rpms/clamav/EL-4 .cvsignore, 1.10, 1.11 Makefile, 1.2, 1.3 clamav.spec, 1.37, 1.38 sources, 1.23, 1.24

[Robert Scheck]

Author: robert

Update of /cvs/pkgs/rpms/clamav/EL-4
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv17831

Modified Files:
	.cvsignore Makefile clamav.spec sources 
Log Message:
- Upgrade to 0.94 (SECURITY), fixes #461461:
- CVE-2008-1389 Invalid memory access in the CHM unpacker
- CVE-2008-3912 Out-of-memory NULL pointer dereference in mbox/msg
- CVE-2008-3913 Memory leak in code path in freshclam's manager.c
- CVE-2008-3914 Multiple file descriptor leaks on the code paths



Index: .cvsignore
===================================================================
RCS file: /cvs/pkgs/rpms/clamav/EL-4/.cvsignore,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- .cvsignore	14 Jul 2008 10:33:58 -0000	1.10
+++ .cvsignore	26 Oct 2008 17:39:38 -0000	1.11
@@ -1 +1 @@
-clamav-0.93.3-norar.tar.bz2
+clamav-0.94-norar.tar.bz2


Index: Makefile
===================================================================
RCS file: /cvs/pkgs/rpms/clamav/EL-4/Makefile,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- Makefile	24 Nov 2004 03:10:01 -0000	1.2
+++ Makefile	26 Oct 2008 17:39:38 -0000	1.3
@@ -19,3 +19,16 @@
 endif
 
 include $(MAKEFILE_COMMON)
+
+
+# can not use final tarball name here as it will conflict with rules
+# within Makefile.common
+TARBALL_CLEAN =	${NAME}-${VERSION}-norar.tar.bz2.tmp
+TARBALL =	${NAME}-${VERSION}.tar.gz
+
+clean-sources:	${TARBALL_CLEAN}
+
+${TARBALL_CLEAN}:	${TARBALL}
+	rm -f $@.tmp
+	zcat $< | tar --delete -f - '*/libclamunrar/*' | bzip2 -c > $@.tmp
+	mv $@.tmp $@


Index: clamav.spec
===================================================================
RCS file: /cvs/pkgs/rpms/clamav/EL-4/clamav.spec,v
retrieving revision 1.37
retrieving revision 1.38
diff -u -r1.37 -r1.38
--- clamav.spec	14 Jul 2008 10:33:58 -0000	1.37
+++ clamav.spec	26 Oct 2008 17:39:38 -0000	1.38
@@ -13,16 +13,16 @@
 
 Summary:	End-user tools for the Clam Antivirus scanner
 Name:		clamav
-Version:	0.93.3
+Version:	0.94
 Release:	1%{?dist}
 
 License:	GPLv2
 Group:		Applications/File
 URL:		http://www.clamav.net
-# Unfortunately, clamav includes support for RAR v3, derived from GPL 
+# Unfortunately, clamav includes support for RAR v3, derived from GPL
 # incompatible unrar from RARlabs. We have to pull this code out.
-# All that is needed to make the clean tarball is: rm -rf libclamunrar*
-# Note that you also need patch26.
+# tarball was created by
+#   make clean-sources [TARBALL=<original-tarball>] [VERSION=<version>]
 Source0:	clamav-%{version}-norar.tar.bz2
 # Source0:	http://download.sourceforge.net/sourceforge/clamav/%name-%version.tar.gz
 # No sense in using this file for the time being.
@@ -501,6 +501,13 @@
 
 
 %changelog
+* Sun Oct 26 2008 Robert Scheck <robert at fedoraproject.org> - 0.94-1
+- Upgrade to 0.94 (SECURITY), fixes #461461:
+- CVE-2008-1389 Invalid memory access in the CHM unpacker
+- CVE-2008-3912 Out-of-memory NULL pointer dereference in mbox/msg
+- CVE-2008-3913 Memory leak in code path in freshclam's manager.c
+- CVE-2008-3914 Multiple file descriptor leaks on the code paths
+
 * Mon Jul 14 2008 Robert Scheck <robert at fedoraproject.org> - 0.93.3-1
 - Upgrade to 0.93.3 (SECURITY), rediffed -initoff patch:
 - CVE-2008-2713 Out-of-bounds read on petite files


Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/clamav/EL-4/sources,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -r1.23 -r1.24
--- sources	14 Jul 2008 10:33:58 -0000	1.23
+++ sources	26 Oct 2008 17:39:38 -0000	1.24
@@ -1 +1 @@
-53d288ddafd9cc198eeb69ffe8c83d02  clamav-0.93.3-norar.tar.bz2
+a2ace45354b5b44bb334a0bfe8416e14  clamav-0.94-norar.tar.bz2