Pullup ticket #6571 - requested by taca

security/clamav: security fix

Revisions pulled up:
- security/clamav/Makefile                                      1.82
- security/clamav/Makefile.common                               1.22
- security/clamav/distinfo                                      1.41

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Thu Jan 13 15:28:22 UTC 2022

   Modified Files:
   	pkgsrc/security/clamav: Makefile Makefile.common distinfo

   Log Message:
   security/clamav: update to 0.103.5

   0.103.5 (2022-01-12)

   ClamAV 0.103.5 is a critical patch release with the following fixes:

   * CVE-2022-20698<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20698>:
     Fix for invalid pointer read that may cause a crash. This issue affects
     0.104.1, 0.103.4 and prior when ClamAV is compiled with libjson-c and the
     CL_SCAN_GENERAL_COLLECT_METADATA scan option (the clamscan --gen-json
     option) is enabled.

     Cisco would like to thank Laurent Delosieres of ManoMano for reporting
     this vulnerability.

   * Fixed ability to disable the file size limit with libclamav C API, like
     this:

     cl_engine_set_num(engine, CL_ENGINE_MAX_FILESIZE, 0);

     This issue didn't affect ClamD or ClamScan which also can disable the
     limit by setting it to zero using MaxFileSize 0 in clamd.conf for ClamD,
     or clamscan --max-filesize=0 for ClamScan.

     Note: Internally, the max file size is still set to 2 GiB. Disabling the
     limit for a scan will fall back on the internal 2 GiB limitation.

   * Increased the maximum line length for ClamAV config files from 512 bytes
     to 1,024 bytes to allow for longer config option strings.

   * SigTool: Fix insufficient buffer size for --list-sigs that caused a
     failure when listing a database containing one or more very long
     signatures. This fix was backported from 0.104.

   Special thanks to the following for code contributions and bug reports:

   * Laurent Delosieres

3 files changed, 7 insertions, 8 deletions

diff --git a/security/clamav/Makefile b/security/clamav/Makefile
index a03141433c0..13c4a32da14 100644
--- a/security/clamav/Makefile
+++ b/security/clamav/Makefile
@@ -1,6 +1,5 @@
-# $NetBSD: Makefile,v 1.81 2021/12/08 16:02:33 adam Exp $
+# $NetBSD: Makefile,v 1.81.2.1 2022/01/21 15:49:19 bsiegert Exp $
 
-PKGREVISION= 1
 .include "Makefile.common"
 
 COMMENT=	Anti-virus toolkit
diff --git a/security/clamav/Makefile.common b/security/clamav/Makefile.common
index 23fb1253682..0d005a0d08b 100644
--- a/security/clamav/Makefile.common
+++ b/security/clamav/Makefile.common
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile.common,v 1.21 2021/11/08 14:49:23 taca Exp $
+# $NetBSD: Makefile.common,v 1.21.2.1 2022/01/21 15:49:19 bsiegert Exp $
 #
 # used by security/clamav/Makefile
 # used by security/clamav-doc/Makefile
 
-DISTNAME=	clamav-0.103.4
+DISTNAME=	clamav-0.103.5
 CATEGORIES=	security
 MASTER_SITES=	http://www.clamav.net/downloads/production/
 
diff --git a/security/clamav/distinfo b/security/clamav/distinfo
index 5689dea593c..ada405f688b 100644
--- a/security/clamav/distinfo
+++ b/security/clamav/distinfo
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.40 2021/11/08 14:49:23 taca Exp $
+$NetBSD: distinfo,v 1.40.2.1 2022/01/21 15:49:19 bsiegert Exp $
 
-BLAKE2s (clamav-0.103.4.tar.gz) = 0a64b0534d4b8919c787fbd7152ff87eb875b702215bccf0b586b8d9e854d69f
-SHA512 (clamav-0.103.4.tar.gz) = 422a8cb98d355be098b0a0c575e4f08cf964e992d10ee02e7600eb9db6dfa943efbd988489f268e81e4d2ef29cfe582b236688ea209d6d2e46467f3c08eb475e
-Size (clamav-0.103.4.tar.gz) = 16425023 bytes
+BLAKE2s (clamav-0.103.5.tar.gz) = 045c523bcbd02439cc05095cc19d102eee7af6db5cda340e19ed47fb885a3ae9
+SHA512 (clamav-0.103.5.tar.gz) = 242423b507eacbbd31dbae6dd0325dff87da25bb8072f2cee7a5e7cab4b8eb5ee6196c759570c1d75986a2777f0f79f92cfbd6250a30ae5b53390c75b238c29a
+Size (clamav-0.103.5.tar.gz) = 16434316 bytes
 SHA1 (patch-Makefile.in) = 51e0f42323f07b7ae0cb35a640469dce4e1a2041
 SHA1 (patch-aa) = c07a7b6e883f384ce278964645f0658c0d986ab5
 SHA1 (patch-ab) = 78793f0267ce8c820b51937186dc17dabb4a1ccf