[clamav/el5] - Upgrade to 0.97.5 - Fix CVE-2012-1419 clamav: specially-crafted POSIX tar files evade detection -

Robert Scheck robert at fedoraproject.org
Sun Jul 1 00:11:38 UTC 2012 

commit eb4c1b59ba05b9a228e6e1d420753c9066ffa6bb
Author: Robert Scheck <robert at fedoraproject.org>
Date:   Sun Jul 1 02:11:28 2012 +0200

    - Upgrade to 0.97.5
    - Fix CVE-2012-1419 clamav: specially-crafted POSIX tar files evade detection
    - Fix CVE-2012-1457 clamav: overly long length field in tar files evade detection
    - Fix CVE-2012-1443 clamav: specially-crafted RAR files evade detection
    - Fix CVE-2012-1458 clamav: specially-crafted CHM files evade detection
    - Fix CVE-2012-1459 clamav: specially-crafted length field in tar files evade detection
    - Ship local copy of virus database; it was removed by accident from 0.97.5 tarball

 .gitignore  |    8 ++++----
 clamav.spec |   29 +++++++++++++++++++++++------
 sources     |    4 +++-
 3 files changed, 30 insertions(+), 11 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index b09a0a5..b63678e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1,4 @@
-/clamav-0.97.2-norar.tar.xz
-/clamav-0.97.3.tar.gz
-/clamd-wrapper.tar.bz2
-/clamav-0.97.3-norar.tar.xz
+clamd-wrapper.tar.bz2
+clamav-0.97.5-norar.tar.xz
+main-54.cvd
+daily-15103.cvd
diff --git a/clamav.spec b/clamav.spec
index a38d4f3..ff10598 100644
--- a/clamav.spec
+++ b/clamav.spec
@@ -4,18 +4,23 @@
 
 Summary: Anti-virus software
 Name: clamav
-Version: 0.97.3
-Release: 3%{?dist}
+Version: 0.97.5
+Release: 1%{?dist}
 License: GPLv2
 Group: Applications/System
 URL: http://www.clamav.net/
 
 # Upstream source includes libunrar that is not distributable.
 #Source: http://downloads.sourceforge.net/clamav/clamav-%{version}.tar.gz
-Source0: clamav-0.97.3-norar.tar.xz
+Source0: clamav-0.97.5-norar.tar.xz
 Source1: clamav.init
 Source2: clamav-milter.init
 Source3: clamd-wrapper.tar.bz2
+
+# Temporary workaround for broken 0.97.5 tarball
+Source4: http://db.local.clamav.net/main-54.cvd
+Source5: http://db.local.clamav.net/daily-15050.cvd
+
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 BuildRequires: bzip2-devel, zlib-devel, gmp-devel, curl-devel, xz
@@ -261,6 +266,9 @@ touch %{buildroot}%{_localstatedir}/log/clamav/clamd.log
 install -d -m0755 %{buildroot}%{_localstatedir}/run/clamav/
 install -d -m0755 %{buildroot}%{_sysconfdir}/clamd.d/
 
+install -Dp -m0644 %{SOURCE4} %{buildroot}%{_localstatedir}/lib/clamav/main.cvd
+install -Dp -m0644 %{SOURCE5} %{buildroot}%{_localstatedir}/lib/clamav/daily.cvd
+
 %post
 /sbin/ldconfig
 
@@ -286,14 +294,14 @@ fi
 %pre
 getent group clam >/dev/null || groupadd -r clam
 getent passwd clam >/dev/null || \
-useradd -r -g clam -d /var/clamav -s /sbin/nologin \
+useradd -r -g clam -d /var/lib/clamav -s /sbin/nologin \
     -c "Clam Anti Virus Checker" clam
 exit 0
 
 %pre -n clamd
 getent group clam >/dev/null || groupadd -r clam
 getent passwd clam >/dev/null || \
-useradd -r -g clam -d /var/clamav -s /sbin/nologin \
+useradd -r -g clam -d /var/lib/clamav -s /sbin/nologin \
     -c "Clam Anti Virus Checker" clam
 exit 0
 
@@ -324,7 +332,7 @@ fi
 %pre db
 getent group clam >/dev/null || groupadd -r clam
 getent passwd clam >/dev/null || \
-useradd -r -g clam -d /var/clamav -s /sbin/nologin \
+useradd -r -g clam -d /var/lib/clamav -s /sbin/nologin \
     -c "Clam Anti Virus Checker" clam
 exit 0
 
@@ -409,6 +417,15 @@ rm -rf %{buildroot}
 %exclude %{_libdir}/libclamav.la
 
 %changelog
+* Sun Jul 01 2012 Robert Scheck <robert at fedoraproject.org> - 0.97.5-1
+- Upgrade to 0.97.5
+- Fix CVE-2012-1419 clamav: specially-crafted POSIX tar files evade detection
+- Fix CVE-2012-1457 clamav: overly long length field in tar files evade detection
+- Fix CVE-2012-1443 clamav: specially-crafted RAR files evade detection
+- Fix CVE-2012-1458 clamav: specially-crafted CHM files evade detection
+- Fix CVE-2012-1459 clamav: specially-crafted length field in tar files evade detection
+- Ship local copy of virus database; it was removed by accident from 0.97.5 tarball
+
 * Sun Jan 1 2012 Nick Bebout <nb at fedoraproject.org> - 0.97.3-3
 - Revert patch from 0.97.3-2
 
diff --git a/sources b/sources
index 47b00bc..14401b5 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,4 @@
-b319a3f31a16811f1a92d63cda592521  clamav-0.97.3-norar.tar.xz
+f8e88e6adc82349e5babfa6ee7bb98fa  clamav-0.97.5-norar.tar.xz
 e809f74ed139df2e4af3fafbca32f678  clamd-wrapper.tar.bz2
+eb12490fda87d602e476d4b163f8a34b  main-54.cvd
+1606d4b9dd4cf9658b22cb8bd135a0e3  daily-15103.cvd

More information about the scm-commits mailing list