lp://staging/ubuntu/jaunty-security/clamav

Created by James Westby and last modified
Get this branch:
bzr branch lp://staging/ubuntu/jaunty-security/clamav
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Development

Recent revisions

67. By Jamie Strandboge

* SECURITY UPDATE: fix integer overflow in BZ2_decompress()
  - libclamav/nsis/bzlib.c: return error if N is larger than 2*1024^2 which
    keeps us from overflowing but leaves enough room for the 900k maximum
    value of the RUNA/RUNB encoding
  - patch based on upstream bzip2
  - CVE-2010-0405

66. By Jamie Strandboge

* SECURITY UPDATE: fix crash via heap overflow when processing malformed
  PDF file
  - libclamav/pdf.c: make sure enough space is allocated for tmpbuf in
    cli_pdf()
  - https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2016
  - clamav git f0eb394501ec21b9fe67f36cbf5db788711d4236

65. By Jamie Strandboge

* SECURITY UPDATE: (LP: #553266)
* References clamav bugs #1771 and #1826
* libclamav/mspack.c: fix Quantum decompressor (bb#1771)
  - clamav git 224fee54dd6cd8933d7007331ec2bfca0398d4b4
* libclamav/mspack.c: improve unpacking of malformed cabinets (bb#1826)
  - clamav git 31b77b3fb589ab07e7b4d84f8b3825178864ee51
* based on work by Scott Kitterman

64. By Imre Gergely

* SECURITY UPDATE: clamav-milter.init changes current directory owner
  to user 'clamav' when run, potentially breaking ssh chroots, user's
  home directories (LP: #365823)
  - debian/clamav-milter.init: fixed pidfile chown on startup from Debian
    clamav git repo
  - debian/clamav-milter.postinst.in: added cleanup code to search for
    and restore clamav-owned directories to root and remove rogue /none
    file (LP: #363796, #363804)

63. By Scott Kitterman

[ Scott Kitterman ]
* Merge from debian unstable, remaining changes (LP: #361762):
  - Drop build-dep on electric-fence (in Universe) and run make test on all
    archs since arch specific test failures with electric-fence are not a
    problem
  - Add apparmor profiles for clamd and freshclam along with maintainer
    script changes
* Update suggested version of apparmor to 2.3+1289 due to use of deny in the
  freshclam apparmor profile
* Cherrypick addition clamav-milter init fixes from pkg-clamav git repo

[ Imre Gergely ]
* fix freshclam apparmor profile for clamtk (LP: #359301)

62. By Scott Kitterman

[ Scott Kitterman ]
* New upstream bugfix release
  - libclamav/others.h: harden CLI_ISCONTAINED macro (bb#1552)
  - libclamav/phishcheck.c: fix possible crash in cli_url_canon() (bb#1553)
  - Signficant clamav-milter bug fixes
  - Other fixes throughout
* Drop ArchiveLimitMemoryUsage option from clamav-base.postinst.in (option
  removed upstream)
* Add CommandReadTimeout, SendBufTimeout, and MaxQueue to
  clamav-base.postinst.in
* Add SkipAuthenticated to clamav-milter.postinst.in
* Drop unrar and lha from clamav Suggests since external unpackers are not
  supported since 0.94

[ Jamie Strandboge ]
* fix freshclam apparmor profile for klamav (LP: #359301)

61. By Scott Kitterman

* Merge from debian unstable, remaining changes (LP: #354015):
  - Drop build-dep on electric-fence (in Universe) and run make test on all
    archs since arch specific test failures with electric-fence are not a
    problem
  - Add apparmor profiles for clamd and freshclam along with maintainer
    script changes
* Update apparmor profile to allow access to usr-tmp for klamav
  (LP: #310737)
* Update apparmor profile to not log samba related denails (LP: #346397)
* Move apparmor from recommends to suggests - we don't want to cause it to
  be installed if it has been removed

60. By Scott Kitterman

Update apparmor profile in debian/usr.bin/freshclam to allow freshclam to
update virus signatures in user home directories (LP: #312695)

59. By Scott Kitterman

Update apparmor profile in debian/usr.sbin.clamd to allow log file locking

58. By Scott Kitterman

* Merge from debian unstable, remaining changes:
  - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6 for
    clamav-daemon and clamav-freshclam
  - add debian/usr.bin.freshclam and debian/usr.sbin.clamd
  - debian/clamav-(daemon|freshclam).dirs: add etc/apparmor.d/force-complain
  - debian/clamav-(daemon|freshclam).install: install profiles
  - debian/clamav-(daemon|freshclam).preinst: create symlink for
    force-complain/ on pre-feisty upgrades, upgrades where apparmor-profiles
    profile is unchanged (ie non-enforcing) and upgrades where the profile
    doesn't exist.
  - debian/clamav-(daemon|freshclam).postrm: remove symlink in
    force-complain/ on purge.
  - debian/clamav-(daemon|freshclam).postinst.in: reload apparmor
  - update README.Debian with note on Apparmor
* Enable upstream test suite in debian/rules
  - Not adding valgrind yet due to test failures

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp://staging/ubuntu/natty/clamav
This branch contains Public information 
Everyone can see this information.

Subscribers