Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Clam 2638 1.0.7 and backports #1331

Merged

Conversation

micahsnyder
Copy link
Contributor

  • Fix unit test caused by expiring signing certificate.

  • Fixed a build issue on Windows with newer versions of Rust.
    Also upgraded GitHub Actions imports to fix CI failures.
    Fixes courtesy of liushuyu.

  • Fixed an unaligned pointer dereference issue on select architectures.
    Fix courtesy of Sebastian Andrzej Siewior.

  • Fixes to Jenkins CI pipeline.

micahsnyder and others added 13 commits August 13, 2024 12:28
The clamscan test "assorted_test.py::TC::test_pe_cert_trust" is about to
fail because the "test.exe" test file was signed with a cert set to
expire after only 2 years, and it has been 23 months.

While attempting to generate a new one that will last 73000 days (200
years), I discovered that any signing certificate set to expire after
2038 will fail the trust-check because the `ca.not_after` variable is
maxed out `time_t` incapable of expressing a higher number.
To fix this, I've upgraded the variables to `uint64_t`.

I also had to replace a bunch of generated signatures to match the new
"test.exe".

Finally, I noticed that "ca.not_before" was being set to the token[8]
instead of token[9], which presumably mean the "NotBefore" field for
Trusted and Revoked Certificates was non-functional, as it was treating
the "CertSign" boolean as the "NotBefore" value.

Fixes: Cisco-Talos#1300
... from native libraries array. Otherwise Ninja will get very confused.
fmap_need_off_once() may return an unaligned pointer. This in return
leads to an unaligned access during the load of the uint32_t variables
loading to failures on architectures not supporting unaligned access.

This was reported to the Debian BTS as #1073128.

[bigeasy: Commit message, reworked the patch a bit].

Link: https://bugs.debian.org/1073128
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
The build pipeline used to build clamav packages and then test those
packages with a rudimentary test set. This change will build the clamav
packages in one pipeline - then test the packages in a new test pipeline.

The new test pipeline will use the larger test suite that we use for
testing from-source builds in the "regular" test pipeline.
We switched hosts for this stage to one that doesn't have system-installed libs.
The 'cgi' module is deprecrated and will be removed in Python 3.13.
We weren't using it anyways.

Fixes: Cisco-Talos#1327
@rsundriyal rsundriyal self-requested a review August 30, 2024 17:29
@opoplawski
Copy link
Contributor

Will 1.0.7 be released soon? We (Fedora) are eagerly awaiting the certificate test fix.

@micahsnyder
Copy link
Contributor Author

Will 1.0.7 be released soon? We (Fedora) are eagerly awaiting the certificate test fix.

Aiming for Sept 4th.

Copy link
Contributor

@rsundriyal rsundriyal left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good

@micahsnyder micahsnyder merged commit ea46d8f into Cisco-Talos:dev/1.0.7 Aug 30, 2024
14 of 24 checks passed
@micahsnyder micahsnyder deleted the CLAM-2638-1.0.7-and-backports branch August 30, 2024 20:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants