packages/clamav
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Upgrade to 0.103.2-1

Browse Source
This commit is contained in:
wang_yue111 2021-04-16 09:19:28 +08:00
parent dfaccaaa59
commit 5b6a575239
15 changed files with 127 additions and 8311 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1106
CVE-2019-15961-1.patch
View File

File diff suppressed because it is too large Load Diff

199
CVE-2019-15961-2.patch
View File

@ -1,199 +0,0 @@
From 482fcd413b07e9fd3ef9850e6d01a45f4e187108 Mon Sep 17 00:00:00 2001
From: Andy Ragusa <aragusa@cisco.com>
Date: Tue, 19 Nov 2019 15:55:47 -0800
Subject: [PATCH] Modified mbox.c only mark files as infected with heuristic
alerts if heuristic alerts are enabled.
---
libclamav/mbox.c | 52 ++++++++++++++++++++++--------------------------
1 file changed, 24 insertions(+), 28 deletions(-)
diff --git a/libclamav/mbox.c b/libclamav/mbox.c
index 684f0d7e34..fc63245255 100644
--- a/libclamav/mbox.c
+++ b/libclamav/mbox.c
@@ -232,11 +232,11 @@ static blob *getHrefs(message *m, tag_arguments_t *hrefs);
static void hrefs_done(blob *b, tag_arguments_t *hrefs);
static void checkURLs(message *m, mbox_ctx *mctx, mbox_status *rc, int is_html);
-static bool haveTooManyMIMEPartsPerMessage(size_t mimePartCnt, cli_ctx *ctx);
-static bool hitLineFoldCnt(const char *const line, size_t *lineFoldCnt, cli_ctx *ctx);
-static bool haveTooManyHeaderBytes(size_t totalLen, cli_ctx *ctx);
-static bool haveTooManyEmailHeaders(size_t totalHeaderCnt, cli_ctx *ctx);
-static bool haveTooManyMIMEArguments(size_t argCnt, cli_ctx *ctx);
+static bool haveTooManyMIMEPartsPerMessage(size_t mimePartCnt, cli_ctx *ctx, mbox_status * rc);
+static bool hitLineFoldCnt(const char *const line, size_t *lineFoldCnt, cli_ctx *ctx, bool * heuristicFound);
+static bool haveTooManyHeaderBytes(size_t totalLen, cli_ctx *ctx, bool * heuristicFound);
+static bool haveTooManyEmailHeaders(size_t totalHeaderCnt, cli_ctx *ctx, bool * heuristicFound);
+static bool haveTooManyMIMEArguments(size_t argCnt, cli_ctx *ctx, bool * heuristicFound);
/* Maximum line length according to RFC2821 */
#define RFC2821LENGTH 1000
@@ -769,7 +769,7 @@ doContinueMultipleEmptyOptions(const char *const line, bool *lastWasOnlySemi)
}
static bool
-hitLineFoldCnt(const char *const line, size_t *lineFoldCnt, cli_ctx *ctx)
+hitLineFoldCnt(const char *const line, size_t *lineFoldCnt, cli_ctx *ctx, bool * heuristicFound)
{
if (line) {
@@ -782,6 +782,7 @@ hitLineFoldCnt(const char *const line, size_t *lineFoldCnt, cli_ctx *ctx)
if ((*lineFoldCnt) >= HEURISTIC_EMAIL_MAX_LINE_FOLDS_PER_HEADER) {
if (ctx->options->general & CL_SCAN_GENERAL_HEURISTICS) {
cli_append_virus(ctx, "Heuristics.Email.ExceedsMaxLineFoldCnt");
+ *heuristicFound = TRUE;
}
return TRUE;
@@ -791,12 +792,13 @@ hitLineFoldCnt(const char *const line, size_t *lineFoldCnt, cli_ctx *ctx)
}
static bool
-haveTooManyHeaderBytes(size_t totalLen, cli_ctx *ctx)
+haveTooManyHeaderBytes(size_t totalLen, cli_ctx *ctx, bool * heuristicFound)
{
if (totalLen > HEURISTIC_EMAIL_MAX_HEADER_BYTES) {
if (ctx->options->general & CL_SCAN_GENERAL_HEURISTICS) {
cli_append_virus(ctx, "Heuristics.Email.ExceedsMaxHeaderBytes");
+ *heuristicFound = TRUE;
}
return TRUE;
@@ -805,12 +807,13 @@ haveTooManyHeaderBytes(size_t totalLen, cli_ctx *ctx)
}
static bool
-haveTooManyEmailHeaders(size_t totalHeaderCnt, cli_ctx *ctx)
+haveTooManyEmailHeaders(size_t totalHeaderCnt, cli_ctx *ctx, bool * heuristicFound)
{
if (totalHeaderCnt > HEURISTIC_EMAIL_MAX_HEADERS) {
if (ctx->options->general & CL_SCAN_GENERAL_HEURISTICS) {
cli_append_virus(ctx, "Heuristics.Email.ExceedsMaxEmailHeaders");
+ *heuristicFound = TRUE;
}
return TRUE;
@@ -819,12 +822,13 @@ haveTooManyEmailHeaders(size_t totalHeaderCnt, cli_ctx *ctx)
}
static bool
-haveTooManyMIMEPartsPerMessage(size_t mimePartCnt, cli_ctx *ctx)
+haveTooManyMIMEPartsPerMessage(size_t mimePartCnt, cli_ctx *ctx, mbox_status * rc)
{
if (mimePartCnt >= HEURISTIC_EMAIL_MAX_MIME_PARTS_PER_MESSAGE) {
if (ctx->options->general & CL_SCAN_GENERAL_HEURISTICS) {
cli_append_virus(ctx, "Heuristics.Email.ExceedsMaxMIMEPartsPerMessage");
+ *rc = VIRUS;
}
return TRUE;
@@ -833,12 +837,13 @@ haveTooManyMIMEPartsPerMessage(size_t mimePartCnt, cli_ctx *ctx)
}
static bool
-haveTooManyMIMEArguments(size_t argCnt, cli_ctx *ctx)
+haveTooManyMIMEArguments(size_t argCnt, cli_ctx *ctx, bool * heuristicFound)
{
if (argCnt >= HEURISTIC_EMAIL_MAX_ARGUMENTS_PER_HEADER) {
if (ctx->options->general & CL_SCAN_GENERAL_HEURISTICS) {
cli_append_virus(ctx, "Heuristics.Email.ExceedsMaxMIMEArguments");
+ *heuristicFound = TRUE;
}
return TRUE;
@@ -899,8 +904,7 @@ parseEmailFile(fmap_t *map, size_t *at, const table_t *rfc821, const char *first
continue;
}
- if (hitLineFoldCnt(line, &lineFoldCnt, ctx)) {
- *heuristicFound = TRUE;
+ if (hitLineFoldCnt(line, &lineFoldCnt, ctx, heuristicFound )) {
break;
}
@@ -947,8 +951,7 @@ parseEmailFile(fmap_t *map, size_t *at, const table_t *rfc821, const char *first
DO_VERIFY_POINTER(header);
totalHeaderCnt++;
- if (haveTooManyEmailHeaders(totalHeaderCnt, ctx)) {
- *heuristicFound = TRUE;
+ if (haveTooManyEmailHeaders(totalHeaderCnt, ctx, heuristicFound)) {
break;
}
needContinue = (parseEmailHeader(ret, header, rfc821, ctx, heuristicFound) < 0);
@@ -1037,8 +1040,7 @@ parseEmailFile(fmap_t *map, size_t *at, const table_t *rfc821, const char *first
if (lineAdded) {
totalHeaderBytes += strlen(line);
- if (haveTooManyHeaderBytes(totalHeaderBytes, ctx)) {
- *heuristicFound = TRUE;
+ if (haveTooManyHeaderBytes(totalHeaderBytes, ctx, heuristicFound)) {
break;
}
}
@@ -1069,8 +1071,7 @@ parseEmailFile(fmap_t *map, size_t *at, const table_t *rfc821, const char *first
if (0 == needContinue) {
totalHeaderCnt++;
- if (haveTooManyEmailHeaders(totalHeaderCnt, ctx)) {
- *heuristicFound = TRUE;
+ if (haveTooManyEmailHeaders(totalHeaderCnt, ctx, heuristicFound)) {
break;
}
needContinue = (parseEmailHeader(ret, header, rfc821, ctx, heuristicFound) < 0);
@@ -1205,8 +1206,7 @@ parseEmailHeaders(message *m, const table_t *rfc821, bool *heuristicFound)
continue;
}
- if (hitLineFoldCnt(line, &lineFoldCnt, m->ctx)) {
- *heuristicFound = TRUE;
+ if (hitLineFoldCnt(line, &lineFoldCnt, m->ctx, heuristicFound)) {
break;
}
@@ -1283,8 +1283,7 @@ parseEmailHeaders(message *m, const table_t *rfc821, bool *heuristicFound)
}
if (lineAdded) {
- if (haveTooManyHeaderBytes(fulllinelength, m->ctx)) {
- *heuristicFound = TRUE;
+ if (haveTooManyHeaderBytes(fulllinelength, m->ctx, heuristicFound)) {
break;
}
}
@@ -1306,8 +1305,7 @@ parseEmailHeaders(message *m, const table_t *rfc821, bool *heuristicFound)
}
totalHeaderCnt++;
- if (haveTooManyEmailHeaders(totalHeaderCnt, m->ctx)) {
- *heuristicFound = TRUE;
+ if (haveTooManyEmailHeaders(totalHeaderCnt, m->ctx, heuristicFound)) {
break;
}
if (parseEmailHeader(ret, fullline, rfc821, m->ctx, heuristicFound) < 0) {
@@ -2209,9 +2207,8 @@ parseEmailBody(message *messageIn, text *textIn, mbox_ctx *mctx, unsigned int re
free((char *)boundary);
- if (haveTooManyMIMEPartsPerMessage(multiparts, mctx->ctx)) {
+ if (haveTooManyMIMEPartsPerMessage(multiparts, mctx->ctx, &rc)) {
DO_FREE(messages);
- rc = VIRUS;
break;
}
@@ -3290,8 +3287,7 @@ parseMimeHeader(message *m, const char *cmd, const table_t *rfc821Table, const c
cli_dbgmsg("mimeArgs = '%s'\n", buf);
argCnt++;
- if (haveTooManyMIMEArguments(argCnt, ctx)) {
- *heuristicFound = TRUE;
+ if (haveTooManyMIMEArguments(argCnt, ctx, heuristicFound )) {
break;
}
messageAddArguments(m, buf);

94
CVE-2019-15961-pre-1.patch
View File

@ -1,94 +0,0 @@
From 4619f636cb3a2df8162a3677b6c2918868a953da Mon Sep 17 00:00:00 2001
From: Micah Snyder <micasnyd@cisco.com>
Date: Thu, 31 Oct 2019 16:05:29 -0400
Subject: [PATCH] Fixes null-dereference in mail message parser.
---
libclamav/mbox.c | 16 ++++++++--------
libclamav/message.c | 4 +++-
2 files changed, 11 insertions(+), 9 deletions(-)
diff --git a/libclamav/mbox.c b/libclamav/mbox.c
index d9746f1e95..7fee0cab4c 100644
--- a/libclamav/mbox.c
+++ b/libclamav/mbox.c
@@ -3,7 +3,7 @@
* Copyright (C) 2007-2013 Sourcefire, Inc.
*
* Authors: Nigel Horne
- *
+ *
* Acknowledgements: Some ideas came from Stephen White <stephen@earth.li>,
* Michael Dankov <misha@btrc.ru>, Gianluigi Tiesi <sherpya@netfarm.it>,
* Everton da Silva Marques, Thomas Lamy <Thomas.Lamy@in-online.net>,
@@ -586,7 +586,7 @@ cli_parse_mbox(const char *dir, cli_ctx *ctx)
*/
messageDestroy(body);
}
-
+
if((retcode == CL_CLEAN) && ctx->found_possibly_unwanted &&
(*ctx->virname == NULL || SCAN_ALLMATCHES)) {
retcode = cli_append_virus(ctx, "Heuristics.Phishing.Email");
@@ -1840,8 +1840,8 @@ parseEmailBody(message *messageIn, text *textIn, mbox_ctx *mctx, unsigned int re
* must be listed here */
break;
default:
- /* this is a subtype that we
- * don't handle anyway,
+ /* this is a subtype that we
+ * don't handle anyway,
* don't store */
if(messages[multiparts]) {
messageDestroy(messages[multiparts]);
@@ -3617,7 +3617,7 @@ getline_from_mbox(char *buffer, size_t buffer_len, fmap_t *map, size_t *at)
src = cursrc = fmap_need_off_once(map, *at, input_len);
/* we check for eof from the result of GETC()
- * if(feof(fin))
+ * if(feof(fin))
return NULL;*/
if(!src) {
cli_dbgmsg("getline_from_mbox: fmap need failed\n");
@@ -3629,7 +3629,7 @@ getline_from_mbox(char *buffer, size_t buffer_len, fmap_t *map, size_t *at)
}
curbuf = buffer;
-
+
for(i=0; i<buffer_len-1; i++) {
char c;
@@ -3666,7 +3666,7 @@ getline_from_mbox(char *buffer, size_t buffer_len, fmap_t *map, size_t *at)
}
*at += cursrc - src;
*curbuf = '\0';
-
+
return buffer;
}
@@ -3873,7 +3873,7 @@ do_multipart(message *mainMessage, message **messages, int i, mbox_status *rc, m
thisobj = messageGetJObj(aMessage);
if (thisobj == NULL) {
- cli_errmsg("Cannot get message preclass object\n");
+ cli_dbgmsg("Cannot get message preclass object\n");
*rc = -1;
return mainMessage;
}
diff --git a/libclamav/message.c b/libclamav/message.c
index 0e57695f46..c9d382e4a3 100644
--- a/libclamav/message.c
+++ b/libclamav/message.c
@@ -2649,7 +2649,9 @@ isuuencodebegin(const char *line)
#if HAVE_JSON
json_object *messageGetJObj(message *m)
{
- assert(m != NULL);
+ if (m == NULL) {
+ return NULL;
+ }
if(m->jobj == NULL)
m->jobj = cli_jsonobj(NULL, NULL);

6750
CVE-2019-15961-pre-2.patch
View File

File diff suppressed because it is too large Load Diff

18
clamav-0.100.0-stats-deprecation.patch
View File

@ -1,18 +0,0 @@
https://bugzilla.clamav.net/show_bug.cgi?id=12097
--- a/shared/optparser.c
+++ b/shared/optparser.c
@@ -505,6 +505,13 @@ const struct clam_option __clam_options[
{ "ClamukoExcludeUID", NULL, 0, CLOPT_TYPE_NUMBER, MATCH_NUMBER, -1, NULL, FLAG_MULTIPLE, OPT_CLAMD | OPT_DEPRECATED, "", "" },
{ "ClamukoMaxFileSize", NULL, 0, CLOPT_TYPE_SIZE, MATCH_SIZE, 5242880, NULL, 0, OPT_CLAMD | OPT_DEPRECATED, "", "" },
{ "AllowSupplementaryGroups", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_MILTER | OPT_DEPRECATED, "Initialize a supplementary group access (the process must be started by root).", "no" },
+ { "StatsHostID", "stats-host-id", 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_CLAMD | OPT_CLAMSCAN | OPT_DEPRECATED, "", "" },
+ { "StatsEnabled", "enable-stats", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_CLAMSCAN | OPT_DEPRECATED, "", "" },
+ { "StatsPEDisabled", "disable-pe-stats", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN | OPT_DEPRECATED, "", "" },
+ { "StatsTimeout", "stats-timeout", 0, CLOPT_TYPE_NUMBER, MATCH_NUMBER, -1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN | OPT_FRESHCLAM | OPT_DEPRECATED, "", "" },
+ { "SubmitDetectionStats", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_DEPRECATED, "", "" },
+ { "DetectionStatsCountry", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_DEPRECATED, "", "" },
+ { "DetectionStatsHostID", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_DEPRECATED, "", "" },
/* Milter specific options */

33
clamav-0.100.0-umask.patch
View File

@ -1,33 +0,0 @@
--- clamav-0.100.0/clamav-milter/clamav-milter.c 2018-04-04 02:13:58.000000000 +0200
+++ clamav-0.100.0/clamav-milter/clamav-milter.c.umask 2018-05-28 23:25:12.374047156 +0200
@@ -432,7 +432,7 @@
if((opt = optget(opts, "PidFile"))->enabled) {
FILE *fd;
- mode_t old_umask = umask(0002);
+ mode_t old_umask = umask(0022);
if((fd = fopen(opt->strarg, "w")) == NULL) {
logg("!Can't save PID in file %s\n", opt->strarg);
--- clamav-0.100.0/shared/output.c 2018-04-04 02:13:58.000000000 +0200
+++ clamav-0.100.0/shared/output.c.umask 2018-05-28 23:24:41.968851516 +0200
@@ -379,7 +379,7 @@
if (!logg_fp && logg_file)
{
- old_umask = umask(0037);
+ old_umask = umask(0077);
if ((logg_fp = fopen(logg_file, "at")) == NULL)
{
umask(old_umask);
--- clamav-0.100.0/freshclam/freshclam.c 2018-04-04 02:13:58.000000000 +0200
+++ clamav-0.100.0/freshclam/freshclam.c.umask 2018-05-28 23:25:30.675164850 +0200
@@ -127,7 +127,7 @@
{
FILE *fd;
int old_umask;
- old_umask = umask (0006);
+ old_umask = umask (0022);
if ((fd = fopen (pidfile, "w")) == NULL)
{
logg ("!Can't save PID to file %s: %s\n", pidfile, strerror (errno));

BIN
clamav-0.101.4.tar.gz → clamav-0.103.2.tar.gz
View File

Binary file not shown.

41
clamav-Fix-int64-overflow-check.patch
View File

@ -1,41 +0,0 @@
From 38622da97fb6fcb2d43d5676ac75cb5ac7896359 Mon Sep 17 00:00:00 2001
From: lutianxiong <lutianxiong@huawei.com>
Date: Tue, 16 Jun 2020 11:15:10 +0800
Subject: [PATCH] Fix int64 overflow check
Overflow check "(value >> 32) * 10 < INT32_MAX" may not work in
certain conditions, e.g. value is 0xcccccccdbcdc9cc
Note: This fixes oss-fuzz bug 16117.
---
libclamav/htmlnorm.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/libclamav/htmlnorm.c b/libclamav/htmlnorm.c
index d0be15b..4ac4948 100644
--- a/libclamav/htmlnorm.c
+++ b/libclamav/htmlnorm.c
@@ -1459,9 +1459,9 @@ static int cli_html_normalise(int fd, m_area_t *m_area, const char *dirname, tag
next_state = HTML_BAD_STATE;
ptr++;
} else if (isdigit(*ptr) || (hex && isxdigit(*ptr))) {
- if (hex && (value >> 32) * 16 < INT32_MAX) {
+ if (hex && value < INT64_MAX / 16) {
value *= 16;
- } else if ((value >> 32) * 10 < INT32_MAX) {
+ } else if (value < INT64_MAX / 10) {
value *= 10;
} else {
html_output_c(file_buff_o2, value);
@@ -1727,7 +1727,7 @@ static int cli_html_normalise(int fd, m_area_t *m_area, const char *dirname, tag
state = HTML_RFC2397_DATA;
break;
case HTML_ESCAPE_CHAR:
- if ((value >> 32) * 16 < INT32_MAX) {
+ if (value < INT64_MAX / 16) {
value *= 16;
} else {
state = next_state;
--
2.23.0

12
clamav-check.patch Normal file
View File

@ -0,0 +1,12 @@
diff -up clamav-0.103.0/unit_tests/check_jsnorm.c.check clamav-0.103.0/unit_tests/check_jsnorm.c
--- clamav-0.103.0/unit_tests/check_jsnorm.c.check 2020-09-12 18:27:10.000000000 -0600
+++ clamav-0.103.0/unit_tests/check_jsnorm.c 2020-09-17 22:15:26.199957518 -0600
@@ -247,7 +247,7 @@ static void tokenizer_test(const char *i
fd = open(filename, O_RDONLY);
if (fd < 0) {
jstest_teardown();
- ck_assert_msg("failed to open output file: %s", filename);
+ ck_assert_msg(0, "failed to open output file: %s", filename);
}
diff_file_mem(fd, expected, len);

20
clamav-clamonacc-service.patch Normal file
View File

@ -0,0 +1,20 @@
diff -up clamav-0.103.0/clamonacc/clamav-clamonacc.service.in.clamonacc-service clamav-0.103.0/clamonacc/clamav-clamonacc.service.in
--- clamav-0.103.0/clamonacc/clamav-clamonacc.service.in.clamonacc-service 2020-09-12 18:27:09.000000000 -0600
+++ clamav-0.103.0/clamonacc/clamav-clamonacc.service.in 2020-09-18 19:49:35.400152760 -0600
@@ -4,14 +4,12 @@
[Unit]
Description=ClamAV On-Access Scanner
Documentation=man:clamonacc(8) man:clamd.conf(5) https://www.clamav.net/documents
-Requires=clamav-daemon.service
-After=clamav-daemon.service syslog.target network.target
+After=clamd@scan.service syslog.target network.target
[Service]
Type=simple
User=root
-ExecStartPre=/bin/bash -c "while [ ! -S /run/clamav/clamd.ctl ]; do sleep 1; done"
-ExecStart=@prefix@/sbin/clamonacc -F --config-file=@APP_CONFIG_DIRECTORY@/clamd.conf --log=/var/log/clamav/clamonacc.log --move=/root/quarantine
+ExecStart=@prefix@/sbin/clamonacc -F --config-file=/etc/clamd.d/scan.conf
[Install]
WantedBy=multi-user.target

90
clamav-0.100.1-defaults_locations.patch → clamav-default_confs.patch
View File

@ -1,6 +1,7 @@
--- ./clamconf/clamconf.c.orig 2018-07-30 05:28:40.199759145 +0100 diff -up clamav-0.103.0/clamconf/clamconf.c.default_confs clamav-0.103.0/clamconf/clamconf.c
+++ ./clamconf/clamconf.c 2018-07-30 05:30:12.083760295 +0100 --- clamav-0.103.0/clamconf/clamconf.c.default_confs 2020-09-12 18:27:09.000000000 -0600
@@ -58,9 +58,9 @@ static struct _cfgfile { +++ clamav-0.103.0/clamconf/clamconf.c 2020-09-17 22:00:20.792879792 -0600
@@ -63,9 +63,9 @@ static struct _cfgfile {
const char *name; const char *name;
int tool; int tool;
} cfgfile[] = { } cfgfile[] = {
@ -9,36 +10,12 @@
{"freshclam.conf", OPT_FRESHCLAM}, {"freshclam.conf", OPT_FRESHCLAM},
- {"clamav-milter.conf", OPT_MILTER}, - {"clamav-milter.conf", OPT_MILTER},
+ {"mail/clamav-milter.conf", OPT_MILTER}, + {"mail/clamav-milter.conf", OPT_MILTER},
{ NULL, 0 } {NULL, 0}};
};
--- ./platform.h.in.orig 2018-07-30 06:27:54.437257754 +0100 static void printopts(struct optstruct *opts, int nondef)
+++ ./platform.h.in 2018-07-30 06:29:18.920124404 +0100 diff -up clamav-0.103.0/docs/man/clamav-milter.8.in.default_confs clamav-0.103.0/docs/man/clamav-milter.8.in
@@ -34,9 +34,9 @@ typedef unsigned int in_addr_t; --- clamav-0.103.0/docs/man/clamav-milter.8.in.default_confs 2020-09-12 18:27:09.000000000 -0600
#define PATHSEP "/" +++ clamav-0.103.0/docs/man/clamav-milter.8.in 2020-09-17 22:00:20.793879800 -0600
#endif
-#define CONFDIR_CLAMD CONFDIR PATHSEP "clamd.conf"
+#define CONFDIR_CLAMD CONFDIR PATHSEP "clamd.d/scan.conf"
#define CONFDIR_FRESHCLAM CONFDIR PATHSEP "freshclam.conf"
-#define CONFDIR_MILTER CONFDIR PATHSEP "clamav-milter.conf"
+#define CONFDIR_MILTER CONFDIR PATHSEP "mail/clamav-milter.conf"
#define cli_to_utf8_maybe_alloc(x) (x)
#define cli_strdup_to_utf8(x) strdup(x)
--- ./docs/man/clamav-milter.conf.5.in.orig 2018-07-31 02:47:52.768212114 +0100
+++ ./docs/man/clamav-milter.conf.5.in 2018-07-31 02:48:57.295032444 +0100
@@ -239,7 +239,7 @@ Default: no
All options expressing a size are limited to max 4GB. Values in excess will be reset to the maximum.
.SH "FILES"
.LP
-@CFGDIR@/clamav-milter.conf
+@CFGDIR@/mail/clamav-milter.conf
.SH "AUTHOR"
.LP
aCaB <acab@clamav.net>
--- ./docs/man/clamav-milter.8.in.orig 2018-07-31 02:47:45.154130364 +0100
+++ ./docs/man/clamav-milter.8.in 2018-07-31 02:48:39.484792893 +0100
@@ -27,7 +27,7 @@ Print the version number and exit. @@ -27,7 +27,7 @@ Print the version number and exit.
Read configuration from FILE. Read configuration from FILE.
.SH "FILES" .SH "FILES"
@ -48,19 +25,21 @@
.SH "AUTHOR" .SH "AUTHOR"
.LP .LP
aCaB <acab@clamav.net> aCaB <acab@clamav.net>
--- ./docs/man/clamd.conf.5.in.orig 2018-07-31 02:52:12.607659460 +0100 diff -up clamav-0.103.0/docs/man/clamav-milter.conf.5.in.default_confs clamav-0.103.0/docs/man/clamav-milter.conf.5.in
+++ ./docs/man/clamd.conf.5.in 2018-07-31 02:52:37.396992885 +0100 --- clamav-0.103.0/docs/man/clamav-milter.conf.5.in.default_confs 2020-09-12 18:27:09.000000000 -0600
@@ -703,7 +703,7 @@ Default: no +++ clamav-0.103.0/docs/man/clamav-milter.conf.5.in 2020-09-17 22:00:20.794879808 -0600
@@ -239,7 +239,7 @@ Default: no
All options expressing a size are limited to max 4GB. Values in excess will be reset to the maximum. All options expressing a size are limited to max 4GB. Values in excess will be reset to the maximum.
.SH "FILES" .SH "FILES"
.LP .LP
-@CFGDIR@/clamd.conf -@CFGDIR@/clamav-milter.conf
+@CFGDIR@/clamd.d/scan.conf +@CFGDIR@/mail/clamav-milter.conf
.SH "AUTHORS" .SH "AUTHOR"
.LP .LP
Tomasz Kojm <tkojm@clamav.net>, Kevin Lin <klin@sourcefire.com> aCaB <acab@clamav.net>
--- ./docs/man/clamd.8.in.orig 2018-07-31 02:51:22.897990849 +0100 diff -up clamav-0.103.0/docs/man/clamd.8.in.default_confs clamav-0.103.0/docs/man/clamd.8.in
+++ ./docs/man/clamd.8.in 2018-07-31 02:53:22.170595103 +0100 --- clamav-0.103.0/docs/man/clamd.8.in.default_confs 2020-09-12 18:27:09.000000000 -0600
+++ clamav-0.103.0/docs/man/clamd.8.in 2020-09-17 22:00:20.794879808 -0600
@@ -7,7 +7,7 @@ clamd \- an anti\-virus daemon @@ -7,7 +7,7 @@ clamd \- an anti\-virus daemon
clamd [options] clamd [options]
.SH "DESCRIPTION" .SH "DESCRIPTION"
@ -70,7 +49,7 @@
.SH "COMMANDS" .SH "COMMANDS"
.LP .LP
It's recommended to prefix clamd commands with the letter \fBz\fR (eg. zSCAN) to indicate that the command will be delimited by a NULL character and that clamd should continue reading command data until a NULL character is read. The null delimiter assures that the complete command and its entire argument will be processed as a single command. Alternatively commands may be prefixed with the letter \fBn\fR (e.g. nSCAN) to use a newline character as the delimiter. Clamd replies will honour the requested terminator in turn. It's recommended to prefix clamd commands with the letter \fBz\fR (eg. zSCAN) to indicate that the command will be delimited by a NULL character and that clamd should continue reading command data until a NULL character is read. The null delimiter assures that the complete command and its entire argument will be processed as a single command. Alternatively commands may be prefixed with the letter \fBn\fR (e.g. nSCAN) to use a newline character as the delimiter. Clamd replies will honour the requested terminator in turn.
@@ -119,7 +119,7 @@ Reload the signature databases. @@ -125,7 +125,7 @@ Reload the signature databases.
Perform a clean exit. Perform a clean exit.
.SH "FILES" .SH "FILES"
.LP .LP
@ -79,3 +58,30 @@
.SH "CREDITS" .SH "CREDITS"
Please check the full documentation for credits. Please check the full documentation for credits.
.SH "AUTHOR" .SH "AUTHOR"
diff -up clamav-0.103.0/docs/man/clamd.conf.5.in.default_confs clamav-0.103.0/docs/man/clamd.conf.5.in
--- clamav-0.103.0/docs/man/clamd.conf.5.in.default_confs 2020-09-17 22:00:20.795879816 -0600
+++ clamav-0.103.0/docs/man/clamd.conf.5.in 2020-09-17 22:01:21.414353121 -0600
@@ -759,7 +759,7 @@ Default: no
All options expressing a size are limited to max 4GB. Values in excess will be reset to the maximum.
.SH "FILES"
.LP
-@CFGDIR@/clamd.conf
+@CFGDIR@/clamd.d/scan.conf
.SH "AUTHORS"
.LP
Tomasz Kojm <tkojm@clamav.net>, Kevin Lin <klin@sourcefire.com>
diff -up clamav-0.103.0/platform.h.in.default_confs clamav-0.103.0/platform.h.in
--- clamav-0.103.0/platform.h.in.default_confs 2020-09-17 22:00:20.796879824 -0600
+++ clamav-0.103.0/platform.h.in 2020-09-17 22:01:56.842629739 -0600
@@ -112,9 +112,9 @@ typedef unsigned int in_addr_t;
#endif
#ifndef _WIN32
-#define CONFDIR_CLAMD CONFDIR PATHSEP "clamd.conf"
+#define CONFDIR_CLAMD CONFDIR PATHSEP "clamd.d/scan.conf"
#define CONFDIR_FRESHCLAM CONFDIR PATHSEP "freshclam.conf"
-#define CONFDIR_MILTER CONFDIR PATHSEP "clamav-milter.conf"
+#define CONFDIR_MILTER CONFDIR PATHSEP "mail/clamav-milter.conf"
#endif
#ifndef WORDS_BIGENDIAN

10
clamav-freshclam.service.patch Normal file
View File

@ -0,0 +1,10 @@
--- ./freshclam/clamav-freshclam.service.in.orig 2021-02-01 20:49:25.000000000 +0000
+++ ./freshclam/clamav-freshclam.service.in 2021-03-07 22:59:34.476455890 +0000
@@ -8,7 +8,6 @@ After=network-online.target
[Service]
ExecStart=@prefix@/bin/freshclam -d --foreground=true
-StandardOutput=syslog
[Install]
WantedBy=multi-user.target

17
clamav-stats-deprecation.patch Normal file
View File

@ -0,0 +1,17 @@
diff -up clamav-0.102.0/shared/optparser.c.stats-deprecation clamav-0.102.0/shared/optparser.c
--- clamav-0.102.0/shared/optparser.c.stats-deprecation 2019-10-10 21:55:31.245995091 -0600
+++ clamav-0.102.0/shared/optparser.c 2019-10-11 20:40:04.580067432 -0600
@@ -524,6 +524,13 @@ const struct clam_option __clam_options[
{"ArchiveLimitMemoryUsage", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, -1, NULL, 0, OPT_CLAMD | OPT_DEPRECATED, "", ""},
{"MailFollowURLs", "mail-follow-urls", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, -1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN | OPT_DEPRECATED, "", ""},
{"AllowSupplementaryGroups", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_MILTER | OPT_DEPRECATED, "Initialize a supplementary group access (the process must be started by root).", "no"},
+ {"StatsHostID", "stats-host-id", 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_CLAMD | OPT_CLAMSCAN | OPT_DEPRECATED, "", "" },
+ {"StatsEnabled", "enable-stats", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_CLAMSCAN | OPT_DEPRECATED, "", ""},
+ {"StatsPEDisabled", "disable-pe-stats", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN | OPT_DEPRECATED, "", ""},
+ {"StatsTimeout", "stats-timeout", 0, CLOPT_TYPE_NUMBER, MATCH_NUMBER, -1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN | OPT_FRESHCLAM | OPT_DEPRECATED, "", ""},
+ {"SubmitDetectionStats", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_DEPRECATED, "", ""},
+ {"DetectionStatsCountry", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_DEPRECATED, "", ""},
+ {"DetectionStatsHostID", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_DEPRECATED, "", ""},
{"ScanOnAccess", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, -1, NULL, 0, OPT_CLAMD | OPT_DEPRECATED, "", ""},
/* Milter specific options */

26
clamav.spec
View File

@ -1,7 +1,7 @@
Name: clamav Name: clamav
Summary: End-user tools for the Clam Antivirus scanner Summary: End-user tools for the Clam Antivirus scanner
Version: 0.101.4 Version: 0.103.2
Release: 8 Release: 1
License: GPLv2 and Public Domain and bzip2-1.0.6 and Zlib and Apache-2.0 License: GPLv2 and Public Domain and bzip2-1.0.6 and Zlib and Apache-2.0
URL: https://www.clamav.net/ URL: https://www.clamav.net/
Source0: https://www.clamav.net/downloads/production/clamav-%{version}.tar.gz Source0: https://www.clamav.net/downloads/production/clamav-%{version}.tar.gz
@ -20,16 +20,12 @@ Source13: clamd.scan.upstart
Source14: clamd@scan.service Source14: clamd@scan.service
Source15: clamd@.service Source15: clamd@.service
Patch0001: clamav-0.100.0-stats-deprecation.patch Patch0001: clamav-stats-deprecation.patch
Patch0002: clamav-0.100.1-defaults_locations.patch Patch0002: clamav-default_confs.patch
Patch0003: clamav-0.99-private.patch Patch0003: clamav-0.99-private.patch
Patch0004: clamav-0.100.0-umask.patch Patch0004: clamav-check.patch
Patch0005: llvm-glibc.patch Patch0005: clamav-clamonacc-service.patch
Patch0006: clamav-Fix-int64-overflow-check.patch Patch0006: clamav-freshclam.service.patch
Patch0007: CVE-2019-15961-pre-1.patch
Patch0008: CVE-2019-15961-pre-2.patch
Patch0009: CVE-2019-15961-1.patch
Patch0010: CVE-2019-15961-2.patch
BuildRequires: autoconf automake gettext-devel libtool libtool-ltdl-devel BuildRequires: autoconf automake gettext-devel libtool libtool-ltdl-devel
BuildRequires: gcc-c++ zlib-devel bzip2-devel gmp-devel curl-devel json-c-devel BuildRequires: gcc-c++ zlib-devel bzip2-devel gmp-devel curl-devel json-c-devel
@ -349,6 +345,9 @@ test -e %_var/log/clamav-milter.log || {
%_bindir/{clambc,clamconf,clamdscan,clamdtop,clamscan,clamsubmit,sigtool} %_bindir/{clambc,clamconf,clamdscan,clamdtop,clamscan,clamsubmit,sigtool}
%_libdir/libclamav.so.9* %_libdir/libclamav.so.9*
%_libdir/libclammspack.so.0* %_libdir/libclammspack.so.0*
%_sbindir/clamonacc
%_unitdir/clamav-clamonacc.service
%files devel %files devel
%_includedir/* %_includedir/*
@ -361,6 +360,7 @@ test -e %_var/log/clamav-milter.log || {
%_mandir/man[15]/* %_mandir/man[15]/*
%_mandir/man8/clamd.8* %_mandir/man8/clamd.8*
%_mandir/man8/clamav-milter* %_mandir/man8/clamav-milter*
%_mandir/man8/clamonacc.8*
%_mandir/*/freshclam* %_mandir/*/freshclam*
%files filesystem %files filesystem
@ -377,6 +377,7 @@ test -e %_var/log/clamav-milter.log || {
%files update %files update
%_bindir/freshclam %_bindir/freshclam
%_libdir/libfreshclam.so.2*
%_datadir/%name/freshclam-sleep %_datadir/%name/freshclam-sleep
%config(noreplace) %verify(not mtime) %_sysconfdir/freshclam.conf %config(noreplace) %verify(not mtime) %_sysconfdir/freshclam.conf
%config(noreplace) %verify(not mtime) %_sysconfdir/logrotate.d/* %config(noreplace) %verify(not mtime) %_sysconfdir/logrotate.d/*
@ -409,6 +410,9 @@ test -e %_var/log/clamav-milter.log || {
%changelog %changelog
* Fri Apr 16 2021 wangyue <wangyue92@huawei.com> - 0.103.2-1
- Upgrade to 0.103.2-1
* Thu Feb 18 2021 zhanghua <zhanghua40@huawei.com> - 0.101.4-8 * Thu Feb 18 2021 zhanghua <zhanghua40@huawei.com> - 0.101.4-8
- fix CVE-2019-15961 - fix CVE-2019-15961

12
llvm-glibc.patch
View File

@ -1,12 +0,0 @@
Index: clamav-0.97.3/libclamav/c++/llvm/lib/ExecutionEngine/JIT/Intercept.cpp
===================================================================
--- clamav-0.97.3.orig/libclamav/c++/llvm/lib/ExecutionEngine/JIT/Intercept.cpp
+++ clamav-0.97.3/libclamav/c++/llvm/lib/ExecutionEngine/JIT/Intercept.cpp
@@ -52,6 +52,7 @@ static void runAtExitHandlers() {
#include <sys/stat.h>
#endif
#include <fcntl.h>
+#include <unistd.h>
/* stat functions are redirecting to __xstat with a version number. On x86-64
* linking with libc_nonshared.a and -Wl,--export-dynamic doesn't make 'stat'
* available as an exported symbol, so we have to add it explicitly.