Update to 0.99.3

Security fixes CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377
  CVE-2017-12378 CVE-2017-12379 CVE-2017-12380 (bug #1539030)
Drop clamav-notify-servers and it's dependency on ncat (bug #1530678)

586a5180287262070637c8943f2f7efd652e4a2c.patch

@@ -1,37 +0,0 @@
-From 586a5180287262070637c8943f2f7efd652e4a2c Mon Sep 17 00:00:00 2001
-From: Steven Morgan <stevmorg@cisco.com>
-Date: Thu, 2 Mar 2017 14:41:20 -0500
-Subject: [PATCH] bb11797 - fix invalid read in fuzzed mail file.
-
----
- libclamav/message.c | 10 +++++++---
- 1 file changed, 7 insertions(+), 3 deletions(-)
-
-diff --git a/libclamav/message.c b/libclamav/message.c
-index b5cf0ddc7..36bbf417d 100644
---- a/libclamav/message.c
-+++ b/libclamav/message.c
-@@ -445,8 +445,12 @@ messageAddArgument(message *m, const char *arg)
- 			 * FIXME: Bounce message handling is corrupting the in
- 			 * core copies of headers
- 			 */
--			cli_dbgmsg("Possible data corruption fixed\n");
--			p[8] = '=';
-+                        if (strlen(p) > 8) {
-+                            cli_dbgmsg("Possible data corruption fixed\n");
-+                            p[8] = '=';
-+                        } else {
-+                            cli_dbgmsg("Possible data corruption not fixed\n");
-+                        }
- 		} else {
- 			if(*p)
- 				cli_dbgmsg("messageAddArgument, '%s' contains no '='\n", p);
-@@ -682,7 +686,7 @@ messageFindArgument(const message *m, const char *variable)
- 				cli_dbgmsg("messageFindArgument: no '=' sign found in MIME header '%s' (%s)\n", variable, messageGetArgument(m, i));
- 				return NULL;
- 			}
--			if((*++ptr == '"') && (strchr(&ptr[1], '"') != NULL)) {
-+			if((strlen(ptr) > 2) && (*++ptr == '"') && (strchr(&ptr[1], '"') != NULL)) {
- 				/* Remove any quote characters */
- 				char *ret = cli_strdup(++ptr);
- 				char *p;

60671e3deb1df6c626e5c7e13752c2eec1649f98.patch

@@ -1,44 +0,0 @@
-From 60671e3deb1df6c626e5c7e13752c2eec1649f98 Mon Sep 17 00:00:00 2001
-From: Steven Morgan <stevmorg@cisco.com>
-Date: Wed, 8 Mar 2017 08:58:28 -0500
-Subject: [PATCH] bb11798 - fix unit tests.
-
----
- libclamav/wwunpack.c      | 9 +++------
- unit_tests/check_jsnorm.c | 2 +-
- 2 files changed, 4 insertions(+), 7 deletions(-)
-
-diff --git a/libclamav/wwunpack.c b/libclamav/wwunpack.c
-index 38c18081c..a13550e8f 100644
---- a/libclamav/wwunpack.c
-+++ b/libclamav/wwunpack.c
-@@ -226,13 +226,10 @@ int wwunpack(uint8_t *exe, uint32_t exesz, uint8_t *wwsect, struct cli_exe_secti
- 	return CL_EFORMAT;
-     exe[pe+6]=(uint8_t)scount;
-     exe[pe+7]=(uint8_t)(scount>>8);
--    if (!CLI_ISCONTAINED(wwsect, sects[scount].rsz, wwsect+0x295, 4) ||
--        !CLI_ISCONTAINED(wwsect, sects[scount].rsz, wwsect+0x295+sects[scount].rva, 4) ||
--        !CLI_ISCONTAINED(wwsect, sects[scount].rsz, wwsect+0x295+sects[scount].rva+0x299, 4)) {
-+    if (!CLI_ISCONTAINED(wwsect, sects[scount].rsz, wwsect+0x295, 4))
-         cli_dbgmsg("WWPack: unpack memory address out of bounds.\n");
--        return CL_EFORMAT;
--    }
--    cli_writeint32(&exe[pe+0x28], cli_readint32(wwsect+0x295)+sects[scount].rva+0x299);
-+    else
-+        cli_writeint32(&exe[pe+0x28], cli_readint32(wwsect+0x295)+sects[scount].rva+0x299);
-     cli_writeint32(&exe[pe+0x50], cli_readint32(&exe[pe+0x50])-sects[scount].vsz);
- 
-     structs = &exe[(0xffff&cli_readint32(&exe[pe+0x14]))+pe+0x18];
-diff --git a/unit_tests/check_jsnorm.c b/unit_tests/check_jsnorm.c
-index 7515a0c18..9587ea469 100644
---- a/unit_tests/check_jsnorm.c
-+++ b/unit_tests/check_jsnorm.c
-@@ -145,7 +145,7 @@ END_TEST
- 
- START_TEST (test_token_dval)
- {
--	int val = 0.12345;
-+	double val = 0.12345;
- 	yystype tok;
- 	memset(&tok, 0, sizeof(tok));
- 

clamav-notify-servers

@@ -1,93 +0,0 @@
-#! /bin/bash
-
-# Copyright (C) 2004,2012 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de>
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; version 2 and/or 3 of the License.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-
-# Usage:  clamav-notify-servers
-
-CFGFILE=/etc/sysconfig/clamav-servers
-OP=nc
-NC=nc
-TIMEOUT_TERM=30
-TIMEOUT_KILL=60
-
-K_OPT=1
-LANG=C timeout --help | grep -q -- '--kill-after' || unset K_OPT
-
-get_sockets() {
-    (
-	cd /etc/clamd.d
-	for i in *.conf; do
-	    test -f "$i" || continue
-	    test -r "$i" || continue
-
-	    base=${i%%.conf}
-	    S=/var/run/clamd.$base/clamd.sock
-	    test -S "$S" || continue
-	    test -w "$S" || continue
-
-	    echo "$S"
-	done
-    )
-}
-
-op_nc() {
-    cd /var/run
-    for i in ${CLAMD_SOCKETS}; do
-	case $i in
-	  (/*)
-		test -S "$i" || { 
-		  echo "socket '$i' does not exist" >&2
-		  continue
-		}
-		CMD=( $NC -U $i )
-		;;
-
-	  (ip4:*)
-		addr=${i##ip4:}
-		CMD=( $NC -4 ${addr%%:*} ${addr##*:} )
-		;;
-
-	  (ip6:*)
-		addr=${i##ip6:}
-		CMD=( $NC -6 ${addr%%:*} ${addr##*:} )
-		;;
-	  (*)
-		echo "unsupported socket name '$i'" >&2
-		continue
-	esac
-	printf 'zRELOAD\0' |  timeout ${K_OPT:+-k $TIMEOUT_KILL} $TIMEOUT_TERM "${CMD[@]}" | { read resp
-	case $resp in
-	  (RELOADING)
-		;;
-	  (*)
-		echo "clamd server '$i' gave '$resp' response" >&2
-		let ++fail
-		;;
-	esac
-	}
-    done
-    cd - &>/dev/null
-}
-
-
-CLAMD_SOCKETS=`get_sockets`
-f=$CFGFILE
-test ! -e "$f" || . "$f"
-
-fail=0
-op_$OP "$@"
-
-exit $fail

clamav.spec

@@ -2,7 +2,7 @@
 
 ## Fedora Extras specific customization below...
 %bcond_without  fedora
-%if 0%{?fedora} > 22 || 0%{?rhel} > 6
+%if 0%{?fedora} || 0%{?rhel} > 6
 %bcond_without  systemd
 %bcond_without  tmpfiles
 %bcond_with     sysv
@@ -69,8 +69,8 @@ Requires(postun):    /bin/systemctl\
 
 Summary:    End-user tools for the Clam Antivirus scanner
 Name:       clamav
-Version:    0.99.2
-Release:    18%{?dist}
+Version:    0.99.3
+Release:    1%{?dist}
 License:    %{?with_unrar:proprietary}%{!?with_unrar:GPLv2}
 Group:      Applications/File
 URL:        http://www.clamav.net
@@ -89,12 +89,12 @@ Source2:    clamd.sysconfig
 Source3:    clamd.logrotate
 Source5:    clamd-README
 Source7:    clamd.SERVICE.init
-Source8:    clamav-notify-servers
 # To download the *.cvd, go to http://www.clamav.net and use the links
 # there (I renamed the files to add the -version suffix for verifying).
-# I used file *.cvd  to see the version
+# Check the first line of the file for version, file is not working
+# see https://bugzilla.redhat.com/show_bug.cgi?id=1539107
 Source10:   http://db.local.clamav.net/main-58.cvd
-Source11:   http://db.local.clamav.net/daily-2420.cvd
+Source11:   http://db.local.clamav.net/daily-24253.cvd
 Source12:   http://db.local.clamav.net/bytecode-319.cvd
 #for devel
 Source100:  clamd-gen
@@ -125,11 +125,7 @@ Patch27:    clamav-0.98-umask.patch
 # https://llvm.org/viewvc/llvm-project/llvm/trunk/lib/ExecutionEngine/JIT/Intercept.cpp?r1=128086&r2=137567
 Patch30:    llvm-glibc.patch
 Patch31:    clamav-0.99.1-setsebool.patch
-Patch32:    fa15aa98c7d5e1d8fc22e818ebd089f2e53ebe1d.diff
 Patch33:    clamav-0.99.2-temp-cleanup.patch
-Patch34:    dfc00cd3301a42b571454b51a6102eecf58407bc.patch
-Patch35:    60671e3deb1df6c626e5c7e13752c2eec1649f98.patch
-Patch36:    586a5180287262070637c8943f2f7efd652e4a2c.patch
 
 
 
@@ -460,11 +456,7 @@ The systemd initscripts for clamav-scanner.
 %apply -n27 -p1 -b .umask
 %apply -n30 -p1
 %apply -n31 -p1 -b .setsebool
-%apply -n32 -p1 -b .openssl_1.1.0
 %apply -n33 -p1 -b .temp-cleanup
-%apply -n34 -p1 -b .CVE-2017-6420
-%apply -n35 -p1 -b .CVE-2017-6420
-%apply -n36 -p1 -b .CVE-2017-6418
 %{?apply_end}
 
 install -p -m0644 %SOURCE300 clamav-milter/
@@ -592,7 +584,6 @@ install -D -p -m 0644 %SOURCE530        $RPM_BUILD_ROOT%_unitdir/clamd@.service
 
 ## prepare the update-files
 install -D -m 0644 -p %SOURCE203    $RPM_BUILD_ROOT%_sysconfdir/logrotate.d/clamav-update
-install -D -m 0755 -p %SOURCE8      $RPM_BUILD_ROOT%_sbindir/clamav-notify-servers
 touch $RPM_BUILD_ROOT%freshclamlog
 
 install -D -p -m 0755 %SOURCE200    $RPM_BUILD_ROOT%pkgdatadir/freshclam-sleep
@@ -859,12 +850,9 @@ test "$1" != "0" || /sbin/initctl -q stop clamav-milter || :
 
 %files server
 %doc _doc_server/*
-%_mandir/man[58]/clamd*
-%_sbindir/*
-
-%exclude %_sbindir/*milter*
-%exclude %_mandir/man8/clamav-milter*
-
+%_mandir/man5/clamd.conf.5*
+%_mandir/man8/clamd.8*
+%_sbindir/clamd
 
 %if %{with sysv}
 %files server-sysvinit
@@ -942,6 +930,12 @@ test "$1" != "0" || /sbin/initctl -q stop clamav-milter || :
 
 
 %changelog
+* Fri Jan 26 2018 Orion Poplawski <orion@nwra.com> - 0.99.3-1
+- Update to 0.99.3
+- Security fixes CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377
+  CVE-2017-12378 CVE-2017-12379 CVE-2017-12380 (bug #1539030)
+- Drop clamav-notify-servers and it's dependency on ncat (bug #1530678)
+
 * Wed Jan 17 2018 Sérgio Basto <sergio@serjux.com> - 0.99.2-18
 - Fix type of clamd@ service
 - Fix packages name of Obsoletes directives

dfc00cd3301a42b571454b51a6102eecf58407bc.patch

@@ -1,27 +0,0 @@
-From dfc00cd3301a42b571454b51a6102eecf58407bc Mon Sep 17 00:00:00 2001
-From: Steven Morgan <stevmorg@cisco.com>
-Date: Fri, 3 Mar 2017 13:56:28 -0500
-Subject: [PATCH] bb19798 - fix out of bound memory access for crafted wwunpack
- file.
-
----
- libclamav/wwunpack.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/libclamav/wwunpack.c b/libclamav/wwunpack.c
-index 8611cb604..38c18081c 100644
---- a/libclamav/wwunpack.c
-+++ b/libclamav/wwunpack.c
-@@ -226,6 +226,12 @@ int wwunpack(uint8_t *exe, uint32_t exesz, uint8_t *wwsect, struct cli_exe_secti
- 	return CL_EFORMAT;
-     exe[pe+6]=(uint8_t)scount;
-     exe[pe+7]=(uint8_t)(scount>>8);
-+    if (!CLI_ISCONTAINED(wwsect, sects[scount].rsz, wwsect+0x295, 4) ||
-+        !CLI_ISCONTAINED(wwsect, sects[scount].rsz, wwsect+0x295+sects[scount].rva, 4) ||
-+        !CLI_ISCONTAINED(wwsect, sects[scount].rsz, wwsect+0x295+sects[scount].rva+0x299, 4)) {
-+        cli_dbgmsg("WWPack: unpack memory address out of bounds.\n");
-+        return CL_EFORMAT;
-+    }
-     cli_writeint32(&exe[pe+0x28], cli_readint32(wwsect+0x295)+sects[scount].rva+0x299);
-     cli_writeint32(&exe[pe+0x50], cli_readint32(&exe[pe+0x50])-sects[scount].vsz);
- 

fa15aa98c7d5e1d8fc22e818ebd089f2e53ebe1d.diff

@@ -1,74 +0,0 @@
-diff --git a/libclamav/crypto.c b/libclamav/crypto.c
-index c62c65a6b..4be900f38 100644
---- a/libclamav/crypto.c
-+++ b/libclamav/crypto.c
-@@ -1096,7 +1096,6 @@ X509_CRL *cl_load_crl(const char *file)
- {
-     X509_CRL *x=NULL;
-     FILE *fp;
--    struct tm *tm;
- 
-     if (!(file))
-         return NULL;
-@@ -1110,21 +1109,13 @@ X509_CRL *cl_load_crl(const char *file)
-     fclose(fp);
- 
-     if ((x)) {
--        tm = cl_ASN1_GetTimeT(x->crl->nextUpdate);
--        if (!(tm)) {
--            X509_CRL_free(x);
--            return NULL;
--        }
--
--#if !defined(_WIN32)
--        if (timegm(tm) < time(NULL)) {
--            X509_CRL_free(x);
--            free(tm);
--            return NULL;
--        }
--#endif
-+	ASN1_TIME *tme;
- 
--        free(tm);
-+	tme = X509_CRL_get_nextUpdate(x);
-+	if (!tme || X509_cmp_current_time(tme) < 0) {
-+		X509_CRL_free(x);
-+		return NULL;
-+	}
-     }
- 
-     return x;
-diff --git a/m4/reorganization/libs/openssl.m4 b/m4/reorganization/libs/openssl.m4
-index 78e2c2343..45ee02df9 100644
---- a/m4/reorganization/libs/openssl.m4
-+++ b/m4/reorganization/libs/openssl.m4
-@@ -26,12 +26,13 @@ save_LDFLAGS="$LDFLAGS"
- save_CFLAGS="$CFLAGS"
- save_LIBS="$LIBS"
- 
--SSL_LIBS="-lssl -lcrypto -lz"
-+SSL_LIBS="$LIBS -lssl -lcrypto -lz"
-+LIBS="$LIBS $SSL_LIBS"
- 
- if test "$LIBSSL_HOME" != "/usr"; then
-     SSL_LDFLAGS="-L$LIBSSL_HOME/lib"
-     SSL_CPPFLAGS="-I$LIBSSL_HOME/include"
--    LDFLAGS="-L$LIBSSL_HOME/lib $SSL_LIBS"
-+    LDFLAGS="-L$LIBSSL_HOME/lib"
-     CFLAGS="$SSL_CPPFLAGS"
- else
-     SSL_LDFLAGS=""
-@@ -41,7 +42,12 @@ fi
- have_ssl="no"
- have_crypto="no"
- 
--AC_CHECK_LIB([ssl], [SSL_library_init], [have_ssl="yes"], [AC_MSG_ERROR([Your OpenSSL installation is misconfigured or missing])], [-lcrypto -lz])
-+AC_LINK_IFELSE(
-+	       [AC_LANG_PROGRAM([[#include <openssl/ssl.h>]],
-+				[[SSL_library_init();]])],
-+	       [have_ssl="yes";],
-+	       [AC_MSG_ERROR([Your OpenSSL installation is misconfigured or missing])])
-+
- 
- AC_CHECK_LIB([crypto], [EVP_EncryptInit], [have_crypto="yes"], [AC_MSG_ERROR([Your OpenSSL installation is misconfigured or missing])], [-lcrypto -lz])
- 

freshclam-sleep

@@ -49,9 +49,4 @@ WARNING: update of clamav database is disabled; please see
 	;;
 esac
 
-
-/usr/bin/freshclam --quiet && {
-    test -x /usr/sbin/clamav-notify-servers &&  \
-	exec /usr/sbin/clamav-notify-servers || \
-	:
-}
+/usr/bin/freshclam --quiet

sources

@@ -1,4 +1,4 @@
-SHA512 (clamav-0.99.2-norar.tar.xz) = 5ee6f0761bc9f6a922383874a0bb7791ffaea7526cd04fcab602f39914a00f4749126b82d9af649db6c09b89222b968e59b2b5da7e959b9a5aa691308f79ad67
+SHA512 (clamav-0.99.3-norar.tar.xz) = d80b20c982d35eecd2719af325bc774a5a5fe63a97f3d855c74919f6cfac6fe3f12c51479e49d96031ae0e9a3dedcf446dd22426cceba22ec4b641e9ea1f250a
 SHA512 (bytecode-319.cvd) = 1b2785fde078e0dae5a4b8a5161a0da55b26b010deda9fd9dc5edb7113d46d6eb45f644c16b4cb3882e7192d0b389d7b1826fbb718377aa40e1bac3485829acc
-SHA512 (daily-2420.cvd) = e1b3153bd365411e17c8e14cc013a0dc50c5d0c2bc5a843c3389930e175a7274a1665cd9d2362285f51255edba084277f4113312fabea06fad4d950cb0a628a9
+SHA512 (daily-24253.cvd) = cef70a86f7989ec330c0479f6070e735181168c0331e981cfcd8d9a5aebdd6be42d772167c701f6f33219a4b41aced806e70c156e9a2a060c30ba55e73743fcd
 SHA512 (main-58.cvd) = 71309a7ea26f0fbfe329252c728173c895b107b7ea2e0bd613b12475db1d0270a496d707c4d80c842bf8b6f21680e86edfa7fa3b8aea075e93d67c91d696603a