From 9e5aaab242cc1dd2270c5958f324cccb68dd6fd7 Mon Sep 17 00:00:00 2001 From: sthen Date: Sun, 14 Sep 2008 15:00:43 +0000 Subject: [PATCH] SECURITY and other bug fixes. - A vulnerability in ClamAV's chm-parser allowed remote attackers to cause a denial of service (application crash) via a malformed CHM file (CVE-2008-1389). - A vulnerability in libclamav would allow attackers to cause a denial of service via vectors related to an out-of-memory condition (CVE-2008-3912). - Multiple memory leaks were found in ClamAV that could possibly allow attackers to cause a denial of service via excessive memory consumption (CVE-2008-3913). - A number of unspecified vulnerabilities in ClamAV were reported that have an unknown impact and attack vectors related to file descriptor leaks (CVE-2008-3914). various OpenBSD patches rolled in upstream. thanks to sturm@ for looking over systrace.filter (needed for the test of sendmsg() in configure to enable FD passing). --- security/clamav/Makefile | 14 +++--- security/clamav/distinfo | 10 ++-- .../patch-clamav_milter-clamav_milter_c | 8 +-- .../clamav/patches/patch-clamd_Makefile_in | 10 ++-- security/clamav/patches/patch-clamd_clamd_c | 22 --------- security/clamav/patches/patch-clamd_scanner_c | 49 ------------------- security/clamav/patches/patch-clamd_scanner_h | 12 ----- security/clamav/patches/patch-clamd_session_c | 45 ----------------- security/clamav/patches/patch-clamd_session_h | 11 ----- .../clamav/patches/patch-clamdscan_client_c | 33 ------------- security/clamav/patches/patch-configure | 34 ------------- .../clamav/patches/patch-database_Makefile_in | 17 ++++--- security/clamav/patches/patch-etc-clamd_conf | 6 +-- security/clamav/patches/patch-etc_Makefile_in | 8 +-- .../patches/patch-libclamav_Makefile_in | 8 +-- security/clamav/patches/patch-libclamav_str_c | 19 ++----- security/clamav/systrace.filter | 3 ++ 17 files changed, 49 insertions(+), 260 deletions(-) delete mode 100644 security/clamav/patches/patch-clamd_clamd_c delete mode 100644 security/clamav/patches/patch-clamd_scanner_c delete mode 100644 security/clamav/patches/patch-clamd_scanner_h delete mode 100644 security/clamav/patches/patch-clamd_session_c delete mode 100644 security/clamav/patches/patch-clamd_session_h delete mode 100644 security/clamav/patches/patch-clamdscan_client_c delete mode 100644 security/clamav/patches/patch-configure create mode 100644 security/clamav/systrace.filter diff --git a/security/clamav/Makefile b/security/clamav/Makefile index e7d22fe8176..9839cae0d35 100644 --- a/security/clamav/Makefile +++ b/security/clamav/Makefile @@ -1,11 +1,11 @@ -# $OpenBSD: Makefile,v 1.38 2008/07/08 22:38:12 sthen Exp $ +# $OpenBSD: Makefile,v 1.39 2008/09/14 15:00:43 sthen Exp $ COMMENT= virus scanner -DISTNAME= clamav-0.93.3 +DISTNAME= clamav-0.94 CATEGORIES= security -SHARED_LIBS= clamav 8.0 \ - clamunrar 0.0 \ - clamunrar_iface 0.0 +SHARED_LIBS= clamav 9.0 \ + clamunrar 1.0 \ + clamunrar_iface 1.0 HOMEPAGE= http://www.clamav.net/ @@ -19,6 +19,8 @@ PERMIT_DISTFILES_FTP= Yes WANTLIB= c milter pthread wrap z +BUILD_DEPENDS= ::devel/check + LIB_DEPENDS= gmp.>=6::devel/gmp \ bz2.>=10::archivers/bzip2 \ iconv.>=4::converters/libiconv @@ -45,7 +47,7 @@ CONFIGURE_ARGS+= --disable-clamav \ --disable-cr \ --with-dbdir=/var/db/clamav -NO_REGRESS= Yes +REGRESS_TARGET= check CONFIGURE_ENV+= LDFLAGS="-pthread -L/usr/lib -L../libclamav/.libs -L${LOCALBASE}/lib" \ CPPFLAGS="-I/usr/include -I${LOCALBASE}/include" diff --git a/security/clamav/distinfo b/security/clamav/distinfo index eaaa5e7c57f..273c404c36b 100644 --- a/security/clamav/distinfo +++ b/security/clamav/distinfo @@ -1,5 +1,5 @@ -MD5 (clamav-0.93.3.tar.gz) = Bth/vs4GLlwGYe4HcDIIyQ== -RMD160 (clamav-0.93.3.tar.gz) = g3kUh5DMVFyAFwnUa324djT0P2c= -SHA1 (clamav-0.93.3.tar.gz) = ASQGE7Y5FE+o+mVYJfZYfgRKHBw= -SHA256 (clamav-0.93.3.tar.gz) = eqmHlmcd/j21og4lZpQExORGHSpsd941Lt+Z8smJ5QA= -SIZE (clamav-0.93.3.tar.gz) = 18242568 +MD5 (clamav-0.94.tar.gz) = 0/bV//LbgZUEkXSRZqsP+g== +RMD160 (clamav-0.94.tar.gz) = WYVht2seTuFBIDiLobvcrFrHv+U= +SHA1 (clamav-0.94.tar.gz) = 1poMRirD71Uyk4T44TbZt7wbjsU= +SHA256 (clamav-0.94.tar.gz) = rhiMGJNuqRVOtqhepVPCn0NJ7j6VRXBV+uX+G5ga9gI= +SIZE (clamav-0.94.tar.gz) = 20509228 diff --git a/security/clamav/patches/patch-clamav_milter-clamav_milter_c b/security/clamav/patches/patch-clamav_milter-clamav_milter_c index 4e8155cbff6..620a5b1c5fb 100644 --- a/security/clamav/patches/patch-clamav_milter-clamav_milter_c +++ b/security/clamav/patches/patch-clamav_milter-clamav_milter_c @@ -1,6 +1,6 @@ ---- clamav-milter/clamav-milter.c.orig Tue May 27 04:40:29 2008 -+++ clamav-milter/clamav-milter.c Thu Jun 12 17:31:16 2008 -@@ -1134,7 +1134,7 @@ main(int argc, char **argv) +--- clamav-milter/clamav-milter.c.orig Mon Sep 1 18:19:44 2008 ++++ clamav-milter/clamav-milter.c Fri Sep 5 02:32:34 2008 +@@ -1201,7 +1201,7 @@ main(int argc, char **argv) * uid == 0 for that */ on = 1; @@ -9,7 +9,7 @@ perror("setsockopt"); return EX_UNAVAILABLE; } -@@ -1157,7 +1157,7 @@ main(int argc, char **argv) +@@ -1224,7 +1224,7 @@ main(int argc, char **argv) memset(&ifr, '\0', sizeof(struct ifreq)); strncpy(ifr.ifr_name, iface, sizeof(ifr.ifr_name) - 1); ifr.ifr_name[sizeof(ifr.ifr_name)-1]='\0'; diff --git a/security/clamav/patches/patch-clamd_Makefile_in b/security/clamav/patches/patch-clamd_Makefile_in index e82add013de..197b05d9c72 100644 --- a/security/clamav/patches/patch-clamd_Makefile_in +++ b/security/clamav/patches/patch-clamd_Makefile_in @@ -1,10 +1,10 @@ -$OpenBSD: patch-clamd_Makefile_in,v 1.7 2008/04/16 19:46:01 mbalmer Exp $ ---- clamd/Makefile.in.orig Wed Apr 9 17:55:29 2008 -+++ clamd/Makefile.in Mon Apr 14 18:44:26 2008 -@@ -144,7 +144,9 @@ INSTALL_DATA = @INSTALL_DATA@ - INSTALL_PROGRAM = @INSTALL_PROGRAM@ +$OpenBSD: patch-clamd_Makefile_in,v 1.8 2008/09/14 15:00:43 sthen Exp $ +--- clamd/Makefile.in.orig Mon Sep 1 19:49:47 2008 ++++ clamd/Makefile.in Fri Sep 5 02:34:08 2008 +@@ -152,7 +152,9 @@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ + LCOV = @LCOV@ -LDFLAGS = @LDFLAGS@ +# Do not generate "LDFLAGS = -L/usr/local/lib" to build on systems that have +# have an older libclamav installed. diff --git a/security/clamav/patches/patch-clamd_clamd_c b/security/clamav/patches/patch-clamd_clamd_c deleted file mode 100644 index 11e348c9f13..00000000000 --- a/security/clamav/patches/patch-clamd_clamd_c +++ /dev/null @@ -1,22 +0,0 @@ -$OpenBSD: patch-clamd_clamd_c,v 1.1 2008/04/16 19:46:01 mbalmer Exp $ ---- clamd/clamd.c.orig Thu Mar 6 19:41:03 2008 -+++ clamd/clamd.c Mon Apr 14 21:54:34 2008 -@@ -374,12 +374,18 @@ int main(int argc, char **argv) - - /* fork into background */ - if(!cfgopt(copt, "Foreground")->enabled) { -+ for (ret = 0; ret < nlsockets; ret++) -+ fcntl(lsockets[ret], F_SETFL, fcntl(lsockets[ret], F_GETFL) -+ | O_NONBLOCK); - if(daemonize() == -1) { - logg("!daemonize() failed\n"); - logg_close(); - freecfg(copt); - return 1; - } -+ for (ret = 0; ret < nlsockets; ret++) -+ fcntl(lsockets[ret], F_SETFL, fcntl(lsockets[ret], F_GETFL) -+ & ~O_NONBLOCK); - if(!debug_mode) - if(chdir("/") == -1) - logg("^Can't change current working directory to root\n"); diff --git a/security/clamav/patches/patch-clamd_scanner_c b/security/clamav/patches/patch-clamd_scanner_c deleted file mode 100644 index 486492d725b..00000000000 --- a/security/clamav/patches/patch-clamd_scanner_c +++ /dev/null @@ -1,49 +0,0 @@ -$OpenBSD: patch-clamd_scanner_c,v 1.1 2008/04/16 19:46:01 mbalmer Exp $ ---- clamd/scanner.c.orig Thu Mar 6 19:41:03 2008 -+++ clamd/scanner.c Mon Apr 14 19:13:26 2008 -@@ -373,6 +373,45 @@ int scan(const char *filename, unsigned long int *scan - return ret; - } - -+/* -+ * This function was readded by mbalmer@openbsd.org. That is the reason -+ * why it is so nicely formatted. -+ */ -+int scanfd(const int fd, unsigned long int *scanned, -+ const struct cl_engine *engine, const struct cl_limits *limits, -+ unsigned int options, const struct cfgstruct *copt, int odesc) -+{ -+ int ret; -+ const char *virname; -+ struct stat statbuf; -+ char fdstr[32]; -+ -+ -+ if(fstat(fd, &statbuf) == -1) -+ return -1; -+ -+ if(!S_ISREG(statbuf.st_mode)) -+ return -1; -+ -+ snprintf(fdstr, sizeof(fdstr), "fd[%d]", fd); -+ -+ ret = cl_scandesc(fd, &virname, scanned, engine, limits, options); -+ -+ if(ret == CL_VIRUS) { -+ mdprintf(odesc, "%s: %s FOUND\n", fdstr, virname); -+ logg("%s: %s FOUND\n", fdstr, virname); -+ virusaction(fdstr, virname, copt); -+ } else if(ret != CL_CLEAN) { -+ mdprintf(odesc, "%s: %s ERROR\n", fdstr, cl_strerror(ret)); -+ logg("%s: %s ERROR\n", fdstr, cl_strerror(ret)); -+ } else { -+ mdprintf(odesc, "%s: OK\n", fdstr); -+ if(logok) -+ logg("%s: OK\n", fdstr); -+ } -+ return ret; -+} -+ - int scanstream(int odesc, unsigned long int *scanned, const struct cl_engine *engine, const struct cl_limits *limits, unsigned int options, const struct cfgstruct *copt) - { - int ret, sockfd, acceptd; diff --git a/security/clamav/patches/patch-clamd_scanner_h b/security/clamav/patches/patch-clamd_scanner_h deleted file mode 100644 index fb4c90a2766..00000000000 --- a/security/clamav/patches/patch-clamd_scanner_h +++ /dev/null @@ -1,12 +0,0 @@ -$OpenBSD: patch-clamd_scanner_h,v 1.1 2008/04/16 19:46:01 mbalmer Exp $ ---- clamd/scanner.h.orig Mon Apr 14 18:58:39 2008 -+++ clamd/scanner.h Mon Apr 14 18:59:33 2008 -@@ -28,6 +28,8 @@ - - int scan(const char *filename, unsigned long int *scanned, const struct cl_engine *engine, const struct cl_limits *limits, unsigned int options, const struct cfgstruct *copt, int odesc, unsigned int type); - -+int scanfd(const int fd, unsigned long int *scanned, const struct cl_engine *engine, const struct cl_limits *limits, unsigned int options, const struct cfgstruct *copt, int odesc); -+ - int scanstream(int odesc, unsigned long int *scanned, const struct cl_engine *engine, const struct cl_limits *limits, unsigned int options, const struct cfgstruct *copt); - - #endif diff --git a/security/clamav/patches/patch-clamd_session_c b/security/clamav/patches/patch-clamd_session_c deleted file mode 100644 index 452c2552565..00000000000 --- a/security/clamav/patches/patch-clamd_session_c +++ /dev/null @@ -1,45 +0,0 @@ -$OpenBSD: patch-clamd_session_c,v 1.5 2008/04/16 19:46:01 mbalmer Exp $ ---- clamd/session.c.orig Wed Apr 2 22:53:44 2008 -+++ clamd/session.c Mon Apr 14 18:41:12 2008 -@@ -58,8 +58,10 @@ int command(int desc, const struct cl_engine *engine, - { - char buff[1025]; - int bread, opt; -+ struct msghdr msg; -+ struct cmsghdr *cmsg; -+ unsigned char buf[CMSG_SPACE(sizeof(int))]; - -- - bread = readsock(desc, buff, sizeof(buff)-1, '\n', timeout, 0, 1); - if(bread == -2) /* timeout */ - return -2; -@@ -140,6 +142,29 @@ int command(int desc, const struct cl_engine *engine, - if(cfgopt(copt, "ExitOnOOM")->enabled) - return COMMAND_SHUTDOWN; - -+ } else if(!strncmp(buff, CMD14, strlen(CMD14))) { /* FILDES */ -+ memset(&msg, 0, sizeof(msg)); -+ msg.msg_control = buf; -+ msg.msg_controllen = sizeof(buf); -+ -+ if (recvmsg(desc, &msg, 0) == -1) { -+ logg("recvmsg failed!"); -+ return -1; -+ } -+ if ((msg.msg_flags & MSG_TRUNC) || (msg.msg_flags & MSG_CTRUNC)) { -+ logg("control message truncated"); -+ return -1; -+ } -+ for (cmsg = CMSG_FIRSTHDR(&msg); cmsg != NULL; -+ cmsg = CMSG_NXTHDR(&msg, cmsg)) { -+ if (cmsg->cmsg_len == CMSG_LEN(sizeof(int)) && -+ cmsg->cmsg_level == SOL_SOCKET && -+ cmsg->cmsg_type == SCM_RIGHTS) { -+ int fd = *(int *)CMSG_DATA(cmsg); -+ scanfd(fd, NULL, engine, limits, options, copt, desc); -+ close(fd); -+ } -+ } - } else { - mdprintf(desc, "UNKNOWN COMMAND\n"); - } diff --git a/security/clamav/patches/patch-clamd_session_h b/security/clamav/patches/patch-clamd_session_h deleted file mode 100644 index 39772f2a4d0..00000000000 --- a/security/clamav/patches/patch-clamd_session_h +++ /dev/null @@ -1,11 +0,0 @@ -$OpenBSD: patch-clamd_session_h,v 1.4 2008/04/16 19:46:01 mbalmer Exp $ ---- clamd/session.h.orig Wed Apr 2 22:53:44 2008 -+++ clamd/session.h Mon Apr 14 18:41:12 2008 -@@ -37,6 +37,7 @@ - #define CMD11 "SHUTDOWN" - /* #define CMD12 "FD" */ - #define CMD13 "MULTISCAN" -+#define CMD14 "FILDES" - - #include "libclamav/clamav.h" - #include "shared/cfgparser.h" diff --git a/security/clamav/patches/patch-clamdscan_client_c b/security/clamav/patches/patch-clamdscan_client_c deleted file mode 100644 index 3b515400510..00000000000 --- a/security/clamav/patches/patch-clamdscan_client_c +++ /dev/null @@ -1,33 +0,0 @@ -$OpenBSD: patch-clamdscan_client_c,v 1.9 2008/04/16 19:46:01 mbalmer Exp $ ---- clamdscan/client.c.orig Wed Apr 2 22:17:13 2008 -+++ clamdscan/client.c Mon Apr 14 18:41:12 2008 -@@ -26,6 +26,7 @@ - #include - #include - #include -+#include - #include - #include - #include -@@ -233,18 +234,18 @@ static int dsstream(int sockd, const struct optstruct - static char *abpath(const char *filename) - { - struct stat foo; -- char *fullpath, cwd[200]; -+ char *fullpath, cwd[MAXPATHLEN]; - - if(stat(filename, &foo) == -1) { - logg("^Can't access file %s\n", filename); - perror(filename); - return NULL; - } else { -- fullpath = malloc(200 + strlen(filename) + 10); -+ fullpath = malloc(sizeof(cwd) + strlen(filename) + 10); - #ifdef C_CYGWIN - sprintf(fullpath, "%s", filename); - #else -- if(!getcwd(cwd, 200)) { -+ if(!getcwd(cwd, MAXPATHLEN)) { - logg("^Can't get absolute pathname of current working directory.\n"); - return NULL; - } diff --git a/security/clamav/patches/patch-configure b/security/clamav/patches/patch-configure deleted file mode 100644 index ffe72af621e..00000000000 --- a/security/clamav/patches/patch-configure +++ /dev/null @@ -1,34 +0,0 @@ -$OpenBSD: patch-configure,v 1.13 2008/07/08 22:38:12 sthen Exp $ ---- configure.orig Wed Jun 4 06:16:09 2008 -+++ configure Thu Jun 12 17:30:58 2008 -@@ -16139,11 +16139,9 @@ _ACEOF - ;; - openbsd*) - if test "$have_pthreads" = "yes"; then -- if test "$use_cr" = "no"; then -- THREAD_LIBS="-pthread" -- else -- THREAD_LIBS="-pthread -lc_r" -- fi -+ ADDITIONAL_LIBS="-pthread" -+ CLAMD_LIBS="$CLAMD_LIBS -pthread" -+ CLAMAV_MILTER_LIBS="$CLAMAV_MILTER_LIBS -pthread" - TH_SAFE="-thread-safe" - - cat >>confdefs.h <<\_ACEOF -@@ -17271,6 +17269,7 @@ cat confdefs.h >>conftest.$ac_ext - cat >>conftest.$ac_ext <<_ACEOF - /* end confdefs.h. */ - -+#include - #include - int allow_severity = 0; - int deny_severity = 0; -@@ -17323,6 +17322,7 @@ cat confdefs.h >>conftest.$ac_ext - cat >>conftest.$ac_ext <<_ACEOF - /* end confdefs.h. */ - -+#include - #include - int allow_severity = 0; - int deny_severity = 0; diff --git a/security/clamav/patches/patch-database_Makefile_in b/security/clamav/patches/patch-database_Makefile_in index b43fc7321d4..ec04c02368c 100644 --- a/security/clamav/patches/patch-database_Makefile_in +++ b/security/clamav/patches/patch-database_Makefile_in @@ -1,14 +1,15 @@ -$OpenBSD: patch-database_Makefile_in,v 1.2 2008/04/16 19:46:01 mbalmer Exp $ ---- database/Makefile.in.orig Wed Apr 9 17:55:29 2008 -+++ database/Makefile.in Tue Apr 15 09:45:45 2008 -@@ -362,20 +362,7 @@ uninstall-am: +$OpenBSD: patch-database_Makefile_in,v 1.3 2008/09/14 15:00:43 sthen Exp $ +--- database/Makefile.in.orig Mon Sep 1 19:49:47 2008 ++++ database/Makefile.in Fri Sep 5 02:47:25 2008 +@@ -371,21 +371,7 @@ uninstall-am: install-data-local: -- $(mkinstalldirs) $(DESTDIR)$(DBINST) -- @test -f $(DESTDIR)$(DBINST)/main.cvd || test -d $(DESTDIR)$(DBINST)/main.inc || $(INSTALL_DATA) $(srcdir)/main.cvd $(DESTDIR)$(DBINST) -- @test -f $(DESTDIR)$(DBINST)/daily.cvd || test -d $(DESTDIR)$(DBINST)/daily.inc || $(INSTALL_DATA) $(srcdir)/daily.cvd $(DESTDIR)$(DBINST) -- @if test `id|sed -e 's/^.[^(]*(\([^)]*\)).*/\1/'` = "root" && test -n "${CLAMAVUSER}" && test -n "${CLAMAVGROUP}"; then \ +- @test -s $(srcdir)/main.cvd -a -s $(srcdir)/daily.cvd || exit 0;\ +- $(mkinstalldirs) $(DESTDIR)$(DBINST);\ +- test -f $(DESTDIR)$(DBINST)/main.cvd || test -f $(DESTDIR)$(DBINST)/main.cld || $(INSTALL_DATA) $(srcdir)/main.cvd $(DESTDIR)$(DBINST);\ +- test -f $(DESTDIR)$(DBINST)/daily.cvd || test -f $(DESTDIR)$(DBINST)/daily.cld || $(INSTALL_DATA) $(srcdir)/daily.cvd $(DESTDIR)$(DBINST);\ +- if test `id|sed -e 's/^.[^(]*(\([^)]*\)).*/\1/'` = "root" && test -n "${CLAMAVUSER}" && test -n "${CLAMAVGROUP}"; then \ - chmod 775 $(DESTDIR)$(DBINST); \ - chown ${CLAMAVUSER} $(DESTDIR)$(DBINST); \ - chgrp ${CLAMAVGROUP} $(DESTDIR)$(DBINST); \ diff --git a/security/clamav/patches/patch-etc-clamd_conf b/security/clamav/patches/patch-etc-clamd_conf index 4658f122f24..7e7e581271b 100644 --- a/security/clamav/patches/patch-etc-clamd_conf +++ b/security/clamav/patches/patch-etc-clamd_conf @@ -1,5 +1,5 @@ ---- etc/clamd.conf.orig Tue Aug 21 00:56:19 2007 -+++ etc/clamd.conf Mon Sep 17 23:09:29 2007 +--- etc/clamd.conf.orig Tue Sep 2 12:59:05 2008 ++++ etc/clamd.conf Fri Sep 5 02:32:34 2008 @@ -11,7 +11,7 @@ Example # LogFile must be writable for the user running daemon. # A full path is required. @@ -18,7 +18,7 @@ # The daemon works in a local OR a network mode. Due to security reasons we # recommend the local mode. -@@ -141,7 +141,7 @@ LocalSocket /tmp/clamd.socket +@@ -147,7 +147,7 @@ LocalSocket /tmp/clamd.socket # Run as another user (clamd must be started by root for this option to work) # Default: don't drop privileges diff --git a/security/clamav/patches/patch-etc_Makefile_in b/security/clamav/patches/patch-etc_Makefile_in index 60b06648fa4..5410fb0c155 100644 --- a/security/clamav/patches/patch-etc_Makefile_in +++ b/security/clamav/patches/patch-etc_Makefile_in @@ -1,7 +1,7 @@ -$OpenBSD: patch-etc_Makefile_in,v 1.2 2008/04/16 19:46:01 mbalmer Exp $ ---- etc/Makefile.in.orig Wed Apr 9 17:55:29 2008 -+++ etc/Makefile.in Tue Apr 15 09:45:06 2008 -@@ -361,11 +361,7 @@ uninstall-am: +$OpenBSD: patch-etc_Makefile_in,v 1.3 2008/09/14 15:00:43 sthen Exp $ +--- etc/Makefile.in.orig Mon Sep 1 19:49:47 2008 ++++ etc/Makefile.in Fri Sep 5 02:32:34 2008 +@@ -370,11 +370,7 @@ uninstall-am: install-data-local: diff --git a/security/clamav/patches/patch-libclamav_Makefile_in b/security/clamav/patches/patch-libclamav_Makefile_in index 7adbbdf3460..685723e8052 100644 --- a/security/clamav/patches/patch-libclamav_Makefile_in +++ b/security/clamav/patches/patch-libclamav_Makefile_in @@ -1,7 +1,7 @@ -$OpenBSD: patch-libclamav_Makefile_in,v 1.7 2008/07/08 22:38:12 sthen Exp $ ---- libclamav/Makefile.in.orig Mon May 12 09:48:31 2008 -+++ libclamav/Makefile.in Thu Jun 12 17:31:46 2008 -@@ -265,7 +265,7 @@ SUBDIRS = lzma . +$OpenBSD: patch-libclamav_Makefile_in,v 1.8 2008/09/14 15:00:43 sthen Exp $ +--- libclamav/Makefile.in.orig Mon Sep 1 18:19:50 2008 ++++ libclamav/Makefile.in Fri Sep 5 02:32:34 2008 +@@ -275,7 +275,7 @@ SUBDIRS = lzma . AM_CPPFLAGS = -I$(top_srcdir) -I@srcdir@/nsis -I@srcdir@/lzma @ENABLE_UNRAR_FALSE@libclamav_la_LIBADD = lzma/liblzma.la @LIBCLAMAV_LIBS@ @THREAD_LIBS@ @ENABLE_UNRAR_TRUE@libclamav_la_LIBADD = $(top_builddir)/libclamunrar_iface/libclamunrar_iface.la lzma/liblzma.la @LIBCLAMAV_LIBS@ @THREAD_LIBS@ diff --git a/security/clamav/patches/patch-libclamav_str_c b/security/clamav/patches/patch-libclamav_str_c index cd9170ca66b..372bd7dc3b8 100644 --- a/security/clamav/patches/patch-libclamav_str_c +++ b/security/clamav/patches/patch-libclamav_str_c @@ -1,18 +1,7 @@ -$OpenBSD: patch-libclamav_str_c,v 1.3 2007/08/25 10:08:28 mbalmer Exp $ ---- libclamav/str.c.orig Sat Apr 28 19:28:23 2007 -+++ libclamav/str.c Sat Aug 25 09:35:06 2007 -@@ -123,8 +123,8 @@ uint16_t *cli_hex2ui(const char *hex) - - char *cli_hex2str(const char *hex) - { -- char *str, *ptr, val, c; -- int i, len; -+ char *str, *ptr, val; -+ int c, i, len; - - - len = strlen(hex); -@@ -142,9 +142,9 @@ char *cli_hex2str(const char *hex) +$OpenBSD: patch-libclamav_str_c,v 1.4 2008/09/14 15:00:43 sthen Exp $ +--- libclamav/str.c.orig Sat Aug 16 18:18:08 2008 ++++ libclamav/str.c Fri Sep 5 02:32:34 2008 +@@ -149,9 +149,9 @@ char *cli_hex2str(const char *hex) for(i = 0; i < len; i += 2) { if((c = cli_hex2int(hex[i])) >= 0) { diff --git a/security/clamav/systrace.filter b/security/clamav/systrace.filter new file mode 100644 index 00000000000..0bc81f9168f --- /dev/null +++ b/security/clamav/systrace.filter @@ -0,0 +1,3 @@ +# $OpenBSD: systrace.filter,v 1.1 2008/09/14 15:00:43 sthen Exp $ +# fdpass check in configure script (from m4/fdpassing.m4) uses this +native-sendmsg: sockaddr eq "" then permit