ClamAV 0.98.6 security update for Lucid

Bug #1420819 reported by chris pollock on 2015-02-11
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
clamav (Ubuntu)
Medium
Steve Beattie

Bug Description

 * Updated to 0.98.6 to fix security issues, including CVE-2014-9328.
  * Removed upstreamed patches:
    - d/p/0002-Add-an-additional-n-after-the-number-in-the-pidfile.patch
    - d/p/0017-Bump-.so-version-number.patch

  * Drop dh_autoreconf from build-depends
  * Remove use of dh_autoreconf from debian/rules
  * Adjust list of no LLVM architectures in debian/rules to include powerpc
    to avoid FTBFS on lucid

chris pollock (cpollock) wrote :
Steve Beattie (sbeattie) wrote :

Thanks, I'm working on this now. I updated the changelog slightly to add a reference to this bug report.

information type: Private Security → Public Security
Changed in clamav (Ubuntu):
status: New → In Progress
importance: Undecided → Medium
assignee: nobody → Steve Beattie (sbeattie)
Steve Beattie (sbeattie) wrote :
Download full text (5.0 KiB)

Hi Chris,

Did you do a test build on powerpc? Even with not using llvm, I got a build failure in the unit tests on powerpc. I'll retry the build as sometimes things can be flaky on the powerpc buildds, but the relevant bits from the log are as follows:

make[3]: Entering directory `/build/buildd/clamav-0.98.6+dfsg/unit_tests'
cp input/clamav.hdb clamav.hdb
  CC check_clamav-check_clamav.o
check_clamav.c: In function 'test_cli_readint16':
check_clamav.c:708: warning: pointer targets in passing argument 1 of 'cli_readint16' differ in signedness
../libclamav/others.h:519: note: expected 'const char *' but argument is of type 'uint8_t *'
check_clamav.c:713: warning: pointer targets in passing argument 1 of 'cli_readint16' differ in signedness
../libclamav/others.h:519: note: expected 'const char *' but argument is of type 'uint8_t *'
check_clamav.c: In function 'test_cli_readint32':
check_clamav.c:725: warning: pointer targets in passing argument 1 of 'cli_readint32' differ in signedness
../libclamav/others.h:509: note: expected 'const char *' but argument is of type 'uint8_t *'
check_clamav.c:730: warning: pointer targets in passing argument 1 of 'cli_readint32' differ in signedness
../libclamav/others.h:509: note: expected 'const char *' but argument is of type 'uint8_t *'
check_clamav.c: In function 'test_cli_writeint32':
check_clamav.c:741: warning: pointer targets in passing argument 1 of 'cli_writeint32' differ in signedness
../libclamav/others.h:527: note: expected 'char *' but argument is of type 'uint8_t *'
check_clamav.c:744: warning: pointer targets in passing argument 1 of 'cli_readint32' differ in signedness
../libclamav/others.h:509: note: expected 'const char *' but argument is of type 'uint8_t *'
check_clamav.c:748: warning: pointer targets in passing argument 1 of 'cli_writeint32' differ in signedness
../libclamav/others.h:527: note: expected 'char *' but argument is of type 'uint8_t *'
check_clamav.c:751: warning: pointer targets in passing argument 1 of 'cli_readint32' differ in signedness
../libclamav/others.h:509: note: expected 'const char *' but argument is of type 'uint8_t *'
  CC check_clamav-check_jsnorm.o
  CC check_clamav-check_str.o
  CC check_clamav-check_regex.o
  CC check_clamav-check_disasm.o
  CC check_clamav-check_uniq.o
  CC check_clamav-check_matchers.o
  CC check_clamav-check_htmlnorm.o
  CC check_clamav-check_bytecode.o
check_bytecode.c: In function 'test_matchwithread_jit':
check_bytecode.c:255: warning: passing argument 1 of 'cli_writeint32' from incompatible pointer type
../libclamav/others.h:527: note: expected 'char *' but argument is of type 'uint32_t *'
check_bytecode.c: In function 'test_matchwithread_int':
check_bytecode.c:278: warning: passing argument 1 of 'cli_writeint32' from incompatible pointer type
../libclamav/others.h:527: note: expected 'char *' but argument is of type 'uint32_t *'
check_bytecode.c: At top level:
check_bytecode.c:463: warning: 'test_retmagic_7_int' defined but not used
  CCLD check_clamav
  CC check_clamd-check_clamd.o
  CCLD check_clamd
  CC check_fpu_endian-check_fpu_endian.o
  CCLD check_fpu_...

Read more...

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package clamav - 0.98.6+dfsg-0ubuntu0.10.04.1

---------------
clamav (0.98.6+dfsg-0ubuntu0.10.04.1) lucid-security; urgency=medium

  [ Marc Deslauriers ]
  * Updated to 0.98.6 to fix security issues, including CVE-2014-9328.
    (LP: #1420819)
  * Removed upstreamed patches:
    - d/p/0002-Add-an-additional-n-after-the-number-in-the-pidfile.patch
    - d/p/0017-Bump-.so-version-number.patch

  [ Chris Pollock ]
  * Drop dh_autoreconf from build-depends
  * Remove use of dh_autoreconf from debian/rules
  * Adjust list of no LLVM architectures in debian/rules to include powerpc
    to avoid FTBFS on lucid

clamav (0.98.5+addedllvm-0ubuntu0.12.04.1) precise-security; urgency=medium

  * Updated to 0.98.5 to fix security issues, including CVE-2013-6497.
  * Removed patches no longer needed:
    - d/p/0002-Sebastian-Andrzej-Siewior.patch
    - d/p/0003-configure-use-pkg-config-for-check-so-test-is-detect.patch
    - d/p/0004-Stop-using-a-cargo-culted-syscall-table-and-trust-th.patch
    - d/p/0005-configure.ac-patches-to-got-with-autoreconf-and-auto.patch
    - d/p/0006-Fix-STAT64-definition-and-add-missing-includes.patch
  * Added patches from vivid to fix FTBFS, .so version and other issues:
    - d/p/0002-Add-an-additional-n-after-the-number-in-the-pidfile.patch
    - d/p/0003-unit_tests-increment-test-timeout-from-40secs-to-5mi.patch
    - d/p/0006-remove-unnecessary-harmful-flags-from-libclamav.pc.patch
    - d/p/0010-hardcode-LLVM-linker-flag-because-llvm-config-return.patch
    - d/p/0017-Bump-.so-version-number.patch
    - d/p/0018-llvm-don-t-use-system-libs.patch
  * debian/clamav-docs.docs: use wildcards, as some docs have changed.
  * debian/clamav-base.postinst.in: added new options.
  * debian/clamav-base.config.in: added new options.
  * debian/clamav-base.templates: added new options.
  * debian/control: added libssl-dev BuildDepends.
  * clamav-testfiles.install: removed rar files.
 -- Chris <email address hidden> Sun, 08 Feb 2015 07:54:07 -0600

Changed in clamav (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers

Bug attachments