@@ -1,3 +1,18 @@

+Mon May 16 23:22:55 CEST 2005

+-----------------------------

+  V 0.85.1

+  * Fixes backported from CVS:

+    - freshclam/manager.c: Removed superfluous close(hostfd), thanks to Pavel V.

+      Rochnyack <rpv*fsf.tsu.ru> (tk)

+    - libclamav/message.c: Fixed a problem where an email with more than one

+      content-disposition type line, one or more of which was empty, could

+      crash libclamav. Reported by Daniel Theodoro <dtheodoro at ig.com.br>

+      (njh)

+    - libclamav/special.c: Fix reading PString type in Photoshop thumbnails.

+      (trog)

+    - clamav-milter: Open /dev/console (if LogFile not set) before dropping

+      priv so that error messages aren't lost reported by David Crow. (njh)

+

 Wed May 11 17:48:27 CEST 2005

 -----------------------------

   V 0.85

@@ -1,8 +1,9 @@

-0.85

+0.85.1

+------

-Bugfixes in this release include correct signature offset calculation in large

-files, proper handling of encrypted zip archives, and others.

+A problem where an email with more than one content-disposition type line,

+one or more of which was empty, could crash libclamav has been fixed. Other

+minor bugfixes have been made.

 --

 The ClamAV team (http://www.clamav.net/team.html)

@@ -2,6 +2,16 @@ Note: This README/NEWS file refers to the source tarball. Some things described

 here may not be available in binary packages.

 --

+0.85.1

+------

+

+A problem where an email with more than one content-disposition type line,

+one or more of which was empty, could crash libclamav has been fixed. Other

+minor bugfixes have been made.

+

+--

+The ClamAV team (http://www.clamav.net/team.html)

+

 0.85

 ----

@@ -22,7 +22,7 @@

  *

  * For installation instructions see the file INSTALL that came with this file

  */

-static	char	const	rcsid[] = "$Id: clamav-milter.c,v 1.199 2005/05/11 12:26:44 nigelhorne Exp $";

+static	char	const	rcsid[] = "$Id: clamav-milter.c,v 1.200 2005/05/12 07:31:09 nigelhorne Exp $";

 #define	CM_VERSION	"0.85"

@@ -106,6 +106,7 @@ int	deny_severity = LOG_NOTICE;

 #ifndef	CL_DEBUG

 static	const	char	*logFile;

 static	int	logTime;

+static	char	console[] = "/dev/console";

 #endif

 #if defined(CL_DEBUG) && defined(C_LINUX)

@@ -511,6 +512,9 @@ main(int argc, char **argv)

 	const struct cfgstruct *cpt;

 	char version[VERSION_LENGTH + 1];

 	pthread_t tid;

+#ifndef	CL_DEBUG

+	int consolefd;

+#endif

 	struct smfiDesc smfilter = {

 		"ClamAv", /* filter name */

 		SMFI_VERSION,	/* version code -- leave untouched */

@@ -884,6 +888,11 @@ main(int argc, char **argv)

 	/*

 	 * Drop privileges

 	 */

+#ifndef	CL_DEBUG

+	/* Save the fd for later, open while we can */

+	consolefd = open(console, O_WRONLY);

+#endif

+

 	if(getuid() == 0) {

 		if(iface) {

 #ifdef	SO_BINDTODEVICE

@@ -1352,15 +1361,18 @@ main(int argc, char **argv)

 				return EX_CANTCREAT;

 			}

 		} else {

-			logFile = "/dev/console";

-			if(open(logFile, O_WRONLY) < 0) {

-				perror(logFile);

+			logFile = console;

+			if(consolefd < 0) {

+				perror(console);

 				return EX_OSFILE;

 			}

+			dup(consolefd);

 		}

-

 		close(2);

 		dup(1);

+		if(consolefd >= 0)

+			close(consolefd);

+

 		if(cfgopt(copt, "LogTime"))

 			logTime++;

 #endif	/*!CL_DEBUG*/

@@ -200,7 +200,7 @@ int scanmanager(const struct optstruct *opt)

     }

 #ifdef C_LINUX

-    procdev = 0;

+    procdev = (dev_t) 0;

     if(stat("/proc", &sb) != -1 && !sb.st_size)

 	procdev = sb.st_dev;

 #endif

@@ -2072,7 +2072,7 @@ fi

 # Define the identity of the package.

  PACKAGE=clamav

- VERSION="0.85"

+ VERSION="0.85.1"

 cat >>confdefs.h <<_ACEOF

@@ -2206,7 +2206,7 @@ am__tar='${AMTAR} chof - "$$tardir"'; am__untar='${AMTAR} xf -'

 LC_CURRENT=1

-LC_REVISION=11

+LC_REVISION=12

 LC_AGE=0

 LIBCLAMAV_VERSION="$LC_CURRENT":"$LC_REVISION":"$LC_AGE"

@@ -18,11 +18,11 @@ dnl   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.

 AC_INIT(clamscan/clamscan.c)

 AC_CREATE_TARGET_H(target.h)

-AM_INIT_AUTOMAKE(clamav, "0.85")

+AM_INIT_AUTOMAKE(clamav, "0.85.1")

 AM_CONFIG_HEADER(clamav-config.h)

 LC_CURRENT=1

-LC_REVISION=11

+LC_REVISION=12

 LC_AGE=0

 LIBCLAMAV_VERSION="$LC_CURRENT":"$LC_REVISION":"$LC_AGE"

 AC_SUBST(LIBCLAMAV_VERSION)

@@ -346,7 +346,6 @@ int downloaddb(const char *localname, const char *remotename, const char *hostna

 	}

 	*signo += current->sigs;

-	close(hostfd);

 	cl_cvdfree(current);

 	return 1;

     }

@@ -359,11 +359,13 @@ messageSetDispositionType(message *m, const char *disptype)

 	 */

 	while(*disptype && isspace((int)*disptype))

 		disptype++;

+

 	if(*disptype) {

 		m->mimeDispositionType = strdup(disptype);

 		if(m->mimeDispositionType)

 			strstrip(m->mimeDispositionType);

-	}

+	} else

+		m->mimeDispositionType = NULL;

 }

 const char *

@@ -93,7 +93,8 @@ int cli_check_mydoom_log(int desc, const char **virname)

 static int jpeg_check_photoshop_8bim(int fd)

 {

 	unsigned char bim[5];

-	uint16_t id, nlength;

+	uint16_t id, ntmp;

+	uint8_t nlength;

 	uint32_t size;

 	off_t offset;

 	int retval;

@@ -114,15 +115,12 @@ static int jpeg_check_photoshop_8bim(int fd)

 	}

 	id = special_endian_convert_16(id);

 	cli_dbgmsg("ID: 0x%.4x\n", id);

-	if (cli_readn(fd, &nlength, 2) != 2) {

+	if (cli_readn(fd, &nlength, 1) != 1) {

 		return -1;

 	}

-	nlength = special_endian_convert_16(nlength);

-	/* Seek past the name string */

-	if (nlength > 0) {

-		lseek(fd, nlength, SEEK_CUR);

-	}

-

+	ntmp = nlength + ((((uint16_t)nlength)+1) & 0x01);

+	lseek(fd, ntmp, SEEK_CUR);

+	

 	if (cli_readn(fd, &size, 4) != 4) {

 		return -1;

 	}

@@ -24,7 +24,7 @@

 #include "clamav-config.h"

 #endif

-static	char	const	rcsid[] = "$Id: tnef.c,v 1.19 2005/05/04 21:41:18 nigelhorne Exp $";

+static	char	const	rcsid[] = "$Id: tnef.c,v 1.22 2005/05/12 12:39:57 nigelhorne Exp $";

 #include <stdio.h>

 #include <fcntl.h>

@@ -51,6 +51,7 @@ static	int	tnef_header(FILE *fp, uint8_t *part, uint16_t *type, uint16_t *tag, u

 #define	attATTACHDATA	0x800f	/* Attachment Data */

 #define	attATTACHTITLE	0x8010	/* Attachment File Name */

 #define	attDATEMODIFIED	0x8020

+#define	attTNEFVERSION	0x9006

 #define	attOEMCODEPAGE	0x9007

 #if WORDS_BIGENDIAN == 0

@@ -198,6 +199,7 @@ tnef_message(FILE *fp, uint16_t type, uint16_t tag, uint32_t length)

 	uint16_t i16;

 	off_t offset;

 #if	CL_DEBUG

+	uint32_t i32;

 	char *string;

 #endif

@@ -210,7 +212,7 @@ tnef_message(FILE *fp, uint16_t type, uint16_t tag, uint32_t length)

 	 */

 	switch(tag) {

 		case attBODY:

-			cli_warnmsg("TNEF body not being scanned - report to bugs@clamav.net\n");

+			cli_warnmsg("TNEF body not being scanned - if you believe this file contains a virus, submit it to www.clamav.net\n");

 			break;

 #if	CL_DEBUG

 		case attTNEFVERSION: