SECURITY and other bug fixes.

- A vulnerability in ClamAV's chm-parser allowed remote attackers to
cause a denial of service (application crash) via a malformed CHM file
(CVE-2008-1389).

- A vulnerability in libclamav would allow attackers to cause a
denial of service via vectors related to an out-of-memory condition
(CVE-2008-3912).

- Multiple memory leaks were found in ClamAV that could possibly allow
attackers to cause a denial of service via excessive memory consumption
(CVE-2008-3913).

- A number of unspecified vulnerabilities in ClamAV were reported that
have an unknown impact and attack vectors related to file descriptor
leaks (CVE-2008-3914).

various OpenBSD patches rolled in upstream. thanks to sturm@
for looking over systrace.filter (needed for the test of sendmsg()
in configure to enable FD passing).

security/clamav/Makefile

@@ -1,11 +1,11 @@
-# $OpenBSD: Makefile,v 1.38 2008/07/08 22:38:12 sthen Exp $
+# $OpenBSD: Makefile,v 1.39 2008/09/14 15:00:43 sthen Exp $
 
 COMMENT=		virus scanner
-DISTNAME=		clamav-0.93.3
+DISTNAME=		clamav-0.94
 CATEGORIES=		security
-SHARED_LIBS=		clamav 8.0 \
+SHARED_LIBS=		clamav 9.0 \
-			clamunrar 0.0 \
+			clamunrar 1.0 \
-			clamunrar_iface 0.0
+			clamunrar_iface 1.0
 
 HOMEPAGE=		http://www.clamav.net/
 
@@ -19,6 +19,8 @@ PERMIT_DISTFILES_FTP=	Yes
 
 WANTLIB=		c milter pthread wrap z
 
+BUILD_DEPENDS=		::devel/check
+
 LIB_DEPENDS=		gmp.>=6::devel/gmp \
 			bz2.>=10::archivers/bzip2 \
 			iconv.>=4::converters/libiconv
@@ -45,7 +47,7 @@ CONFIGURE_ARGS+=        --disable-clamav \
                         --disable-cr \
 			--with-dbdir=/var/db/clamav
 
-NO_REGRESS=		Yes
+REGRESS_TARGET=		check
 
 CONFIGURE_ENV+=		LDFLAGS="-pthread -L/usr/lib -L../libclamav/.libs -L${LOCALBASE}/lib" \
 			CPPFLAGS="-I/usr/include -I${LOCALBASE}/include"

security/clamav/distinfo

@@ -1,5 +1,5 @@
-MD5 (clamav-0.93.3.tar.gz) = Bth/vs4GLlwGYe4HcDIIyQ==
+MD5 (clamav-0.94.tar.gz) = 0/bV//LbgZUEkXSRZqsP+g==
-RMD160 (clamav-0.93.3.tar.gz) = g3kUh5DMVFyAFwnUa324djT0P2c=
+RMD160 (clamav-0.94.tar.gz) = WYVht2seTuFBIDiLobvcrFrHv+U=
-SHA1 (clamav-0.93.3.tar.gz) = ASQGE7Y5FE+o+mVYJfZYfgRKHBw=
+SHA1 (clamav-0.94.tar.gz) = 1poMRirD71Uyk4T44TbZt7wbjsU=
-SHA256 (clamav-0.93.3.tar.gz) = eqmHlmcd/j21og4lZpQExORGHSpsd941Lt+Z8smJ5QA=
+SHA256 (clamav-0.94.tar.gz) = rhiMGJNuqRVOtqhepVPCn0NJ7j6VRXBV+uX+G5ga9gI=
-SIZE (clamav-0.93.3.tar.gz) = 18242568
+SIZE (clamav-0.94.tar.gz) = 20509228

security/clamav/patches/patch-clamav_milter-clamav_milter_c

@@ -1,6 +1,6 @@
---- clamav-milter/clamav-milter.c.orig	Tue May 27 04:40:29 2008
+--- clamav-milter/clamav-milter.c.orig	Mon Sep  1 18:19:44 2008
-+++ clamav-milter/clamav-milter.c	Thu Jun 12 17:31:16 2008
++++ clamav-milter/clamav-milter.c	Fri Sep  5 02:32:34 2008
-@@ -1134,7 +1134,7 @@ main(int argc, char **argv)
+@@ -1201,7 +1201,7 @@ main(int argc, char **argv)
  		 * uid == 0 for that
  		 */
  		on = 1;
@@ -9,7 +9,7 @@
  			perror("setsockopt");
  			return EX_UNAVAILABLE;
  		}
-@@ -1157,7 +1157,7 @@ main(int argc, char **argv)
+@@ -1224,7 +1224,7 @@ main(int argc, char **argv)
  			memset(&ifr, '\0', sizeof(struct ifreq));
  			strncpy(ifr.ifr_name, iface, sizeof(ifr.ifr_name) - 1);
  			ifr.ifr_name[sizeof(ifr.ifr_name)-1]='\0';

security/clamav/patches/patch-clamd_Makefile_in

@@ -1,10 +1,10 @@
-$OpenBSD: patch-clamd_Makefile_in,v 1.7 2008/04/16 19:46:01 mbalmer Exp $
+$OpenBSD: patch-clamd_Makefile_in,v 1.8 2008/09/14 15:00:43 sthen Exp $
---- clamd/Makefile.in.orig	Wed Apr  9 17:55:29 2008
+--- clamd/Makefile.in.orig	Mon Sep  1 19:49:47 2008
-+++ clamd/Makefile.in	Mon Apr 14 18:44:26 2008
++++ clamd/Makefile.in	Fri Sep  5 02:34:08 2008
-@@ -144,7 +144,9 @@ INSTALL_DATA = @INSTALL_DATA@
+@@ -152,7 +152,9 @@ INSTALL_PROGRAM = @INSTALL_PROGRAM@
- INSTALL_PROGRAM = @INSTALL_PROGRAM@
  INSTALL_SCRIPT = @INSTALL_SCRIPT@
  INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+ LCOV = @LCOV@
 -LDFLAGS = @LDFLAGS@
 +# Do not generate "LDFLAGS = -L/usr/local/lib" to build on systems that have
 +# have an older libclamav installed.

security/clamav/patches/patch-clamd_clamd_c

@@ -1,22 +0,0 @@
-$OpenBSD: patch-clamd_clamd_c,v 1.1 2008/04/16 19:46:01 mbalmer Exp $
---- clamd/clamd.c.orig	Thu Mar  6 19:41:03 2008
-+++ clamd/clamd.c	Mon Apr 14 21:54:34 2008
-@@ -374,12 +374,18 @@ int main(int argc, char **argv)
- 
-     /* fork into background */
-     if(!cfgopt(copt, "Foreground")->enabled) {
-+	for (ret = 0; ret < nlsockets; ret++)
-+		fcntl(lsockets[ret], F_SETFL, fcntl(lsockets[ret], F_GETFL)
-+		    | O_NONBLOCK);
- 	if(daemonize() == -1) {
- 	    logg("!daemonize() failed\n");
- 	    logg_close();
- 	    freecfg(copt);
- 	    return 1;
- 	}
-+	for (ret = 0; ret < nlsockets; ret++)
-+		fcntl(lsockets[ret], F_SETFL, fcntl(lsockets[ret], F_GETFL)
-+		    & ~O_NONBLOCK);
- 	if(!debug_mode)
- 	    if(chdir("/") == -1)
- 		logg("^Can't change current working directory to root\n");

security/clamav/patches/patch-clamd_scanner_c

@@ -1,49 +0,0 @@
-$OpenBSD: patch-clamd_scanner_c,v 1.1 2008/04/16 19:46:01 mbalmer Exp $
---- clamd/scanner.c.orig	Thu Mar  6 19:41:03 2008
-+++ clamd/scanner.c	Mon Apr 14 19:13:26 2008
-@@ -373,6 +373,45 @@ int scan(const char *filename, unsigned long int *scan
-     return ret;
- }
- 
-+/*
-+ * This function was readded by mbalmer@openbsd.org.  That is the reason
-+ * why it is so nicely formatted.
-+ */
-+int scanfd(const int fd, unsigned long int *scanned,
-+    const struct cl_engine *engine, const struct cl_limits *limits,
-+    unsigned int options, const struct cfgstruct *copt, int odesc)  
-+{
-+	int ret;
-+	const char *virname;
-+	struct stat statbuf;
-+	char fdstr[32];
-+
-+
-+	if(fstat(fd, &statbuf) == -1)
-+		return -1;
-+
-+	if(!S_ISREG(statbuf.st_mode))
-+		return -1;
-+
-+	snprintf(fdstr, sizeof(fdstr), "fd[%d]", fd);
-+
-+	ret = cl_scandesc(fd, &virname, scanned, engine, limits, options);
-+
-+	if(ret == CL_VIRUS) {
-+	mdprintf(odesc, "%s: %s FOUND\n", fdstr, virname);
-+		logg("%s: %s FOUND\n", fdstr, virname);
-+		virusaction(fdstr, virname, copt);
-+	} else if(ret != CL_CLEAN) {
-+		mdprintf(odesc, "%s: %s ERROR\n", fdstr, cl_strerror(ret));
-+		logg("%s: %s ERROR\n", fdstr, cl_strerror(ret));
-+	} else {
-+		mdprintf(odesc, "%s: OK\n", fdstr);
-+		if(logok)
-+			logg("%s: OK\n", fdstr);
-+	}
-+	return ret;
-+}
-+
- int scanstream(int odesc, unsigned long int *scanned, const struct cl_engine *engine, const struct cl_limits *limits, unsigned int options, const struct cfgstruct *copt)
- {
- 	int ret, sockfd, acceptd;

security/clamav/patches/patch-clamd_scanner_h

@@ -1,12 +0,0 @@
-$OpenBSD: patch-clamd_scanner_h,v 1.1 2008/04/16 19:46:01 mbalmer Exp $
---- clamd/scanner.h.orig	Mon Apr 14 18:58:39 2008
-+++ clamd/scanner.h	Mon Apr 14 18:59:33 2008
-@@ -28,6 +28,8 @@
- 
- int scan(const char *filename, unsigned long int *scanned, const struct cl_engine *engine, const struct cl_limits *limits, unsigned int options, const struct cfgstruct *copt, int odesc, unsigned int type);
- 
-+int scanfd(const int fd, unsigned long int *scanned, const struct cl_engine *engine, const struct cl_limits *limits, unsigned int options, const struct cfgstruct *copt, int odesc);
-+
- int scanstream(int odesc, unsigned long int *scanned, const struct cl_engine *engine, const struct cl_limits *limits, unsigned int options, const struct cfgstruct *copt);
- 
- #endif

security/clamav/patches/patch-clamd_session_c

@@ -1,45 +0,0 @@
-$OpenBSD: patch-clamd_session_c,v 1.5 2008/04/16 19:46:01 mbalmer Exp $
---- clamd/session.c.orig	Wed Apr  2 22:53:44 2008
-+++ clamd/session.c	Mon Apr 14 18:41:12 2008
-@@ -58,8 +58,10 @@ int command(int desc, const struct cl_engine *engine, 
- {
- 	char buff[1025];
- 	int bread, opt;
-+	struct msghdr msg;
-+	struct cmsghdr *cmsg;
-+	unsigned char buf[CMSG_SPACE(sizeof(int))];
- 
--
-     bread = readsock(desc, buff, sizeof(buff)-1, '\n', timeout, 0, 1);
-     if(bread == -2) /* timeout */
- 	return -2;
-@@ -140,6 +142,29 @@ int command(int desc, const struct cl_engine *engine, 
- 	    if(cfgopt(copt, "ExitOnOOM")->enabled)
- 		return COMMAND_SHUTDOWN;
- 
-+    } else if(!strncmp(buff, CMD14, strlen(CMD14))) { /* FILDES */
-+	memset(&msg, 0, sizeof(msg));
-+	msg.msg_control = buf;
-+	msg.msg_controllen = sizeof(buf);
-+ 
-+	if (recvmsg(desc, &msg, 0) == -1) {
-+	    logg("recvmsg failed!");
-+	    return -1;
-+	}
-+	if ((msg.msg_flags & MSG_TRUNC) || (msg.msg_flags & MSG_CTRUNC)) {
-+	    logg("control message truncated");
-+	    return -1;
-+	}
-+	for (cmsg = CMSG_FIRSTHDR(&msg); cmsg != NULL;
-+	    cmsg = CMSG_NXTHDR(&msg, cmsg)) {
-+		if (cmsg->cmsg_len == CMSG_LEN(sizeof(int)) &&
-+		    cmsg->cmsg_level == SOL_SOCKET &&
-+		    cmsg->cmsg_type == SCM_RIGHTS) {
-+			int fd = *(int *)CMSG_DATA(cmsg);
-+	    		scanfd(fd, NULL, engine, limits, options, copt, desc);
-+			close(fd);
-+		}
-+	}
-     } else {
- 	mdprintf(desc, "UNKNOWN COMMAND\n");
-     }

security/clamav/patches/patch-clamd_session_h

@@ -1,11 +0,0 @@
-$OpenBSD: patch-clamd_session_h,v 1.4 2008/04/16 19:46:01 mbalmer Exp $
---- clamd/session.h.orig	Wed Apr  2 22:53:44 2008
-+++ clamd/session.h	Mon Apr 14 18:41:12 2008
-@@ -37,6 +37,7 @@
- #define CMD11 "SHUTDOWN"
- /* #define CMD12 "FD" */
- #define CMD13 "MULTISCAN"
-+#define CMD14 "FILDES"
- 
- #include "libclamav/clamav.h"
- #include "shared/cfgparser.h"

security/clamav/patches/patch-clamdscan_client_c

@@ -1,33 +0,0 @@
-$OpenBSD: patch-clamdscan_client_c,v 1.9 2008/04/16 19:46:01 mbalmer Exp $
---- clamdscan/client.c.orig	Wed Apr  2 22:17:13 2008
-+++ clamdscan/client.c	Mon Apr 14 18:41:12 2008
-@@ -26,6 +26,7 @@
- #include <sys/types.h>
- #include <sys/stat.h>
- #include <sys/socket.h>
-+#include <sys/param.h>
- #include <sys/un.h>
- #include <netinet/in.h>
- #include <arpa/inet.h>
-@@ -233,18 +234,18 @@ static int dsstream(int sockd, const struct optstruct 
- static char *abpath(const char *filename)
- {
- 	struct stat foo;
--	char *fullpath, cwd[200];
-+	char *fullpath, cwd[MAXPATHLEN];
- 
-     if(stat(filename, &foo) == -1) {
- 	logg("^Can't access file %s\n", filename);
- 	perror(filename);
- 	return NULL;
-     } else {
--	fullpath = malloc(200 + strlen(filename) + 10);
-+	fullpath = malloc(sizeof(cwd) + strlen(filename) + 10);
- #ifdef C_CYGWIN
- 	sprintf(fullpath, "%s", filename);
- #else
--	if(!getcwd(cwd, 200)) {
-+	if(!getcwd(cwd, MAXPATHLEN)) {
- 	    logg("^Can't get absolute pathname of current working directory.\n");
- 	    return NULL;
- 	}

security/clamav/patches/patch-configure

@@ -1,34 +0,0 @@
-$OpenBSD: patch-configure,v 1.13 2008/07/08 22:38:12 sthen Exp $
---- configure.orig	Wed Jun  4 06:16:09 2008
-+++ configure	Thu Jun 12 17:30:58 2008
-@@ -16139,11 +16139,9 @@ _ACEOF
-     ;;
- openbsd*)
-     if test "$have_pthreads" = "yes"; then
--	if test "$use_cr" = "no"; then
--	    THREAD_LIBS="-pthread"
--	else
--	    THREAD_LIBS="-pthread -lc_r"
--	fi
-+	ADDITIONAL_LIBS="-pthread"
-+	CLAMD_LIBS="$CLAMD_LIBS -pthread"
-+	CLAMAV_MILTER_LIBS="$CLAMAV_MILTER_LIBS -pthread"
- 	TH_SAFE="-thread-safe"
- 
- cat >>confdefs.h <<\_ACEOF
-@@ -17271,6 +17269,7 @@ cat confdefs.h >>conftest.$ac_ext
- cat >>conftest.$ac_ext <<_ACEOF
- /* end confdefs.h.  */
- 
-+#include <sys/types.h>
- #include <tcpd.h>
- int allow_severity = 0;
- int deny_severity  = 0;
-@@ -17323,6 +17322,7 @@ cat confdefs.h >>conftest.$ac_ext
- cat >>conftest.$ac_ext <<_ACEOF
- /* end confdefs.h.  */
- 
-+#include <sys/types.h>
- #include <tcpd.h>
- int allow_severity = 0;
- int deny_severity  = 0;

security/clamav/patches/patch-database_Makefile_in

@@ -1,14 +1,15 @@
-$OpenBSD: patch-database_Makefile_in,v 1.2 2008/04/16 19:46:01 mbalmer Exp $
+$OpenBSD: patch-database_Makefile_in,v 1.3 2008/09/14 15:00:43 sthen Exp $
---- database/Makefile.in.orig	Wed Apr  9 17:55:29 2008
+--- database/Makefile.in.orig	Mon Sep  1 19:49:47 2008
-+++ database/Makefile.in	Tue Apr 15 09:45:45 2008
++++ database/Makefile.in	Fri Sep  5 02:47:25 2008
-@@ -362,20 +362,7 @@ uninstall-am:
+@@ -371,21 +371,7 @@ uninstall-am:
  
  
  install-data-local:
--	$(mkinstalldirs) $(DESTDIR)$(DBINST)
+-	@test -s $(srcdir)/main.cvd -a -s $(srcdir)/daily.cvd || exit 0;\
--	@test -f $(DESTDIR)$(DBINST)/main.cvd || test -d $(DESTDIR)$(DBINST)/main.inc || $(INSTALL_DATA) $(srcdir)/main.cvd $(DESTDIR)$(DBINST)
+-	$(mkinstalldirs) $(DESTDIR)$(DBINST);\
--	@test -f $(DESTDIR)$(DBINST)/daily.cvd || test -d $(DESTDIR)$(DBINST)/daily.inc || $(INSTALL_DATA) $(srcdir)/daily.cvd $(DESTDIR)$(DBINST)
+-	test -f $(DESTDIR)$(DBINST)/main.cvd || test -f $(DESTDIR)$(DBINST)/main.cld || $(INSTALL_DATA) $(srcdir)/main.cvd $(DESTDIR)$(DBINST);\
--	@if test `id|sed -e 's/^.[^(]*(\([^)]*\)).*/\1/'` = "root" && test -n "${CLAMAVUSER}" && test -n "${CLAMAVGROUP}"; then \
+-	test -f $(DESTDIR)$(DBINST)/daily.cvd || test -f $(DESTDIR)$(DBINST)/daily.cld || $(INSTALL_DATA) $(srcdir)/daily.cvd $(DESTDIR)$(DBINST);\
+-	if test `id|sed -e 's/^.[^(]*(\([^)]*\)).*/\1/'` = "root" && test -n "${CLAMAVUSER}" && test -n "${CLAMAVGROUP}"; then \
 -	    chmod 775 $(DESTDIR)$(DBINST); \
 -	    chown ${CLAMAVUSER} $(DESTDIR)$(DBINST); \
 -	    chgrp ${CLAMAVGROUP} $(DESTDIR)$(DBINST); \

security/clamav/patches/patch-etc-clamd_conf

@@ -1,5 +1,5 @@
---- etc/clamd.conf.orig	Tue Aug 21 00:56:19 2007
+--- etc/clamd.conf.orig	Tue Sep  2 12:59:05 2008
-+++ etc/clamd.conf	Mon Sep 17 23:09:29 2007
++++ etc/clamd.conf	Fri Sep  5 02:32:34 2008
 @@ -11,7 +11,7 @@ Example
  # LogFile must be writable for the user running daemon.
  # A full path is required.
@@ -18,7 +18,7 @@
  
  # The daemon works in a local OR a network mode. Due to security reasons we
  # recommend the local mode.
-@@ -141,7 +141,7 @@ LocalSocket /tmp/clamd.socket
+@@ -147,7 +147,7 @@ LocalSocket /tmp/clamd.socket
  
  # Run as another user (clamd must be started by root for this option to work)
  # Default: don't drop privileges

security/clamav/patches/patch-etc_Makefile_in

@@ -1,7 +1,7 @@
-$OpenBSD: patch-etc_Makefile_in,v 1.2 2008/04/16 19:46:01 mbalmer Exp $
+$OpenBSD: patch-etc_Makefile_in,v 1.3 2008/09/14 15:00:43 sthen Exp $
---- etc/Makefile.in.orig	Wed Apr  9 17:55:29 2008
+--- etc/Makefile.in.orig	Mon Sep  1 19:49:47 2008
-+++ etc/Makefile.in	Tue Apr 15 09:45:06 2008
++++ etc/Makefile.in	Fri Sep  5 02:32:34 2008
-@@ -361,11 +361,7 @@ uninstall-am:
+@@ -370,11 +370,7 @@ uninstall-am:
  
  
  install-data-local:

security/clamav/patches/patch-libclamav_Makefile_in

@@ -1,7 +1,7 @@
-$OpenBSD: patch-libclamav_Makefile_in,v 1.7 2008/07/08 22:38:12 sthen Exp $
+$OpenBSD: patch-libclamav_Makefile_in,v 1.8 2008/09/14 15:00:43 sthen Exp $
---- libclamav/Makefile.in.orig	Mon May 12 09:48:31 2008
+--- libclamav/Makefile.in.orig	Mon Sep  1 18:19:50 2008
-+++ libclamav/Makefile.in	Thu Jun 12 17:31:46 2008
++++ libclamav/Makefile.in	Fri Sep  5 02:32:34 2008
-@@ -265,7 +265,7 @@ SUBDIRS = lzma .
+@@ -275,7 +275,7 @@ SUBDIRS = lzma .
  AM_CPPFLAGS = -I$(top_srcdir) -I@srcdir@/nsis -I@srcdir@/lzma
  @ENABLE_UNRAR_FALSE@libclamav_la_LIBADD = lzma/liblzma.la @LIBCLAMAV_LIBS@ @THREAD_LIBS@
  @ENABLE_UNRAR_TRUE@libclamav_la_LIBADD = $(top_builddir)/libclamunrar_iface/libclamunrar_iface.la lzma/liblzma.la @LIBCLAMAV_LIBS@ @THREAD_LIBS@

security/clamav/patches/patch-libclamav_str_c

@@ -1,18 +1,7 @@
-$OpenBSD: patch-libclamav_str_c,v 1.3 2007/08/25 10:08:28 mbalmer Exp $
+$OpenBSD: patch-libclamav_str_c,v 1.4 2008/09/14 15:00:43 sthen Exp $
---- libclamav/str.c.orig	Sat Apr 28 19:28:23 2007
+--- libclamav/str.c.orig	Sat Aug 16 18:18:08 2008
-+++ libclamav/str.c	Sat Aug 25 09:35:06 2007
++++ libclamav/str.c	Fri Sep  5 02:32:34 2008
-@@ -123,8 +123,8 @@ uint16_t *cli_hex2ui(const char *hex)
+@@ -149,9 +149,9 @@ char *cli_hex2str(const char *hex)
- 
- char *cli_hex2str(const char *hex)
- {
--	char *str, *ptr, val, c;
--	int i, len;
-+	char *str, *ptr, val;
-+	int c, i, len;
- 
- 
-     len = strlen(hex);
-@@ -142,9 +142,9 @@ char *cli_hex2str(const char *hex)
  
      for(i = 0; i < len; i += 2) {
  	if((c = cli_hex2int(hex[i])) >= 0) {

security/clamav/systrace.filter

@@ -0,0 +1,3 @@
+# $OpenBSD: systrace.filter,v 1.1 2008/09/14 15:00:43 sthen Exp $
+# fdpass check in configure script (from m4/fdpassing.m4) uses this
+native-sendmsg: sockaddr eq "<unknown>" then permit