From 417910be2c80bd9acda2dd8c527590aa036cf2c5 Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Thu, 17 Aug 2023 22:04:29 -0600 Subject: [PATCH] Update to 1.0.2 CVE-2023-20197 (bz#2232508) --- clamav-rustflags.patch | 23 ++++++++++------------- clamav.spec | 25 ++++++++++++++----------- sources | 4 ++-- update_clamav.sh | 2 +- 4 files changed, 27 insertions(+), 27 deletions(-) diff --git a/clamav-rustflags.patch b/clamav-rustflags.patch index e25b028..1f7281e 100644 --- a/clamav-rustflags.patch +++ b/clamav-rustflags.patch @@ -1,7 +1,6 @@ -diff --git a/cmake/FindRust.cmake b/cmake/FindRust.cmake -index c9997486c..2b04adeb9 100644 ---- a/cmake/FindRust.cmake -+++ b/cmake/FindRust.cmake +diff -up clamav-1.0.2/cmake/FindRust.cmake.rustflags clamav-1.0.2/cmake/FindRust.cmake +--- clamav-1.0.2/cmake/FindRust.cmake.rustflags 2023-08-15 16:24:07.000000000 -0600 ++++ clamav-1.0.2/cmake/FindRust.cmake 2023-08-17 21:17:03.957070383 -0600 @@ -236,7 +236,7 @@ function(add_rust_executable) # Build the executable. add_custom_command( @@ -11,20 +10,18 @@ index c9997486c..2b04adeb9 100644 WORKING_DIRECTORY "${ARGS_SOURCE_DIRECTORY}" DEPENDS ${EXE_SOURCES} COMMENT "Building ${ARGS_TARGET} in ${ARGS_BINARY_DIRECTORY} with:\n\t ${cargo_EXECUTABLE} ${MY_CARGO_ARGS_STRING}") -@@ -287,17 +287,17 @@ function(add_rust_library) +@@ -287,8 +287,8 @@ function(add_rust_library) if("${CMAKE_OSX_ARCHITECTURES}" MATCHES "^(arm64;x86_64|x86_64;arm64)$") add_custom_command( OUTPUT "${OUTPUT}" - COMMAND ${CMAKE_COMMAND} -E env "CARGO_CMD=build" "CARGO_TARGET_DIR=${ARGS_BINARY_DIRECTORY}" "MAINTAINER_MODE=${MAINTAINER_MODE}" "RUSTFLAGS=\"${RUSTFLAGS}\"" ${cargo_EXECUTABLE} ARGS ${MY_CARGO_ARGS} --target=x86_64-apple-darwin - COMMAND ${CMAKE_COMMAND} -E env "CARGO_CMD=build" "CARGO_TARGET_DIR=${ARGS_BINARY_DIRECTORY}" "MAINTAINER_MODE=${MAINTAINER_MODE}" "RUSTFLAGS=\"${RUSTFLAGS}\"" ${cargo_EXECUTABLE} ARGS ${MY_CARGO_ARGS} --target=aarch64-apple-darwin -+ COMMAND ${CMAKE_COMMAND} -E env "CARGO_CMD=build" "CARGO_TARGET_DIR=${ARGS_BINARY_DIRECTORY}" "MAINTAINER_MODE=${MAINTAINER_MODE}" "RUSTFLAGS=${RUSTFLAGS}" ${cargo_EXECUTABLE} ${MY_CARGO_ARGS} --target=x86_64-apple-darwin -+ COMMAND ${CMAKE_COMMAND} -E env "CARGO_CMD=build" "CARGO_TARGET_DIR=${ARGS_BINARY_DIRECTORY}" "MAINTAINER_MODE=${MAINTAINER_MODE}" "RUSTFLAGS=${RUSTFLAGS}" ${cargo_EXECUTABLE} ${MY_CARGO_ARGS} --target=aarch64-apple-darwin ++ COMMAND ${CMAKE_COMMAND} -E env "CARGO_CMD=build" "CARGO_TARGET_DIR=${ARGS_BINARY_DIRECTORY}" "MAINTAINER_MODE=${MAINTAINER_MODE}" "RUSTFLAGS=${RUSTFLAGS}" ${cargo_EXECUTABLE} ARGS ${MY_CARGO_ARGS} --target=x86_64-apple-darwin ++ COMMAND ${CMAKE_COMMAND} -E env "CARGO_CMD=build" "CARGO_TARGET_DIR=${ARGS_BINARY_DIRECTORY}" "MAINTAINER_MODE=${MAINTAINER_MODE}" "RUSTFLAGS=${RUSTFLAGS}" ${cargo_EXECUTABLE} ARGS ${MY_CARGO_ARGS} --target=aarch64-apple-darwin COMMAND ${CMAKE_COMMAND} -E make_directory "${ARGS_BINARY_DIRECTORY}/${RUST_COMPILER_TARGET}/${CARGO_BUILD_TYPE}" -- COMMAND lipo ARGS -create ${ARGS_BINARY_DIRECTORY}/x86_64-apple-darwin/${CARGO_BUILD_TYPE}/lib${ARGS_TARGET}.a ${ARGS_BINARY_DIRECTORY}/aarch64-apple-darwin/${CARGO_BUILD_TYPE}/lib${ARGS_TARGET}.a -output "${OUTPUT}" -+ COMMAND lipo -create ${ARGS_BINARY_DIRECTORY}/x86_64-apple-darwin/${CARGO_BUILD_TYPE}/lib${ARGS_TARGET}.a ${ARGS_BINARY_DIRECTORY}/aarch64-apple-darwin/${CARGO_BUILD_TYPE}/lib${ARGS_TARGET}.a -output "${OUTPUT}" + COMMAND lipo ARGS -create ${ARGS_BINARY_DIRECTORY}/x86_64-apple-darwin/${CARGO_BUILD_TYPE}/lib${ARGS_TARGET}.a ${ARGS_BINARY_DIRECTORY}/aarch64-apple-darwin/${CARGO_BUILD_TYPE}/lib${ARGS_TARGET}.a -output "${OUTPUT}" WORKING_DIRECTORY "${ARGS_SOURCE_DIRECTORY}" - DEPENDS ${LIB_SOURCES} - COMMENT "Building ${ARGS_TARGET} in ${ARGS_BINARY_DIRECTORY} with: ${cargo_EXECUTABLE} ${MY_CARGO_ARGS_STRING}") +@@ -312,7 +312,7 @@ function(add_rust_library) else() add_custom_command( OUTPUT "${OUTPUT}" @@ -33,7 +30,7 @@ index c9997486c..2b04adeb9 100644 WORKING_DIRECTORY "${ARGS_SOURCE_DIRECTORY}" DEPENDS ${LIB_SOURCES} COMMENT "Building ${ARGS_TARGET} in ${ARGS_BINARY_DIRECTORY} with: ${cargo_EXECUTABLE} ${MY_CARGO_ARGS_STRING}") -@@ -443,8 +443,6 @@ if(NOT "${RUST_COMPILER_TARGET}" MATCHES "^universal-apple-darwin$") +@@ -465,8 +465,6 @@ if(NOT "${RUST_COMPILER_TARGET}" MATCHES list(APPEND CARGO_ARGS "--target" ${RUST_COMPILER_TARGET}) endif() @@ -42,7 +39,7 @@ index c9997486c..2b04adeb9 100644 if(NOT CMAKE_BUILD_TYPE) set(CARGO_BUILD_TYPE "debug") elseif(${CMAKE_BUILD_TYPE} STREQUAL "Release" OR ${CMAKE_BUILD_TYPE} STREQUAL "MinSizeRel") -@@ -453,10 +451,11 @@ elseif(${CMAKE_BUILD_TYPE} STREQUAL "Release" OR ${CMAKE_BUILD_TYPE} STREQUAL "M +@@ -475,10 +473,11 @@ elseif(${CMAKE_BUILD_TYPE} STREQUAL "Rel elseif(${CMAKE_BUILD_TYPE} STREQUAL "RelWithDebInfo") set(CARGO_BUILD_TYPE "release") list(APPEND CARGO_ARGS "--release") diff --git a/clamav.spec b/clamav.spec index a6e6009..079fd5b 100644 --- a/clamav.spec +++ b/clamav.spec @@ -25,8 +25,8 @@ Summary: End-user tools for the Clam Antivirus scanner Name: clamav -Version: 1.0.1 -Release: 5%{?dist} +Version: 1.0.2 +Release: 1%{?dist} License: %{?with_unrar:proprietary}%{!?with_unrar:GPLv2} URL: https://www.clamav.net/ %if %{with unrar} @@ -50,7 +50,7 @@ Source5: clamd-README #http://database.clamav.net/main.cvd Source10: main-62.cvd #http://database.clamav.net/daily.cvd -Source11: daily-26825.cvd +Source11: daily-26894.cvd #http://database.clamav.net/bytecode.cvd Source12: bytecode-334.cvd #for update @@ -250,20 +250,20 @@ This package contains files which are needed to run the clamav-milter. %prep %setup -q -n %{name}-%{version}%{?prerelease} -sed -i -e 's/cbindgen = "0.20"/cbindgen = "0.24"/' libclamav_rust/Cargo.toml +sed -i -e 's/cbindgen = "0.20"/cbindgen = "0.24"/' -e '/^bindgen *=/s/= .*/= "0.63"/' libclamav_rust/Cargo.toml %cargo_prep cd libclamav_rust rm -r .cargo %cargo_prep cd .. -%patch0 -p1 -b .rustflags -%patch1 -p1 -b .default_confs -%patch2 -p1 -b .private -%patch3 -p1 -b .rpath -%patch5 -p1 -b .clamonacc-service -%patch6 -p1 -b .freshclam-service -%patch7 -p1 -b .big-endian +%patch -P0 -p1 -b .rustflags +%patch -P1 -p1 -b .default_confs +%patch -P2 -p1 -b .private +%patch -P3 -p1 -b .rpath +%patch -P5 -p1 -b .clamonacc-service +%patch -P6 -p1 -b .freshclam-service +%patch -P7 -p1 -b .big-endian install -p -m0644 %{SOURCE300} clamav-milter/ @@ -568,6 +568,9 @@ exit 0 %changelog +* Fri Aug 18 2023 Orion Poplawski - 1.0.2-1 +- Update to 1.0.2 CVE-2023-20197 (bz#2232508) + * Wed Jul 19 2023 Fedora Release Engineering - 1.0.1-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild diff --git a/sources b/sources index 7873f19..c8583de 100644 --- a/sources +++ b/sources @@ -1,4 +1,4 @@ -SHA512 (clamav-1.0.1-norar.tar.xz) = 676ca18c79449a93169653c52793a0beac81238110750f89506542eecb99db6e1a07274f74651a001f169204d2972bbdc721a5a14af08e2601d9ee937282c7ce +SHA512 (clamav-1.0.2-norar.tar.xz) = a97cf85db5abd1d29b6fd6c795660d832e220b4784f30c436d276306742591ea0752120ebe76dfdf3746f629284ffd9c357f613f9af531bbf28d834dad8e0370 SHA512 (main-62.cvd) = b52e5d9ecacbd9b11c3b0cc460388746fccb353a7520522ed15ee25f645a432bed5be7e6b38512f134f085eb9be76a1e26c19de8b09491d4ec46da8c5afc318e -SHA512 (daily-26825.cvd) = eccca2dfc2d92daa3b75080ad593b0d60ae3b2dff3e7446f349e733eb6969d0f90c19db7fbbc6029d51c52262bf90b19ca81e97b710497da608269db28d2992a +SHA512 (daily-26894.cvd) = 947f4172f2c9eaa13f29487e966e7d4793f861c0f135290589d2ca8ede5a9724146ef50eced817d2eda722a8bb0d01bd8c303a448678a0a894ca92b7535f8245 SHA512 (bytecode-334.cvd) = 83478af4e097b4b3fe136c943d3dd018f3e678c6859873dc1aef527db40a018b77439be2113ac251dfb797074ef8c201336570c3fe03c7ac507d5b94ab6d61c9 diff --git a/update_clamav.sh b/update_clamav.sh index 465c1d1..3507e2f 100755 --- a/update_clamav.sh +++ b/update_clamav.sh @@ -1,4 +1,4 @@ -VERSION=1.0.1 +VERSION=1.0.2 REPOS="n" if [ -z "$1" ]