rpms/clamav/devel clamav-0.88.1-strncpy.patch, NONE, 1.1 clamav-0.88.1-guys, please-read-the-compiler-warnings-before-doing-a-release.patch, NONE, 1.1 clamav.spec, 1.33, 1.34

[Enrico Scholz (ensc)]

Author: ensc

Update of /cvs/extras/rpms/clamav/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv26208/devel

Modified Files:
	clamav.spec 
Added Files:
	clamav-0.88.1-strncpy.patch 
	clamav-0.88.1-guys,please-read-the-compiler-warnings-before-doing-a-release.patch 
Log Message:
- added patch which fixes some classes of compiler warnings; at least
  the using of implicitly declared functions was reported to cause
  segfaults on AMD64 (brought to my attention by Marc Perkel)
- added patch which fixes wrong usage of strncpy(3) in unrarlib.c


clamav-0.88.1-strncpy.patch:

--- NEW FILE clamav-0.88.1-strncpy.patch ---
2006-04-24  Enrico Scholz <enrico.scholz at informatik.tu-chemnitz.de>

	* libclamav/unrarlib.c/stricomp(): terminate the string copied
	  with strncpy() explicitly with '\0'. Does not seem to be
	  exploitable at the moment due to deeply buried constraints
	  (function will be called for buffers with a static size of
	  260 only).

	  But it is better to fix it now than to run into problems
	  when function is used for other purposes.

--- clamav-0.88.1/libclamav/unrarlib.c.strncpy	2005-06-23 22:03:12.000000000 +0200
+++ clamav-0.88.1/libclamav/unrarlib.c	2006-04-24 23:10:07.000000000 +0200
@@ -1180,8 +1180,10 @@ int stricomp(char *Str1,char *Str2)
   char S1[512],S2[512];
   char *chptr;
 
-  strncpy(S1,Str1,sizeof(S1));
-  strncpy(S2,Str2,sizeof(S2));
+  strncpy(S1,Str1,sizeof(S1));
+  strncpy(S2,Str2,sizeof(S2));
+  S1[sizeof(S1)-1] = '\0';
+  S2[sizeof(S2)-1] = '\0';
 
   while((chptr = strchr(S1, '\\')) != NULL) /* ignore backslash             */
   {

***** Not enough context to create diffstat for file: clamav-0.88.1-guys,please-read-the-compiler-warnings-before-doing-a-release.patch,NONE,1.1
***** Not enough context to create diff for file: clamav-0.88.1-guys,please-read-the-compiler-warnings-before-doing-a-release.patch,NONE,1.1

Index: clamav.spec
===================================================================
RCS file: /cvs/extras/rpms/clamav/devel/clamav.spec,v
retrieving revision 1.33
retrieving revision 1.34
diff -u -r1.33 -r1.34
--- clamav.spec	6 Apr 2006 16:50:58 -0000	1.33
+++ clamav.spec	24 Apr 2006 22:05:44 -0000	1.34
@@ -22,7 +22,7 @@
 Summary:	End-user tools for the Clam Antivirus scanner
 Name:		clamav
 Version:	0.88.1
-Release:	%release_func 1
+Release:	%release_func 2
 
 License:	GPL
 Group:		Applications/File
@@ -36,6 +36,8 @@
 Source6:	clamav-update.logrotate
 Source7:	clamd.SERVICE.init
 Source8:	clamav-notify-servers
+Patch0:		clamav-0.88.1-guys,please-read-the-compiler-warnings-before-doing-a-release.patch
+Patch1:		clamav-0.88.1-strncpy.patch
 Patch20:	clamav-0.70-user.patch
 Patch21:	clamav-0.70-path.patch
 Patch22:	clamav-0.80-initoff.patch
@@ -162,6 +164,9 @@
 
 %prep
 %setup -q
+%patch0  -p1 -b '.guys,please-read-the-compiler-warnings-before-doing-a-release.patch'
+%patch1  -p1 -b .strncpy
+
 %patch20 -p1 -b .user
 %patch21 -p1 -b .path
 %patch22 -p1 -b .initoff
@@ -186,6 +191,7 @@
 ## See https://bugzilla.redhat.com/beta/show_bug.cgi?id=131385 and
 ## http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0797
 ## also
+CFLAGS="$RPM_OPT_FLAGS -Wall -W -W -Wmissing-prototypes -Wmissing-declarations -std=gnu99"
 %configure --disable-clamav --with-dbdir=/var/lib/clamav \
            --disable-zlib-vcheck \
 	   %{!?_without_milter:--enable-milter}
@@ -426,6 +432,12 @@
 %endif	# _without_milter
 
 %changelog
+* Mon Apr 24 2006 Enrico Scholz <enrico.scholz at informatik.tu-chemnitz.de> - 0.88.1-2
+- added patch which fixes some classes of compiler warnings; at least
+  the using of implicitly declared functions was reported to cause
+  segfaults on AMD64 (brought to my attention by Marc Perkel)
+- added patch which fixes wrong usage of strncpy(3) in unrarlib.c
+
 * Thu Apr 06 2006 Enrico Scholz <enrico.scholz at informatik.tu-chemnitz.de> - 0.88.1-1
 - updated to 0.88.1 (SECURITY)