diff options
| author | Franz Pletz <fpletz@fnordicwalking.de> | 2018-03-13 19:55:22 +0100 |
|---|---|---|
| committer | Franz Pletz <fpletz@fnordicwalking.de> | 2018-03-22 01:05:29 +0100 |
| commit | 5050d056566e5a8fdf94b9262ff37c66d123c3f3 (patch) | |
| tree | 893b5232daa5cfd6ff449d583b1504ed78c8806d /pkgs/tools/security/clamav | |
| parent | 1497815543b7689645d433866f4d60ebbab4e918 (diff) | |
clamav: 0.99.3 -> 0.99.4 for multiple CVEs
Fixes CVE-2012-6706, CVE-2017-6419, CVE-2017-11423, CVE-2018-0202,
CVE-2018-1000085.
Diffstat (limited to 'pkgs/tools/security/clamav')
| -rw-r--r-- | pkgs/tools/security/clamav/default.nix | 6 | ||||
| -rw-r--r-- | pkgs/tools/security/clamav/fd-leak.patch | 49 |
2 files changed, 2 insertions, 53 deletions
diff --git a/pkgs/tools/security/clamav/default.nix b/pkgs/tools/security/clamav/default.nix index 976c58eb1e32..8c12e4e30c3e 100644 --- a/pkgs/tools/security/clamav/default.nix +++ b/pkgs/tools/security/clamav/default.nix @@ -4,11 +4,11 @@ stdenv.mkDerivation rec { name = "clamav-${version}"; - version = "0.99.3"; + version = "0.99.4"; src = fetchurl { url = "https://www.clamav.net/downloads/production/${name}.tar.gz"; - sha256 = "114f7qk3h0klgm0zzn2394n5spcn91vjc9mq6m03l2p0ls955yh0"; + sha256 = "0q94iwi729id9pyc72w6zlllbaz37qvpi6gc51g2x3fy7ckw6anp"; }; # don't install sample config files into the absolute sysconfdir folder @@ -21,8 +21,6 @@ stdenv.mkDerivation rec { zlib bzip2 libxml2 openssl ncurses curl libiconv libmilter pcre ]; - patches = [ ./fd-leak.patch ]; - configureFlags = [ "--sysconfdir=/etc/clamav" "--disable-llvm" # enabling breaks the build at the moment diff --git a/pkgs/tools/security/clamav/fd-leak.patch b/pkgs/tools/security/clamav/fd-leak.patch deleted file mode 100644 index 2c147901e446..000000000000 --- a/pkgs/tools/security/clamav/fd-leak.patch +++ /dev/null @@ -1,49 +0,0 @@ ---- a/libclamav/scanners.c 2018-01-26 16:59:00.820231425 +0100 -+++ b/libclamav/scanners.c 2018-01-26 17:39:07.523633805 +0100 -@@ -1366,12 +1366,14 @@ - - if ((ret = cli_ac_initdata(&tmdata, troot?troot->ac_partsigs:0, troot?troot->ac_lsigs:0, troot?troot->ac_reloff_num:0, CLI_DEFAULT_AC_TRACKLEN))) { - free(tmpname); -+ free(normalized); - return ret; - } - - if ((ret = cli_ac_initdata(&gmdata, groot->ac_partsigs, groot->ac_lsigs, groot->ac_reloff_num, CLI_DEFAULT_AC_TRACKLEN))) { - cli_ac_freedata(&tmdata); - free(tmpname); -+ free(normalized); - return ret; - } - -@@ -1390,6 +1392,7 @@ - cli_errmsg("cli_scanscript: can't write to file %s\n",tmpname); - close(ofd); - free(tmpname); -+ free(normalized); - return CL_EWRITE; - } - text_normalize_reset(&state); -@@ -1424,6 +1427,8 @@ - if (ret) { - cli_ac_freedata(&tmdata); - free(tmpname); -+ free(normalized); -+ close(ofd); - return ret; - } - } -@@ -1466,11 +1471,9 @@ - - } - -- if(ctx->engine->keeptmp) { -- free(tmpname); -- if (ofd >= 0) -- close(ofd); -- } -+ if (ofd >= 0) -+ close(ofd); -+ free(tmpname); - free(normalized); - - if(ret != CL_VIRUS || SCAN_ALL) { |