From dc6c42aed911bef4c4abcffd72e9eadc5698b88c Mon Sep 17 00:00:00 2001 From: ensc Date: Jun 01 2010 19:22:07 +0000 Subject: - updated to 0.96.1 - rediffed patches - reverted parts of last commit --- diff --git a/.cvsignore b/.cvsignore index a0a76da..495edab 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -clamav-0.96-norar.tar.xz +clamav-0.96.1-norar.tar.xz diff --git a/ChangeLog-rpm.old b/ChangeLog-rpm.old new file mode 100644 index 0000000..44c8556 --- /dev/null +++ b/ChangeLog-rpm.old @@ -0,0 +1,279 @@ +* Tue Dec 12 2006 Enrico Scholz - 0.88.7-1 +- updated to 0.88.7 + +* Sun Nov 5 2006 Enrico Scholz - 0.88.6-1 +- updated to 0.88.6 + +* Wed Oct 18 2006 Enrico Scholz - 0.88.5-1 +- updated to 0.88.5 (SECURITY); fixes CVE-2006-4182, CVE-2006-5295 +- added patch to set '__attribute__ ((visibility("hidden")))' for + exported MD5_*() functions (fixes #202043) + +* Thu Oct 05 2006 Christian Iseli 0.88.4-4 + - rebuilt for unwind info generation, broken in gcc-4.1.1-21 + +* Thu Sep 21 2006 Enrico Scholz - 0.88.4-3 +- splitted SysV initscripts of -milter and -server into own subpackages + +* Fri Sep 15 2006 Enrico Scholz - 0.88.4-2 +- rebuilt + +* Tue Aug 8 2006 Enrico Scholz - 0.88.4-1 +- updated to 0.88.4 (SECURITY) + +* Wed Jul 12 2006 Enrico Scholz +- removed the clamdscan(1) manpage from the -server subpackage + +* Sat Jul 8 2006 Enrico Scholz +- removed a superfluous '}' +- removed some code which was relevant for FC-3 only + +* Sat Jul 8 2006 Enrico Scholz - 0.88.3-1 +- updated to 0.88.3 +- updated to new fedora-usermgmt macros + +* Tue May 16 2006 Enrico Scholz - 0.88.2-2 +- cleanups: removed unneeded curlies, use plain command instead of + %%__XXX macro, whitespace cleanup, removed unneeded versioned + dependencies +- added a 'Requires(post): group(clamav)' dependencies for -update and + added the corresponding Provides: to -data +- removed the %%_without_milter conditional; you won't gain anything + when milter would be disabled at buildtime + +* Sun Apr 30 2006 Enrico Scholz - 0.88.2-1 +- updated to 0.88.2 (SECURITY) +- rediffed patches; most issues handled by 0.88.1-2 are fixed in + 0.88.2 + +* Mon Apr 24 2006 Enrico Scholz - 0.88.1-2 +- added patch which fixes some classes of compiler warnings; at least + the using of implicitly declared functions was reported to cause + segfaults on AMD64 (brought to my attention by Marc Perkel) +- added patch which fixes wrong usage of strncpy(3) in unrarlib.c + +* Thu Apr 06 2006 Enrico Scholz - 0.88.1-1 +- updated to 0.88.1 (SECURITY) + +* Sat Feb 18 2006 Enrico Scholz - 0.88-2 +- rebuilt for FC5 + +* Tue Jan 10 2006 Enrico Scholz - 0.88-1 +- updated to 0.88 +- added pseudo-versions for the 'init(...)' provides as a first step + for the support of alternative initmethods + +* Tue Nov 15 2005 Enrico Scholz - 0.87.1-2 +- moved 'freshclam.conf.5' man page into the -update subpackage (#173221) +- ship 'clamd.conf.5' man page in the -server subpackage *too*. The + same file is contained in multiple packages now, but this man-page + can not be removed from the base package because it also applies to + 'clamdscan' there (#173221). + +* Fri Nov 4 2005 Enrico Scholz - 0.87.1-1 +- updated to 0.87.1 + +* Sat Sep 17 2005 Enrico Scholz - 0.87-1 +- updated to 0.87 (SECURITY) +- removed -timeout patch; it is solved upstream +- reverted the -exim changes; they add yet more complexity, their + functionality can go into an own package and they contained flaws + +* Fri Sep 9 2005 David Woodhouse - 0.86.2-5 +- Add clamav-exim configuration package + +* Fri Jul 29 2005 Enrico Scholz - 0.86.2-4 +- [milter] create the milter-logfile in the %%post scriptlet +- [milter] reverted the change of the default child_timeout value; it + was set to 5 minutes in 0.86.2 which conflicts with the internal + mode where a timeout must not be set. So, the clamav-milter would + not run with the default configuration + +* Thu Jul 28 2005 Enrico Scholz - 0.86.2-3 +- Fixed calculation of sleep duration; on some systems/IPs, `hostid` + results in a negative number which is retained by the bash + modulo-operation. So the sleep may get a negative number of seconds + being interpreted as an option. This version makes sure that the + module-operations returns a non-negative value. [BZ #164494, James + Wilkinson] +- added support for a /usr/sbin/clamav-notify-servers.local hook; this + file will be executed (source'd) before all other actions and can + abort the entire processing by invoking 'exit' + +* Mon Jul 25 2005 Enrico Scholz - 0.86.2-2 +- updated to 0.86.2 (SECURITY) +- changed the freshclam updating mechanism (again); now, it consists + of a crontab which does not need to be changed and a helper script + (freshclam-sleep). This helper script is configured by + /etc/sysconfig/freshclam + +* Sat Jun 25 2005 Enrico Scholz - 0.86.1-2 +- updated to 0.86.1 +- fixed randomization in %%post scriptlet: hour should be a range but + not a single number + +* Tue Jun 21 2005 Enrico Scholz - 0.86-1 +- updated to 0.86 +- randomize freshclam startup times in -update's %%post script (suggested + by Stephen Smoogen); this requires some more Requires(post): also + +* Wed May 18 2005 Warren Togami - 0.85.1-4 +- fix dist tagging the way Enrico wants it + +* Tue May 17 2005 Oliver Falk - 0.85.1-2 +- Rebuild + +* Tue May 17 2005 Oliver Falk - 0.85.1-1 +- Update + +* Sat May 14 2005 Enrico Scholz - 0.85-0 +- updated to 0.85 + +* Sun May 1 2005 Enrico Scholz - 0.84-0 +- updated to 0.84 + +* Fri Apr 7 2005 Michael Schwendt +- rebuilt + +* Tue Feb 15 2005 Enrico Scholz - 0:0.83-1 +- updated to 0.83 + +* Tue Feb 8 2005 Enrico Scholz - 0:0.82-1 +- updated to 0.82 +- minor spec cleanups + +* Fri Jan 28 2005 Enrico Scholz - 0:0.81-0.fdr.2 +- build the package with '--disable-zlib-vcheck' because RH is unable to + apply a fix for a 5 month old and solved security issue. Please fill + your comments at https://bugzilla.redhat.com/beta/show_bug.cgi?id=131385 +- added 'BuildRequires: bc' (should work without also, but ./configure + gives out ugly warnings else) + +* Fri Jan 28 2005 Enrico Scholz - 0:0.81-0.fdr.1 +- updated to 0.81 +- do not ship the 'clamd.milter' daemon anymore; clamav-milter supports + an internal mode now which is enabled by default +- updated -milter %%description + +* Thu Jan 20 2005 Enrico Scholz - 0:0.80-0.fdr.2 +- s!cron.d/clamav!cron.d/clamav-update! in the %%description of the -update + subpackage (https://bugzilla.fedora.us/show_bug.cgi?id=1715#c39) + +* Wed Nov 3 2004 Enrico Scholz - 0:0.80-0.fdr.1 +- updated to 0.80 +- removed DMS, FreeBSD-HOWTO and localized docs as it is not shipped anymore +- buildrequire 'curl-devel' +- renamed clamav.conf to clamd.conf (upstream change) +- updated -initoff patch + +* Tue Sep 14 2004 Enrico Scholz - 0:0.75.1-0.fdr.1 +- updated to 0.75.1 +- use %%configure, the problems with the architecture specification + seem to have passed (probably because of an autoconf update) +- set mode 0600 for the cron-script (required by vixie-cron) +- made the cronjob a spambot and send mail about deactivated freshclam + service to nearly everybody... (root, postmaster, webmaster) +- other fixes in the notification cronjob + +* Fri Jul 23 2004 Enrico Scholz - 0:0.75-0.fdr.1 +- updated to 0.75 + +* Thu Jul 15 2004 Enrico Scholz - 0:0.74-0.fdr.2 +- moved /usr/bin/clamav-config from main into -devel + +* Wed Jun 30 2004 Enrico Scholz - 0:0.74-0.fdr.1 +- updated to 0.74 + +* Mon Jun 14 2004 Enrico Scholz - 0:0.73-0.fdr.1 +- updated to 0.73 +- added pkgconfig file + +* Fri Jun 11 2004 Enrico Scholz - 0:0.72-0.fdr.3 +- notify the user about a deactivated clamav-update service +- added clamd-gen script which generates template spec-files for + services using clamd +- copied template configuration files to %pkgdatadir/template (needed + for clamd-gen) +- moved the clamd-wrapper from %_initrddir to %{pkgdatadir}; a symlink + will be provided for compatibility reasons +- conditionalized building of the -milter subpackage ('--without + milter' switch) to enable builds on RH73 (bug #1715, comment #5/#7) + +* Fri Jun 4 2004 Enrico Scholz - 0:0.72-0.fdr.2 +- removed 'BuildRequires: dietlibc'; it was a leftover from the + pre-use-signal era (before 0.70) (bug #1716) + +* Thu Jun 3 2004 Enrico Scholz - 0:0.72-0.fdr.1 +- updated to 0.72 + +* Thu May 20 2004 Enrico Scholz - 0:0.71-0.fdr.2 +- removed the randomization in the cronjob; it seems to be impossible + to use the mod-operator (%%) there. Instead of, the user has to + replace some placeholders... + +* Wed May 19 2004 Enrico Scholz - 0:0.71-0.fdr.1 +- updated to 0.71 + +* Fri May 7 2004 Enrico Scholz - 0:0.70-0.fdr.1.1 +- quote 'EOF' to delay $RANDOM expansion + +* Tue Apr 27 2004 Enrico Scholz - 0:0.70-0.fdr.2 +- updated GECOS entry for the 'clamav' user to describe its purpose + more accurately +- use explicit '-m755' when creating directories with install + +* Tue Apr 20 2004 Enrico Scholz - 0:0.70-0.fdr.1 +- updated to 0.70; rediffed some patches +- updated logrotate script to use signals and documented the steps + which are needed to make it work +- adapted initscript to use signals instead of sockwrite +- removed sockwrite; signals can now be used to reload the database +- added logfile to the -milter subpackage + +* Tue Apr 20 2004 Enrico Scholz - 0:0.68-0.fdr.2.1 +- tagged some Requires:, since clamav-server is required in the milter-%%post* scriptlets + +* Sat Mar 20 2004 Enrico Scholz - 0:0.68-0.fdr.2 +- split the double Requires(...,...): statements; see + https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=118773 +- require the recent fedora-usermgmt package (0.7) which fixes similar + ordering issues + +* Thu Mar 18 2004 Enrico Scholz - 0:0.68-0.fdr.1 +- updated to 0.68 (using the -1 version) +- ship milter-files in the -milter instead of the -server subpackage + +* Tue Feb 24 2004 Enrico Scholz - 0:0.67-0.fdr.3 +- fixed ':' vs. '.' in chown + +* Tue Feb 17 2004 Enrico Scholz - 0:0.67-0.fdr.2 +- randomize freshclam startup to prevent server peaks + +* Mon Feb 16 2004 Enrico Scholz - 0:0.67-0.fdr.1 +- updated to 0.67 (using the -1 version) + +* Wed Feb 11 2004 Enrico Scholz - 0:0.66-0.fdr.2 +- updated to 0.66; important, packaging-relevant changes are + freshclam: + * $http_proxy is not supported anymore; you have to configure it in + /etc/freshclam.conf + * the logfile has been renamed to /var/log/freshclam.log +- removed %%check section; buildroot check is implemented in local + testsuite already +- added some %%verify(not mtime) modifiers to avoid unnecessary .rpmnew + files +- added some directory-Requires: +- activated milter-package and made it work +- added patch to disable clamav-milter service by default +- renamed /var/run/clamav. to /var/run/clamd.; this + makes things more consistently but can break backward compatibility. The + initscript should deal with the old version too, but I would not bet on + it... +- updated some descriptions +- fixed the update-mechanism; now it happens in two stages: at first, + the files will be downloaded as user 'clamav' and then, root initiates + the daemon-reload. + +* Mon Feb 9 2004 Enrico Scholz - 0:0.65-0.fdr.5 +- added security fix for + http://www.securityfocus.com/archive/1/353194/2004-02-06/2004-02-12/1 diff --git a/clamav-0.92-open.patch b/clamav-0.92-open.patch index 040fc20..48ad0c1 100644 --- a/clamav-0.92-open.patch +++ b/clamav-0.92-open.patch @@ -1,5 +1,7 @@ ---- clamav-0.91.2/clamd/dazukoio_compat12.c.open 2007-03-06 14:38:06.000000000 +0100 -+++ clamav-0.91.2/clamd/dazukoio_compat12.c 2007-08-25 12:36:30.000000000 +0200 +Index: clamav-0.96.1/clamd/dazukoio_compat12.c +=================================================================== +--- clamav-0.96.1.orig/clamd/dazukoio_compat12.c ++++ clamav-0.96.1/clamd/dazukoio_compat12.c @@ -89,7 +89,7 @@ int dazukoRegister_TS_compat12(struct da if (dazuko->device < 0) { diff --git a/clamav-0.92-private.patch b/clamav-0.92-private.patch index bab2948..61625a1 100644 --- a/clamav-0.92-private.patch +++ b/clamav-0.92-private.patch @@ -1,5 +1,7 @@ ---- clamav-0.92/libclamav.pc.in.private -+++ clamav-0.92/libclamav.pc.in +Index: clamav-0.96.1/libclamav.pc.in +=================================================================== +--- clamav-0.96.1.orig/libclamav.pc.in ++++ clamav-0.96.1/libclamav.pc.in @@ -6,6 +6,6 @@ includedir=@includedir@ Name: libclamav Description: A GPL virus scanner @@ -10,8 +12,10 @@ +Libs: -L${libdir} -lclamav +Libs.private: -L${libdir} -lclamav @LIBCLAMAV_LIBS@ +Cflags: -I${includedir} ---- clamav-0.92/clamav-config.in.private -+++ clamav-0.92/clamav-config.in +Index: clamav-0.96.1/clamav-config.in +=================================================================== +--- clamav-0.96.1.orig/clamav-config.in ++++ clamav-0.96.1/clamav-config.in @@ -54,12 +54,8 @@ while test $# -gt 0; do usage 0 ;; diff --git a/clamav-0.95-cliopts.patch b/clamav-0.95-cliopts.patch index 90d173f..7d94b28 100644 --- a/clamav-0.95-cliopts.patch +++ b/clamav-0.95-cliopts.patch @@ -1,8 +1,8 @@ -Index: clamav-0.95rc1/shared/optparser.c +Index: clamav-0.96.1/shared/optparser.c =================================================================== ---- clamav-0.95rc1.orig/shared/optparser.c -+++ clamav-0.95rc1/shared/optparser.c -@@ -211,7 +211,7 @@ const struct clam_option clam_options[] +--- clamav-0.96.1.orig/shared/optparser.c ++++ clamav-0.96.1/shared/optparser.c +@@ -236,7 +236,7 @@ const struct clam_option __clam_options[ { "ExitOnOOM", NULL, 0, TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD, "Stop the daemon when libclamav reports an out of memory condition.", "yes" }, diff --git a/clamav-0.95.3-umask.patch b/clamav-0.95.3-umask.patch index 220f7ab..ada0fcd 100644 --- a/clamav-0.95.3-umask.patch +++ b/clamav-0.95.3-umask.patch @@ -1,8 +1,8 @@ -Index: clamav-0.95.3/clamav-milter/clamav-milter.c +Index: clamav-0.96.1/clamav-milter/clamav-milter.c =================================================================== ---- clamav-0.95.3.orig/clamav-milter/clamav-milter.c -+++ clamav-0.95.3/clamav-milter/clamav-milter.c -@@ -306,7 +306,7 @@ int main(int argc, char **argv) { +--- clamav-0.96.1.orig/clamav-milter/clamav-milter.c ++++ clamav-0.96.1/clamav-milter/clamav-milter.c +@@ -365,7 +365,7 @@ int main(int argc, char **argv) { if((opt = optget(opts, "PidFile"))->enabled) { FILE *fd; @@ -11,11 +11,11 @@ Index: clamav-0.95.3/clamav-milter/clamav-milter.c if((fd = fopen(opt->strarg, "w")) == NULL) { logg("!Can't save PID in file %s\n", opt->strarg); -Index: clamav-0.95.3/shared/output.c +Index: clamav-0.96.1/shared/output.c =================================================================== ---- clamav-0.95.3.orig/shared/output.c -+++ clamav-0.95.3/shared/output.c -@@ -270,7 +270,7 @@ int logg(const char *str, ...) +--- clamav-0.96.1.orig/shared/output.c ++++ clamav-0.96.1/shared/output.c +@@ -280,7 +280,7 @@ int logg(const char *str, ...) #endif if(logg_file) { if(!logg_fp) { @@ -24,11 +24,11 @@ Index: clamav-0.95.3/shared/output.c if((logg_fp = fopen(logg_file, "at")) == NULL) { umask(old_umask); #ifdef CL_THREAD_SAFE -Index: clamav-0.95.3/freshclam/freshclam.c +Index: clamav-0.96.1/freshclam/freshclam.c =================================================================== ---- clamav-0.95.3.orig/freshclam/freshclam.c -+++ clamav-0.95.3/freshclam/freshclam.c -@@ -102,7 +102,7 @@ static void writepid(const char *pidfile +--- clamav-0.96.1.orig/freshclam/freshclam.c ++++ clamav-0.96.1/freshclam/freshclam.c +@@ -106,7 +106,7 @@ static void writepid(const char *pidfile { FILE *fd; int old_umask; diff --git a/clamav-0.96-disable-jit.patch b/clamav-0.96-disable-jit.patch index 6d425f1..01b3c79 100644 --- a/clamav-0.96-disable-jit.patch +++ b/clamav-0.96-disable-jit.patch @@ -1,6 +1,8 @@ ---- a/clamd/clamd.c -+++ a/clamd/clamd.c -@@ -431,6 +431,9 @@ int main(int argc, char **argv) +Index: clamav-0.96.1/clamd/clamd.c +=================================================================== +--- clamav-0.96.1.orig/clamd/clamd.c ++++ clamav-0.96.1/clamd/clamd.c +@@ -434,6 +434,9 @@ int main(int argc, char **argv) if((opt = optget(opts,"BytecodeTimeout"))->enabled) { cl_engine_set_num(engine, CL_ENGINE_BYTECODE_TIMEOUT, opt->numarg); } @@ -10,9 +12,11 @@ if(optget(opts,"PhishingScanURLs")->enabled) dboptions |= CL_DB_PHISHING_URLS; ---- a/clamscan/manager.c -+++ a/clamscan/manager.c -@@ -405,6 +405,8 @@ int scanmanager(const struct optstruct *opts) +Index: clamav-0.96.1/clamscan/manager.c +=================================================================== +--- clamav-0.96.1.orig/clamscan/manager.c ++++ clamav-0.96.1/clamscan/manager.c +@@ -404,6 +404,8 @@ int scanmanager(const struct optstruct * cl_engine_set_num(engine, CL_ENGINE_BYTECODE_SECURITY, CL_BYTECODE_TRUST_ALL); if((opt = optget(opts,"bytecode-timeout"))->enabled) cl_engine_set_num(engine, CL_ENGINE_BYTECODE_TIMEOUT, opt->numarg); @@ -21,8 +25,10 @@ if((opt = optget(opts, "tempdir"))->enabled) { if((ret = cl_engine_set_str(engine, CL_ENGINE_TMPDIR, opt->strarg))) { ---- a/docs/man/clamd.conf.5.in -+++ a/docs/man/clamd.conf.5.in +Index: clamav-0.96.1/docs/man/clamd.conf.5.in +=================================================================== +--- clamav-0.96.1.orig/docs/man/clamd.conf.5.in ++++ clamav-0.96.1/docs/man/clamd.conf.5.in @@ -253,6 +253,12 @@ Default: TrustSigned Set bytecode timeout in milliseconds. .br @@ -36,9 +42,11 @@ .TP \fBDetectPUA BOOL\fR Detect Possibly Unwanted Applications. ---- a/docs/man/clamscan.1.in -+++ a/docs/man/clamscan.1.in -@@ -86,6 +86,10 @@ This option disables safety checks and makes ClamAV trust all bytecode. It shoul +Index: clamav-0.96.1/docs/man/clamscan.1.in +=================================================================== +--- clamav-0.96.1.orig/docs/man/clamscan.1.in ++++ clamav-0.96.1/docs/man/clamscan.1.in +@@ -86,6 +86,10 @@ This option disables safety checks and m .TP \fB\-\-bytecode\-timeout=N\fR Set bytecode timeout in milliseconds (default: 60000 = 60s) @@ -49,9 +57,11 @@ .TP \fB\-\-detect\-pua[=yes/no(*)]\fR Detect Possibly Unwanted Applications. ---- a/etc/clamd.conf -+++ a/etc/clamd.conf -@@ -474,3 +474,8 @@ Example +Index: clamav-0.96.1/etc/clamd.conf +=================================================================== +--- clamav-0.96.1.orig/etc/clamd.conf ++++ clamav-0.96.1/etc/clamd.conf +@@ -472,3 +472,8 @@ Example # # Default: 60000 # BytecodeTimeout 60000 @@ -60,9 +70,11 @@ +# +# Default: no +#BytecodeDisableJIT no ---- a/libclamav/clamav.h -+++ a/libclamav/clamav.h -@@ -142,7 +142,8 @@ enum cl_engine_field { +Index: clamav-0.96.1/libclamav/clamav.h +=================================================================== +--- clamav-0.96.1.orig/libclamav/clamav.h ++++ clamav-0.96.1/libclamav/clamav.h +@@ -144,7 +144,8 @@ enum cl_engine_field { CL_ENGINE_TMPDIR, /* (char *) */ CL_ENGINE_KEEPTMP, /* uint32_t */ CL_ENGINE_BYTECODE_SECURITY, /* uint32_t */ @@ -72,8 +84,10 @@ }; enum bytecode_security { ---- a/libclamav/others.c -+++ a/libclamav/others.c +Index: clamav-0.96.1/libclamav/others.c +=================================================================== +--- clamav-0.96.1.orig/libclamav/others.c ++++ clamav-0.96.1/libclamav/others.c @@ -301,6 +301,7 @@ struct cl_engine *cl_engine_new(void) new->bytecode_security = CL_BYTECODE_TRUST_SIGNED; /* 5 seconds timeout */ @@ -82,7 +96,7 @@ new->refcount = 1; new->ac_only = 0; new->ac_mindepth = CLI_DEFAULT_AC_MINDEPTH; -@@ -395,6 +396,9 @@ int cl_engine_set_num(struct cl_engine *engine, enum cl_engine_field field, long +@@ -399,6 +400,9 @@ int cl_engine_set_num(struct cl_engine * case CL_ENGINE_BYTECODE_TIMEOUT: engine->bytecode_timeout = num; break; @@ -92,9 +106,11 @@ default: cli_errmsg("cl_engine_set_num: Incorrect field number\n"); return CL_EARG; ---- a/libclamav/others.h -+++ a/libclamav/others.h -@@ -249,6 +249,7 @@ struct cl_engine { +Index: clamav-0.96.1/libclamav/others.h +=================================================================== +--- clamav-0.96.1.orig/libclamav/others.h ++++ clamav-0.96.1/libclamav/others.h +@@ -253,6 +253,7 @@ struct cl_engine { unsigned hook_lsig_ids; enum bytecode_security bytecode_security; uint32_t bytecode_timeout; @@ -102,9 +118,11 @@ }; struct cl_settings { ---- a/libclamav/readdb.c -+++ a/libclamav/readdb.c -@@ -2566,7 +2566,10 @@ int cl_load(const char *path, struct cl_engine *engine, unsigned int *signo, uns +Index: clamav-0.96.1/libclamav/readdb.c +=================================================================== +--- clamav-0.96.1.orig/libclamav/readdb.c ++++ clamav-0.96.1/libclamav/readdb.c +@@ -2595,7 +2595,10 @@ int cl_load(const char *path, struct cl_ return ret; if((dboptions & CL_DB_BYTECODE) && !engine->bcs.engine && (engine->dconf->bytecode & BYTECODE_ENGINE_MASK)) { @@ -116,9 +134,11 @@ return ret; } else { cli_dbgmsg("Bytecode engine disabled\n"); ---- a/shared/optparser.c -+++ a/shared/optparser.c -@@ -252,6 +252,9 @@ const struct clam_option __clam_options[] = { +Index: clamav-0.96.1/shared/optparser.c +=================================================================== +--- clamav-0.96.1.orig/shared/optparser.c ++++ clamav-0.96.1/shared/optparser.c +@@ -252,6 +252,9 @@ const struct clam_option __clam_options[ "Set bytecode security level.\nPossible values:\n\tNone - no security at all, meant for debugging. DO NOT USE THIS ON PRODUCTION SYSTEMS\n\tTrustSigned - trust bytecode loaded from signed .c[lv]d files,\n\t\t insert runtime safety checks for bytecode loaded from other sources\n\tParanoid - don't trust any bytecode, insert runtime checks for all\nRecommended: TrustSigned, because bytecode in .cvd files already has these checks\n","TrustSigned"}, { "BytecodeTimeout", "bytecode-timeout", 0, TYPE_NUMBER, MATCH_NUMBER, 60000, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "Set bytecode timeout in miliseconds.\n","60000"}, diff --git a/clamav-0.96-jitoff.patch b/clamav-0.96-jitoff.patch index f78aba3..cea2e5a 100644 --- a/clamav-0.96-jitoff.patch +++ b/clamav-0.96-jitoff.patch @@ -1,8 +1,58 @@ -Index: clamav-0.96/etc/clamd.conf +Index: clamav-0.96.1/etc/clamd.conf =================================================================== ---- clamav-0.96.orig/etc/clamd.conf -+++ clamav-0.96/etc/clamd.conf -@@ -476,6 +476,10 @@ AllowSupplementaryGroups yes +--- clamav-0.96.1.orig/etc/clamd.conf ++++ clamav-0.96.1/etc/clamd.conf +@@ -11,7 +11,7 @@ Example + # LogFile must be writable for the user running daemon. + # A full path is required. + # Default: disabled +-#LogFile /tmp/clamd.log ++#LogFile /var/log/clamd. + + # By default the log file is locked for writing - the lock protects against + # running clamd multiple times (if want to run another clamd, please +@@ -40,7 +40,7 @@ Example + + # Use system logger (can work together with LogFile). + # Default: no +-#LogSyslog yes ++LogSyslog yes + + # Specify the type of syslog messages - please refer to 'man syslog' + # for facility names. +@@ -54,7 +54,7 @@ Example + # This option allows you to save a process identifier of the listening + # daemon (main thread). + # Default: disabled +-#PidFile /var/run/clamd.pid ++#PidFile /var/run/clamd./clamd.pid + + # Optional path to the global temporary directory. + # Default: system specific (usually /tmp or /var/tmp). +@@ -73,7 +73,7 @@ Example + + # Path to a local socket file the daemon will listen on. + # Default: disabled (must be specified by a user) +-#LocalSocket /tmp/clamd.socket ++#LocalSocket /var/run/clamd./clamd.sock + + # Sets the group ownership on the unix socket. + # Default: disabled (the primary group of the user running clamd) +@@ -183,11 +183,11 @@ Example + + # Run as another user (clamd must be started by root for this option to work) + # Default: don't drop privileges +-#User clamav ++User + + # Initialize supplementary group access (clamd must be started by root). + # Default: no +-#AllowSupplementaryGroups no ++AllowSupplementaryGroups yes + + # Stop daemon when libclamav reports out of memory condition. + #ExitOnOOM yes +@@ -474,6 +474,10 @@ Example # BytecodeTimeout 60000 # Disable JIT and fallback to interpreter. WARNING: disabling JIT affects performance. @@ -15,10 +65,10 @@ Index: clamav-0.96/etc/clamd.conf +# +# Default: yes #BytecodeDisableJIT no -Index: clamav-0.96/shared/optparser.c +Index: clamav-0.96.1/shared/optparser.c =================================================================== ---- clamav-0.96.orig/shared/optparser.c -+++ clamav-0.96/shared/optparser.c +--- clamav-0.96.1.orig/shared/optparser.c ++++ clamav-0.96.1/shared/optparser.c @@ -252,7 +252,7 @@ const struct clam_option __clam_options[ "Set bytecode security level.\nPossible values:\n\tNone - no security at all, meant for debugging. DO NOT USE THIS ON PRODUCTION SYSTEMS\n\tTrustSigned - trust bytecode loaded from signed .c[lv]d files,\n\t\t insert runtime safety checks for bytecode loaded from other sources\n\tParanoid - don't trust any bytecode, insert runtime checks for all\nRecommended: TrustSigned, because bytecode in .cvd files already has these checks\n","TrustSigned"}, { "BytecodeTimeout", "bytecode-timeout", 0, TYPE_NUMBER, MATCH_NUMBER, 60000, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, diff --git a/clamav-0.96-pdf.patch b/clamav-0.96-pdf.patch deleted file mode 100644 index 87b87d7..0000000 --- a/clamav-0.96-pdf.patch +++ /dev/null @@ -1,16 +0,0 @@ ---- clamav-0.96.org/libclamav/pdf.c 2010-05-29 17:22:12.345315695 +0530 -+++ clamav-0.96/libclamav/pdf.c 2010-05-29 17:33:19.747313775 +0530 -@@ -451,10 +451,12 @@ - } - if(ret) { - unsigned char *t; -+ unsigned size; - - real_streamlen = ret; - /* free unused trailing bytes */ -- t = (unsigned char *)cli_realloc(tmpbuf,calculated_streamlen); -+ size = real_streamlen > calculated_streamlen ? real_streamlen : calculated_streamlen; -+ t = (unsigned char *)cli_realloc(tmpbuf,size); - if(t == NULL) { - free(tmpbuf); - close(fout); diff --git a/clamav.spec b/clamav.spec index d9f0dc1..4c1f55d 100644 --- a/clamav.spec +++ b/clamav.spec @@ -26,8 +26,8 @@ Summary: End-user tools for the Clam Antivirus scanner Name: clamav -Version: 0.96 -Release: %release_func 1403 +Version: 0.96.1 +Release: %release_func 1400 License: %{?with_unrar:proprietary}%{!?with_unrar:GPLv2} Group: Applications/File URL: http://www.clamav.net @@ -55,7 +55,6 @@ Patch27: clamav-0.95.3-umask.patch # https://bugzilla.redhat.com/attachment.cgi?id=403775&action=diff&context=patch&collapsed=&headers=1&format=raw Patch28: clamav-0.96-disable-jit.patch Patch29: clamav-0.96-jitoff.patch -Patch30: clamav-0.96-pdf.patch BuildRoot: %_tmppath/%name-%version-%release-root Requires: clamav-lib = %version-%release Requires: data(clamav) @@ -320,7 +319,6 @@ The Upstart initscripts for clamav-milter. %apply -n27 -p1 -b .umask %apply -n28 -p1 -b .jit-disable %apply -n29 -p1 -b .jitoff -%apply -n30 -p1 -b .pdf install -p -m0644 %SOURCE300 clamav-milter/ @@ -707,6 +705,10 @@ test "$1" != "0" || /sbin/initctl -q stop clamav-milter || : %changelog +* Tue Jun 1 2010 Enrico Scholz - 0.96.1-1400 +- updated to 0.96.1 +- rediffed patches + * Sat May 19 2010 Rakesh Pandit - 0.96.1403 - CVE-2010-1639 Clam AntiVirus: Heap-based overflow, when processing malicious PDF file(s) diff --git a/import.log b/import.log deleted file mode 100644 index 26ba332..0000000 --- a/import.log +++ /dev/null @@ -1 +0,0 @@ -clamav-0_96-1403_fc14:HEAD:clamav-0.96-1403.fc14.src.rpm:1275137074 diff --git a/lastver b/lastver new file mode 100644 index 0000000..10b1865 --- /dev/null +++ b/lastver @@ -0,0 +1 @@ +0.96 diff --git a/sources b/sources index 7c7ad84..b30d6e5 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -fea833e7185926330222788eeed249af clamav-0.96-norar.tar.xz +d7a79bcd71da15817d6c731f989cf73a clamav-0.96.1-norar.tar.xz diff --git a/verinfo b/verinfo new file mode 100644 index 0000000..460dd77 --- /dev/null +++ b/verinfo @@ -0,0 +1,2 @@ +http://sourceforge.net/project/showfiles.php?group_id=86638&package_id=90197 +href="/projects/clamav/files/clamav/([0-9.-]*?)"