[Pkg-clamav-devel] Bug#934094: buster-pu: package clamav/0.101.2+dfsg-1+deb10u1
Sebastian Andrzej Siewior
sebastian at breakpoint.cc
Tue Aug 6 22:53:02 BST 2019
Package: release.debian.org
User: release.debian.org at packages.debian.org
Usertags: pu
Tags: buster
Severity: normal
Clamav upstream released 0.101.3 which is a "security patch release"
only. It is described [0] as:
|ClamAV 0.101.3 is a patch release to address a vulnerability to non-recursive
|zip bombs.
|
|A Denial-of-Service (DoS) vulnerability may occur when scanning a zip bomb as a
|result of excessively long scan times. The issue is resolved by detecting the
|overlapping local file headers which characterize the non-recursive zip bomb
|described by David Fifield.
It also contains an updated libmspack but this is not included in the
repacked orig file since the in-archive libmspack is used.
I cherry-picked the version update and the zip fix from upstream and
prepared an upload for Buster.
[0] https://blog.clamav.net/2019/08/clamav-01013-security-patch-release-and.html
Sebastian
-------------- next part --------------
diff -Nru clamav-0.101.2+dfsg/debian/changelog clamav-0.101.2+dfsg/debian/changelog
--- clamav-0.101.2+dfsg/debian/changelog 2019-03-30 16:25:48.000000000 +0100
+++ clamav-0.101.2+dfsg/debian/changelog 2019-08-06 22:07:01.000000000 +0200
@@ -1,3 +1,10 @@
+clamav (0.101.2+dfsg-1+deb10u1) buster; urgency=medium
+
+ * Cherry-pick a fix from 0.101.3 to address a vulnerability to
+ non-recursive zip bombs.
+
+ -- Sebastian Andrzej Siewior <sebastian at breakpoint.cc> Tue, 06 Aug 2019 22:07:01 +0200
+
clamav (0.101.2+dfsg-1) unstable; urgency=high
* Import 0.101.2
diff -Nru clamav-0.101.2+dfsg/debian/.git-dpm clamav-0.101.2+dfsg/debian/.git-dpm
--- clamav-0.101.2+dfsg/debian/.git-dpm 2019-03-30 15:32:49.000000000 +0100
+++ clamav-0.101.2+dfsg/debian/.git-dpm 2019-08-06 22:02:44.000000000 +0200
@@ -1,6 +1,6 @@
# see git-dpm(1) from git-dpm package
-cb77f255d9bc2871a474227e2a8676dfd930a483
-cb77f255d9bc2871a474227e2a8676dfd930a483
+f9c686061408a8a6378bb089e57c541713fb8a7c
+f9c686061408a8a6378bb089e57c541713fb8a7c
5a612c89e68e5010b2cd71002ceb15efc03a2324
5a612c89e68e5010b2cd71002ceb15efc03a2324
clamav_0.101.2+dfsg.orig.tar.xz
diff -Nru clamav-0.101.2+dfsg/debian/patches/Adds-detection-and-heuristic-alert-for-zips-with-ove.patch clamav-0.101.2+dfsg/debian/patches/Adds-detection-and-heuristic-alert-for-zips-with-ove.patch
--- clamav-0.101.2+dfsg/debian/patches/Adds-detection-and-heuristic-alert-for-zips-with-ove.patch 1970-01-01 01:00:00.000000000 +0100
+++ clamav-0.101.2+dfsg/debian/patches/Adds-detection-and-heuristic-alert-for-zips-with-ove.patch 2019-08-06 22:02:44.000000000 +0200
@@ -0,0 +1,233 @@
+From f9c686061408a8a6378bb089e57c541713fb8a7c Mon Sep 17 00:00:00 2001
+From: Micah Snyder <micasnyd at cisco.com>
+Date: Fri, 12 Jul 2019 21:09:45 -0400
+Subject: Adds detection and heuristic alert for zips with overlapping files,
+ preventing extraction of non-recursive zip bombs.
+
+Patch-Name: Adds-detection-and-heuristic-alert-for-zips-with-ove.patch
+Signed-off-by: Sebastian Andrzej Siewior <sebastian at breakpoint.cc>
+---
+ NEWS.md | 15 ++++++----
+ libclamav/unzip.c | 74 ++++++++++++++++++++++++++++++++++++++++-------
+ 2 files changed, 72 insertions(+), 17 deletions(-)
+
+diff --git a/NEWS.md b/NEWS.md
+index 3cd2587..76d8474 100644
+--- a/NEWS.md
++++ b/NEWS.md
+@@ -5,14 +5,17 @@ Note: This file refers to the source tarball. Things described here may differ
+
+ ## 0.101.3
+
+-ClamAV 0.101.3 is a patch release...
++ClamAV 0.101.3 is a patch release to address a vulnerability to non-recursive
++zip bombs.
+
+-- Fixes for the following vulnerabilities affecting 0.101.2 and prior:
+- -
++A Denial-of-Service (DoS) vulnerability may occur when scanning a zip bomb as a
++result of excessively long scan times. The issue is resolved by detecting the
++overlapping local file headers which characterize the non-recursive zip bomb
++described by David Fifield,
++[here](https://www.bamsoftware.com/hacks/zipbomb/).
+
+-Additional thanks to the following community members for submitting bug reports:
+-
+--
++Thank you to Hanno Böck for reporting the issue as it relates to ClamAV,
++[here](https://bugzilla.clamav.net/show_bug.cgi?id=12356).
+
+ ## 0.101.2
+
+diff --git a/libclamav/unzip.c b/libclamav/unzip.c
+index 0216908..a67b92d 100644
+--- a/libclamav/unzip.c
++++ b/libclamav/unzip.c
+@@ -54,6 +54,8 @@
+ #define UNZIP_PRIVATE
+ #include "unzip.h"
+
++#define ZIP_MAX_NUM_OVERLAPPING_FILES 5
++
+ #define ZIP_CRC32(r,c,b,l) \
+ do { \
+ r = crc32(~c,b,l); \
+@@ -493,14 +495,14 @@ static inline int zdecrypt(const uint8_t *src, uint32_t csize, uint32_t usize, c
+ if (pass_zip)
+ pass_zip = pass_zip->next;
+ else
+- pass_any = pass_any->next;
++ pass_any = pass_any->next;
+ }
+
+ cli_dbgmsg("cli_unzip: decrypt - skipping encrypted file, no valid passwords\n");
+ return CL_SUCCESS;
+ }
+
+-static unsigned int lhdr(fmap_t *map, uint32_t loff,uint32_t zsize, unsigned int *fu, unsigned int fc, const uint8_t *ch, int *ret, cli_ctx *ctx, char *tmpd, int detect_encrypted, zip_cb zcb) {
++static unsigned int lhdr(fmap_t *map, uint32_t loff,uint32_t zsize, unsigned int *fu, unsigned int fc, const uint8_t *ch, int *ret, cli_ctx *ctx, char *tmpd, int detect_encrypted, zip_cb zcb, uint32_t *file_local_header_size, uint32_t* file_local_data_size) {
+ const uint8_t *lh, *zip;
+ char name[256];
+ uint32_t csize, usize;
+@@ -563,7 +565,7 @@ static unsigned int lhdr(fmap_t *map, uint32_t loff,uint32_t zsize, unsigned int
+ }
+ virus_found = 1;
+ }
+-
++
+ if(LH_flags & F_USEDD) {
+ cli_dbgmsg("cli_unzip: lh - has data desc\n");
+ if(!ch) {
+@@ -581,6 +583,11 @@ static unsigned int lhdr(fmap_t *map, uint32_t loff,uint32_t zsize, unsigned int
+ zip+=LH_elen;
+ zsize-=LH_elen;
+
++ if (NULL != file_local_header_size)
++ *file_local_header_size = zip - lh;
++ if (NULL != file_local_data_size)
++ *file_local_data_size = csize;
++
+ if (!csize) { /* FIXME: what's used for method0 files? csize or usize? Nothing in the specs, needs testing */
+ cli_dbgmsg("cli_unzip: lh - skipping empty file\n");
+ } else {
+@@ -589,6 +596,7 @@ static unsigned int lhdr(fmap_t *map, uint32_t loff,uint32_t zsize, unsigned int
+ fmap_unneed_off(map, loff, SIZEOF_LH);
+ return 0;
+ }
++
+ if(LH_flags & F_ENCR) {
+ if(fmap_need_ptr_once(map, zip, csize))
+ *ret = zdecrypt(zip, csize, usize, lh, fu, ctx, tmpd, zcb);
+@@ -624,12 +632,19 @@ static unsigned int lhdr(fmap_t *map, uint32_t loff,uint32_t zsize, unsigned int
+ return zip-lh;
+ }
+
+-static unsigned int chdr(fmap_t *map, uint32_t coff, uint32_t zsize, unsigned int *fu, unsigned int fc, int *ret, cli_ctx *ctx, char *tmpd, struct zip_requests *requests) {
++static unsigned int chdr(fmap_t *map, uint32_t coff, uint32_t zsize, unsigned int *fu, unsigned int fc, int *ret, cli_ctx *ctx, char *tmpd, struct zip_requests *requests, uint32_t *file_local_offset, uint32_t *file_local_header_size, uint32_t *file_local_data_size) {
+ char name[256];
+ int last = 0;
+ const uint8_t *ch;
+ int virus_found = 0;
+
++ if (NULL != file_local_offset)
++ *file_local_offset = 0;
++ if (NULL != file_local_header_size)
++ *file_local_header_size = 0;
++ if (NULL != file_local_data_size)
++ *file_local_data_size = 0;
++
+ if(!(ch = fmap_need_off(map, coff, SIZEOF_CH)) || CH_magic != 0x02014b50) {
+ if(ch) fmap_unneed_ptr(map, ch, SIZEOF_CH);
+ cli_dbgmsg("cli_unzip: ch - wrkcomplete\n");
+@@ -674,7 +689,9 @@ static unsigned int chdr(fmap_t *map, uint32_t coff, uint32_t zsize, unsigned in
+
+ if (!requests) {
+ if(CH_off<zsize-SIZEOF_LH) {
+- lhdr(map, CH_off, zsize-CH_off, fu, fc, ch, ret, ctx, tmpd, 1, zip_scan_cb);
++ if (NULL != file_local_offset)
++ *file_local_offset = CH_off;
++ lhdr(map, CH_off, zsize-CH_off, fu, fc, ch, ret, ctx, tmpd, 1, zip_scan_cb, file_local_header_size, file_local_data_size);
+ } else cli_dbgmsg("cli_unzip: ch - local hdr out of file\n");
+ }
+ else {
+@@ -685,7 +702,7 @@ static unsigned int chdr(fmap_t *map, uint32_t coff, uint32_t zsize, unsigned in
+ for (i = 0; i < requests->namecnt; ++i) {
+ cli_dbgmsg("checking for %i: %s\n", i, requests->names[i]);
+
+- len = MIN(sizeof(name)-1, requests->namelens[i]);
++ len = MIN(sizeof(name)-1, requests->namelens[i]);
+ if (!strncmp(requests->names[i], name, len)) {
+ requests->match = 1;
+ requests->found = i;
+@@ -712,6 +729,13 @@ int cli_unzip(cli_ctx *ctx) {
+ #if HAVE_JSON
+ int toval = 0;
+ #endif
++ int bZipBombDetected = 0;
++ uint32_t cur_file_local_offset = 0;
++ uint32_t cur_file_local_header_size = 0;
++ uint32_t cur_file_local_data_size = 0;
++ uint32_t prev_file_local_offset = 0;
++ uint32_t prev_file_local_header_size = 0;
++ uint32_t prev_file_local_data_size = 0;
+
+ cli_dbgmsg("in cli_unzip\n");
+ fsize = (uint32_t)map->len;
+@@ -744,20 +768,48 @@ int cli_unzip(cli_ctx *ctx) {
+ }
+
+ if(coff) {
++ uint32_t nOverlappingFiles = 0;
++
+ cli_dbgmsg("cli_unzip: central @%x\n", coff);
+- while((coff=chdr(map, coff, fsize, &fu, fc+1, &ret, ctx, tmpd, NULL))) {
++ while((coff=chdr(map, coff, fsize, &fu, fc+1, &ret, ctx, tmpd, NULL, &cur_file_local_offset, &cur_file_local_header_size, &cur_file_local_data_size))) {
+ fc++;
+ if (ctx->engine->maxfiles && fu>=ctx->engine->maxfiles) {
+ cli_dbgmsg("cli_unzip: Files limit reached (max: %u)\n", ctx->engine->maxfiles);
+ ret=CL_EMAXFILES;
+ }
++ /*
++ * Detect overlapping files and zip bombs.
++ */
++ if ((((cur_file_local_offset > prev_file_local_offset) && (cur_file_local_offset < prev_file_local_offset + prev_file_local_header_size + prev_file_local_data_size)) ||
++ ((prev_file_local_offset > cur_file_local_offset) && (prev_file_local_offset < cur_file_local_offset + cur_file_local_header_size + cur_file_local_data_size))) &&
++ (cur_file_local_header_size + cur_file_local_data_size > 0)) {
++ /* Overlapping file detected */
++ nOverlappingFiles++;
++
++ cli_dbgmsg("cli_unzip: Overlapping files detected.\n");
++ cli_dbgmsg(" previous file end: %u\n", prev_file_local_offset + prev_file_local_header_size + prev_file_local_data_size);
++ cli_dbgmsg(" current file start: %u\n", cur_file_local_offset);
++ if (ZIP_MAX_NUM_OVERLAPPING_FILES < nOverlappingFiles) {
++ if (SCAN_HEURISTICS) {
++ ret = cli_append_virus(ctx, "Heuristics.Zip.OverlappingFiles");
++ virus_found = 1;
++ } else {
++ ret = CL_EFORMAT;
++ }
++ bZipBombDetected = 1;
++ }
++ }
++ prev_file_local_offset = cur_file_local_offset;
++ prev_file_local_header_size = cur_file_local_header_size;
++ prev_file_local_data_size = cur_file_local_data_size;
++
+ #if HAVE_JSON
+ if (cli_json_timeout_cycle_check(ctx, &toval) != CL_SUCCESS) {
+ ret=CL_ETIMEOUT;
+ }
+ #endif
+ if (ret != CL_CLEAN) {
+- if (ret == CL_VIRUS && SCAN_ALLMATCHES) {
++ if (ret == CL_VIRUS && SCAN_ALLMATCHES && !bZipBombDetected) {
+ ret = CL_CLEAN;
+ virus_found = 1;
+ } else
+@@ -769,7 +821,7 @@ int cli_unzip(cli_ctx *ctx) {
+ ret = CL_VIRUS;
+ if(fu<=(fc/4)) { /* FIXME: make up a sane ratio or remove the whole logic */
+ fc = 0;
+- while (ret==CL_CLEAN && lhoff<fsize && (coff=lhdr(map, lhoff, fsize-lhoff, &fu, fc+1, NULL, &ret, ctx, tmpd, 1, zip_scan_cb))) {
++ while (ret==CL_CLEAN && lhoff<fsize && (coff=lhdr(map, lhoff, fsize-lhoff, &fu, fc+1, NULL, &ret, ctx, tmpd, 1, zip_scan_cb, NULL, NULL))) {
+ fc++;
+ lhoff+=coff;
+ if (SCAN_ALLMATCHES && ret == CL_VIRUS) {
+@@ -816,7 +868,7 @@ int unzip_single_internal(cli_ctx *ctx, off_t lhoffl, zip_cb zcb)
+ return CL_CLEAN;
+ }
+
+- lhdr(map, lhoffl, fsize, &fu, 0, NULL, &ret, ctx, NULL, 0, zcb);
++ lhdr(map, lhoffl, fsize, &fu, 0, NULL, &ret, ctx, NULL, 0, zcb, NULL, NULL);
+
+ return ret;
+ }
+@@ -886,7 +938,7 @@ int unzip_search(cli_ctx *ctx, fmap_t *map, struct zip_requests *requests)
+
+ if(coff) {
+ cli_dbgmsg("unzip_search: central @%x\n", coff);
+- while(ret==CL_CLEAN && (coff=chdr(zmap, coff, fsize, NULL, fc+1, &ret, ctx, NULL, requests))) {
++ while(ret==CL_CLEAN && (coff=chdr(zmap, coff, fsize, NULL, fc+1, &ret, ctx, NULL, requests, NULL, NULL, NULL))) {
+ if (requests->match) {
+ ret=CL_VIRUS;
+ }
diff -Nru clamav-0.101.2+dfsg/debian/patches/Bumped-version-number-to-0.101.3.patch clamav-0.101.2+dfsg/debian/patches/Bumped-version-number-to-0.101.3.patch
--- clamav-0.101.2+dfsg/debian/patches/Bumped-version-number-to-0.101.3.patch 1970-01-01 01:00:00.000000000 +0100
+++ clamav-0.101.2+dfsg/debian/patches/Bumped-version-number-to-0.101.3.patch 2019-08-06 22:02:44.000000000 +0200
@@ -0,0 +1,460 @@
+From 9e0d7c6a42bb6f5b17f1696e3b69cc1714142223 Mon Sep 17 00:00:00 2001
+From: Micah Snyder <micasnyd at cisco.com>
+Date: Fri, 12 Jul 2019 17:16:42 -0400
+Subject: Bumped version number to 0.101.3.
+
+Patch-Name: Bumped-version-number-to-0.101.3.patch
+[sebastian at breakpoint.cc: remove "configure" and "win32/"]
+Signed-off-by: Sebastian Andrzej Siewior <sebastian at breakpoint.cc>
+---
+ NEWS.md | 109 +++++++++++++-----------
+ configure.ac | 6 +-
+ docs/UserManual.md | 2 +-
+ docs/UserManual/Installation-Windows.md | 8 +-
+ m4/reorganization/version.m4 | 4 +-
+ 5 files changed, 70 insertions(+), 59 deletions(-)
+
+diff --git a/NEWS.md b/NEWS.md
+index 7f992b8..3cd2587 100644
+--- a/NEWS.md
++++ b/NEWS.md
+@@ -1,7 +1,18 @@
+ # ClamAV News
+
+ Note: This file refers to the source tarball. Things described here may differ
+- slightly from the binary packages.
++ slight
++
++## 0.101.3
++
++ClamAV 0.101.3 is a patch release...
++
++- Fixes for the following vulnerabilities affecting 0.101.2 and prior:
++ -
++
++Additional thanks to the following community members for submitting bug reports:
++
++-
+
+ ## 0.101.2
+
+@@ -508,7 +519,7 @@ ClamAV 0.99.4 is a hotfix release to patch a set of vulnerabilities.
+ a handful of other important bugs, including patches to support g++ 6, C++11.
+
+ Thank you to the following ClamAV community members for your code
+-submissions and bug reports!
++submissions and bug reports!
+
+ Alberto Garcia
+ Bernhard Vogel
+@@ -550,7 +561,7 @@ ClamAV 0.99.2 is a release of bug fixes and minor enhancements.
+ - fix ups improving the reliability of several ClamAV file parsers.
+ - sigtool now decodes file type signatures (e.g., daily.ftm CVD file).
+ - now supporting libpcre2 in addition to libpcre.
+-- systemd support for clamd and freshclam. Patch provided by
++- systemd support for clamd and freshclam. Patch provided by
+ Andreas Cadhalpun.
+ - fixed builds on Mac OS X 10.10 & 10.11.
+ - improved debug info for certificate metadata.
+@@ -592,7 +603,7 @@ Thanks to the following community members for code submissions used in
+
+ ## 0.99
+
+-ClamAV 0.99 contains major new features and changes. YARA rules,
++ClamAV 0.99 contains major new features and changes. YARA rules,
+ Perl Compatible Regular Expressions, revamped on-access scanning
+ for Linux, and other new features join the many great features of ClamAV:
+
+@@ -603,10 +614,10 @@ Perl Compatible Regular Expressions, revamped on-access scanning
+ for full details.
+ - New and improved on-access scanning for Linux. See the recent blog
+ post and clamdoc.pdf for details on the new on-access capabilities.
+-- A new ClamAV API callback function that is invoked when a virus
+- is found. This is intended primarily for applications running in
+- all-match mode. Any applications using all-match mode must use
+- the new callback function to record and report detected viruses.
++- A new ClamAV API callback function that is invoked when a virus
++ is found. This is intended primarily for applications running in
++ all-match mode. Any applications using all-match mode must use
++ the new callback function to record and report detected viruses.
+ - Configurable default password list to attempt zip file decryption.
+ - TIFF file support.
+ - Upgrade Windows pthread library to 2.9.1.
+@@ -643,7 +654,7 @@ Thank you to the ClamAV community members who sent patches and bug reports
+ ## 0.98.7
+
+ ClamAV 0.98.7 is here! This release contains new scanning features
+-and bug fixes.
++and bug fixes.
+
+ - Improvements to PDF processing: decryption, escape sequence
+ handling, and file property collection.
+@@ -663,7 +674,7 @@ and bug fixes.
+ CVE-2015-2668.
+ - Fix compilation error after ./configure --disable-pthreads.
+ Reported and fix suggested by John E. Krokes.
+-- Apply upstream patch for possible heap overflow in Henry Spencer's
++- Apply upstream patch for possible heap overflow in Henry Spencer's
+ regex library. CVE-2015-2305.
+ - Fix crash in upx decoder with crafted file. Discovered and patch
+ supplied by Sebastian Andrzej Siewior. CVE-2015-2170.
+@@ -704,7 +715,7 @@ Kai Risku
+ - Compensate a crash due to incorrect compiler optimization when
+ handling crafted petite packer files. This issue was discovered
+ by Sebastian Andrzej Siewior.
+-
++
+ Thanks to the following ClamAV community members for code submissions
+ and bug reporting included in ClamAV 0.98.6:
+
+@@ -803,17 +814,17 @@ Sebastian Andrzej Siewior
+ about OpenIOC.
+ - All ClamAV sockets (clamd, freshclam, clamav-milter, clamdscan, clamdtop)
+ now support IPV6 addresses and configuration parameters.
+-- Use OpenSSL file hash functions for improved performance. OpenSSL
++- Use OpenSSL file hash functions for improved performance. OpenSSL
+ is now prerequisite software for ClamAV 0.98.2.
+ - Improved detection of malware scripts within image files. Issue reported
+ by Maarten Broekman.
+ - Change to circumvent possible denial of service when processing icons within
+ specially crafted PE files. Icon limits are now in place with corresponding
+- clamd and clamscan configuration parameters. This issue was reported by
++ clamd and clamscan configuration parameters. This issue was reported by
+ Joxean Koret.
+ - Improvements to the fidelity of the ClamAV pattern matcher, an issue
+ reported by Christian Blichmann.
+-- Opt-in collection of statistics. Statistics collected are: sizes and MD5
++- Opt-in collection of statistics. Statistics collected are: sizes and MD5
+ hashes of files, PE file section counts and section MD5 hashes, and names
+ and counts of detected viruses. Enable statistics collection with the
+ --enable-stats clamscan flag or StatsEnabled clamd configuration
+@@ -822,7 +833,7 @@ Sebastian Andrzej Siewior
+ assistance and suggestions by Sebastian Andrzej Siewior, Scott Kitterman,
+ and Dave Simonson.
+ - Patch by Arkadiusz Miskiewicz to improve error handling in freshclam.
+-- ClamAV 0.98.2 also includes miscellaneous bug fixes and documentation
++- ClamAV 0.98.2 also includes miscellaneous bug fixes and documentation
+ improvements.
+
+ Thanks to the following ClamAV community members for sending patches or reporting
+@@ -841,7 +852,7 @@ Christian Blichmann
+ REGARDING OPENSSL
+
+ In addition, as a special exception, the copyright holders give
+-permission to link the code of portions of this program with the
++permission to link the code of portions of this program with the
+ OpenSSL library under certain conditions as described in each
+ individual source file, and distribute linked combinations
+ including the two.
+@@ -849,20 +860,20 @@ including the two.
+ You must obey the GNU General Public License in all respects
+ for all of the code used other than OpenSSL. If you modify
+ file(s) with this exception, you may extend this exception to your
+-version of the file(s), but you are not obligated to do so. If you
++version of the file(s), but you are not obligated to do so. If you
+ do not wish to do so, delete this exception statement from your
+ version. If you delete this exception statement from all source
+ files in the program, then also delete it here.
+
+ ## 0.98.1
+
+-ClamAV 0.98.1 provides improved support of Mac OS X platform, support for new file types, and
++ClamAV 0.98.1 provides improved support of Mac OS X platform, support for new file types, and
+ quality improvements. These include:
+
+ - Extraction, decompression, and scanning of files within Apple Disk Image (DMG) format.
+
+ - Extraction, decompression, and scanning of files within Extensible Archive (XAR) format.
+- XAR format is commonly used for software packaging, such as PKG and RPM, as well as
++ XAR format is commonly used for software packaging, such as PKG and RPM, as well as
+ general archival.
+
+ - Decompression and scanning of files in "Xz" compression format.
+@@ -877,7 +888,7 @@ ClamAV 0.98.1 provides improved support of Mac OS X platform, support for new fi
+ performance cost. This should only be needed when callback functions are used
+ that need file access.
+
+-- Various improvements to ClamAV configuration, support of third party libraries,
++- Various improvements to ClamAV configuration, support of third party libraries,
+ and unit tests.
+
+ ## 0.98
+@@ -915,8 +926,8 @@ support for additional filetypes, and internal upgrades.
+
+ - New callbacks added to the API: The libclamav API has additional hooks
+ for developers to use when wrapping ClamAV scanning. These function
+- types are prefixed with "clcb_" and allow developers to add logic at
+- certain steps of the scanning process without directly modifying the
++ types are prefixed with "clcb_" and allow developers to add logic at
++ certain steps of the scanning process without directly modifying the
+ library. For more details refer to the clamav.h file.
+
+ - More configurable limits: Several hardcoded values are now configurable
+@@ -962,20 +973,20 @@ reported as scan result."
+
+ ## 0.97.5
+
+-ClamAV 0.97.5 addresses possible evasion cases in some archive formats
+-(CVE-2012-1457, CVE-2012-1458, CVE-2012-1459). It also addresses stability
+-issues in portions of the bytecode engine. This release is recommended for
++ClamAV 0.97.5 addresses possible evasion cases in some archive formats
++(CVE-2012-1457, CVE-2012-1458, CVE-2012-1459). It also addresses stability
++issues in portions of the bytecode engine. This release is recommended for
+ all users.
+
+ ## 0.97.4
+
+-ClamAV 0.97.4 includes minor bugfixes, detection improvements and initial
+-support for on-access scanning under Mac OS X (see contrib/ClamAuth).
++ClamAV 0.97.4 includes minor bugfixes, detection improvements and initial
++support for on-access scanning under Mac OS X (see contrib/ClamAuth).
+ This update is recommended for all users.
+
+ ## 0.97.3
+
+-ClamAV 0.97.3 is a minor bugfix release and is recommended for all
++ClamAV 0.97.3 is a minor bugfix release and is recommended for all
+ users. Please refer to the ChangeLog file for details.
+
+ ## 0.97.2
+@@ -996,9 +1007,9 @@ The ClamAV team (https://www.clamav.net/about.html#credits)
+
+ ClamAV 0.97 brings many improvements, including complete Windows support
+ (all major components compile out-of-box under Visual Studio), support for
+-signatures based on SHA1 and SHA256, better error detection, as well as
+-speed and memory optimizations. The complete list of changes is available
+-in the ChangeLog file. For upgrade notes and tips please see:
++signatures based on SHA1 and SHA256, better error detection, as well as
++speed and memory optimizations. The complete list of changes is available
++in the ChangeLog file. For upgrade notes and tips please see:
+ https://wiki.clamav.net/Main/UpgradeNotes097
+
+ With Sourcefire, Inc. acquisition of Immunet Corp., ClamAV for Windows
+@@ -1009,7 +1020,7 @@ the full power of the LibClamAV engine, all the ClamAV signatures,
+ and creation of custom signatures on any platform running Immunet 3.0,
+ powered by ClamAV. If you run Windows systems in your environment and
+ need an AV solution to protect them, give Immunet 3.0, powered by ClamAV
+-a try; you can download it from https://www.clamav.net/download.html#otherversions
++a try; you can download it from https://www.clamav.net/download.html#otherversions
+
+ --
+ The ClamAV team (https://www.clamav.net/about.html#credits)
+@@ -1401,7 +1412,7 @@ The ClamAV team (https://www.clamav.net/about.html#credits)
+ ## 0.90.3
+
+ This release fixes some security bugs in libclamav and improves stability
+-under Solaris. Please see ChangeLog for complete list of changes.
++under Solaris. Please see ChangeLog for complete list of changes.
+
+ If your system is suffering from long clamscan startup times, please
+ consider installing 0.91rc1 which is due to be released shortly
+@@ -1455,9 +1466,9 @@ systems yet. You are encouraged to pass the --enable-experimental flag to
+ improvements in terms of detection rate and performances. If you find a bug,
+ please take some time to report it on our bugzilla: https://bugzilla.clamav.net.
+ Your help in testing the new code is really appreciated. The experimental code
+-introduces many improvements in terms of detection rate and performances.
++introduces many improvements in terms of detection rate and performances.
+
+-RAR3, SIS and SFX archives support is finally available together with
++RAR3, SIS and SFX archives support is finally available together with
+ new unpackers and decryptors: pespin, sue, yc, wwpack32, nspack, mew, upack
+ and others. Additionally, ClamAV now includes better mechanisms for scanning
+ ELF, PDF and tar files. The email decoding has been improved to reduce both
+@@ -1466,10 +1477,10 @@ the memory requirements and the time taken to process attachments.
+ As part of the Google Summer of Code program, we have introduced support for
+ a new phishing signatures format that has proved very effective in detecting
+ phishing emails. The ClamAV phishing module allows better and more generic
+-detection of phishing emails by searching for URLs in email messages, and
+-comparing the real site with the URL displayed to the user in the message.
++detection of phishing emails by searching for URLs in email messages, and
++comparing the real site with the URL displayed to the user in the message.
+
+-On the performance side, support for the MULTISCAN command has been
++On the performance side, support for the MULTISCAN command has been
+ implemented in clamd, allowing to scan multiple files simultaneously.
+ Support for Sensory Networks' NodalCore acceleration technology
+ (https://www.clamav.net/nodalcore/) is now available in ClamAV and will be
+@@ -1568,7 +1579,7 @@ NodalCore cards.
+ - mod_streamav - a ClamAV based antivirus filter for Apache 2
+ - pyClamd - a python interface to Clamd
+
+-More information at https://www.clamav.net/download.html#tools
++More information at https://www.clamav.net/download.html#tools
+
+ --
+ The ClamAV team (https://www.clamav.net/about.html#credits)
+@@ -1622,7 +1633,7 @@ architectures and possible security problem in freshclam.
+ Following the 0.88.1 release some portals and security related websites
+ published incorrect information on security problems of 0.88. To avoid
+ such incidents in the future, every new ClamAV package will be released
+-together with detailed information about security bugs it fixes.
++together with detailed information about security bugs it fixes.
+
+ --
+ The ClamAV team (https://www.clamav.net/about.html#credits)
+@@ -1892,7 +1903,7 @@ Important note to clamdwatch users: please upgrade to the latest version
+ - simscan - an e-mail and spam filter for qmail
+ - smtpfilter - scan SMTP session for viruses
+ - snort-inline - scan your network traffic for viruses with ClamAV
+- - SquidClamAV Redirector - a Squid helper script which adds virus scanning
++ - SquidClamAV Redirector - a Squid helper script which adds virus scanning
+ - WRAVLib - a library for a-v integration with Mono/.NET applications
+
+ --
+@@ -2050,7 +2061,7 @@ up with or beating the proprietary alternatives." Thanks!
+ SourceWear.com is selling some very nice t-shirts and polo shirts powered by
+ ClamAV. Wear them and virus writers will stay away from you :- A quarter out
+ of every dollar profited from the sale of these shirts will go to the ClamAV
+-project. Visit http://www.sourcewear.com and click on ClamAV logo!
++project. Visit http://www.sourcewear.com and click on ClamAV logo!
+
+ --
+ The ClamAV team (https://www.clamav.net/about.html#credits)
+@@ -2071,7 +2082,7 @@ We have been distributing the database in both formats till now, but
+ we plan to drop support for ClamAV 0.60 on September 1st.
+
+ We encourage _all_ users to upgrade to the latest release available.
+-People running an old version of ClamAV are missing many viruses and
++People running an old version of ClamAV are missing many viruses and
+ may experience stability problems.
+
+ On non-production systems you can try the latest development version.
+@@ -2109,7 +2120,7 @@ The ClamAV team (https://www.clamav.net/about.html#credits)
+ ## 0.73
+
+ This version fixes memory management problems in the OLE2 decoder and
+-improves mail scanning.
++improves mail scanning.
+
+ Thank you for using ClamAV !
+
+@@ -2132,7 +2143,7 @@ This release fixes all bugs found in 0.70 and introduces a few new features -
+ the noteworthy changes include:
+
+ - libclamav:
+- - support nested OLE2 files
++ - support nested OLE2 files
+ - support Word6 macro code
+ - ignore popular file types (media, graphics)
+ - support compress.exe (SZDD) compression (test/test.msc)
+@@ -2367,7 +2378,7 @@ the highest possible level.
+ New mirroring mechanisms. Luca Gibelli (ClamAV) and mirror administrators
+ (22 sites) are converting mirrors to new "push mirroring"
+ method. It uses advanced techniques to ensure all the mirrors are up to date.
+-More info: https://www.clamav.net/documents/introduction
++More info: https://www.clamav.net/documents/introduction
+
+ We would like to thank our donors:
+
+@@ -2540,7 +2551,7 @@ performance is required. Please check clamdoc for more detail.
+ - various mbox code updates (fixed memory leak; added support for decoding
+ viruses sent in message bodies, detection of viruses that put their
+ payloads after the end of message marker (thanks to Stephen White
+- <stephen at earth.li> for the bug report and useful CGI tools);
++ <stephen at earth.li> for the bug report and useful CGI tools);
+
+ - zziplib updated to 0.10.81 (some problems with older version were reported
+ by Martin Schitter)
+@@ -2681,7 +2692,7 @@ attachement file names.
+ ## 0.52
+
+ This version contains a portability fixes - it should compile on OpenBSD,
+-MacOSX and NetBSD (support for them was broken in 0.51).
++MacOSX and NetBSD (support for them was broken in 0.51).
+
+ - clamd: various fixes:
+ - drop supplementary groups (suggested by Enrico Scholz
+@@ -2751,7 +2762,7 @@ Please check the manual for more information.
+
+ - clamd: a modern anti-virus daemon. It uses configuration file clamav.conf
+ described in the clamav.conf(5) manual. The program was written with
+- security as a goal.
++ security as a goal.
+
+ - clamuko: on-access scanning under Linux. It utilizes Dazuko kernel module
+ (GPL, http://dazuko.org) and is clamd-based.
+diff --git a/configure.ac b/configure.ac
+index 88ff4ff..277a2d8 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -22,7 +22,7 @@ dnl MA 02110-1301, USA.
+ AC_PREREQ([2.59])
+ dnl For a release change [devel] to the real version [0.xy]
+ dnl also change VERSION below
+-AC_INIT([ClamAV], [0.101.2], [https://bugzilla.clamav.net/], [clamav], [https://www.clamav.net/])
++AC_INIT([ClamAV], [0.101.3], [https://bugzilla.clamav.net/], [clamav], [https://www.clamav.net/])
+
+ dnl enable C++
+ AC_PROG_CXX()
+@@ -253,7 +253,7 @@ else
+ if test "X$have_curl" != "Xyes" && test "X$have_json" != "Xyes"; then
+ CL_MSG_STATUS([clamsubmit ], [no (missing libjson-c-dev AND libcurl-devel. Use the website to submit FPs/FNs.)], [no])
+ else
+- if test "X$have_curl" = "Xyes"; then
++ if test "X$have_curl" = "Xyes"; then
+ CL_MSG_STATUS([clamsubmit ], [no (missing libjson-c-dev. Use the website to submit FPs/FNs.)], [no])
+ else
+ CL_MSG_STATUS([clamsubmit ], [no (missing libcurl-devel. Use the website to submit FPs/FNs.)], [no])
+@@ -295,7 +295,7 @@ else
+ CL_MSG_STATUS([pcre ],[$PCRE_HOME],[$have_pcre])
+ fi
+ CL_MSG_STATUS([libmspack ],[yes],[$mspack_msg])
+-if test "x$XML_LIBS" = "x"; then
++if test "x$XML_LIBS" = "x"; then
+ CL_MSG_STATUS([libxml2 ],[no],[])
+ else
+ CL_MSG_STATUS([libxml2 ],[yes, from $XML_HOME],[])
+diff --git a/docs/UserManual.md b/docs/UserManual.md
+index 567e14b..7435bdd 100644
+--- a/docs/UserManual.md
++++ b/docs/UserManual.md
+@@ -1,4 +1,4 @@
+-# Clam AntiVirus 0.101.2 *User Manual*
++# Clam AntiVirus 0.101.3 *User Manual*
+
+ 
+
+diff --git a/docs/UserManual/Installation-Windows.md b/docs/UserManual/Installation-Windows.md
+index 5a693f9..a6d6c9a 100644
+--- a/docs/UserManual/Installation-Windows.md
++++ b/docs/UserManual/Installation-Windows.md
+@@ -6,9 +6,9 @@ If you wish to build ClamAV from source using Visual Studio 2015, please head ov
+
+ Important: Installing ClamAV using the Installer will require Administrator privileges.
+
+-1. Download: http://www.clamav.net/downloads/production/ClamAV-0.101.2.exe
++1. Download: http://www.clamav.net/downloads/production/ClamAV-0.101.3.exe
+ 2. Locate the file in your Downloads directory.
+-3. Right-click on `ClamAV-0.101.2.exe` and select `Run as administrator`. You may receive a warning message along the lines of "Windows protected your PC". Select `More info` and then select `Run anyway`.
++3. Right-click on `ClamAV-0.101.3.exe` and select `Run as administrator`. You may receive a warning message along the lines of "Windows protected your PC". Select `More info` and then select `Run anyway`.
+ 4. Select `I accept the agreement` and click `Next`.
+ 5. Click `Next` again. If you've removed a previous installation of ClamAV, you may receive the prompt "The folder ... already exists...". If you do, select `Yes`.
+ 6. Click `Install`.
+@@ -28,9 +28,9 @@ Continue on to "First Time Set-Up" below...
+
+ ## Install using the ClamAV Portable Install Package
+
+-1. Download: https://www.clamav.net/downloads/production/clamav-0.101.2-win-x64-portable.zip
++1. Download: https://www.clamav.net/downloads/production/clamav-0.101.3-win-x64-portable.zip
+ 2. Unzip it.
+-3. Open the `clamav-0.101.2-win-x64-portable` directory.
++3. Open the `clamav-0.101.3-win-x64-portable` directory.
+ 4. Hold down Shift and then right-click on the background in the current directory (but not on one of the files). Select `"Open PowerShell window here"`. If that option doesn't appear, try again.
+
+ Continue on to "First Time Set-Up"...
+diff --git a/m4/reorganization/version.m4 b/m4/reorganization/version.m4
+index 57d23e4..c834b53 100644
+--- a/m4/reorganization/version.m4
++++ b/m4/reorganization/version.m4
+@@ -1,9 +1,9 @@
+ dnl change this on a release
+ dnl VERSION="devel-`date +%Y%m%d`"
+-VERSION="0.101.2"
++VERSION="0.101.3"
+
+ LC_CURRENT=9
+-LC_REVISION=2
++LC_REVISION=3
+ LC_AGE=0
+ LIBCLAMAV_VERSION="$LC_CURRENT":"$LC_REVISION":"$LC_AGE"
+ AC_SUBST([LIBCLAMAV_VERSION])
diff -Nru clamav-0.101.2+dfsg/debian/patches/series clamav-0.101.2+dfsg/debian/patches/series
--- clamav-0.101.2+dfsg/debian/patches/series 2019-03-30 15:32:49.000000000 +0100
+++ clamav-0.101.2+dfsg/debian/patches/series 2019-08-06 22:02:44.000000000 +0200
@@ -4,3 +4,5 @@
Add-support-for-LLVM-3.7.patch
Add-support-for-LLVM-3.8.patch
Add-support-for-LLVM-3.9.patch
+Bumped-version-number-to-0.101.3.patch
+Adds-detection-and-heuristic-alert-for-zips-with-ove.patch
More information about the Pkg-clamav-devel
mailing list