From 6eda919e16e0fce01e17288524743e311f9e306d Mon Sep 17 00:00:00 2001 From: =?utf8?q?Arkadiusz=20Mi=C5=9Bkiewicz?= Date: Tue, 20 Mar 2018 12:04:52 +0100 Subject: [PATCH] - up to 0.99.4; fixes CVE-2012-6706, CVE-2017-6419, CVE-2017-11423, CVE-2018-0202, and CVE-2018-1000085. --- clamav-0.99.2-temp-cleanup.patch | 137 ------------------------------- clamav.spec | 6 +- 2 files changed, 2 insertions(+), 141 deletions(-) delete mode 100644 clamav-0.99.2-temp-cleanup.patch diff --git a/clamav-0.99.2-temp-cleanup.patch b/clamav-0.99.2-temp-cleanup.patch deleted file mode 100644 index 1b01341..0000000 --- a/clamav-0.99.2-temp-cleanup.patch +++ /dev/null @@ -1,137 +0,0 @@ -https://github.com/vrtadmin/clamav-devel/commit/f5bc94cf01e6a19d5255c0e5f9a5bc2336f5a2b1 -backported (re-merge). See also: - - - https://bugzilla.clamav.net/show_bug.cgi?id=11549 - - https://github.com/e2guardian/e2guardian/issues/159 - ---- clamav-0.99.2/libclamav/scanners.c 2016-04-22 17:02:19.000000000 +0200 -+++ clamav-0.99.2/libclamav/scanners.c.temp-cleanup 2017-11-17 00:59:14.295670694 +0100 -@@ -1342,37 +1342,33 @@ - return CL_CLEAN; - } - -- /* dump to disk only if explicitly asked to -- * or if necessary to check relative offsets, -- * otherwise we can process just in-memory */ -- if(ctx->engine->keeptmp || (troot && troot->ac_reloff_num > 0)) { -- if((ret = cli_gentempfd(ctx->engine->tmpdir, &tmpname, &ofd))) { -- cli_dbgmsg("cli_scanscript: Can't generate temporary file/descriptor\n"); -- return ret; -- } -- if (ctx->engine->keeptmp) -- cli_dbgmsg("cli_scanscript: saving normalized file to %s\n", tmpname); -- } -- - if(!(normalized = cli_malloc(SCANBUFF + maxpatlen))) { - cli_dbgmsg("cli_scanscript: Unable to malloc %u bytes\n", SCANBUFF); -- free(tmpname); - return CL_EMEM; - } -- - text_normalize_init(&state, normalized, SCANBUFF + maxpatlen); -- ret = CL_CLEAN; -- - - if ((ret = cli_ac_initdata(&tmdata, troot?troot->ac_partsigs:0, troot?troot->ac_lsigs:0, troot?troot->ac_reloff_num:0, CLI_DEFAULT_AC_TRACKLEN))) { -- free(tmpname); -- return ret; -+ free(normalized); -+ return ret; - } - - if ((ret = cli_ac_initdata(&gmdata, groot->ac_partsigs, groot->ac_lsigs, groot->ac_reloff_num, CLI_DEFAULT_AC_TRACKLEN))) { -- cli_ac_freedata(&tmdata); -- free(tmpname); -- return ret; -+ cli_ac_freedata(&tmdata); -+ free(normalized); -+ return ret; -+ } -+ -+ /* dump to disk only if explicitly asked to -+ * or if necessary to check relative offsets, -+ * otherwise we can process just in-memory */ -+ if(ctx->engine->keeptmp || (troot && troot->ac_reloff_num > 0)) { -+ if((ret = cli_gentempfd(ctx->engine->tmpdir, &tmpname, &ofd))) { -+ cli_dbgmsg("cli_scanscript: Can't generate temporary file/descriptor\n"); -+ goto done; -+ } -+ if (ctx->engine->keeptmp) -+ cli_dbgmsg("cli_scanscript: saving normalized file to %s\n", tmpname); - } - - mdata[0] = &tmdata; -@@ -1387,10 +1383,9 @@ - map_off += written; - - if (write(ofd, state.out, state.out_pos) == -1) { -- cli_errmsg("cli_scanscript: can't write to file %s\n",tmpname); -- close(ofd); -- free(tmpname); -- return CL_EWRITE; -+ cli_errmsg("cli_scanscript: can't write to file %s\n",tmpname); -+ ret = CL_EWRITE; -+ goto done; - } - text_normalize_reset(&state); - } -@@ -1409,11 +1404,6 @@ - funmap(*ctx->fmap); - } - *ctx->fmap = map; -- -- /* If we aren't keeping temps, delete the normalized file after scan. */ -- if(!(ctx->engine->keeptmp)) -- if (cli_unlink(tmpname)) ret = CL_EUNLINK; -- - } else { - /* Since the above is moderately costly all in all, - * do the old stuff if there's no relative offsets. */ -@@ -1421,11 +1411,8 @@ - if (troot) { - cli_targetinfo(&info, 7, map); - ret = cli_ac_caloff(troot, &tmdata, &info); -- if (ret) { -- cli_ac_freedata(&tmdata); -- free(tmpname); -- return ret; -- } -+ if (ret) -+ goto done; - } - - while(1) { -@@ -1466,13 +1453,6 @@ - - } - -- if(ctx->engine->keeptmp) { -- free(tmpname); -- if (ofd >= 0) -- close(ofd); -- } -- free(normalized); -- - if(ret != CL_VIRUS || SCAN_ALL) { - if ((ret = cli_exp_eval(ctx, troot, &tmdata, NULL, NULL)) == CL_VIRUS) - viruses_found++; -@@ -1481,9 +1461,19 @@ - viruses_found++; - } - -+done: -+ free(normalized); - cli_ac_freedata(&tmdata); - cli_ac_freedata(&gmdata); - -+ if (ofd != -1) -+ close(ofd); -+ if (tmpname != NULL) { -+ if (!ctx->engine->keeptmp) -+ cli_unlink(tmpname); -+ free(tmpname); -+ } -+ - if (SCAN_ALL && viruses_found) - return CL_VIRUS; - diff --git a/clamav.spec b/clamav.spec index 6c658d6..aafdd55 100644 --- a/clamav.spec +++ b/clamav.spec @@ -19,12 +19,12 @@ Summary: An anti-virus utility for Unix Summary(pl.UTF-8): Narzędzie antywirusowe dla Uniksów Name: clamav -Version: 0.99.3 +Version: 0.99.4 Release: 1 License: GPL v2+ Group: Daemons Source0: http://www.clamav.net/downloads/production/%{name}-%{version}.tar.gz -# Source0-md5: 5272f127312e987b3e10c155cf1d84df +# Source0-md5: b9359b90086948b3c4eb97c84cf4b400 Source1: %{name}.init Source2: %{name}.sysconfig Source3: %{name}-milter.init @@ -45,7 +45,6 @@ Patch3: ac2.68.patch Patch4: %{name}-openssl.patch Patch5: %{name}-major.patch Patch6: x32.patch -Patch7: clamav-0.99.2-temp-cleanup.patch URL: http://www.clamav.net/ BuildRequires: autoconf BuildRequires: automake @@ -190,7 +189,6 @@ Biblioteki statyczne clamav. #%patch4 -p1 %patch5 -p1 %patch6 -p1 -%patch7 -p1 %build export CFLAGS="%{rpmcflags} -Wall -W -Wmissing-prototypes -Wmissing-declarations -std=gnu99" -- 2.43.0