packages/clamav
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Upgrade to 0.103.2-1

Browse Source
This commit is contained in:
wang_yue111 2021-04-16 09:19:28 +08:00
parent dfaccaaa59
commit 5b6a575239
15 changed files with 127 additions and 8311 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1106
CVE-2019-15961-1.patch
View File

File diff suppressed because it is too large Load Diff

199
CVE-2019-15961-2.patch
View File

@ -1,199 +0,0 @@
From 482fcd413b07e9fd3ef9850e6d01a45f4e187108 Mon Sep 17 00:00:00 2001
From: Andy Ragusa <aragusa@cisco.com>
Date: Tue, 19 Nov 2019 15:55:47 -0800
Subject: [PATCH] Modified mbox.c only mark files as infected with heuristic
alerts if heuristic alerts are enabled.
---
libclamav/mbox.c | 52 ++++++++++++++++++++++--------------------------
1 file changed, 24 insertions(+), 28 deletions(-)
diff --git a/libclamav/mbox.c b/libclamav/mbox.c
index 684f0d7e34..fc63245255 100644
--- a/libclamav/mbox.c
+++ b/libclamav/mbox.c
@@ -232,11 +232,11 @@ static blob *getHrefs(message *m, tag_arguments_t *hrefs);
static void hrefs_done(blob *b, tag_arguments_t *hrefs);
static void checkURLs(message *m, mbox_ctx *mctx, mbox_status *rc, int is_html);
-static bool haveTooManyMIMEPartsPerMessage(size_t mimePartCnt, cli_ctx *ctx);
-static bool hitLineFoldCnt(const char *const line, size_t *lineFoldCnt, cli_ctx *ctx);
-static bool haveTooManyHeaderBytes(size_t totalLen, cli_ctx *ctx);
-static bool haveTooManyEmailHeaders(size_t totalHeaderCnt, cli_ctx *ctx);
-static bool haveTooManyMIMEArguments(size_t argCnt, cli_ctx *ctx);
+static bool haveTooManyMIMEPartsPerMessage(size_t mimePartCnt, cli_ctx *ctx, mbox_status * rc);
+static bool hitLineFoldCnt(const char *const line, size_t *lineFoldCnt, cli_ctx *ctx, bool * heuristicFound);
+static bool haveTooManyHeaderBytes(size_t totalLen, cli_ctx *ctx, bool * heuristicFound);
+static bool haveTooManyEmailHeaders(size_t totalHeaderCnt, cli_ctx *ctx, bool * heuristicFound);
+static bool haveTooManyMIMEArguments(size_t argCnt, cli_ctx *ctx, bool * heuristicFound);
/* Maximum line length according to RFC2821 */
#define RFC2821LENGTH 1000
@@ -769,7 +769,7 @@ doContinueMultipleEmptyOptions(const char *const line, bool *lastWasOnlySemi)
}
static bool
-hitLineFoldCnt(const char *const line, size_t *lineFoldCnt, cli_ctx *ctx)
+hitLineFoldCnt(const char *const line, size_t *lineFoldCnt, cli_ctx *ctx, bool * heuristicFound)
{
if (line) {
@@ -782,6 +782,7 @@ hitLineFoldCnt(const char *const line, size_t *lineFoldCnt, cli_ctx *ctx)
if ((*lineFoldCnt) >= HEURISTIC_EMAIL_MAX_LINE_FOLDS_PER_HEADER) {
if (ctx->options->general & CL_SCAN_GENERAL_HEURISTICS) {
cli_append_virus(ctx, "Heuristics.Email.ExceedsMaxLineFoldCnt");
+ *heuristicFound = TRUE;
}
return TRUE;
@@ -791,12 +792,13 @@ hitLineFoldCnt(const char *const line, size_t *lineFoldCnt, cli_ctx *ctx)
}
static bool
-haveTooManyHeaderBytes(size_t totalLen, cli_ctx *ctx)
+haveTooManyHeaderBytes(size_t totalLen, cli_ctx *ctx, bool * heuristicFound)
{
if (totalLen > HEURISTIC_EMAIL_MAX_HEADER_BYTES) {
if (ctx->options->general & CL_SCAN_GENERAL_HEURISTICS) {
cli_append_virus(ctx, "Heuristics.Email.ExceedsMaxHeaderBytes");
+ *heuristicFound = TRUE;
}
return TRUE;
@@ -805,12 +807,13 @@ haveTooManyHeaderBytes(size_t totalLen, cli_ctx *ctx)
}
static bool
-haveTooManyEmailHeaders(size_t totalHeaderCnt, cli_ctx *ctx)
+haveTooManyEmailHeaders(size_t totalHeaderCnt, cli_ctx *ctx, bool * heuristicFound)
{
if (totalHeaderCnt > HEURISTIC_EMAIL_MAX_HEADERS) {
if (ctx->options->general & CL_SCAN_GENERAL_HEURISTICS) {
cli_append_virus(ctx, "Heuristics.Email.ExceedsMaxEmailHeaders");
+ *heuristicFound = TRUE;
}
return TRUE;
@@ -819,12 +822,13 @@ haveTooManyEmailHeaders(size_t totalHeaderCnt, cli_ctx *ctx)
}
static bool
-haveTooManyMIMEPartsPerMessage(size_t mimePartCnt, cli_ctx *ctx)
+haveTooManyMIMEPartsPerMessage(size_t mimePartCnt, cli_ctx *ctx, mbox_status * rc)
{
if (mimePartCnt >= HEURISTIC_EMAIL_MAX_MIME_PARTS_PER_MESSAGE) {
if (ctx->options->general & CL_SCAN_GENERAL_HEURISTICS) {
cli_append_virus(ctx, "Heuristics.Email.ExceedsMaxMIMEPartsPerMessage");
+ *rc = VIRUS;
}
return TRUE;
@@ -833,12 +837,13 @@ haveTooManyMIMEPartsPerMessage(size_t mimePartCnt, cli_ctx *ctx)
}
static bool
-haveTooManyMIMEArguments(size_t argCnt, cli_ctx *ctx)
+haveTooManyMIMEArguments(size_t argCnt, cli_ctx *ctx, bool * heuristicFound)
{
if (argCnt >= HEURISTIC_EMAIL_MAX_ARGUMENTS_PER_HEADER) {
if (ctx->options->general & CL_SCAN_GENERAL_HEURISTICS) {
cli_append_virus(ctx, "Heuristics.Email.ExceedsMaxMIMEArguments");
+ *heuristicFound = TRUE;
}
return TRUE;
@@ -899,8 +904,7 @@ parseEmailFile(fmap_t *map, size_t *at, const table_t *rfc821, const char *first
continue;
}
- if (hitLineFoldCnt(line, &lineFoldCnt, ctx)) {
- *heuristicFound = TRUE;
+ if (hitLineFoldCnt(line, &lineFoldCnt, ctx, heuristicFound )) {
break;
}
@@ -947,8 +951,7 @@ parseEmailFile(fmap_t *map, size_t *at, const table_t *rfc821, const char *first
DO_VERIFY_POINTER(header);
totalHeaderCnt++;
- if (haveTooManyEmailHeaders(totalHeaderCnt, ctx)) {
- *heuristicFound = TRUE;
+ if (haveTooManyEmailHeaders(totalHeaderCnt, ctx, heuristicFound)) {
break;
}
needContinue = (parseEmailHeader(ret, header, rfc821, ctx, heuristicFound) < 0);
@@ -1037,8 +1040,7 @@ parseEmailFile(fmap_t *map, size_t *at, const table_t *rfc821, const char *first
if (lineAdded) {
totalHeaderBytes += strlen(line);
- if (haveTooManyHeaderBytes(totalHeaderBytes, ctx)) {
- *heuristicFound = TRUE;
+ if (haveTooManyHeaderBytes(totalHeaderBytes, ctx, heuristicFound)) {
break;
}
}
@@ -1069,8 +1071,7 @@ parseEmailFile(fmap_t *map, size_t *at, const table_t *rfc821, const char *first
if (0 == needContinue) {
totalHeaderCnt++;
- if (haveTooManyEmailHeaders(totalHeaderCnt, ctx)) {
- *heuristicFound = TRUE;
+ if (haveTooManyEmailHeaders(totalHeaderCnt, ctx, heuristicFound)) {
break;
}
needContinue = (parseEmailHeader(ret, header, rfc821, ctx, heuristicFound) < 0);
@@ -1205,8 +1206,7 @@ parseEmailHeaders(message *m, const table_t *rfc821, bool *heuristicFound)
continue;
}
- if (hitLineFoldCnt(line, &lineFoldCnt, m->ctx)) {
- *heuristicFound = TRUE;
+ if (hitLineFoldCnt(line, &lineFoldCnt, m->ctx, heuristicFound)) {
break;
}
@@ -1283,8 +1283,7 @@ parseEmailHeaders(message *m, const table_t *rfc821, bool *heuristicFound)
}
if (lineAdded) {
- if (haveTooManyHeaderBytes(fulllinelength, m->ctx)) {
- *heuristicFound = TRUE;
+ if (haveTooManyHeaderBytes(fulllinelength, m->ctx, heuristicFound)) {
break;
}
}
@@ -1306,8 +1305,7 @@ parseEmailHeaders(message *m, const table_t *rfc821, bool *heuristicFound)
}
totalHeaderCnt++;
- if (haveTooManyEmailHeaders(totalHeaderCnt, m->ctx)) {
- *heuristicFound = TRUE;
+ if (haveTooManyEmailHeaders(totalHeaderCnt, m->ctx, heuristicFound)) {
break;
}
if (parseEmailHeader(ret, fullline, rfc821, m->ctx, heuristicFound) < 0) {
@@ -2209,9 +2207,8 @@ parseEmailBody(message *messageIn, text *textIn, mbox_ctx *mctx, unsigned int re
free((char *)boundary);
- if (haveTooManyMIMEPartsPerMessage(multiparts, mctx->ctx)) {
+ if (haveTooManyMIMEPartsPerMessage(multiparts, mctx->ctx, &rc)) {
DO_FREE(messages);
- rc = VIRUS;
break;
}
@@ -3290,8 +3287,7 @@ parseMimeHeader(message *m, const char *cmd, const table_t *rfc821Table, const c
cli_dbgmsg("mimeArgs = '%s'\n", buf);
argCnt++;
- if (haveTooManyMIMEArguments(argCnt, ctx)) {
- *heuristicFound = TRUE;
+ if (haveTooManyMIMEArguments(argCnt, ctx, heuristicFound )) {
break;
}
messageAddArguments(m, buf);

94
CVE-2019-15961-pre-1.patch
View File

@ -1,94 +0,0 @@
From 4619f636cb3a2df8162a3677b6c2918868a953da Mon Sep 17 00:00:00 2001
From: Micah Snyder <micasnyd@cisco.com>
Date: Thu, 31 Oct 2019 16:05:29 -0400
Subject: [PATCH] Fixes null-dereference in mail message parser.
---
libclamav/mbox.c | 16 ++++++++--------
libclamav/message.c | 4 +++-
2 files changed, 11 insertions(+), 9 deletions(-)
diff --git a/libclamav/mbox.c b/libclamav/mbox.c
index d9746f1e95..7fee0cab4c 100644
--- a/libclamav/mbox.c
+++ b/libclamav/mbox.c
@@ -3,7 +3,7 @@
* Copyright (C) 2007-2013 Sourcefire, Inc.
*
* Authors: Nigel Horne
- *
+ *
* Acknowledgements: Some ideas came from Stephen White <stephen@earth.li>,
* Michael Dankov <misha@btrc.ru>, Gianluigi Tiesi <sherpya@netfarm.it>,
* Everton da Silva Marques, Thomas Lamy <Thomas.Lamy@in-online.net>,
@@ -586,7 +586,7 @@ cli_parse_mbox(const char *dir, cli_ctx *ctx)
*/
messageDestroy(body);
}
-
+
if((retcode == CL_CLEAN) && ctx->found_possibly_unwanted &&
(*ctx->virname == NULL || SCAN_ALLMATCHES)) {
retcode = cli_append_virus(ctx, "Heuristics.Phishing.Email");
@@ -1840,8 +1840,8 @@ parseEmailBody(message *messageIn, text *textIn, mbox_ctx *mctx, unsigned int re
* must be listed here */
break;
default:
- /* this is a subtype that we
- * don't handle anyway,
+ /* this is a subtype that we
+ * don't handle anyway,
* don't store */
if(messages[multiparts]) {
messageDestroy(messages[multiparts]);
@@ -3617,7 +3617,7 @@ getline_from_mbox(char *buffer, size_t buffer_len, fmap_t *map, size_t *at)
src = cursrc = fmap_need_off_once(map, *at, input_len);
/* we check for eof from the result of GETC()
- * if(feof(fin))
+ * if(feof(fin))
return NULL;*/
if(!src) {
cli_dbgmsg("getline_from_mbox: fmap need failed\n");
@@ -3629,7 +3629,7 @@ getline_from_mbox(char *buffer, size_t buffer_len, fmap_t *map, size_t *at)
}
curbuf = buffer;
-
+
for(i=0; i<buffer_len-1; i++) {
char c;
@@ -3666,7 +3666,7 @@ getline_from_mbox(char *buffer, size_t buffer_len, fmap_t *map, size_t *at)
}
*at += cursrc - src;
*curbuf = '\0';
-
+
return buffer;
}
@@ -3873,7 +3873,7 @@ do_multipart(message *mainMessage, message **messages, int i, mbox_status *rc, m
thisobj = messageGetJObj(aMessage);
if (thisobj == NULL) {
- cli_errmsg("Cannot get message preclass object\n");
+ cli_dbgmsg("Cannot get message preclass object\n");
*rc = -1;
return mainMessage;
}
diff --git a/libclamav/message.c b/libclamav/message.c
index 0e57695f46..c9d382e4a3 100644
--- a/libclamav/message.c
+++ b/libclamav/message.c
@@ -2649,7 +2649,9 @@ isuuencodebegin(const char *line)
#if HAVE_JSON
json_object *messageGetJObj(message *m)
{
- assert(m != NULL);
+ if (m == NULL) {
+ return NULL;
+ }
if(m->jobj == NULL)
m->jobj = cli_jsonobj(NULL, NULL);

6750
CVE-2019-15961-pre-2.patch
View File

File diff suppressed because it is too large Load Diff

18
clamav-0.100.0-stats-deprecation.patch
View File

@ -1,18 +0,0 @@
https://bugzilla.clamav.net/show_bug.cgi?id=12097
--- a/shared/optparser.c
+++ b/shared/optparser.c
@@ -505,6 +505,13 @@ const struct clam_option __clam_options[
{ "ClamukoExcludeUID", NULL, 0, CLOPT_TYPE_NUMBER, MATCH_NUMBER, -1, NULL, FLAG_MULTIPLE, OPT_CLAMD | OPT_DEPRECATED, "", "" },
{ "ClamukoMaxFileSize", NULL, 0, CLOPT_TYPE_SIZE, MATCH_SIZE, 5242880, NULL, 0, OPT_CLAMD | OPT_DEPRECATED, "", "" },
{ "AllowSupplementaryGroups", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_MILTER | OPT_DEPRECATED, "Initialize a supplementary group access (the process must be started by root).", "no" },
+ { "StatsHostID", "stats-host-id", 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_CLAMD | OPT_CLAMSCAN | OPT_DEPRECATED, "", "" },
+ { "StatsEnabled", "enable-stats", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_CLAMSCAN | OPT_DEPRECATED, "", "" },
+ { "StatsPEDisabled", "disable-pe-stats", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN | OPT_DEPRECATED, "", "" },
+ { "StatsTimeout", "stats-timeout", 0, CLOPT_TYPE_NUMBER, MATCH_NUMBER, -1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN | OPT_FRESHCLAM | OPT_DEPRECATED, "", "" },
+ { "SubmitDetectionStats", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_DEPRECATED, "", "" },
+ { "DetectionStatsCountry", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_DEPRECATED, "", "" },
+ { "DetectionStatsHostID", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_DEPRECATED, "", "" },
/* Milter specific options */

33
clamav-0.100.0-umask.patch
View File

@ -1,33 +0,0 @@
--- clamav-0.100.0/clamav-milter/clamav-milter.c 2018-04-04 02:13:58.000000000 +0200
+++ clamav-0.100.0/clamav-milter/clamav-milter.c.umask 2018-05-28 23:25:12.374047156 +0200
@@ -432,7 +432,7 @@
if((opt = optget(opts, "PidFile"))->enabled) {
FILE *fd;
- mode_t old_umask = umask(0002);
+ mode_t old_umask = umask(0022);
if((fd = fopen(opt->strarg, "w")) == NULL) {
logg("!Can't save PID in file %s\n", opt->strarg);
--- clamav-0.100.0/shared/output.c 2018-04-04 02:13:58.000000000 +0200
+++ clamav-0.100.0/shared/output.c.umask 2018-05-28 23:24:41.968851516 +0200
@@ -379,7 +379,7 @@
if (!logg_fp && logg_file)
{
- old_umask = umask(0037);
+ old_umask = umask(0077);
if ((logg_fp = fopen(logg_file, "at")) == NULL)
{
umask(old_umask);
--- clamav-0.100.0/freshclam/freshclam.c 2018-04-04 02:13:58.000000000 +0200
+++ clamav-0.100.0/freshclam/freshclam.c.umask 2018-05-28 23:25:30.675164850 +0200
@@ -127,7 +127,7 @@
{
FILE *fd;
int old_umask;
- old_umask = umask (0006);
+ old_umask = umask (0022);
if ((fd = fopen (pidfile, "w")) == NULL)
{
logg ("!Can't save PID to file %s: %s\n", pidfile, strerror (errno));

BIN
clamav-0.101.4.tar.gz → clamav-0.103.2.tar.gz
View File

Binary file not shown.

41
clamav-Fix-int64-overflow-check.patch
View File

@ -1,41 +0,0 @@
From 38622da97fb6fcb2d43d5676ac75cb5ac7896359 Mon Sep 17 00:00:00 2001
From: lutianxiong <lutianxiong@huawei.com>
Date: Tue, 16 Jun 2020 11:15:10 +0800
Subject: [PATCH] Fix int64 overflow check
Overflow check "(value >> 32) * 10 < INT32_MAX" may not work in
certain conditions, e.g. value is 0xcccccccdbcdc9cc
Note: This fixes oss-fuzz bug 16117.
---
libclamav/htmlnorm.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/libclamav/htmlnorm.c b/libclamav/htmlnorm.c
index d0be15b..4ac4948 100644
--- a/libclamav/htmlnorm.c
+++ b/libclamav/htmlnorm.c
@@ -1459,9 +1459,9 @@ static int cli_html_normalise(int fd, m_area_t *m_area, const char *dirname, tag
next_state = HTML_BAD_STATE;
ptr++;
} else if (isdigit(*ptr) || (hex && isxdigit(*ptr))) {
- if (hex && (value >> 32) * 16 < INT32_MAX) {
+ if (hex && value < INT64_MAX / 16) {
value *= 16;
- } else if ((value >> 32) * 10 < INT32_MAX) {
+ } else if (value < INT64_MAX / 10) {
value *= 10;
} else {
html_output_c(file_buff_o2, value);
@@ -1727,7 +1727,7 @@ static int cli_html_normalise(int fd, m_area_t *m_area, const char *dirname, tag
state = HTML_RFC2397_DATA;
break;
case HTML_ESCAPE_CHAR:
- if ((value >> 32) * 16 < INT32_MAX) {
+ if (value < INT64_MAX / 16) {
value *= 16;
} else {
state = next_state;
--
2.23.0

12
clamav-check.patch Normal file
View File

@ -0,0 +1,12 @@
diff -up clamav-0.103.0/unit_tests/check_jsnorm.c.check clamav-0.103.0/unit_tests/check_jsnorm.c
--- clamav-0.103.0/unit_tests/check_jsnorm.c.check 2020-09-12 18:27:10.000000000 -0600
+++ clamav-0.103.0/unit_tests/check_jsnorm.c 2020-09-17 22:15:26.199957518 -0600
@@ -247,7 +247,7 @@ static void tokenizer_test(const char *i
fd = open(filename, O_RDONLY);
if (fd < 0) {
jstest_teardown();
- ck_assert_msg("failed to open output file: %s", filename);
+ ck_assert_msg(0, "failed to open output file: %s", filename);
}
diff_file_mem(fd, expected, len);

20
clamav-clamonacc-service.patch Normal file
View File

@ -0,0 +1,20 @@
diff -up clamav-0.103.0/clamonacc/clamav-clamonacc.service.in.clamonacc-service clamav-0.103.0/clamonacc/clamav-clamonacc.service.in
--- clamav-0.103.0/clamonacc/clamav-clamonacc.service.in.clamonacc-service 2020-09-12 18:27:09.000000000 -0600
+++ clamav-0.103.0/clamonacc/clamav-clamonacc.service.in 2020-09-18 19:49:35.400152760 -0600
@@ -4,14 +4,12 @@
[Unit]
Description=ClamAV On-Access Scanner
Documentation=man:clamonacc(8) man:clamd.conf(5) https://www.clamav.net/documents
-Requires=clamav-daemon.service
-After=clamav-daemon.service syslog.target network.target
+After=clamd@scan.service syslog.target network.target
[Service]
Type=simple
User=root
-ExecStartPre=/bin/bash -c "while [ ! -S /run/clamav/clamd.ctl ]; do sleep 1; done"
-ExecStart=@prefix@/sbin/clamonacc -F --config-file=@APP_CONFIG_DIRECTORY@/clamd.conf --log=/var/log/clamav/clamonacc.log --move=/root/quarantine
+ExecStart=@prefix@/sbin/clamonacc -F --config-file=/etc/clamd.d/scan.conf
[Install]
WantedBy=multi-user.target

90
clamav-0.100.1-defaults_locations.patch → clamav-default_confs.patch
View File

@ -1,6 +1,7 @@
--- ./clamconf/clamconf.c.orig 2018-07-30 05:28:40.199759145 +0100
+++ ./clamconf/clamconf.c 2018-07-30 05:30:12.083760295 +0100
@@ -58,9 +58,9 @@ static struct _cfgfile {
diff -up clamav-0.103.0/clamconf/clamconf.c.default_confs clamav-0.103.0/clamconf/clamconf.c
--- clamav-0.103.0/clamconf/clamconf.c.default_confs 2020-09-12 18:27:09.000000000 -0600
+++ clamav-0.103.0/clamconf/clamconf.c 2020-09-17 22:00:20.792879792 -0600
@@ -63,9 +63,9 @@ static struct _cfgfile {
const char *name;
int tool;
} cfgfile[] = {
@ -9,36 +10,12 @@
{"freshclam.conf", OPT_FRESHCLAM},
- {"clamav-milter.conf", OPT_MILTER},
+ {"mail/clamav-milter.conf", OPT_MILTER},
{ NULL, 0 }
};
{NULL, 0}};
--- ./platform.h.in.orig 2018-07-30 06:27:54.437257754 +0100
+++ ./platform.h.in 2018-07-30 06:29:18.920124404 +0100
@@ -34,9 +34,9 @@ typedef unsigned int in_addr_t;
#define PATHSEP "/"
#endif
-#define CONFDIR_CLAMD CONFDIR PATHSEP "clamd.conf"
+#define CONFDIR_CLAMD CONFDIR PATHSEP "clamd.d/scan.conf"
#define CONFDIR_FRESHCLAM CONFDIR PATHSEP "freshclam.conf"
-#define CONFDIR_MILTER CONFDIR PATHSEP "clamav-milter.conf"
+#define CONFDIR_MILTER CONFDIR PATHSEP "mail/clamav-milter.conf"
#define cli_to_utf8_maybe_alloc(x) (x)
#define cli_strdup_to_utf8(x) strdup(x)
--- ./docs/man/clamav-milter.conf.5.in.orig 2018-07-31 02:47:52.768212114 +0100
+++ ./docs/man/clamav-milter.conf.5.in 2018-07-31 02:48:57.295032444 +0100
@@ -239,7 +239,7 @@ Default: no
All options expressing a size are limited to max 4GB. Values in excess will be reset to the maximum.
.SH "FILES"
.LP
-@CFGDIR@/clamav-milter.conf
+@CFGDIR@/mail/clamav-milter.conf
.SH "AUTHOR"
.LP
aCaB <acab@clamav.net>
--- ./docs/man/clamav-milter.8.in.orig 2018-07-31 02:47:45.154130364 +0100
+++ ./docs/man/clamav-milter.8.in 2018-07-31 02:48:39.484792893 +0100
static void printopts(struct optstruct *opts, int nondef)
diff -up clamav-0.103.0/docs/man/clamav-milter.8.in.default_confs clamav-0.103.0/docs/man/clamav-milter.8.in
--- clamav-0.103.0/docs/man/clamav-milter.8.in.default_confs 2020-09-12 18:27:09.000000000 -0600
+++ clamav-0.103.0/docs/man/clamav-milter.8.in 2020-09-17 22:00:20.793879800 -0600
@@ -27,7 +27,7 @@ Print the version number and exit.
Read configuration from FILE.
.SH "FILES"
@ -48,19 +25,21 @@
.SH "AUTHOR"
.LP
aCaB <acab@clamav.net>
--- ./docs/man/clamd.conf.5.in.orig 2018-07-31 02:52:12.607659460 +0100
+++ ./docs/man/clamd.conf.5.in 2018-07-31 02:52:37.396992885 +0100
@@ -703,7 +703,7 @@ Default: no
diff -up clamav-0.103.0/docs/man/clamav-milter.conf.5.in.default_confs clamav-0.103.0/docs/man/clamav-milter.conf.5.in
--- clamav-0.103.0/docs/man/clamav-milter.conf.5.in.default_confs 2020-09-12 18:27:09.000000000 -0600
+++ clamav-0.103.0/docs/man/clamav-milter.conf.5.in 2020-09-17 22:00:20.794879808 -0600
@@ -239,7 +239,7 @@ Default: no
All options expressing a size are limited to max 4GB. Values in excess will be reset to the maximum.
.SH "FILES"
.LP
-@CFGDIR@/clamd.conf
+@CFGDIR@/clamd.d/scan.conf
.SH "AUTHORS"
-@CFGDIR@/clamav-milter.conf
+@CFGDIR@/mail/clamav-milter.conf
.SH "AUTHOR"
.LP
Tomasz Kojm <tkojm@clamav.net>, Kevin Lin <klin@sourcefire.com>
--- ./docs/man/clamd.8.in.orig 2018-07-31 02:51:22.897990849 +0100
+++ ./docs/man/clamd.8.in 2018-07-31 02:53:22.170595103 +0100
aCaB <acab@clamav.net>
diff -up clamav-0.103.0/docs/man/clamd.8.in.default_confs clamav-0.103.0/docs/man/clamd.8.in
--- clamav-0.103.0/docs/man/clamd.8.in.default_confs 2020-09-12 18:27:09.000000000 -0600
+++ clamav-0.103.0/docs/man/clamd.8.in 2020-09-17 22:00:20.794879808 -0600
@@ -7,7 +7,7 @@ clamd \- an anti\-virus daemon
clamd [options]
.SH "DESCRIPTION"
@ -70,7 +49,7 @@
.SH "COMMANDS"
.LP
It's recommended to prefix clamd commands with the letter \fBz\fR (eg. zSCAN) to indicate that the command will be delimited by a NULL character and that clamd should continue reading command data until a NULL character is read. The null delimiter assures that the complete command and its entire argument will be processed as a single command. Alternatively commands may be prefixed with the letter \fBn\fR (e.g. nSCAN) to use a newline character as the delimiter. Clamd replies will honour the requested terminator in turn.
@@ -119,7 +119,7 @@ Reload the signature databases.
@@ -125,7 +125,7 @@ Reload the signature databases.
Perform a clean exit.
.SH "FILES"
.LP
@ -79,3 +58,30 @@
.SH "CREDITS"
Please check the full documentation for credits.
.SH "AUTHOR"
diff -up clamav-0.103.0/docs/man/clamd.conf.5.in.default_confs clamav-0.103.0/docs/man/clamd.conf.5.in
--- clamav-0.103.0/docs/man/clamd.conf.5.in.default_confs 2020-09-17 22:00:20.795879816 -0600
+++ clamav-0.103.0/docs/man/clamd.conf.5.in 2020-09-17 22:01:21.414353121 -0600
@@ -759,7 +759,7 @@ Default: no
All options expressing a size are limited to max 4GB. Values in excess will be reset to the maximum.
.SH "FILES"
.LP
-@CFGDIR@/clamd.conf
+@CFGDIR@/clamd.d/scan.conf
.SH "AUTHORS"
.LP
Tomasz Kojm <tkojm@clamav.net>, Kevin Lin <klin@sourcefire.com>
diff -up clamav-0.103.0/platform.h.in.default_confs clamav-0.103.0/platform.h.in
--- clamav-0.103.0/platform.h.in.default_confs 2020-09-17 22:00:20.796879824 -0600
+++ clamav-0.103.0/platform.h.in 2020-09-17 22:01:56.842629739 -0600
@@ -112,9 +112,9 @@ typedef unsigned int in_addr_t;
#endif
#ifndef _WIN32
-#define CONFDIR_CLAMD CONFDIR PATHSEP "clamd.conf"
+#define CONFDIR_CLAMD CONFDIR PATHSEP "clamd.d/scan.conf"
#define CONFDIR_FRESHCLAM CONFDIR PATHSEP "freshclam.conf"
-#define CONFDIR_MILTER CONFDIR PATHSEP "clamav-milter.conf"
+#define CONFDIR_MILTER CONFDIR PATHSEP "mail/clamav-milter.conf"
#endif
#ifndef WORDS_BIGENDIAN

10
clamav-freshclam.service.patch Normal file
View File

@ -0,0 +1,10 @@
--- ./freshclam/clamav-freshclam.service.in.orig 2021-02-01 20:49:25.000000000 +0000
+++ ./freshclam/clamav-freshclam.service.in 2021-03-07 22:59:34.476455890 +0000
@@ -8,7 +8,6 @@ After=network-online.target
[Service]
ExecStart=@prefix@/bin/freshclam -d --foreground=true
-StandardOutput=syslog
[Install]
WantedBy=multi-user.target

17
clamav-stats-deprecation.patch Normal file
View File

@ -0,0 +1,17 @@
diff -up clamav-0.102.0/shared/optparser.c.stats-deprecation clamav-0.102.0/shared/optparser.c
--- clamav-0.102.0/shared/optparser.c.stats-deprecation 2019-10-10 21:55:31.245995091 -0600
+++ clamav-0.102.0/shared/optparser.c 2019-10-11 20:40:04.580067432 -0600
@@ -524,6 +524,13 @@ const struct clam_option __clam_options[
{"ArchiveLimitMemoryUsage", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, -1, NULL, 0, OPT_CLAMD | OPT_DEPRECATED, "", ""},
{"MailFollowURLs", "mail-follow-urls", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, -1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN | OPT_DEPRECATED, "", ""},
{"AllowSupplementaryGroups", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_MILTER | OPT_DEPRECATED, "Initialize a supplementary group access (the process must be started by root).", "no"},
+ {"StatsHostID", "stats-host-id", 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_CLAMD | OPT_CLAMSCAN | OPT_DEPRECATED, "", "" },
+ {"StatsEnabled", "enable-stats", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_CLAMSCAN | OPT_DEPRECATED, "", ""},
+ {"StatsPEDisabled", "disable-pe-stats", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN | OPT_DEPRECATED, "", ""},
+ {"StatsTimeout", "stats-timeout", 0, CLOPT_TYPE_NUMBER, MATCH_NUMBER, -1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN | OPT_FRESHCLAM | OPT_DEPRECATED, "", ""},
+ {"SubmitDetectionStats", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_DEPRECATED, "", ""},
+ {"DetectionStatsCountry", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_DEPRECATED, "", ""},
+ {"DetectionStatsHostID", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_DEPRECATED, "", ""},
{"ScanOnAccess", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, -1, NULL, 0, OPT_CLAMD | OPT_DEPRECATED, "", ""},
/* Milter specific options */

26
clamav.spec
View File

@ -1,7 +1,7 @@
Name: clamav
Summary: End-user tools for the Clam Antivirus scanner
Version: 0.101.4
Release: 8
Version: 0.103.2
Release: 1
License: GPLv2 and Public Domain and bzip2-1.0.6 and Zlib and Apache-2.0
URL: https://www.clamav.net/
Source0: https://www.clamav.net/downloads/production/clamav-%{version}.tar.gz
@ -20,16 +20,12 @@ Source13: clamd.scan.upstart
Source14: clamd@scan.service
Source15: clamd@.service
Patch0001: clamav-0.100.0-stats-deprecation.patch
Patch0002: clamav-0.100.1-defaults_locations.patch
Patch0001: clamav-stats-deprecation.patch
Patch0002: clamav-default_confs.patch
Patch0003: clamav-0.99-private.patch
Patch0004: clamav-0.100.0-umask.patch
Patch0005: llvm-glibc.patch
Patch0006: clamav-Fix-int64-overflow-check.patch
Patch0007: CVE-2019-15961-pre-1.patch
Patch0008: CVE-2019-15961-pre-2.patch
Patch0009: CVE-2019-15961-1.patch
Patch0010: CVE-2019-15961-2.patch
Patch0004: clamav-check.patch
Patch0005: clamav-clamonacc-service.patch
Patch0006: clamav-freshclam.service.patch
BuildRequires: autoconf automake gettext-devel libtool libtool-ltdl-devel
BuildRequires: gcc-c++ zlib-devel bzip2-devel gmp-devel curl-devel json-c-devel
@ -349,6 +345,9 @@ test -e %_var/log/clamav-milter.log || {
%_bindir/{clambc,clamconf,clamdscan,clamdtop,clamscan,clamsubmit,sigtool}
%_libdir/libclamav.so.9*
%_libdir/libclammspack.so.0*
%_sbindir/clamonacc
%_unitdir/clamav-clamonacc.service
%files devel
%_includedir/*
@ -361,6 +360,7 @@ test -e %_var/log/clamav-milter.log || {
%_mandir/man[15]/*
%_mandir/man8/clamd.8*
%_mandir/man8/clamav-milter*
%_mandir/man8/clamonacc.8*
%_mandir/*/freshclam*
%files filesystem
@ -377,6 +377,7 @@ test -e %_var/log/clamav-milter.log || {
%files update
%_bindir/freshclam
%_libdir/libfreshclam.so.2*
%_datadir/%name/freshclam-sleep
%config(noreplace) %verify(not mtime) %_sysconfdir/freshclam.conf
%config(noreplace) %verify(not mtime) %_sysconfdir/logrotate.d/*
@ -409,6 +410,9 @@ test -e %_var/log/clamav-milter.log || {
%changelog
* Fri Apr 16 2021 wangyue <wangyue92@huawei.com> - 0.103.2-1
- Upgrade to 0.103.2-1
* Thu Feb 18 2021 zhanghua <zhanghua40@huawei.com> - 0.101.4-8
- fix CVE-2019-15961

12
llvm-glibc.patch
View File

@ -1,12 +0,0 @@
Index: clamav-0.97.3/libclamav/c++/llvm/lib/ExecutionEngine/JIT/Intercept.cpp
===================================================================
--- clamav-0.97.3.orig/libclamav/c++/llvm/lib/ExecutionEngine/JIT/Intercept.cpp
+++ clamav-0.97.3/libclamav/c++/llvm/lib/ExecutionEngine/JIT/Intercept.cpp
@@ -52,6 +52,7 @@ static void runAtExitHandlers() {
#include <sys/stat.h>
#endif
#include <fcntl.h>
+#include <unistd.h>
/* stat functions are redirecting to __xstat with a version number. On x86-64
* linking with libc_nonshared.a and -Wl,--export-dynamic doesn't make 'stat'
* available as an exported symbol, so we have to add it explicitly.