cli_chomp; + cli_rndnum; + + cli_calloc; + cli_ole2_extract; + cli_errmsg; + cli_debug_flag; + cli_vba_readdir; + cli_vba_inflate; + cli_ppt_vba_read; + cli_wm_readdir; + cli_wm_decrypt_macro; + cli_free_vba_project; + cli_readn; + cli_str2hex; + cli_hashfile; + cli_hashstream; + text_normalize_init; + text_normalize_reset; + text_normalize_map; + html_normalise_map; + cli_utf16toascii; + + cli_malloc; + cli_memstr; + cli_strdup; + cli_realloc; + cli_ctime; + tableCreate; + tableDestroy; + tableRemove; + tableFind; + tableIterate; + tableUpdate; + tableInsert; + cli_warnmsg; + cli_strtokbuf; + cli_js_init; + cli_js_process_buffer; + cli_js_parse_done; + cli_js_destroy; + cli_js_output; + cli_unescape; + cli_textbuffer_append_normalize; + cli_dconf_init; + cli_regex2suffix; + html_normalise_mem; + init_regex_list; + is_regex_ok; + regex_list_done; + regex_list_add_pattern; + cli_build_regex_list; + regex_list_match; + cli_hashset_destroy; + phishing_init; + phishing_done; blobCreate; + blobAddData; + phishingScan; blobDestroy; - cl_ASN1_GetTimeT; - cl_base64_decode; - cl_base64_encode; + load_regex_matcher; + html_tag_arg_free; + disasmbuf; + uniq_init; + uniq_free; + uniq_add; + uniq_get; + cli_hex2str; + cli_ac_init; + cli_ac_initdata; + cli_ac_buildtrie; + cli_ac_scanbuff; + cli_ac_freedata; + cli_ac_free; + cli_ac_chklsig; + cli_sigopts_handler; + cli_bm_init; + cli_bm_scanbuff; + cli_bm_free; + cli_initroots; + cli_scan_buff; + cli_scan_fmap; + cli_check_auth_header; + cli_genhash_pe; + html_screnc_decode; + mpool_create; + mpool_calloc; + mpool_destroy; + mpool_free; + mpool_getstats; + cli_versig; + cli_versig2; + cli_filecopy; + cli_ftw; + cli_unlink; + cli_writen; + cli_url_canon; + cli_strerror; + decodeLine; + messageCreate; + messageDestroy; + base64Flush; + have_rar; + have_clamjit; + cli_bytecode_load; + cli_bytecode_prepare2; + cli_bytecode_run; + cli_bytecode_destroy; + cli_bytecode_context_alloc; + cli_bytecode_context_destroy; + cli_bytecode_context_setfuncid; + cli_bytecode_context_setparam_int; + cli_bytecode_context_setparam_ptr; + cli_bytecode_context_setfile; + cli_bytecode_context_getresult_int; + + cli_bytecode_init; + cli_bytecode_done; + cli_bytecode_debug; + cli_hex2ui; + fmap; + cli_bytecode_context_set_trace; + cli_bytecode_debug_printsrc; + cli_bytecode_printversion; + cli_bytecode_describe; + cli_bytetype_describe; + cli_bytevalue_describe; + cli_byteinst_describe; + cli_bytefunc_describe; + cli_printcxxver; + cli_detect_environment; + cli_disasm_one; + cli_utf16_to_utf8; + get_fpu_endian; + cl_initialize_crypto; cl_cleanup_crypto; - cl_cvdunpack; - cl_engine_set_clcb_engine_compile_progress; - cl_engine_set_clcb_sigload_progress; - cl_get_pkey_file; - cl_get_x509_from_mem; cl_hash_data; cl_hash_file_fd; - cl_hash_file_fd_ctx; cl_hash_file_fp; - cl_initialize_crypto; - cl_load_cert; - cl_load_crl; - cl_sha1; + cl_hash_file_fd_ctx; cl_sha256; - cl_sign_data; - cl_sign_data_keyfile; - cl_sign_file_fd; - cl_sign_file_fp; - cl_validate_certificate_chain; - cl_validate_certificate_chain_ts_dir; + cl_sha1; cl_verify_signature; + cl_verify_signature_x509_keyfile; + cl_verify_signature_x509; + cl_get_x509_from_mem; + cl_validate_certificate_chain_ts_dir; + cl_validate_certificate_chain; cl_verify_signature_fd; cl_verify_signature_fd_x509; cl_verify_signature_fd_x509_keyfile; cl_verify_signature_hash; cl_verify_signature_hash_x509; cl_verify_signature_hash_x509_keyfile; - cl_verify_signature_x509; - cl_verify_signature_x509_keyfile; - cli_ac_buildtrie; - cli_ac_chklsig; - cli_ac_free; - cli_ac_freedata; - cli_ac_init; - cli_ac_initdata; - cli_ac_scanbuff; - cli_add_content_match_pattern; - cli_basename; - cli_bm_free; - cli_bm_init; - cli_bm_scanbuff; - cli_build_regex_list; - cli_bytecode_context_alloc; - cli_bytecode_context_clear; - cli_bytecode_context_destroy; - cli_bytecode_context_getresult_int; - cli_bytecode_context_set_trace; - cli_bytecode_context_setfile; - cli_bytecode_context_setfuncid; - cli_bytecode_context_setparam_int; - cli_bytecode_context_setparam_ptr; - cli_bytecode_debug; - cli_bytecode_debug_printsrc; - cli_bytecode_describe; - cli_bytecode_destroy; - cli_bytecode_done; - cli_bytecode_init; - cli_bytecode_load; - cli_bytecode_prepare2; - cli_bytecode_printversion; - cli_bytecode_run; - cli_bytefunc_describe; - cli_byteinst_describe; - cli_bytetype_describe; - cli_bytevalue_describe; - cli_calloc; - cli_check_auth_header; - cli_chomp; - cli_codepage_to_utf8; - cli_ctime; - cli_cvdunpack; - cli_dbgmsg; - cli_dbgmsg; - cli_dbgmsg_internal; - cli_dbgmsg_no_inline; - cli_dconf_init; - cli_debug_flag; - cli_detect_environment; - cli_disasm_one; - cli_errmsg; - cli_filecopy; - cli_free_vba_project; - cli_ftw; - cli_genhash_pe; - cli_gentemp; - cli_gentemp_with_prefix; - cli_gentempfd; - cli_gentempfd_with_prefix; - cli_get_debug_flag; - cli_get_filepath_from_filedesc; - cli_get_last_virus_str; - cli_getdsig; - cli_gettmpdir; - cli_hashfile; - cli_hashset_destroy; - cli_hashstream; - cli_hex2str; - cli_hex2ui; - cli_infomsg_simple; - cli_initroots; - cli_isnumber; - cli_js_destroy; - cli_js_init; - cli_js_output; - cli_js_parse_done; - cli_js_process_buffer; - cli_ldbtokenize; - cli_malloc; - cli_memstr; - cli_ole2_extract; - cli_parse_add; - cli_pcre_build; - cli_pcre_freeoff; - cli_pcre_init; - cli_pcre_perf_events_destroy; - cli_pcre_perf_print; - cli_pcre_recaloff; - cli_pcre_scanbuf; - cli_ppt_vba_read; - cli_printcxxver; - cli_readn; - cli_realloc; - cli_realpath; - cli_regcomp; - cli_regex2suffix; - cli_regexec; - cli_regfree; - cli_rmdirs; - cli_rndnum; + cl_load_cert; + cl_ASN1_GetTimeT; + cl_load_crl; + cl_sign_data_keyfile; + cl_sign_data; + cl_sign_file_fd; + cl_sign_file_fp; + cl_get_pkey_file; + cl_base64_decode; + cl_base64_encode; cli_sanitize_filepath; - cli_scan_buff; - cli_scan_fmap; - cli_set_debug_flag; - cli_sigopts_handler; - cli_sigperf_events_destroy; - cli_sigperf_print; - cli_str2hex; - cli_strbcasestr; - cli_strdup; - cli_strerror; - cli_strlcat; - cli_strlcpy; - cli_strntoul; - cli_strrcpy; - cli_strtok; - cli_strtokbuf; - cli_strtokenize; - cli_textbuffer_append_normalize; - cli_unescape; - cli_unlink; - cli_url_canon; - cli_utf16_to_utf8; - cli_utf16toascii; - cli_vba_inflate; - cli_vba_readdir; - cli_versig2; - cli_versig; - cli_warnmsg; - cli_wm_decrypt_macro; - cli_wm_readdir; - cli_writen; - decodeLine; - disasmbuf; - fmap; - fmap_dump_to_file; + cli_gentemp_with_prefix; + cli_gentempfd_with_prefix; + cli_basename; + cli_realpath; + cli_codepage_to_utf8; + cli_get_filepath_from_filedesc; fmap_duplicate; free_duplicate_fmap; - get_fpu_endian; - have_clamjit; - have_rar; - html_normalise_map; - html_normalise_mem; - html_screnc_decode; - html_tag_arg_free; + + __cli_strcasestr; + __cli_strndup; + __cli_strnlen; + __cli_strnstr; + + cl_cvdunpack; + cl_engine_set_clcb_engine_compile_progress; + cl_engine_set_clcb_sigload_progress; + cli_add_content_match_pattern; + cli_dbgmsg; + cli_dbgmsg_no_inline; + cli_get_debug_flag; + cli_get_last_virus_str; + cli_getdsig; + cli_infomsg_simple; + cli_set_debug_flag; + fmap_dump_to_file; init_allow_list; init_domain_list; - init_domainlist; - init_regex_list; - init_whitelist; - is_regex_ok; - load_regex_matcher; lsig_increment_subsig_match; - messageCreate; - messageDestroy; - mpool_calloc; - mpool_create; - mpool_destroy; - mpool_free; - mpool_getstats; - phishingScan; - phishing_done; - phishing_init; readdb_parse_ldb_subsignature; - regex_list_add_pattern; - regex_list_done; - regex_list_match; - tableCreate; - tableDestroy; - tableFind; - tableInsert; - tableIterate; - tableRemove; - tableUpdate; - text_normalize_init; - text_normalize_map; - text_normalize_reset; - uniq_add; - uniq_free; - uniq_get; - uniq_init; local: *; }; diff --git a/libclamav/ole2_encryption.h b/libclamav/ole2_encryption.h index ce8da9f..dc0b9b5 100644 --- a/libclamav/ole2_encryption.h +++ b/libclamav/ole2_encryption.h @@ -34,16 +34,16 @@ typedef struct __attribute__((packed)) { uint32_t reserved1; uint32_t reserved2; /* MUST be 0 */ - uint8_t cspName[1]; /* really the rest of the data in the block. Starts with a - string of wide characters, followed by the encryption verifier. - It is 44 instead of 32 because this structure is only used inside - encryption_info_stream_standard_t (below). It is in two different - structures because of the way the documentation is written. - */ + // uint8_t cspName[variable]; /* really the rest of the data in the block. Starts with a + // string of wide characters, followed by the encryption verifier. + // It is 44 instead of 32 because this structure is only used inside + // encryption_info_stream_standard_t (below). It is in two different + // structures because of the way the documentation is written. + // */ } encryption_info_t; -/* +/* * https://learn.microsoft.com/en-us/openspecs/office_file_formats/ms-offcrypto/2895eba1-acb1-4624-9bde-2cdad3fea015 */ typedef struct __attribute__((packed)) { @@ -54,17 +54,10 @@ typedef struct __attribute__((packed)) { uint32_t size; - union { - encryption_info_t encryptionInfo; - uint8_t padding[512 - 12]; /* Subtract the size of version_major, version_minor, flags and size. - This consumes a sector (512 bytes), so make sure enough space is always allocated. - */ - }; + encryption_info_t encryptionInfo; } encryption_info_stream_standard_t; -#define CSP_NAME_LENGTH(__ptr__) (sizeof(__ptr__->padding) - sizeof(__ptr__->encryptionInfo) + 1) - /* https://learn.microsoft.com/en-us/openspecs/office_file_formats/ms-offcrypto/e5ad39b8-9bc1-4a19-bad3-44e6246d21e6 */ typedef struct __attribute__((packed)) { uint32_t salt_size; diff --git a/libclamav/ole2_extract.c b/libclamav/ole2_extract.c index 7a2ed9b..33563a1 100644 --- a/libclamav/ole2_extract.c +++ b/libclamav/ole2_extract.c @@ -2089,7 +2089,7 @@ static cl_error_t generate_key_aes(const char *const password, encryption_key_t tmp = verifier->salt_size; if (verifier->salt_size > sizeof(verifier->salt)) { - cli_warnmsg("ole2: Invalid salt length '0x%x'\n", verifier->salt_size); + cli_dbgmsg("ole2: Invalid salt length '0x%x'\n", verifier->salt_size); tmp = sizeof(verifier->salt); } memcpy(buffer, verifier->salt, tmp); @@ -2193,7 +2193,7 @@ static bool verify_key_aes(const encryption_key_t *const key, encryption_verifie // If it claims to be LARGER than 32 bytes, we have a problem - because the buffer isn't that big. actual_hash_size = verifier->verifier_hash_size; if (actual_hash_size > sizeof(verifier->encrypted_verifier_hash)) { - cli_warnmsg("ole2: Invalid encrypted verifier hash length 0x%x\n", verifier->verifier_hash_size); + cli_dbgmsg("ole2: Invalid encrypted verifier hash length 0x%x\n", verifier->verifier_hash_size); actual_hash_size = sizeof(verifier->encrypted_verifier_hash); } @@ -2250,7 +2250,7 @@ static bool verify_key_aes(const encryption_key_t *const key, encryption_verifie /** * @brief Initialize encryption key, if the encryption validation passes. * - * @param headerPtr Pointer to the encryption header. + * @param encryptionInfo Pointer to the encryption header. * @param encryptionKey [out] Pointer to encryption_key_t structure to be initialized by this function. * @return Success or failure depending on whether or not the * encryption verifier was successful with the @@ -2261,70 +2261,79 @@ static bool verify_key_aes(const encryption_key_t *const key, encryption_verifie * https://learn.microsoft.com/en-us/openspecs/office_file_formats/ms-offcrypto/2895eba1-acb1-4624-9bde-2cdad3fea015 * */ -static bool initialize_encryption_key(const encryption_info_stream_standard_t *headerPtr, - encryption_key_t *encryptionKey) +static bool initialize_encryption_key( + const uint8_t *encryptionInfoStreamPtr, + size_t remainingBytes, + encryption_key_t *encryptionKey) { - bool bRet = false; size_t idx = 0; encryption_key_t key; - encryption_verifier_t ev; bool bAES = false; + encryption_info_stream_standard_t encryptionInfo = {0}; + uint16_t *encryptionInfo_CSPName = NULL; + size_t CSPName_length = 0; + const uint8_t *encryptionVerifierPtr = NULL; + encryption_verifier_t encryptionVerifier = {0}; + + // Populate the encryption_info_stream_standard_t structure + copy_encryption_info_stream_standard(&encryptionInfo, encryptionInfoStreamPtr); + memset(encryptionKey, 0, sizeof(encryption_key_t)); memset(&key, 0, sizeof(encryption_key_t)); - cli_dbgmsg("Major Version = 0x%x\n", headerPtr->version_major); - cli_dbgmsg("Minor Version = 0x%x\n", headerPtr->version_minor); - cli_dbgmsg("Flags = 0x%x\n", headerPtr->flags); + cli_dbgmsg("Major Version = 0x%x\n", encryptionInfo.version_major); + cli_dbgmsg("Minor Version = 0x%x\n", encryptionInfo.version_minor); + cli_dbgmsg("Flags = 0x%x\n", encryptionInfo.flags); /*Bit 0 and 1 must be 0*/ - if (1 & headerPtr->flags) { + if (1 & encryptionInfo.flags) { cli_dbgmsg("ole2: Invalid first bit, must be 0\n"); goto done; } - if ((1 << 1) & headerPtr->flags) { + if ((1 << 1) & encryptionInfo.flags) { cli_dbgmsg("ole2: Invalid second bit, must be 0\n"); goto done; } // https://docs.microsoft.com/en-us/openspecs/office_file_formats/ms-offcrypto/200a3d61-1ab4-4402-ae11-0290b28ab9cb - if ((SE_HEADER_FDOCPROPS & headerPtr->flags)) { + if ((SE_HEADER_FDOCPROPS & encryptionInfo.flags)) { cli_dbgmsg("ole2: Unsupported document properties encrypted\n"); goto done; } - if ((SE_HEADER_FEXTERNAL & headerPtr->flags) && - (SE_HEADER_FEXTERNAL != headerPtr->flags)) { + if ((SE_HEADER_FEXTERNAL & encryptionInfo.flags) && + (SE_HEADER_FEXTERNAL != encryptionInfo.flags)) { cli_dbgmsg("ole2: Invalid fExternal flags. If fExternal bit is set, nothing else can be\n"); goto done; } - if (SE_HEADER_FAES & headerPtr->flags) { - if (!(SE_HEADER_FCRYPTOAPI & headerPtr->flags)) { + if (SE_HEADER_FAES & encryptionInfo.flags) { + if (!(SE_HEADER_FCRYPTOAPI & encryptionInfo.flags)) { cli_dbgmsg("ole2: Invalid combo of fAES and fCryptoApi flags\n"); goto done; } - cli_dbgmsg("Flags: AES\n"); + cli_dbgmsg("Flags = AES\n"); } - cli_dbgmsg("Size = 0x%x\n", headerPtr->size); + cli_dbgmsg("Size = 0x%x\n", encryptionInfo.size); - if (headerPtr->flags != headerPtr->encryptionInfo.flags) { + if (encryptionInfo.flags != encryptionInfo.encryptionInfo.flags) { cli_dbgmsg("ole2: Flags must match\n"); goto done; } - if (0 != headerPtr->encryptionInfo.sizeExtra) { + if (0 != encryptionInfo.encryptionInfo.sizeExtra) { cli_dbgmsg("ole2: Size Extra must be 0\n"); goto done; } - switch (headerPtr->encryptionInfo.algorithmID) { + switch (encryptionInfo.encryptionInfo.algorithmID) { case SE_HEADER_EI_AES128: - if (SE_HEADER_EI_AES128_KEYSIZE != headerPtr->encryptionInfo.keySize) { + if (SE_HEADER_EI_AES128_KEYSIZE != encryptionInfo.encryptionInfo.keySize) { cli_dbgmsg("ole2: Key length does not match algorithm id\n"); goto done; } @@ -2332,7 +2341,7 @@ static bool initialize_encryption_key(const encryption_info_stream_standard_t *h break; case SE_HEADER_EI_AES192: // not implemented - if (SE_HEADER_EI_AES192_KEYSIZE != headerPtr->encryptionInfo.keySize) { + if (SE_HEADER_EI_AES192_KEYSIZE != encryptionInfo.encryptionInfo.keySize) { cli_dbgmsg("ole2: Key length does not match algorithm id\n"); goto done; } @@ -2340,7 +2349,7 @@ static bool initialize_encryption_key(const encryption_info_stream_standard_t *h goto done; case SE_HEADER_EI_AES256: // not implemented - if (SE_HEADER_EI_AES256_KEYSIZE != headerPtr->encryptionInfo.keySize) { + if (SE_HEADER_EI_AES256_KEYSIZE != encryptionInfo.encryptionInfo.keySize) { cli_dbgmsg("ole2: Key length does not match algorithm id\n"); goto done; } @@ -2350,68 +2359,87 @@ static bool initialize_encryption_key(const encryption_info_stream_standard_t *h // not implemented goto done; default: - cli_dbgmsg("ole2: Invalid Algorithm ID: 0x%x\n", headerPtr->encryptionInfo.algorithmID); + cli_dbgmsg("ole2: Invalid Algorithm ID: 0x%x\n", encryptionInfo.encryptionInfo.algorithmID); goto done; } - if (SE_HEADER_EI_SHA1 != headerPtr->encryptionInfo.algorithmIDHash) { - cli_dbgmsg("ole2: Invalid Algorithm ID Hash: 0x%x\n", headerPtr->encryptionInfo.algorithmIDHash); + if (SE_HEADER_EI_SHA1 != encryptionInfo.encryptionInfo.algorithmIDHash) { + cli_dbgmsg("ole2: Invalid Algorithm ID Hash: 0x%x\n", encryptionInfo.encryptionInfo.algorithmIDHash); goto done; } - if (!key_length_valid_aes_bits(headerPtr->encryptionInfo.keySize)) { - cli_dbgmsg("ole2: Invalid key size: 0x%x\n", headerPtr->encryptionInfo.keySize); + if (!key_length_valid_aes_bits(encryptionInfo.encryptionInfo.keySize)) { + cli_dbgmsg("ole2: Invalid key size: 0x%x\n", encryptionInfo.encryptionInfo.keySize); goto done; } - cli_dbgmsg("KeySize = 0x%x\n", headerPtr->encryptionInfo.keySize); + cli_dbgmsg("KeySize = 0x%x\n", encryptionInfo.encryptionInfo.keySize); - if (SE_HEADER_EI_AES_PROVIDERTYPE != headerPtr->encryptionInfo.providerType) { + if (SE_HEADER_EI_AES_PROVIDERTYPE != encryptionInfo.encryptionInfo.providerType) { cli_dbgmsg("ole2: WARNING: Provider Type should be '0x%x', is '0x%x'\n", - SE_HEADER_EI_AES_PROVIDERTYPE, headerPtr->encryptionInfo.providerType); + SE_HEADER_EI_AES_PROVIDERTYPE, encryptionInfo.encryptionInfo.providerType); goto done; } - cli_dbgmsg("Reserved1: 0x%x\n", headerPtr->encryptionInfo.reserved1); + cli_dbgmsg("Reserved1 = 0x%x\n", encryptionInfo.encryptionInfo.reserved1); - if (0 != headerPtr->encryptionInfo.reserved2) { - cli_dbgmsg("ole2: Reserved 2 must be zero, is 0x%x\n", headerPtr->encryptionInfo.reserved2); + if (0 != encryptionInfo.encryptionInfo.reserved2) { + cli_dbgmsg("ole2: Reserved 2 must be zero, is 0x%x\n", encryptionInfo.encryptionInfo.reserved2); goto done; } - /*The encryption info is at the end of the CPSName string. + /* The encryption info is at the end of the CPSName string. * Find the end, and we'll have the index of the EncryptionVerifier. * The CPSName string *should* always be either * 'Microsoft Enhanced RSA and AES Cryptographic Provider' * or * 'Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype)' - * */ - for (idx = 0; idx < CSP_NAME_LENGTH(headerPtr) - 1; idx += 2) { - if (((uint16_t *)&(headerPtr->encryptionInfo.cspName[idx]))[0] == 0) { - break; - } + encryptionInfo_CSPName = (uint16_t *)(encryptionInfoStreamPtr + sizeof(encryption_info_stream_standard_t)); + remainingBytes -= sizeof(encryption_info_stream_standard_t); + + if (0 == remainingBytes) { + cli_dbgmsg("ole2: No CSPName or encryption_verifier_t\n"); + goto done; } - idx += 2; - if ((sizeof(headerPtr->encryptionInfo.cspName) - idx) <= sizeof(encryption_verifier_t)) { + while (true) { + // Check if we've gone past the end of the buffer without finding the end of the CSPName string. + if ((idx + 1) * sizeof(uint16_t) > remainingBytes) { + cli_dbgmsg("ole2: CSPName is missing null terminator before end of buffer.\n"); + goto done; + } + // Check if we've found the end of the CSPName string. + if (encryptionInfo_CSPName[idx] == 0) { + break; + } + // Found another character in the CSPName string, keep going. + idx++; + } + + CSPName_length = (idx + 1) * sizeof(uint16_t); + + encryptionVerifierPtr = (uint8_t *)encryptionInfo_CSPName + CSPName_length; + remainingBytes -= CSPName_length; + + if (remainingBytes < sizeof(encryption_verifier_t)) { cli_dbgmsg("ole2: No encryption_verifier_t\n"); goto done; } - copy_encryption_verifier(&ev, &(headerPtr->encryptionInfo.cspName[idx])); + copy_encryption_verifier(&encryptionVerifier, encryptionVerifierPtr); - key.key_length_bits = headerPtr->encryptionInfo.keySize; + key.key_length_bits = encryptionInfo.encryptionInfo.keySize; if (!bAES) { cli_dbgmsg("ole2: Unsupported encryption algorithm\n"); goto done; } - if (CL_SUCCESS != generate_key_aes("VelvetSweatshop", &key, &ev)) { + if (CL_SUCCESS != generate_key_aes("VelvetSweatshop", &key, &encryptionVerifier)) { /*Error message printed by generate_key_aes*/ goto done; } - if (!verify_key_aes(&key, &ev)) { + if (!verify_key_aes(&key, &encryptionVerifier)) { cli_dbgmsg("ole2: Key verification for '%s' failed, unable to decrypt.\n", "VelvetSweatshop"); goto done; } @@ -2542,11 +2570,14 @@ cl_error_t cli_ole2_extract(const char *dirname, cli_ctx *ctx, struct uniq **fil /* determine if encrypted with VelvetSweatshop password */ encryption_offset = 4 * (1 << hdr.log2_big_block_size); if ((encryption_offset + sizeof(encryption_info_stream_standard_t)) <= hdr.m_length) { - encryption_info_stream_standard_t encryption_info_stream_standard; - copy_encryption_info_stream_standard(&encryption_info_stream_standard, &(((const uint8_t *)phdr)[encryption_offset])); - bEncrypted = initialize_encryption_key(&encryption_info_stream_standard, &key); - cli_dbgmsg("Encrypted with VelvetSweatshop\n"); + bEncrypted = initialize_encryption_key( + &(((const uint8_t *)phdr)[encryption_offset]), + hdr.m_length - encryption_offset, + &key); + + cli_dbgmsg("Encrypted with VelvetSweatshop: %d\n", bEncrypted); + #if HAVE_JSON if (ctx->wrkproperty == ctx->properties) { cli_jsonint(ctx->wrkproperty, "EncryptedWithVelvetSweatshop", bEncrypted); diff --git a/libclamav/others.c b/libclamav/others.c index 6167bb3..447e58d 100644 --- a/libclamav/others.c +++ b/libclamav/others.c @@ -622,7 +622,20 @@ cl_error_t cl_engine_set_num(struct cl_engine *engine, enum cl_engine_field fiel engine->maxscansize = num; break; case CL_ENGINE_MAX_FILESIZE: - engine->maxfilesize = num; + /* We have a limit of around 2GB (INT_MAX - 2). Enforce it here. + * + * TODO: Large file support is large-ly untested. Remove this restriction and test with a large set of large files of various types. + * libclamav's integer type safety has come a long way since 2014, so it's possible we could lift this restriction, but at least one + * of the parsers is bound to behave badly with large files. */ + if ((uint64_t)num > INT_MAX - 2) { + if ((uint64_t)num > (uint64_t)2 * 1024 * 1024 * 1024 && num != LLONG_MAX) { + // If greater than 2GB, warn. If exactly at 2GB, don't hassle the user. + cli_warnmsg("Max file-size was set to %lld bytes. Unfortunately, scanning files greater than 2147483647 bytes (2 GiB - 1) is not supported.\n", num); + } + engine->maxfilesize = INT_MAX - 2; + } else { + engine->maxfilesize = num; + } break; case CL_ENGINE_MAX_RECURSION: if (!num) { diff --git a/libclamav/others.h b/libclamav/others.h index 3893a82..500e72e 100644 --- a/libclamav/others.h +++ b/libclamav/others.h @@ -73,7 +73,7 @@ * in re-enabling affected modules. */ -#define CL_FLEVEL 163 +#define CL_FLEVEL 165 #define CL_FLEVEL_DCONF CL_FLEVEL #define CL_FLEVEL_SIGTOOL CL_FLEVEL diff --git a/libclamav/scanners.c b/libclamav/scanners.c index 65314e4..6444175 100644 --- a/libclamav/scanners.c +++ b/libclamav/scanners.c @@ -5471,21 +5471,6 @@ static cl_error_t scan_common(cl_fmap_t *map, const char *filepath, const char * cli_logg_setup(&ctx); logg_initalized = true; - /* We have a limit of around 2GB (INT_MAX - 2). Enforce it here. */ - /* TODO: Large file support is large-ly untested. Remove this restriction - * and test with a large set of large files of various types. libclamav's - * integer type safety has come a long way since 2014, so it's possible - * we could lift this restriction, but at least one of the parsers is - * bound to behave badly with large files. */ - if (map->len > INT_MAX - 2) { - if (scanoptions->heuristic & CL_SCAN_HEURISTIC_EXCEEDS_MAX) { - status = cli_append_potentially_unwanted(&ctx, "Heuristics.Limits.Exceeded.MaxFileSize"); - } else { - status = CL_CLEAN; - } - goto done; - } - status = cli_magic_scan(&ctx, CL_TYPE_ANY); #if HAVE_JSON diff --git a/libclamav_rust/Cargo.toml b/libclamav_rust/Cargo.toml index 3a3a4af..cd55ec3 100644 --- a/libclamav_rust/Cargo.toml +++ b/libclamav_rust/Cargo.toml @@ -22,5 +22,5 @@ crate-type = ["staticlib"] name = "clamav_rust" [build-dependencies] -cbindgen = "0.20" +cbindgen = { version ="0.20", default-features = false } bindgen = "0.65" diff --git a/libfreshclam/libfreshclam.map b/libfreshclam/libfreshclam.map index a0756fe..51841b0 100644 --- a/libfreshclam/libfreshclam.map +++ b/libfreshclam/libfreshclam.map @@ -1,43 +1,43 @@ FRESHCLAM_PUBLIC { global: + fc_strerror; + fc_initialize; fc_cleanup; + fc_prune_database_directory; + fc_test_database; fc_dns_query_update_info; fc_download_url_database; fc_download_url_databases; - fc_initialize; - fc_prune_database_directory; - fc_set_fccb_download_complete; - fc_strerror; - fc_test_database; fc_update_database; fc_update_databases; + fc_set_fccb_download_complete; logg; logg_close; - logg_file; + mprintf; + logg_verbose; logg_nowarn; + logg_time; logg_rotate; logg_size; - logg_time; - logg_verbose; - mprintf; - mprintf_disabled; - mprintf_nowarn; - mprintf_progress; - mprintf_quiet; - mprintf_stdout; + logg_file; mprintf_verbose; + mprintf_quiet; + mprintf_nowarn; + mprintf_stdout; + mprintf_progress; + mprintf_disabled; }; FRESHCLAM_PRIVATE { global: + optparse; + optget; + optfree; + get_version; + print_version; check_flevel; + drop_privileges; daemonize_parent_wait; daemonize_signal_parent; - drop_privileges; - get_version; - optfree; - optget; - optparse; - print_version; sendln; local: *;