Bug#1050638: bullseye-pu: package clamav/0.103.9+dfsg-0+deb11u1

2023-09-09 Thread Sebastian Andrzej Siewior 
On 2023-08-27 13:20:09 [+0200], To sub...@bugs.debian.org wrote:
> Package: release.debian.org
> Control: affects -1 + src:clamav
> User: release.debian@packages.debian.org
> Usertags: pu
> Tags: bullseye
> Severity: normal

This is a quick update that I updated to 0.103.10+dfsg-0+deb11u1 as of
today. The diff mostly a version update.

The main reason for 1.0.3 was the unrar update and I updated so clamav
does not complain about the lower version.

It would be nice if this could be made available via d/updates.

Sebastian
diff -Nru clamav-0.103.9+dfsg/CMakeLists.txt clamav-0.103.10+dfsg/CMakeLists.txt
--- clamav-0.103.9+dfsg/CMakeLists.txt	2023-08-16 08:21:10.0 +0200
+++ clamav-0.103.10+dfsg/CMakeLists.txt	2023-08-28 09:15:02.0 +0200
@@ -15,7 +15,7 @@
 set(VERSION_SUFFIX "")
 
 project( ClamAV
- VERSION "0.103.9"
+ VERSION "0.103.10"
  DESCRIPTION "ClamAV open source email, web, and end-point anti-virus toolkit." )
 
 set(CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/cmake" ${CMAKE_MODULE_PATH})
diff -Nru clamav-0.103.9+dfsg/configure clamav-0.103.10+dfsg/configure
--- clamav-0.103.9+dfsg/configure	2023-08-16 08:21:37.0 +0200
+++ clamav-0.103.10+dfsg/configure	2023-08-28 09:15:31.0 +0200
@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for ClamAV 0.103.9.
+# Generated by GNU Autoconf 2.69 for ClamAV 0.103.10.
 #
 # Report bugs to .
 #
@@ -592,8 +592,8 @@
 # Identity of this package.
 PACKAGE_NAME='ClamAV'
 PACKAGE_TARNAME='clamav'
-PACKAGE_VERSION='0.103.9'
-PACKAGE_STRING='ClamAV 0.103.9'
+PACKAGE_VERSION='0.103.10'
+PACKAGE_STRING='ClamAV 0.103.10'
 PACKAGE_BUGREPORT='https://github.com/Cisco-Talos/clamav/issues'
 PACKAGE_URL='https://www.clamav.net/'
 
@@ -1606,7 +1606,7 @@
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures ClamAV 0.103.9 to adapt to many kinds of systems.
+\`configure' configures ClamAV 0.103.10 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1687,7 +1687,7 @@
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
- short | recursive ) echo "Configuration of ClamAV 0.103.9:";;
+ short | recursive ) echo "Configuration of ClamAV 0.103.10:";;
esac
   cat <<\_ACEOF
   --enable-dependency-tracking
@@ -1922,7 +1922,7 @@
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-ClamAV configure 0.103.9
+ClamAV configure 0.103.10
 generated by GNU Autoconf 2.69
 
 Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2550,7 +2550,7 @@
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by ClamAV $as_me 0.103.9, which was
+It was created by ClamAV $as_me 0.103.10, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   $ $0 $@
@@ -4308,7 +4308,7 @@
 
 # Define the identity of the package.
  PACKAGE='clamav'
- VERSION='0.103.9'
+ VERSION='0.103.10'
 
 
 # Some tools Automake needs.
@@ -6036,7 +6036,7 @@
 $as_echo "#define PACKAGE PACKAGE_NAME" >>confdefs.h
 
 
-VERSION="0.103.9"
+VERSION="0.103.10"
 
 major=`echo $PACKAGE_VERSION |cut -d. -f1 | sed -e "s/^0-9//g"`
 minor=`echo $PACKAGE_VERSION |cut -d. -f2 | sed -e "s/^0-9//g"`
@@ -31896,7 +31896,7 @@
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by ClamAV $as_me 0.103.9, which was
+This file was extended by ClamAV $as_me 0.103.10, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   CONFIG_FILES= $CONFIG_FILES
@@ -31963,7 +31963,7 @@
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/&/g'`"
 ac_cs_version="\\
-ClamAV config.status 0.103.9
+ClamAV config.status 0.103.10
 configured by $0, generated by GNU Autoconf 2.69,
   with options \\"\$ac_cs_config\\"
 
@@ -34813,7 +34813,7 @@
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by ClamAV $as_me 0.103.9, which was
+This file was extended by ClamAV $as_me 0.103.10, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   CONFIG_FILES= $CONFIG_FILES
@@ -34880,7 +34880,7 @@
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/&/g'`"
 ac_cs_version="\\
-ClamAV config.status 0.103.9
+ClamAV config.status 0.103.10
 configured by $0, generated by GNU Autoconf 2.69,
   with options \\"\$ac_cs_config\\"
 
diff -Nru clamav-0.103.9+dfsg/configure.ac clamav-0.103.10+dfsg/configure.ac
--- clamav-0.103.9+dfsg/configure.ac

Bug#1050638: bullseye-pu: package clamav/0.103.9+dfsg-0+deb11u1

2023-09-08 Thread Sebastian Andrzej Siewior 
On 2023-09-04 21:18:35 [+0200], To Adam D. Barratt wrote:
> > The next point release for both bullseye and bookworm is in a month.
> > Were you looking to have the clamav updates published via -updates
> > before that point?
> 
> I almost started preparing 0.103.10 I think it will be easier to go with
> that one instead…

So I managed to prepare the libclamunrar bits. The clamav diff 9 .. 10
is only the update update of the unrar bits (same for Bookworm version).
Regardless of this zero diff of the clamav bits I'm going to prepare a
new version anyway because I *think* people will complain because will
point out the outdated version…
However not today but tomorrow is also a day…
 
> > Regards,
> > 
> > Adam

Sebastian

Bug#1050638: bullseye-pu: package clamav/0.103.9+dfsg-0+deb11u1

2023-09-04 Thread Sebastian Andrzej Siewior 
On 2023-09-04 19:52:23 [+0100], Adam D. Barratt wrote:
> On Sun, 2023-08-27 at 13:20 +0200, Sebastian Andrzej Siewior wrote:
> > This is a stable update from clamav upstream in the 0.103.x series.
> > It fixes the following CVE
> > - CVE-2023-20197 (Possible DoS in HFS+ file parser).
> > 
> 
> The next point release for both bullseye and bookworm is in a month.
> Were you looking to have the clamav updates published via -updates
> before that point?

I almost started preparing 0.103.10 I think it will be easier to go with
that one instead…

> Regards,
> 
> Adam

Sebastian

Bug#1050638: bullseye-pu: package clamav/0.103.9+dfsg-0+deb11u1

2023-09-04 Thread Adam D. Barratt 
On Sun, 2023-08-27 at 13:20 +0200, Sebastian Andrzej Siewior wrote:
> This is a stable update from clamav upstream in the 0.103.x series.
> It fixes the following CVE
> - CVE-2023-20197 (Possible DoS in HFS+ file parser).
> 

The next point release for both bullseye and bookworm is in a month.
Were you looking to have the clamav updates published via -updates
before that point?

Regards,

Adam

Bug#1050638: bullseye-pu: package clamav/0.103.9+dfsg-0+deb11u1

2023-08-27 Thread Sebastian Andrzej Siewior 
Package: release.debian.org
Control: affects -1 + src:clamav
User: release.debian@packages.debian.org
Usertags: pu
Tags: bullseye
Severity: normal

This is a stable update from clamav upstream in the 0.103.x series.
It fixes the following CVE
- CVE-2023-20197 (Possible DoS in HFS+ file parser).

I excluded the docs update from the attached diff. The resulting diff
ist mostly the mentioned CVE plus compiler warnings.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

Sebastian
diff -Nru clamav-0.103.8+dfsg/clamonacc/clamonacc.c clamav-0.103.9+dfsg/clamonacc/clamonacc.c
--- clamav-0.103.8+dfsg/clamonacc/clamonacc.c	2023-02-13 01:03:33.0 +0100
+++ clamav-0.103.9+dfsg/clamonacc/clamonacc.c	2023-08-16 08:21:10.0 +0200
@@ -61,7 +61,7 @@
 pthread_t ddd_pid= 0;
 pthread_t scan_queue_pid = 0;
 
-static void onas_handle_signals();
+static void onas_handle_signals(void);
 static int startup_checks(struct onas_context *ctx);
 static struct onas_context *g_ctx = NULL;
 
diff -Nru clamav-0.103.8+dfsg/clamonacc/client/socket.h clamav-0.103.9+dfsg/clamonacc/client/socket.h
--- clamav-0.103.8+dfsg/clamonacc/client/socket.h	2023-02-13 01:03:33.0 +0100
+++ clamav-0.103.9+dfsg/clamonacc/client/socket.h	2023-08-16 08:21:10.0 +0200
@@ -31,4 +31,4 @@
 };
 
 cl_error_t onas_set_sock_only_once(struct onas_context *ctx);
-int onas_get_sockd();
+int onas_get_sockd(void);
diff -Nru clamav-0.103.8+dfsg/clamonacc/c-thread-pool/thpool.c clamav-0.103.9+dfsg/clamonacc/c-thread-pool/thpool.c
--- clamav-0.103.8+dfsg/clamonacc/c-thread-pool/thpool.c	2023-02-13 01:03:33.0 +0100
+++ clamav-0.103.9+dfsg/clamonacc/c-thread-pool/thpool.c	2023-08-16 08:21:10.0 +0200
@@ -8,7 +8,7 @@
  *
  /
 
-#define _POSIX_C_SOURCE 200809L
+#define _GNU_SOURCE
 #include 
 #include 
 #include 
diff -Nru clamav-0.103.8+dfsg/clamonacc/inotif/hash.c clamav-0.103.9+dfsg/clamonacc/inotif/hash.c
--- clamav-0.103.8+dfsg/clamonacc/inotif/hash.c	2023-02-13 01:03:33.0 +0100
+++ clamav-0.103.9+dfsg/clamonacc/inotif/hash.c	2023-08-16 08:21:10.0 +0200
@@ -58,7 +58,7 @@
 
 #if defined(HAVE_SYS_FANOTIFY_H)
 
-static struct onas_bucket *onas_bucket_init();
+static struct onas_bucket *onas_bucket_init(void);
 static void onas_free_bucket(struct onas_bucket *bckt);
 static int onas_bucket_insert(struct onas_bucket *bckt, struct onas_element *elem);
 static int onas_bucket_remove(struct onas_bucket *bckt, struct onas_element *elem);
diff -Nru clamav-0.103.8+dfsg/clamonacc/inotif/inotif.c clamav-0.103.9+dfsg/clamonacc/inotif/inotif.c
--- clamav-0.103.8+dfsg/clamonacc/inotif/inotif.c	2023-02-13 01:03:33.0 +0100
+++ clamav-0.103.9+dfsg/clamonacc/inotif/inotif.c	2023-08-16 08:21:10.0 +0200
@@ -66,7 +66,7 @@
 
 static int onas_ddd_init_ht(uint32_t ht_size);
 static int onas_ddd_init_wdlt(uint64_t nwatches);
-static int onas_ddd_grow_wdlt();
+static int onas_ddd_grow_wdlt(void);
 
 static int onas_ddd_watch(const char *pathname, int fan_fd, uint64_t fan_mask, int in_fd, uint64_t in_mask);
 static int onas_ddd_watch_hierarchy(const char *pathname, size_t len, int fd, uint64_t mask, uint32_t type);
diff -Nru clamav-0.103.8+dfsg/clamonacc/scan/onas_queue.c clamav-0.103.9+dfsg/clamonacc/scan/onas_queue.c
--- clamav-0.103.8+dfsg/clamonacc/scan/onas_queue.c	2023-02-13 01:03:33.0 +0100
+++ clamav-0.103.9+dfsg/clamonacc/scan/onas_queue.c	2023-08-16 08:21:10.0 +0200
@@ -82,7 +82,7 @@
 return CL_SUCCESS;
 }
 
-static void *onas_init_event_queue()
+static void *onas_init_event_queue(void)
 {
 
 if (CL_EMEM == onas_new_event_queue_node(_onas_event_queue_head)) {
@@ -122,7 +122,7 @@
 return;
 }
 
-static void onas_destroy_event_queue()
+static void onas_destroy_event_queue(void)
 {
 
 if (NULL == g_onas_event_queue_head) {
@@ -200,7 +200,7 @@
 pthread_cleanup_pop(1);
 }
 
-static int onas_queue_is_b_empty()
+static int onas_queue_is_b_empty(void)
 {
 
 if (g_onas_event_queue.head->next == g_onas_event_queue.tail) {
diff -Nru clamav-0.103.8+dfsg/CMakeLists.txt clamav-0.103.9+dfsg/CMakeLists.txt
--- clamav-0.103.8+dfsg/CMakeLists.txt	2023-02-13 01:03:33.0 +0100
+++ clamav-0.103.9+dfsg/CMakeLists.txt	2023-08-16 08:21:10.0 +0200
@@ -15,7 +15,7 @@
 set(VERSION_SUFFIX "")
 
 project( ClamAV
- VERSION "0.103.8"
+ VERSION "0.103.9"
  DESCRIPTION "ClamAV open source email, web, and end-point anti-virus toolkit." )
 
 set(CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/cmake" ${CMAKE_MODULE_PATH})
diff -Nru clamav-0.103.8+dfsg/configure clamav-0.103.9+dfsg/configure
--- clamav-0.103.8+dfsg/configure	2023-02-13 01:03:59.0 +0100
+++ clamav-0.103.9+dfsg/configure	2023-08-16 08:21:37.0 +0200
@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess