Hello community, here is the log from the commit of package clamav for openSUSE:Factory checked in at 2019-04-04 15:22:20 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/clamav (Old) and /work/SRC/openSUSE:Factory/.clamav.new.3908 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "clamav" Thu Apr 4 15:22:20 2019 rev:97 rq:689824 version:0.101.2 Changes: -------- --- /work/SRC/openSUSE:Factory/clamav/clamav.changes 2018-10-04 19:03:39.787066400 +0200 +++ /work/SRC/openSUSE:Factory/.clamav.new.3908/clamav.changes 2019-04-04 15:27:39.818903976 +0200 @@ -1,0 +2,38 @@ +Wed Mar 27 17:30:05 UTC 2019 - Andrey Karepin <[email protected]> + +- Update to version 0.101.2 (bsc#1130721) + * CVE-2019-1787: + An out-of-bounds heap read condition may occur when scanning PDF + documents. The defect is a failure to correctly keep track of the number + of bytes remaining in a buffer when indexing file data. + * CVE-2019-1789: + An out-of-bounds heap read condition may occur when scanning PE files + (i.e. Windows EXE and DLL files) that have been packed using Aspack as a + result of inadequate bound-checking. + * CVE-2019-1788: + An out-of-bounds heap write condition may occur when scanning OLE2 files + such as Microsoft Office 97-2003 documents. The invalid write happens when + an invalid pointer is mistakenly used to initialize a 32bit integer to + zero. This is likely to crash the application. + * CVE-2019-1786: + An out-of-bounds heap read condition may occur when scanning malformed + PDF documents as a result of improper bounds-checking. + * CVE-2019-1785: + A path-traversal write condition may occur as a result of improper + input validation when scanning RAR archives. + * CVE-2019-1798: + A use-after-free condition may occur as a result of improper error + handling when scanning nested RAR archives. + +- added clamav-max_patch.patch to fix build +- dropped clamav-freshclam-exit.patch + +------------------------------------------------------------------- +Mon Jan 21 17:30:15 UTC 2019 - Reinhard Max <[email protected]> + +- Update to version 0.101.1: + * Add missing headers to fix build of packages against libclamav. +- Add missing include for str.h to libclamav/others_common.c + (clamav-str-h.patch) + +------------------------------------------------------------------- Old: ---- clamav-0.100.2.tar.gz clamav-0.100.2.tar.gz.sig clamav-freshclam-exit.patch New: ---- clamav-0.101.2.tar.gz clamav-0.101.2.tar.gz.sig clamav-max_patch.patch clamav-str-h.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ clamav.spec ++++++ --- /var/tmp/diff_new_pack.XithNk/_old 2019-04-04 15:27:43.422905362 +0200 +++ /var/tmp/diff_new_pack.XithNk/_new 2019-04-04 15:27:43.422905362 +0200 @@ -1,7 +1,7 @@ # # spec file for package clamav # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,14 +16,16 @@ # +%bcond_with clammspack + %define clamav_check --enable-check Name: clamav -Version: 0.100.2 +Version: 0.101.2 Release: 0 Summary: Antivirus Toolkit License: GPL-2.0-only Group: Productivity/Security -URL: http://www.clamav.net +Url: http://www.clamav.net Source0: http://www.clamav.net/downloads/production/%name-%version.tar.gz Source1: http://www.clamav.net/downloads/production/%name-%version.tar.gz.sig Source4: clamav-rpmlintrc @@ -36,14 +38,20 @@ Patch4: clamav-disable-timestamps.patch Patch5: clamav-obsolete-config.patch Patch6: clamav-disable-yara.patch -Patch7: clamav-freshclam-exit.patch +Patch7: clamav-str-h.patch +#PATCH-FIX-UPSTREAM clamav-max_patch.patch +Patch8: clamav-max_patch.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: bc BuildRequires: check-devel +BuildRequires: gcc-c++ BuildRequires: libbz2-devel BuildRequires: libcurl-devel BuildRequires: libjson-c-devel +%if %{without clammspack} +BuildRequires: libmspack-devel +%endif BuildRequires: libopenssl-devel BuildRequires: libtool BuildRequires: libxml2-devel @@ -78,11 +86,11 @@ support, archive support, and multiple signature languages for detecting threats. -%package -n libclamav7 +%package -n libclamav9 Summary: ClamAV antivirus engine runtime Group: System/Libraries -%description -n libclamav7 +%description -n libclamav9 ClamAV is an antivirus engine designed for detecting trojans, viruses, malware and other malicious threats. @@ -97,7 +105,7 @@ %package devel Summary: Development files for libclamav, an antivirus engine Group: Development/Libraries/C and C++ -Requires: libclamav7 = %version +Requires: libclamav9 = %version %description devel ClamAV is an antivirus engine designed for detecting trojans, @@ -113,6 +121,7 @@ %patch5 %patch6 %patch7 +%patch8 %build CFLAGS="-fstack-protector" @@ -135,7 +144,10 @@ --enable-clamdtop \ --disable-zlib-vcheck \ --disable-timestamps \ - --disable-yara + --disable-yara \ +%if %{without clammspack} + --with-system-libmspack +%endif make V=1 %?_smp_mflags @@ -150,8 +162,8 @@ # libclammspack is not meant to be linked against by anything but # libclamav -rm %buildroot%_libdir/pkgconfig/libclammspack.pc -rm %buildroot%_libdir/libclammspack.so +rm -f %buildroot%_libdir/pkgconfig/libclammspack.pc +rm -f %buildroot%_libdir/libclammspack.so # fix the new config file names pushd %buildroot%_sysconfdir @@ -181,8 +193,8 @@ VALGRIND_GENSUP=1 make check %endif -%post -n libclamav7 -p /sbin/ldconfig -%postun -n libclamav7 -p /sbin/ldconfig +%post -n libclamav9 -p /sbin/ldconfig +%postun -n libclamav9 -p /sbin/ldconfig %post -n libclammspack0 -p /sbin/ldconfig %postun -n libclammspack0 -p /sbin/ldconfig @@ -194,7 +206,7 @@ %_unitdir/clamav-milter.service %_tmpfilesdir %license COPYING* -%doc docs/*.pdf docs/html +%doc docs/html/* %_mandir/*/* %_bindir/* %_sbindir/* @@ -203,11 +215,13 @@ %dir /var/lib/clamav %ghost %attr(755,vscan,vscan) /run/clamav -%files -n libclamav7 -%_libdir/libclam*.so.7* +%files -n libclamav9 +%_libdir/libclam*.so.9* +%if %{with clammspack} %files -n libclammspack0 %_libdir/libclammspack.so.0* +%endif %files devel %_libdir/pkgconfig/* ++++++ clamav-0.100.2.tar.gz -> clamav-0.101.2.tar.gz ++++++ /work/SRC/openSUSE:Factory/clamav/clamav-0.100.2.tar.gz /work/SRC/openSUSE:Factory/.clamav.new.3908/clamav-0.101.2.tar.gz differ: char 5, line 1 ++++++ clamav-conf.patch ++++++ --- /var/tmp/diff_new_pack.XithNk/_old 2019-04-04 15:27:43.478905385 +0200 +++ /var/tmp/diff_new_pack.XithNk/_new 2019-04-04 15:27:43.478905385 +0200 @@ -140,7 +140,7 @@ # Stop daemon when libclamav reports out of memory condition. #ExitOnOOM yes -@@ -598,6 +594,10 @@ Example +@@ -613,6 +609,10 @@ Example ## ## On-access Scan Settings ## @@ -197,7 +197,7 @@ # Use DNS to verify virus database version. Freshclam uses DNS TXT records # to verify database and software versions. With this directive you can change -@@ -132,7 +128,7 @@ DatabaseMirror database.clamav.net +@@ -127,7 +123,7 @@ DatabaseMirror database.clamav.net # Send the RELOAD command to clamd. # Default: no ++++++ clamav-disable-timestamps.patch ++++++ --- /var/tmp/diff_new_pack.XithNk/_old 2019-04-04 15:27:43.486905388 +0200 +++ /var/tmp/diff_new_pack.XithNk/_new 2019-04-04 15:27:43.486905388 +0200 @@ -27,7 +27,7 @@ strncat(buf, "WARNING: sizeof(fp_digit) == sizeof(fp_word), this build is likely to not work properly.\n", --- configure.orig +++ configure -@@ -801,6 +801,7 @@ FGREP +@@ -812,6 +812,7 @@ FGREP SED LIBTOOL LIBCLAMAV_VERSION @@ -35,24 +35,24 @@ EGREP GREP CPP -@@ -903,6 +904,7 @@ ac_user_opts=' +@@ -922,6 +923,7 @@ ac_user_opts=' enable_option_checking - enable_silent_rules enable_dependency_tracking + enable_silent_rules +enable_timestamps enable_static enable_shared with_pic -@@ -1619,6 +1621,8 @@ Optional Features: - --disable-dependency-tracking - speeds up one-time build +@@ -1641,6 +1643,8 @@ Optional Features: + --enable-silent-rules less verbose build output (undo: "make V=1") + --disable-silent-rules verbose build output (undo: "make V=0") --enable-static[=PKGS] build static libraries [default=no] + --enable-timestamps Enable embedding timestamp information in build + (default is YES) --enable-shared[=PKGS] build shared libraries [default=yes] --enable-fast-install[=PKGS] optimize for fast installation [default=yes] -@@ -5219,6 +5223,26 @@ $as_echo "$ac_cv_safe_to_define___extens +@@ -5923,6 +5927,26 @@ $as_echo "$ac_cv_safe_to_define___extens $as_echo "#define _TANDEM_SOURCE 1" >>confdefs.h @@ -78,4 +78,4 @@ +_ACEOF - VERSION="0.100.2" + VERSION="0.101.2" ++++++ clamav-disable-yara.patch ++++++ --- /var/tmp/diff_new_pack.XithNk/_old 2019-04-04 15:27:43.494905390 +0200 +++ /var/tmp/diff_new_pack.XithNk/_new 2019-04-04 15:27:43.494905390 +0200 @@ -29,7 +29,7 @@ # ----------- clamd tests -------------------------------------------------------- --- configure.orig +++ configure -@@ -24324,6 +24324,7 @@ if test "$enable_yara" = "yes"; then +@@ -28446,6 +28446,7 @@ if test "$enable_yara" = "yes"; then $as_echo "#define HAVE_YARA 1" >>confdefs.h ++++++ clamav-max_patch.patch ++++++ --- libclamav/others_common.c.orig +++ libclamav/others_common.c @@ -855,7 +855,7 @@ size_t sanitized_index = 0; char* sanitized_filepath = NULL; - if((NULL == filepath) || (0 == filepath_len) || (MAX_PATH < filepath_len)) { + if((NULL == filepath) || (0 == filepath_len) || (PATH_MAX < filepath_len)) { goto done; } ++++++ clamav-obsolete-config.patch ++++++ --- /var/tmp/diff_new_pack.XithNk/_old 2019-04-04 15:27:43.506905395 +0200 +++ /var/tmp/diff_new_pack.XithNk/_new 2019-04-04 15:27:43.506905395 +0200 @@ -1,6 +1,6 @@ --- shared/optparser.c.orig +++ shared/optparser.c -@@ -505,6 +505,13 @@ const struct clam_option __clam_options[ +@@ -517,6 +517,13 @@ const struct clam_option __clam_options[ { "ClamukoExcludeUID", NULL, 0, CLOPT_TYPE_NUMBER, MATCH_NUMBER, -1, NULL, FLAG_MULTIPLE, OPT_CLAMD | OPT_DEPRECATED, "", "" }, { "ClamukoMaxFileSize", NULL, 0, CLOPT_TYPE_SIZE, MATCH_SIZE, 5242880, NULL, 0, OPT_CLAMD | OPT_DEPRECATED, "", "" }, { "AllowSupplementaryGroups", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_MILTER | OPT_DEPRECATED, "Initialize a supplementary group access (the process must be started by root).", "no" }, ++++++ clamav-str-h.patch ++++++ --- libclamav/others_common.c.orig +++ libclamav/others_common.c @@ -54,6 +54,7 @@ #endif #include "clamav.h" +#include "str.h" #include "others.h" #include "platform.h" #include "regex/regex.h"
