--- Begin Message ---
Package: release.debian.org
User: release.debian....@packages.debian.org
Usertags: pu
Tags: stretch
Severity: normal
clamav upstream published a new version which contains security relevant
bug fixes, one of them has CVE-2018-15378 assigned.
We have 0.100.2 in unstable since last week and this Stretch version
runs on one of my servers.
Attaching a debdiff with the docs/ folder filtered out.
Sebastian
diff -Nru clamav-0.100.1+dfsg/clamd/clamd.c clamav-0.100.2+dfsg/clamd/clamd.c
--- clamav-0.100.1+dfsg/clamd/clamd.c 2018-06-27 21:12:10.000000000 +0200
+++ clamav-0.100.2+dfsg/clamd/clamd.c 2018-09-19 21:29:07.000000000 +0200
@@ -370,6 +370,15 @@
break;
}
+ /* TODO: Re-enable OnAccessExtraScanning once the thread resource
consumption issue is resolved. */
+ if(optget(opts, "OnAccessExtraScanning")->enabled) {
+ logg("*ScanOnAccess: OnAccessExtraScanning was requested, but has "
+ "been disabled due to a known issue with thread resource "
+ "cleanup. The OnAccessExtraScanning feature will be "
+ "re-enabled in a future release when the issue is resolved. "
+ "For details, see:
https://bugzilla.clamav.net/show_bug.cgi?id=12048\n";);
+ }
+
if(!(engine = cl_engine_new())) {
logg("!Can't initialize antivirus engine\n");
ret = 1;
diff -Nru clamav-0.100.1+dfsg/clamd/onaccess_ddd.c
clamav-0.100.2+dfsg/clamd/onaccess_ddd.c
--- clamav-0.100.1+dfsg/clamd/onaccess_ddd.c 2018-06-27 21:12:10.000000000
+0200
+++ clamav-0.100.2+dfsg/clamd/onaccess_ddd.c 2018-09-19 21:29:07.000000000
+0200
@@ -385,9 +385,12 @@
}
}
+ /* TODO: Re-enable OnAccessExtraScanning once the thread resource
consumption issue is resolved. */
+#if 0
if(optget(tharg->opts, "OnAccessExtraScanning")->enabled) {
logg("ScanOnAccess: Extra scanning and notifications
enabled.\n");
- }
+}
+ #endif
FD_ZERO(&rfds);
@@ -476,6 +479,9 @@
const char *path, const char *child_path, const struct
inotify_event *event, int wd, uint64_t in_mask) {
struct stat s;
+
+ /* TODO: Re-enable OnAccessExtraScanning once the thread resource
consumption issue is resolved. */
+#if 0
if (optget(tharg->opts, "OnAccessExtraScanning")->enabled) {
if(stat(child_path, &s) == 0 && S_ISREG(s.st_mode)) {
onas_ddd_handle_extra_scanning(tharg, child_path,
ONAS_SCTH_ISFILE);
@@ -487,8 +493,10 @@
onas_ddd_handle_extra_scanning(tharg, child_path,
ONAS_SCTH_ISDIR);
}
- } else {
-
+ }
+ else
+#endif
+ {
if(stat(child_path, &s) == 0 && S_ISREG(s.st_mode)) return;
if(!(event->mask & IN_ISDIR)) return;
@@ -504,6 +512,8 @@
const char *path, const char *child_path, const struct
inotify_event *event, int wd, uint64_t in_mask) {
struct stat s;
+ /* TODO: Re-enable OnAccessExtraScanning once the thread resource
consumption issue is resolved. */
+#if 0
if (optget(tharg->opts, "OnAccessExtraScanning")->enabled) {
if(stat(child_path, &s) == 0 && S_ISREG(s.st_mode)) {
onas_ddd_handle_extra_scanning(tharg, child_path,
ONAS_SCTH_ISFILE);
@@ -515,7 +525,10 @@
onas_ddd_handle_extra_scanning(tharg, child_path,
ONAS_SCTH_ISDIR);
}
- } else {
+ }
+ else
+#endif
+ {
if(stat(child_path, &s) == 0 && S_ISREG(s.st_mode)) return;
if(!(event->mask & IN_ISDIR)) return;
diff -Nru clamav-0.100.1+dfsg/clamd/onaccess_fan.c
clamav-0.100.2+dfsg/clamd/onaccess_fan.c
--- clamav-0.100.1+dfsg/clamd/onaccess_fan.c 2018-06-27 21:12:10.000000000
+0200
+++ clamav-0.100.2+dfsg/clamd/onaccess_fan.c 2018-09-19 21:29:07.000000000
+0200
@@ -252,9 +252,14 @@
if((check = onas_fan_checkowner(fmd->pid, tharg->opts))) {
scan = 0;
- if (check != CHK_SELF || !(optget(tharg->opts,
"OnAccessExtraScanning")->enabled)) {
- logg("*ScanOnAccess: %s skipped (excluded UID)\n",
fname);
- }
+ /* TODO: Re-enable OnAccessExtraScanning once the thread resource
consumption issue is resolved. */
+ #if 0
+ if ((check != CHK_SELF) || !(optget(tharg->opts,
"OnAccessExtraScanning")->enabled)) {
+ #else
+ if (check != CHK_SELF) {
+ #endif
+ logg("*ScanOnAccess: %s skipped (excluded
UID)\n", fname);
+ }
}
if(sizelimit) {
diff -Nru clamav-0.100.1+dfsg/configure clamav-0.100.2+dfsg/configure
--- clamav-0.100.1+dfsg/configure 2018-06-27 21:12:10.000000000 +0200
+++ clamav-0.100.2+dfsg/configure 2018-09-19 21:29:07.000000000 +0200
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for ClamAV 0.100.1.
+# Generated by GNU Autoconf 2.69 for ClamAV 0.100.2.
#
# Report bugs to <https://bugzilla.clamav.net/>.
#
@@ -592,8 +592,8 @@
# Identity of this package.
PACKAGE_NAME='ClamAV'
PACKAGE_TARNAME='clamav'
-PACKAGE_VERSION='0.100.1'
-PACKAGE_STRING='ClamAV 0.100.1'
+PACKAGE_VERSION='0.100.2'
+PACKAGE_STRING='ClamAV 0.100.2'
PACKAGE_BUGREPORT='https://bugzilla.clamav.net/'
PACKAGE_URL='https://www.clamav.net/'
@@ -1533,7 +1533,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures ClamAV 0.100.1 to adapt to many kinds of systems.
+\`configure' configures ClamAV 0.100.2 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1604,7 +1604,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of ClamAV 0.100.1:";;
+ short | recursive ) echo "Configuration of ClamAV 0.100.2:";;
esac
cat <<\_ACEOF
@@ -1825,7 +1825,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-ClamAV configure 0.100.1
+ClamAV configure 0.100.2
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2294,7 +2294,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by ClamAV $as_me 0.100.1, which was
+It was created by ClamAV $as_me 0.100.2, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@@ -3480,7 +3480,7 @@
# Define the identity of the package.
PACKAGE='clamav'
- VERSION='0.100.1'
+ VERSION='0.100.2'
# Some tools Automake needs.
@@ -5221,7 +5221,7 @@
-VERSION="0.100.1"
+VERSION="0.100.2"
LC_CURRENT=8
LC_REVISION=1
@@ -25787,7 +25787,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by ClamAV $as_me 0.100.1, which was
+This file was extended by ClamAV $as_me 0.100.2, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -25854,7 +25854,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //;
s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-ClamAV config.status 0.100.1
+ClamAV config.status 0.100.2
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
@@ -28400,7 +28400,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by ClamAV $as_me 0.100.1, which was
+This file was extended by ClamAV $as_me 0.100.2, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -28467,7 +28467,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //;
s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-ClamAV config.status 0.100.1
+ClamAV config.status 0.100.2
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
diff -Nru clamav-0.100.1+dfsg/configure.ac clamav-0.100.2+dfsg/configure.ac
--- clamav-0.100.1+dfsg/configure.ac 2018-06-27 21:12:10.000000000 +0200
+++ clamav-0.100.2+dfsg/configure.ac 2018-09-19 21:29:07.000000000 +0200
@@ -20,7 +20,7 @@
AC_PREREQ([2.59])
dnl For a release change [devel] to the real version [0.xy]
dnl also change VERSION below
-AC_INIT([ClamAV], [0.100.1], [https://bugzilla.clamav.net/], [clamav],
[https://www.clamav.net/])
+AC_INIT([ClamAV], [0.100.2], [https://bugzilla.clamav.net/], [clamav],
[https://www.clamav.net/])
AH_BOTTOM([#include "platform.h"])
dnl put configure auxiliary into config
diff -Nru clamav-0.100.1+dfsg/debian/changelog
clamav-0.100.2+dfsg/debian/changelog
--- clamav-0.100.1+dfsg/debian/changelog 2018-07-21 13:13:59.000000000
+0200
+++ clamav-0.100.2+dfsg/debian/changelog 2018-10-12 23:44:44.000000000
+0200
@@ -1,3 +1,14 @@
+clamav (0.100.2+dfsg-0+deb9u1) stretch; urgency=medium
+
+ * Import new upstream
+ - Bump symbol version due to new version.
+ - CVE-2018-15378 (Closes: #910430).
+ * add NEWS.md and README.md from upstream
+ * Fix infinite loop in dpkg-reconfigure, Patch by Santiago Ruano Rincón
+ (Closes: #905044).
+
+ -- Sebastian Andrzej Siewior <sebast...@breakpoint.cc> Fri, 12 Oct 2018
23:44:44 +0200
+
clamav (0.100.1+dfsg-0+deb9u1) stretch; urgency=medium
[ Scott Kitterman ]
diff -Nru clamav-0.100.1+dfsg/debian/clamav-base.docs
clamav-0.100.2+dfsg/debian/clamav-base.docs
--- clamav-0.100.1+dfsg/debian/clamav-base.docs 2018-07-17 23:50:14.000000000
+0200
+++ clamav-0.100.2+dfsg/debian/clamav-base.docs 2018-10-12 23:44:00.000000000
+0200
@@ -1,2 +1,4 @@
-debian/README.Debian
debian/NEWS.Debian
+debian/README.Debian
+NEWS.md
+README.md
diff -Nru clamav-0.100.1+dfsg/debian/clamav-daemon.config.in
clamav-0.100.2+dfsg/debian/clamav-daemon.config.in
--- clamav-0.100.1+dfsg/debian/clamav-daemon.config.in 2018-07-17
23:50:14.000000000 +0200
+++ clamav-0.100.2+dfsg/debian/clamav-daemon.config.in 2018-10-12
23:44:09.000000000 +0200
@@ -363,7 +363,7 @@
StateGeneric low clamav-daemon/MaxZipTypeRcg SelfCheck MaxScriptNormalize
;;
"SelfCheck")
- StateGeneric low clamav-daemon/SelfCheck MaxZipTypeRcg
+ StateGeneric low clamav-daemon/SelfCheck User MaxZipTypeRcg
;;
"User")
StateUser
diff -Nru clamav-0.100.1+dfsg/debian/clamav-docs.docs
clamav-0.100.2+dfsg/debian/clamav-docs.docs
--- clamav-0.100.1+dfsg/debian/clamav-docs.docs 2018-07-17 23:50:14.000000000
+0200
+++ clamav-0.100.2+dfsg/debian/clamav-docs.docs 2018-10-12 23:44:00.000000000
+0200
@@ -1,5 +1,7 @@
+debian/NEWS.Debian
+debian/README.Debian
+docs/html
docs/*.pdf
docs/*.tex
-docs/html
-debian/README.Debian
-debian/NEWS.Debian
+NEWS.md
+README.md
diff -Nru clamav-0.100.1+dfsg/debian/clamav-freshclam.docs
clamav-0.100.2+dfsg/debian/clamav-freshclam.docs
--- clamav-0.100.1+dfsg/debian/clamav-freshclam.docs 2018-07-17
23:50:14.000000000 +0200
+++ clamav-0.100.2+dfsg/debian/clamav-freshclam.docs 2018-10-12
23:43:54.000000000 +0200
@@ -1 +1,3 @@
debian/mirror-list
+NEWS.md
+README.md
diff -Nru clamav-0.100.1+dfsg/debian/clamav-milter.docs
clamav-0.100.2+dfsg/debian/clamav-milter.docs
--- clamav-0.100.1+dfsg/debian/clamav-milter.docs 2018-07-17
23:50:14.000000000 +0200
+++ clamav-0.100.2+dfsg/debian/clamav-milter.docs 2018-10-12
23:44:00.000000000 +0200
@@ -1,2 +1,4 @@
-debian/README.Debian
debian/NEWS.Debian
+debian/README.Debian
+NEWS.md
+README.md
diff -Nru clamav-0.100.1+dfsg/debian/.git-dpm
clamav-0.100.2+dfsg/debian/.git-dpm
--- clamav-0.100.1+dfsg/debian/.git-dpm 2018-07-17 23:50:14.000000000 +0200
+++ clamav-0.100.2+dfsg/debian/.git-dpm 2018-10-12 23:40:33.000000000 +0200
@@ -1,8 +1,8 @@
# see git-dpm(1) from git-dpm package
-b1bdfd655f270af03538a25d189095efaa52ddd6
-b1bdfd655f270af03538a25d189095efaa52ddd6
-55ea9dfcd703c0c578f89bb9c47cc583f9294ed7
-55ea9dfcd703c0c578f89bb9c47cc583f9294ed7
-clamav_0.100.1+dfsg.orig.tar.xz
-b070d819823d049a49d09837beafe166da264c41
-5476520
+bbcdc6df300f60cc7a6bce9e09bfb37debe7acc4
+bbcdc6df300f60cc7a6bce9e09bfb37debe7acc4
+68108793a1993896cd0b7f0366811db68d598fc0
+68108793a1993896cd0b7f0366811db68d598fc0
+clamav_0.100.2+dfsg.orig.tar.xz
+5732f4ae7213045e3680a483417b6891f3b6e84a
+5303356
diff -Nru clamav-0.100.1+dfsg/debian/libclamav7.docs
clamav-0.100.2+dfsg/debian/libclamav7.docs
--- clamav-0.100.1+dfsg/debian/libclamav7.docs 2018-07-17 23:50:14.000000000
+0200
+++ clamav-0.100.2+dfsg/debian/libclamav7.docs 2018-10-12 23:44:00.000000000
+0200
@@ -1,2 +1,4 @@
-debian/README.Debian
debian/NEWS.Debian
+debian/README.Debian
+NEWS.md
+README.md
diff -Nru clamav-0.100.1+dfsg/debian/libclamav7.symbols
clamav-0.100.2+dfsg/debian/libclamav7.symbols
--- clamav-0.100.1+dfsg/debian/libclamav7.symbols 2018-07-21
13:06:31.000000000 +0200
+++ clamav-0.100.2+dfsg/debian/libclamav7.symbols 2018-10-12
23:43:38.000000000 +0200
@@ -1,15 +1,15 @@
libclamav.so.7 libclamav7 #MINVER#
- CLAMAV_PRIVATE@CLAMAV_PRIVATE 0.100.1
+ CLAMAV_PRIVATE@CLAMAV_PRIVATE 0.100.2
CLAMAV_PUBLIC@CLAMAV_PUBLIC 0.99~rc1
- base64Flush@CLAMAV_PRIVATE 0.100.1
- blobAddData@CLAMAV_PRIVATE 0.100.1
- blobCreate@CLAMAV_PRIVATE 0.100.1
- blobDestroy@CLAMAV_PRIVATE 0.100.1
- cl_ASN1_GetTimeT@CLAMAV_PRIVATE 0.100.1
+ base64Flush@CLAMAV_PRIVATE 0.100.2
+ blobAddData@CLAMAV_PRIVATE 0.100.2
+ blobCreate@CLAMAV_PRIVATE 0.100.2
+ blobDestroy@CLAMAV_PRIVATE 0.100.2
+ cl_ASN1_GetTimeT@CLAMAV_PRIVATE 0.100.2
cl_always_gen_section_hash@CLAMAV_PUBLIC 0.99~rc1
- cl_base64_decode@CLAMAV_PRIVATE 0.100.1
- cl_base64_encode@CLAMAV_PRIVATE 0.100.1
- cl_cleanup_crypto@CLAMAV_PRIVATE 0.100.1
+ cl_base64_decode@CLAMAV_PRIVATE 0.100.2
+ cl_base64_encode@CLAMAV_PRIVATE 0.100.2
+ cl_cleanup_crypto@CLAMAV_PRIVATE 0.100.2
cl_countsigs@CLAMAV_PUBLIC 0.99~rc1
cl_cvdfree@CLAMAV_PUBLIC 0.99~rc1
cl_cvdhead@CLAMAV_PUBLIC 0.99~rc1
@@ -49,21 +49,21 @@
cl_fmap_close@CLAMAV_PUBLIC 0.99~rc1
cl_fmap_open_handle@CLAMAV_PUBLIC 0.99~rc1
cl_fmap_open_memory@CLAMAV_PUBLIC 0.99~rc1
- cl_get_pkey_file@CLAMAV_PRIVATE 0.100.1
- cl_get_x509_from_mem@CLAMAV_PRIVATE 0.100.1
- cl_hash_data@CLAMAV_PRIVATE 0.100.1
+ cl_get_pkey_file@CLAMAV_PRIVATE 0.100.2
+ cl_get_x509_from_mem@CLAMAV_PRIVATE 0.100.2
+ cl_hash_data@CLAMAV_PRIVATE 0.100.2
cl_hash_destroy@CLAMAV_PUBLIC 0.99~rc1
- cl_hash_file_fd@CLAMAV_PRIVATE 0.100.1
- cl_hash_file_fd_ctx@CLAMAV_PRIVATE 0.100.1
- cl_hash_file_fp@CLAMAV_PRIVATE 0.100.1
+ cl_hash_file_fd@CLAMAV_PRIVATE 0.100.2
+ cl_hash_file_fd_ctx@CLAMAV_PRIVATE 0.100.2
+ cl_hash_file_fp@CLAMAV_PRIVATE 0.100.2
cl_hash_init@CLAMAV_PUBLIC 0.99~rc1
cl_init@CLAMAV_PUBLIC 0.99~rc1
- cl_initialize_crypto@CLAMAV_PRIVATE 0.100.1
+ cl_initialize_crypto@CLAMAV_PRIVATE 0.100.2
cl_load@CLAMAV_PUBLIC 0.99~rc1
- cl_load_cert@CLAMAV_PRIVATE 0.100.1
- cl_load_crl@CLAMAV_PRIVATE 0.100.1
+ cl_load_cert@CLAMAV_PRIVATE 0.100.2
+ cl_load_crl@CLAMAV_PRIVATE 0.100.2
cl_retdbdir@CLAMAV_PUBLIC 0.99~rc1
- cl_retflevel@CLAMAV_PUBLIC 0.100.1
+ cl_retflevel@CLAMAV_PUBLIC 0.100.2
cl_retver@CLAMAV_PUBLIC 0.99~rc1
cl_scandesc@CLAMAV_PUBLIC 0.99~rc1
cl_scandesc_callback@CLAMAV_PUBLIC 0.99~rc1
@@ -71,182 +71,182 @@
cl_scanfile_callback@CLAMAV_PUBLIC 0.99~rc1
cl_scanmap_callback@CLAMAV_PUBLIC 0.99~rc1
cl_set_clcb_msg@CLAMAV_PUBLIC 0.99~rc1
- cl_sha1@CLAMAV_PRIVATE 0.100.1
- cl_sha256@CLAMAV_PRIVATE 0.100.1
- cl_sign_data@CLAMAV_PRIVATE 0.100.1
- cl_sign_data_keyfile@CLAMAV_PRIVATE 0.100.1
- cl_sign_file_fd@CLAMAV_PRIVATE 0.100.1
- cl_sign_file_fp@CLAMAV_PRIVATE 0.100.1
+ cl_sha1@CLAMAV_PRIVATE 0.100.2
+ cl_sha256@CLAMAV_PRIVATE 0.100.2
+ cl_sign_data@CLAMAV_PRIVATE 0.100.2
+ cl_sign_data_keyfile@CLAMAV_PRIVATE 0.100.2
+ cl_sign_file_fd@CLAMAV_PRIVATE 0.100.2
+ cl_sign_file_fp@CLAMAV_PRIVATE 0.100.2
cl_statchkdir@CLAMAV_PUBLIC 0.99~rc1
cl_statfree@CLAMAV_PUBLIC 0.99~rc1
cl_statinidir@CLAMAV_PUBLIC 0.99~rc1
cl_strerror@CLAMAV_PUBLIC 0.99~rc1
cl_update_hash@CLAMAV_PUBLIC 0.99~rc1
- cl_validate_certificate_chain@CLAMAV_PRIVATE 0.100.1
- cl_validate_certificate_chain_ts_dir@CLAMAV_PRIVATE 0.100.1
- cl_verify_signature@CLAMAV_PRIVATE 0.100.1
- cl_verify_signature_fd@CLAMAV_PRIVATE 0.100.1
- cl_verify_signature_fd_x509@CLAMAV_PRIVATE 0.100.1
- cl_verify_signature_fd_x509_keyfile@CLAMAV_PRIVATE 0.100.1
- cl_verify_signature_hash@CLAMAV_PRIVATE 0.100.1
- cl_verify_signature_hash_x509@CLAMAV_PRIVATE 0.100.1
- cl_verify_signature_hash_x509_keyfile@CLAMAV_PRIVATE 0.100.1
- cl_verify_signature_x509@CLAMAV_PRIVATE 0.100.1
- cl_verify_signature_x509_keyfile@CLAMAV_PRIVATE 0.100.1
- cli_ac_buildtrie@CLAMAV_PRIVATE 0.100.1
- cli_ac_chklsig@CLAMAV_PRIVATE 0.100.1
- cli_ac_free@CLAMAV_PRIVATE 0.100.1
- cli_ac_freedata@CLAMAV_PRIVATE 0.100.1
- cli_ac_init@CLAMAV_PRIVATE 0.100.1
- cli_ac_initdata@CLAMAV_PRIVATE 0.100.1
- cli_ac_scanbuff@CLAMAV_PRIVATE 0.100.1
- cli_bm_free@CLAMAV_PRIVATE 0.100.1
- cli_bm_init@CLAMAV_PRIVATE 0.100.1
- cli_bm_scanbuff@CLAMAV_PRIVATE 0.100.1
- cli_build_regex_list@CLAMAV_PRIVATE 0.100.1
- cli_bytecode_context_alloc@CLAMAV_PRIVATE 0.100.1
- cli_bytecode_context_clear@CLAMAV_PRIVATE 0.100.1
- cli_bytecode_context_destroy@CLAMAV_PRIVATE 0.100.1
- cli_bytecode_context_getresult_int@CLAMAV_PRIVATE 0.100.1
- cli_bytecode_context_set_trace@CLAMAV_PRIVATE 0.100.1
- cli_bytecode_context_setfile@CLAMAV_PRIVATE 0.100.1
- cli_bytecode_context_setfuncid@CLAMAV_PRIVATE 0.100.1
- cli_bytecode_context_setparam_int@CLAMAV_PRIVATE 0.100.1
- cli_bytecode_context_setparam_ptr@CLAMAV_PRIVATE 0.100.1
- cli_bytecode_debug@CLAMAV_PRIVATE 0.100.1
- cli_bytecode_debug_printsrc@CLAMAV_PRIVATE 0.100.1
- cli_bytecode_describe@CLAMAV_PRIVATE 0.100.1
- cli_bytecode_destroy@CLAMAV_PRIVATE 0.100.1
- cli_bytecode_done@CLAMAV_PRIVATE 0.100.1
- cli_bytecode_init@CLAMAV_PRIVATE 0.100.1
- cli_bytecode_load@CLAMAV_PRIVATE 0.100.1
- cli_bytecode_prepare2@CLAMAV_PRIVATE 0.100.1
- cli_bytecode_printversion@CLAMAV_PRIVATE 0.100.1
- cli_bytecode_run@CLAMAV_PRIVATE 0.100.1
- cli_bytefunc_describe@CLAMAV_PRIVATE 0.100.1
- cli_byteinst_describe@CLAMAV_PRIVATE 0.100.1
- cli_bytetype_describe@CLAMAV_PRIVATE 0.100.1
- cli_bytevalue_describe@CLAMAV_PRIVATE 0.100.1
- cli_calloc@CLAMAV_PRIVATE 0.100.1
- cli_checkfp_pe@CLAMAV_PRIVATE 0.100.1
- cli_chomp@CLAMAV_PRIVATE 0.100.1
- cli_ctime@CLAMAV_PRIVATE 0.100.1
- cli_cvdunpack@CLAMAV_PRIVATE 0.100.1
- cli_dbgmsg_internal@CLAMAV_PRIVATE 0.100.1
- cli_dconf_init@CLAMAV_PRIVATE 0.100.1
- cli_debug_flag@CLAMAV_PRIVATE 0.100.1
- cli_detect_environment@CLAMAV_PRIVATE 0.100.1
- cli_disasm_one@CLAMAV_PRIVATE 0.100.1
- cli_errmsg@CLAMAV_PRIVATE 0.100.1
- cli_filecopy@CLAMAV_PRIVATE 0.100.1
- cli_fmap_scandesc@CLAMAV_PRIVATE 0.100.1
- cli_ftw@CLAMAV_PRIVATE 0.100.1
- cli_genhash_pe@CLAMAV_PRIVATE 0.100.1
- cli_gentemp@CLAMAV_PRIVATE 0.100.1
- cli_gentempfd@CLAMAV_PRIVATE 0.100.1
- cli_gettmpdir@CLAMAV_PRIVATE 0.100.1
- cli_hashfile@CLAMAV_PRIVATE 0.100.1
- cli_hashset_destroy@CLAMAV_PRIVATE 0.100.1
- cli_hashstream@CLAMAV_PRIVATE 0.100.1
- cli_hex2str@CLAMAV_PRIVATE 0.100.1
- cli_hex2ui@CLAMAV_PRIVATE 0.100.1
- cli_initroots@CLAMAV_PRIVATE 0.100.1
- cli_isnumber@CLAMAV_PRIVATE 0.100.1
- cli_js_destroy@CLAMAV_PRIVATE 0.100.1
- cli_js_init@CLAMAV_PRIVATE 0.100.1
- cli_js_output@CLAMAV_PRIVATE 0.100.1
- cli_js_parse_done@CLAMAV_PRIVATE 0.100.1
- cli_js_process_buffer@CLAMAV_PRIVATE 0.100.1
- cli_ldbtokenize@CLAMAV_PRIVATE 0.100.1
- cli_malloc@CLAMAV_PRIVATE 0.100.1
- cli_memstr@CLAMAV_PRIVATE 0.100.1
- cli_ole2_extract@CLAMAV_PRIVATE 0.100.1
- cli_parse_add@CLAMAV_PRIVATE 0.100.1
- cli_pcre_build@CLAMAV_PRIVATE 0.100.1
- cli_pcre_freeoff@CLAMAV_PRIVATE 0.100.1
- cli_pcre_init@CLAMAV_PRIVATE 0.100.1
- cli_pcre_perf_events_destroy@CLAMAV_PRIVATE 0.100.1
- cli_pcre_perf_print@CLAMAV_PRIVATE 0.100.1
- cli_pcre_recaloff@CLAMAV_PRIVATE 0.100.1
- cli_pcre_scanbuf@CLAMAV_PRIVATE 0.100.1
- cli_ppt_vba_read@CLAMAV_PRIVATE 0.100.1
- cli_printcxxver@CLAMAV_PRIVATE 0.100.1
- cli_readn@CLAMAV_PRIVATE 0.100.1
- cli_realloc@CLAMAV_PRIVATE 0.100.1
- cli_regcomp@CLAMAV_PRIVATE 0.100.1
- cli_regex2suffix@CLAMAV_PRIVATE 0.100.1
- cli_regexec@CLAMAV_PRIVATE 0.100.1
- cli_regfree@CLAMAV_PRIVATE 0.100.1
- cli_rmdirs@CLAMAV_PRIVATE 0.100.1
- cli_rndnum@CLAMAV_PRIVATE 0.100.1
- cli_scanbuff@CLAMAV_PRIVATE 0.100.1
- cli_sigopts_handler@CLAMAV_PRIVATE 0.100.1
- cli_sigperf_events_destroy@CLAMAV_PRIVATE 0.100.1
- cli_sigperf_print@CLAMAV_PRIVATE 0.100.1
- cli_str2hex@CLAMAV_PRIVATE 0.100.1
- cli_strbcasestr@CLAMAV_PRIVATE 0.100.1
- cli_strdup@CLAMAV_PRIVATE 0.100.1
- cli_strerror@CLAMAV_PRIVATE 0.100.1
- cli_strlcat@CLAMAV_PRIVATE 0.100.1
- cli_strlcpy@CLAMAV_PRIVATE 0.100.1
- cli_strrcpy@CLAMAV_PRIVATE 0.100.1
- cli_strtok@CLAMAV_PRIVATE 0.100.1
- cli_strtokbuf@CLAMAV_PRIVATE 0.100.1
- cli_strtokenize@CLAMAV_PRIVATE 0.100.1
- cli_textbuffer_append_normalize@CLAMAV_PRIVATE 0.100.1
- cli_unescape@CLAMAV_PRIVATE 0.100.1
- cli_unlink@CLAMAV_PRIVATE 0.100.1
- cli_url_canon@CLAMAV_PRIVATE 0.100.1
- cli_utf16_to_utf8@CLAMAV_PRIVATE 0.100.1
- cli_utf16toascii@CLAMAV_PRIVATE 0.100.1
- cli_vba_inflate@CLAMAV_PRIVATE 0.100.1
- cli_vba_readdir@CLAMAV_PRIVATE 0.100.1
- cli_versig2@CLAMAV_PRIVATE 0.100.1
- cli_versig@CLAMAV_PRIVATE 0.100.1
- cli_warnmsg@CLAMAV_PRIVATE 0.100.1
- cli_wm_decrypt_macro@CLAMAV_PRIVATE 0.100.1
- cli_wm_readdir@CLAMAV_PRIVATE 0.100.1
- cli_writen@CLAMAV_PRIVATE 0.100.1
- decodeLine@CLAMAV_PRIVATE 0.100.1
- disasmbuf@CLAMAV_PRIVATE 0.100.1
- fmap@CLAMAV_PRIVATE 0.100.1
- get_fpu_endian@CLAMAV_PRIVATE 0.100.1
- have_clamjit@CLAMAV_PRIVATE 0.100.1
- have_rar@CLAMAV_PRIVATE 0.100.1
- html_normalise_map@CLAMAV_PRIVATE 0.100.1
- html_normalise_mem@CLAMAV_PRIVATE 0.100.1
- html_screnc_decode@CLAMAV_PRIVATE 0.100.1
- html_tag_arg_free@CLAMAV_PRIVATE 0.100.1
- init_domainlist@CLAMAV_PRIVATE 0.100.1
- init_regex_list@CLAMAV_PRIVATE 0.100.1
- init_whitelist@CLAMAV_PRIVATE 0.100.1
- is_regex_ok@CLAMAV_PRIVATE 0.100.1
- load_regex_matcher@CLAMAV_PRIVATE 0.100.1
+ cl_validate_certificate_chain@CLAMAV_PRIVATE 0.100.2
+ cl_validate_certificate_chain_ts_dir@CLAMAV_PRIVATE 0.100.2
+ cl_verify_signature@CLAMAV_PRIVATE 0.100.2
+ cl_verify_signature_fd@CLAMAV_PRIVATE 0.100.2
+ cl_verify_signature_fd_x509@CLAMAV_PRIVATE 0.100.2
+ cl_verify_signature_fd_x509_keyfile@CLAMAV_PRIVATE 0.100.2
+ cl_verify_signature_hash@CLAMAV_PRIVATE 0.100.2
+ cl_verify_signature_hash_x509@CLAMAV_PRIVATE 0.100.2
+ cl_verify_signature_hash_x509_keyfile@CLAMAV_PRIVATE 0.100.2
+ cl_verify_signature_x509@CLAMAV_PRIVATE 0.100.2
+ cl_verify_signature_x509_keyfile@CLAMAV_PRIVATE 0.100.2
+ cli_ac_buildtrie@CLAMAV_PRIVATE 0.100.2
+ cli_ac_chklsig@CLAMAV_PRIVATE 0.100.2
+ cli_ac_free@CLAMAV_PRIVATE 0.100.2
+ cli_ac_freedata@CLAMAV_PRIVATE 0.100.2
+ cli_ac_init@CLAMAV_PRIVATE 0.100.2
+ cli_ac_initdata@CLAMAV_PRIVATE 0.100.2
+ cli_ac_scanbuff@CLAMAV_PRIVATE 0.100.2
+ cli_bm_free@CLAMAV_PRIVATE 0.100.2
+ cli_bm_init@CLAMAV_PRIVATE 0.100.2
+ cli_bm_scanbuff@CLAMAV_PRIVATE 0.100.2
+ cli_build_regex_list@CLAMAV_PRIVATE 0.100.2
+ cli_bytecode_context_alloc@CLAMAV_PRIVATE 0.100.2
+ cli_bytecode_context_clear@CLAMAV_PRIVATE 0.100.2
+ cli_bytecode_context_destroy@CLAMAV_PRIVATE 0.100.2
+ cli_bytecode_context_getresult_int@CLAMAV_PRIVATE 0.100.2
+ cli_bytecode_context_set_trace@CLAMAV_PRIVATE 0.100.2
+ cli_bytecode_context_setfile@CLAMAV_PRIVATE 0.100.2
+ cli_bytecode_context_setfuncid@CLAMAV_PRIVATE 0.100.2
+ cli_bytecode_context_setparam_int@CLAMAV_PRIVATE 0.100.2
+ cli_bytecode_context_setparam_ptr@CLAMAV_PRIVATE 0.100.2
+ cli_bytecode_debug@CLAMAV_PRIVATE 0.100.2
+ cli_bytecode_debug_printsrc@CLAMAV_PRIVATE 0.100.2
+ cli_bytecode_describe@CLAMAV_PRIVATE 0.100.2
+ cli_bytecode_destroy@CLAMAV_PRIVATE 0.100.2
+ cli_bytecode_done@CLAMAV_PRIVATE 0.100.2
+ cli_bytecode_init@CLAMAV_PRIVATE 0.100.2
+ cli_bytecode_load@CLAMAV_PRIVATE 0.100.2
+ cli_bytecode_prepare2@CLAMAV_PRIVATE 0.100.2
+ cli_bytecode_printversion@CLAMAV_PRIVATE 0.100.2
+ cli_bytecode_run@CLAMAV_PRIVATE 0.100.2
+ cli_bytefunc_describe@CLAMAV_PRIVATE 0.100.2
+ cli_byteinst_describe@CLAMAV_PRIVATE 0.100.2
+ cli_bytetype_describe@CLAMAV_PRIVATE 0.100.2
+ cli_bytevalue_describe@CLAMAV_PRIVATE 0.100.2
+ cli_calloc@CLAMAV_PRIVATE 0.100.2
+ cli_checkfp_pe@CLAMAV_PRIVATE 0.100.2
+ cli_chomp@CLAMAV_PRIVATE 0.100.2
+ cli_ctime@CLAMAV_PRIVATE 0.100.2
+ cli_cvdunpack@CLAMAV_PRIVATE 0.100.2
+ cli_dbgmsg_internal@CLAMAV_PRIVATE 0.100.2
+ cli_dconf_init@CLAMAV_PRIVATE 0.100.2
+ cli_debug_flag@CLAMAV_PRIVATE 0.100.2
+ cli_detect_environment@CLAMAV_PRIVATE 0.100.2
+ cli_disasm_one@CLAMAV_PRIVATE 0.100.2
+ cli_errmsg@CLAMAV_PRIVATE 0.100.2
+ cli_filecopy@CLAMAV_PRIVATE 0.100.2
+ cli_fmap_scandesc@CLAMAV_PRIVATE 0.100.2
+ cli_ftw@CLAMAV_PRIVATE 0.100.2
+ cli_genhash_pe@CLAMAV_PRIVATE 0.100.2
+ cli_gentemp@CLAMAV_PRIVATE 0.100.2
+ cli_gentempfd@CLAMAV_PRIVATE 0.100.2
+ cli_gettmpdir@CLAMAV_PRIVATE 0.100.2
+ cli_hashfile@CLAMAV_PRIVATE 0.100.2
+ cli_hashset_destroy@CLAMAV_PRIVATE 0.100.2
+ cli_hashstream@CLAMAV_PRIVATE 0.100.2
+ cli_hex2str@CLAMAV_PRIVATE 0.100.2
+ cli_hex2ui@CLAMAV_PRIVATE 0.100.2
+ cli_initroots@CLAMAV_PRIVATE 0.100.2
+ cli_isnumber@CLAMAV_PRIVATE 0.100.2
+ cli_js_destroy@CLAMAV_PRIVATE 0.100.2
+ cli_js_init@CLAMAV_PRIVATE 0.100.2
+ cli_js_output@CLAMAV_PRIVATE 0.100.2
+ cli_js_parse_done@CLAMAV_PRIVATE 0.100.2
+ cli_js_process_buffer@CLAMAV_PRIVATE 0.100.2
+ cli_ldbtokenize@CLAMAV_PRIVATE 0.100.2
+ cli_malloc@CLAMAV_PRIVATE 0.100.2
+ cli_memstr@CLAMAV_PRIVATE 0.100.2
+ cli_ole2_extract@CLAMAV_PRIVATE 0.100.2
+ cli_parse_add@CLAMAV_PRIVATE 0.100.2
+ cli_pcre_build@CLAMAV_PRIVATE 0.100.2
+ cli_pcre_freeoff@CLAMAV_PRIVATE 0.100.2
+ cli_pcre_init@CLAMAV_PRIVATE 0.100.2
+ cli_pcre_perf_events_destroy@CLAMAV_PRIVATE 0.100.2
+ cli_pcre_perf_print@CLAMAV_PRIVATE 0.100.2
+ cli_pcre_recaloff@CLAMAV_PRIVATE 0.100.2
+ cli_pcre_scanbuf@CLAMAV_PRIVATE 0.100.2
+ cli_ppt_vba_read@CLAMAV_PRIVATE 0.100.2
+ cli_printcxxver@CLAMAV_PRIVATE 0.100.2
+ cli_readn@CLAMAV_PRIVATE 0.100.2
+ cli_realloc@CLAMAV_PRIVATE 0.100.2
+ cli_regcomp@CLAMAV_PRIVATE 0.100.2
+ cli_regex2suffix@CLAMAV_PRIVATE 0.100.2
+ cli_regexec@CLAMAV_PRIVATE 0.100.2
+ cli_regfree@CLAMAV_PRIVATE 0.100.2
+ cli_rmdirs@CLAMAV_PRIVATE 0.100.2
+ cli_rndnum@CLAMAV_PRIVATE 0.100.2
+ cli_scanbuff@CLAMAV_PRIVATE 0.100.2
+ cli_sigopts_handler@CLAMAV_PRIVATE 0.100.2
+ cli_sigperf_events_destroy@CLAMAV_PRIVATE 0.100.2
+ cli_sigperf_print@CLAMAV_PRIVATE 0.100.2
+ cli_str2hex@CLAMAV_PRIVATE 0.100.2
+ cli_strbcasestr@CLAMAV_PRIVATE 0.100.2
+ cli_strdup@CLAMAV_PRIVATE 0.100.2
+ cli_strerror@CLAMAV_PRIVATE 0.100.2
+ cli_strlcat@CLAMAV_PRIVATE 0.100.2
+ cli_strlcpy@CLAMAV_PRIVATE 0.100.2
+ cli_strrcpy@CLAMAV_PRIVATE 0.100.2
+ cli_strtok@CLAMAV_PRIVATE 0.100.2
+ cli_strtokbuf@CLAMAV_PRIVATE 0.100.2
+ cli_strtokenize@CLAMAV_PRIVATE 0.100.2
+ cli_textbuffer_append_normalize@CLAMAV_PRIVATE 0.100.2
+ cli_unescape@CLAMAV_PRIVATE 0.100.2
+ cli_unlink@CLAMAV_PRIVATE 0.100.2
+ cli_url_canon@CLAMAV_PRIVATE 0.100.2
+ cli_utf16_to_utf8@CLAMAV_PRIVATE 0.100.2
+ cli_utf16toascii@CLAMAV_PRIVATE 0.100.2
+ cli_vba_inflate@CLAMAV_PRIVATE 0.100.2
+ cli_vba_readdir@CLAMAV_PRIVATE 0.100.2
+ cli_versig2@CLAMAV_PRIVATE 0.100.2
+ cli_versig@CLAMAV_PRIVATE 0.100.2
+ cli_warnmsg@CLAMAV_PRIVATE 0.100.2
+ cli_wm_decrypt_macro@CLAMAV_PRIVATE 0.100.2
+ cli_wm_readdir@CLAMAV_PRIVATE 0.100.2
+ cli_writen@CLAMAV_PRIVATE 0.100.2
+ decodeLine@CLAMAV_PRIVATE 0.100.2
+ disasmbuf@CLAMAV_PRIVATE 0.100.2
+ fmap@CLAMAV_PRIVATE 0.100.2
+ get_fpu_endian@CLAMAV_PRIVATE 0.100.2
+ have_clamjit@CLAMAV_PRIVATE 0.100.2
+ have_rar@CLAMAV_PRIVATE 0.100.2
+ html_normalise_map@CLAMAV_PRIVATE 0.100.2
+ html_normalise_mem@CLAMAV_PRIVATE 0.100.2
+ html_screnc_decode@CLAMAV_PRIVATE 0.100.2
+ html_tag_arg_free@CLAMAV_PRIVATE 0.100.2
+ init_domainlist@CLAMAV_PRIVATE 0.100.2
+ init_regex_list@CLAMAV_PRIVATE 0.100.2
+ init_whitelist@CLAMAV_PRIVATE 0.100.2
+ is_regex_ok@CLAMAV_PRIVATE 0.100.2
+ load_regex_matcher@CLAMAV_PRIVATE 0.100.2
lsig_sub_matched@CLAMAV_PUBLIC 0.99~rc1
- messageCreate@CLAMAV_PRIVATE 0.100.1
- messageDestroy@CLAMAV_PRIVATE 0.100.1
- mpool_calloc@CLAMAV_PRIVATE 0.100.1
- mpool_create@CLAMAV_PRIVATE 0.100.1
- mpool_destroy@CLAMAV_PRIVATE 0.100.1
- mpool_free@CLAMAV_PRIVATE 0.100.1
- mpool_getstats@CLAMAV_PRIVATE 0.100.1
- phishingScan@CLAMAV_PRIVATE 0.100.1
- phishing_done@CLAMAV_PRIVATE 0.100.1
- phishing_init@CLAMAV_PRIVATE 0.100.1
- regex_list_add_pattern@CLAMAV_PRIVATE 0.100.1
- regex_list_done@CLAMAV_PRIVATE 0.100.1
- regex_list_match@CLAMAV_PRIVATE 0.100.1
- tableCreate@CLAMAV_PRIVATE 0.100.1
- tableDestroy@CLAMAV_PRIVATE 0.100.1
- tableFind@CLAMAV_PRIVATE 0.100.1
- tableInsert@CLAMAV_PRIVATE 0.100.1
- tableIterate@CLAMAV_PRIVATE 0.100.1
- tableRemove@CLAMAV_PRIVATE 0.100.1
- tableUpdate@CLAMAV_PRIVATE 0.100.1
- text_normalize_init@CLAMAV_PRIVATE 0.100.1
- text_normalize_map@CLAMAV_PRIVATE 0.100.1
- text_normalize_reset@CLAMAV_PRIVATE 0.100.1
- uniq_add@CLAMAV_PRIVATE 0.100.1
- uniq_free@CLAMAV_PRIVATE 0.100.1
- uniq_get@CLAMAV_PRIVATE 0.100.1
- uniq_init@CLAMAV_PRIVATE 0.100.1
+ messageCreate@CLAMAV_PRIVATE 0.100.2
+ messageDestroy@CLAMAV_PRIVATE 0.100.2
+ mpool_calloc@CLAMAV_PRIVATE 0.100.2
+ mpool_create@CLAMAV_PRIVATE 0.100.2
+ mpool_destroy@CLAMAV_PRIVATE 0.100.2
+ mpool_free@CLAMAV_PRIVATE 0.100.2
+ mpool_getstats@CLAMAV_PRIVATE 0.100.2
+ phishingScan@CLAMAV_PRIVATE 0.100.2
+ phishing_done@CLAMAV_PRIVATE 0.100.2
+ phishing_init@CLAMAV_PRIVATE 0.100.2
+ regex_list_add_pattern@CLAMAV_PRIVATE 0.100.2
+ regex_list_done@CLAMAV_PRIVATE 0.100.2
+ regex_list_match@CLAMAV_PRIVATE 0.100.2
+ tableCreate@CLAMAV_PRIVATE 0.100.2
+ tableDestroy@CLAMAV_PRIVATE 0.100.2
+ tableFind@CLAMAV_PRIVATE 0.100.2
+ tableInsert@CLAMAV_PRIVATE 0.100.2
+ tableIterate@CLAMAV_PRIVATE 0.100.2
+ tableRemove@CLAMAV_PRIVATE 0.100.2
+ tableUpdate@CLAMAV_PRIVATE 0.100.2
+ text_normalize_init@CLAMAV_PRIVATE 0.100.2
+ text_normalize_map@CLAMAV_PRIVATE 0.100.2
+ text_normalize_reset@CLAMAV_PRIVATE 0.100.2
+ uniq_add@CLAMAV_PRIVATE 0.100.2
+ uniq_free@CLAMAV_PRIVATE 0.100.2
+ uniq_get@CLAMAV_PRIVATE 0.100.2
+ uniq_init@CLAMAV_PRIVATE 0.100.2
diff -Nru clamav-0.100.1+dfsg/debian/rules clamav-0.100.2+dfsg/debian/rules
--- clamav-0.100.1+dfsg/debian/rules 2018-07-21 13:06:31.000000000 +0200
+++ clamav-0.100.2+dfsg/debian/rules 2018-10-12 23:43:38.000000000 +0200
@@ -96,7 +96,7 @@
fi;\
done; \
# Check if for library features whih may get upgrade.
- if ! grep -q "CL_FLEVEL 92" libclamav/others.h ; then \
+ if ! grep -q "CL_FLEVEL 93" libclamav/others.h ; then \
echo "cl_retflevel needs boosting in symbol file"; \
touch debian/exit; \
fi;
diff -Nru clamav-0.100.1+dfsg/etc/clamd.conf.sample
clamav-0.100.2+dfsg/etc/clamd.conf.sample
--- clamav-0.100.1+dfsg/etc/clamd.conf.sample 2018-06-27 21:12:10.000000000
+0200
+++ clamav-0.100.2+dfsg/etc/clamd.conf.sample 2018-09-19 21:29:07.000000000
+0200
@@ -672,6 +672,8 @@
# Toggles extra scanning and notifications when a file or directory is
# created or moved.
# Requires the DDD system to kick-off extra scans.
+# NOTE: This feature is disabled until a thread resource leak bug
+# in the OnAccessExtraScanning code can be resolved.
# (On-access scan only)
# Default: no
#OnAccessExtraScanning yes
diff -Nru clamav-0.100.1+dfsg/etc/freshclam.conf.sample
clamav-0.100.2+dfsg/etc/freshclam.conf.sample
--- clamav-0.100.1+dfsg/etc/freshclam.conf.sample 2018-06-27
21:12:10.000000000 +0200
+++ clamav-0.100.2+dfsg/etc/freshclam.conf.sample 2018-09-19
21:29:07.000000000 +0200
@@ -63,15 +63,10 @@
# Default: current.cvd.clamav.net
#DNSDatabaseInfo current.cvd.clamav.net
-# Uncomment the following line and replace XY with your country
-# code. See https://www.iana.org/domains/root/db for the full list.
-# You can use db.XY.ipv6.clamav.net for IPv6 connections.
-#DatabaseMirror db.XY.clamav.net
-
-# database.clamav.net is a round-robin record which points to our most
-# reliable mirrors. It's used as a fall back in case db.XY.clamav.net is
-# not working. DO NOT TOUCH the following line unless you know what you
-# are doing.
+# database.clamav.net is now the primary domain name to be used world-wide.
+# Now that CloudFlare is being used as our Content Delivery Network (CDN),
+# this one domain name works world-wide to direct freshclam to the closest
+# geographic endpoint.
DatabaseMirror database.clamav.net
# How many attempts to make before giving up.
diff -Nru clamav-0.100.1+dfsg/freshclam/manager.c
clamav-0.100.2+dfsg/freshclam/manager.c
--- clamav-0.100.1+dfsg/freshclam/manager.c 2018-06-27 21:12:10.000000000
+0200
+++ clamav-0.100.2+dfsg/freshclam/manager.c 2018-09-19 21:29:07.000000000
+0200
@@ -678,7 +678,17 @@
&& !strstr (buffer, "HTTP/1.1 206")
&& !strstr (buffer, "HTTP/1.0 206"))
{
- logg ("%cUnknown response from remote server\n", logerr ? '!' : '^');
+ char * respcode = NULL;
+ if ((NULL != (respcode = strstr (buffer, "HTTP/1.0 "))) ||
+ (NULL != (respcode = strstr (buffer, "HTTP/1.1 ")))) {
+ /* There was some sort of response code...*/
+ char * httpcode = calloc(MIN(FILEBUFF - (size_t)(respcode -
buffer), 13) + 1, 1);
+ memcpy(httpcode, respcode, MIN(FILEBUFF - (size_t)(respcode -
buffer), 13));
+ logg ("%cremote_cvdhead: Unknown response from %s (IP: %s): %s\n",
logerr ? '!' : '^', hostname, ipaddr, httpcode);
+ free (httpcode);
+ } else {
+ logg ("%cremote_cvdhead: Unknown response from %s (IP: %s)\n",
logerr ? '!' : '^', hostname, ipaddr);
+ }
mirman_update (mdat->currip, mdat->af, mdat, 1);
return NULL;
}
@@ -882,13 +892,28 @@
if (!strstr (buffer, "HTTP/1.1 200") && !strstr (buffer, "HTTP/1.0 200")
&& !strstr (buffer, "HTTP/1.1 206")
&& !strstr (buffer, "HTTP/1.0 206"))
- {
- if (proxy)
- logg ("%cgetfile: Unknown response from %s\n",
- logerr ? '!' : '^', hostname);
- else
- logg ("%cgetfile: Unknown response from %s (IP: %s)\n",
- logerr ? '!' : '^', hostname, ipaddr);
+ { char * respcode = NULL;
+ if ((NULL != (respcode = strstr (buffer, "HTTP/1.0 "))) ||
+ (NULL != (respcode = strstr (buffer, "HTTP/1.1 ")))) {
+ /* There was some sort of response code...*/
+ char * httpcode = calloc(MIN(FILEBUFF - (size_t)(respcode -
buffer), 13) + 1, 1);
+ memcpy(httpcode, respcode, MIN(FILEBUFF - (size_t)(respcode -
buffer), 13));
+ if (proxy)
+ logg ("%cgetfile: Unknown response from %s: %s\n",
+ logerr ? '!' : '^', hostname, httpcode);
+ else
+ logg ("%cgetfile: Unknown response from %s (IP: %s): %s\n",
+ logerr ? '!' : '^', hostname, ipaddr, httpcode);
+ free (httpcode);
+ }
+ else {
+ if (proxy)
+ logg ("%cgetfile: Unknown response from %s\n",
+ logerr ? '!' : '^', hostname);
+ else
+ logg ("%cgetfile: Unknown response from %s (IP: %s)\n",
+ logerr ? '!' : '^', hostname, ipaddr);
+ }
if (mdat)
mirman_update (mdat->currip, mdat->af, mdat, 1);
return FCE_FAILEDGET;
@@ -1116,10 +1141,17 @@
if (cvd->version < newver)
{
logg ("^Mirror %s is not synchronized.\n", ip);
- mirman_update (mdat->currip, mdat->af, mdat, 2);
- cl_cvdfree (cvd);
unlink (newfile);
- return FCE_MIRRORNOTSYNC;
+ if (cvd->version < newver - 1)
+ {
+ logg ("^Mirror is more than 1 version out of date. Recording
mirror failure.\n");
+ mirman_update (mdat->currip, mdat->af, mdat, FCE_MIRRORNOTSYNC);
+ cl_cvdfree (cvd);
+ return FCE_MIRRORNOTSYNC;
+ }
+
+ cl_cvdfree (cvd);
+ return FC_UPTODATE;
}
cl_cvdfree (cvd);
diff -Nru clamav-0.100.1+dfsg/freshclam/mirman.c
clamav-0.100.2+dfsg/freshclam/mirman.c
--- clamav-0.100.1+dfsg/freshclam/mirman.c 2018-06-27 21:12:10.000000000
+0200
+++ clamav-0.100.2+dfsg/freshclam/mirman.c 2018-09-19 21:29:07.000000000
+0200
@@ -50,8 +50,8 @@
#endif
#endif
-#define IGNORE_LONG 3 * 86400
-#define IGNORE_SHORT 6 * 3600
+#define IGNORE_SHORT (3600) /* 1 hour */
+#define IGNORE_LONG (6 * IGNORE_SHORT) /* 6 hours */
void
mirman_free (struct mirdat *mdat)
@@ -315,8 +315,28 @@
printf ("Successes: %u\n", mdat->mirtab[i].succ);
printf ("Failures: %u\n", mdat->mirtab[i].fail);
tm = mdat->mirtab[i].atime;
- printf ("Last access: %s", ctime ((const time_t *) &tm));
- printf ("Ignore: %s\n", mdat->mirtab[i].ignore ? "Yes" : "No");
+ printf("Last access: %s", ctime((const time_t *) &tm));
+ if (mdat->mirtab[i].ignore) {
+ time_t ignore_expires = tm + ((mdat->mirtab[i].ignore == 1) ?
IGNORE_LONG
+ :
IGNORE_SHORT);
+ double difference = difftime(ignore_expires, time(NULL));
+ if (difference > 0) {
+ uint32_t remaining = difference;
+ uint32_t seconds, minutes, hours;
+ seconds = remaining % 60;
+ remaining = remaining / 60;
+ minutes = remaining % 60;
+ remaining = remaining / 60;
+ hours = remaining % 60;
+
+ printf("Ignore: Yes, %d hours %d minutes %d seconds
remaining.\n",
+ hours, minutes, seconds);
+ } else {
+ printf("Ignore: No\n");
+ }
+ } else {
+ printf("Ignore: No\n");
+ }
if (i != mdat->num - 1)
printf ("-------------------------------------\n");
}
diff -Nru clamav-0.100.1+dfsg/libclamav/bytecode_api.h
clamav-0.100.2+dfsg/libclamav/bytecode_api.h
--- clamav-0.100.1+dfsg/libclamav/bytecode_api.h 2018-06-27
21:12:10.000000000 +0200
+++ clamav-0.100.2+dfsg/libclamav/bytecode_api.h 2018-09-19
21:29:07.000000000 +0200
@@ -115,6 +115,7 @@
FUNC_LEVEL_0100_0_BETA = 90, /**< LibClamAV beta release 0.100.0-beta */
FUNC_LEVEL_0100_0 = 91, /**< LibClamAV release 0.100.0, 0.100.0-rc */
FUNC_LEVEL_0100_1 = 92, /**< LibClamAV release 0.100.1 */
+ FUNC_LEVEL_0100_2 = 93, /**< LibClamAV release 0.100.2 */
FUNC_LEVEL_100 = 100 /*future release candidate*/
};
diff -Nru clamav-0.100.1+dfsg/libclamav/libmspack-0.5alpha/mspack/chmd.c
clamav-0.100.2+dfsg/libclamav/libmspack-0.5alpha/mspack/chmd.c
--- clamav-0.100.1+dfsg/libclamav/libmspack-0.5alpha/mspack/chmd.c
2018-06-27 21:12:10.000000000 +0200
+++ clamav-0.100.2+dfsg/libclamav/libmspack-0.5alpha/mspack/chmd.c
2018-09-19 21:29:07.000000000 +0200
@@ -1,5 +1,5 @@
/* This file is part of libmspack.
- * (C) 2003-2011 Stuart Caie.
+ * (C) 2003-2018 Stuart Caie.
*
* libmspack is free software; you can redistribute it and/or modify it under
* the terms of the GNU Lesser General Public License (LGPL) version 2.1
@@ -397,7 +397,7 @@
D(("first pmgl chunk is after last pmgl chunk"))
return MSPACK_ERR_DATAFORMAT;
}
- if (chm->index_root != 0xFFFFFFFF && chm->index_root > chm->num_chunks) {
+ if (chm->index_root != 0xFFFFFFFF && chm->index_root >= chm->num_chunks) {
D(("index_root outside valid range"))
return MSPACK_ERR_DATAFORMAT;
}
@@ -447,7 +447,10 @@
while (num_entries--) {
READ_ENCINT(name_len);
if (name_len > (unsigned int) (end - p)) goto chunk_end;
+ /* consider blank filenames to be an error */
+ if (name_len == 0) goto chunk_end;
name = p; p += name_len;
+
READ_ENCINT(section);
READ_ENCINT(offset);
READ_ENCINT(length);
@@ -622,11 +625,11 @@
unsigned char *buf;
/* check arguments - most are already checked by chmd_fast_find */
- if (chunk_num > chm->num_chunks) return NULL;
+ if (chunk_num >= chm->num_chunks) return NULL;
/* ensure chunk cache is available */
if (!chm->chunk_cache) {
- size_t size = sizeof(unsigned char *) * (chm->num_chunks + 1);
+ size_t size = sizeof(unsigned char *) * chm->num_chunks;
if (!(chm->chunk_cache = (unsigned char **) sys->alloc(sys, size))) {
self->error = MSPACK_ERR_NOMEMORY;
return NULL;
@@ -831,7 +834,7 @@
# endif
# define TOLOWER(x) tolower(x)
#else
-# define TOLOWER(x) (((x)<0||(x)>256)?(x):mspack_tolower_map[(x)])
+# define TOLOWER(x) (((x)<0||(x)>255)?(x):mspack_tolower_map[(x)])
/* Map of char -> lowercase char for the first 256 chars. Generated with:
* LC_CTYPE=en_GB.utf-8 perl -Mlocale -le 'print map{ord(lc chr).","} 0..255'
*/
diff -Nru clamav-0.100.1+dfsg/libclamav/libmspack-0.5alpha/mspack/kwajd.c
clamav-0.100.2+dfsg/libclamav/libmspack-0.5alpha/mspack/kwajd.c
--- clamav-0.100.1+dfsg/libclamav/libmspack-0.5alpha/mspack/kwajd.c
2018-06-27 21:12:10.000000000 +0200
+++ clamav-0.100.2+dfsg/libclamav/libmspack-0.5alpha/mspack/kwajd.c
2018-09-19 21:29:07.000000000 +0200
@@ -198,30 +198,36 @@
/* filename and extension */
if (hdr->headers & (MSKWAJ_HDR_HASFILENAME | MSKWAJ_HDR_HASFILEEXT)) {
- off_t pos = sys->tell(fh);
- char *fn = (char *) sys->alloc(sys, (size_t) 13);
-
+ int len;
/* allocate memory for maximum length filename */
- if (! fn) return MSPACK_ERR_NOMEMORY;
- hdr->filename = fn;
+ char *fn = (char *) sys->alloc(sys, (size_t) 13);
+ if (!(hdr->filename = fn)) return MSPACK_ERR_NOMEMORY;
/* copy filename if present */
if (hdr->headers & MSKWAJ_HDR_HASFILENAME) {
- if (sys->read(fh, &buf[0], 9) != 9) return MSPACK_ERR_READ;
- for (i = 0; i < 9; i++, fn++) if (!(*fn = buf[i])) break;
- pos += (i < 9) ? i+1 : 9;
- if (sys->seek(fh, pos, MSPACK_SYS_SEEK_START))
+ /* read and copy up to 9 bytes of a null terminated string */
+ if ((len = sys->read(fh, &buf[0], 9)) < 2) return MSPACK_ERR_READ;
+ for (i = 0; i < len; i++) if (!(*fn++ = buf[i])) break;
+ /* if string was 9 bytes with no null terminator, reject it */
+ if (i == 9 && buf[8] != '\0') return MSPACK_ERR_DATAFORMAT;
+ /* seek to byte after string ended in file */
+ if (sys->seek(fh, (off_t)(i + 1 - len), MSPACK_SYS_SEEK_CUR))
return MSPACK_ERR_SEEK;
+ fn--; /* remove the null terminator */
}
/* copy extension if present */
if (hdr->headers & MSKWAJ_HDR_HASFILEEXT) {
*fn++ = '.';
- if (sys->read(fh, &buf[0], 4) != 4) return MSPACK_ERR_READ;
- for (i = 0; i < 4; i++, fn++) if (!(*fn = buf[i])) break;
- pos += (i < 4) ? i+1 : 4;
- if (sys->seek(fh, pos, MSPACK_SYS_SEEK_START))
+ /* read and copy up to 4 bytes of a null terminated string */
+ if ((len = sys->read(fh, &buf[0], 4)) < 2) return MSPACK_ERR_READ;
+ for (i = 0; i < len; i++) if (!(*fn++ = buf[i])) break;
+ /* if string was 4 bytes with no null terminator, reject it */
+ if (i == 4 && buf[3] != '\0') return MSPACK_ERR_DATAFORMAT;
+ /* seek to byte after string ended in file */
+ if (sys->seek(fh, (off_t)(i + 1 - len), MSPACK_SYS_SEEK_CUR))
return MSPACK_ERR_SEEK;
+ fn--; /* remove the null terminator */
}
*fn = '\0';
}
diff -Nru clamav-0.100.1+dfsg/libclamav/mew.c
clamav-0.100.2+dfsg/libclamav/mew.c
--- clamav-0.100.1+dfsg/libclamav/mew.c 2018-06-27 21:12:10.000000000 +0200
+++ clamav-0.100.2+dfsg/libclamav/mew.c 2018-09-19 21:29:07.000000000 +0200
@@ -784,18 +784,59 @@
return 0;
}
-
+/**
+ * @brief Unpack MEW 11 packed PE file
+ *
+ * @param src buffer to unpack
+ * @param off offset of diff
+ * @param ssize pe section size
+ * @param dsize diff size
+ * @param base OPTIONAL_HEADER32.ImageBase
+ * @param vadd RVA of pe section
+ * @param uselzma Bool - use LZMA
+ * @param filedesc File descriptor
+ * @return int Returns -1 on failure, 1 on success.
+ */
int unmew11(char *src, uint32_t off, uint32_t ssize, uint32_t dsize, uint32_t
base, uint32_t vadd, int uselzma, int filedesc)
{
uint32_t entry_point, newedi, loc_ds=dsize, loc_ss=ssize;
- char *source = src + dsize + off;
- const char *lesi = source + 12;
+ char *source = NULL;
+ const char *lesi = NULL;
char *ledi;
const char *f1;
char *f2;
int i;
struct cli_exe_section *section = NULL;
- uint32_t vma = base + vadd, size_sum = ssize + dsize;
+ uint32_t vma = base + vadd;
+ uint32_t size_sum = ssize + dsize;
+
+ /* Guard against integer overflows */
+ if (base + vadd < base) {
+ cli_dbgmsg("MEW: base (%08x) + PE section RVA (%08x) exceeds max
size of unsigned int (%08x)\n",
+ base, vadd, UINT32_MAX);
+ return -1;
+ }
+ if (ssize + dsize < ssize) {
+ cli_dbgmsg("MEW: section size (%08x) + diff size (%08x) exceeds max
size of unsigned int (%08x)\n",
+ ssize, dsize, UINT32_MAX);
+ return -1;
+ }
+ if (((size_t)(src + off) < (size_t)(src)) ||
+ ((size_t)(src + off) < (size_t)(off)))
+ {
+ cli_dbgmsg("MEW: Buffer pointer (%08zx) + offset (%08zx) exceeds
max size of pointer (%08lx)\n",
+ (size_t)src, (size_t)off, SIZE_MAX);
+ return -1;
+ }
+
+ /* Ensure that off + required data exists within buffer */
+ if (!CLI_ISCONTAINED(src, size_sum, src + off, 12)) {
+ cli_dbgmsg("MEW: Data reference exceeds size of provided
buffer.\n");
+ return -1;
+ }
+
+ source = src + dsize + off;
+ lesi = source + 12;
entry_point = cli_readint32(source + 4);
newedi = cli_readint32(source + 8);
diff -Nru clamav-0.100.1+dfsg/libclamav/others.h
clamav-0.100.2+dfsg/libclamav/others.h
--- clamav-0.100.1+dfsg/libclamav/others.h 2018-06-27 21:12:10.000000000
+0200
+++ clamav-0.100.2+dfsg/libclamav/others.h 2018-09-19 21:29:07.000000000
+0200
@@ -72,7 +72,7 @@
* in re-enabling affected modules.
*/
-#define CL_FLEVEL 92
+#define CL_FLEVEL 93
#define CL_FLEVEL_DCONF CL_FLEVEL
#define CL_FLEVEL_SIGTOOL CL_FLEVEL
diff -Nru clamav-0.100.1+dfsg/libclamav/pdf.c
clamav-0.100.2+dfsg/libclamav/pdf.c
--- clamav-0.100.1+dfsg/libclamav/pdf.c 2018-06-27 21:12:10.000000000 +0200
+++ clamav-0.100.2+dfsg/libclamav/pdf.c 2018-09-19 21:29:07.000000000 +0200
@@ -1880,9 +1880,10 @@
return s0;
}
- if (*q == '<') {
+ if ((*q == '<') && (len >= 3)) {
start = ++q;
- q = memchr(q+1, '>', len);
+ len--;
+ q = memchr(q+1, '>', len-1);
if (!q)
return NULL;
diff -Nru clamav-0.100.1+dfsg/libclamav/pe.c clamav-0.100.2+dfsg/libclamav/pe.c
--- clamav-0.100.1+dfsg/libclamav/pe.c 2018-06-27 21:12:10.000000000 +0200
+++ clamav-0.100.2+dfsg/libclamav/pe.c 2018-09-19 21:29:07.000000000 +0200
@@ -47,6 +47,7 @@
#include <stdio.h>
#include <stdlib.h>
+#include <stdint.h>
#if HAVE_STRING_H
#include <string.h>
@@ -3899,7 +3900,10 @@
else
cli_dbgmsg("MEW: Win9x compatibility was NOT set!\n");
- if((offdiff = cli_readint32(tbuff+1) -
EC32(optional_hdr32.ImageBase)) <= exe_sections[i + 1].rva || offdiff >=
exe_sections[i + 1].rva + exe_sections[i + 1].raw - 4) {
+ offdiff = cli_readint32(tbuff+1) - EC32(optional_hdr32.ImageBase);
+ if ((offdiff <= exe_sections[i + 1].rva) ||
+ (offdiff >= exe_sections[i + 1].rva + exe_sections[i + 1].raw
- 4))
+ {
cli_dbgmsg("MEW: ESI is not in proper section\n");
break;
}
@@ -3914,6 +3918,18 @@
ssize = exe_sections[i + 1].vsz;
dsize = exe_sections[i].vsz;
+ /* Guard against integer overflow */
+ if ((ssize + dsize < ssize) || (ssize + dsize < dsize)) {
+ cli_dbgmsg("MEW: section size (%08x) + diff size (%08x)
exceeds max size of unsigned int (%08x)\n", ssize, dsize, UINT32_MAX);
+ break;
+ }
+
+ /* Verify that offdiff does not exceed the ssize + sdiff */
+ if (offdiff >= ssize + dsize) {
+ cli_dbgmsg("MEW: offdiff (%08x) exceeds section size + diff
size (%08x)\n", offdiff, ssize + dsize);
+ break;
+ }
+
cli_dbgmsg("MEW: ssize %08x dsize %08x offdiff: %08x\n", ssize,
dsize, offdiff);
CLI_UNPSIZELIMITS("MEW", MAX(ssize, dsize));
diff -Nru clamav-0.100.1+dfsg/libclamav/version.h
clamav-0.100.2+dfsg/libclamav/version.h
--- clamav-0.100.1+dfsg/libclamav/version.h 2018-06-27 21:12:32.000000000
+0200
+++ clamav-0.100.2+dfsg/libclamav/version.h 2018-09-19 21:29:34.000000000
+0200
@@ -1 +1 @@
-#define REPO_VERSION "devel-clamav-0.100.1-pre"
+#define REPO_VERSION "devel-clamav-0.100.1-pre-13-gf3ea1d7"
diff -Nru clamav-0.100.1+dfsg/m4/reorganization/version.m4
clamav-0.100.2+dfsg/m4/reorganization/version.m4
--- clamav-0.100.1+dfsg/m4/reorganization/version.m4 2018-06-27
21:12:10.000000000 +0200
+++ clamav-0.100.2+dfsg/m4/reorganization/version.m4 2018-09-19
21:29:07.000000000 +0200
@@ -1,6 +1,6 @@
dnl change this on a release
dnl VERSION="devel-`date +%Y%m%d`"
-VERSION="0.100.1"
+VERSION="0.100.2"
LC_CURRENT=8
LC_REVISION=1
diff -Nru clamav-0.100.1+dfsg/NEWS.md clamav-0.100.2+dfsg/NEWS.md
--- clamav-0.100.1+dfsg/NEWS.md 2018-06-27 21:12:10.000000000 +0200
+++ clamav-0.100.2+dfsg/NEWS.md 2018-09-19 21:29:07.000000000 +0200
@@ -3,6 +3,52 @@
Note: This file refers to the source tarball. Things described here may differ
slightly from the binary packages.
+## 0.100.2
+
+ClamAV 0.100.2 is a patch release to address a set of vulnerabilities.
+
+- Fixes for the following ClamAV vulnerabilities:
+ -
[CVE-2018-15378](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15378):
+ Vulnerability in ClamAV's MEW unpacking feature that could allow an
+ unauthenticated, remote attacker to cause a denial of service (DoS)
+ condition on an affected device.
+ Reported by Secunia Research at Flexera.
+ - Fix for a 2-byte buffer over-read bug in ClamAV's PDF parsing code.
+ Reported by Alex Gaynor.
+- Fixes for the following vulnerabilities in bundled third-party libraries:
+ -
[CVE-2018-14680](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14680):
+ An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It
+ does not reject blank CHM filenames.
+ -
[CVE-2018-14681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14681):
+ An issue was discovered in kwajd_read_headers in mspack/kwajd.c in
+ libmspack before 0.7alpha. Bad KWAJ file header extensions could cause
+ a one or two byte overwrite.
+ -
[CVE-2018-14682](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14682):
+ An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha.
+ There is an off-by-one error in the TOLOWER() macro for CHM decompression.
+ - Additionally, 0.100.2 reverted 0.100.1's patch for CVE-2018-14679, and
applied
+ libmspack's version of the fix in its place.
+- Other changes:
+ - Some users have reported freshclam signature update failures as a result of
+ a delay between the time the new signature database content is announced
and
+ the time that the content-delivery-network has the content available for
+ download. To mitigate these errors, this patch release includes some
+ modifications to freshclam to make it more lenient, and to reduce the time
+ that freshclam will ignore a mirror when it detects an issue.
+ - On-Access "Extra Scanning", an opt-in minor feature of OnAccess scanning on
+ Linux systems, has been disabled due to a known issue with resource
cleanup.
+ OnAccessExtraScanning will be re-enabled in a future release when the issue
+ is resolved. In the mean-time, users who enabled the feature in clamd.conf
+ will see a warning informing them that the feature is not active.
+ For details, see: https://bugzilla.clamav.net/show_bug.cgi?id=12048
+
+Thank you to the following ClamAV community members for your code submissions
+and bug reports!
+
+- Alex Gaynor
+- Hiroya Ito
+- Laurent Delosieres, Secunia Research at Flexera
+
## 0.100.1
ClamAV 0.100.1 is a hotfix release to patch a set of vulnerabilities.
@@ -20,6 +66,7 @@
- Buffer over-read in unRAR code due to missing max value checks in table
initialization. Reported by Rui Reis.
- Libmspack heap buffer over-read in CHM parser. Reported by Hanno Böck.
+ CVE ID: [CVE-2018-14679](https://nvd.nist.gov/vuln/detail/CVE-2018-14679)
- PDF parser bugs reported by Alex Gaynor.
- Buffer length checks when reading integers from non-NULL terminated
strings.
- Buffer length tracking when reading strings from dictionary objects.
@@ -56,6 +103,9 @@
in clamd, clamav-milter, and freshclam. Use of supplementary
is now in effect by default.
- Numerous bug fixes, typo corrections, and compiler warning fixes.
+- freshclam changed to return an exit code of 1 when the database is
+ up-to-date. This will be reverted in a future version and is not
+ currently documented in the freshclam.1 man page.
Additionally, we have introduced important changes and new features in
ClamAV 0.100, including but not limited to:
--- End Message ---
