Package: release.debian.org User: release.debian....@packages.debian.org Usertags: pu Tags: jessie Severity: normal
Clamav released 0.99.3. Recently upstream decided to release 0.99.2.1 as a security hostfix release only. However they then decided not to use a four digit version but three as usually and so the security hotfix is now 0.99.3. In unstable we have 0.99.3~beta2 which was a pre-release of the upcomming 0.99.3 before they decided to release a security fix. So in unstable we have a "beta2" which contains all the security fixes which are part of their final 0.99.3 release. Instead reverting all that stuff I prepared for the 0.99.3 I backported the delta from 0.99.2..0.99.3 and prepared an incremental 0.99.2 release for Jessie [0]. Clamav itself identifies as 0.99.3 because otherwise it will complain about being too old. I synced the queue with Stretch. One patch (which is new) the one addressing upstream bug#11549 [1] which triggered today. Upstream forgot to include it in their 0.99.3 release and I had it already in 0.99.2+dfsg-5 (as of Stretch). While upstream claims that this won't happen again with *their* signatures, it might happen with others/community and it *did* trigger earlier [2]. Please find attached a debdiff. The official announcement is at [3]. If you prefer another way of dealing with this please let me know. [0] A second pair of eyes wouldn't hurt, after all it is 2am here. [1] http://blog.clamav.net/2018/01/update-on-recent-file-descriptors-issue.html [2] https://bugs.debian.org/824196 [3] http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html Sebastian
diff -Nru clamav-0.99.2+dfsg/debian/changelog clamav-0.99.2+dfsg/debian/changelog --- clamav-0.99.2+dfsg/debian/changelog 2016-06-06 23:23:31.000000000 +0200 +++ clamav-0.99.2+dfsg/debian/changelog 2018-01-27 01:29:24.000000000 +0100 @@ -1,3 +1,15 @@ +clamav (0.99.2+dfsg-0+deb8u3) jessie; urgency=medium + + * Apply security patches from 0.99.3 (Closes: #888484): + - fixes for the following CVE's: CVE-2017-6418, CVE-2017-6420, + CVE-2017-12374, CVE-2017-12375, CVE-2017-12376, CVE-2017-12377, + CVE-2017-12378, CVE-2017-12379, CVE-2017-12380. + * Bump symbol version of cl_retflevel because CL_FLEVEL changed. + * Cherry-pick patch from bb11549 to fix a temp file cleanup issue + (Closes: #824196). + + -- Sebastian Andrzej Siewior <sebast...@breakpoint.cc> Sat, 27 Jan 2018 01:29:24 +0100 + clamav (0.99.2+dfsg-0+deb8u2) stable; urgency=medium * Don't fail if AllowSupplementaryGroups is still set in the config file but diff -Nru clamav-0.99.2+dfsg/debian/.git-dpm clamav-0.99.2+dfsg/debian/.git-dpm --- clamav-0.99.2+dfsg/debian/.git-dpm 2016-06-06 22:10:43.000000000 +0200 +++ clamav-0.99.2+dfsg/debian/.git-dpm 2018-01-27 01:27:48.000000000 +0100 @@ -1,6 +1,6 @@ # see git-dpm(1) from git-dpm package -279c06a817c13eb22dc3ade949ea8b4a8aea9825 -279c06a817c13eb22dc3ade949ea8b4a8aea9825 +f77af4292400e7652f3cc358933d3b79adf9432e +f77af4292400e7652f3cc358933d3b79adf9432e 48a96d2a3f0f4aca12f39f62a53fe1671a6e15a2 48a96d2a3f0f4aca12f39f62a53fe1671a6e15a2 clamav_0.99.2+dfsg.orig.tar.xz diff -Nru clamav-0.99.2+dfsg/debian/libclamav7.symbols clamav-0.99.2+dfsg/debian/libclamav7.symbols --- clamav-0.99.2+dfsg/debian/libclamav7.symbols 2016-05-19 18:40:20.000000000 +0200 +++ clamav-0.99.2+dfsg/debian/libclamav7.symbols 2018-01-27 01:28:11.000000000 +0100 @@ -63,7 +63,7 @@ cl_load_cert@CLAMAV_PRIVATE 0.99.2 cl_load_crl@CLAMAV_PRIVATE 0.99.2 cl_retdbdir@CLAMAV_PUBLIC 0.99~rc1 - cl_retflevel@CLAMAV_PUBLIC 0.99.1 + cl_retflevel@CLAMAV_PUBLIC 0.99.2+dfsg-6+deb9u1 cl_retver@CLAMAV_PUBLIC 0.99~rc1 cl_scandesc@CLAMAV_PUBLIC 0.99~rc1 cl_scandesc_callback@CLAMAV_PUBLIC 0.99~rc1 diff -Nru clamav-0.99.2+dfsg/debian/patches/b11939-adding-fix-as-recommended-by-bug-reporter-alo.patch clamav-0.99.2+dfsg/debian/patches/b11939-adding-fix-as-recommended-by-bug-reporter-alo.patch --- clamav-0.99.2+dfsg/debian/patches/b11939-adding-fix-as-recommended-by-bug-reporter-alo.patch 1970-01-01 01:00:00.000000000 +0100 +++ clamav-0.99.2+dfsg/debian/patches/b11939-adding-fix-as-recommended-by-bug-reporter-alo.patch 2018-01-27 01:27:48.000000000 +0100 @@ -0,0 +1,75 @@ +From a0b8b7e0408029869fbb85353d9f53d3347e20e7 Mon Sep 17 00:00:00 2001 +From: Micah Snyder <micas...@cisco.com> +Date: Sun, 29 Oct 2017 17:35:00 -0400 +Subject: b11939: adding fix as recommended by bug reporter along with a couple + extra lines to ensure freed pointers are set to NULL. + +Patch-Name: b11939-adding-fix-as-recommended-by-bug-reporter-alo.patch +--- + libclamav/mbox.c | 2 +- + libclamav/message.c | 4 +++- + libclamav/text.c | 10 +++++++--- + 3 files changed, 11 insertions(+), 5 deletions(-) + +diff --git a/libclamav/mbox.c b/libclamav/mbox.c +index 96bdbd2..8e48bb7 100644 +--- a/libclamav/mbox.c ++++ b/libclamav/mbox.c +@@ -2067,7 +2067,7 @@ parseEmailBody(message *messageIn, text *textIn, mbox_ctx *mctx, unsigned int re + * bother saving to scan, it's safe + */ + saveIt = (bool)(encodingLine(mainMessage) != NULL); +- else if((t_line = encodingLine(mainMessage)) != NULL) { ++ else if(mainMessage->body_last != NULL && (t_line = encodingLine(mainMessage)) != NULL) { + /* + * Some bounces include the message + * body without the headers. +diff --git a/libclamav/message.c b/libclamav/message.c +index 3856bfe..8afe800 100644 +--- a/libclamav/message.c ++++ b/libclamav/message.c +@@ -1068,8 +1068,10 @@ messageMoveText(message *m, text *t, message *old_message) + for(u = old_message->body_first; u != t;) { + text *next; + +- if(u->t_line) ++ if(u->t_line) { + lineUnlink(u->t_line); ++ u->t_line = NULL; ++ } + next = u->t_next; + + free(u); +diff --git a/libclamav/text.c b/libclamav/text.c +index 5c6e7ea..7d3c3a6 100644 +--- a/libclamav/text.c ++++ b/libclamav/text.c +@@ -124,8 +124,10 @@ textDestroy(text *t_head) + { + while(t_head) { + text *t_next = t_head->t_next; +- if(t_head->t_line) +- (void)lineUnlink(t_head->t_line); ++ if(t_head->t_line) { ++ lineUnlink(t_head->t_line); ++ t_head->t_line = NULL; ++ } + free(t_head); + t_head = t_next; + } +@@ -146,12 +148,14 @@ textCopy(const text *t_head) + } + + if(last == NULL) { +- cli_errmsg("textCopy: Unable to allocate memory to clone object\n"); ++ cli_errmsg("textCopy: Unable to allocate memory to clone object\n"); + if(first) + textDestroy(first); + return NULL; + } + ++ last->t_next = NULL; ++ + if(t_head->t_line) + last->t_line = lineLink(t_head->t_line); + else diff -Nru clamav-0.99.2+dfsg/debian/patches/bb111711-fix-zlib-version-check-patch-by-Daniel-J.-L.patch clamav-0.99.2+dfsg/debian/patches/bb111711-fix-zlib-version-check-patch-by-Daniel-J.-L.patch --- clamav-0.99.2+dfsg/debian/patches/bb111711-fix-zlib-version-check-patch-by-Daniel-J.-L.patch 1970-01-01 01:00:00.000000000 +0100 +++ clamav-0.99.2+dfsg/debian/patches/bb111711-fix-zlib-version-check-patch-by-Daniel-J.-L.patch 2018-01-27 01:27:48.000000000 +0100 @@ -0,0 +1,26 @@ +From 8ebab1805deba8913ef1941a1f5d51df58b01208 Mon Sep 17 00:00:00 2001 +From: Steven Morgan <stevm...@cisco.com> +Date: Thu, 5 Jan 2017 12:30:35 -0500 +Subject: bb111711 - fix zlib version check - patch by Daniel J. Luke. + +Patch-Name: bb111711-fix-zlib-version-check-patch-by-Daniel-J.-L.patch +--- + m4/reorganization/libs/libz.m4 | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/m4/reorganization/libs/libz.m4 b/m4/reorganization/libs/libz.m4 +index b5c7414..f7b67ca 100644 +--- a/m4/reorganization/libs/libz.m4 ++++ b/m4/reorganization/libs/libz.m4 +@@ -29,9 +29,9 @@ then + AC_MSG_ERROR([Please install zlib and zlib-devel packages]) + else + +- vuln=`grep "ZLIB_VERSION \"1.2.0" $ZLIB_HOME/include/zlib.h` ++ vuln=`grep "ZLIB_VERSION \"1.2.0\"" $ZLIB_HOME/include/zlib.h` + if test -z "$vuln"; then +- vuln=`grep "ZLIB_VERSION \"1.2.1" $ZLIB_HOME/include/zlib.h` ++ vuln=`grep "ZLIB_VERSION \"1.2.1\"" $ZLIB_HOME/include/zlib.h` + fi + + if test -n "$vuln"; then diff -Nru clamav-0.99.2+dfsg/debian/patches/bb11549-fix-temp-file-cleanup-issue.patch clamav-0.99.2+dfsg/debian/patches/bb11549-fix-temp-file-cleanup-issue.patch --- clamav-0.99.2+dfsg/debian/patches/bb11549-fix-temp-file-cleanup-issue.patch 1970-01-01 01:00:00.000000000 +0100 +++ clamav-0.99.2+dfsg/debian/patches/bb11549-fix-temp-file-cleanup-issue.patch 2018-01-27 01:27:48.000000000 +0100 @@ -0,0 +1,149 @@ +From 5f4c1e13c92a4540d0ceed8252d6112fa31a959a Mon Sep 17 00:00:00 2001 +From: Steven Morgan <smor...@sourcefire.com> +Date: Thu, 9 Jun 2016 14:06:23 -0400 +Subject: bb11549 - fix temp file cleanup issue. + +Patch-Name: bb11549-fix-temp-file-cleanup-issue.patch +--- + libclamav/scanners.c | 86 +++++++++++++++++++++++----------------------------- + 1 file changed, 38 insertions(+), 48 deletions(-) + +diff --git a/libclamav/scanners.c b/libclamav/scanners.c +index e104d2f..9536e3c 100644 +--- a/libclamav/scanners.c ++++ b/libclamav/scanners.c +@@ -1265,37 +1265,33 @@ static int cli_scanscript(cli_ctx *ctx) + return CL_CLEAN; + } + ++ if(!(normalized = cli_malloc(SCANBUFF + maxpatlen))) { ++ cli_dbgmsg("cli_scanscript: Unable to malloc %u bytes\n", SCANBUFF); ++ return CL_EMEM; ++ } ++ text_normalize_init(&state, normalized, SCANBUFF + maxpatlen); ++ ++ if ((ret = cli_ac_initdata(&tmdata, troot?troot->ac_partsigs:0, troot?troot->ac_lsigs:0, troot?troot->ac_reloff_num:0, CLI_DEFAULT_AC_TRACKLEN))) { ++ free(normalized); ++ return ret; ++ } ++ ++ if ((ret = cli_ac_initdata(&gmdata, groot->ac_partsigs, groot->ac_lsigs, groot->ac_reloff_num, CLI_DEFAULT_AC_TRACKLEN))) { ++ cli_ac_freedata(&tmdata); ++ free(normalized); ++ return ret; ++ } ++ + /* dump to disk only if explicitly asked to + * or if necessary to check relative offsets, + * otherwise we can process just in-memory */ + if(ctx->engine->keeptmp || (troot && troot->ac_reloff_num > 0)) { +- if((ret = cli_gentempfd(ctx->engine->tmpdir, &tmpname, &ofd))) { +- cli_dbgmsg("cli_scanscript: Can't generate temporary file/descriptor\n"); +- return ret; +- } +- if (ctx->engine->keeptmp) +- cli_dbgmsg("cli_scanscript: saving normalized file to %s\n", tmpname); +- } +- +- if(!(normalized = cli_malloc(SCANBUFF + maxpatlen))) { +- cli_dbgmsg("cli_scanscript: Unable to malloc %u bytes\n", SCANBUFF); +- free(tmpname); +- return CL_EMEM; +- } +- +- text_normalize_init(&state, normalized, SCANBUFF + maxpatlen); +- ret = CL_CLEAN; +- +- +- if ((ret = cli_ac_initdata(&tmdata, troot?troot->ac_partsigs:0, troot?troot->ac_lsigs:0, troot?troot->ac_reloff_num:0, CLI_DEFAULT_AC_TRACKLEN))) { +- free(tmpname); +- return ret; +- } +- +- if ((ret = cli_ac_initdata(&gmdata, groot->ac_partsigs, groot->ac_lsigs, groot->ac_reloff_num, CLI_DEFAULT_AC_TRACKLEN))) { +- cli_ac_freedata(&tmdata); +- free(tmpname); +- return ret; ++ if((ret = cli_gentempfd(ctx->engine->tmpdir, &tmpname, &ofd))) { ++ cli_dbgmsg("cli_scanscript: Can't generate temporary file/descriptor\n"); ++ goto done; ++ } ++ if (ctx->engine->keeptmp) ++ cli_dbgmsg("cli_scanscript: saving normalized file to %s\n", tmpname); + } + + mdata[0] = &tmdata; +@@ -1310,10 +1306,9 @@ static int cli_scanscript(cli_ctx *ctx) + map_off += written; + + if (write(ofd, state.out, state.out_pos) == -1) { +- cli_errmsg("cli_scanscript: can't write to file %s\n",tmpname); +- close(ofd); +- free(tmpname); +- return CL_EWRITE; ++ cli_errmsg("cli_scanscript: can't write to file %s\n",tmpname); ++ ret = CL_EWRITE; ++ goto done; + } + text_normalize_reset(&state); + } +@@ -1332,11 +1327,6 @@ static int cli_scanscript(cli_ctx *ctx) + funmap(*ctx->fmap); + } + *ctx->fmap = map; +- +- /* If we aren't keeping temps, delete the normalized file after scan. */ +- if(!(ctx->engine->keeptmp)) +- if (cli_unlink(tmpname)) ret = CL_EUNLINK; +- + } else { + /* Since the above is moderately costly all in all, + * do the old stuff if there's no relative offsets. */ +@@ -1344,11 +1334,8 @@ static int cli_scanscript(cli_ctx *ctx) + if (troot) { + cli_targetinfo(&info, 7, map); + ret = cli_ac_caloff(troot, &tmdata, &info); +- if (ret) { +- cli_ac_freedata(&tmdata); +- free(tmpname); +- return ret; +- } ++ if (ret) ++ goto done; + } + + while(1) { +@@ -1389,13 +1376,6 @@ static int cli_scanscript(cli_ctx *ctx) + + } + +- if(ctx->engine->keeptmp) { +- free(tmpname); +- if (ofd >= 0) +- close(ofd); +- } +- free(normalized); +- + if(ret != CL_VIRUS || SCAN_ALL) { + if ((ret = cli_exp_eval(ctx, troot, &tmdata, NULL, NULL)) == CL_VIRUS) + viruses_found++; +@@ -1404,9 +1384,19 @@ static int cli_scanscript(cli_ctx *ctx) + viruses_found++; + } + ++done: ++ free(normalized); + cli_ac_freedata(&tmdata); + cli_ac_freedata(&gmdata); + ++ if (ofd != -1) ++ close(ofd); ++ if (tmpname != NULL) { ++ if (!ctx->engine->keeptmp) ++ cli_unlink(tmpname); ++ free(tmpname); ++ } ++ + if (SCAN_ALL && viruses_found) + return CL_VIRUS; + diff -Nru clamav-0.99.2+dfsg/debian/patches/bb11797-fix-invalid-read-in-fuzzed-mail-file.patch clamav-0.99.2+dfsg/debian/patches/bb11797-fix-invalid-read-in-fuzzed-mail-file.patch --- clamav-0.99.2+dfsg/debian/patches/bb11797-fix-invalid-read-in-fuzzed-mail-file.patch 1970-01-01 01:00:00.000000000 +0100 +++ clamav-0.99.2+dfsg/debian/patches/bb11797-fix-invalid-read-in-fuzzed-mail-file.patch 2018-01-27 01:27:48.000000000 +0100 @@ -0,0 +1,38 @@ +From 9af868f087b2065c69227fc864c999f6d6005129 Mon Sep 17 00:00:00 2001 +From: Steven Morgan <stevm...@cisco.com> +Date: Thu, 2 Mar 2017 14:41:20 -0500 +Subject: bb11797 - fix invalid read in fuzzed mail file. + +Patch-Name: bb11797-fix-invalid-read-in-fuzzed-mail-file.patch +--- + libclamav/message.c | 10 +++++++--- + 1 file changed, 7 insertions(+), 3 deletions(-) + +diff --git a/libclamav/message.c b/libclamav/message.c +index abb1ac2..3856bfe 100644 +--- a/libclamav/message.c ++++ b/libclamav/message.c +@@ -439,8 +439,12 @@ messageAddArgument(message *m, const char *arg) + * FIXME: Bounce message handling is corrupting the in + * core copies of headers + */ +- cli_dbgmsg("Possible data corruption fixed\n"); +- p[8] = '='; ++ if (strlen(p) > 8) { ++ cli_dbgmsg("Possible data corruption fixed\n"); ++ p[8] = '='; ++ } else { ++ cli_dbgmsg("Possible data corruption not fixed\n"); ++ } + } else { + if(*p) + cli_dbgmsg("messageAddArgument, '%s' contains no '='\n", p); +@@ -676,7 +680,7 @@ messageFindArgument(const message *m, const char *variable) + cli_dbgmsg("messageFindArgument: no '=' sign found in MIME header '%s' (%s)\n", variable, messageGetArgument(m, i)); + return NULL; + } +- if((*++ptr == '"') && (strchr(&ptr[1], '"') != NULL)) { ++ if((strlen(ptr) > 2) && (*++ptr == '"') && (strchr(&ptr[1], '"') != NULL)) { + /* Remove any quote characters */ + char *ret = cli_strdup(++ptr); + char *p; diff -Nru clamav-0.99.2+dfsg/debian/patches/bb11798-fix-unit-tests.patch clamav-0.99.2+dfsg/debian/patches/bb11798-fix-unit-tests.patch --- clamav-0.99.2+dfsg/debian/patches/bb11798-fix-unit-tests.patch 1970-01-01 01:00:00.000000000 +0100 +++ clamav-0.99.2+dfsg/debian/patches/bb11798-fix-unit-tests.patch 2018-01-27 01:27:48.000000000 +0100 @@ -0,0 +1,45 @@ +From d915808a16fa93d5999457078e2f2a4979b8585f Mon Sep 17 00:00:00 2001 +From: Steven Morgan <stevm...@cisco.com> +Date: Wed, 8 Mar 2017 08:58:28 -0500 +Subject: bb11798 - fix unit tests. + +Patch-Name: bb11798-fix-unit-tests.patch +--- + libclamav/wwunpack.c | 9 +++------ + unit_tests/check_jsnorm.c | 2 +- + 2 files changed, 4 insertions(+), 7 deletions(-) + +diff --git a/libclamav/wwunpack.c b/libclamav/wwunpack.c +index 38c1808..a13550e 100644 +--- a/libclamav/wwunpack.c ++++ b/libclamav/wwunpack.c +@@ -226,13 +226,10 @@ int wwunpack(uint8_t *exe, uint32_t exesz, uint8_t *wwsect, struct cli_exe_secti + return CL_EFORMAT; + exe[pe+6]=(uint8_t)scount; + exe[pe+7]=(uint8_t)(scount>>8); +- if (!CLI_ISCONTAINED(wwsect, sects[scount].rsz, wwsect+0x295, 4) || +- !CLI_ISCONTAINED(wwsect, sects[scount].rsz, wwsect+0x295+sects[scount].rva, 4) || +- !CLI_ISCONTAINED(wwsect, sects[scount].rsz, wwsect+0x295+sects[scount].rva+0x299, 4)) { ++ if (!CLI_ISCONTAINED(wwsect, sects[scount].rsz, wwsect+0x295, 4)) + cli_dbgmsg("WWPack: unpack memory address out of bounds.\n"); +- return CL_EFORMAT; +- } +- cli_writeint32(&exe[pe+0x28], cli_readint32(wwsect+0x295)+sects[scount].rva+0x299); ++ else ++ cli_writeint32(&exe[pe+0x28], cli_readint32(wwsect+0x295)+sects[scount].rva+0x299); + cli_writeint32(&exe[pe+0x50], cli_readint32(&exe[pe+0x50])-sects[scount].vsz); + + structs = &exe[(0xffff&cli_readint32(&exe[pe+0x14]))+pe+0x18]; +diff --git a/unit_tests/check_jsnorm.c b/unit_tests/check_jsnorm.c +index 7515a0c..9587ea4 100644 +--- a/unit_tests/check_jsnorm.c ++++ b/unit_tests/check_jsnorm.c +@@ -145,7 +145,7 @@ END_TEST + + START_TEST (test_token_dval) + { +- int val = 0.12345; ++ double val = 0.12345; + yystype tok; + memset(&tok, 0, sizeof(tok)); + diff -Nru clamav-0.99.2+dfsg/debian/patches/bb11940-fixing-heap-overflow-in-rfc2037.-Patch-submi.patch clamav-0.99.2+dfsg/debian/patches/bb11940-fixing-heap-overflow-in-rfc2037.-Patch-submi.patch --- clamav-0.99.2+dfsg/debian/patches/bb11940-fixing-heap-overflow-in-rfc2037.-Patch-submi.patch 1970-01-01 01:00:00.000000000 +0100 +++ clamav-0.99.2+dfsg/debian/patches/bb11940-fixing-heap-overflow-in-rfc2037.-Patch-submi.patch 2018-01-27 01:27:48.000000000 +0100 @@ -0,0 +1,24 @@ +From 459a5d7d2d8c90168dba26e7a9110d4fb649c217 Mon Sep 17 00:00:00 2001 +From: Mickey Sola <ms...@sourcefire.com> +Date: Fri, 27 Oct 2017 17:24:33 -0400 +Subject: bb11940 - fixing heap overflow in rfc2037. Patch submitted by Suleman + Ali + +Patch-Name: bb11940-fixing-heap-overflow-in-rfc2037.-Patch-submi.patch +--- + libclamav/mbox.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libclamav/mbox.c b/libclamav/mbox.c +index 8e48bb7..13edb78 100644 +--- a/libclamav/mbox.c ++++ b/libclamav/mbox.c +@@ -2842,7 +2842,7 @@ rfc2047(const char *in) + memcpy(pout, blobGetData(b), len); + blobDestroy(b); + messageDestroy(m); +- if(pout[len - 1] == '\n') ++ if(len > 0 && pout[len - 1] == '\n') + pout += len - 1; + else + pout += len; diff -Nru clamav-0.99.2+dfsg/debian/patches/bb11941-fixing-UAF-in-mbox-exportBounceMessage.-Orig.patch clamav-0.99.2+dfsg/debian/patches/bb11941-fixing-UAF-in-mbox-exportBounceMessage.-Orig.patch --- clamav-0.99.2+dfsg/debian/patches/bb11941-fixing-UAF-in-mbox-exportBounceMessage.-Orig.patch 1970-01-01 01:00:00.000000000 +0100 +++ clamav-0.99.2+dfsg/debian/patches/bb11941-fixing-UAF-in-mbox-exportBounceMessage.-Orig.patch 2018-01-27 01:27:48.000000000 +0100 @@ -0,0 +1,27 @@ +From acee9409a1751a76cb95ef380be6d57c75690a45 Mon Sep 17 00:00:00 2001 +From: Mickey Sola <ms...@sourcefire.com> +Date: Mon, 30 Oct 2017 16:39:54 -0400 +Subject: bb11941 - fixing UAF in mbox exportBounceMessage. Original patch + submitted by Suleman Ali + +Patch-Name: bb11941-fixing-UAF-in-mbox-exportBounceMessage.-Orig.patch +--- + libclamav/mbox.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/libclamav/mbox.c b/libclamav/mbox.c +index 13edb78..3df2ae0 100644 +--- a/libclamav/mbox.c ++++ b/libclamav/mbox.c +@@ -2053,8 +2053,9 @@ parseEmailBody(message *messageIn, text *textIn, mbox_ctx *mctx, unsigned int re + /* + * Look for uu-encoded main file + */ +- if((encodingLine(mainMessage) != NULL) && +- ((t_line = bounceBegin(mainMessage)) != NULL)) ++ if(mainMessage->body_first != NULL && ++ (encodingLine(mainMessage) != NULL) && ++ ((t_line = bounceBegin(mainMessage)) != NULL)) + rc = (exportBounceMessage(mctx, t_line) == CL_VIRUS) ? VIRUS : OK; + else { + bool saveIt; diff -Nru clamav-0.99.2+dfsg/debian/patches/bb11943-add-check-to-mew.c-for-out-of-bounds-read.-P.patch clamav-0.99.2+dfsg/debian/patches/bb11943-add-check-to-mew.c-for-out-of-bounds-read.-P.patch --- clamav-0.99.2+dfsg/debian/patches/bb11943-add-check-to-mew.c-for-out-of-bounds-read.-P.patch 1970-01-01 01:00:00.000000000 +0100 +++ clamav-0.99.2+dfsg/debian/patches/bb11943-add-check-to-mew.c-for-out-of-bounds-read.-P.patch 2018-01-27 01:27:48.000000000 +0100 @@ -0,0 +1,24 @@ +From 0b00a85dfdb2133cc244016d4b6d97387a73521a Mon Sep 17 00:00:00 2001 +From: Steven Morgan <stevm...@cisco.com> +Date: Fri, 27 Oct 2017 16:52:29 -0400 +Subject: bb11943 - add check to mew.c for out of bounds read. Patch supplied + by Suleman Ali. + +Patch-Name: bb11943-add-check-to-mew.c-for-out-of-bounds-read.-P.patch +--- + libclamav/mew.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/libclamav/mew.c b/libclamav/mew.c +index 0e0c011..14d2bc2 100644 +--- a/libclamav/mew.c ++++ b/libclamav/mew.c +@@ -424,6 +424,8 @@ int mew_lzma(char *orgsource, const char *buf, uint32_t size_sum, uint32_t vma, + loc_edi = 1; + var14 = var10 = var24 = 1; + ++ if(CLI_ISCONTAINED(orgsource, size_sum, var2C, 5)) ++ return -1; + lzma_bswap_4861dc(&var40, var2C); + new_edx = 0; + } while (var28 <= loc_esi); /* source = 0 */ diff -Nru clamav-0.99.2+dfsg/debian/patches/bb11943-buffer-check-for-mew-packed-files.patch clamav-0.99.2+dfsg/debian/patches/bb11943-buffer-check-for-mew-packed-files.patch --- clamav-0.99.2+dfsg/debian/patches/bb11943-buffer-check-for-mew-packed-files.patch 1970-01-01 01:00:00.000000000 +0100 +++ clamav-0.99.2+dfsg/debian/patches/bb11943-buffer-check-for-mew-packed-files.patch 2018-01-27 01:27:48.000000000 +0100 @@ -0,0 +1,23 @@ +From 4dcc150500a9a75c2bfca53df222d88171dbdf81 Mon Sep 17 00:00:00 2001 +From: Steven Morgan <stevm...@cisco.com> +Date: Wed, 15 Nov 2017 10:46:39 -0500 +Subject: bb11943 - buffer check for mew packed files. + +Patch-Name: bb11943-buffer-check-for-mew-packed-files.patch +--- + libclamav/mew.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libclamav/mew.c b/libclamav/mew.c +index 14d2bc2..e5fb1f4 100644 +--- a/libclamav/mew.c ++++ b/libclamav/mew.c +@@ -424,7 +424,7 @@ int mew_lzma(char *orgsource, const char *buf, uint32_t size_sum, uint32_t vma, + loc_edi = 1; + var14 = var10 = var24 = 1; + +- if(CLI_ISCONTAINED(orgsource, size_sum, var2C, 5)) ++ if(!CLI_ISCONTAINED(orgsource, size_sum, var2C, 5)) + return -1; + lzma_bswap_4861dc(&var40, var2C); + new_edx = 0; diff -Nru clamav-0.99.2+dfsg/debian/patches/bb11944-fix-possible-message.c-OOB-read.patch clamav-0.99.2+dfsg/debian/patches/bb11944-fix-possible-message.c-OOB-read.patch --- clamav-0.99.2+dfsg/debian/patches/bb11944-fix-possible-message.c-OOB-read.patch 1970-01-01 01:00:00.000000000 +0100 +++ clamav-0.99.2+dfsg/debian/patches/bb11944-fix-possible-message.c-OOB-read.patch 2018-01-27 01:27:48.000000000 +0100 @@ -0,0 +1,32 @@ +From 1e7ec05f6e9cf571b5cd082ac9c9110532b541b9 Mon Sep 17 00:00:00 2001 +From: Steven Morgan <stevm...@cisco.com> +Date: Wed, 1 Nov 2017 16:23:23 -0400 +Subject: bb11944 - fix possible message.c OOB read. + +Patch-Name: bb11944-fix-possible-message.c-OOB-read.patch +--- + libclamav/message.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/libclamav/message.c b/libclamav/message.c +index 8afe800..59d92f7 100644 +--- a/libclamav/message.c ++++ b/libclamav/message.c +@@ -2323,15 +2323,16 @@ rfc2231(const char *in) + in++; + continue; + } +- *p = '\0'; + break; + case '=': + /*strcpy(p, in);*/ + strcpy(p, "=rfc2231failure"); ++ p += strlen ("=rfc2231failure"); + break; + } + break; + } while(*in); ++ *p = '\0'; + + cli_dbgmsg("RFC2231 parameter continuations are not yet handled, returning \"%s\"\n", + ret); diff -Nru clamav-0.99.2+dfsg/debian/patches/bb11945-fixing-null-dereference-of-blob-pointer.patch clamav-0.99.2+dfsg/debian/patches/bb11945-fixing-null-dereference-of-blob-pointer.patch --- clamav-0.99.2+dfsg/debian/patches/bb11945-fixing-null-dereference-of-blob-pointer.patch 1970-01-01 01:00:00.000000000 +0100 +++ clamav-0.99.2+dfsg/debian/patches/bb11945-fixing-null-dereference-of-blob-pointer.patch 2018-01-27 01:27:48.000000000 +0100 @@ -0,0 +1,25 @@ +From fc2edb6c59a7f11c76c48a1e425e69b1084a9d71 Mon Sep 17 00:00:00 2001 +From: Mickey Sola <ms...@sourcefire.com> +Date: Fri, 27 Oct 2017 17:04:32 -0400 +Subject: bb11945 - fixing null dereference of blob pointer + +Patch-Name: bb11945-fixing-null-dereference-of-blob-pointer.patch +--- + libclamav/mbox.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/libclamav/mbox.c b/libclamav/mbox.c +index 3df2ae0..9926896 100644 +--- a/libclamav/mbox.c ++++ b/libclamav/mbox.c +@@ -2837,6 +2837,10 @@ rfc2047(const char *in) + break; + } + b = messageToBlob(m, 1); ++ if (b == NULL) { ++ messageDestroy(m); ++ break; ++ } + len = blobGetDataSize(b); + cli_dbgmsg("Decoded as '%*.*s'\n", (int)len, (int)len, + (const char *)blobGetData(b)); diff -Nru clamav-0.99.2+dfsg/debian/patches/bb11946-check-that-tar-checksum-is-within-bounds.-Pa.patch clamav-0.99.2+dfsg/debian/patches/bb11946-check-that-tar-checksum-is-within-bounds.-Pa.patch --- clamav-0.99.2+dfsg/debian/patches/bb11946-check-that-tar-checksum-is-within-bounds.-Pa.patch 1970-01-01 01:00:00.000000000 +0100 +++ clamav-0.99.2+dfsg/debian/patches/bb11946-check-that-tar-checksum-is-within-bounds.-Pa.patch 2018-01-27 01:27:48.000000000 +0100 @@ -0,0 +1,25 @@ +From 4152f365f374816ac83649c7ccf0c7f01e6e9685 Mon Sep 17 00:00:00 2001 +From: Steven Morgan <stevm...@cisco.com> +Date: Fri, 27 Oct 2017 16:03:29 -0400 +Subject: bb11946 - check that tar checksum is within bounds. Patch supplied by + Suleman Ali. + +Patch-Name: bb11946-check-that-tar-checksum-is-within-bounds.-Pa.patch +--- + libclamav/untar.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/libclamav/untar.c b/libclamav/untar.c +index 3f72cec..dcdf966 100644 +--- a/libclamav/untar.c ++++ b/libclamav/untar.c +@@ -182,6 +182,9 @@ cli_untar(const char *dir, unsigned int posix, cli_ctx *ctx) + if((ret=cli_checklimits("cli_untar", ctx, 0, 0, 0))!=CL_CLEAN) + return ret; + ++ if (nread < TARCHECKSUMOFFSET + TARCHECKSUMLEN) ++ return ret; ++ + checksum = getchecksum(block); + cli_dbgmsg("cli_untar: Candidate checksum = %d, [%o in octal]\n", checksum, checksum); + if(testchecksum(block, checksum) != 0) { diff -Nru clamav-0.99.2+dfsg/debian/patches/bb19798-fix-out-of-bound-memory-access-for-crafted-w.patch clamav-0.99.2+dfsg/debian/patches/bb19798-fix-out-of-bound-memory-access-for-crafted-w.patch --- clamav-0.99.2+dfsg/debian/patches/bb19798-fix-out-of-bound-memory-access-for-crafted-w.patch 1970-01-01 01:00:00.000000000 +0100 +++ clamav-0.99.2+dfsg/debian/patches/bb19798-fix-out-of-bound-memory-access-for-crafted-w.patch 2018-01-27 01:27:48.000000000 +0100 @@ -0,0 +1,27 @@ +From dc6ea4977e8030fff9a3dc762ab56a0e3b3b77f5 Mon Sep 17 00:00:00 2001 +From: Steven Morgan <stevm...@cisco.com> +Date: Fri, 3 Mar 2017 13:56:28 -0500 +Subject: bb19798 - fix out of bound memory access for crafted wwunpack file. + +Patch-Name: bb19798-fix-out-of-bound-memory-access-for-crafted-w.patch +--- + libclamav/wwunpack.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/libclamav/wwunpack.c b/libclamav/wwunpack.c +index 8611cb6..38c1808 100644 +--- a/libclamav/wwunpack.c ++++ b/libclamav/wwunpack.c +@@ -226,6 +226,12 @@ int wwunpack(uint8_t *exe, uint32_t exesz, uint8_t *wwsect, struct cli_exe_secti + return CL_EFORMAT; + exe[pe+6]=(uint8_t)scount; + exe[pe+7]=(uint8_t)(scount>>8); ++ if (!CLI_ISCONTAINED(wwsect, sects[scount].rsz, wwsect+0x295, 4) || ++ !CLI_ISCONTAINED(wwsect, sects[scount].rsz, wwsect+0x295+sects[scount].rva, 4) || ++ !CLI_ISCONTAINED(wwsect, sects[scount].rsz, wwsect+0x295+sects[scount].rva+0x299, 4)) { ++ cli_dbgmsg("WWPack: unpack memory address out of bounds.\n"); ++ return CL_EFORMAT; ++ } + cli_writeint32(&exe[pe+0x28], cli_readint32(wwsect+0x295)+sects[scount].rva+0x299); + cli_writeint32(&exe[pe+0x50], cli_readint32(&exe[pe+0x50])-sects[scount].vsz); + diff -Nru clamav-0.99.2+dfsg/debian/patches/Better-fix-for-bug-11946.patch clamav-0.99.2+dfsg/debian/patches/Better-fix-for-bug-11946.patch --- clamav-0.99.2+dfsg/debian/patches/Better-fix-for-bug-11946.patch 1970-01-01 01:00:00.000000000 +0100 +++ clamav-0.99.2+dfsg/debian/patches/Better-fix-for-bug-11946.patch 2018-01-27 01:27:48.000000000 +0100 @@ -0,0 +1,46 @@ +From d349516b2685d7e917719dab61919601cbd15f92 Mon Sep 17 00:00:00 2001 +From: Craig Davison <crdav...@cisco.com> +Date: Wed, 1 Nov 2017 13:34:20 -0600 +Subject: Better fix for bug 11946 + +Signed-off-by: Steven Morgan <stevm...@cisco.com> +Patch-Name: Better-fix-for-bug-11946.patch +--- + libclamav/untar.c | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +diff --git a/libclamav/untar.c b/libclamav/untar.c +index dcdf966..c645305 100644 +--- a/libclamav/untar.c ++++ b/libclamav/untar.c +@@ -43,7 +43,9 @@ + #include "scanners.h" + #include "matcher.h" + +-#define BLOCKSIZE 512 ++#define TARHEADERSIZE 512 ++/* BLOCKSIZE must be >= TARHEADERSIZE */ ++#define BLOCKSIZE TARHEADERSIZE + #define TARSIZEOFFSET 124 + #define TARSIZELEN 12 + #define TARCHECKSUMOFFSET 148 +@@ -182,8 +184,9 @@ cli_untar(const char *dir, unsigned int posix, cli_ctx *ctx) + if((ret=cli_checklimits("cli_untar", ctx, 0, 0, 0))!=CL_CLEAN) + return ret; + +- if (nread < TARCHECKSUMOFFSET + TARCHECKSUMLEN) +- return ret; ++ if (nread < TARHEADERSIZE) { ++ return CL_CLEAN; ++ } + + checksum = getchecksum(block); + cli_dbgmsg("cli_untar: Candidate checksum = %d, [%o in octal]\n", checksum, checksum); +@@ -200,7 +203,6 @@ cli_untar(const char *dir, unsigned int posix, cli_ctx *ctx) + cli_dbgmsg("cli_untar: Checksum %d is valid.\n", checksum); + } + +- /* Notice assumption that BLOCKSIZE > 262 */ + if(posix) { + strncpy(magic, block+257, 5); + magic[5] = '\0'; diff -Nru clamav-0.99.2+dfsg/debian/patches/series clamav-0.99.2+dfsg/debian/patches/series --- clamav-0.99.2+dfsg/debian/patches/series 2016-06-06 22:10:43.000000000 +0200 +++ clamav-0.99.2+dfsg/debian/patches/series 2018-01-27 01:27:48.000000000 +0100 @@ -8,3 +8,19 @@ libclamav-use-libmspack.patch drop-AllowSupplementaryGroups-option-and-make-it-def.patch ingore-AllowSupplementaryGroups-option.patch +bb11549-fix-temp-file-cleanup-issue.patch +bb11797-fix-invalid-read-in-fuzzed-mail-file.patch +bb19798-fix-out-of-bound-memory-access-for-crafted-w.patch +b11939-adding-fix-as-recommended-by-bug-reporter-alo.patch +bb11940-fixing-heap-overflow-in-rfc2037.-Patch-submi.patch +bb11941-fixing-UAF-in-mbox-exportBounceMessage.-Orig.patch +bb11943-add-check-to-mew.c-for-out-of-bounds-read.-P.patch +bb11943-buffer-check-for-mew-packed-files.patch +bb11944-fix-possible-message.c-OOB-read.patch +bb11945-fixing-null-dereference-of-blob-pointer.patch +bb11946-check-that-tar-checksum-is-within-bounds.-Pa.patch +Better-fix-for-bug-11946.patch +bb111711-fix-zlib-version-check-patch-by-Daniel-J.-L.patch +bb11798-fix-unit-tests.patch +Updating-version-numbers-and-adding-information-abou.patch +setting-version-for-security-release-to-0.99.3.patch diff -Nru clamav-0.99.2+dfsg/debian/patches/setting-version-for-security-release-to-0.99.3.patch clamav-0.99.2+dfsg/debian/patches/setting-version-for-security-release-to-0.99.3.patch --- clamav-0.99.2+dfsg/debian/patches/setting-version-for-security-release-to-0.99.3.patch 1970-01-01 01:00:00.000000000 +0100 +++ clamav-0.99.2+dfsg/debian/patches/setting-version-for-security-release-to-0.99.3.patch 2018-01-27 01:27:48.000000000 +0100 @@ -0,0 +1,111 @@ +From f77af4292400e7652f3cc358933d3b79adf9432e Mon Sep 17 00:00:00 2001 +From: Micah Snyder <micas...@cisco.com> +Date: Mon, 22 Jan 2018 20:25:02 -0500 +Subject: setting version for security release to 0.99.3 + +Patch-Name: setting-version-for-security-release-to-0.99.3.patch +--- + ChangeLog | 4 ++-- + README | 4 ++-- + configure.ac | 2 +- + docs/clamdoc.tex | 3 ++- + libclamav/others.h | 4 ++-- + m4/reorganization/version.m4 | 2 +- + 6 files changed, 10 insertions(+), 9 deletions(-) + +diff --git a/ChangeLog b/ChangeLog +index 6fa1619..1a70aae 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -1,6 +1,6 @@ +-Mon, 18 Jan 2018 12:45:00 -0500 (Steven Morgan) ++Mon, 22 Jan 2018 19:33:00 -0500 (Micah Snyder) + ------------------------------------------ +- * ClamAV 0.99.2.1 security patch release. ++ * ClamAV 0.99.3 security patch release. + + Thu, 22 Apr 2016 12:45:00 -0500 (Steven Morgan) + ------------------------------------------ +diff --git a/README b/README +index 059ea90..3fc3284 100644 +--- a/README ++++ b/README +@@ -2,10 +2,10 @@ Note: This README/NEWS file refers to the source tarball. Some things described + here may not be available in binary packages. + -- + +-0.99.2.1 ++0.99.3 + ------ + +-ClamAV 0.99.2.1 is a hotfix release to patch a set of vulnerabilities. ++ClamAV 0.99.3 is a hotfix release to patch a set of vulnerabilities. + + - fixes for the following CVE's: CVE-2017-6418, CVE-2017-6420, + CVE-2017-12374, CVE-2017-12375, CVE-2017-12376, CVE-2017-12377, +diff --git a/configure.ac b/configure.ac +index 7eb8c05..7f338f8 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -20,7 +20,7 @@ dnl MA 02110-1301, USA. + AC_PREREQ([2.59]) + dnl For a release change [devel] to the real version [0.xy] + dnl also change VERSION below +-AC_INIT([ClamAV], [0.99.2.1], [http://bugs.clamav.net/], [clamav], [http://www.clamav.net/]) ++AC_INIT([ClamAV], [0.99.3], [http://bugs.clamav.net/], [clamav], [http://www.clamav.net/]) + + AH_BOTTOM([#include "platform.h"]) + dnl put configure auxiliary into config +diff --git a/docs/clamdoc.tex b/docs/clamdoc.tex +index cb996af..82b4b88 100644 +--- a/docs/clamdoc.tex ++++ b/docs/clamdoc.tex +@@ -72,7 +72,7 @@ + \vspace{3cm} + \begin{flushright} + \rule[-1ex]{8cm}{3pt}\\ +- \huge Clam AntiVirus 0.99.2.1\\ ++ \huge Clam AntiVirus 0.99.3\\ + \huge \emph{User Manual}\\ + \end{flushright} + +@@ -85,6 +85,7 @@ + \begin{boxedminipage}[b]{\textwidth} + ClamAV User Manual, + 87d ++88d + \copyright \ 2016 Cisco Systems, Inc. + Authors: Tomasz Kojm\\ + This document is distributed under the terms of the GNU General +diff --git a/libclamav/others.h b/libclamav/others.h +index e91e293..df2923b 100644 +--- a/libclamav/others.h ++++ b/libclamav/others.h +@@ -1,5 +1,5 @@ + /* +- * Copyright (C) 2015 Cisco Systems, Inc. and/or its affiliates. All rights reserved. ++ * Copyright (C) 2015, 2018 Cisco Systems, Inc. and/or its affiliates. All rights reserved. + * Copyright (C) 2007-2013 Sourcefire, Inc. + * + * Authors: Tomasz Kojm +@@ -72,7 +72,7 @@ + * in re-enabling affected modules. + */ + +-#define CL_FLEVEL 82 ++#define CL_FLEVEL 84 + #define CL_FLEVEL_DCONF CL_FLEVEL + #define CL_FLEVEL_SIGTOOL CL_FLEVEL + +diff --git a/m4/reorganization/version.m4 b/m4/reorganization/version.m4 +index e3c3dfc..6e8d538 100644 +--- a/m4/reorganization/version.m4 ++++ b/m4/reorganization/version.m4 +@@ -1,6 +1,6 @@ + dnl change this on a release + dnl VERSION="devel-`date +%Y%m%d`" +-VERSION="0.99.2.1" ++VERSION="0.99.3" + + LC_CURRENT=8 + LC_REVISION=1 diff -Nru clamav-0.99.2+dfsg/debian/patches/Updating-version-numbers-and-adding-information-abou.patch clamav-0.99.2+dfsg/debian/patches/Updating-version-numbers-and-adding-information-abou.patch --- clamav-0.99.2+dfsg/debian/patches/Updating-version-numbers-and-adding-information-abou.patch 1970-01-01 01:00:00.000000000 +0100 +++ clamav-0.99.2+dfsg/debian/patches/Updating-version-numbers-and-adding-information-abou.patch 2018-01-27 01:27:48.000000000 +0100 @@ -0,0 +1,133 @@ +From fa38b9113bd0c3d231e1151b995a476374769eff Mon Sep 17 00:00:00 2001 +From: Micah Snyder <micas...@cisco.com> +Date: Thu, 18 Jan 2018 11:27:39 -0500 +Subject: Updating version numbers and adding information about the security + patch release to the readme. + +Patch-Name: Updating-version-numbers-and-adding-information-abou.patch +--- + ChangeLog | 4 ++++ + README | 25 ++++++++++++++++++++++++- + configure.ac | 2 +- + docs/clamdoc.tex | 7 ++++--- + m4/reorganization/version.m4 | 2 +- + 5 files changed, 34 insertions(+), 6 deletions(-) + +diff --git a/ChangeLog b/ChangeLog +index 337d953..6fa1619 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -1,3 +1,7 @@ ++Mon, 18 Jan 2018 12:45:00 -0500 (Steven Morgan) ++------------------------------------------ ++ * ClamAV 0.99.2.1 security patch release. ++ + Thu, 22 Apr 2016 12:45:00 -0500 (Steven Morgan) + ------------------------------------------ + * ClamAV 0.99.2 release. +diff --git a/README b/README +index 0059252..059ea90 100644 +--- a/README ++++ b/README +@@ -2,6 +2,29 @@ Note: This README/NEWS file refers to the source tarball. Some things described + here may not be available in binary packages. + -- + ++0.99.2.1 ++------ ++ ++ClamAV 0.99.2.1 is a hotfix release to patch a set of vulnerabilities. ++ ++ - fixes for the following CVE's: CVE-2017-6418, CVE-2017-6420, ++ CVE-2017-12374, CVE-2017-12375, CVE-2017-12376, CVE-2017-12377, ++ CVE-2017-12378, CVE-2017-12379, CVE-2017-12380. ++ - also included are 2 minor fixes to properly detect openssl install ++ locations on FreeBSD 11, and prevent false warnings about zlib 1.2.1# ++ version numbers. ++ ++Thank you to the following ClamAV community members for your code ++submissions and bug reports! ++ ++Alberto Garcia ++Daniel J. Luke ++Francisco Oca ++Sebastian A. Siewior ++Suleman Ali ++ ++Special thanks to Offensive Research at Salesforce.com for responsible disclosure. ++ + 0.99.2 + ------ + +@@ -2052,7 +2075,7 @@ document and contact our administrator - Luca Gibelli <nervous*clamav.net>. + -) documentation: + + new Spanish documentation on ClamAV and Sendmail integration by + Erick Ivaan Lopez Carreon +- + included clamdoc.pdf Turkish translation by yavuz kaya and Ýbrahim erken ++ + included clamdoc.pdf Turkish translation by yavuz kaya and �brahim erken + + included clamav-mirror-howto.pdf by Luca Gibelli + + included clamd+daemontools HOWTO by Jesse D. Guardiani + + included signatures.pdf +diff --git a/configure.ac b/configure.ac +index 289a0b9..7eb8c05 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -20,7 +20,7 @@ dnl MA 02110-1301, USA. + AC_PREREQ([2.59]) + dnl For a release change [devel] to the real version [0.xy] + dnl also change VERSION below +-AC_INIT([ClamAV], [0.99.2], [http://bugs.clamav.net/], [clamav], [http://www.clamav.net/]) ++AC_INIT([ClamAV], [0.99.2.1], [http://bugs.clamav.net/], [clamav], [http://www.clamav.net/]) + + AH_BOTTOM([#include "platform.h"]) + dnl put configure auxiliary into config +diff --git a/docs/clamdoc.tex b/docs/clamdoc.tex +index 206a1b2..cb996af 100644 +--- a/docs/clamdoc.tex ++++ b/docs/clamdoc.tex +@@ -1,6 +1,6 @@ + % Clam AntiVirus: User Manual + % +-% Copyright (C) 2016 Cisco Systems, Inc. ++% Copyright (C) 2016-2018 Cisco Systems, Inc. + % Copyright (C) 2008-2013 Sourcefire, Inc. + % Copyright (C) 2002 - 2007 Tomasz Kojm <tkojm*clamav.net> + % Version 0.2x corrected by Dennis Leeuw <dleeuw*made-it.com> +@@ -72,7 +72,7 @@ + \vspace{3cm} + \begin{flushright} + \rule[-1ex]{8cm}{3pt}\\ +- \huge Clam AntiVirus 0.99.2\\ ++ \huge Clam AntiVirus 0.99.2.1\\ + \huge \emph{User Manual}\\ + \end{flushright} + +@@ -84,6 +84,7 @@ + \noindent + \begin{boxedminipage}[b]{\textwidth} + ClamAV User Manual, ++87d + \copyright \ 2016 Cisco Systems, Inc. + Authors: Tomasz Kojm\\ + This document is distributed under the terms of the GNU General +@@ -1740,7 +1741,7 @@ Verification OK. + \item Stefano Rizzetto + \item Roaring Penguin Software Inc. (\url{http://www.roaringpenguin.com/}) + \item Luke Rosenthal +- \item Jenny Säfström (\url{http://PokerListings.com}) ++ \item Jenny S�fstr�m (\url{http://PokerListings.com}) + \item School of Engineering, University of Pennsylvania (\url{http://www.seas.upenn.edu/}) + \item Tim Scoff + \item Seattle Server (\url{http://www.seattleserver.com/}) +diff --git a/m4/reorganization/version.m4 b/m4/reorganization/version.m4 +index 4935b45..e3c3dfc 100644 +--- a/m4/reorganization/version.m4 ++++ b/m4/reorganization/version.m4 +@@ -1,6 +1,6 @@ + dnl change this on a release + dnl VERSION="devel-`date +%Y%m%d`" +-VERSION="0.99.2" ++VERSION="0.99.2.1" + + LC_CURRENT=8 + LC_REVISION=1 diff -Nru clamav-0.99.2+dfsg/debian/rules clamav-0.99.2+dfsg/debian/rules --- clamav-0.99.2+dfsg/debian/rules 2016-05-19 18:40:20.000000000 +0200 +++ clamav-0.99.2+dfsg/debian/rules 2018-01-27 01:28:11.000000000 +0100 @@ -94,7 +94,7 @@ fi;\ done; \ # Check if for library features whih may get upgrade. - if ! grep -q "CL_FLEVEL 82" libclamav/others.h ; then \ + if ! grep -q "CL_FLEVEL 84" libclamav/others.h ; then \ echo "cl_retflevel needs boosting in symbol file"; \ touch debian/exit; \ fi;