diff --git a/CMakeLists.txt b/CMakeLists.txt index 0f544271bb..400f0287d4 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -15,7 +15,7 @@ string(TIMESTAMP TODAY "%Y%m%d") set(VERSION_SUFFIX "") project( ClamAV - VERSION "0.103.11" + VERSION "0.103.12" DESCRIPTION "ClamAV open source email, web, and end-point anti-virus toolkit." ) set(CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/cmake" ${CMAKE_MODULE_PATH}) diff --git a/Jenkins/Dockerfile b/Jenkins/Dockerfile new file mode 100644 index 0000000000..1d6759f872 --- /dev/null +++ b/Jenkins/Dockerfile @@ -0,0 +1,6 @@ +FROM ubuntu:18.04 + +RUN apt-get update && apt-get install -y \ + gcc make automake autoconf m4 pkg-config libtool flex bison valgrind \ + check libbz2-dev libcurl4-openssl-dev libjson-c-dev libmilter-dev \ + libncurses5-dev libpcre2-dev libssl-dev libxml2-dev zlib1g-dev diff --git a/Jenkinsfile b/Jenkinsfile index 85df4755c5..26d4ce6b10 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -4,23 +4,32 @@ properties( parameters( [ string(name: 'VERSION', - defaultValue: '0.103.11', + defaultValue: '0.103.12', description: 'ClamAV version string'), string(name: 'FRAMEWORK_BRANCH', defaultValue: '0.103', description: 'test-framework branch'), string(name: 'TESTS_BRANCH', defaultValue: '0.103', - description: 'tests branch'), + description: 'tests branch for the package and regular tests'), string(name: 'TESTS_CUSTOM_BRANCH', defaultValue: '0.103', description: 'tests-custom branch'), string(name: 'TESTS_FUZZ_BRANCH', defaultValue: '0.103', description: 'tests-fuzz-regression branch'), + string(name: 'BUILD_PIPELINES_PATH', + defaultValue: 'ClamAV/build-pipelines', + description: 'build-pipelines path for clamav in Jenkins'), + string(name: 'TEST_PIPELINES_PATH', + defaultValue: 'ClamAV/test-pipelines', + description: 'test-pipelines path for clamav in Jenkins'), string(name: 'BUILD_PIPELINE', defaultValue: 'build-0.103', description: 'test-pipelines branch for build acceptance'), + string(name: 'PACKAGE_PIPELINE', + defaultValue: 'package-0.103', + description: 'test-pipelines branch for package tests.'), string(name: 'REGULAR_PIPELINE', defaultValue: 'regular-0.103', description: 'test-pipelines branch for regular tests.'), @@ -44,7 +53,7 @@ properties( ] ) -node('ubuntu-18-x64') { +node('docker') { stage('Generate Tarball') { cleanWs() @@ -63,13 +72,24 @@ node('ubuntu-18-x64') { ''' } - dir(path: 'build') { - sh """# Make Dist - if [ -f '../autogen.sh' ] ; then /bin/chmod +x ../autogen.sh && ../autogen.sh ; fi - ../configure --enable-milter --disable-clamav --disable-silent-rules --enable-llvm --with-system-llvm=no - make distcheck - mv clamav-${params.VERSION}*.tar.gz clamav-${params.VERSION}.tar.gz || true""" - archiveArtifacts(artifacts: "clamav-${params.VERSION}.tar.gz", onlyIfSuccessful: true) + // start up docker image + def dockerImage = docker.build("autoconf", "./Jenkins") + + try { + dockerImage.inside { c -> + dir(path: "build") { + sh """# Make Dist + if [ -f '../autogen.sh' ] ; then /bin/chmod +x ../autogen.sh && ../autogen.sh ; fi + ../configure --enable-milter --disable-clamav --disable-silent-rules --enable-llvm --with-system-llvm=no + make dist + mv clamav-${params.VERSION}*.tar.gz clamav-${params.VERSION}.tar.gz || true""" + archiveArtifacts(artifacts: "clamav-${params.VERSION}.tar.gz", onlyIfSuccessful: true) + } + } + } + catch(IOException err) { + cleanWs() + throw err } cleanWs() @@ -78,7 +98,7 @@ node('ubuntu-18-x64') { def buildResult stage('Build') { - buildResult = build(job: "test-pipelines/${params.BUILD_PIPELINE}", + buildResult = build(job: "${params.BUILD_PIPELINES_PATH}/${params.BUILD_PIPELINE}", propagate: true, wait: true, parameters: [ @@ -89,24 +109,23 @@ node('ubuntu-18-x64') { [$class: 'StringParameterValue', name: 'SHARED_LIB_BRANCH', value: "${params.SHARED_LIB_BRANCH}"] ] ) - echo "test-pipelines/${params.BUILD_PIPELINE} #${buildResult.number} succeeded." + echo "${params.BUILD_PIPELINES_PATH}/${params.BUILD_PIPELINE} #${buildResult.number} succeeded." } stage('Test') { def tasks = [:] - tasks["regular_and_custom"] = { - def regularResult + tasks["package_regular_custom"] = { def exception = null try { - stage("Regular Pipeline") { - regularResult = build(job: "test-pipelines/${params.REGULAR_PIPELINE}", + stage("Package") { + final regularResult = build(job: "${params.TEST_PIPELINES_PATH}/${params.PACKAGE_PIPELINE}", propagate: true, wait: true, parameters: [ [$class: 'StringParameterValue', name: 'CLAMAV_JOB_NAME', value: "${JOB_NAME}"], [$class: 'StringParameterValue', name: 'CLAMAV_JOB_NUMBER', value: "${BUILD_NUMBER}"], - [$class: 'StringParameterValue', name: 'BUILD_JOB_NAME', value: "test-pipelines/${params.BUILD_PIPELINE}"], + [$class: 'StringParameterValue', name: 'BUILD_JOB_NAME', value: "${params.BUILD_PIPELINES_PATH}/${params.BUILD_PIPELINE}"], [$class: 'StringParameterValue', name: 'BUILD_JOB_NUMBER', value: "${buildResult.number}"], [$class: 'StringParameterValue', name: 'TESTS_BRANCH', value: "${params.TESTS_BRANCH}"], [$class: 'StringParameterValue', name: 'FRAMEWORK_BRANCH', value: "${params.FRAMEWORK_BRANCH}"], @@ -114,14 +133,36 @@ node('ubuntu-18-x64') { [$class: 'StringParameterValue', name: 'SHARED_LIB_BRANCH', value: "${params.SHARED_LIB_BRANCH}"] ] ) - echo "test-pipelines/${params.REGULAR_PIPELINE} #${regularResult.number} succeeded." + echo "${params.TEST_PIPELINES_PATH}/${params.PACKAGE_PIPELINE} #${regularResult.number} succeeded." + } + } catch (exc) { + echo "${params.TEST_PIPELINES_PATH}/${params.PACKAGE_PIPELINE} failed." + exception = exc + } + + try { + stage("Regular From-Source") { + final regularResult = build(job: "${params.TEST_PIPELINES_PATH}/${params.REGULAR_PIPELINE}", + propagate: true, + wait: true, + parameters: [ + [$class: 'StringParameterValue', name: 'CLAMAV_JOB_NAME', value: "${JOB_NAME}"], + [$class: 'StringParameterValue', name: 'CLAMAV_JOB_NUMBER', value: "${BUILD_NUMBER}"], + [$class: 'StringParameterValue', name: 'TESTS_BRANCH', value: "${params.TESTS_BRANCH}"], + [$class: 'StringParameterValue', name: 'FRAMEWORK_BRANCH', value: "${params.FRAMEWORK_BRANCH}"], + [$class: 'StringParameterValue', name: 'VERSION', value: "${params.VERSION}"], + [$class: 'StringParameterValue', name: 'SHARED_LIB_BRANCH', value: "${params.SHARED_LIB_BRANCH}"] + ] + ) + echo "${params.TEST_PIPELINES_PATH}/${params.REGULAR_PIPELINE} #${regularResult.number} succeeded." } } catch (exc) { - echo "test-pipelines/${params.REGULAR_PIPELINE} failed." + echo "${params.TEST_PIPELINES_PATH}/${params.REGULAR_PIPELINE} failed." exception = exc } - stage("Custom Pipeline") { - final customResult = build(job: "test-pipelines/${params.CUSTOM_PIPELINE}", + + stage("Custom From-Source") { + final customResult = build(job: "${params.TEST_PIPELINES_PATH}/${params.CUSTOM_PIPELINE}", propagate: true, wait: true, parameters: [ @@ -133,17 +174,17 @@ node('ubuntu-18-x64') { [$class: 'StringParameterValue', name: 'SHARED_LIB_BRANCH', value: "${params.SHARED_LIB_BRANCH}"] ] ) - echo "test-pipelines/${params.CUSTOM_PIPELINE} #${customResult.number} succeeded." + echo "${params.TEST_PIPELINES_PATH}/${params.CUSTOM_PIPELINE} #${customResult.number} succeeded." } if(exception != null) { - echo "Custom Pipeline passed, but Regular pipeline failed!" + echo "Custom Pipeline passed, but prior pipelines failed!" throw exception } } tasks["fuzz_regression"] = { stage("Fuzz Regression") { - final fuzzResult = build(job: "test-pipelines/${params.FUZZ_PIPELINE}", + final fuzzResult = build(job: "${params.TEST_PIPELINES_PATH}/${params.FUZZ_PIPELINE}", propagate: true, wait: true, parameters: [ @@ -154,7 +195,7 @@ node('ubuntu-18-x64') { [$class: 'StringParameterValue', name: 'VERSION', value: "${params.VERSION}"] ] ) - echo "test-pipelines/${params.FUZZ_PIPELINE} #${fuzzResult.number} succeeded." + echo "${params.TEST_PIPELINES_PATH}/${params.FUZZ_PIPELINE} #${fuzzResult.number} succeeded." } } diff --git a/NEWS.md b/NEWS.md index 1621efea63..9c8801a4fe 100644 --- a/NEWS.md +++ b/NEWS.md @@ -3,6 +3,10 @@ Note: This file refers to the source tarball. Things described here may differ slightly from the binary packages. +## 0.103.12 + +ClamAV 0.103.12 is a patch release with the following fixes: + ## 0.103.11 ClamAV 0.103.11 is a patch release with the following fixes: diff --git a/configure.ac b/configure.ac index d5500f6fed..33b2f9945f 100644 --- a/configure.ac +++ b/configure.ac @@ -22,7 +22,7 @@ AC_PREREQ([2.59]) dnl For a release change [devel] to the real version [0.xy] dnl also change VERSION below -AC_INIT([ClamAV], [0.103.11], [https://github.com/Cisco-Talos/clamav/issues], [clamav], [https://www.clamav.net/]) +AC_INIT([ClamAV], [0.103.12], [https://github.com/Cisco-Talos/clamav/issues], [clamav], [https://www.clamav.net/]) dnl put configure auxiliary into config AC_CONFIG_AUX_DIR([config]) diff --git a/freshclam/freshclam.c b/freshclam/freshclam.c index 1f97d51164..7c23b9e615 100644 --- a/freshclam/freshclam.c +++ b/freshclam/freshclam.c @@ -998,7 +998,7 @@ fc_error_t get_official_database_lists( uint32_t i; const char *hardcodedStandardDatabaseList[] = {"daily", "main", "bytecode"}; - const char *hardcodedOptionalDatabaseList[] = {"safebrowsing", "test"}; + const char *hardcodedOptionalDatabaseList[] = {"safebrowsing", "test", "valhalla"}; if ((NULL == standardDatabases) || (NULL == nStandardDatabases) || (NULL == optionalDatabases) || (NULL == nOptionalDatabases)) { mprintf("!get_official_database_lists: Invalid arguments.\n"); @@ -1424,6 +1424,10 @@ fc_error_t perform_database_update( uint32_t nUpdated = 0; uint32_t nTotalUpdated = 0; + uint32_t i; + char **doNotPruneDatabaseList = NULL; + uint32_t nDoNotPruneDatabases = 0; + STATBUF statbuf; if (NULL == serverList) { @@ -1444,7 +1448,38 @@ fc_error_t perform_database_update( * Prune database directory of official databases * that are no longer available or no longer desired. */ - (void)fc_prune_database_directory(databaseList, nDatabases); + + // include the URL databases in the prune process + doNotPruneDatabaseList = (char **)malloc(sizeof(char *) * (nDatabases + nUrlDatabases)); + if (NULL == doNotPruneDatabaseList) { + logg("!perform_database_update: Can't allocate memory for doNotPruneDatabaseList\n"); + status = FC_EMEM; + goto done; + } + + for (i = 0; i < nDatabases; i++) { + doNotPruneDatabaseList[i] = strdup(databaseList[i]); + if (doNotPruneDatabaseList[i] == NULL) { + logg("!perform_database_update: Can't allocate memory for database name in doNotPruneDatabaseList\n"); + status = FC_EMEM; + goto done; + } + } + nDoNotPruneDatabases = nDatabases; + + for (i = 0; i < nUrlDatabases; i++) { + // Only append the URL databases that end with '.cvd' + if (strlen(urlDatabaseList[i]) > 4 && 0 == strcasecmp(urlDatabaseList[i] + strlen(urlDatabaseList[i]) - 4, ".cvd")) { + const char *startOfFilename = strrchr(urlDatabaseList[i], '/') + 1; + if (NULL != startOfFilename) { + // Add the base database name to the do-not-prune list, excluding the '.cvd' extension. + doNotPruneDatabaseList[nDatabases + i] = CLI_STRNDUP(startOfFilename, strlen(startOfFilename) - strlen(".cvd")); + nDoNotPruneDatabases++; + } + } + } + + (void)fc_prune_database_directory(doNotPruneDatabaseList, nDoNotPruneDatabases); } /* @@ -1515,6 +1550,16 @@ fc_error_t perform_database_update( done: + // Free up the database list + if (NULL != doNotPruneDatabaseList) { + for (i = 0; i < nDoNotPruneDatabases; i++) { + free(doNotPruneDatabaseList[i]); + doNotPruneDatabaseList[i] = NULL; + } + free(doNotPruneDatabaseList); + doNotPruneDatabaseList = NULL; + } + if (LSTAT(g_freshclamTempDirectory, &statbuf) != -1) { /* Remove temp directory */ if (*g_freshclamTempDirectory) { diff --git a/libclamav/bytecode_api.h b/libclamav/bytecode_api.h index 7575a0b72e..029a1d5d44 100644 --- a/libclamav/bytecode_api.h +++ b/libclamav/bytecode_api.h @@ -157,6 +157,7 @@ enum FunctionalityLevels { FUNC_LEVEL_0103_9 = 130, /**< LibClamAV release 0.103.9 */ FUNC_LEVEL_0103_10 = 131, /**< LibClamAV release 0.103.10 */ FUNC_LEVEL_0103_11 = 132, /**< LibClamAV release 0.103.11 */ + FUNC_LEVEL_0103_12 = 133, /**< LibClamAV release 0.103.12 */ }; /** diff --git a/libclamav/others.h b/libclamav/others.h index 9f090ddae6..2e45ab57ed 100644 --- a/libclamav/others.h +++ b/libclamav/others.h @@ -73,7 +73,7 @@ * in re-enabling affected modules. */ -#define CL_FLEVEL 132 +#define CL_FLEVEL 133 #define CL_FLEVEL_DCONF CL_FLEVEL #define CL_FLEVEL_SIGTOOL CL_FLEVEL diff --git a/libclamav/special.c b/libclamav/special.c index f9b3b3ced9..bb925e7f16 100644 --- a/libclamav/special.c +++ b/libclamav/special.c @@ -48,7 +48,8 @@ int cli_check_mydoom_log(cli_ctx *ctx) { - const uint32_t *record; + uint32_t record[16]; + const uint32_t *ptr; uint32_t check, key; fmap_t *map = ctx->fmap; unsigned int blocks = map->len / (8 * 4); @@ -59,14 +60,24 @@ int cli_check_mydoom_log(cli_ctx *ctx) if (blocks > 5) blocks = 5; - record = fmap_need_off_once(map, 0, 8 * 4 * blocks); - if (!record) + /* + * The following pointer might not be properly aligned. There there is + * memcmp() + memcpy() workaround to avoid performing an unaligned access + * while reading the uint32_t. + */ + ptr = fmap_need_off_once(map, 0, 8 * 4 * blocks); + if (!ptr) return CL_CLEAN; + while (blocks) { /* This wasn't probably intended but that's what the current code does anyway */ - if (record[--blocks] == 0xffffffff) + const uint32_t marker_ff = 0xffffffff; + + if (!memcmp(&ptr[--blocks], &marker_ff, sizeof(uint32_t))) return CL_CLEAN; } + memcpy(record, ptr, sizeof(record)); + key = ~be32_to_host(record[0]); check = (be32_to_host(record[1]) ^ key) + (be32_to_host(record[2]) ^ key) + diff --git a/m4/reorganization/version.m4 b/m4/reorganization/version.m4 index 5ce62f5e4f..b66e5491ab 100644 --- a/m4/reorganization/version.m4 +++ b/m4/reorganization/version.m4 @@ -3,7 +3,7 @@ dnl During active development, set: VERSION="-devel-`date +%Y%m%d`" dnl For beta, set: VERSION="-beta" dnl For release candidate, set: VERSION="-rc" dnl For release, set: VERSION="" -VERSION="0.103.11" +VERSION="0.103.12" major=`echo $PACKAGE_VERSION |cut -d. -f1 | sed -e "s/[^0-9]//g"` minor=`echo $PACKAGE_VERSION |cut -d. -f2 | sed -e "s/[^0-9]//g"` diff --git a/win32/ClamAV-Installer.iss b/win32/ClamAV-Installer.iss index 518f6175ba..b3a3d06fca 100644 --- a/win32/ClamAV-Installer.iss +++ b/win32/ClamAV-Installer.iss @@ -8,7 +8,7 @@ [Setup] AppName=ClamAV -AppVersion=0.103.11 +AppVersion=0.103.12 DefaultDirName={pf}\ClamAV DefaultGroupName=ClamAV AppCopyright=2021 Cisco Systems, Inc. @@ -20,7 +20,7 @@ UninstallDisplayName=ClamAV Compression=lzma2 SolidCompression=yes OutputDir=. -OutputBaseFilename=ClamAV-0.103.11 +OutputBaseFilename=ClamAV-0.103.12 WizardImageFile=demon.bmp WizardSmallImageFile=talos.bmp diff --git a/win32/clamav-config.h b/win32/clamav-config.h index 03f975f8e1..c08dac57f3 100644 --- a/win32/clamav-config.h +++ b/win32/clamav-config.h @@ -480,7 +480,7 @@ #define PACKAGE_NAME "ClamAV" /* Define to the full name and version of this package. */ -#define PACKAGE_STRING "ClamAV 0.103.11" +#define PACKAGE_STRING "ClamAV 0.103.12" /* Define to the one symbol short name of this package. */ #define PACKAGE_TARNAME "clamav" @@ -489,7 +489,7 @@ #define PACKAGE_URL "https://www.clamav.net/" /* Define to the version of this package. */ -#define PACKAGE_VERSION "0.103.11" +#define PACKAGE_VERSION "0.103.12" /* scan buffer size */ #define SCANBUFF 131072 @@ -525,7 +525,7 @@ /* #undef USE_SYSLOG */ /* Version number of package */ -#define VERSION "0.103.11" +#define VERSION "0.103.12" /* Version suffix for package */ #define VERSION_SUFFIX "" diff --git a/win32/libclamunrar.vcxproj b/win32/libclamunrar.vcxproj index 89860990fa..c0771f344c 100644 --- a/win32/libclamunrar.vcxproj +++ b/win32/libclamunrar.vcxproj @@ -100,7 +100,7 @@ Sync EnableFastChecks MultiThreadedDebug - 4Bytes + Default false Use rar.hpp @@ -131,7 +131,7 @@ Sync EnableFastChecks MultiThreadedDebug - 4Bytes + Default false Use rar.hpp @@ -162,7 +162,7 @@ false Sync MultiThreadedDebug - 4Bytes + Default true true NoExtensions @@ -204,7 +204,7 @@ false Sync MultiThreadedDebug - 4Bytes + Default true true false diff --git a/win32/res/common.rc b/win32/res/common.rc index 81cb41bc78..9f0c6d1b8f 100644 --- a/win32/res/common.rc +++ b/win32/res/common.rc @@ -6,8 +6,8 @@ #define REPO_VERSION VERSION #endif -#define RES_VER_Q 0,103,11,0 -#define RES_VER_S "ClamAV 0.103.11" +#define RES_VER_Q 0,103,12,0 +#define RES_VER_S "ClamAV 0.103.12" VS_VERSION_INFO VERSIONINFO FILEVERSION RES_VER_Q diff --git a/win32/update-win32.pl b/win32/update-win32.pl index 56bb8530a6..8812389ad4 100644 --- a/win32/update-win32.pl +++ b/win32/update-win32.pl @@ -180,10 +180,10 @@ 'PACKAGE' => 'PACKAGE_NAME', 'PACKAGE_BUGREPORT' => '"https://github.com/Cisco-Talos/clamav/issues"', 'PACKAGE_NAME' => '"ClamAV"', - 'PACKAGE_STRING' => '"ClamAV 0.103.11"', + 'PACKAGE_STRING' => '"ClamAV 0.103.12"', 'PACKAGE_TARNAME' => '"clamav"', 'PACKAGE_URL' => '"https://www.clamav.net/"', - 'PACKAGE_VERSION' => '"0.103.11"', + 'PACKAGE_VERSION' => '"0.103.12"', 'SCANBUFF' => '131072', 'SETPGRP_VOID' => '1', 'SIZEOF_INT' => '4',