commit a6146ec8bb59c4438eeb96785fd78209dfb6e6cf · tjh.dev/nixpkgs

tjh.dev / nixpkgs

Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)

clamav: 0.99.3 -> 0.99.4 for multiple CVEs

Fixes CVE-2012-6706, CVE-2017-6419, CVE-2017-11423, CVE-2018-0202,
CVE-2018-1000085.

(cherry picked from commit 5050d056566e5a8fdf94b9262ff37c66d123c3f3)

Franz Pletz 8 years ago a6146ec8 96c97c51

+2 -53

2 changed files

expand all

unified split

pkgs

tools

security

clamav

default.nix

fd-leak.patch

+2 -4

pkgs/tools/security/clamav/default.nix

··· 4 4 5 5 stdenv.mkDerivation rec { 6 6 name = "clamav-${version}"; 7 - version = "0.99.3"; 7 + version = "0.99.4"; 8 8 9 9 src = fetchurl { 10 10 url = "https://www.clamav.net/downloads/production/${name}.tar.gz"; 11 - sha256 = "114f7qk3h0klgm0zzn2394n5spcn91vjc9mq6m03l2p0ls955yh0"; 11 + sha256 = "0q94iwi729id9pyc72w6zlllbaz37qvpi6gc51g2x3fy7ckw6anp"; 12 12 }; 13 13 14 14 # don't install sample config files into the absolute sysconfdir folder ··· 20 20 buildInputs = [ 21 21 zlib bzip2 libxml2 openssl ncurses curl libiconv libmilter pcre 22 22 ]; 23 - 24 - patches = [ ./fd-leak.patch ]; 25 23 26 24 configureFlags = [ 27 25 "--sysconfdir=/etc/clamav"

-49

pkgs/tools/security/clamav/fd-leak.patch

··· 1 - --- a/libclamav/scanners.c 2018-01-26 16:59:00.820231425 +0100 2 - +++ b/libclamav/scanners.c 2018-01-26 17:39:07.523633805 +0100 3 - @@ -1366,12 +1366,14 @@ 4 - 5 - if ((ret = cli_ac_initdata(&tmdata, troot?troot->ac_partsigs:0, troot?troot->ac_lsigs:0, troot?troot->ac_reloff_num:0, CLI_DEFAULT_AC_TRACKLEN))) { 6 - free(tmpname); 7 - + free(normalized); 8 - return ret; 9 - } 10 - 11 - if ((ret = cli_ac_initdata(&gmdata, groot->ac_partsigs, groot->ac_lsigs, groot->ac_reloff_num, CLI_DEFAULT_AC_TRACKLEN))) { 12 - cli_ac_freedata(&tmdata); 13 - free(tmpname); 14 - + free(normalized); 15 - return ret; 16 - } 17 - 18 - @@ -1390,6 +1392,7 @@ 19 - cli_errmsg("cli_scanscript: can't write to file %s\n",tmpname); 20 - close(ofd); 21 - free(tmpname); 22 - + free(normalized); 23 - return CL_EWRITE; 24 - } 25 - text_normalize_reset(&state); 26 - @@ -1424,6 +1427,8 @@ 27 - if (ret) { 28 - cli_ac_freedata(&tmdata); 29 - free(tmpname); 30 - + free(normalized); 31 - + close(ofd); 32 - return ret; 33 - } 34 - } 35 - @@ -1466,11 +1471,9 @@ 36 - 37 - } 38 - 39 - - if(ctx->engine->keeptmp) { 40 - - free(tmpname); 41 - - if (ofd >= 0) 42 - - close(ofd); 43 - - } 44 - + if (ofd >= 0) 45 - + close(ofd); 46 - + free(tmpname); 47 - free(normalized); 48 - 49 - if(ret != CL_VIRUS || SCAN_ALL) {