Bug #1420819 “ClamAV 0.98.6 security update for Lucid” : Bugs : clamav package : Ubuntu

Revision history for this message

chris pollock (cpollock) wrote on 2015-02-11:

#1

lucid.debdiff Edit (3.1 KiB, text/plain)

Revision history for this message

Steve Beattie (sbeattie) wrote on 2015-02-11:

#2

Thanks, I'm working on this now. I updated the changelog slightly to add a reference to this bug report.

information type:	Private Security → Public Security
Changed in clamav (Ubuntu):
status:	New → In Progress
importance:	Undecided → Medium
assignee:	nobody → Steve Beattie (sbeattie)

Revision history for this message

Steve Beattie (sbeattie) wrote on 2015-02-11:

#3

Download full text (5.0 KiB)

Hi Chris,

Did you do a test build on powerpc? Even with not using llvm, I got a build failure in the unit tests on powerpc. I'll retry the build as sometimes things can be flaky on the powerpc buildds, but the relevant bits from the log are as follows:

make[3]: Entering directory `/build/buildd/clamav-0.98.6+dfsg/unit_tests'
cp input/clamav.hdb clamav.hdb
  CC check_clamav-check_clamav.o
check_clamav.c: In function 'test_cli_readint16':
check_clamav.c:708: warning: pointer targets in passing argument 1 of 'cli_readint16' differ in signedness
../libclamav/others.h:519: note: expected 'const char *' but argument is of type 'uint8_t *'
check_clamav.c:713: warning: pointer targets in passing argument 1 of 'cli_readint16' differ in signedness
../libclamav/others.h:519: note: expected 'const char *' but argument is of type 'uint8_t *'
check_clamav.c: In function 'test_cli_readint32':
check_clamav.c:725: warning: pointer targets in passing argument 1 of 'cli_readint32' differ in signedness
../libclamav/others.h:509: note: expected 'const char *' but argument is of type 'uint8_t *'
check_clamav.c:730: warning: pointer targets in passing argument 1 of 'cli_readint32' differ in signedness
../libclamav/others.h:509: note: expected 'const char *' but argument is of type 'uint8_t *'
check_clamav.c: In function 'test_cli_writeint32':
check_clamav.c:741: warning: pointer targets in passing argument 1 of 'cli_writeint32' differ in signedness
../libclamav/others.h:527: note: expected 'char *' but argument is of type 'uint8_t *'
check_clamav.c:744: warning: pointer targets in passing argument 1 of 'cli_readint32' differ in signedness
../libclamav/others.h:509: note: expected 'const char *' but argument is of type 'uint8_t *'
check_clamav.c:748: warning: pointer targets in passing argument 1 of 'cli_writeint32' differ in signedness
../libclamav/others.h:527: note: expected 'char *' but argument is of type 'uint8_t *'
check_clamav.c:751: warning: pointer targets in passing argument 1 of 'cli_readint32' differ in signedness
../libclamav/others.h:509: note: expected 'const char *' but argument is of type 'uint8_t *'
  CC check_clamav-check_jsnorm.o
  CC check_clamav-check_str.o
  CC check_clamav-check_regex.o
  CC check_clamav-check_disasm.o
  CC check_clamav-check_uniq.o
  CC check_clamav-check_matchers.o
  CC check_clamav-check_htmlnorm.o
  CC check_clamav-check_bytecode.o
check_bytecode.c: In function 'test_matchwithread_jit':
check_bytecode.c:255: warning: passing argument 1 of 'cli_writeint32' from incompatible pointer type
../libclamav/others.h:527: note: expected 'char *' but argument is of type 'uint32_t *'
check_bytecode.c: In function 'test_matchwithread_int':
check_bytecode.c:278: warning: passing argument 1 of 'cli_writeint32' from incompatible pointer type
../libclamav/others.h:527: note: expected 'char *' but argument is of type 'uint32_t *'
check_bytecode.c: At top level:
check_bytecode.c:463: warning: 'test_retmagic_7_int' defined but not used
  CCLD check_clamav
  CC check_clamd-check_clamd.o
  CCLD check_clamd
  CC check_fpu_endian-check_fpu_endian.o
  CCLD check_fpu_...

Hi Chris,

Did you do a test build on powerpc? Even with not using llvm, I got a build failure in the unit tests on powerpc. I'll retry the build as sometimes things can be flaky on the powerpc buildds, but the relevant bits from the log are as follows:

make[3]: Entering directory `/build/buildd/clamav-0.98.6+dfsg/unit_tests'
cp input/clamav.hdb clamav.hdb
  CC       check_clamav-check_clamav.o
check_clamav.c: In function 'test_cli_readint16':
check_clamav.c:708: warning: pointer targets in passing argument 1 of 'cli_readint16' differ in signedness
../libclamav/others.h:519: note: expected 'const char *' but argument is of type 'uint8_t *'
check_clamav.c:713: warning: pointer targets in passing argument 1 of 'cli_readint16' differ in signedness
../libclamav/others.h:519: note: expected 'const char *' but argument is of type 'uint8_t *'
check_clamav.c: In function 'test_cli_readint32':
check_clamav.c:725: warning: pointer targets in passing argument 1 of 'cli_readint32' differ in signedness
../libclamav/others.h:509: note: expected 'const char *' but argument is of type 'uint8_t *'
check_clamav.c:730: warning: pointer targets in passing argument 1 of 'cli_readint32' differ in signedness
../libclamav/others.h:509: note: expected 'const char *' but argument is of type 'uint8_t *'
check_clamav.c: In function 'test_cli_writeint32':
check_clamav.c:741: warning: pointer targets in passing argument 1 of 'cli_writeint32' differ in signedness
../libclamav/others.h:527: note: expected 'char *' but argument is of type 'uint8_t *'
check_clamav.c:744: warning: pointer targets in passing argument 1 of 'cli_readint32' differ in signedness
../libclamav/others.h:509: note: expected 'const char *' but argument is of type 'uint8_t *'
check_clamav.c:748: warning: pointer targets in passing argument 1 of 'cli_writeint32' differ in signedness
../libclamav/others.h:527: note: expected 'char *' but argument is of type 'uint8_t *'
check_clamav.c:751: warning: pointer targets in passing argument 1 of 'cli_readint32' differ in signedness
../libclamav/others.h:509: note: expected 'const char *' but argument is of type 'uint8_t *'
  CC       check_clamav-check_jsnorm.o
  CC       check_clamav-check_str.o
  CC       check_clamav-check_regex.o
  CC       check_clamav-check_disasm.o
  CC       check_clamav-check_uniq.o
  CC       check_clamav-check_matchers.o
  CC       check_clamav-check_htmlnorm.o
  CC       check_clamav-check_bytecode.o
check_bytecode.c: In function 'test_matchwithread_jit':
check_bytecode.c:255: warning: passing argument 1 of 'cli_writeint32' from incompatible pointer type
../libclamav/others.h:527: note: expected 'char *' but argument is of type 'uint32_t *'
check_bytecode.c: In function 'test_matchwithread_int':
check_bytecode.c:278: warning: passing argument 1 of 'cli_writeint32' from incompatible pointer type
../libclamav/others.h:527: note: expected 'char *' but argument is of type 'uint32_t *'
check_bytecode.c: At top level:
check_bytecode.c:463: warning: 'test_retmagic_7_int' defined but not used
  CCLD     check_clamav
  CC       check_clamd-check_clamd.o
  CCLD     check_clamd
  CC       check_fpu_endian-check_fpu_endian.o
  CCLD     check_fpu_endian
make[3]: Nothing to be done for `check_freshclam.sh'.
make[3]: Nothing to be done for `check_sigtool.sh'.
cat ../unit_tests/.split/split.clam-phish-exeaa ../unit_tests/.split/split.clam-phish-exeab > clam-phish-exe
make[3]: Nothing to be done for `check1_clamscan.sh'.
make[3]: Nothing to be done for `check2_clamd.sh'.
make[3]: Nothing to be done for `check3_clamd.sh'.
make[3]: Nothing to be done for `check4_clamd.sh'.
make[3]: Nothing to be done for `check5_clamd_vg.sh'.
make[3]: Nothing to be done for `check6_clamd_vg.sh'.
make[3]: Nothing to be done for `check7_clamd_hg.sh'.
make[3]: Nothing to be done for `check8_clamd_hg.sh'.
make[3]: Nothing to be done for `check9_clamscan_vg.sh'.
make[3]: Leaving directory `/build/buildd/clamav-0.98.6+dfsg/unit_tests'
/usr/bin/make  check-TESTS
make[3]: Entering directory `/build/buildd/clamav-0.98.6+dfsg/unit_tests'
make[4]: Entering directory `/build/buildd/clamav-0.98.6+dfsg/unit_tests'
FAIL: check_clamav
PASS: check_freshclam.sh
PASS: check_sigtool.sh
SKIP: check_unit_vg.sh
PASS: check1_clamscan.sh
PASS: check2_clamd.sh
PASS: check3_clamd.sh
PASS: check4_clamd.sh
SKIP: check5_clamd_vg.sh
SKIP: check6_clamd_vg.sh
SKIP: check7_clamd_hg.sh
SKIP: check8_clamd_hg.sh
SKIP: check9_clamscan_vg.sh
make[5]: Entering directory `/build/buildd/clamav-0.98.6+dfsg/unit_tests'
make[5]: Nothing to be done for `all'.
make[5]: Leaving directory `/build/buildd/clamav-0.98.6+dfsg/unit_tests'
==============================================
   ClamAV 0.98.6: unit_tests/test-suite.log
==============================================

# TOTAL: 13
# PASS:  6
# SKIP:  6
# XFAIL: 0
# FAIL:  1
# XPASS: 0
# ERROR: 0

.. contents:: :depth: 2

FAIL: check_clamav
==================

Running suite(s): cl_api
 cli
 jsnorm
 str
 regex
 disasm
 unique
 matchers
 htmlnorm
 bytecode
99%: Checks: 960, Failures: 0, Errors: 1
check_bytecode.c:501:E:arithmetic:test_parallel_load:0: (after this point) Test timeout expired

Thanks.

Revision history for this message

Launchpad Janitor (janitor) wrote on 2015-02-12:

#4

This bug was fixed in the package clamav - 0.98.6+dfsg-0ubuntu0.10.04.1

---------------
clamav (0.98.6+dfsg-0ubuntu0.10.04.1) lucid-security; urgency=medium

  [ Marc Deslauriers ]
  * Updated to 0.98.6 to fix security issues, including CVE-2014-9328.
    (LP: #1420819)
  * Removed upstreamed patches:
    - d/p/0002-Add-an-additional-n-after-the-number-in-the-pidfile.patch
    - d/p/0017-Bump-.so-version-number.patch

  [ Chris Pollock ]
  * Drop dh_autoreconf from build-depends
  * Remove use of dh_autoreconf from debian/rules
  * Adjust list of no LLVM architectures in debian/rules to include powerpc
    to avoid FTBFS on lucid

clamav (0.98.5+addedllvm-0ubuntu0.12.04.1) precise-security; urgency=medium

  * Updated to 0.98.5 to fix security issues, including CVE-2013-6497.
  * Removed patches no longer needed:
    - d/p/0002-Sebastian-Andrzej-Siewior.patch
    - d/p/0003-configure-use-pkg-config-for-check-so-test-is-detect.patch
    - d/p/0004-Stop-using-a-cargo-culted-syscall-table-and-trust-th.patch
    - d/p/0005-configure.ac-patches-to-got-with-autoreconf-and-auto.patch
    - d/p/0006-Fix-STAT64-definition-and-add-missing-includes.patch
  * Added patches from vivid to fix FTBFS, .so version and other issues:
    - d/p/0002-Add-an-additional-n-after-the-number-in-the-pidfile.patch
    - d/p/0003-unit_tests-increment-test-timeout-from-40secs-to-5mi.patch
    - d/p/0006-remove-unnecessary-harmful-flags-from-libclamav.pc.patch
    - d/p/0010-hardcode-LLVM-linker-flag-because-llvm-config-return.patch
    - d/p/0017-Bump-.so-version-number.patch
    - d/p/0018-llvm-don-t-use-system-libs.patch
  * debian/clamav-docs.docs: use wildcards, as some docs have changed.
  * debian/clamav-base.postinst.in: added new options.
  * debian/clamav-base.config.in: added new options.
  * debian/clamav-base.templates: added new options.
  * debian/control: added libssl-dev BuildDepends.
  * clamav-testfiles.install: removed rar files.
-- Chris <email address hidden> Sun, 08 Feb 2015 07:54:07 -0600

This bug was fixed in the package clamav - 0.98.6+dfsg-0ubuntu0.10.04.1

---------------
clamav (0.98.6+dfsg-0ubuntu0.10.04.1) lucid-security; urgency=medium

[ Marc Deslauriers ]
  * Updated to 0.98.6 to fix security issues, including CVE-2014-9328.
    (LP: #1420819)
  * Removed upstreamed patches:
    - d/p/0002-Add-an-additional-n-after-the-number-in-the-pidfile.patch
    - d/p/0017-Bump-.so-version-number.patch

[ Chris Pollock ]
  * Drop dh_autoreconf from build-depends
  * Remove use of dh_autoreconf from debian/rules
  * Adjust list of no LLVM architectures in debian/rules to include powerpc
    to avoid FTBFS on lucid

clamav (0.98.5+addedllvm-0ubuntu0.12.04.1) precise-security; urgency=medium

* Updated to 0.98.5 to fix security issues, including CVE-2013-6497.
  * Removed patches no longer needed:
    - d/p/0002-Sebastian-Andrzej-Siewior.patch
    - d/p/0003-configure-use-pkg-config-for-check-so-test-is-detect.patch
    - d/p/0004-Stop-using-a-cargo-culted-syscall-table-and-trust-th.patch
    - d/p/0005-configure.ac-patches-to-got-with-autoreconf-and-auto.patch
    - d/p/0006-Fix-STAT64-definition-and-add-missing-includes.patch
  * Added patches from vivid to fix FTBFS, .so version and other issues:
    - d/p/0002-Add-an-additional-n-after-the-number-in-the-pidfile.patch
    - d/p/0003-unit_tests-increment-test-timeout-from-40secs-to-5mi.patch
    - d/p/0006-remove-unnecessary-harmful-flags-from-libclamav.pc.patch
    - d/p/0010-hardcode-LLVM-linker-flag-because-llvm-config-return.patch
    - d/p/0017-Bump-.so-version-number.patch
    - d/p/0018-llvm-don-t-use-system-libs.patch
  * debian/clamav-docs.docs: use wildcards, as some docs have changed.
  * debian/clamav-base.postinst.in: added new options.
  * debian/clamav-base.config.in: added new options.
  * debian/clamav-base.templates: added new options.
  * debian/control: added libssl-dev BuildDepends.
  * clamav-testfiles.install: removed rar files.
 -- Chris <cpollock@embarqmail.com>   Sun, 08 Feb 2015 07:54:07 -0600

Changed in clamav (Ubuntu):
status:	In Progress → Fix Released

Ubuntu
clamav package

ClamAV 0.98.6 security update for Lucid

Bug Description

Related branches

CVE References

Other bug subscribers

Bug attachments

Remote bug watches

Ubuntuclamav package

ClamAV 0.98.6 security update for Lucid

Bug Description

Related branches

CVE References

Other bug subscribers

Bug attachments

Remote bug watches

Ubuntu
clamav package