Update to 0.99.4

Security fixes CVE-2012-6706 CVE-2017-6419 CVE-2017-11423 CVE-2018-1000085
  CVE-2018-0202

Conflicts:
	clamav.spec

clamav-0.99.2-temp-cleanup.patch

@@ -1,137 +0,0 @@
-https://github.com/vrtadmin/clamav-devel/commit/f5bc94cf01e6a19d5255c0e5f9a5bc2336f5a2b1
-backported (re-merge). See also:
-
- - https://bugzilla.clamav.net/show_bug.cgi?id=11549
- - https://github.com/e2guardian/e2guardian/issues/159
-
---- clamav-0.99.2/libclamav/scanners.c			2016-04-22 17:02:19.000000000 +0200
-+++ clamav-0.99.2/libclamav/scanners.c.temp-cleanup	2017-11-17 00:59:14.295670694 +0100
-@@ -1342,37 +1342,33 @@
- 		return CL_CLEAN;
- 	}
- 
--	/* dump to disk only if explicitly asked to
--	 * or if necessary to check relative offsets,
--	 * otherwise we can process just in-memory */
--	if(ctx->engine->keeptmp || (troot && troot->ac_reloff_num > 0)) {
--		if((ret = cli_gentempfd(ctx->engine->tmpdir, &tmpname, &ofd))) {
--			cli_dbgmsg("cli_scanscript: Can't generate temporary file/descriptor\n");
--			return ret;
--		}
--		if (ctx->engine->keeptmp)
--			cli_dbgmsg("cli_scanscript: saving normalized file to %s\n", tmpname);
--	}
--
- 	if(!(normalized = cli_malloc(SCANBUFF + maxpatlen))) {
- 		cli_dbgmsg("cli_scanscript: Unable to malloc %u bytes\n", SCANBUFF);
--		free(tmpname);
- 		return CL_EMEM;
- 	}
--
- 	text_normalize_init(&state, normalized, SCANBUFF + maxpatlen);
--	ret = CL_CLEAN;
--
- 
- 	if ((ret = cli_ac_initdata(&tmdata, troot?troot->ac_partsigs:0, troot?troot->ac_lsigs:0, troot?troot->ac_reloff_num:0, CLI_DEFAULT_AC_TRACKLEN))) {
--		free(tmpname);
--		return ret;
-+            free(normalized);
-+            return ret;
- 	}
- 
- 	if ((ret = cli_ac_initdata(&gmdata, groot->ac_partsigs, groot->ac_lsigs, groot->ac_reloff_num, CLI_DEFAULT_AC_TRACKLEN))) {
--		cli_ac_freedata(&tmdata);
--		free(tmpname);
--		return ret;
-+            cli_ac_freedata(&tmdata);
-+            free(normalized);
-+            return ret;
-+	}
-+
-+	/* dump to disk only if explicitly asked to
-+	 * or if necessary to check relative offsets,
-+	 * otherwise we can process just in-memory */
-+	if(ctx->engine->keeptmp || (troot && troot->ac_reloff_num > 0)) {
-+            if((ret = cli_gentempfd(ctx->engine->tmpdir, &tmpname, &ofd))) {
-+                cli_dbgmsg("cli_scanscript: Can't generate temporary file/descriptor\n");
-+                goto done;
-+            }
-+            if (ctx->engine->keeptmp)
-+                cli_dbgmsg("cli_scanscript: saving normalized file to %s\n", tmpname);
- 	}
- 
- 	mdata[0] = &tmdata;
-@@ -1387,10 +1383,9 @@
- 			map_off += written;
- 
- 			if  (write(ofd, state.out, state.out_pos) == -1) {
--				cli_errmsg("cli_scanscript: can't write to file %s\n",tmpname);
--				close(ofd);
--				free(tmpname);
--				return CL_EWRITE;
-+                            cli_errmsg("cli_scanscript: can't write to file %s\n",tmpname);
-+                            ret = CL_EWRITE;
-+                            goto done;
- 			}
- 			text_normalize_reset(&state);
- 		}
-@@ -1409,11 +1404,6 @@
- 			funmap(*ctx->fmap);
- 		}
- 		*ctx->fmap = map;
--
--		/* If we aren't keeping temps, delete the normalized file after scan. */
--		if(!(ctx->engine->keeptmp))
--			if (cli_unlink(tmpname)) ret = CL_EUNLINK;
--
- 	} else {
- 		/* Since the above is moderately costly all in all,
- 		 * do the old stuff if there's no relative offsets. */
-@@ -1421,11 +1411,8 @@
- 		if (troot) {
- 			cli_targetinfo(&info, 7, map);
- 			ret = cli_ac_caloff(troot, &tmdata, &info);
--			if (ret) {
--				cli_ac_freedata(&tmdata);
--				free(tmpname);
--				return ret;
--			}
-+			if (ret)
-+                            goto done;
- 		}
- 
- 		while(1) {
-@@ -1466,13 +1453,6 @@
- 
- 	}
- 
--	if(ctx->engine->keeptmp) {
--		free(tmpname);
--		if (ofd >= 0)
--			close(ofd);
--	}
--	free(normalized);
--
- 	if(ret != CL_VIRUS || SCAN_ALL)  {
- 		if ((ret = cli_exp_eval(ctx, troot, &tmdata, NULL, NULL)) == CL_VIRUS)
- 			viruses_found++;
-@@ -1481,9 +1461,19 @@
- 				viruses_found++;
- 	}
- 
-+done:
-+	free(normalized);
- 	cli_ac_freedata(&tmdata);
- 	cli_ac_freedata(&gmdata);
- 
-+	if (ofd != -1)
-+		close(ofd);
-+	if (tmpname != NULL) {
-+		if (!ctx->engine->keeptmp)
-+			cli_unlink(tmpname);
-+		free(tmpname);
-+	}
-+
- 	if (SCAN_ALL && viruses_found)
- 		return CL_VIRUS;
- 

clamav.spec

@@ -56,14 +56,14 @@
 
 Summary:    End-user tools for the Clam Antivirus scanner
 Name:       clamav
-Version:    0.99.3
-Release:    6%{?dist}
+Version:    0.99.4
+Release:    1%{?dist}
 License:    %{?with_unrar:proprietary}%{!?with_unrar:GPLv2}
 Group:      Applications/File
 URL:        http://www.clamav.net
 %if %{with unrar}
-Source0:    http://download.sourceforge.net/sourceforge/clamav/%name-%version%{?prerelease}.tar.gz
-Source999:  http://download.sourceforge.net/sourceforge/clamav/%name-%version%{?prerelease}.tar.gz.sig
+Source0:    http://www.clamav.net/downloads/production/%name-%version%{?prerelease}.tar.gz
+Source999:  http://www.clamav.net/downloads/production/%name-%version%{?prerelease}.tar.gz.sig
 %else
 # Unfortunately, clamav includes support for RAR v3, derived from GPL
 # incompatible unrar from RARlabs. We have to pull this code out.
@@ -81,7 +81,7 @@ Source7:    clamd.SERVICE.init
 # Check the first line of the file for version, file is not working
 # see https://bugzilla.redhat.com/show_bug.cgi?id=1539107
 Source10:   http://db.local.clamav.net/main-58.cvd
-Source11:   http://db.local.clamav.net/daily-24253.cvd
+Source11:   http://db.local.clamav.net/daily-24356.cvd
 Source12:   http://db.local.clamav.net/bytecode-319.cvd
 #for devel
 Source100:  clamd-gen
@@ -112,7 +112,6 @@ Patch27:    clamav-0.98-umask.patch
 # https://llvm.org/viewvc/llvm-project/llvm/trunk/lib/ExecutionEngine/JIT/Intercept.cpp?r1=128086&r2=137567
 Patch30:    llvm-glibc.patch
 Patch31:    clamav-0.99.1-setsebool.patch
-Patch33:    clamav-0.99.2-temp-cleanup.patch
 
 
 BuildRequires:  autoconf automake gettext-devel libtool libtool-ltdl-devel
@@ -440,7 +439,6 @@ The systemd initscripts for clamav-scanner.
 %apply -n27 -p1 -b .umask
 %apply -n30 -p1
 %apply -n31 -p1 -b .setsebool
-%apply -n33 -p1 -b .temp-cleanup
 %{?apply_end}
 
 install -p -m0644 %SOURCE300 clamav-milter/
@@ -915,6 +913,11 @@ test "$1" != "0" || /sbin/initctl -q stop clamav-milter || :
 
 
 %changelog
+* Fri Mar 02 2018 Orion Poplawski <orion@nwra.com> - 0.99.4-1
+- Update to 0.99.4
+- Security fixes CVE-2012-6706 CVE-2017-6419 CVE-2017-11423 CVE-2018-1000085
+  CVE-2018-0202
+
 * Fri Feb 09 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 0.99.3-6
 - Escape macros in %%changelog
 

sources

@@ -1,4 +1,4 @@
-SHA512 (clamav-0.99.3-norar.tar.xz) = d80b20c982d35eecd2719af325bc774a5a5fe63a97f3d855c74919f6cfac6fe3f12c51479e49d96031ae0e9a3dedcf446dd22426cceba22ec4b641e9ea1f250a
+SHA512 (clamav-0.99.4-norar.tar.xz) = c947d4626b210fe92bf6b287b038c4af26346f5e392d4a5b6c5e535fa805c0f72b38875fe87960539d4b859bf9fd478ce798fc6b33f44b94ee23ee7c430932a9
 SHA512 (bytecode-319.cvd) = 1b2785fde078e0dae5a4b8a5161a0da55b26b010deda9fd9dc5edb7113d46d6eb45f644c16b4cb3882e7192d0b389d7b1826fbb718377aa40e1bac3485829acc
-SHA512 (daily-24253.cvd) = cef70a86f7989ec330c0479f6070e735181168c0331e981cfcd8d9a5aebdd6be42d772167c701f6f33219a4b41aced806e70c156e9a2a060c30ba55e73743fcd
+SHA512 (daily-24356.cvd) = 0550e4d136189dfd6fd78e027fb81713530abeaee47d48a678ed4a521114cae87fc0500a0f8eaa7e4ba1f8ed8ecd5159f96cd0b62eac92491acfcc01f9277973
 SHA512 (main-58.cvd) = 71309a7ea26f0fbfe329252c728173c895b107b7ea2e0bd613b12475db1d0270a496d707c4d80c842bf8b6f21680e86edfa7fa3b8aea075e93d67c91d696603a