packages/clamav
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update to 0.103.8 to fix CVE-2023-20032 and CVE-2023-20052

Browse Source
This commit is contained in:
starlet-dx 2023-03-15 16:18:42 +08:00
parent 5300c04db1
commit 357dfdc018
12 changed files with 28 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
bytecode-330.cvd
View File

Binary file not shown.

BIN
bytecode-333.cvd Normal file
View File

Binary file not shown.

BIN
clamav-0.103.6.tar.gz → clamav-0.103.8.tar.gz
View File

Binary file not shown.

13
clamav-freshclam.service.patch
View File

@ -1,6 +1,13 @@
--- ./freshclam/clamav-freshclam.service.in.orig 2021-02-01 20:49:25.000000000 +0000 --- ./freshclam/clamav-freshclam.service.in.orig 2021-06-14 10:36:39.029730737 +0100
+++ ./freshclam/clamav-freshclam.service.in 2021-03-07 22:59:34.476455890 +0000 +++ ./freshclam/clamav-freshclam.service.in 2021-06-14 10:37:53.621423748 +0100
@@ -8,7 +8,6 @@ After=network-online.target @@ -2,13 +2,12 @@
Description=ClamAV virus database updater
Documentation=man:freshclam(1) man:freshclam.conf(5) https://docs.clamav.net/
# If user wants it run from cron, don't start the daemon.
-ConditionPathExists=!/etc/cron.d/clamav-freshclam
+# ConditionPathExists=!/etc/cron.d/clamav-update
Wants=network-online.target
After=network-online.target
[Service] [Service]
ExecStart=@prefix@/bin/freshclam -d --foreground=true ExecStart=@prefix@/bin/freshclam -d --foreground=true

57
clamav-type-conversion.patch
View File

@ -1,57 +0,0 @@
From adcae42c2094096606a26976fb5829aa1ce5937b Mon Sep 17 00:00:00 2001
From: caodongxia <315816521@qq.com>
Date: Mon, 31 May 2021 16:43:12 +0800
Subject: [PATCH] create patch
---
libclamav/upx.c | 6 +++---
libclammspack/mspack/cabd.c | 2 +-
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/libclamav/upx.c b/libclamav/upx.c
index 4663861..0e7b2c8 100644
--- a/libclamav/upx.c
+++ b/libclamav/upx.c
@@ -333,7 +333,7 @@ int upx_inflate2b(const char *src, uint32_t ssize, char *dst, uint32_t *dsize, u
return -1;
if (backbytes & 0xff000000)
return -1;
- backbytes <<= 8;
+ backbytes = (int32_t)((uint32_t)(backbytes) << 8);
backbytes += (unsigned char)(src[scur++]);
backbytes ^= 0xffffffff;
@@ -425,7 +425,7 @@ int upx_inflate2d(const char *src, uint32_t ssize, char *dst, uint32_t *dsize, u
return -1;
if (backbytes & 0xff000000)
return -1;
- backbytes <<= 8;
+ backbytes = (int32_t)((uint32_t)(backbytes) << 8);
backbytes += (unsigned char)(src[scur++]);
backbytes ^= 0xffffffff;
@@ -517,7 +517,7 @@ int upx_inflate2e(const char *src, uint32_t ssize, char *dst, uint32_t *dsize, u
return -1;
if (backbytes & 0xff000000)
return -1;
- backbytes <<= 8;
+ backbytes = (int32_t)((uint32_t)(backbytes) << 8);
backbytes += (unsigned char)(src[scur++]);
backbytes ^= 0xffffffff;
diff --git a/libclammspack/mspack/cabd.c b/libclammspack/mspack/cabd.c
index 75ef277..4dffd6b 100644
--- a/libclammspack/mspack/cabd.c
+++ b/libclammspack/mspack/cabd.c
@@ -1398,7 +1398,7 @@ static unsigned int cabd_checksum(unsigned char *data, unsigned int bytes,
unsigned int len, ul = 0;
for (len = bytes >> 2; len--; data += 4) {
- cksum ^= ((data[0]) | (data[1]<<8) | (data[2]<<16) | (data[3]<<24));
+ cksum ^= ((data[0]) | ((unsigned int)(data[1])<<8) | ((unsigned int)(data[2])<<16) | ((unsigned int)(data[3])<<24));
}
switch (bytes & 3) {
--
2.27.0

2
clamav-update.crond
View File

@ -3,4 +3,4 @@ MAILTO=root
## It is ok to execute it as root; freshclam drops privileges and becomes ## It is ok to execute it as root; freshclam drops privileges and becomes
## user 'clamupdate' as soon as possible ## user 'clamupdate' as soon as possible
0 */3 * * * root /usr/share/clamav/freshclam-sleep 0 */3 * * * root /usr/share/clamav/freshclam-sleep > /dev/null

4
clamav-update.logrotate
View File

@ -1,4 +1,8 @@
/var/log/freshclam.log { /var/log/freshclam.log {
monthly monthly
notifempty notifempty
missingok
postrotate
systemctl try-restart clamav-freshclam.service
endscript
} }

20
clamav.spec
View File

@ -1,16 +1,16 @@
Name: clamav Name: clamav
Summary: End-user tools for the Clam Antivirus scanner Summary: End-user tools for the Clam Antivirus scanner
Version: 0.103.6 Version: 0.103.8
Release: 3 Release: 1
License: GPLv2 and Public Domain and bzip2-1.0.6 and Zlib and Apache-2.0 License: GPLv2 and Public Domain and bzip2-1.0.6 and Zlib and Apache-2.0
URL: https://www.clamav.net/ URL: https://www.clamav.net/
Source0: https://www.clamav.net/downloads/production/clamav-%{version}.tar.gz Source0: https://www.clamav.net/downloads/production/clamav-%{version}.tar.gz
Source1: clamd.sysconfig Source1: clamd.sysconfig
Source2: clamd.logrotate Source2: clamd.logrotate
Source3: main-58.cvd Source3: main-62.cvd
Source4: daily-25550.cvd Source4: daily-26818.cvd
Source5: bytecode-330.cvd Source5: bytecode-333.cvd
Source7: freshclam-sleep Source7: freshclam-sleep
Source8: freshclam.sysconfig Source8: freshclam.sysconfig
Source9: clamav-update.crond Source9: clamav-update.crond
@ -26,10 +26,9 @@ Patch0002: clamav-default_confs.patch
Patch0003: clamav-0.99-private.patch Patch0003: clamav-0.99-private.patch
Patch0005: clamav-clamonacc-service.patch Patch0005: clamav-clamonacc-service.patch
Patch0006: clamav-freshclam.service.patch Patch0006: clamav-freshclam.service.patch
Patch0007: clamav-type-conversion.patch Patch0007: clamav-clamonacc-version-return.patch
Patch0008: clamav-clamonacc-version-return.patch Patch0008: fix-clamonacc-w-error.patch
Patch0009: fix-clamonacc-w-error.patch Patch0019: fix-the-failure-to-execute-the-clambc-command-under-the-clamav-package.patch
Patch0010: fix-the-failure-to-execute-the-clambc-command-under-the-clamav-package.patch
BuildRequires: autoconf automake gettext-devel libtool libtool-ltdl-devel BuildRequires: autoconf automake gettext-devel libtool libtool-ltdl-devel
BuildRequires: gcc-c++ zlib-devel bzip2-devel gmp-devel curl-devel json-c-devel BuildRequires: gcc-c++ zlib-devel bzip2-devel gmp-devel curl-devel json-c-devel
@ -414,6 +413,9 @@ test -e %_var/log/clamav-milter.log || {
%changelog %changelog
* Wed Mar 15 2023 yaoxin <yaoxin30@h-partners.com> - 0.103.8-1
- Update to 0.103.8 to fix CVE-2023-20032 and CVE-2023-20052
* Thu May 26 2022 liyanan <liyanan32@h-partners.com> - 0.103.6-3 * Thu May 26 2022 liyanan <liyanan32@h-partners.com> - 0.103.6-3
- Fix the failure to execute the clambc command under the clamav package - Fix the failure to execute the clambc command under the clamav package
- Fix clamonacc -w error - Fix clamonacc -w error

2
clamd@.service
View File

@ -7,7 +7,7 @@ After = syslog.target nss-lookup.target network.target
Type = forking Type = forking
ExecStart = /usr/sbin/clamd -c /etc/clamd.d/%i.conf ExecStart = /usr/sbin/clamd -c /etc/clamd.d/%i.conf
# Reload the database # Reload the database
# ExecReload=/bin/kill -USR2 $MAINPID ExecReload=/bin/kill -USR2 $MAINPID
Restart = on-failure Restart = on-failure
TimeoutStartSec=420 TimeoutStartSec=420

BIN
daily-25550.cvd → daily-26818.cvd
View File

Binary file not shown.

2
freshclam-sleep Executable file → Normal file
View File

@ -49,4 +49,4 @@ WARNING: update of clamav database is disabled; please see
;; ;;
esac esac
/usr/bin/freshclam --quiet /usr/bin/freshclam --quiet > /dev/null

BIN
main-58.cvd → main-62.cvd
View File

Binary file not shown.