Sprout from master 2004-10-19 09:52:37 UTC Paweł Gołaszewski <blues@pld-linux.org> '- release 4 for AC (rel.3 is for RA)'
Cherrypick from master 2004-02-10 18:16:18 UTC Paweł Sikora <pluto@pld-linux.org> '- patch updated.':
clamav-oversize_zip.patch -> 1.1
clamav-remote_dos_exploit.patch -> 1.2
Delete:
clamav-pld_config.patch
--- /dev/null
+--- clamav-0.65.orig/libclamav/scanners.c 2003-11-09 20:14:42.000000000 +0100
++++ clamav-0.65/libclamav/scanners.c 2004-01-07 13:25:40.261486088 +0100
+@@ -61,7 +61,7 @@
+ #define DELIVERED_MAGIC_STR "Delivered-To: "
+ #define BZIP_MAGIC_STR "BZh"
+
+-#define ZIPOSDET 20 /* FIXME: Make it user definable */
++#define ZIPOSDET 200 /* FIXME: Make it user definable */
+
+ int cli_magic_scandesc(int desc, char **virname, long int *scanned, const struct cl_node *root, const struct cl_limits *limits, int options, int *reclev);
+
+++ /dev/null
-diff -urN clamav-0.80rc4.orig/etc/clamd.conf clamav-0.80rc4/etc/clamd.conf
---- clamav-0.80rc4.orig/etc/clamd.conf 2004-10-11 03:14:30.000000000 +0200
-+++ clamav-0.80rc4/etc/clamd.conf 2004-10-16 23:14:10.722021576 +0200
-@@ -5,13 +5,13 @@
-
-
- # Comment or remove the line below.
--Example
-+#Example
-
- # Uncomment this option to enable logging.
- # LogFile must be writable for the user running daemon.
- # A full path is required.
- # Default: disabled
--#LogFile /tmp/clamd.log
-+#LogFile /var/log/clamd.log
-
- # By default the log file is locked for writing - the lock protects against
- # running clamd multiple times (if want to run another clamd, please
-@@ -40,7 +40,7 @@
-
- # Use system logger (can work together with LogFile).
- # Default: disabled
--#LogSyslog
-+LogSyslog
-
- # Specify the type of syslog messages - please refer to 'man syslog'
- # for facility names.
-@@ -54,7 +54,7 @@
- # This option allows you to save a process identifier of the listening
- # daemon (main thread).
- # Default: disabled
--#PidFile /var/run/clamd.pid
-+PidFile /var/run/clamav/clamd.pid
-
- # Optional path to the global temporary directory.
- # Default: system specific (usually /tmp or /var/tmp).
-@@ -69,7 +69,7 @@
-
- # Path to a local socket file the daemon will listen on.
- # Default: disabled
--LocalSocket /tmp/clamd
-+LocalSocket /var/lib/clamav/clamd.socket
-
- # Remove stale socket after unclean shutdown.
- # Default: disabled
-@@ -130,11 +130,11 @@
-
- # Run as a selected user (clamd must be started by root).
- # Default: disabled
--#User clamav
-+User clamav
-
- # Initialize supplementary group access (clamd must be started by root).
- # Default: disabled
--#AllowSupplementaryGroups
-+AllowSupplementaryGroups
-
- # Don't fork into background.
- # Default: disabled
-@@ -273,15 +273,15 @@
-
- # Set access mask for Clamuko.
- # Default: disabled
--#ClamukoScanOnOpen
--#ClamukoScanOnClose
--#ClamukoScanOnExec
-+ClamukoScanOnOpen
-+ClamukoScanOnClose
-+ClamukoScanOnExec
-
- # Set the include paths (all files in them will be scanned). You can have
- # multiple ClamukoIncludePath directives but each directory must be added
- # in a seperate line.
- # Default: disabled
--#ClamukoIncludePath /home
-+ClamukoIncludePath /home
- #ClamukoIncludePath /students
-
- # Set the exclude paths. All subdirectories are also excluded.
-diff -urN clamav-0.80rc4.orig/etc/freshclam.conf clamav-0.80rc4/etc/freshclam.conf
---- clamav-0.80rc4.orig/etc/freshclam.conf 2004-09-27 22:35:01.000000000 +0200
-+++ clamav-0.80rc4/etc/freshclam.conf 2004-10-16 23:17:04.467608232 +0200
-@@ -3,10 +3,14 @@
- ## Please read the freshclam.conf(5) manual before editing this file.
- ## This file may be optionally merged with clamd.conf.
- ##
--
-+## PLD NOTE: Note that freshclam is called periodically via cron
-+## Check /etc/sysconfig/clamd for details
-+## Seems better to run task once per period than keep daemon running
-+## only for that.
-+## But if you have arguments please tell us.
-
- # Comment or remove the line below.
--Example
-+#Example
-
- # Path to the database directory.
- # WARNING: It must match clamd.conf's directive!
-@@ -19,11 +23,11 @@
-
- # Enable verbose logging.
- # Default: disabled
--#LogVerbose
-+LogVerbose
-
- # Use system logger (can work together with UpdateLogFile).
- # Default: disabled
--#LogSyslog
-+LogSyslog
-
- # Specify the type of syslog messages - please refer to 'man syslog'
- # for facility names.
-@@ -37,7 +41,7 @@
- # By default when started freshclam drops privileges and switches to the
- # "clamav" user. This directive allows you to change the database owner.
- # Default: clamav (may depend on installation options)
--#DatabaseOwner clamav
-+DatabaseOwner clamav
-
- # Use DNS to verify virus database version. Freshclam uses DNS TXT records
- # to verify database and software versions. We highly recommend enabling
-@@ -62,7 +66,7 @@
-
- # Number of database checks per day.
- # Default: 12 (every two hours)
--#Checks 24
-+Checks 2
-
- # Proxy settings
- # Default: disabled
-@@ -76,7 +80,7 @@
- #NotifyClamd
- # By default it uses the hardcoded configuration file but you can force an
- # another one.
--#NotifyClamd /config/file/path
-+NotifyClamd /etc/clamav.conf
-
- # Run command after successful database update.
- # Default: disabled
--- /dev/null
+--- libclamav/message.c.orig 2003-11-05 11:59:53.000000000 +0100
++++ libclamav/message.c 2004-02-10 19:11:14.728993368 +0100
+@@ -74,7 +74,7 @@
+
+ typedef enum { FALSE = 0, TRUE = 1 } bool;
+
+-static unsigned char *decodeLine(const message *m, const char *line, unsigned char *ptr);
++static unsigned char *decodeLine(const message *m, const char *line, unsigned char *buf, size_t buflen);
+ static unsigned char *decode(const char *in, unsigned char *out, unsigned char (*decoder)(char), bool isFast);
+ static unsigned char hex(char c);
+ static unsigned char base64(char c);
+@@ -273,7 +273,7 @@
+
+ if(offset == m->numberOfArguments) {
+ m->numberOfArguments++;
+- m->mimeArguments = (char **)realloc(m->mimeArguments, m->numberOfArguments * sizeof(char *));
++ m->mimeArguments = (char **)cli_realloc(m->mimeArguments, m->numberOfArguments * sizeof(char *));
+ }
+
+ m->mimeArguments[offset] = strdup(arg);
+@@ -658,7 +658,7 @@
+ if(strcasecmp(line, "end") == 0)
+ break;
+
+- uptr = decodeLine(m, line, data);
++ uptr = decodeLine(m, line, data, sizeof(data));
+
+ if(uptr == NULL)
+ break;
+@@ -737,7 +737,7 @@
+ if(strcasecmp(line, "end") == 0)
+ break;
+
+- uptr = decodeLine(m, line, data);
++ uptr = decodeLine(m, line, data, sizeof(data));
+
+ if(uptr == NULL)
+ break;
+@@ -798,24 +798,24 @@
+ * to help appending callers. There is no new line at the end of "line"
+ */
+ static unsigned char *
+-decodeLine(const message *m, const char *line, unsigned char *ptr)
++decodeLine(const message *m, const char *line, unsigned char *buf, size_t buflen)
+ {
+- int len;
++ size_t len;
+ bool softbreak;
+ char *p2;
+ char *copy;
+
+ assert(m != NULL);
+ assert(line != NULL);
+- assert(ptr != NULL);
++ assert(buf != NULL);
+
+ switch(messageGetEncoding(m)) {
+ case NOENCODING:
+ case EIGHTBIT:
+ default: /* unknown encoding type - try our best */
+- ptr = (unsigned char *)strrcpy((char *)ptr, line);
++ buf = (unsigned char *)strrcpy((char *)buf, line);
+ /* Put the new line back in */
+- return (unsigned char *)strrcpy((char *)ptr, "\n");
++ return (unsigned char *)strrcpy((char *)buf, "\n");
+
+ case QUOTEDPRINTABLE:
+ softbreak = FALSE;
+@@ -836,20 +836,20 @@
+ * broken e-mail, not
+ * adhering to RFC1522
+ */
+- *ptr++ = byte;
++ *buf++ = byte;
+ break;
+ }
+
+ byte <<= 4;
+ byte += hex(*line);
+- *ptr++ = byte;
++ *buf++ = byte;
+ } else
+- *ptr++ = *line;
++ *buf++ = *line;
+ line++;
+ }
+ if(!softbreak)
+ /* Put the new line back in */
+- *ptr++ = '\n';
++ *buf++ = '\n';
+ break;
+
+ case BASE64:
+@@ -864,8 +864,8 @@
+ /*
+ * Klez doesn't always put "=" on the last line
+ */
+- /*ptr = decode(line, ptr, base64, p2 == NULL);*/
+- ptr = decode(copy, ptr, base64, 0);
++ /*buf = decode(line, buf, base64, p2 == NULL);*/
++ buf = decode(copy, buf, base64, 0);
+
+ free(copy);
+ break;
+@@ -878,15 +878,20 @@
+ if(strcasecmp(line, "end") == 0)
+ break;
+
+- assert(strlen(line) <= 62);
+ if((line[0] & 0x3F) == ' ')
+ break;
+
+ len = *line++ - ' ';
+
+- assert((len >= 0) && (len <= 63));
+-
+- ptr = decode(line, ptr, uudecode, (len & 3) == 0);
++ if(len > buflen)
++ /*
++ * In practice this should never occur since
++ * the maximum length of a uuencoded line is
++ * 62 characters
++ */
++ cli_warnmsg("uudecode: buffer overflow stopped, attempting to ignore but decoding may fail");
++ else
++ buf = decode(line, buf, uudecode, (len & 3) == 0);
+ break;
+
+ case BINARY:
+@@ -896,8 +901,8 @@
+ break;
+ }
+
+- *ptr = '\0';
+- return ptr;
++ *buf = '\0';
++ return buf;
+ }
+
+ static unsigned char *