Bug#689976: unblock: clamav/0.97.6+dfsg-1
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package clamav
This is a new bugfix release of clamav with only a few small, but important
fixes. Additionally, because it increases the clamav FL (functionality level)
the current wheezy version is no longer able to process all virus signature.
This update is needed for that.
As is usual for clamav, once it's in wheezy, I'll upload it for a stable
update as well.
unblock clamav/0.97.6+dfsg-1
diff -Nru clamav-0.97.5+dfsg/ChangeLog clamav-0.97.6+dfsg/ChangeLog
--- clamav-0.97.5+dfsg/ChangeLog 2012-06-15 10:05:05.000000000 -0400
+++ clamav-0.97.6+dfsg/ChangeLog 2012-09-17 11:15:12.000000000 -0400
@@ -1,3 +1,36 @@
+Mon Sep 6 12:32:00 EDT 2012 (dar)
+---------------------------------
+ * libclamav: bb#5751 - cl_scansis() may returan a file descriptor instead
+ of a valid return code
+
+Mon Jul 2 10:40:50 EDT 2012 (dar)
+----------------------------------
+ * libclamav: bb#5252 - update #4, CL_EUNPACK and caching
+
+Fri Jun 29 14:43:43 EDT 2012 (dar)
+----------------------------------
+ * libclamav: bb#5252 - update #3, more return code tweaks
+
+Tue Jun 26 12:23:44 EDT 2012 (dar)
+----------------------------------
+ * libclamav: bb#5252 - Limit exits on scanraw return codes
+
+Fri Jun 22 16:58:21 EDT 2012 (dar)
+----------------------------------
+ * libclamav: bb#5325 - Quiet Minix warning
+
+Mon Jun 18 17:51:49 EDT 2012 (dar)
+----------------------------------
+ * libclamav: bb#5252 - Update magic_scandesc filtering of scanraw return codes
+
+Thu Jun 14 16:05:53 EDT 2012 (judge)
+----------------------------------
+ * win32: Add MSI projects.
+
+Wed Jun 13 12:00:55 EDT 2012 (olney)
+----------------------------------
+ * V 0.97.5
+
Fri Jun 1 13:15:50 EST 2012 (dar)
---------------------------------
* libclamav: Scan output at end of truncated tar (bb#4625)
diff -Nru clamav-0.97.5+dfsg/configure clamav-0.97.6+dfsg/configure
--- clamav-0.97.5+dfsg/configure 2012-06-15 10:05:05.000000000 -0400
+++ clamav-0.97.6+dfsg/configure 2012-08-10 12:03:23.000000000 -0400
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.65 for ClamAV 0.97.5.
+# Generated by GNU Autoconf 2.65 for ClamAV 0.97.6.
#
# Report bugs to <http://bugs.clamav.net/>.
#
@@ -703,8 +703,8 @@
# Identity of this package.
PACKAGE_NAME='ClamAV'
PACKAGE_TARNAME='clamav'
-PACKAGE_VERSION='0.97.5'
-PACKAGE_STRING='ClamAV 0.97.5'
+PACKAGE_VERSION='0.97.6'
+PACKAGE_STRING='ClamAV 0.97.6'
PACKAGE_BUGREPORT='http://bugs.clamav.net/'
PACKAGE_URL='http://www.clamav.net/'
@@ -1539,7 +1539,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures ClamAV 0.97.5 to adapt to many kinds of systems.
+\`configure' configures ClamAV 0.97.6 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1610,7 +1610,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of ClamAV 0.97.5:";;
+ short | recursive ) echo "Configuration of ClamAV 0.97.6:";;
esac
cat <<\_ACEOF
@@ -1767,7 +1767,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-ClamAV configure 0.97.5
+ClamAV configure 0.97.6
generated by GNU Autoconf 2.65
Copyright (C) 2009 Free Software Foundation, Inc.
@@ -2231,7 +2231,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by ClamAV $as_me 0.97.5, which was
+It was created by ClamAV $as_me 0.97.6, which was
generated by GNU Autoconf 2.65. Invocation command line was
$ $0 $@
@@ -3345,7 +3345,7 @@
# Define the identity of the package.
PACKAGE='clamav'
- VERSION='0.97.5'
+ VERSION='0.97.6'
# Some tools Automake needs.
@@ -3474,10 +3474,10 @@
$as_echo "#define PACKAGE PACKAGE_NAME" >>confdefs.h
-VERSION="0.97.5"
+VERSION="0.97.6"
LC_CURRENT=7
-LC_REVISION=14
+LC_REVISION=15
LC_AGE=1
LIBCLAMAV_VERSION="$LC_CURRENT":"$LC_REVISION":"$LC_AGE"
@@ -20635,7 +20635,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by ClamAV $as_me 0.97.5, which was
+This file was extended by ClamAV $as_me 0.97.6, which was
generated by GNU Autoconf 2.65. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -20702,7 +20702,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-ClamAV config.status 0.97.5
+ClamAV config.status 0.97.6
configured by $0, generated by GNU Autoconf 2.65,
with options \\"\$ac_cs_config\\"
@@ -23220,7 +23220,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by ClamAV $as_me 0.97.5, which was
+This file was extended by ClamAV $as_me 0.97.6, which was
generated by GNU Autoconf 2.65. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -23287,7 +23287,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-ClamAV config.status 0.97.5
+ClamAV config.status 0.97.6
configured by $0, generated by GNU Autoconf 2.65,
with options \\"\$ac_cs_config\\"
diff -Nru clamav-0.97.5+dfsg/configure.in clamav-0.97.6+dfsg/configure.in
--- clamav-0.97.5+dfsg/configure.in 2012-06-15 10:05:05.000000000 -0400
+++ clamav-0.97.6+dfsg/configure.in 2012-08-10 12:03:00.000000000 -0400
@@ -20,7 +20,7 @@
AC_PREREQ([2.59])
dnl For a release change [devel] to the real version [0.xy]
dnl also change VERSION below
-AC_INIT([ClamAV], [0.97.5], [http://bugs.clamav.net/], [clamav], [http://www.clamav.net/])
+AC_INIT([ClamAV], [0.97.6], [http://bugs.clamav.net/], [clamav], [http://www.clamav.net/])
AH_BOTTOM([#include "platform.h"])
dnl put configure auxiliary into config
@@ -43,10 +43,10 @@
dnl change this on a release
dnl VERSION="devel-`date +%Y%m%d`"
-VERSION="0.97.5"
+VERSION="0.97.6"
LC_CURRENT=7
-LC_REVISION=14
+LC_REVISION=15
LC_AGE=1
LIBCLAMAV_VERSION="$LC_CURRENT":"$LC_REVISION":"$LC_AGE"
AC_SUBST([LIBCLAMAV_VERSION])
diff -Nru clamav-0.97.5+dfsg/debian/changelog clamav-0.97.6+dfsg/debian/changelog
--- clamav-0.97.5+dfsg/debian/changelog 2012-10-08 13:00:53.000000000 -0400
+++ clamav-0.97.6+dfsg/debian/changelog 2012-10-08 13:00:54.000000000 -0400
@@ -1,3 +1,10 @@
+clamav (0.97.6+dfsg-1) unstable; urgency=low
+
+ * New upstream release (Closes: #689487)
+ * Update libclamav6 lintian override to match updated soversion
+
+ -- Scott Kitterman <scott@kitterman.com> Mon, 08 Oct 2012 12:11:43 -0400
+
clamav (0.97.5+dfsg-6) unstable; urgency=medium
* Urgency medium for RC bug fix the addressess regression from 0.97.3
diff -Nru clamav-0.97.5+dfsg/debian/libclamav6.lintian-overrides clamav-0.97.6+dfsg/debian/libclamav6.lintian-overrides
--- clamav-0.97.5+dfsg/debian/libclamav6.lintian-overrides 2012-10-08 13:00:53.000000000 -0400
+++ clamav-0.97.6+dfsg/debian/libclamav6.lintian-overrides 2012-10-08 13:00:54.000000000 -0400
@@ -1 +1 @@
-libclamav6 binary: embedded-library usr/lib/libclamav.so.6.1.14: zlib
+libclamav6 binary: embedded-library usr/lib/libclamav.so.6.1.15: zlib
diff -Nru clamav-0.97.5+dfsg/libclamav/bytecode_detect.h clamav-0.97.6+dfsg/libclamav/bytecode_detect.h
--- clamav-0.97.5+dfsg/libclamav/bytecode_detect.h 2012-06-15 10:05:05.000000000 -0400
+++ clamav-0.97.6+dfsg/libclamav/bytecode_detect.h 2012-06-27 09:04:48.000000000 -0400
@@ -83,6 +83,7 @@
llvm_os_Solaris,
llvm_os_Win32,
llvm_os_Haiku,
+ llvm_os_Minix,
llvm_os_ANY = 0xff
};
diff -Nru clamav-0.97.5+dfsg/libclamav/c++/detect.cpp clamav-0.97.6+dfsg/libclamav/c++/detect.cpp
--- clamav-0.97.5+dfsg/libclamav/c++/detect.cpp 2012-06-15 10:05:05.000000000 -0400
+++ clamav-0.97.6+dfsg/libclamav/c++/detect.cpp 2012-06-27 09:04:48.000000000 -0400
@@ -158,6 +158,7 @@
warn_assumptions("Operating System", env->os_category, Triple::Win32);
break;
CASE_OS(Haiku, os_unknown);
+ CASE_OS(Minix, os_unknown);
}
// mmap RWX
diff -Nru clamav-0.97.5+dfsg/libclamav/others.h clamav-0.97.6+dfsg/libclamav/others.h
--- clamav-0.97.5+dfsg/libclamav/others.h 2012-06-15 10:05:05.000000000 -0400
+++ clamav-0.97.6+dfsg/libclamav/others.h 2012-08-10 12:02:00.000000000 -0400
@@ -53,7 +53,7 @@
* in re-enabling affected modules.
*/
-#define CL_FLEVEL 65
+#define CL_FLEVEL 67
#define CL_FLEVEL_DCONF CL_FLEVEL
#define CL_FLEVEL_SIGTOOL CL_FLEVEL
diff -Nru clamav-0.97.5+dfsg/libclamav/scanners.c clamav-0.97.6+dfsg/libclamav/scanners.c
--- clamav-0.97.5+dfsg/libclamav/scanners.c 2012-10-08 13:00:53.000000000 -0400
+++ clamav-0.97.6+dfsg/libclamav/scanners.c 2012-08-06 16:26:55.000000000 -0400
@@ -2361,26 +2361,47 @@
if(type != CL_TYPE_IGNORED && (type != CL_TYPE_HTML || !(DCONF_DOC & DOC_CONF_HTML_SKIPRAW)) && !ctx->engine->sdb) {
res = cli_scanraw(ctx, type, typercg, &dettype, hash);
if(res != CL_CLEAN) {
- if(res == CL_VIRUS)
- ret = cli_checkfp(hash, hashed_size, ctx);
- else
- ret = res;
- funmap(*ctx->fmap);
- ctx->fmap--;
- cli_bitset_free(ctx->hook_lsig_matches);
- ctx->hook_lsig_matches = old_hook_lsig_matches;
- /* Same switch as end of magic_scandesc function */
- switch(ret) {
- case CL_EFORMAT:
+ switch(res) {
+ /* List of scan halts, runtime errors only! */
+ case CL_EUNLINK:
+ case CL_ESTAT:
+ case CL_ESEEK:
+ case CL_EWRITE:
+ case CL_EDUP:
+ case CL_ETMPFILE:
+ case CL_ETMPDIR:
+ case CL_EMEM:
+ case CL_ETIMEOUT:
+ cli_dbgmsg("Descriptor[%d]: cli_scanraw error %s\n", desc, cl_strerror(res));
+ funmap(*ctx->fmap);
+ ctx->fmap--;
+ cli_bitset_free(ctx->hook_lsig_matches);
+ ctx->hook_lsig_matches = old_hook_lsig_matches;
+ ret_from_magicscan(res);
+ /* CL_VIRUS = malware found, check FP and report */
+ case CL_VIRUS:
+ ret = cli_checkfp(hash, hashed_size, ctx);
+ funmap(*ctx->fmap);
+ ctx->fmap--;
+ cli_bitset_free(ctx->hook_lsig_matches);
+ ctx->hook_lsig_matches = old_hook_lsig_matches;
+ ret_from_magicscan(ret);
+ /* "MAX" conditions should still fully scan the current file */
case CL_EMAXREC:
case CL_EMAXSIZE:
case CL_EMAXFILES:
- cli_dbgmsg("Descriptor[%d]: %s\n", desc, cl_strerror(ret));
- case CL_CLEAN: /* here, only from cli_checkfp() */
- cache_add(hash, hashed_size, ctx);
- ret_from_magicscan(CL_CLEAN);
+ ret = res;
+ cli_dbgmsg("Descriptor[%d]: Continuing after cli_scanraw reached %s\n",
+ desc, cl_strerror(res));
+ break;
+ /* Other errors must not block further scans below
+ * This specifically includes CL_EFORMAT & CL_EREAD & CL_EUNPACK
+ * Malformed/truncated files could report as any of these three.
+ */
default:
- ret_from_magicscan(ret);
+ ret = res;
+ cli_dbgmsg("Descriptor[%d]: Continuing after cli_scanraw error %s\n",
+ desc, cl_strerror(res));
}
}
}
@@ -2424,11 +2445,16 @@
ctx->hook_lsig_matches = old_hook_lsig_matches;
switch(ret) {
+ /* Malformed file cases */
case CL_EFORMAT:
+ case CL_EREAD:
+ case CL_EUNPACK:
+ /* Limits exceeded */
case CL_EMAXREC:
case CL_EMAXSIZE:
case CL_EMAXFILES:
cli_dbgmsg("Descriptor[%d]: %s\n", desc, cl_strerror(ret));
+ ret_from_magicscan(CL_CLEAN);
case CL_CLEAN:
cache_add(hash, hashed_size, ctx);
ret_from_magicscan(CL_CLEAN);
diff -Nru clamav-0.97.5+dfsg/libclamav/sis.c clamav-0.97.6+dfsg/libclamav/sis.c
--- clamav-0.97.5+dfsg/libclamav/sis.c 2012-06-15 10:05:05.000000000 -0400
+++ clamav-0.97.6+dfsg/libclamav/sis.c 2012-09-17 11:19:33.000000000 -0400
@@ -95,11 +95,16 @@
}
cli_dbgmsg("SIS: UIDS %x %x %x - %x\n", EC32(uid[0]), EC32(uid[1]), EC32(uid[2]), EC32(uid[3]));
- if (uid[2]==EC32(0x10000419))
+ if (uid[2]==le32_to_host(0x10000419)) {
i=real_scansis(f, ctx, tmpd);
- else if(uid[0]==EC32(0x10201a7a)) {
+ }
+ else if(uid[0]==le32_to_host(0x10201a7a)) {
i=real_scansis9x(f, ctx, tmpd);
}
+ else {
+ cli_dbgmsg("SIS: UIDs failed to match\n");
+ i=CL_EFORMAT;
+ }
if (!ctx->engine->keeptmp)
cli_rmdirs(tmpd);
diff -Nru clamav-0.97.5+dfsg/libclamav/version.h clamav-0.97.6+dfsg/libclamav/version.h
--- clamav-0.97.5+dfsg/libclamav/version.h 2012-06-15 10:05:05.000000000 -0400
+++ clamav-0.97.6+dfsg/libclamav/version.h 2012-08-10 13:10:35.000000000 -0400
@@ -1 +1 @@
-#define REPO_VERSION "devel-clamav-0.97.5"
+#define REPO_VERSION "devel-clamav-0.97.6"
diff -Nru clamav-0.97.5+dfsg/NEWS clamav-0.97.6+dfsg/NEWS
--- clamav-0.97.5+dfsg/NEWS 2012-06-15 10:05:05.000000000 -0400
+++ clamav-0.97.6+dfsg/NEWS 2012-09-17 11:16:40.000000000 -0400
@@ -1,10 +1,9 @@
-0.97.5
+0.97.6
------
-ClamAV 0.97.5 addresses possible evasion cases in some archive formats
-(CVE-2012-1457, CVE-2012-1458, CVE-2012-1459). It also addresses stability
-issues in portions of the bytecode engine. This release is recommended for all
-users.
+ClamAV 0.97.6 corrects two major bugs. One is bb#5571, where an invalid return
+code was issued. The other is 5252, where an error in processing certain data
+types occured.
--
The ClamAV team (http://www.clamav.net/team)
diff -Nru clamav-0.97.5+dfsg/README clamav-0.97.6+dfsg/README
--- clamav-0.97.5+dfsg/README 2012-06-15 10:05:05.000000000 -0400
+++ clamav-0.97.6+dfsg/README 2012-09-17 11:02:22.000000000 -0400
@@ -1,6 +1,10 @@
Note: This README/NEWS file refers to the source tarball. Some things described
here may not be available in binary packages.
--
+0.97.6
+------
+ClamAV 0.97.6 corrects bug 5252 "CL_EFORMAT: Bad format or broken data ERROR
+reported as scan result.
0.97.5
------
Reply to: