subject:"Bug#1063621\: bookworm\-pu\: package clamav\/clamav

Bug#1063621: bookworm-pu: package clamav/clamav_1.0.5+dfsg-1~deb12u1

2024-03-08 Thread Sebastian Andrzej Siewior

On 2024-03-08 07:38:10 [+], Adam D. Barratt wrote:
> On Fri, 2024-02-09 at 23:12 +0100, Sebastian Andrzej Siewior wrote:
> > This is an update to the latest clamav release in the 1.0.x series. 
> 
> One small thing you may want to fix for any follow-up updates:
> 
> +clamav (1.0.5+dfsg-1~deb12u1) bookworm; urgency=medium
> +
> +  * Import 1.0.4 (Closes: #1063479).

Indeed, thank you.

> Regards,
> 
> Adam

Sebastian

Bug#1063621: bookworm-pu: package clamav/clamav_1.0.5+dfsg-1~deb12u1

2024-03-07 Thread Adam D. Barratt

On Fri, 2024-02-09 at 23:12 +0100, Sebastian Andrzej Siewior wrote:
> This is an update to the latest clamav release in the 1.0.x series. 

One small thing you may want to fix for any follow-up updates:

+clamav (1.0.5+dfsg-1~deb12u1) bookworm; urgency=medium
+
+  * Import 1.0.4 (Closes: #1063479).

Regards,

Adam

Bug#1063621: bookworm-pu: package clamav/clamav_1.0.5+dfsg-1~deb12u1

2024-03-03 Thread Sebastian Andrzej Siewior

On 2024-02-09 23:12:18 [+0100], To sub...@bugs.debian.org wrote:
> Package: release.debian.org
> Control: affects -1 + src:clamav
> X-Debbugs-Cc: cla...@packages.debian.org
> User: release.debian@packages.debian.org
> Usertags: pu
> Tags: bookworm
> Severity: normal
> 
> This is an update to the latest clamav release in the 1.0.x series. This
> update closes two CVEs:
> 
> - CVE-2024-20290: Fixed a possible heap overflow read bug in the OLE2 file
>   parser that could cause a denial-of-service (DoS) condition.
> 
> - CVE-2024-20328: Fixed a possible command injection vulnerability in the
>   "VirusEvent" feature of ClamAV's ClamD service.
> 
>   To fix this issue, we disabled the '%f' format string parameter.  ClamD
>   administrators may continue to use the `CLAM_VIRUSEVENT_FILENAME`  
> environment
>   variable, instead of '%f'. But you should do so only from within  an
>   executable, such as a Python script, and not directly in the clamd.conf
>   "VirusEvent" command.

A friendly ping.

Sebastian

Bug#1063621: bookworm-pu: package clamav/clamav_1.0.5+dfsg-1~deb12u1

2024-02-09 Thread Sebastian Andrzej Siewior

Package: release.debian.org
Control: affects -1 + src:clamav
X-Debbugs-Cc: cla...@packages.debian.org
User: release.debian@packages.debian.org
Usertags: pu
Tags: bookworm
Severity: normal

This is an update to the latest clamav release in the 1.0.x series. This
update closes two CVEs:

- CVE-2024-20290: Fixed a possible heap overflow read bug in the OLE2 file
  parser that could cause a denial-of-service (DoS) condition.

- CVE-2024-20328: Fixed a possible command injection vulnerability in the
  "VirusEvent" feature of ClamAV's ClamD service.

  To fix this issue, we disabled the '%f' format string parameter.  ClamD
  administrators may continue to use the `CLAM_VIRUSEVENT_FILENAME`  environment
  variable, instead of '%f'. But you should do so only from within  an
  executable, such as a Python script, and not directly in the clamd.conf
  "VirusEvent" command.

Announcement by upstream:
https://blog.clamav.net/2023/11/clamav-130-122-105-released.html

The previous 1.0.4 release was in unstable since 2024-01-20 and migrated
to testing on 2024-01-22. The 1.0.5 release is in unstable since
2024-02-08 and I have reports of issues so far.

The attached debdiff is against the current version in Bookworm and has
the libclamav_rust/.cargo/ folder omitted. Otherwise the diff grows to
over 100MiB.

Sebastian
diff --git a/.github/workflows/cmake.yml b/.github/workflows/cmake.yml
index 6208c93..422e291 100644
--- a/.github/workflows/cmake.yml
+++ b/.github/workflows/cmake.yml
@@ -24,6 +24,10 @@ name: CMake Build
 runs-on: windows-2019
 
 steps:
+  - name: Die, link!
+run: rm /usr/bin/link.exe
+shell: bash
+
   - uses: actions/checkout@v1
 
   - name: Install Build Tools
diff --git a/CMakeLists.txt b/CMakeLists.txt
index cfeeb49..b2c6533 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -22,7 +22,7 @@ string(TIMESTAMP TODAY "%Y%m%d")
 set(VERSION_SUFFIX "")
 
 project( ClamAV
- VERSION "1.0.3"
+ VERSION "1.0.5"
  DESCRIPTION "ClamAV open source email, web, and end-point anti-virus toolkit." )
 
 set(CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/cmake" ${CMAKE_MODULE_PATH})
@@ -676,13 +676,13 @@ check_type_size("ssize_t" SIZEOF_SSIZE_T)
 if(SIZEOF_SSIZE_T STREQUAL "")
 # ssize_t is a signed type in POSIX storing at least -1.
 # Set it to "int" to match the behavior of AC_TYPE_SSIZE_T (autotools).
-set(ssize_t int)
+set(SSIZE_T_DEF "typedef int ssize_t;")
 endif()
 check_type_size("off_t" SIZEOF_OFF_T)
 if(SIZEOF_OFF_T STREQUAL "")
 # off_t is a signed type in POSIX no narrower than int.
 # Set it to "long int" to match the behavior of AC_TYPE_OFF_T (autotools).
-set(off_t long int)
+set(OFF_T_DEF "typedef long int off_t;")
 endif()
 
 check_type_size("int" SIZEOF_INT)
diff --git a/Cargo.lock b/Cargo.lock
index e06ab2a..05e6643 100755
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -8,26 +8,6 @@ version = "1.0.2"
 source = "registry+https://github.com/rust-lang/crates.io-index;
 checksum = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe"
 
-[[package]]
-name = "ansi_term"
-version = "0.12.1"
-source = "registry+https://github.com/rust-lang/crates.io-index;
-checksum = "d52a9bb7ec0cf484c551830a7ce27bd20d67eac647e1befb56b0be4ee39a55d2"
-dependencies = [
- "winapi",
-]
-
-[[package]]
-name = "atty"
-version = "0.2.14"
-source = "registry+https://github.com/rust-lang/crates.io-index;
-checksum = "d9b39be18770d11421cdb1b9947a45dd3f37e93092cbf377614828a319d5fee8"
-dependencies = [
- "hermit-abi 0.1.19",
- "libc",
- "winapi",
-]
-
 [[package]]
 name = "autocfg"
 version = "1.1.0"
@@ -102,7 +82,6 @@ version = "0.20.0"
 source = "registry+https://github.com/rust-lang/crates.io-index;
 checksum = "51e3973b165dc0f435831a9e426de67e894de532754ff7a3f307c03ee5dec7dc"
 dependencies = [
- "clap",
  "heck",
  "indexmap",
  "log",
@@ -115,6 +94,15 @@ dependencies = [
  "toml",
 ]
 
+[[package]]
+name = "cc"
+version = "1.0.83"
+source = "registry+https://github.com/rust-lang/crates.io-index;
+checksum = "f1174fb0b6ec23863f8b971027804a42614e347eafb0a95bf0b12cdae21fc4d0"
+dependencies = [
+ "libc",
+]
+
 [[package]]
 name = "cexpr"
 version = "0.6.0"
@@ -160,21 +148,6 @@ dependencies = [
  "libloading",
 ]
 
-[[package]]
-name = "clap"
-version = "2.34.0"
-source = "registry+https://github.com/rust-lang/crates.io-index;
-checksum = "a0610544180c38b88101fecf2dd634b174a62eef6946f84dfc6a7127512b381c"
-dependencies = [
- "ansi_term",
- "atty",
- "bitflags",
- "strsim",
- "textwrap",
- "unicode-width",
- "vec_map",
-]
-
 [[package]]
 name = "color_quant"
 version = "1.1.0"
@@ -201,9 +174,9 @@ dependencies = [
 
 [[package]]
 name = "crossbeam-channel"
-version = "0.5.6"
+version = "0.5.8"
 source = "registry+https://github.com/rust-lang/crates.io-index;
-checksum = "c2dd04ddaf88237dc3b8d8f9a3c1004b506b54b3313403944054d23c0870c521"
+checksum = "a33c2bf77f2df06183c3aa30d1e96c0695a313d4f9c453cc3762a6db39f99200"
 dependencies = [

Bug#1063621: bookworm-pu: package clamav/clamav_1.0.5+dfsg-1~deb12u1

Bug#1063621: bookworm-pu: package clamav/clamav_1.0.5+dfsg-1~deb12u1

Bug#1063621: bookworm-pu: package clamav/clamav_1.0.5+dfsg-1~deb12u1

Bug#1063621: bookworm-pu: package clamav/clamav_1.0.5+dfsg-1~deb12u1

4 matches

Site Navigation

Mail list logo

Footer information