diff options
author | Vladimír Čunát <vcunat@gmail.com> | 2018-01-27 09:14:22 +0100 |
---|---|---|
committer | Vladimír Čunát <vcunat@gmail.com> | 2018-01-27 09:14:22 +0100 |
commit | 2d2dbe083f0df9dbde5643234cb2b067653739fa (patch) | |
tree | 66195da25376f3bb7bed16d469d85fcaffe0f13b /pkgs/tools/security | |
parent | ef60e411455c9d7ef16069df63daf2c9fbd66ec6 (diff) | |
parent | 9c95eb828ab6cc7b022197f68e1e0a8ce4241d89 (diff) | |
download | nixlib-2d2dbe083f0df9dbde5643234cb2b067653739fa.tar nixlib-2d2dbe083f0df9dbde5643234cb2b067653739fa.tar.gz nixlib-2d2dbe083f0df9dbde5643234cb2b067653739fa.tar.bz2 nixlib-2d2dbe083f0df9dbde5643234cb2b067653739fa.tar.lz nixlib-2d2dbe083f0df9dbde5643234cb2b067653739fa.tar.xz nixlib-2d2dbe083f0df9dbde5643234cb2b067653739fa.tar.zst nixlib-2d2dbe083f0df9dbde5643234cb2b067653739fa.zip |
Merge branch 'master' into staging
Hydra: ?compare=1429281
Diffstat (limited to 'pkgs/tools/security')
-rw-r--r-- | pkgs/tools/security/clamav/default.nix | 29 | ||||
-rw-r--r-- | pkgs/tools/security/clamav/fd-leak.patch | 49 |
2 files changed, 59 insertions, 19 deletions
diff --git a/pkgs/tools/security/clamav/default.nix b/pkgs/tools/security/clamav/default.nix index 506d6fc3fce8..976c58eb1e32 100644 --- a/pkgs/tools/security/clamav/default.nix +++ b/pkgs/tools/security/clamav/default.nix @@ -1,44 +1,35 @@ -{ stdenv, fetchurl, fetchpatch, zlib, bzip2, libiconv, libxml2, openssl, ncurses, curl -, libmilter, pcre }: +{ stdenv, fetchurl, fetchpatch, pkgconfig +, zlib, bzip2, libiconv, libxml2, openssl, ncurses, curl, libmilter, pcre +}: stdenv.mkDerivation rec { name = "clamav-${version}"; - version = "0.99.2"; + version = "0.99.3"; src = fetchurl { url = "https://www.clamav.net/downloads/production/${name}.tar.gz"; - sha256 = "0yh2q318bnmf2152g2h1yvzgqbswn0wvbzb8p4kf7v057shxcyqn"; + sha256 = "114f7qk3h0klgm0zzn2394n5spcn91vjc9mq6m03l2p0ls955yh0"; }; - patches = [ - (fetchpatch { - name = "CVE-2017-6420.patch"; - url = "https://github.com/vrtadmin/clamav-devel/commit/dfc00cd3301a42b571454b51a6102eecf58407bc.patch"; - sha256 = "08w3p3a4pmi0cmcmyxkagsbn3g0jgx1jqlc34pn141x0qzrlqr60"; - }) - ]; - # don't install sample config files into the absolute sysconfdir folder postPatch = '' substituteInPlace Makefile.in --replace ' etc ' ' ' ''; + nativeBuildInputs = [ pkgconfig ]; buildInputs = [ zlib bzip2 libxml2 openssl ncurses curl libiconv libmilter pcre ]; + patches = [ ./fd-leak.patch ]; + configureFlags = [ "--sysconfdir=/etc/clamav" - "--with-zlib=${zlib.dev}" - "--disable-zlib-vcheck" # it fails to recognize that 1.2.10 >= 1.2.2 "--disable-llvm" # enabling breaks the build at the moment - "--with-libbz2-prefix=${bzip2.dev}" - "--with-iconv-dir=${libiconv}" + "--with-zlib=${zlib.dev}" "--with-xml=${libxml2.dev}" "--with-openssl=${openssl.dev}" - "--with-libncurses-prefix=${ncurses.dev}" "--with-libcurl=${curl.dev}" - "--with-pcre=${pcre.dev}" "--enable-milter" ]; @@ -51,7 +42,7 @@ stdenv.mkDerivation rec { homepage = http://www.clamav.net; description = "Antivirus engine designed for detecting Trojans, viruses, malware and other malicious threats"; license = licenses.gpl2; - maintainers = with maintainers; [ phreedom robberer qknight ]; + maintainers = with maintainers; [ phreedom robberer qknight fpletz ]; platforms = platforms.linux; }; } diff --git a/pkgs/tools/security/clamav/fd-leak.patch b/pkgs/tools/security/clamav/fd-leak.patch new file mode 100644 index 000000000000..2c147901e446 --- /dev/null +++ b/pkgs/tools/security/clamav/fd-leak.patch @@ -0,0 +1,49 @@ +--- a/libclamav/scanners.c 2018-01-26 16:59:00.820231425 +0100 ++++ b/libclamav/scanners.c 2018-01-26 17:39:07.523633805 +0100 +@@ -1366,12 +1366,14 @@ + + if ((ret = cli_ac_initdata(&tmdata, troot?troot->ac_partsigs:0, troot?troot->ac_lsigs:0, troot?troot->ac_reloff_num:0, CLI_DEFAULT_AC_TRACKLEN))) { + free(tmpname); ++ free(normalized); + return ret; + } + + if ((ret = cli_ac_initdata(&gmdata, groot->ac_partsigs, groot->ac_lsigs, groot->ac_reloff_num, CLI_DEFAULT_AC_TRACKLEN))) { + cli_ac_freedata(&tmdata); + free(tmpname); ++ free(normalized); + return ret; + } + +@@ -1390,6 +1392,7 @@ + cli_errmsg("cli_scanscript: can't write to file %s\n",tmpname); + close(ofd); + free(tmpname); ++ free(normalized); + return CL_EWRITE; + } + text_normalize_reset(&state); +@@ -1424,6 +1427,8 @@ + if (ret) { + cli_ac_freedata(&tmdata); + free(tmpname); ++ free(normalized); ++ close(ofd); + return ret; + } + } +@@ -1466,11 +1471,9 @@ + + } + +- if(ctx->engine->keeptmp) { +- free(tmpname); +- if (ofd >= 0) +- close(ofd); +- } ++ if (ofd >= 0) ++ close(ofd); ++ free(tmpname); + free(normalized); + + if(ret != CL_VIRUS || SCAN_ALL) { |