rpms/clamav/FC-4 clamav-0.88.2-guys, please-read-the-compiler-warnings-before-doing-a-release.patch, NONE, 1.1 clamav-0.88.1-strncpy.patch, NONE, 1.1 sources, 1.15, 1.16 clamav.spec, 1.31, 1.32
Enrico Scholz (ensc)
fedora-extras-commits at redhat.com
Sun Apr 30 10:33:39 UTC 2006
- Previous message: rpms/clamav/FC-5 clamav-0.88.1-strncpy.patch, NONE, 1.1 clamav-0.88.1-guys, please-read-the-compiler-warnings-before-doing-a-release.patch, NONE, 1.1 sources, 1.15, 1.16 clamav.spec, 1.33, 1.34
- Next message: rpms/clamav/FC-3 clamav-0.88.2-guys, please-read-the-compiler-warnings-before-doing-a-release.patch, NONE, 1.1 clamav-0.88.1-strncpy.patch, NONE, 1.1 sources, 1.13, 1.14 clamav.spec, 1.21, 1.22
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: ensc
Update of /cvs/extras/rpms/clamav/FC-4
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv25624/FC-4
Modified Files:
sources clamav.spec
Added Files:
clamav-0.88.2-guys,please-read-the-compiler-warnings-before-doing-a-release.patch
clamav-0.88.1-strncpy.patch
Log Message:
- updated to 0.88.2 (SECURITY)
- added patch which fixes wrong usage of strncpy(3) in unrarlib.c
- added patch which fixes some classes of compiler warnings
***** Not enough context to create diffstat for file: clamav-0.88.2-guys,please-read-the-compiler-warnings-before-doing-a-release.patch,NONE,1.1
***** Not enough context to create diff for file: clamav-0.88.2-guys,please-read-the-compiler-warnings-before-doing-a-release.patch,NONE,1.1
clamav-0.88.1-strncpy.patch:
--- NEW FILE clamav-0.88.1-strncpy.patch ---
2006-04-24 Enrico Scholz <enrico.scholz at informatik.tu-chemnitz.de>
* libclamav/unrarlib.c/stricomp(): terminate the string copied
with strncpy() explicitly with '\0'. Does not seem to be
exploitable at the moment due to deeply buried constraints
(function will be called for buffers with a static size of
260 only).
But it is better to fix it now than to run into problems
when function is used for other purposes.
--- clamav-0.88.1/libclamav/unrarlib.c.strncpy 2005-06-23 22:03:12.000000000 +0200
+++ clamav-0.88.1/libclamav/unrarlib.c 2006-04-24 23:10:07.000000000 +0200
@@ -1180,8 +1180,10 @@ int stricomp(char *Str1,char *Str2)
char S1[512],S2[512];
char *chptr;
- strncpy(S1,Str1,sizeof(S1));
- strncpy(S2,Str2,sizeof(S2));
+ strncpy(S1,Str1,sizeof(S1));
+ strncpy(S2,Str2,sizeof(S2));
+ S1[sizeof(S1)-1] = '\0';
+ S2[sizeof(S2)-1] = '\0';
while((chptr = strchr(S1, '\\')) != NULL) /* ignore backslash */
{
2006-04-24 Enrico Scholz <enrico.scholz at informatik.tu-chemnitz.de>
* libclamav/unrarlib.c/stricomp(): terminate the string copied
with strncpy() explicitly with '\0'. Does not seem to be
exploitable at the moment due to deeply buried constraints
(function will be called for buffers with a static size of
260 only).
But it is better to fix it now than to run into problems
when function is used for other purposes.
--- clamav-0.88.1/libclamav/unrarlib.c.strncpy 2005-06-23 22:03:12.000000000 +0200
+++ clamav-0.88.1/libclamav/unrarlib.c 2006-04-24 23:10:07.000000000 +0200
@@ -1180,8 +1180,10 @@ int stricomp(char *Str1,char *Str2)
char S1[512],S2[512];
char *chptr;
- strncpy(S1,Str1,sizeof(S1));
- strncpy(S2,Str2,sizeof(S2));
+ strncpy(S1,Str1,sizeof(S1));
+ strncpy(S2,Str2,sizeof(S2));
+ S1[sizeof(S1)-1] = '\0';
+ S2[sizeof(S2)-1] = '\0';
while((chptr = strchr(S1, '\\')) != NULL) /* ignore backslash */
{
Index: sources
===================================================================
RCS file: /cvs/extras/rpms/clamav/FC-4/sources,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -r1.15 -r1.16
--- sources 6 Apr 2006 16:50:59 -0000 1.15
+++ sources 30 Apr 2006 10:33:39 -0000 1.16
@@ -1,2 +1,2 @@
-9fe8c47037051e350077513dd94fb76a clamav-0.88.1.tar.gz
-bc06324bf070679854689235df5042d8 clamav-0.88.1.tar.gz.sig
+f0a1c610a1fb70bd748a08bea69c736c clamav-0.88.2.tar.gz
+6846cb50e005c18ab4b39ff9aa7126fc clamav-0.88.2.tar.gz.sig
Index: clamav.spec
===================================================================
RCS file: /cvs/extras/rpms/clamav/FC-4/clamav.spec,v
retrieving revision 1.31
retrieving revision 1.32
diff -u -r1.31 -r1.32
--- clamav.spec 6 Apr 2006 16:50:59 -0000 1.31
+++ clamav.spec 30 Apr 2006 10:33:39 -0000 1.32
@@ -21,7 +21,7 @@
Summary: End-user tools for the Clam Antivirus scanner
Name: clamav
-Version: 0.88.1
+Version: 0.88.2
Release: %release_func 1
License: GPL
@@ -36,6 +36,8 @@
Source6: clamav-update.logrotate
Source7: clamd.SERVICE.init
Source8: clamav-notify-servers
+Patch0: clamav-0.88.2-guys,please-read-the-compiler-warnings-before-doing-a-release.patch
+Patch1: clamav-0.88.1-strncpy.patch
Patch20: clamav-0.70-user.patch
Patch21: clamav-0.70-path.patch
Patch22: clamav-0.80-initoff.patch
@@ -162,6 +164,9 @@
%prep
%setup -q
+%patch0 -p1 -b '.guys,please-read-the-compiler-warnings-before-doing-a-release.patch'
+%patch1 -p1 -b .strncpy
+
%patch20 -p1 -b .user
%patch21 -p1 -b .path
%patch22 -p1 -b .initoff
@@ -186,6 +191,7 @@
## See https://bugzilla.redhat.com/beta/show_bug.cgi?id=131385 and
## http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0797
## also
+CFLAGS="$RPM_OPT_FLAGS -Wall -W -W -Wmissing-prototypes -Wmissing-declarations -std=gnu99"
%configure --disable-clamav --with-dbdir=/var/lib/clamav \
--disable-zlib-vcheck \
%{!?_without_milter:--enable-milter}
@@ -426,6 +432,11 @@
%endif # _without_milter
%changelog
+* Sun Apr 30 2006 Enrico Scholz <enrico.scholz at informatik.tu-chemnitz.de> - 0.88.2-1
+- updated to 0.88.2 (SECURITY)
+- added patch which fixes wrong usage of strncpy(3) in unrarlib.c
+- added patch which fixes some classes of compiler warnings
+
* Thu Apr 06 2006 Enrico Scholz <enrico.scholz at informatik.tu-chemnitz.de> - 0.88.1-1
- updated to 0.88.1 (SECURITY)
- Previous message: rpms/clamav/FC-5 clamav-0.88.1-strncpy.patch, NONE, 1.1 clamav-0.88.1-guys, please-read-the-compiler-warnings-before-doing-a-release.patch, NONE, 1.1 sources, 1.15, 1.16 clamav.spec, 1.33, 1.34
- Next message: rpms/clamav/FC-3 clamav-0.88.2-guys, please-read-the-compiler-warnings-before-doing-a-release.patch, NONE, 1.1 clamav-0.88.1-strncpy.patch, NONE, 1.1 sources, 1.13, 1.14 clamav.spec, 1.21, 1.22
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list