diff options
author | bsiegert <bsiegert@pkgsrc.org> | 2022-01-21 15:49:19 +0000 |
---|---|---|
committer | bsiegert <bsiegert@pkgsrc.org> | 2022-01-21 15:49:19 +0000 |
commit | 9d8535f5fa0d26c7c403f44a68d00e23ddae6994 (patch) | |
tree | 5fd0682445318f8fa88395f16201f6f80e88d13f | |
parent | eaa951abe87be3069f9781961a37d06810b6ebd7 (diff) | |
download | pkgsrc-9d8535f5fa0d26c7c403f44a68d00e23ddae6994.tar.gz |
Pullup ticket #6571 - requested by taca
security/clamav: security fix
Revisions pulled up:
- security/clamav/Makefile 1.82
- security/clamav/Makefile.common 1.22
- security/clamav/distinfo 1.41
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Jan 13 15:28:22 UTC 2022
Modified Files:
pkgsrc/security/clamav: Makefile Makefile.common distinfo
Log Message:
security/clamav: update to 0.103.5
0.103.5 (2022-01-12)
ClamAV 0.103.5 is a critical patch release with the following fixes:
* CVE-2022-20698<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20698>:
Fix for invalid pointer read that may cause a crash. This issue affects
0.104.1, 0.103.4 and prior when ClamAV is compiled with libjson-c and the
CL_SCAN_GENERAL_COLLECT_METADATA scan option (the clamscan --gen-json
option) is enabled.
Cisco would like to thank Laurent Delosieres of ManoMano for reporting
this vulnerability.
* Fixed ability to disable the file size limit with libclamav C API, like
this:
cl_engine_set_num(engine, CL_ENGINE_MAX_FILESIZE, 0);
This issue didn't affect ClamD or ClamScan which also can disable the
limit by setting it to zero using MaxFileSize 0 in clamd.conf for ClamD,
or clamscan --max-filesize=0 for ClamScan.
Note: Internally, the max file size is still set to 2 GiB. Disabling the
limit for a scan will fall back on the internal 2 GiB limitation.
* Increased the maximum line length for ClamAV config files from 512 bytes
to 1,024 bytes to allow for longer config option strings.
* SigTool: Fix insufficient buffer size for --list-sigs that caused a
failure when listing a database containing one or more very long
signatures. This fix was backported from 0.104.
Special thanks to the following for code contributions and bug reports:
* Laurent Delosieres
-rw-r--r-- | security/clamav/Makefile | 3 | ||||
-rw-r--r-- | security/clamav/Makefile.common | 4 | ||||
-rw-r--r-- | security/clamav/distinfo | 8 |
3 files changed, 7 insertions, 8 deletions
diff --git a/security/clamav/Makefile b/security/clamav/Makefile index a03141433c0..13c4a32da14 100644 --- a/security/clamav/Makefile +++ b/security/clamav/Makefile @@ -1,6 +1,5 @@ -# $NetBSD: Makefile,v 1.81 2021/12/08 16:02:33 adam Exp $ +# $NetBSD: Makefile,v 1.81.2.1 2022/01/21 15:49:19 bsiegert Exp $ -PKGREVISION= 1 .include "Makefile.common" COMMENT= Anti-virus toolkit diff --git a/security/clamav/Makefile.common b/security/clamav/Makefile.common index 23fb1253682..0d005a0d08b 100644 --- a/security/clamav/Makefile.common +++ b/security/clamav/Makefile.common @@ -1,9 +1,9 @@ -# $NetBSD: Makefile.common,v 1.21 2021/11/08 14:49:23 taca Exp $ +# $NetBSD: Makefile.common,v 1.21.2.1 2022/01/21 15:49:19 bsiegert Exp $ # # used by security/clamav/Makefile # used by security/clamav-doc/Makefile -DISTNAME= clamav-0.103.4 +DISTNAME= clamav-0.103.5 CATEGORIES= security MASTER_SITES= http://www.clamav.net/downloads/production/ diff --git a/security/clamav/distinfo b/security/clamav/distinfo index 5689dea593c..ada405f688b 100644 --- a/security/clamav/distinfo +++ b/security/clamav/distinfo @@ -1,8 +1,8 @@ -$NetBSD: distinfo,v 1.40 2021/11/08 14:49:23 taca Exp $ +$NetBSD: distinfo,v 1.40.2.1 2022/01/21 15:49:19 bsiegert Exp $ -BLAKE2s (clamav-0.103.4.tar.gz) = 0a64b0534d4b8919c787fbd7152ff87eb875b702215bccf0b586b8d9e854d69f -SHA512 (clamav-0.103.4.tar.gz) = 422a8cb98d355be098b0a0c575e4f08cf964e992d10ee02e7600eb9db6dfa943efbd988489f268e81e4d2ef29cfe582b236688ea209d6d2e46467f3c08eb475e -Size (clamav-0.103.4.tar.gz) = 16425023 bytes +BLAKE2s (clamav-0.103.5.tar.gz) = 045c523bcbd02439cc05095cc19d102eee7af6db5cda340e19ed47fb885a3ae9 +SHA512 (clamav-0.103.5.tar.gz) = 242423b507eacbbd31dbae6dd0325dff87da25bb8072f2cee7a5e7cab4b8eb5ee6196c759570c1d75986a2777f0f79f92cfbd6250a30ae5b53390c75b238c29a +Size (clamav-0.103.5.tar.gz) = 16434316 bytes SHA1 (patch-Makefile.in) = 51e0f42323f07b7ae0cb35a640469dce4e1a2041 SHA1 (patch-aa) = c07a7b6e883f384ce278964645f0658c0d986ab5 SHA1 (patch-ab) = 78793f0267ce8c820b51937186dc17dabb4a1ccf |