rpms/clamav
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

- updated to 0.96.1

Browse Source 
- rediffed patches
- reverted parts of last commit
This commit is contained in:
ensc 2010-06-01 19:22:07 +00:00
parent 423a6569e4
commit dc6c42aed9
14 changed files with 424 additions and 81 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.cvsignore
View File

@ -1 +1 @@
clamav-0.96-norar.tar.xz
clamav-0.96.1-norar.tar.xz

279
ChangeLog-rpm.old Normal file
View File

@ -0,0 +1,279 @@
* Tue Dec 12 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.88.7-1
- updated to 0.88.7
* Sun Nov 5 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.88.6-1
- updated to 0.88.6
* Wed Oct 18 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.88.5-1
- updated to 0.88.5 (SECURITY); fixes CVE-2006-4182, CVE-2006-5295
- added patch to set '__attribute__ ((visibility("hidden")))' for
exported MD5_*() functions (fixes #202043)
* Thu Oct 05 2006 Christian Iseli <Christian.Iseli@licr.org> 0.88.4-4
- rebuilt for unwind info generation, broken in gcc-4.1.1-21
* Thu Sep 21 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.88.4-3
- splitted SysV initscripts of -milter and -server into own subpackages
* Fri Sep 15 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.88.4-2
- rebuilt
* Tue Aug 8 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.88.4-1
- updated to 0.88.4 (SECURITY)
* Wed Jul 12 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de>
- removed the clamdscan(1) manpage from the -server subpackage
* Sat Jul 8 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de>
- removed a superfluous '}'
- removed some code which was relevant for FC-3 only
* Sat Jul 8 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.88.3-1
- updated to 0.88.3
- updated to new fedora-usermgmt macros
* Tue May 16 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.88.2-2
- cleanups: removed unneeded curlies, use plain command instead of
%%__XXX macro, whitespace cleanup, removed unneeded versioned
dependencies
- added a 'Requires(post): group(clamav)' dependencies for -update and
added the corresponding Provides: to -data
- removed the %%_without_milter conditional; you won't gain anything
when milter would be disabled at buildtime
* Sun Apr 30 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.88.2-1
- updated to 0.88.2 (SECURITY)
- rediffed patches; most issues handled by 0.88.1-2 are fixed in
0.88.2
* Mon Apr 24 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.88.1-2
- added patch which fixes some classes of compiler warnings; at least
the using of implicitly declared functions was reported to cause
segfaults on AMD64 (brought to my attention by Marc Perkel)
- added patch which fixes wrong usage of strncpy(3) in unrarlib.c
* Thu Apr 06 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.88.1-1
- updated to 0.88.1 (SECURITY)
* Sat Feb 18 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.88-2
- rebuilt for FC5
* Tue Jan 10 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.88-1
- updated to 0.88
- added pseudo-versions for the 'init(...)' provides as a first step
for the support of alternative initmethods
* Tue Nov 15 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.87.1-2
- moved 'freshclam.conf.5' man page into the -update subpackage (#173221)
- ship 'clamd.conf.5' man page in the -server subpackage *too*. The
same file is contained in multiple packages now, but this man-page
can not be removed from the base package because it also applies to
'clamdscan' there (#173221).
* Fri Nov 4 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.87.1-1
- updated to 0.87.1
* Sat Sep 17 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.87-1
- updated to 0.87 (SECURITY)
- removed -timeout patch; it is solved upstream
- reverted the -exim changes; they add yet more complexity, their
functionality can go into an own package and they contained flaws
* Fri Sep 9 2005 David Woodhouse <dwmw2@infradead.org> - 0.86.2-5
- Add clamav-exim configuration package
* Fri Jul 29 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.86.2-4
- [milter] create the milter-logfile in the %%post scriptlet
- [milter] reverted the change of the default child_timeout value; it
was set to 5 minutes in 0.86.2 which conflicts with the internal
mode where a timeout must not be set. So, the clamav-milter would
not run with the default configuration
* Thu Jul 28 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.86.2-3
- Fixed calculation of sleep duration; on some systems/IPs, `hostid`
results in a negative number which is retained by the bash
modulo-operation. So the sleep may get a negative number of seconds
being interpreted as an option. This version makes sure that the
module-operations returns a non-negative value. [BZ #164494, James
Wilkinson]
- added support for a /usr/sbin/clamav-notify-servers.local hook; this
file will be executed (source'd) before all other actions and can
abort the entire processing by invoking 'exit'
* Mon Jul 25 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.86.2-2
- updated to 0.86.2 (SECURITY)
- changed the freshclam updating mechanism (again); now, it consists
of a crontab which does not need to be changed and a helper script
(freshclam-sleep). This helper script is configured by
/etc/sysconfig/freshclam
* Sat Jun 25 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.86.1-2
- updated to 0.86.1
- fixed randomization in %%post scriptlet: hour should be a range but
not a single number
* Tue Jun 21 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.86-1
- updated to 0.86
- randomize freshclam startup times in -update's %%post script (suggested
by Stephen Smoogen); this requires some more Requires(post): also
* Wed May 18 2005 Warren Togami <wtogami@redhat.com> - 0.85.1-4
- fix dist tagging the way Enrico wants it
* Tue May 17 2005 Oliver Falk <oliver@linux-kernel.at> - 0.85.1-2
- Rebuild
* Tue May 17 2005 Oliver Falk <oliver@linux-kernel.at> - 0.85.1-1
- Update
* Sat May 14 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.85-0
- updated to 0.85
* Sun May 1 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.84-0
- updated to 0.84
* Fri Apr 7 2005 Michael Schwendt <mschwendt[AT]users.sf.net>
- rebuilt
* Tue Feb 15 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.83-1
- updated to 0.83
* Tue Feb 8 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.82-1
- updated to 0.82
- minor spec cleanups
* Fri Jan 28 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.81-0.fdr.2
- build the package with '--disable-zlib-vcheck' because RH is unable to
apply a fix for a 5 month old and solved security issue. Please fill
your comments at https://bugzilla.redhat.com/beta/show_bug.cgi?id=131385
- added 'BuildRequires: bc' (should work without also, but ./configure
gives out ugly warnings else)
* Fri Jan 28 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.81-0.fdr.1
- updated to 0.81
- do not ship the 'clamd.milter' daemon anymore; clamav-milter supports
an internal mode now which is enabled by default
- updated -milter %%description
* Thu Jan 20 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.80-0.fdr.2
- s!cron.d/clamav!cron.d/clamav-update! in the %%description of the -update
subpackage (https://bugzilla.fedora.us/show_bug.cgi?id=1715#c39)
* Wed Nov 3 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.80-0.fdr.1
- updated to 0.80
- removed DMS, FreeBSD-HOWTO and localized docs as it is not shipped anymore
- buildrequire 'curl-devel'
- renamed clamav.conf to clamd.conf (upstream change)
- updated -initoff patch
* Tue Sep 14 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.75.1-0.fdr.1
- updated to 0.75.1
- use %%configure, the problems with the architecture specification
seem to have passed (probably because of an autoconf update)
- set mode 0600 for the cron-script (required by vixie-cron)
- made the cronjob a spambot and send mail about deactivated freshclam
service to nearly everybody... (root, postmaster, webmaster)
- other fixes in the notification cronjob
* Fri Jul 23 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.75-0.fdr.1
- updated to 0.75
* Thu Jul 15 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.74-0.fdr.2
- moved /usr/bin/clamav-config from main into -devel
* Wed Jun 30 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.74-0.fdr.1
- updated to 0.74
* Mon Jun 14 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.73-0.fdr.1
- updated to 0.73
- added pkgconfig file
* Fri Jun 11 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.72-0.fdr.3
- notify the user about a deactivated clamav-update service
- added clamd-gen script which generates template spec-files for
services using clamd
- copied template configuration files to %pkgdatadir/template (needed
for clamd-gen)
- moved the clamd-wrapper from %_initrddir to %{pkgdatadir}; a symlink
will be provided for compatibility reasons
- conditionalized building of the -milter subpackage ('--without
milter' switch) to enable builds on RH73 (bug #1715, comment #5/#7)
* Fri Jun 4 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.72-0.fdr.2
- removed 'BuildRequires: dietlibc'; it was a leftover from the
pre-use-signal era (before 0.70) (bug #1716)
* Thu Jun 3 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.72-0.fdr.1
- updated to 0.72
* Thu May 20 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.71-0.fdr.2
- removed the randomization in the cronjob; it seems to be impossible
to use the mod-operator (%%) there. Instead of, the user has to
replace some placeholders...
* Wed May 19 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.71-0.fdr.1
- updated to 0.71
* Fri May 7 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.70-0.fdr.1.1
- quote 'EOF' to delay $RANDOM expansion
* Tue Apr 27 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.70-0.fdr.2
- updated GECOS entry for the 'clamav' user to describe its purpose
more accurately
- use explicit '-m755' when creating directories with install
* Tue Apr 20 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.70-0.fdr.1
- updated to 0.70; rediffed some patches
- updated logrotate script to use signals and documented the steps
which are needed to make it work
- adapted initscript to use signals instead of sockwrite
- removed sockwrite; signals can now be used to reload the database
- added logfile to the -milter subpackage
* Tue Apr 20 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.68-0.fdr.2.1
- tagged some Requires:, since clamav-server is required in the milter-%%post* scriptlets
* Sat Mar 20 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.68-0.fdr.2
- split the double Requires(...,...): statements; see
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=118773
- require the recent fedora-usermgmt package (0.7) which fixes similar
ordering issues
* Thu Mar 18 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.68-0.fdr.1
- updated to 0.68 (using the -1 version)
- ship milter-files in the -milter instead of the -server subpackage
* Tue Feb 24 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.67-0.fdr.3
- fixed ':' vs. '.' in chown
* Tue Feb 17 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.67-0.fdr.2
- randomize freshclam startup to prevent server peaks
* Mon Feb 16 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.67-0.fdr.1
- updated to 0.67 (using the -1 version)
* Wed Feb 11 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.66-0.fdr.2
- updated to 0.66; important, packaging-relevant changes are
freshclam:
* $http_proxy is not supported anymore; you have to configure it in
/etc/freshclam.conf
* the logfile has been renamed to /var/log/freshclam.log
- removed %%check section; buildroot check is implemented in local
testsuite already
- added some %%verify(not mtime) modifiers to avoid unnecessary .rpmnew
files
- added some directory-Requires:
- activated milter-package and made it work
- added patch to disable clamav-milter service by default
- renamed /var/run/clamav.<SERVICE> to /var/run/clamd.<SERVICE>; this
makes things more consistently but can break backward compatibility. The
initscript should deal with the old version too, but I would not bet on
it...
- updated some descriptions
- fixed the update-mechanism; now it happens in two stages: at first,
the files will be downloaded as user 'clamav' and then, root initiates
the daemon-reload.
* Mon Feb 9 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0:0.65-0.fdr.5
- added security fix for
http://www.securityfocus.com/archive/1/353194/2004-02-06/2004-02-12/1

6
clamav-0.92-open.patch
View File

@ -1,5 +1,7 @@
--- clamav-0.91.2/clamd/dazukoio_compat12.c.open 2007-03-06 14:38:06.000000000 +0100
+++ clamav-0.91.2/clamd/dazukoio_compat12.c 2007-08-25 12:36:30.000000000 +0200
Index: clamav-0.96.1/clamd/dazukoio_compat12.c
===================================================================
--- clamav-0.96.1.orig/clamd/dazukoio_compat12.c
+++ clamav-0.96.1/clamd/dazukoio_compat12.c
@@ -89,7 +89,7 @@ int dazukoRegister_TS_compat12(struct da
if (dazuko->device < 0)
{

12
clamav-0.92-private.patch
View File

@ -1,5 +1,7 @@
--- clamav-0.92/libclamav.pc.in.private
+++ clamav-0.92/libclamav.pc.in
Index: clamav-0.96.1/libclamav.pc.in
===================================================================
--- clamav-0.96.1.orig/libclamav.pc.in
+++ clamav-0.96.1/libclamav.pc.in
@@ -6,6 +6,6 @@ includedir=@includedir@
Name: libclamav
Description: A GPL virus scanner
@ -10,8 +12,10 @@
+Libs: -L${libdir} -lclamav
+Libs.private: -L${libdir} -lclamav @LIBCLAMAV_LIBS@
+Cflags: -I${includedir}
--- clamav-0.92/clamav-config.in.private
+++ clamav-0.92/clamav-config.in
Index: clamav-0.96.1/clamav-config.in
===================================================================
--- clamav-0.96.1.orig/clamav-config.in
+++ clamav-0.96.1/clamav-config.in
@@ -54,12 +54,8 @@ while test $# -gt 0; do
usage 0
;;

8
clamav-0.95-cliopts.patch
View File

@ -1,8 +1,8 @@
Index: clamav-0.95rc1/shared/optparser.c
Index: clamav-0.96.1/shared/optparser.c
===================================================================
--- clamav-0.95rc1.orig/shared/optparser.c
+++ clamav-0.95rc1/shared/optparser.c
@@ -211,7 +211,7 @@ const struct clam_option clam_options[]
--- clamav-0.96.1.orig/shared/optparser.c
+++ clamav-0.96.1/shared/optparser.c
@@ -236,7 +236,7 @@ const struct clam_option __clam_options[
{ "ExitOnOOM", NULL, 0, TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD, "Stop the daemon when libclamav reports an out of memory condition.", "yes" },

24
clamav-0.95.3-umask.patch
View File

@ -1,8 +1,8 @@
Index: clamav-0.95.3/clamav-milter/clamav-milter.c
Index: clamav-0.96.1/clamav-milter/clamav-milter.c
===================================================================
--- clamav-0.95.3.orig/clamav-milter/clamav-milter.c
+++ clamav-0.95.3/clamav-milter/clamav-milter.c
@@ -306,7 +306,7 @@ int main(int argc, char **argv) {
--- clamav-0.96.1.orig/clamav-milter/clamav-milter.c
+++ clamav-0.96.1/clamav-milter/clamav-milter.c
@@ -365,7 +365,7 @@ int main(int argc, char **argv) {
if((opt = optget(opts, "PidFile"))->enabled) {
FILE *fd;
@ -11,11 +11,11 @@ Index: clamav-0.95.3/clamav-milter/clamav-milter.c
if((fd = fopen(opt->strarg, "w")) == NULL) {
logg("!Can't save PID in file %s\n", opt->strarg);
Index: clamav-0.95.3/shared/output.c
Index: clamav-0.96.1/shared/output.c
===================================================================
--- clamav-0.95.3.orig/shared/output.c
+++ clamav-0.95.3/shared/output.c
@@ -270,7 +270,7 @@ int logg(const char *str, ...)
--- clamav-0.96.1.orig/shared/output.c
+++ clamav-0.96.1/shared/output.c
@@ -280,7 +280,7 @@ int logg(const char *str, ...)
#endif
if(logg_file) {
if(!logg_fp) {
@ -24,11 +24,11 @@ Index: clamav-0.95.3/shared/output.c
if((logg_fp = fopen(logg_file, "at")) == NULL) {
umask(old_umask);
#ifdef CL_THREAD_SAFE
Index: clamav-0.95.3/freshclam/freshclam.c
Index: clamav-0.96.1/freshclam/freshclam.c
===================================================================
--- clamav-0.95.3.orig/freshclam/freshclam.c
+++ clamav-0.95.3/freshclam/freshclam.c
@@ -102,7 +102,7 @@ static void writepid(const char *pidfile
--- clamav-0.96.1.orig/freshclam/freshclam.c
+++ clamav-0.96.1/freshclam/freshclam.c
@@ -106,7 +106,7 @@ static void writepid(const char *pidfile
{
FILE *fd;
int old_umask;

78
clamav-0.96-disable-jit.patch
View File

@ -1,6 +1,8 @@
--- a/clamd/clamd.c
+++ a/clamd/clamd.c
@@ -431,6 +431,9 @@ int main(int argc, char **argv)
Index: clamav-0.96.1/clamd/clamd.c
===================================================================
--- clamav-0.96.1.orig/clamd/clamd.c
+++ clamav-0.96.1/clamd/clamd.c
@@ -434,6 +434,9 @@ int main(int argc, char **argv)
if((opt = optget(opts,"BytecodeTimeout"))->enabled) {
cl_engine_set_num(engine, CL_ENGINE_BYTECODE_TIMEOUT, opt->numarg);
}
@ -10,9 +12,11 @@
if(optget(opts,"PhishingScanURLs")->enabled)
dboptions |= CL_DB_PHISHING_URLS;
--- a/clamscan/manager.c
+++ a/clamscan/manager.c
@@ -405,6 +405,8 @@ int scanmanager(const struct optstruct *opts)
Index: clamav-0.96.1/clamscan/manager.c
===================================================================
--- clamav-0.96.1.orig/clamscan/manager.c
+++ clamav-0.96.1/clamscan/manager.c
@@ -404,6 +404,8 @@ int scanmanager(const struct optstruct *
cl_engine_set_num(engine, CL_ENGINE_BYTECODE_SECURITY, CL_BYTECODE_TRUST_ALL);
if((opt = optget(opts,"bytecode-timeout"))->enabled)
cl_engine_set_num(engine, CL_ENGINE_BYTECODE_TIMEOUT, opt->numarg);
@ -21,8 +25,10 @@
if((opt = optget(opts, "tempdir"))->enabled) {
if((ret = cl_engine_set_str(engine, CL_ENGINE_TMPDIR, opt->strarg))) {
--- a/docs/man/clamd.conf.5.in
+++ a/docs/man/clamd.conf.5.in
Index: clamav-0.96.1/docs/man/clamd.conf.5.in
===================================================================
--- clamav-0.96.1.orig/docs/man/clamd.conf.5.in
+++ clamav-0.96.1/docs/man/clamd.conf.5.in
@@ -253,6 +253,12 @@ Default: TrustSigned
Set bytecode timeout in milliseconds.
.br
@ -36,9 +42,11 @@
.TP
\fBDetectPUA BOOL\fR
Detect Possibly Unwanted Applications.
--- a/docs/man/clamscan.1.in
+++ a/docs/man/clamscan.1.in
@@ -86,6 +86,10 @@ This option disables safety checks and makes ClamAV trust all bytecode. It shoul
Index: clamav-0.96.1/docs/man/clamscan.1.in
===================================================================
--- clamav-0.96.1.orig/docs/man/clamscan.1.in
+++ clamav-0.96.1/docs/man/clamscan.1.in
@@ -86,6 +86,10 @@ This option disables safety checks and m
.TP
\fB\-\-bytecode\-timeout=N\fR
Set bytecode timeout in milliseconds (default: 60000 = 60s)
@ -49,9 +57,11 @@
.TP
\fB\-\-detect\-pua[=yes/no(*)]\fR
Detect Possibly Unwanted Applications.
--- a/etc/clamd.conf
+++ a/etc/clamd.conf
@@ -474,3 +474,8 @@ Example
Index: clamav-0.96.1/etc/clamd.conf
===================================================================
--- clamav-0.96.1.orig/etc/clamd.conf
+++ clamav-0.96.1/etc/clamd.conf
@@ -472,3 +472,8 @@ Example
#
# Default: 60000
# BytecodeTimeout 60000
@ -60,9 +70,11 @@
+#
+# Default: no
+#BytecodeDisableJIT no
--- a/libclamav/clamav.h
+++ a/libclamav/clamav.h
@@ -142,7 +142,8 @@ enum cl_engine_field {
Index: clamav-0.96.1/libclamav/clamav.h
===================================================================
--- clamav-0.96.1.orig/libclamav/clamav.h
+++ clamav-0.96.1/libclamav/clamav.h
@@ -144,7 +144,8 @@ enum cl_engine_field {
CL_ENGINE_TMPDIR, /* (char *) */
CL_ENGINE_KEEPTMP, /* uint32_t */
CL_ENGINE_BYTECODE_SECURITY, /* uint32_t */
@ -72,8 +84,10 @@
};
enum bytecode_security {
--- a/libclamav/others.c
+++ a/libclamav/others.c
Index: clamav-0.96.1/libclamav/others.c
===================================================================
--- clamav-0.96.1.orig/libclamav/others.c
+++ clamav-0.96.1/libclamav/others.c
@@ -301,6 +301,7 @@ struct cl_engine *cl_engine_new(void)
new->bytecode_security = CL_BYTECODE_TRUST_SIGNED;
/* 5 seconds timeout */
@ -82,7 +96,7 @@
new->refcount = 1;
new->ac_only = 0;
new->ac_mindepth = CLI_DEFAULT_AC_MINDEPTH;
@@ -395,6 +396,9 @@ int cl_engine_set_num(struct cl_engine *engine, enum cl_engine_field field, long
@@ -399,6 +400,9 @@ int cl_engine_set_num(struct cl_engine *
case CL_ENGINE_BYTECODE_TIMEOUT:
engine->bytecode_timeout = num;
break;
@ -92,9 +106,11 @@
default:
cli_errmsg("cl_engine_set_num: Incorrect field number\n");
return CL_EARG;
--- a/libclamav/others.h
+++ a/libclamav/others.h
@@ -249,6 +249,7 @@ struct cl_engine {
Index: clamav-0.96.1/libclamav/others.h
===================================================================
--- clamav-0.96.1.orig/libclamav/others.h
+++ clamav-0.96.1/libclamav/others.h
@@ -253,6 +253,7 @@ struct cl_engine {
unsigned hook_lsig_ids;
enum bytecode_security bytecode_security;
uint32_t bytecode_timeout;
@ -102,9 +118,11 @@
};
struct cl_settings {
--- a/libclamav/readdb.c
+++ a/libclamav/readdb.c
@@ -2566,7 +2566,10 @@ int cl_load(const char *path, struct cl_engine *engine, unsigned int *signo, uns
Index: clamav-0.96.1/libclamav/readdb.c
===================================================================
--- clamav-0.96.1.orig/libclamav/readdb.c
+++ clamav-0.96.1/libclamav/readdb.c
@@ -2595,7 +2595,10 @@ int cl_load(const char *path, struct cl_
return ret;
if((dboptions & CL_DB_BYTECODE) && !engine->bcs.engine && (engine->dconf->bytecode & BYTECODE_ENGINE_MASK)) {
@ -116,9 +134,11 @@
return ret;
} else {
cli_dbgmsg("Bytecode engine disabled\n");
--- a/shared/optparser.c
+++ a/shared/optparser.c
@@ -252,6 +252,9 @@ const struct clam_option __clam_options[] = {
Index: clamav-0.96.1/shared/optparser.c
===================================================================
--- clamav-0.96.1.orig/shared/optparser.c
+++ clamav-0.96.1/shared/optparser.c
@@ -252,6 +252,9 @@ const struct clam_option __clam_options[
"Set bytecode security level.\nPossible values:\n\tNone - no security at all, meant for debugging. DO NOT USE THIS ON PRODUCTION SYSTEMS\n\tTrustSigned - trust bytecode loaded from signed .c[lv]d files,\n\t\t insert runtime safety checks for bytecode loaded from other sources\n\tParanoid - don't trust any bytecode, insert runtime checks for all\nRecommended: TrustSigned, because bytecode in .cvd files already has these checks\n","TrustSigned"},
{ "BytecodeTimeout", "bytecode-timeout", 0, TYPE_NUMBER, MATCH_NUMBER, 60000, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN,
"Set bytecode timeout in miliseconds.\n","60000"},

64
clamav-0.96-jitoff.patch
View File

@ -1,8 +1,58 @@
Index: clamav-0.96/etc/clamd.conf
Index: clamav-0.96.1/etc/clamd.conf
===================================================================
--- clamav-0.96.orig/etc/clamd.conf
+++ clamav-0.96/etc/clamd.conf
@@ -476,6 +476,10 @@ AllowSupplementaryGroups yes
--- clamav-0.96.1.orig/etc/clamd.conf
+++ clamav-0.96.1/etc/clamd.conf
@@ -11,7 +11,7 @@ Example
# LogFile must be writable for the user running daemon.
# A full path is required.
# Default: disabled
-#LogFile /tmp/clamd.log
+#LogFile /var/log/clamd.<SERVICE>
# By default the log file is locked for writing - the lock protects against
# running clamd multiple times (if want to run another clamd, please
@@ -40,7 +40,7 @@ Example
# Use system logger (can work together with LogFile).
# Default: no
-#LogSyslog yes
+LogSyslog yes
# Specify the type of syslog messages - please refer to 'man syslog'
# for facility names.
@@ -54,7 +54,7 @@ Example
# This option allows you to save a process identifier of the listening
# daemon (main thread).
# Default: disabled
-#PidFile /var/run/clamd.pid
+#PidFile /var/run/clamd.<SERVICE>/clamd.pid
# Optional path to the global temporary directory.
# Default: system specific (usually /tmp or /var/tmp).
@@ -73,7 +73,7 @@ Example
# Path to a local socket file the daemon will listen on.
# Default: disabled (must be specified by a user)
-#LocalSocket /tmp/clamd.socket
+#LocalSocket /var/run/clamd.<SERVICE>/clamd.sock
# Sets the group ownership on the unix socket.
# Default: disabled (the primary group of the user running clamd)
@@ -183,11 +183,11 @@ Example
# Run as another user (clamd must be started by root for this option to work)
# Default: don't drop privileges
-#User clamav
+User <USER>
# Initialize supplementary group access (clamd must be started by root).
# Default: no
-#AllowSupplementaryGroups no
+AllowSupplementaryGroups yes
# Stop daemon when libclamav reports out of memory condition.
#ExitOnOOM yes
@@ -474,6 +474,10 @@ Example
# BytecodeTimeout 60000
# Disable JIT and fallback to interpreter. WARNING: disabling JIT affects performance.
@ -15,10 +65,10 @@ Index: clamav-0.96/etc/clamd.conf
+#
+# Default: yes
#BytecodeDisableJIT no
Index: clamav-0.96/shared/optparser.c
Index: clamav-0.96.1/shared/optparser.c
===================================================================
--- clamav-0.96.orig/shared/optparser.c
+++ clamav-0.96/shared/optparser.c
--- clamav-0.96.1.orig/shared/optparser.c
+++ clamav-0.96.1/shared/optparser.c
@@ -252,7 +252,7 @@ const struct clam_option __clam_options[
"Set bytecode security level.\nPossible values:\n\tNone - no security at all, meant for debugging. DO NOT USE THIS ON PRODUCTION SYSTEMS\n\tTrustSigned - trust bytecode loaded from signed .c[lv]d files,\n\t\t insert runtime safety checks for bytecode loaded from other sources\n\tParanoid - don't trust any bytecode, insert runtime checks for all\nRecommended: TrustSigned, because bytecode in .cvd files already has these checks\n","TrustSigned"},
{ "BytecodeTimeout", "bytecode-timeout", 0, TYPE_NUMBER, MATCH_NUMBER, 60000, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN,

16
clamav-0.96-pdf.patch
View File

@ -1,16 +0,0 @@
--- clamav-0.96.org/libclamav/pdf.c 2010-05-29 17:22:12.345315695 +0530
+++ clamav-0.96/libclamav/pdf.c 2010-05-29 17:33:19.747313775 +0530
@@ -451,10 +451,12 @@
}
if(ret) {
unsigned char *t;
+ unsigned size;
real_streamlen = ret;
/* free unused trailing bytes */
- t = (unsigned char *)cli_realloc(tmpbuf,calculated_streamlen);
+ size = real_streamlen > calculated_streamlen ? real_streamlen : calculated_streamlen;
+ t = (unsigned char *)cli_realloc(tmpbuf,size);
if(t == NULL) {
free(tmpbuf);
close(fout);

10
clamav.spec
View File

@ -26,8 +26,8 @@
Summary: End-user tools for the Clam Antivirus scanner
Name: clamav
Version: 0.96
Release: %release_func 1403
Version: 0.96.1
Release: %release_func 1400
License: %{?with_unrar:proprietary}%{!?with_unrar:GPLv2}
Group: Applications/File
URL: http://www.clamav.net
@ -55,7 +55,6 @@ Patch27: clamav-0.95.3-umask.patch
# https://bugzilla.redhat.com/attachment.cgi?id=403775&action=diff&context=patch&collapsed=&headers=1&format=raw
Patch28: clamav-0.96-disable-jit.patch
Patch29: clamav-0.96-jitoff.patch
Patch30: clamav-0.96-pdf.patch
BuildRoot: %_tmppath/%name-%version-%release-root
Requires: clamav-lib = %version-%release
Requires: data(clamav)
@ -320,7 +319,6 @@ The Upstart initscripts for clamav-milter.
%apply -n27 -p1 -b .umask
%apply -n28 -p1 -b .jit-disable
%apply -n29 -p1 -b .jitoff
%apply -n30 -p1 -b .pdf
install -p -m0644 %SOURCE300 clamav-milter/
@ -707,6 +705,10 @@ test "$1" != "0" || /sbin/initctl -q stop clamav-milter || :
%changelog
* Tue Jun 1 2010 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.96.1-1400
- updated to 0.96.1
- rediffed patches
* Sat May 19 2010 Rakesh Pandit <rakesh@fedoraproject.org> - 0.96.1403
- CVE-2010-1639 Clam AntiVirus: Heap-based overflow, when processing malicious PDF file(s)

1
import.log
View File

@ -1 +0,0 @@
clamav-0_96-1403_fc14:HEAD:clamav-0.96-1403.fc14.src.rpm:1275137074

1
lastver Normal file
View File

@ -0,0 +1 @@
0.96

2
sources
View File

@ -1 +1 @@
fea833e7185926330222788eeed249af clamav-0.96-norar.tar.xz
d7a79bcd71da15817d6c731f989cf73a clamav-0.96.1-norar.tar.xz

2
verinfo Normal file
View File

@ -0,0 +1,2 @@
http://sourceforge.net/project/showfiles.php?group_id=86638&package_id=90197
href="/projects/clamav/files/clamav/([0-9.-]*?)"