- updated to 0.88.5 (SECURITY); fixes CVE-2006-4182, CVE-2006-5295

- added patch to set '__attribute__ ((visibility("hidden")))' for exported MD5_*() functions (fixes #202043)
2006-10-18 07:22:18 +00:00 · 2006-10-18 07:22:18 +00:00 · 953d4e4dc1
commit 953d4e4dc1
parent d5918e8314
3 changed files with 41 additions and 5 deletions
--- a/clamav-0.88.4-visibility.patch
+++ b/clamav-0.88.4-visibility.patch
@ -0,0 +1,29 @@
+--- clamav-0.88.4/libclamav/md5.c.visibility	2005-06-23 22:03:12.000000000 +0200
+++ clamav-0.88.4/libclamav/md5.c	2006-08-11 08:19:02.000000000 +0200
+@@ -176,7 +176,7 @@ static void *body(MD5_CTX *ctx, void *da
+ 	return ptr;
+ }
+ 
+-void MD5_Init(MD5_CTX *ctx)
+void  __attribute__ ((__visibility__("hidden"))) MD5_Init(MD5_CTX *ctx)
+ {
+ 	ctx->a = 0x67452301;
+ 	ctx->b = 0xefcdab89;
+@@ -187,7 +187,7 @@ void MD5_Init(MD5_CTX *ctx)
+ 	ctx->hi = 0;
+ }
+ 
+-void MD5_Update(MD5_CTX *ctx, void *data, unsigned long size)
+void __attribute__ ((__visibility__("hidden"))) MD5_Update(MD5_CTX *ctx, void *data, unsigned long size)
+ {
+ 	MD5_u32plus saved_lo;
+ 	unsigned long used, free;
+@@ -221,7 +221,7 @@ void MD5_Update(MD5_CTX *ctx, void *data
+ 	memcpy(ctx->buffer, data, size);
+ }
+ 
+-void MD5_Final(unsigned char *result, MD5_CTX *ctx)
+void __attribute__ ((__visibility__("hidden"))) MD5_Final(unsigned char *result, MD5_CTX *ctx)
+ {
+ 	unsigned long used, free;
+ 
--- a/clamav.spec
+++ b/clamav.spec
@ -1,4 +1,4 @@
-## $Id: clamav.spec,v 1.41 2006/09/21 18:27:43 ensc Exp $
+## $Id: clamav.spec,v 1.42 2006/10/04 22:32:25 c4chris Exp $

 ## Fedora Extras specific customization below...
 %bcond_without       fedora
@ -18,8 +18,8 @@

 Summary:	End-user tools for the Clam Antivirus scanner
 Name:		clamav
-Version:	0.88.4
-Release: %release_func 4
+Version:	0.88.5
+Release: %release_func 1

 License:	GPL
 Group:		Applications/File
@ -38,6 +38,7 @@ Patch1:		clamav-0.88.1-strncpy.patch
 Patch20:	clamav-0.70-user.patch
 Patch21:	clamav-0.70-path.patch
 Patch22:	clamav-0.80-initoff.patch
+Patch23:	clamav-0.88.4-visibility.patch
 BuildRoot:	%_tmppath/%name-%version-%release-root
 Requires:	clamav-lib = %version-%release
 Requires:	data(clamav)
@ -185,6 +186,7 @@ The SysV initscripts for clamav-milter.
 %patch20 -p1 -b .user
 %patch21 -p1 -b .path
 %patch22 -p1 -b .initoff
+%patch23 -p1 -b .visibility

 perl -pi -e 's!^(#?LogFile ).*!\1/var/log/clamd.<SERVICE>!g;
 	     s!^#?(LocalSocket ).*!\1/var/run/clamd.<SERVICE>/clamd.sock!g;
@ -446,6 +448,11 @@ test "$1"  = 0 || %_initrddir/clamav-milter condrestart >/dev/null || :


 %changelog
+* Wed Oct 18 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.88.5-1
+- updated to 0.88.5 (SECURITY); fixes CVE-2006-4182, CVE-2006-5295
+- added patch to set '__attribute__ ((visibility("hidden")))' for
+  exported MD5_*() functions (fixes #202043)
+
 * Thu Oct 05 2006 Christian Iseli <Christian.Iseli@licr.org> 0.88.4-4
 - rebuilt for unwind info generation, broken in gcc-4.1.1-21

--- a/4
+++ b/4
@ -1,2 +1,2 @@
-7759784aa4506b314e6543e0f2a8587b  clamav-0.88.4.tar.gz
-450d59c0a663b5986cda1105b85ae673  clamav-0.88.4.tar.gz.sig
+d62376205647b208eba4191dde821830  clamav-0.88.5.tar.gz
+5daea1b5d8ab49257dea3ccc5dacaf35  clamav-0.88.5.tar.gz.sig