Update to 0.99.4
Security fixes CVE-2012-6706 CVE-2017-6419 CVE-2017-11423 CVE-2018-1000085 CVE-2018-0202 Conflicts: clamav.spec
This commit is contained in:
parent
0438913e58
commit
f76b739429
@ -1,137 +0,0 @@
|
|||||||
https://github.com/vrtadmin/clamav-devel/commit/f5bc94cf01e6a19d5255c0e5f9a5bc2336f5a2b1
|
|
||||||
backported (re-merge). See also:
|
|
||||||
|
|
||||||
- https://bugzilla.clamav.net/show_bug.cgi?id=11549
|
|
||||||
- https://github.com/e2guardian/e2guardian/issues/159
|
|
||||||
|
|
||||||
--- clamav-0.99.2/libclamav/scanners.c 2016-04-22 17:02:19.000000000 +0200
|
|
||||||
+++ clamav-0.99.2/libclamav/scanners.c.temp-cleanup 2017-11-17 00:59:14.295670694 +0100
|
|
||||||
@@ -1342,37 +1342,33 @@
|
|
||||||
return CL_CLEAN;
|
|
||||||
}
|
|
||||||
|
|
||||||
- /* dump to disk only if explicitly asked to
|
|
||||||
- * or if necessary to check relative offsets,
|
|
||||||
- * otherwise we can process just in-memory */
|
|
||||||
- if(ctx->engine->keeptmp || (troot && troot->ac_reloff_num > 0)) {
|
|
||||||
- if((ret = cli_gentempfd(ctx->engine->tmpdir, &tmpname, &ofd))) {
|
|
||||||
- cli_dbgmsg("cli_scanscript: Can't generate temporary file/descriptor\n");
|
|
||||||
- return ret;
|
|
||||||
- }
|
|
||||||
- if (ctx->engine->keeptmp)
|
|
||||||
- cli_dbgmsg("cli_scanscript: saving normalized file to %s\n", tmpname);
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
if(!(normalized = cli_malloc(SCANBUFF + maxpatlen))) {
|
|
||||||
cli_dbgmsg("cli_scanscript: Unable to malloc %u bytes\n", SCANBUFF);
|
|
||||||
- free(tmpname);
|
|
||||||
return CL_EMEM;
|
|
||||||
}
|
|
||||||
-
|
|
||||||
text_normalize_init(&state, normalized, SCANBUFF + maxpatlen);
|
|
||||||
- ret = CL_CLEAN;
|
|
||||||
-
|
|
||||||
|
|
||||||
if ((ret = cli_ac_initdata(&tmdata, troot?troot->ac_partsigs:0, troot?troot->ac_lsigs:0, troot?troot->ac_reloff_num:0, CLI_DEFAULT_AC_TRACKLEN))) {
|
|
||||||
- free(tmpname);
|
|
||||||
- return ret;
|
|
||||||
+ free(normalized);
|
|
||||||
+ return ret;
|
|
||||||
}
|
|
||||||
|
|
||||||
if ((ret = cli_ac_initdata(&gmdata, groot->ac_partsigs, groot->ac_lsigs, groot->ac_reloff_num, CLI_DEFAULT_AC_TRACKLEN))) {
|
|
||||||
- cli_ac_freedata(&tmdata);
|
|
||||||
- free(tmpname);
|
|
||||||
- return ret;
|
|
||||||
+ cli_ac_freedata(&tmdata);
|
|
||||||
+ free(normalized);
|
|
||||||
+ return ret;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ /* dump to disk only if explicitly asked to
|
|
||||||
+ * or if necessary to check relative offsets,
|
|
||||||
+ * otherwise we can process just in-memory */
|
|
||||||
+ if(ctx->engine->keeptmp || (troot && troot->ac_reloff_num > 0)) {
|
|
||||||
+ if((ret = cli_gentempfd(ctx->engine->tmpdir, &tmpname, &ofd))) {
|
|
||||||
+ cli_dbgmsg("cli_scanscript: Can't generate temporary file/descriptor\n");
|
|
||||||
+ goto done;
|
|
||||||
+ }
|
|
||||||
+ if (ctx->engine->keeptmp)
|
|
||||||
+ cli_dbgmsg("cli_scanscript: saving normalized file to %s\n", tmpname);
|
|
||||||
}
|
|
||||||
|
|
||||||
mdata[0] = &tmdata;
|
|
||||||
@@ -1387,10 +1383,9 @@
|
|
||||||
map_off += written;
|
|
||||||
|
|
||||||
if (write(ofd, state.out, state.out_pos) == -1) {
|
|
||||||
- cli_errmsg("cli_scanscript: can't write to file %s\n",tmpname);
|
|
||||||
- close(ofd);
|
|
||||||
- free(tmpname);
|
|
||||||
- return CL_EWRITE;
|
|
||||||
+ cli_errmsg("cli_scanscript: can't write to file %s\n",tmpname);
|
|
||||||
+ ret = CL_EWRITE;
|
|
||||||
+ goto done;
|
|
||||||
}
|
|
||||||
text_normalize_reset(&state);
|
|
||||||
}
|
|
||||||
@@ -1409,11 +1404,6 @@
|
|
||||||
funmap(*ctx->fmap);
|
|
||||||
}
|
|
||||||
*ctx->fmap = map;
|
|
||||||
-
|
|
||||||
- /* If we aren't keeping temps, delete the normalized file after scan. */
|
|
||||||
- if(!(ctx->engine->keeptmp))
|
|
||||||
- if (cli_unlink(tmpname)) ret = CL_EUNLINK;
|
|
||||||
-
|
|
||||||
} else {
|
|
||||||
/* Since the above is moderately costly all in all,
|
|
||||||
* do the old stuff if there's no relative offsets. */
|
|
||||||
@@ -1421,11 +1411,8 @@
|
|
||||||
if (troot) {
|
|
||||||
cli_targetinfo(&info, 7, map);
|
|
||||||
ret = cli_ac_caloff(troot, &tmdata, &info);
|
|
||||||
- if (ret) {
|
|
||||||
- cli_ac_freedata(&tmdata);
|
|
||||||
- free(tmpname);
|
|
||||||
- return ret;
|
|
||||||
- }
|
|
||||||
+ if (ret)
|
|
||||||
+ goto done;
|
|
||||||
}
|
|
||||||
|
|
||||||
while(1) {
|
|
||||||
@@ -1466,13 +1453,6 @@
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
- if(ctx->engine->keeptmp) {
|
|
||||||
- free(tmpname);
|
|
||||||
- if (ofd >= 0)
|
|
||||||
- close(ofd);
|
|
||||||
- }
|
|
||||||
- free(normalized);
|
|
||||||
-
|
|
||||||
if(ret != CL_VIRUS || SCAN_ALL) {
|
|
||||||
if ((ret = cli_exp_eval(ctx, troot, &tmdata, NULL, NULL)) == CL_VIRUS)
|
|
||||||
viruses_found++;
|
|
||||||
@@ -1481,9 +1461,19 @@
|
|
||||||
viruses_found++;
|
|
||||||
}
|
|
||||||
|
|
||||||
+done:
|
|
||||||
+ free(normalized);
|
|
||||||
cli_ac_freedata(&tmdata);
|
|
||||||
cli_ac_freedata(&gmdata);
|
|
||||||
|
|
||||||
+ if (ofd != -1)
|
|
||||||
+ close(ofd);
|
|
||||||
+ if (tmpname != NULL) {
|
|
||||||
+ if (!ctx->engine->keeptmp)
|
|
||||||
+ cli_unlink(tmpname);
|
|
||||||
+ free(tmpname);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
if (SCAN_ALL && viruses_found)
|
|
||||||
return CL_VIRUS;
|
|
||||||
|
|
17
clamav.spec
17
clamav.spec
@ -56,14 +56,14 @@
|
|||||||
|
|
||||||
Summary: End-user tools for the Clam Antivirus scanner
|
Summary: End-user tools for the Clam Antivirus scanner
|
||||||
Name: clamav
|
Name: clamav
|
||||||
Version: 0.99.3
|
Version: 0.99.4
|
||||||
Release: 6%{?dist}
|
Release: 1%{?dist}
|
||||||
License: %{?with_unrar:proprietary}%{!?with_unrar:GPLv2}
|
License: %{?with_unrar:proprietary}%{!?with_unrar:GPLv2}
|
||||||
Group: Applications/File
|
Group: Applications/File
|
||||||
URL: http://www.clamav.net
|
URL: http://www.clamav.net
|
||||||
%if %{with unrar}
|
%if %{with unrar}
|
||||||
Source0: http://download.sourceforge.net/sourceforge/clamav/%name-%version%{?prerelease}.tar.gz
|
Source0: http://www.clamav.net/downloads/production/%name-%version%{?prerelease}.tar.gz
|
||||||
Source999: http://download.sourceforge.net/sourceforge/clamav/%name-%version%{?prerelease}.tar.gz.sig
|
Source999: http://www.clamav.net/downloads/production/%name-%version%{?prerelease}.tar.gz.sig
|
||||||
%else
|
%else
|
||||||
# Unfortunately, clamav includes support for RAR v3, derived from GPL
|
# Unfortunately, clamav includes support for RAR v3, derived from GPL
|
||||||
# incompatible unrar from RARlabs. We have to pull this code out.
|
# incompatible unrar from RARlabs. We have to pull this code out.
|
||||||
@ -81,7 +81,7 @@ Source7: clamd.SERVICE.init
|
|||||||
# Check the first line of the file for version, file is not working
|
# Check the first line of the file for version, file is not working
|
||||||
# see https://bugzilla.redhat.com/show_bug.cgi?id=1539107
|
# see https://bugzilla.redhat.com/show_bug.cgi?id=1539107
|
||||||
Source10: http://db.local.clamav.net/main-58.cvd
|
Source10: http://db.local.clamav.net/main-58.cvd
|
||||||
Source11: http://db.local.clamav.net/daily-24253.cvd
|
Source11: http://db.local.clamav.net/daily-24356.cvd
|
||||||
Source12: http://db.local.clamav.net/bytecode-319.cvd
|
Source12: http://db.local.clamav.net/bytecode-319.cvd
|
||||||
#for devel
|
#for devel
|
||||||
Source100: clamd-gen
|
Source100: clamd-gen
|
||||||
@ -112,7 +112,6 @@ Patch27: clamav-0.98-umask.patch
|
|||||||
# https://llvm.org/viewvc/llvm-project/llvm/trunk/lib/ExecutionEngine/JIT/Intercept.cpp?r1=128086&r2=137567
|
# https://llvm.org/viewvc/llvm-project/llvm/trunk/lib/ExecutionEngine/JIT/Intercept.cpp?r1=128086&r2=137567
|
||||||
Patch30: llvm-glibc.patch
|
Patch30: llvm-glibc.patch
|
||||||
Patch31: clamav-0.99.1-setsebool.patch
|
Patch31: clamav-0.99.1-setsebool.patch
|
||||||
Patch33: clamav-0.99.2-temp-cleanup.patch
|
|
||||||
|
|
||||||
|
|
||||||
BuildRequires: autoconf automake gettext-devel libtool libtool-ltdl-devel
|
BuildRequires: autoconf automake gettext-devel libtool libtool-ltdl-devel
|
||||||
@ -440,7 +439,6 @@ The systemd initscripts for clamav-scanner.
|
|||||||
%apply -n27 -p1 -b .umask
|
%apply -n27 -p1 -b .umask
|
||||||
%apply -n30 -p1
|
%apply -n30 -p1
|
||||||
%apply -n31 -p1 -b .setsebool
|
%apply -n31 -p1 -b .setsebool
|
||||||
%apply -n33 -p1 -b .temp-cleanup
|
|
||||||
%{?apply_end}
|
%{?apply_end}
|
||||||
|
|
||||||
install -p -m0644 %SOURCE300 clamav-milter/
|
install -p -m0644 %SOURCE300 clamav-milter/
|
||||||
@ -915,6 +913,11 @@ test "$1" != "0" || /sbin/initctl -q stop clamav-milter || :
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Mar 02 2018 Orion Poplawski <orion@nwra.com> - 0.99.4-1
|
||||||
|
- Update to 0.99.4
|
||||||
|
- Security fixes CVE-2012-6706 CVE-2017-6419 CVE-2017-11423 CVE-2018-1000085
|
||||||
|
CVE-2018-0202
|
||||||
|
|
||||||
* Fri Feb 09 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 0.99.3-6
|
* Fri Feb 09 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 0.99.3-6
|
||||||
- Escape macros in %%changelog
|
- Escape macros in %%changelog
|
||||||
|
|
||||||
|
4
sources
4
sources
@ -1,4 +1,4 @@
|
|||||||
SHA512 (clamav-0.99.3-norar.tar.xz) = d80b20c982d35eecd2719af325bc774a5a5fe63a97f3d855c74919f6cfac6fe3f12c51479e49d96031ae0e9a3dedcf446dd22426cceba22ec4b641e9ea1f250a
|
SHA512 (clamav-0.99.4-norar.tar.xz) = c947d4626b210fe92bf6b287b038c4af26346f5e392d4a5b6c5e535fa805c0f72b38875fe87960539d4b859bf9fd478ce798fc6b33f44b94ee23ee7c430932a9
|
||||||
SHA512 (bytecode-319.cvd) = 1b2785fde078e0dae5a4b8a5161a0da55b26b010deda9fd9dc5edb7113d46d6eb45f644c16b4cb3882e7192d0b389d7b1826fbb718377aa40e1bac3485829acc
|
SHA512 (bytecode-319.cvd) = 1b2785fde078e0dae5a4b8a5161a0da55b26b010deda9fd9dc5edb7113d46d6eb45f644c16b4cb3882e7192d0b389d7b1826fbb718377aa40e1bac3485829acc
|
||||||
SHA512 (daily-24253.cvd) = cef70a86f7989ec330c0479f6070e735181168c0331e981cfcd8d9a5aebdd6be42d772167c701f6f33219a4b41aced806e70c156e9a2a060c30ba55e73743fcd
|
SHA512 (daily-24356.cvd) = 0550e4d136189dfd6fd78e027fb81713530abeaee47d48a678ed4a521114cae87fc0500a0f8eaa7e4ba1f8ed8ecd5159f96cd0b62eac92491acfcc01f9277973
|
||||||
SHA512 (main-58.cvd) = 71309a7ea26f0fbfe329252c728173c895b107b7ea2e0bd613b12475db1d0270a496d707c4d80c842bf8b6f21680e86edfa7fa3b8aea075e93d67c91d696603a
|
SHA512 (main-58.cvd) = 71309a7ea26f0fbfe329252c728173c895b107b7ea2e0bd613b12475db1d0270a496d707c4d80c842bf8b6f21680e86edfa7fa3b8aea075e93d67c91d696603a
|
||||||
|
Loading…
Reference in New Issue
Block a user