clamav: 0.99.3 -> 0.99.4 for multiple CVEs

Fixes CVE-2012-6706, CVE-2017-6419, CVE-2017-11423, CVE-2018-0202, CVE-2018-1000085.
2018-03-13 19:55:22 +01:00 · 2018-03-13 19:55:22 +01:00 · 5050d05656
commit 5050d05656
parent 1497815543
2 changed files with 2 additions and 53 deletions
--- a/pkgs/tools/security/clamav/default.nix
+++ b/pkgs/tools/security/clamav/default.nix
@ -4,11 +4,11 @@

 stdenv.mkDerivation rec {
  name = "clamav-${version}";
-  version = "0.99.3";
+  version = "0.99.4";

  src = fetchurl {
    url = "https://www.clamav.net/downloads/production/${name}.tar.gz";
-    sha256 = "114f7qk3h0klgm0zzn2394n5spcn91vjc9mq6m03l2p0ls955yh0";
+    sha256 = "0q94iwi729id9pyc72w6zlllbaz37qvpi6gc51g2x3fy7ckw6anp";
  };

  # don't install sample config files into the absolute sysconfdir folder
@ -21,8 +21,6 @@ stdenv.mkDerivation rec {
    zlib bzip2 libxml2 openssl ncurses curl libiconv libmilter pcre
  ];

-  patches = [ ./fd-leak.patch ];
-
  configureFlags = [
    "--sysconfdir=/etc/clamav"
    "--disable-llvm" # enabling breaks the build at the moment
--- a/pkgs/tools/security/clamav/fd-leak.patch
+++ b/pkgs/tools/security/clamav/fd-leak.patch
@ -1,49 +0,0 @@
--- a/libclamav/scanners.c	2018-01-26 16:59:00.820231425 +0100
-+++ b/libclamav/scanners.c	2018-01-26 17:39:07.523633805 +0100
-@@ -1366,12 +1366,14 @@
- 
- 	if ((ret = cli_ac_initdata(&tmdata, troot?troot->ac_partsigs:0, troot?troot->ac_lsigs:0, troot?troot->ac_reloff_num:0, CLI_DEFAULT_AC_TRACKLEN))) {
- 		free(tmpname);
-+		free(normalized);
- 		return ret;
- 	}
- 
- 	if ((ret = cli_ac_initdata(&gmdata, groot->ac_partsigs, groot->ac_lsigs, groot->ac_reloff_num, CLI_DEFAULT_AC_TRACKLEN))) {
- 		cli_ac_freedata(&tmdata);
- 		free(tmpname);
-+		free(normalized);
- 		return ret;
- 	}
- 
-@@ -1390,6 +1392,7 @@
- 				cli_errmsg("cli_scanscript: can't write to file %s\n",tmpname);
- 				close(ofd);
- 				free(tmpname);
-+				free(normalized);
- 				return CL_EWRITE;
- 			}
- 			text_normalize_reset(&state);
-@@ -1424,6 +1427,8 @@
- 			if (ret) {
- 				cli_ac_freedata(&tmdata);
- 				free(tmpname);
-+				free(normalized);
-+				close(ofd);
- 				return ret;
- 			}
- 		}
-@@ -1466,11 +1471,9 @@
- 
- 	}
- 
-	if(ctx->engine->keeptmp) {
-		free(tmpname);
-		if (ofd >= 0)
-			close(ofd);
-	}
-+	if (ofd >= 0)
-+		close(ofd);
-+	free(tmpname);
- 	free(normalized);
- 
- 	if(ret != CL_VIRUS || SCAN_ALL)  {