[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#690951: pu: package clamav/0.97.6+dfsg-1~squeeze1

And the forgotten debdiff.

Scott K
diff -Nru clamav-0.97.5+dfsg/ChangeLog clamav-0.97.6+dfsg/ChangeLog
--- clamav-0.97.5+dfsg/ChangeLog	2012-06-15 10:05:05.000000000 -0400
+++ clamav-0.97.6+dfsg/ChangeLog	2012-09-17 11:15:12.000000000 -0400
@@ -1,3 +1,36 @@
+Mon Sep 6 12:32:00 EDT 2012 (dar)
+---------------------------------
+ * libclamav: bb#5751 - cl_scansis() may returan a file descriptor instead
+              of a valid return code
+
+Mon Jul 2 10:40:50 EDT 2012 (dar)
+----------------------------------
+ * libclamav: bb#5252 - update #4, CL_EUNPACK and caching
+
+Fri Jun 29 14:43:43 EDT 2012 (dar)
+----------------------------------
+ * libclamav: bb#5252 - update #3, more return code tweaks
+
+Tue Jun 26 12:23:44 EDT 2012 (dar)
+----------------------------------
+ * libclamav: bb#5252 - Limit exits on scanraw return codes
+
+Fri Jun 22 16:58:21 EDT 2012 (dar)
+----------------------------------
+ * libclamav: bb#5325 - Quiet Minix warning
+
+Mon Jun 18 17:51:49 EDT 2012 (dar)
+----------------------------------
+ * libclamav: bb#5252 - Update magic_scandesc filtering of scanraw return codes
+
+Thu Jun 14 16:05:53 EDT 2012 (judge)
+----------------------------------
+ * win32: Add MSI projects.
+
+Wed Jun 13 12:00:55 EDT 2012 (olney)
+----------------------------------
+ * V 0.97.5
+
 Fri Jun 1 13:15:50 EST 2012 (dar)
 ---------------------------------
  * libclamav: Scan output at end of truncated tar (bb#4625) 
diff -Nru clamav-0.97.5+dfsg/configure clamav-0.97.6+dfsg/configure
--- clamav-0.97.5+dfsg/configure	2012-06-15 10:05:05.000000000 -0400
+++ clamav-0.97.6+dfsg/configure	2012-08-10 12:03:23.000000000 -0400
@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.65 for ClamAV 0.97.5.
+# Generated by GNU Autoconf 2.65 for ClamAV 0.97.6.
 #
 # Report bugs to <http://bugs.clamav.net/>.
 #
@@ -703,8 +703,8 @@
 # Identity of this package.
 PACKAGE_NAME='ClamAV'
 PACKAGE_TARNAME='clamav'
-PACKAGE_VERSION='0.97.5'
-PACKAGE_STRING='ClamAV 0.97.5'
+PACKAGE_VERSION='0.97.6'
+PACKAGE_STRING='ClamAV 0.97.6'
 PACKAGE_BUGREPORT='http://bugs.clamav.net/'
 PACKAGE_URL='http://www.clamav.net/'
 
@@ -1539,7 +1539,7 @@
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures ClamAV 0.97.5 to adapt to many kinds of systems.
+\`configure' configures ClamAV 0.97.6 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1610,7 +1610,7 @@
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of ClamAV 0.97.5:";;
+     short | recursive ) echo "Configuration of ClamAV 0.97.6:";;
    esac
   cat <<\_ACEOF
 
@@ -1767,7 +1767,7 @@
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-ClamAV configure 0.97.5
+ClamAV configure 0.97.6
 generated by GNU Autoconf 2.65
 
 Copyright (C) 2009 Free Software Foundation, Inc.
@@ -2231,7 +2231,7 @@
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by ClamAV $as_me 0.97.5, which was
+It was created by ClamAV $as_me 0.97.6, which was
 generated by GNU Autoconf 2.65.  Invocation command line was
 
   $ $0 $@
@@ -3345,7 +3345,7 @@
 
 # Define the identity of the package.
  PACKAGE='clamav'
- VERSION='0.97.5'
+ VERSION='0.97.6'
 
 
 # Some tools Automake needs.
@@ -3474,10 +3474,10 @@
 $as_echo "#define PACKAGE PACKAGE_NAME" >>confdefs.h
 
 
-VERSION="0.97.5"
+VERSION="0.97.6"
 
 LC_CURRENT=7
-LC_REVISION=14
+LC_REVISION=15
 LC_AGE=1
 LIBCLAMAV_VERSION="$LC_CURRENT":"$LC_REVISION":"$LC_AGE"
 
@@ -20635,7 +20635,7 @@
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by ClamAV $as_me 0.97.5, which was
+This file was extended by ClamAV $as_me 0.97.6, which was
 generated by GNU Autoconf 2.65.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -20702,7 +20702,7 @@
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-ClamAV config.status 0.97.5
+ClamAV config.status 0.97.6
 configured by $0, generated by GNU Autoconf 2.65,
   with options \\"\$ac_cs_config\\"
 
@@ -23220,7 +23220,7 @@
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by ClamAV $as_me 0.97.5, which was
+This file was extended by ClamAV $as_me 0.97.6, which was
 generated by GNU Autoconf 2.65.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -23287,7 +23287,7 @@
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-ClamAV config.status 0.97.5
+ClamAV config.status 0.97.6
 configured by $0, generated by GNU Autoconf 2.65,
   with options \\"\$ac_cs_config\\"
 
diff -Nru clamav-0.97.5+dfsg/configure.in clamav-0.97.6+dfsg/configure.in
--- clamav-0.97.5+dfsg/configure.in	2012-06-15 10:05:05.000000000 -0400
+++ clamav-0.97.6+dfsg/configure.in	2012-08-10 12:03:00.000000000 -0400
@@ -20,7 +20,7 @@
 AC_PREREQ([2.59])
 dnl For a release change [devel] to the real version [0.xy]
 dnl also change VERSION below
-AC_INIT([ClamAV], [0.97.5], [http://bugs.clamav.net/], [clamav], [http://www.clamav.net/])
+AC_INIT([ClamAV], [0.97.6], [http://bugs.clamav.net/], [clamav], [http://www.clamav.net/])
 
 AH_BOTTOM([#include "platform.h"])
 dnl put configure auxiliary into config
@@ -43,10 +43,10 @@
 
 dnl change this on a release
 dnl VERSION="devel-`date +%Y%m%d`"
-VERSION="0.97.5"
+VERSION="0.97.6"
 
 LC_CURRENT=7
-LC_REVISION=14
+LC_REVISION=15
 LC_AGE=1
 LIBCLAMAV_VERSION="$LC_CURRENT":"$LC_REVISION":"$LC_AGE"
 AC_SUBST([LIBCLAMAV_VERSION])
diff -Nru clamav-0.97.5+dfsg/debian/changelog clamav-0.97.6+dfsg/debian/changelog
--- clamav-0.97.5+dfsg/debian/changelog	2012-10-19 09:27:19.000000000 -0400
+++ clamav-0.97.6+dfsg/debian/changelog	2012-10-19 09:27:20.000000000 -0400
@@ -1,3 +1,10 @@
+clamav (0.97.6+dfsg-1~squeeze1) stable; urgency=low
+
+  * New upstream release (Closes: #689487)
+  * Update libclamav6 lintian override to match updated soversion
+
+ -- Scott Kitterman <scott@kitterman.com>  Fri, 19 Oct 2012 09:15:49 -0400
+
 clamav (0.97.5+dfsg-6~squeeze1) stable; urgency=medium
 
   * Urgency medium for RC bug fix the addressess regression from 0.97.3
diff -Nru clamav-0.97.5+dfsg/debian/libclamav6.lintian-overrides clamav-0.97.6+dfsg/debian/libclamav6.lintian-overrides
--- clamav-0.97.5+dfsg/debian/libclamav6.lintian-overrides	2012-10-19 09:27:19.000000000 -0400
+++ clamav-0.97.6+dfsg/debian/libclamav6.lintian-overrides	2012-10-19 09:27:20.000000000 -0400
@@ -1 +1 @@
-libclamav6 binary: embedded-library usr/lib/libclamav.so.6.1.14: zlib
+libclamav6 binary: embedded-library usr/lib/libclamav.so.6.1.15: zlib
diff -Nru clamav-0.97.5+dfsg/libclamav/bytecode_detect.h clamav-0.97.6+dfsg/libclamav/bytecode_detect.h
--- clamav-0.97.5+dfsg/libclamav/bytecode_detect.h	2012-06-15 10:05:05.000000000 -0400
+++ clamav-0.97.6+dfsg/libclamav/bytecode_detect.h	2012-06-27 09:04:48.000000000 -0400
@@ -83,6 +83,7 @@
   llvm_os_Solaris,
   llvm_os_Win32,
   llvm_os_Haiku,
+  llvm_os_Minix,
   llvm_os_ANY = 0xff
 };
 
diff -Nru clamav-0.97.5+dfsg/libclamav/c++/detect.cpp clamav-0.97.6+dfsg/libclamav/c++/detect.cpp
--- clamav-0.97.5+dfsg/libclamav/c++/detect.cpp	2012-06-15 10:05:05.000000000 -0400
+++ clamav-0.97.6+dfsg/libclamav/c++/detect.cpp	2012-06-27 09:04:48.000000000 -0400
@@ -158,6 +158,7 @@
 		 warn_assumptions("Operating System", env->os_category, Triple::Win32);
 	     break;
 	CASE_OS(Haiku, os_unknown);
+	CASE_OS(Minix, os_unknown);
     }
 
     // mmap RWX
diff -Nru clamav-0.97.5+dfsg/libclamav/others.h clamav-0.97.6+dfsg/libclamav/others.h
--- clamav-0.97.5+dfsg/libclamav/others.h	2012-06-15 10:05:05.000000000 -0400
+++ clamav-0.97.6+dfsg/libclamav/others.h	2012-08-10 12:02:00.000000000 -0400
@@ -53,7 +53,7 @@
  * in re-enabling affected modules.
  */
 
-#define CL_FLEVEL 65
+#define CL_FLEVEL 67
 #define CL_FLEVEL_DCONF	CL_FLEVEL
 #define CL_FLEVEL_SIGTOOL CL_FLEVEL
 
diff -Nru clamav-0.97.5+dfsg/libclamav/scanners.c clamav-0.97.6+dfsg/libclamav/scanners.c
--- clamav-0.97.5+dfsg/libclamav/scanners.c	2012-10-19 09:27:19.000000000 -0400
+++ clamav-0.97.6+dfsg/libclamav/scanners.c	2012-08-06 16:26:55.000000000 -0400
@@ -2361,26 +2361,47 @@
     if(type != CL_TYPE_IGNORED && (type != CL_TYPE_HTML || !(DCONF_DOC & DOC_CONF_HTML_SKIPRAW)) && !ctx->engine->sdb) {
 	res = cli_scanraw(ctx, type, typercg, &dettype, hash);
 	if(res != CL_CLEAN) {
-	    if(res == CL_VIRUS)
-		ret =  cli_checkfp(hash, hashed_size, ctx);
-	    else
-		ret = res;
-	    funmap(*ctx->fmap);
-	    ctx->fmap--;
-	    cli_bitset_free(ctx->hook_lsig_matches);
-	    ctx->hook_lsig_matches = old_hook_lsig_matches;
-	    /* Same switch as end of magic_scandesc function */
-	    switch(ret) {
-		case CL_EFORMAT:
+	    switch(res) {
+		/* List of scan halts, runtime errors only! */
+		case CL_EUNLINK:
+		case CL_ESTAT:
+		case CL_ESEEK:
+		case CL_EWRITE:
+		case CL_EDUP:
+		case CL_ETMPFILE:
+		case CL_ETMPDIR:
+		case CL_EMEM:
+		case CL_ETIMEOUT:
+		    cli_dbgmsg("Descriptor[%d]: cli_scanraw error %s\n", desc, cl_strerror(res));
+		    funmap(*ctx->fmap);
+		    ctx->fmap--;
+		    cli_bitset_free(ctx->hook_lsig_matches);
+		    ctx->hook_lsig_matches = old_hook_lsig_matches;
+		    ret_from_magicscan(res);
+		/* CL_VIRUS = malware found, check FP and report */
+		case CL_VIRUS:
+		    ret = cli_checkfp(hash, hashed_size, ctx);
+		    funmap(*ctx->fmap);
+		    ctx->fmap--;
+		    cli_bitset_free(ctx->hook_lsig_matches);
+		    ctx->hook_lsig_matches = old_hook_lsig_matches;
+		    ret_from_magicscan(ret);
+		/* "MAX" conditions should still fully scan the current file */
 		case CL_EMAXREC:
 		case CL_EMAXSIZE:
 		case CL_EMAXFILES:
-		    cli_dbgmsg("Descriptor[%d]: %s\n", desc, cl_strerror(ret));
-		case CL_CLEAN: /* here, only from cli_checkfp() */
-		    cache_add(hash, hashed_size, ctx);
-		    ret_from_magicscan(CL_CLEAN);
+		    ret = res;
+		    cli_dbgmsg("Descriptor[%d]: Continuing after cli_scanraw reached %s\n",
+			desc, cl_strerror(res));
+		    break;
+		/* Other errors must not block further scans below
+		 * This specifically includes CL_EFORMAT & CL_EREAD & CL_EUNPACK
+		 * Malformed/truncated files could report as any of these three.
+		 */
 		default:
-		    ret_from_magicscan(ret);
+		    ret = res;
+		    cli_dbgmsg("Descriptor[%d]: Continuing after cli_scanraw error %s\n",
+			desc, cl_strerror(res));
 	    }
 	}
     }
@@ -2424,11 +2445,16 @@
     ctx->hook_lsig_matches = old_hook_lsig_matches;
 
     switch(ret) {
+	/* Malformed file cases */
 	case CL_EFORMAT:
+	case CL_EREAD:
+	case CL_EUNPACK:
+	/* Limits exceeded */
 	case CL_EMAXREC:
 	case CL_EMAXSIZE:
 	case CL_EMAXFILES:
 	    cli_dbgmsg("Descriptor[%d]: %s\n", desc, cl_strerror(ret));
+	    ret_from_magicscan(CL_CLEAN);
 	case CL_CLEAN:
 	    cache_add(hash, hashed_size, ctx);
 	    ret_from_magicscan(CL_CLEAN);
diff -Nru clamav-0.97.5+dfsg/libclamav/sis.c clamav-0.97.6+dfsg/libclamav/sis.c
--- clamav-0.97.5+dfsg/libclamav/sis.c	2012-06-15 10:05:05.000000000 -0400
+++ clamav-0.97.6+dfsg/libclamav/sis.c	2012-09-17 11:19:33.000000000 -0400
@@ -95,11 +95,16 @@
   }
 
   cli_dbgmsg("SIS: UIDS %x %x %x - %x\n", EC32(uid[0]), EC32(uid[1]), EC32(uid[2]), EC32(uid[3]));
-  if (uid[2]==EC32(0x10000419))
+  if (uid[2]==le32_to_host(0x10000419)) {
     i=real_scansis(f, ctx, tmpd);
-  else if(uid[0]==EC32(0x10201a7a)) {
+  }
+  else if(uid[0]==le32_to_host(0x10201a7a)) {
     i=real_scansis9x(f, ctx, tmpd);
   }
+  else {
+    cli_dbgmsg("SIS: UIDs failed to match\n");
+    i=CL_EFORMAT;
+  }
 
   if (!ctx->engine->keeptmp)
     cli_rmdirs(tmpd);
diff -Nru clamav-0.97.5+dfsg/libclamav/version.h clamav-0.97.6+dfsg/libclamav/version.h
--- clamav-0.97.5+dfsg/libclamav/version.h	2012-06-15 10:05:05.000000000 -0400
+++ clamav-0.97.6+dfsg/libclamav/version.h	2012-08-10 13:10:35.000000000 -0400
@@ -1 +1 @@
-#define REPO_VERSION "devel-clamav-0.97.5"
+#define REPO_VERSION "devel-clamav-0.97.6"
diff -Nru clamav-0.97.5+dfsg/NEWS clamav-0.97.6+dfsg/NEWS
--- clamav-0.97.5+dfsg/NEWS	2012-06-15 10:05:05.000000000 -0400
+++ clamav-0.97.6+dfsg/NEWS	2012-09-17 11:16:40.000000000 -0400
@@ -1,10 +1,9 @@
-0.97.5
+0.97.6
 ------
 
-ClamAV 0.97.5 addresses possible evasion cases in some archive formats
-(CVE-2012-1457, CVE-2012-1458, CVE-2012-1459).  It also addresses stability
-issues in portions of the bytecode engine.  This release is recommended for all
-users.
+ClamAV 0.97.6 corrects two major bugs.  One is bb#5571, where an invalid return
+code was issued.  The other is 5252, where an error in processing certain data
+types occured.
 
 --
 The ClamAV team (http://www.clamav.net/team)
diff -Nru clamav-0.97.5+dfsg/README clamav-0.97.6+dfsg/README
--- clamav-0.97.5+dfsg/README	2012-06-15 10:05:05.000000000 -0400
+++ clamav-0.97.6+dfsg/README	2012-09-17 11:02:22.000000000 -0400
@@ -1,6 +1,10 @@
 Note: This README/NEWS file refers to the source tarball. Some things described
 here may not be available in binary packages.
 --
+0.97.6
+------
+ClamAV 0.97.6 corrects bug 5252 "CL_EFORMAT: Bad format or broken data ERROR
+reported as scan result.
 
 0.97.5
 ------

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to: