Fix possible directory traversal.

(Portage version: 2.0.51.22-r1)
author: Andrej Kacian <ticho@gentoo.org> 2005-06-13 18:55:15 +0000
committer: Andrej Kacian <ticho@gentoo.org> 2005-06-13 18:55:15 +0000
commit: ef4a409e600497bc68d3535247ea02a153138421 (patch)
tree: 5eeeca80c9c13df0b53a27ba85aedae2d1d20bcd /app-antivirus
parent: Stable on sparc (diff)
download: gentoo-2-ef4a409e600497bc68d3535247ea02a153138421.tar.gz
gentoo-2-ef4a409e600497bc68d3535247ea02a153138421.tar.bz2
gentoo-2-ef4a409e600497bc68d3535247ea02a153138421.zip
5 files changed, 161 insertions, 12 deletions
diff --git a/app-antivirus/clamav/ChangeLog b/app-antivirus/clamav/ChangeLog
index 3bc7cfdce32d..533daded4f78 100644
--- a/app-antivirus/clamav/ChangeLog
+++ b/app-antivirus/clamav/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for app-antivirus/clamav
 # Copyright 2002-2005 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-antivirus/clamav/ChangeLog,v 1.76 2005/06/08 20:37:28 killerfox Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-antivirus/clamav/ChangeLog,v 1.77 2005/06/13 18:55:15 ticho Exp $
+
+*clamav-0.85.1-r2 (13 Jun 2005)
+
+  13 Jun 2005; Andrej Kacian <ticho@gentoo.org>
+  +files/clamav-0.85.1-cvd-dir-traversal-fix.patch,
+  +clamav-0.85.1-r2.ebuild:
+  Revision bump - patch to fix a possible directory traversal.
 
   08 Jun 2005; Rene Nussbaumer <killerfox@gentoo.org>
   clamav-0.85.1-r1.ebuild:
diff --git a/app-antivirus/clamav/Manifest b/app-antivirus/clamav/Manifest
index cafcd42d1ad2..aae9d23b1f9e 100644
--- a/app-antivirus/clamav/Manifest
+++ b/app-antivirus/clamav/Manifest
@@ -1,18 +1,21 @@
-MD5 4e0064ed51ae277d6777f3d2b8ff16d8 ChangeLog 15611
-MD5 6ea55388f51845c2f815589dfed047a4 clamav-0.83.ebuild 2332
+MD5 34a649543043b4506c5ecdca94ddad41 clamav-0.85.ebuild 2314
+MD5 fe7f78ce31272715f3c85e51525dd49c clamav-0.85.1-r2.ebuild 3584
 MD5 bf2cf15ce5fddd93fffa28e8b0a3f50f clamav-0.84.ebuild 2314
 MD5 3fb0f6da7a5672ab890d9ac74f7e7046 clamav-0.85.1-r1.ebuild 3574
-MD5 7e32edfd72887a57b16ecd73f0f7a1a0 metadata.xml 184
-MD5 34a649543043b4506c5ecdca94ddad41 clamav-0.85.ebuild 2314
 MD5 921a56174bc3634808df37537d77ea1d clamav-0.85.1.ebuild 3326
 MD5 689c7676f16b3126b2c3f9271f7c2a1e clamav-0.85-r1.ebuild 3290
-MD5 1b3268d3723e003ad99bf706e6bf4312 files/clamd.rc 1444
-MD5 08f7b320461c04bbb88555e389c2e544 files/clamav-milter.README.gentoo 1124
-MD5 0bd0d31062475433335752e126830799 files/digest-clamav-0.85 64
+MD5 4e0064ed51ae277d6777f3d2b8ff16d8 ChangeLog 15611
+MD5 7e32edfd72887a57b16ecd73f0f7a1a0 metadata.xml 184
+MD5 6ea55388f51845c2f815589dfed047a4 clamav-0.83.ebuild 2332
 MD5 0bd0d31062475433335752e126830799 files/digest-clamav-0.85-r1 64
-MD5 e29ee77ca9bfe28ed18dbf67a9c90e75 files/clamd.conf 193
-MD5 3e9877b8901f604bd65ea89ff18833b6 files/digest-clamav-0.84 64
-MD5 102cc388dbea3446ba249cfc2e80cff3 files/digest-clamav-0.85.1-r1 66
-MD5 f6bf5b894e60e8686cb5a36ba240e1ef files/clamd.rc.new 2032
+MD5 08f7b320461c04bbb88555e389c2e544 files/clamav-milter.README.gentoo 1124
 MD5 102cc388dbea3446ba249cfc2e80cff3 files/digest-clamav-0.85.1 66
 MD5 9bbf2754f8178fd5164875d784aa9ffa files/digest-clamav-0.83 64
+MD5 3e9877b8901f604bd65ea89ff18833b6 files/digest-clamav-0.84 64
+MD5 0bd0d31062475433335752e126830799 files/digest-clamav-0.85 64
+MD5 f6bf5b894e60e8686cb5a36ba240e1ef files/clamd.rc.new 2032
+MD5 102cc388dbea3446ba249cfc2e80cff3 files/digest-clamav-0.85.1-r1 66
+MD5 102cc388dbea3446ba249cfc2e80cff3 files/digest-clamav-0.85.1-r2 66
+MD5 e29ee77ca9bfe28ed18dbf67a9c90e75 files/clamd.conf 193
+MD5 0f08d9b6e822b2210e332df23260bad6 files/clamav-0.85.1-cvd-dir-traversal-fix.patch 564
+MD5 1b3268d3723e003ad99bf706e6bf4312 files/clamd.rc 1444
diff --git a/app-antivirus/clamav/clamav-0.85.1-r2.ebuild b/app-antivirus/clamav/clamav-0.85.1-r2.ebuild
new file mode 100644
index 000000000000..bdfbc4ab6089
--- /dev/null
+++ b/app-antivirus/clamav/clamav-0.85.1-r2.ebuild
@@ -0,0 +1,120 @@
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-antivirus/clamav/clamav-0.85.1-r2.ebuild,v 1.1 2005/06/13 18:55:15 ticho Exp $
+
+inherit eutils flag-o-matic
+
+DESCRIPTION="Clam Anti-Virus Scanner"
+HOMEPAGE="http://www.clamav.net/"
+SRC_URI="mirror://sourceforge/clamav/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86"
+IUSE="crypt milter selinux"
+
+DEPEND="virtual/libc
+	crypt? ( >=dev-libs/gmp-4.1.2 )
+	milter? ( mail-mta/sendmail )
+	>=sys-libs/zlib-1.2.1-r3
+	>=net-misc/curl-7.10.0
+	net-dns/libidn
+	>=sys-apps/sed-4"
+RDEPEND="${DEPEND}
+	selinux? ( sec-policy/selinux-clamav )
+	sys-apps/grep"
+PROVIDE="virtual/antivirus"
+
+pkg_setup() {
+	if use milter; then
+		if [ ! -e /usr/lib/libmilter.a ] ; then
+			ewarn "In order to enable milter support, clamav needs sendmail with enabled milter"
+			ewarn "USE flag. Either recompile sendmail with milter USE flag enabled, or disable"
+			ewarn "this flag for clamav as well to disable milter support."
+			die "need milter-enabled sendmail"
+		fi
+	fi
+	enewgroup clamav
+	enewuser clamav -1 /bin/false /dev/null clamav
+	pwconv || die
+}
+
+src_unpack() {
+	unpack ${A}
+	cd ${S}
+	epatch ${FILESDIR}/${P}-cvd-dir-traversal-fix.patch || die "epatch failed"
+}
+
+src_compile() {
+	has_version =sys-libs/glibc-2.2* && filter-lfs-flags
+
+	local myconf
+
+	# we depend on fixed zlib, so we can disable this check to prevent redundant
+	# warning (bug #61749)
+	myconf="${myconf} --disable-zlib-vcheck"
+	# use id utility instead of /etc/passwd parsing (bug #72540)
+	myconf="${myconf} --enable-id-check"
+	use milter && myconf="${myconf} --enable-milter"
+
+	econf ${myconf} --with-dbdir=/var/lib/clamav || die
+	emake || die
+}
+
+src_install() {
+	make DESTDIR=${D} install || die
+	dodoc AUTHORS BUGS NEWS README ChangeLog FAQ INSTALL
+	newconfd ${FILESDIR}/clamd.conf clamd
+	newinitd ${FILESDIR}/clamd.rc.new clamd
+	dodoc ${FILESDIR}/clamav-milter.README.gentoo
+
+	dodir /var/run/clamav
+	keepdir /var/run/clamav
+	fowners clamav:clamav /var/run/clamav
+	dodir /var/log/clamav
+	keepdir /var/log/clamav
+	fowners clamav:clamav /var/log/clamav
+
+	# Change /etc/clamd.conf to be usable out of the box
+	sed -i -e "s:^\(Example\):\# \1:" \
+		-e "s:.*\(PidFile\) .*:\1 /var/run/clamav/clamd.pid:" \
+		-e "s:.*\(LocalSocket\) .*:\1 /var/run/clamav/clamd.sock:" \
+		-e "s:.*\(User\) .*:\1 clamav:" \
+		-e "s:^\#\(LogFile\) .*:\1 /var/log/clamav/clamd.log:" \
+		-e "s:^\#\(LogTime\).*:\1:" \
+		${D}/etc/clamd.conf
+
+	# Do the same for /etc/freshclam.conf
+	sed -i -e "s:^\(Example\):\# \1:" \
+		-e "s:.*\(PidFile\) .*:\1 /var/run/clamav/freshclam.pid:" \
+		-e "s:.*\(DatabaseOwner\) .*:\1 clamav:" \
+		-e "s:^\#\(LogFile\) .*:\1 /var/log/freshclam.log:" \
+		-e "s:^\#\(LogTime\).*:\1:" \
+		${D}/etc/freshclam.conf
+
+	if use milter ; then
+		echo "START_MILTER=no" \
+			>> ${D}/etc/conf.d/clamd
+		echo "MILTER_SOCKET=\"/var/run/clamav/clmilter.sock\"" \
+			>>${D}/etc/conf.d/clamd
+		echo "MILTER_OPTS=\"-m 10\"" \
+			>>${D}/etc/conf.d/clamd
+	fi
+}
+
+pkg_postinst() {
+	echo
+	ewarn "As of 0.85-r1, all settings from /etc/conf.d/clamd are ignored, except for"
+	ewarn "START_CLAMD, START_FRESHCLAM and MILTER related options. All settings are"
+	ewarn "read from /etc/clamd.conf and /etc/freshclam.conf, so double-check these two files."
+	echo
+	ewarn "Warning: clamd and/or freshclam have not been restarted."
+	ewarn "You should restart them with: /etc/init.d/clamd restart"
+	echo
+	if use milter ; then
+		einfo "For simple instructions howto setup the clamav-milter..."
+		einfo ""
+		einfo "zless /usr/share/doc/${PF}/clamav-milter.README.gentoo.gz"
+		echo
+	fi
+}
diff --git a/app-antivirus/clamav/files/clamav-0.85.1-cvd-dir-traversal-fix.patch b/app-antivirus/clamav/files/clamav-0.85.1-cvd-dir-traversal-fix.patch
new file mode 100644
index 000000000000..fd4c1ed26490
--- /dev/null
+++ b/app-antivirus/clamav/files/clamav-0.85.1-cvd-dir-traversal-fix.patch
@@ -0,0 +1,18 @@
+diff -bur clamav-0.85.1/libclamav/cvd.c clamav-0.85.1-fixed/libclamav/cvd.c
+--- clamav-0.85.1/libclamav/cvd.c	2005-05-11 03:43:10.000000000 +0200
++++ clamav-0.85.1-fixed/libclamav/cvd.c	2005-06-13 20:07:34.000000000 +0200
+@@ -77,6 +77,14 @@
+ 
+ 	    strncpy(name, block, 100);
+ 	    name[100] = '\0';
++
++	    if(strchr(name, '/')) {
++		    cli_errmsg("Slash separators are not allowed in CVD.\n");
++		    free(fullname);
++		    gzclose(infile);
++		    return -1;
++	    }
++
+ 	    strcpy(fullname, destdir);
+ 	    strcat(fullname, "/");
+ 	    strcat(fullname, name);
diff --git a/app-antivirus/clamav/files/digest-clamav-0.85.1-r2 b/app-antivirus/clamav/files/digest-clamav-0.85.1-r2
new file mode 100644
index 000000000000..56f3267da58d
--- /dev/null
+++ b/app-antivirus/clamav/files/digest-clamav-0.85.1-r2
@@ -0,0 +1 @@
+MD5 b0675c3273785d61eefc1afa304745c0 clamav-0.85.1.tar.gz 4061042
author	Andrej Kacian <ticho@gentoo.org>	2005-06-13 18:55:15 +0000
committer	Andrej Kacian <ticho@gentoo.org>	2005-06-13 18:55:15 +0000
commit	ef4a409e600497bc68d3535247ea02a153138421 (patch)
tree	5eeeca80c9c13df0b53a27ba85aedae2d1d20bcd /app-antivirus
parent	Stable on sparc (diff)
download	gentoo-2-ef4a409e600497bc68d3535247ea02a153138421.tar.gz gentoo-2-ef4a409e600497bc68d3535247ea02a153138421.tar.bz2 gentoo-2-ef4a409e600497bc68d3535247ea02a153138421.zip