@@ -1,3 +1,44 @@

+

+Tue Dec 16 16:21:40 2014 EDT (swebb)

+-------------------------------------

+bb#11215 - Change a variable to be an unsigned int to compensate for

+	compiler optimization issue with crafted petite file. Fix

+	suggested by Sebastian Andrzej Siewior.

+

+Fri Dec 12 14:33:41 2014 EDT (klin)

+-----------------------------------

+Added missing break statements(FireAmp #12710) to correct handling of

+	prescan callback return code.

+

+Fri Dec 5 15:26:06 2014 EDT (smorgan)

+-------------------------------------

+bb#11216 - add boundary checks for fuzzed upack file. This issue

+	was reported by Sebastian Andrzej Siewior. CVE-2014-9328.

+

+Thu Dec 4 18:29:17 2014 EDT (klin)

+-----------------------------------

+bb#11212 - fixed section boundary mismatch in MEW unpacker. This issue

+	was identified by Felix Groebert of the Google Security Team.

+

+Thu Dec 4 08:43:43 2014 EDT (swebb)

+-------------------------------------

+bb#11213 - Enforce bounds checking before integer overflow in upx files.

+	This issue was reported by Kevin Szkudlapski of Quarkslab.

+

+Tue Dec 2 15:15:55 2014 EDT (swebb)

+-------------------------------------

+bb#11210: Apply a basic fix for y0da crafted file. This issue was

+	identified by Felix Groebert of the Google Security Team.

+

+Fri, 21 Nov 2014 15:55:12 EDT (swebb)

+-------------------------------------

+bb#11194: Include OpenSSL's headers after the local headers

+

+Thu, 20 Nov 2014 12:39:00 EDT (swebb)

+-------------------------------------

+bb#10907: Add trailing newline to the end of the pidfile

+	  (patch submitted by Sebastian Andrzej Siewior)

+

 Wed, 12 Nov 2014 14:30:39 EDT (swebb)

 -------------------------------------

 * bb11176 - Instruct OpenSSL to allow MD5 when in FIPS-compliant mode.

@@ -1,49 +1,36 @@

-0.98.5

+0.98.6

 ------

-Welcome to ClamAV 0.98.5! ClamAV 0.98.5 includes important new features

-for collecting and analyzing file properties. Software developers and

-analysts may collect file property meta data using the ClamAV API for

-subsequent analysis by ClamAV bytecode programs. Using these features

-will require that libjson-c is installed, but otherwise libjson-c is not

-needed.

-

-Look for our upcoming series of blog posts to learn more about using the

-ClamAV API and bytecode facilities for collecting and analyzing file

-properties.

-

-ClamAV 0.98.5 also includes these new features and bug fixes:

-

-    - Support for the XDP file format and extracting, decoding, and

-      scanning PDF files within XDP files.

-    - Addition of shared library support for LLVM versions 3.1 - 3.5

-      for the purpose of just-in-time(JIT) compilation of ClamAV

-      bytecode signatures. Andreas Cadhalpun submitted the patch

-      implementing this support.

-    - Enhancements to the clambc command line utility to assist

-      ClamAV bytecode signature authors by providing introspection

-      into compiled bytecode programs.

-    - Resolution of many of the warning messages from ClamAV compilation.

-    - Improved detection of malicious PE files.

-    - Security fix for ClamAV crash when using 'clamscan -a'. This issue

-      was identified by Kurt Siefried of Red Hat.

-    - Security fix for ClamAV crash when scanning maliciously crafted

-      yoda's crypter files. This issue, as well as several other bugs

-      fixed in this release, were identified by Damien Millescamp of

-      Oppida.

-    - ClamAV 0.98.5 now works with OpenSSL in FIPS compliant mode.

-      Thanks to Reinhard Max for supplying the patch.

-    - Bug fixes and other feature enhancements. See Changelog or

-      git log for details.

+ClamAV 0.98.6 is a bug fix release correcting the following:

+    - library shared object revisions.

+    - installation issues on some Mac OS X and FreeBSD platforms.

+    - includes a patch from Sebastian Andrzej Siewior making

+      ClamAV pid files compatible with systemd.

+    - Fix a heap out of bounds condition with crafted Yoda's

+      crypter files. This issue was discovered by Felix Groebert

+      of the Google Security Team.

+    - Fix a heap out of bounds condition with crafted mew packer

+      files. This issue was discovered by Felix Groebert of the

+      Google Security Team.

+    - Fix a heap out of bounds condition with crafted upx packer

+      files. This issue was discovered by Kevin Szkudlapski of

+      Quarkslab.

+    - Fix a heap out of bounds condition with crafted upack packer

+      files. This issue was discovered by Sebastian Andrzej Siewior.

+      CVE-2014-9328.

+    - Compensate a crash due to incorrect compiler optimization when

+      handling crafted petite packer files. This issue was discovered

+      by Sebastian Andrzej Siewior.

+      

 Thanks to the following ClamAV community members for code submissions

-and bug reporting included in ClamAV 0.98.5:

+and bug reporting included in ClamAV 0.98.6:

-Andreas Cadhalpun

 Sebastian Andrzej Siewior

-Damien Millescamp

-Reinhard Max

-Kurt Seifried

+Felix Groebert

+Kevin Szkudlapski

+Mark Pizzolato

+Daniel J. Luke

 --

 The ClamAV team (http://www.clamav.net/about.html#credits)

@@ -2,6 +2,40 @@ Note: This README/NEWS file refers to the source tarball. Some things described

 here may not be available in binary packages.

 --

+0.98.6

+------

+

+ClamAV 0.98.6 is a bug fix release correcting the following:

+

+    - library shared object revisions.

+    - installation issues on some Mac OS X and FreeBSD platforms.

+    - includes a patch from Sebastian Andrzej Siewior making

+      ClamAV pid files compatible with systemd.

+    - Fix a heap out of bounds condition with crafted Yoda's

+      crypter files. This issue was discovered by Felix Groebert

+      of the Google Security Team.

+    - Fix a heap out of bounds condition with crafted mew packer

+      files. This issue was discovered by Felix Groebert of the

+      Google Security Team.

+    - Fix a heap out of bounds condition with crafted upx packer

+      files. This issue was discovered by Kevin Szkudlapski of

+      Quarkslab.

+    - Fix a heap out of bounds condition with crafted upack packer

+      files. This issue was discovered by Sebastian Andrzej Siewior.

+      CVE-2014-9328.

+    - Compensate a crash due to incorrect compiler optimization when

+      handling crafted petite packer files. This issue was discovered

+      by Sebastian Andrzej Siewior.

+      

+Thanks to the following ClamAV community members for code submissions

+and bug reporting included in ClamAV 0.98.6:

+

+Sebastian Andrzej Siewior

+Felix Groebert

+Kevin Szkudlapski

+Mark Pizzolato

+Daniel J. Luke

+

 0.98.5

 ------

@@ -464,6 +464,9 @@ int main(int argc, char **argv)

 #ifdef HAVE_PCRE

 	printf("PCRE ");

 #endif

+#ifdef HAVE_ICONV

+	printf("ICONV ");

+#endif

 #ifdef HAVE_JSON

 	printf("JSON ");

 #endif

@@ -112,8 +112,11 @@ int tcpserver(int **lsockets, unsigned int *nlsockets, char *ipaddr, const struc

             serv[0] = '\0';

         }

 #else

-        strncpy(host, ipaddr, sizeof(host));

-        host[sizeof(host)-1] = '\0';

+		if (ipaddr) {

+			strncpy(host, ipaddr, sizeof(host));

+			host[sizeof(host)-1] = '\0';

+		} else

+			host[0] = '\0';

         snprintf(serv, sizeof(serv), "%u", (unsigned int)(optget(opts, "TCPSocket")->numarg));

 #endif

         if(bind(sockfd, p->ai_addr, p->ai_addrlen) == -1) {

@@ -99,10 +99,9 @@ int dconnect() {

         memset(&hints, 0x00, sizeof(struct addrinfo));

         hints.ai_family = AF_UNSPEC;

         hints.ai_socktype = SOCK_STREAM;

-        hints.ai_flags = AI_PASSIVE;

         if ((res = getaddrinfo(ipaddr, port, &hints, &info))) {

-            logg("!Could not lookup %s: %s\n", opt->strarg, gai_strerror(res));

+            logg("!Could not lookup %s: %s\n", ipaddr ? ipaddr : "", gai_strerror(res));

             opt = opt->nextarg;

             continue;

         }

@@ -1569,37 +1569,39 @@ Optional Features:

                           optimize for fast installation [default=yes]

   --disable-libtool-lock  avoid locking (might break parallel builds)

   --enable-ltdl-install   install libltdl

-  --disable-gcc-vcheck	  do not check for buggy gcc version

-  --enable-experimental	enable experimental code

-  --disable-mempool       disable memory pools

-  --enable-check           Enable 'check' unit tests (default=auto)

+  --disable-gcc-vcheck    do not check for buggy gcc version

+  --enable-experimental   enable experimental code

+  --disable-mempool       do not use memory pools

+  --enable-check          enable check unit tests [default=auto]

   --disable-rpath         do not hardcode runtime library paths

   --enable-coverage       turn on test coverage [default=no]

-  --disable-xml	  disable DMG and XAR support

-  --enable-maintainer-mode enable make rules and dependencies not useful

-                          (and sometimes confusing) to the casual installer

-  --disable-zlib-vcheck	  do not check for buggy zlib version

-  --disable-bzip2	  disable bzip2 support

-  --disable-unrar	  don't build libclamunrar and libclamunrar_iface

-  --disable-getaddrinfo          disable support for getaddrinfo

-  --disable-ipv6          disable IPv6 support

-  --disable-dns           disable support for database verification through

-                          DNS

-  --disable-fanotify	  disable fanotify support (Linux only)

-  --enable-milter	  build clamav-milter

-  --disable-pthreads      disable POSIX threads support

-  --disable-cr		  don't link with C reentrant library (BSD)

-  --enable-id-check	  use id utility instead of /etc/passwd parsing

-  --enable-yp-check	  use ypmatch utility instead of /etc/passwd parsing

-  --enable-no-cache	  use "Cache-Control: no-cache" in freshclam

-  --enable-dns-fix	  enable workaround for broken DNS servers (as in SpeedTouch 510)

-  --enable-bigstack	  increase thread stack size

-  --enable-readdir_r		    enable support for readdir_r

-  --disable-fdpassing        don't build file descriptor passing support

-  --enable-clamdtop       Enable 'clamdtop' tool [default=auto]

+  --disable-xml           do not include DMG and XAR support

+  --enable-maintainer-mode

+                          make rules and dependencies not useful (and

+                          sometimes confusing) to the casual installer

+  --disable-zlib-vcheck   do not check for buggy zlib version

+  --disable-bzip2         do not include bzip2 support

+  --disable-unrar         do not build libclamunrar and libclamunrar_iface

+  --disable-getaddrinfo   do not include support for getaddrinfo

+  --disable-ipv6          do not include IPv6 support

+  --disable-dns           do not include support for database verification

+                          through DNS

+  --disable-fanotify      do not add fanotify support (Linux only)

+  --enable-milter         build clamav-milter

+  --disable-pthreads      do not include POSIX threads support

+  --disable-cr            do not link with C reentrant library (BSD)

+  --enable-id-check       use id utility instead of /etc/passwd parsing

+  --enable-yp-check       use ypmatch utility instead of /etc/passwd parsing

+  --enable-no-cache       use "Cache-Control: no-cache" in freshclam

+  --enable-dns-fix        enable workaround for broken DNS servers (as in

+                          SpeedTouch 510)

+  --enable-bigstack       increase thread stack size

+  --enable-readdir_r      enable support for readdir_r

+  --disable-fdpassing     do not build file descriptor passing support

+  --enable-clamdtop       build clamdtop tool [default=auto]

   --enable-distcheck-werror

                           enable warnings as error for distcheck [default=no]

-  --enable-llvm           Enable 'llvm' JIT/verifier support [default=auto]

+  --enable-llvm           enable 'llvm' JIT/verifier support [default=auto]

 Optional Packages:

@@ -1608,40 +1610,47 @@ Optional Packages:

   --with-pic[=PKGS]       try to use only PIC/non-PIC objects [default=use

                           both]

   --with-gnu-ld           assume the C compiler uses GNU ld [default=no]

-  --with-sysroot=DIR Search for dependent libraries within DIR

-                        (or the compiler's sysroot if not specified).

+  --with-sysroot[=DIR]    search for dependent libraries within DIR (or the

+                          compiler's sysroot if not specified).

   --with-included-ltdl    use the GNU ltdl sources included here

-  --with-ltdl-include=DIR use the ltdl headers installed in DIR

-  --with-ltdl-lib=DIR     use the libltdl.la installed in DIR

-  --with-gnu-ld           assume the C compiler uses GNU ld default=no

+  --with-ltdl-include[=DIR]

+                          use the ltdl headers installed in DIR

+  --with-ltdl-lib[=DIR]   use the libltdl.la installed in DIR

+  --with-gnu-ld           assume the C compiler uses GNU ld [default=no]

   --with-libcheck-prefix[=DIR]  search for libcheck in DIR/include and DIR/lib

   --without-libcheck-prefix     don't search for libcheck in includedir and libdir

-  --with-xml=DIR	  path to directory containing libxml2 library (default=

-			  /usr/local or /usr if not found in /usr/local)

-  --with-openssl=DIR   path to directory containing openssl (default=

-    /usr/local or /usr if not found in /usr/local)

-  --with-libjson=DIR   path to directory containing libjson (default=

-    /usr/local or /usr if not found in /usr/local)

-  --with-pcre=DIR        path to directory containing libpcre library (default=

-                          /usr/local or /usr if not found in /usr/local)

-  --with-zlib=DIR	  path to directory containing zlib library (default=

-			  /usr/local or /usr if not found in /usr/local)

+  --with-xml[=DIR]        path to directory containing libxml2 library

+                          [default=/usr/local or /usr if not found in

+                          /usr/local]

+  --with-openssl[=DIR]    path to directory containing openssl

+                          [default=/usr/local or /usr if not found in

+                          /usr/local]

+  --with-libjson[=DIR]    path to directory containing libjson

+                          [default=/usr/local or /usr if not found in

+                          /usr/local]

+  --with-pcre[=DIR]       path to directory containing libpcre library

+                          [default=/usr/local or /usr if not found in

+                          /usr/local]

+  --with-zlib[=DIR]       path to directory containing zlib library

+                          [default=/usr/local or /usr if not found in

+                          /usr/local]

   --with-libbz2-prefix[=DIR]  search for libbz2 in DIR/include and DIR/lib

   --without-libbz2-prefix     don't search for libbz2 in includedir and libdir

-  --with-iconv supports iconv() (default=auto)

-  --with-user=uid	  name of the clamav user (default=clamav)

-  --with-group=gid	  name of the clamav group (default=clamav)

-  --with-version=STR    use custom version string (dev only)

-  --with-dbdir=path	  path to virus database directory

+  --with-iconv            supports iconv() [default=auto]

+  --with-user[=uid]       name of the clamav user [default=clamav]

+  --with-group[=gid]      name of the clamav group [default=clamav]

+  --with-version[=STR]    use custom version string (dev only)

+  --with-dbdir[=path]     path to virus database directory

   --with-libncurses-prefix[=DIR]  search for libncurses in DIR/include and DIR/lib

   --without-libncurses-prefix     don't search for libncurses in includedir and libdir

   --with-libpdcurses-prefix[=DIR]  search for libpdcurses in DIR/include and DIR/lib

   --without-libpdcurses-prefix     don't search for libpdcurses in includedir and libdir

-  --with-system-llvm      Use system llvm instead of built-in, uses full path

-                          to llvm-config (default= /usr/local or /usr if not

-                          found in /usr/local)

-  --with-libcurl=DIR   path to directory containing libcurl (default=

-    /usr/local or /usr if not found in /usr/local)

+  --with-system-llvm      use system llvm instead of built-in, uses full path

+                          to llvm-config [default=/usr/local or /usr if not

+                          found in /usr/local]

+  --with-libcurl[=DIR]    path to directory containing libcurl

+                          [default=/usr/local or /usr if not found in

+                          /usr/local]

 Some influential environment variables:

   CC          C compiler command

@@ -61,7 +61,7 @@ m4_include([m4/reorganization/compiler_checks.m4])

 m4_include([m4/reorganization/linker_checks.m4])

 AC_ARG_ENABLE([experimental],

-[  --enable-experimental	enable experimental code],

+[AS_HELP_STRING([--enable-experimental], [enable experimental code])],

 enable_experimental=$enableval, enable_experimental="no")

 if test "$enable_experimental" = "yes"; then

@@ -186,7 +186,7 @@ cat <<EOF

               pthreads    : $have_pthreads ($THREAD_LIBS)

 EOF

-AC_MSG_NOTICE([Summary of miscellaneous  features])

+AC_MSG_NOTICE([Summary of miscellaneous features])

 if test "x$CHECK_LIBS" = "x"; then

     check_libs="no"

 else

@@ -206,7 +206,7 @@ CL_MSG_STATUS([clamdtop    ],[$CURSES_LIBS],[$enable_clamdtop])

 CL_MSG_STATUS([milter      ],[yes],[$have_milter])

 CL_MSG_STATUS([clamsubmit  ],[$have_curl],[$curl_msg])

-AC_MSG_NOTICE([Summary of engine performance features)])

+AC_MSG_NOTICE([Summary of engine performance features])

 if test "x$enable_debug" = "xyes"; then

     CL_MSG_STATUS([release mode],[no],[debug build])

 else

@@ -319,7 +319,7 @@ Possible values:

 .br

 \fBForceJIT\fR \- always choose JIT, fail if not possible

 .br

-\fBForceIntepreter\fR \- always choose interpreter

+\fBForceInterpreter\fR \- always choose interpreter

 .br

 \fBTest\fR \- run with both JIT and interpreter and compare results. Make all failures fatal.

 .RE

@@ -1,4 +1,4 @@

-.TH "Config tool" "1" "March 20, 2014" "ClamAV @VERSION@" "Clam AntiVirus"

+.TH "File submission tool" "1" "March 20, 2014" "ClamAV @VERSION@" "Clam AntiVirus"

 .SH "NAME"

 .LP 

 clamsubmit \- File submission utility for ClamAV

@@ -26,8 +26,6 @@ Required option for setting the name of the sender for the submission.

 .TP

 \fB-p FILE\fR

 Submit a file that reports as a false positive (ClamAV flags the file as virus). FILE can be \- to specify stdin. Mutually exclusive with \-n.

-.SH "CREDITS"

-The idea of this tool is based on Postfix's postconf. clamconf was created under pressure from Tomasz Papszun ;-)

 .SH "AUTHOR"

 .LP 

 Shawn Webb <swebb@sourcefire.com>

@@ -92,7 +92,8 @@ libclamav_internal_utils_la_SOURCES=str.c\

 				    regex/cname.h \

 				    regex/regex.h \

 				    regex/regex2.h \

-				    regex/utils.h

+				    regex/utils.h \

+					strlcat.c

 libclamav_internal_utils_la_LDFLAGS=-static @SSL_LDFLAGS@ @JSON_LDFLAGS@

 libclamav_internal_utils_la_CFLAGS=$(AM_CFLAGS)  -fPIC -DPIC @SSL_CPPFLAGS@ @JSON_CPPFLAGS@ @PCRE_CPPFLAGS@

@@ -118,7 +119,8 @@ libclamav_internal_utils_nothreads_la_SOURCES=str.c\

 				    regex/cname.h \

 				    regex/regex.h \

 				    regex/regex2.h \

-				    regex/utils.h

+				    regex/utils.h \

+					strlcat.c

 libclamav_internal_utils_nothreads_la_LDFLAGS=-static @SSL_LDFLAGS@ @JSON_LDFLAGS@

 libclamav_internal_utils_nothreads_la_CFLAGS=$(AM_CFLAGS) -DCL_NOTHREADS @SSL_CPPFLAGS@ @JSON_CPPFLAGS@ @PCRE_CPPFLAGS@

@@ -358,7 +358,8 @@ am_libclamav_internal_utils_la_OBJECTS =  \

 	libclamav_internal_utils_la-regcomp.lo \

 	libclamav_internal_utils_la-regerror.lo \

 	libclamav_internal_utils_la-regexec.lo \

-	libclamav_internal_utils_la-regfree.lo

+	libclamav_internal_utils_la-regfree.lo \

+	libclamav_internal_utils_la-strlcat.lo

 libclamav_internal_utils_la_OBJECTS =  \

 	$(am_libclamav_internal_utils_la_OBJECTS)

 libclamav_internal_utils_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \

@@ -377,7 +378,8 @@ am_libclamav_internal_utils_nothreads_la_OBJECTS =  \

 	libclamav_internal_utils_nothreads_la-regcomp.lo \

 	libclamav_internal_utils_nothreads_la-regerror.lo \

 	libclamav_internal_utils_nothreads_la-regexec.lo \

-	libclamav_internal_utils_nothreads_la-regfree.lo

+	libclamav_internal_utils_nothreads_la-regfree.lo \

+	libclamav_internal_utils_nothreads_la-strlcat.lo

 libclamav_internal_utils_nothreads_la_OBJECTS =  \

 	$(am_libclamav_internal_utils_nothreads_la_OBJECTS)

 libclamav_internal_utils_nothreads_la_LINK = $(LIBTOOL) $(AM_V_lt) \

@@ -817,7 +819,8 @@ libclamav_internal_utils_la_SOURCES = str.c\

 				    regex/cname.h \

 				    regex/regex.h \

 				    regex/regex2.h \

-				    regex/utils.h

+				    regex/utils.h \

+					strlcat.c

 libclamav_internal_utils_la_LDFLAGS = -static @SSL_LDFLAGS@ @JSON_LDFLAGS@

 libclamav_internal_utils_la_CFLAGS = $(AM_CFLAGS)  -fPIC -DPIC @SSL_CPPFLAGS@ @JSON_CPPFLAGS@ @PCRE_CPPFLAGS@

@@ -842,7 +845,8 @@ libclamav_internal_utils_nothreads_la_SOURCES = str.c\

 				    regex/cname.h \

 				    regex/regex.h \

 				    regex/regex2.h \

-				    regex/utils.h

+				    regex/utils.h \

+					strlcat.c

 libclamav_internal_utils_nothreads_la_LDFLAGS = -static @SSL_LDFLAGS@ @JSON_LDFLAGS@

 libclamav_internal_utils_nothreads_la_CFLAGS = $(AM_CFLAGS) -DCL_NOTHREADS @SSL_CPPFLAGS@ @JSON_CPPFLAGS@ @PCRE_CPPFLAGS@

@@ -1105,6 +1109,7 @@ distclean-compile:

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libclamav_internal_utils_la-regexec.Plo@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libclamav_internal_utils_la-regfree.Plo@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libclamav_internal_utils_la-str.Plo@am__quote@

+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libclamav_internal_utils_la-strlcat.Plo@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libclamav_internal_utils_la-strlcpy.Plo@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libclamav_internal_utils_nothreads_la-conv.Plo@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libclamav_internal_utils_nothreads_la-crypto.Plo@am__quote@

@@ -1116,6 +1121,7 @@ distclean-compile:

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libclamav_internal_utils_nothreads_la-regexec.Plo@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libclamav_internal_utils_nothreads_la-regfree.Plo@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libclamav_internal_utils_nothreads_la-str.Plo@am__quote@

+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libclamav_internal_utils_nothreads_la-strlcat.Plo@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libclamav_internal_utils_nothreads_la-strlcpy.Plo@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libclamav_la-7zAlloc.Plo@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libclamav_la-7zBuf.Plo@am__quote@

@@ -3018,6 +3024,13 @@ libclamav_internal_utils_la-regfree.lo: regex/regfree.c

 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@

 @am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libclamav_internal_utils_la_CFLAGS) $(CFLAGS) -c -o libclamav_internal_utils_la-regfree.lo `test -f 'regex/regfree.c' || echo '$(srcdir)/'`regex/regfree.c

+libclamav_internal_utils_la-strlcat.lo: strlcat.c

+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libclamav_internal_utils_la_CFLAGS) $(CFLAGS) -MT libclamav_internal_utils_la-strlcat.lo -MD -MP -MF $(DEPDIR)/libclamav_internal_utils_la-strlcat.Tpo -c -o libclamav_internal_utils_la-strlcat.lo `test -f 'strlcat.c' || echo '$(srcdir)/'`strlcat.c

+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libclamav_internal_utils_la-strlcat.Tpo $(DEPDIR)/libclamav_internal_utils_la-strlcat.Plo

+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='strlcat.c' object='libclamav_internal_utils_la-strlcat.lo' libtool=yes @AMDEPBACKSLASH@

+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@

+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libclamav_internal_utils_la_CFLAGS) $(CFLAGS) -c -o libclamav_internal_utils_la-strlcat.lo `test -f 'strlcat.c' || echo '$(srcdir)/'`strlcat.c

+

 libclamav_internal_utils_nothreads_la-str.lo: str.c

 @am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libclamav_internal_utils_nothreads_la_CFLAGS) $(CFLAGS) -MT libclamav_internal_utils_nothreads_la-str.lo -MD -MP -MF $(DEPDIR)/libclamav_internal_utils_nothreads_la-str.Tpo -c -o libclamav_internal_utils_nothreads_la-str.lo `test -f 'str.c' || echo '$(srcdir)/'`str.c

 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libclamav_internal_utils_nothreads_la-str.Tpo $(DEPDIR)/libclamav_internal_utils_nothreads_la-str.Plo

@@ -3095,6 +3108,13 @@ libclamav_internal_utils_nothreads_la-regfree.lo: regex/regfree.c

 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@

 @am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libclamav_internal_utils_nothreads_la_CFLAGS) $(CFLAGS) -c -o libclamav_internal_utils_nothreads_la-regfree.lo `test -f 'regex/regfree.c' || echo '$(srcdir)/'`regex/regfree.c

+libclamav_internal_utils_nothreads_la-strlcat.lo: strlcat.c

+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libclamav_internal_utils_nothreads_la_CFLAGS) $(CFLAGS) -MT libclamav_internal_utils_nothreads_la-strlcat.lo -MD -MP -MF $(DEPDIR)/libclamav_internal_utils_nothreads_la-strlcat.Tpo -c -o libclamav_internal_utils_nothreads_la-strlcat.lo `test -f 'strlcat.c' || echo '$(srcdir)/'`strlcat.c

+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libclamav_internal_utils_nothreads_la-strlcat.Tpo $(DEPDIR)/libclamav_internal_utils_nothreads_la-strlcat.Plo

+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='strlcat.c' object='libclamav_internal_utils_nothreads_la-strlcat.lo' libtool=yes @AMDEPBACKSLASH@

+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@

+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libclamav_internal_utils_nothreads_la_CFLAGS) $(CFLAGS) -c -o libclamav_internal_utils_nothreads_la-strlcat.lo `test -f 'strlcat.c' || echo '$(srcdir)/'`strlcat.c

+

 libclamav_nocxx_la-bytecode_nojit.lo: bytecode_nojit.c

 @am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libclamav_nocxx_la_CFLAGS) $(CFLAGS) -MT libclamav_nocxx_la-bytecode_nojit.lo -MD -MP -MF $(DEPDIR)/libclamav_nocxx_la-bytecode_nojit.Tpo -c -o libclamav_nocxx_la-bytecode_nojit.lo `test -f 'bytecode_nojit.c' || echo '$(srcdir)/'`bytecode_nojit.c

 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libclamav_nocxx_la-bytecode_nojit.Tpo $(DEPDIR)/libclamav_nocxx_la-bytecode_nojit.Plo

@@ -589,24 +589,9 @@ static void gpt_printName(uint16_t name[], const char* msg)

 static void gpt_printGUID(uint8_t GUID[], const char* msg)

 {

-    unsigned i;

-    char hexstr[64], tmpstr[64];

-

-    hexstr[0] = '\0';

-    tmpstr[0] = '\0';

-    for (i = 0; i < 16; ++i) {

-        gpt_printmsg("%x\n", GUID[i]);

-        if (i == 3 || i == 5 || i == 7 || i == 9) {

-            snprintf(hexstr, 64, "%s%02x-", tmpstr, GUID[i]);

-            gpt_printmsg("%s\n", hexstr);

-        }

-        else {

-            snprintf(hexstr, 64, "%s%02x", tmpstr, GUID[i]);

-            gpt_printmsg("%s\n", hexstr);

-        }

-        strncpy(tmpstr, hexstr, 64);

-    }

-    cli_dbgmsg("%s: %s\n", msg, hexstr);

+    cli_dbgmsg("%s: %02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x\n",

+               msg, GUID[0], GUID[1], GUID[2], GUID[3], GUID[4], GUID[5], GUID[6], GUID[7],

+               GUID[8], GUID[9], GUID[10], GUID[11], GUID[12], GUID[13], GUID[14], GUID[15]);

 }

 static int gpt_prtn_intxn(cli_ctx *ctx, struct gpt_header hdr, size_t sectorsize)

@@ -525,7 +525,8 @@ static int replace_token_range(struct tokens *dst, size_t start, size_t end, con

 {

 	const size_t len = with ? with->cnt : 0;

 	size_t i;

-	cli_dbgmsg(MODULE "Replacing tokens %lu - %lu with %lu tokens\n",start, end, len);

+	cli_dbgmsg(MODULE "Replacing tokens %lu - %lu with %lu tokens\n", (unsigned long)start,

+                   (unsigned long)end, (unsigned long)len);

 	if(start >= dst->cnt || end > dst->cnt)

 		return -1;

 	for(i=start;i<end;i++) {

@@ -547,7 +548,7 @@ static int append_tokens(struct tokens *dst, const struct tokens *src)

 		return CL_ENULLARG;

 	if(tokens_ensure_capacity(dst, dst->cnt + src->cnt))

 		return CL_EMEM;

-	cli_dbgmsg(MODULE "Appending %lu tokens\n", src->cnt);

+	cli_dbgmsg(MODULE "Appending %lu tokens\n", (unsigned long)(src->cnt));

 	memcpy(&dst->data[dst->cnt], src->data, src->cnt * sizeof(dst->data[0]));

 	dst->cnt += src->cnt;

 	return CL_SUCCESS;

@@ -1110,7 +1111,7 @@ void cli_js_process_buffer(struct parser_state *state, const char *buf, size_t n

 				TOKEN_SET(&val, scope, state->current);

 				break;

 			case TOK_StringLiteral:

-				if(state->tokens.cnt > 0 && state->tokens.data[state->tokens.cnt-1].type == TOK_PLUS) {

+				if(state->tokens.cnt > 1 && state->tokens.data[state->tokens.cnt-1].type == TOK_PLUS) {

 					/* see if can fold */

 					yystype *prev_string = &state->tokens.data[state->tokens.cnt-2];

 					if(prev_string->type == TOK_StringLiteral) {

@@ -69,6 +69,8 @@ CLAMAV_PRIVATE {

     cli_gettmpdir;

     cli_strtok;

     cli_strtokenize;

+    cli_strlcat;

+    cli_strlcpy;

     cli_cvdunpack;

     cli_regcomp;

     cli_regexec;

@@ -1653,203 +1653,191 @@ int cli_ac_addsig(struct cli_matcher *root, const char *virname, const char *hex

     }

     if(strchr(hexsig, '(')) {

-        char *hexnew, *start, *h, *c;

-

-        if(hex) {

-            hexcpy = hex;

-        } else if(!(hexcpy = cli_strdup(hexsig))) {

-            mpool_free(root->mempool, new);

-            return CL_EMEM;

-        }

-

-        if(!(hexnew = (char *) cli_calloc(strlen(hexsig) + 1, 1))) {

-            free(new);

-            free(hexcpy);

-            return CL_EMEM;

-        }

-

-        start = pt = hexcpy;

-        while((pt = strchr(start, '('))) {

-            *pt++ = 0;

-

-            if(!start) {

-                error = CL_EMALFDB;

-                break;

-            }

-

-            newspecial = (struct cli_ac_special *) mpool_calloc(root->mempool, 1, sizeof(struct cli_ac_special));

-            if(!newspecial) {

-                cli_errmsg("cli_ac_addsig: Can't allocate newspecial\n");

-                error = CL_EMEM;

-                break;

-            }

-

-            if(pt >= hexcpy + 2) {

-                if(pt[-2] == '!') {

-                    newspecial->negative = 1;

-                    pt[-2] = 0;

-                }

-            }

-

-            strcat(hexnew, start);

-

-            if(!(start = strchr(pt, ')'))) {

-                mpool_free(root->mempool, newspecial);

-                error = CL_EMALFDB;

-                break;

-            }

-

-            *start++ = 0;

-            if(!strlen(pt)) {

-                cli_errmsg("cli_ac_addsig: Empty block\n");

-                error = CL_EMALFDB;

-                break;

-            }

-

-            if(!strcmp(pt, "B")) {

-                if(!*start) {

-                    new->boundary |= AC_BOUNDARY_RIGHT;

-                    if(newspecial->negative)

-                        new->boundary |= AC_BOUNDARY_RIGHT_NEGATIVE;

-

-                    mpool_free(root->mempool, newspecial);

-                    continue;

-                } else if(pt - 1 == hexcpy) {

-                    new->boundary |= AC_BOUNDARY_LEFT;

-                    if(newspecial->negative)

-                        new->boundary |= AC_BOUNDARY_LEFT_NEGATIVE;

-

-                    mpool_free(root->mempool, newspecial);

-                    continue;

-                }

-            } else if(!strcmp(pt, "L")) {

-                if(!*start) {

-                    new->boundary |= AC_LINE_MARKER_RIGHT;

-                    if(newspecial->negative)

-                        new->boundary |= AC_LINE_MARKER_RIGHT_NEGATIVE;

-

-                    mpool_free(root->mempool, newspecial);

-                    continue;

-                } else if(pt - 1 == hexcpy) {

-                    new->boundary |= AC_LINE_MARKER_LEFT;

-                    if(newspecial->negative)

-                        new->boundary |= AC_LINE_MARKER_LEFT_NEGATIVE;

-

-                    mpool_free(root->mempool, newspecial);

-                    continue;

-                }

-            }

-

-            strcat(hexnew, "()");

-            new->special++;

-            newtable = (struct cli_ac_special **) mpool_realloc(root->mempool, new->special_table, new->special * sizeof(struct cli_ac_special *));

-            if(!newtable) {

-                new->special--;

-                mpool_free(root->mempool, newspecial);

-                cli_errmsg("cli_ac_addsig: Can't realloc new->special_table\n");

-                error = CL_EMEM;

-                break;

-            }

-

-            newtable[new->special - 1] = newspecial;

-            new->special_table = newtable;

-

-            if(!strcmp(pt, "B")) {

-                newspecial->type = AC_SPECIAL_BOUNDARY;

-            } else if(!strcmp(pt, "L")) {

-                newspecial->type = AC_SPECIAL_LINE_MARKER;

-#if 0

-            } else if(strcmp(pt, "W")) {

-                newspecial->type = AC_SPECIAL_WHITE;

-#endif

-            } else {

-                newspecial->num = 1;

-                for(i = 0; i < strlen(pt); i++)

-                    if(pt[i] == '|')

-                        newspecial->num++;

-

-                if(3 * newspecial->num - 1 == (uint16_t) strlen(pt)) {

-                    newspecial->type = AC_SPECIAL_ALT_CHAR;

-                    newspecial->str = (unsigned char *) mpool_malloc(root->mempool, newspecial->num);

-                    if(!newspecial->str) {

-                        cli_errmsg("cli_ac_addsig: Can't allocate newspecial->str\n");

-                        error = CL_EMEM;

-                        break;

-                    }

-                } else {

-                    newspecial->type = AC_SPECIAL_ALT_STR;

-                }

-

-                for(i = 0; i < newspecial->num; i++) {

-                    unsigned int clen;

-

-                    if(newspecial->num == 1) {

-                        c = (char *) cli_mpool_hex2str(root->mempool, pt);

-                        clen = strlen(pt) / 2;

-                    } else {

-                        if(!(h = cli_strtok(pt, i, "|"))) {

-                            error = CL_EMEM;

-                            break;

-                        }

-

-                        c = (char *) cli_mpool_hex2str(root->mempool, h);

-                        clen = strlen(h) / 2;

-                        free(h);

-                    }

-

-                    if(!c) {

-                        error = CL_EMALFDB;

-                        break;

-                    }

-

-                    if(newspecial->type == AC_SPECIAL_ALT_CHAR) {

-                        newspecial->str[i] = *c;

-                        mpool_free(root->mempool, c);

-                    } else {

-                        if(i) {

-                            specialpt = newspecial;

-                            while(specialpt->next)

-                                specialpt = specialpt->next;

-

-                            specialpt->next = (struct cli_ac_special *) mpool_calloc(root->mempool, 1, sizeof(struct cli_ac_special));

-                            if(!specialpt->next) {

-                                cli_errmsg("cli_ac_addsig: Can't allocate specialpt->next\n");

-                                error = CL_EMEM;

-                                free(c);

-                                break;

-                            }

-

-                            specialpt->next->str = (unsigned char *) c;

-                            specialpt->next->len = clen;

-                        } else {

-                            newspecial->str = (unsigned char *) c;

-                            newspecial->len = clen;

-                        }

-                    }

-                }

-

-                if(newspecial->num > 1 && newspecial->type == AC_SPECIAL_ALT_CHAR)

-                    cli_qsort(newspecial->str, newspecial->num, sizeof(unsigned char), qcompare);

-

-                if(error)

-                    break;

-            }

-        }

-

-        if(start)

-            strcat(hexnew, start);

-

-        hex = hexnew;

-        free(hexcpy);

-

-        if(error) {

-            free(hex);

-            if(new->special)

-                mpool_ac_free_special(root->mempool, new);

-

-            mpool_free(root->mempool, new);

-            return error;

-        }

+	    char *hexnew, *start, *h, *c;

+        size_t hexnewsz;

+

+	if(hex) {

+	    hexcpy = hex;

+	} else if(!(hexcpy = cli_strdup(hexsig))) {

+	    mpool_free(root->mempool, new);

+	    return CL_EMEM;

+	}

+

+    hexnewsz = strlen(hexsig) + 1;

+	if(!(hexnew = (char *) cli_calloc(1, hexnewsz))) {

+	    free(new);

+	    free(hexcpy);

+	    return CL_EMEM;

+	}

+

+	start = pt = hexcpy;

+	while((pt = strchr(start, '('))) {

+	    *pt++ = 0;

+

+	    if(!start) {

+		error = CL_EMALFDB;

+		break;

+	    }

+	    newspecial = (struct cli_ac_special *) mpool_calloc(root->mempool, 1, sizeof(struct cli_ac_special));

+	    if(!newspecial) {

+		cli_errmsg("cli_ac_addsig: Can't allocate newspecial\n");

+		error = CL_EMEM;

+		break;

+	    }

+	    if(pt >= hexcpy + 2) {

+		if(pt[-2] == '!') {

+		    newspecial->negative = 1;

+		    pt[-2] = 0;

+		}

+	    }

+	    cli_strlcat(hexnew, start, hexnewsz);

+

+	    if(!(start = strchr(pt, ')'))) {

+		mpool_free(root->mempool, newspecial);

+		error = CL_EMALFDB;

+		break;

+	    }

+	    *start++ = 0;

+	    if(!strlen(pt)) {

+		cli_errmsg("cli_ac_addsig: Empty block\n");

+		error = CL_EMALFDB;

+		break;

+	    }

+

+	    if(!strcmp(pt, "B")) {

+		if(!*start) {

+		    new->boundary |= AC_BOUNDARY_RIGHT;

+		    if(newspecial->negative)

+			new->boundary |= AC_BOUNDARY_RIGHT_NEGATIVE;

+		    mpool_free(root->mempool, newspecial);

+		    continue;

+		} else if(pt - 1 == hexcpy) {

+		    new->boundary |= AC_BOUNDARY_LEFT;

+		    if(newspecial->negative)

+			new->boundary |= AC_BOUNDARY_LEFT_NEGATIVE;

+		    mpool_free(root->mempool, newspecial);

+		    continue;

+		}

+	    } else if(!strcmp(pt, "L")) {

+		if(!*start) {

+		    new->boundary |= AC_LINE_MARKER_RIGHT;

+		    if(newspecial->negative)

+			new->boundary |= AC_LINE_MARKER_RIGHT_NEGATIVE;

+		    mpool_free(root->mempool, newspecial);

+		    continue;

+		} else if(pt - 1 == hexcpy) {

+		    new->boundary |= AC_LINE_MARKER_LEFT;

+		    if(newspecial->negative)

+			new->boundary |= AC_LINE_MARKER_LEFT_NEGATIVE;

+		    mpool_free(root->mempool, newspecial);

+		    continue;

+		}