Closed micahsnyder closed 2 months ago
Hi, what is missing to get this merged?
Hi, what is missing to get this merged?
We've had some issues with our internal Jenkins test pipelines that has slowed down some reviews on Github. I think this is good to go, though.
Rebased with upstream main branch to get CI fixes.
Is there a plan to make a release with this? Patching binary files in not so easy with some build systems.
Edit: submitted to openSUSE in https://build.opensuse.org/request/show/1190176 using git apply
@micahsnyder we are using 1.0.6 LTS building from source (now failing) will #1305 be released as a patch for 1.0.6
@peteanning Sorry for the late response. We will publish 1.0.7 (and 1.3.2) with the fix soon, alongside or shortly after 1.4.0.
The clamscan test "assorted_test.py::TC::test_pe_cert_trust" is about to fail because the "test.exe" test file was signed with a cert set to expire after only 2 years, and it has been 23 months.
While attempting to generate a new one that will last 73000 days (200 years), I discovered that any signing certificate set to expire after 2038 will fail the trust-check because the
ca.not_after
variable is maxed outtime_t
incapable of expressing a higher number. To fix this, I've upgraded the variables touint64_t
.I also had to replace a bunch of generated signatures to match the new "test.exe".
Finally, I noticed that "ca.not_before" was being set to the token[8] instead of token[9], which presumably mean the "NotBefore" field for Trusted and Revoked Certificates was non-functional, as it was treating the "CertSign" boolean as the "NotBefore" value.
Fixes: https://github.com/Cisco-Talos/clamav/issues/1300