diff options
| author | prlw1 <prlw1@pkgsrc.org> | 2019-08-05 14:44:20 +0000 |
|---|---|---|
| committer | prlw1 <prlw1@pkgsrc.org> | 2019-08-05 14:44:20 +0000 |
| commit | bdd18f8c621dad6deb73d1531c596d3ef48299b8 (patch) | |
| tree | efc796bd8cdaea75455fb8e1f4366772743fb59e /security | |
| parent | 4a0b254324b0c75c7cdbf496a7927d1618c3998b (diff) | |
| download | pkgsrc-bdd18f8c621dad6deb73d1531c596d3ef48299b8.tar.gz | |
Update clamav to 0.101.2
Remove rar support to workaround PR pkg/54420
This release includes 3 extra security related bug fixes that do not
apply to prior versions. In addition, it includes a number of minor bug
fixes and improvements.
* Fixes for the following vulnerabilities affecting 0.101.1 and
prior:
+ CVE-2019-1787: An out-of-bounds heap read condition may occur
when scanning PDF documents. The defect is a failure to
correctly keep track of the number of bytes remaining in a
buffer when indexing file data.
+ CVE-2019-1789: An out-of-bounds heap read condition may occur
when scanning PE files (i.e. Windows EXE and DLL files) that
have been packed using Aspack as a result of inadequate
bound-checking.
+ CVE-2019-1788: An out-of-bounds heap write condition may occur
when scanning OLE2 files such as Microsoft Office 97-2003
documents. The invalid write happens when an invalid pointer
is mistakenly used to initialize a 32bit integer to zero. This
is likely to crash the application.
* Fixes for the following ClamAV vulnerabilities:
+ CVE-2018-15378: Vulnerability in ClamAV's MEW unpacking
feature that could allow an unauthenticated, remote attacker
to cause a denial of service (DoS) condition on an affected
device. Reported by Secunia Research at Flexera.
+ Fix for a 2-byte buffer over-read bug in ClamAV's PDF parsing
code. Reported by Alex Gaynor.
* Fixes for the following vulnerabilities in bundled third-party
libraries:
+ CVE-2018-14680: An issue was discovered in mspack/chmd.c in
libmspack before 0.7alpha. It does not reject blank CHM
filenames.
+ CVE-2018-14681: An issue was discovered in kwajd_read_headers
in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file
header extensions could cause a one or two byte overwrite.
+ CVE-2018-14682: An issue was discovered in mspack/chmd.c in
libmspack before 0.7alpha. There is an off-by-one error in the
TOLOWER() macro for CHM decompression.
+ Additionally, 0.100.2 reverted 0.100.1's patch for
CVE-2018-14679, and applied libmspack's version of the fix in
its place.
* Fixes for the following CVE's:
+ CVE-2017-16932: Vulnerability in libxml2 dependency (affects
ClamAV on Windows only).
+ CVE-2018-0360: HWP integer overflow, infinite loop
vulnerability. Reported by Secunia Research at Flexera.
+ CVE-2018-0361: ClamAV PDF object length check, unreasonably
long time to parse relatively small file. Reported by aCaB.
For the full release notes, see:
https://github.com/Cisco-Talos/clamav-devel/blob/clamav-0.101.2/NEWS.md
Diffstat (limited to 'security')
| -rw-r--r-- | security/clamav/Makefile | 21 | ||||
| -rw-r--r-- | security/clamav/Makefile.common | 4 | ||||
| -rw-r--r-- | security/clamav/PLIST | 8 | ||||
| -rw-r--r-- | security/clamav/buildlink3.mk | 5 | ||||
| -rw-r--r-- | security/clamav/distinfo | 14 | ||||
| -rw-r--r-- | security/clamav/options.mk | 3 | ||||
| -rw-r--r-- | security/clamav/patches/patch-Makefile.in | 22 | ||||
| -rw-r--r-- | security/clamav/patches/patch-ab | 4 |
8 files changed, 42 insertions, 39 deletions
diff --git a/security/clamav/Makefile b/security/clamav/Makefile index 17a0507e6fb..313c0834595 100644 --- a/security/clamav/Makefile +++ b/security/clamav/Makefile @@ -1,6 +1,5 @@ -# $NetBSD: Makefile,v 1.50 2019/07/20 22:46:46 wiz Exp $ +# $NetBSD: Makefile,v 1.51 2019/08/05 14:44:20 prlw1 Exp $ -PKGREVISION= 5 .include "Makefile.common" COMMENT= Anti-virus toolkit @@ -16,16 +15,20 @@ CONFIGURE_ARGS+= --with-dbdir=${CLAMAV_DBDIR} CONFIGURE_ARGS+= --with-group=${CLAMAV_GROUP} CONFIGURE_ARGS+= --with-user=${CLAMAV_USER} CONFIGURE_ARGS+= --with-libcurl=${BUILDLINK_PREFIX.curl} +CONFIGURE_ARGS+= --with-libjson=${BUILDLINK_PREFIX.json-c} CONFIGURE_ARGS+= --with-ltdl-include=${BUILDLINK_PREFIX.libltdl}/include CONFIGURE_ARGS+= --with-ltdl-lib=${BUILDLINK_PREFIX.libltdl}/lib CONFIGURE_ARGS+= --with-openssl=${BUILDLINK_PREFIX.openssl} CONFIGURE_ARGS+= --with-pcre=${BUILDLINK_PREFIX.pcre2} +CONFIGURE_ARGS+= --with-system-libmspack=${BUILDLINK_PREFIX.libmspack} CONFIGURE_ARGS+= --with-xml=${BUILDLINK_PREFIX.libxml2} CONFIGURE_ARGS+= --with-zlib=${BUILDLINK_PREFIX.zlib} CONFIGURE_ARGS+= --enable-readdir_r # pkgsrc enforces a "secure" version of zlib, so don't let this check # bomb the build CONFIGURE_ARGS+= --disable-zlib-vcheck +# Work around build failure PR pkg/54420 +CONFIGURE_ARGS+= --disable-unrar CHECK_PORTABILITY_SKIP= contrib/* unit_tests/* win32/* @@ -46,11 +49,6 @@ FILES_SUBST+= CLAMAV_GROUP=${CLAMAV_GROUP} FILES_SUBST+= CLAMAV_DBDIR=${CLAMAV_DBDIR} MESSAGE_SUBST+= CLAMAV_USER=${CLAMAV_USER} -SUBST_CLASSES+= vars -SUBST_STAGE.vars= pre-configure -SUBST_FILES.vars= etc/clamav-milter.conf.sample etc/clamd.conf.sample -SUBST_VARS.vars= CLAMAV_DBDIR - RCD_SCRIPTS= clamd freshclamd SMF_METHODS= ${RCD_SCRIPTS} SMF_INSTANCES= ${SMF_METHODS} @@ -63,10 +61,11 @@ PKG_USERS_VARS= CLAMAV_USER EGDIR= ${PREFIX}/share/examples/clamav +CONF_SAMPLES= clamd.conf freshclam.conf OWN_DIRS_PERMS= ${CLAMAV_DBDIR} ${CLAMAV_USER} ${CLAMAV_GROUP} 0775 CONF_FILES= # empty CONF_FILES_PERMS= # empty -.for i in clamav-milter.conf clamd.conf freshclam.conf +.for i in ${CONF_SAMPLES} CONF_FILES+= ${EGDIR}/${i} ${PKG_SYSCONFDIR}/${i} .endfor @@ -75,16 +74,18 @@ INSTALLATION_DIRS+= ${EGDIR} .include "options.mk" post-install: -.for i in clamav-milter.conf clamd.conf freshclam.conf - ${INSTALL_DATA} ${WRKSRC}/etc/${i}.sample ${DESTDIR}${EGDIR}/${i} +.for i in ${CONF_SAMPLES} + ${MV} ${DESTDIR}${PREFIX}/etc/${i}.sample ${DESTDIR}${EGDIR}/${i} .endfor .include "../../archivers/bzip2/buildlink3.mk" +.include "../../archivers/libmspack/buildlink3.mk" .include "../../devel/libltdl/buildlink3.mk" .include "../../devel/pcre2/buildlink3.mk" .include "../../devel/zlib/buildlink3.mk" .include "../../devel/gmp/buildlink3.mk" .include "../../security/openssl/buildlink3.mk" +.include "../../textproc/json-c/buildlink3.mk" .include "../../textproc/libxml2/buildlink3.mk" .include "../../www/curl/buildlink3.mk" .include "../../mk/curses.buildlink3.mk" diff --git a/security/clamav/Makefile.common b/security/clamav/Makefile.common index 3e79c4bad63..b4c8a07c270 100644 --- a/security/clamav/Makefile.common +++ b/security/clamav/Makefile.common @@ -1,9 +1,9 @@ -# $NetBSD: Makefile.common,v 1.10 2018/03/21 06:55:57 prlw1 Exp $ +# $NetBSD: Makefile.common,v 1.11 2019/08/05 14:44:20 prlw1 Exp $ # # used by security/clamav/Makefile # used by security/clamav-doc/Makefile -DISTNAME= clamav-0.99.4 +DISTNAME= clamav-0.101.2 CATEGORIES= security MASTER_SITES= http://www.clamav.net/downloads/production/ diff --git a/security/clamav/PLIST b/security/clamav/PLIST index e9314bbe8a4..8efc2853d5c 100644 --- a/security/clamav/PLIST +++ b/security/clamav/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.6 2014/05/08 16:01:09 jperkin Exp $ +@comment $NetBSD: PLIST,v 1.7 2019/08/05 14:44:20 prlw1 Exp $ bin/clamav-config bin/clambc bin/clamconf @@ -8,10 +8,10 @@ bin/clamscan bin/clamsubmit bin/freshclam bin/sigtool +include/clamav-types.h include/clamav.h lib/libclamav.la -lib/libclamunrar.la -lib/libclamunrar_iface.la +lib/libclammspack.la lib/pkgconfig/libclamav.pc man/man1/clambc.1 man/man1/clamconf.1 @@ -28,6 +28,6 @@ man/man8/clamav-milter.8 man/man8/clamd.8 ${PLIST.milter}sbin/clamav-milter sbin/clamd -share/examples/clamav/clamav-milter.conf +${PLIST.milter}share/examples/clamav/clamav-milter.conf share/examples/clamav/clamd.conf share/examples/clamav/freshclam.conf diff --git a/security/clamav/buildlink3.mk b/security/clamav/buildlink3.mk index 54dd7c6a5ec..3d85805ffef 100644 --- a/security/clamav/buildlink3.mk +++ b/security/clamav/buildlink3.mk @@ -1,4 +1,4 @@ -# $NetBSD: buildlink3.mk,v 1.7 2017/09/25 22:27:43 joerg Exp $ +# $NetBSD: buildlink3.mk,v 1.8 2019/08/05 14:44:20 prlw1 Exp $ BUILDLINK_TREE+= clamav @@ -8,10 +8,11 @@ CLAMAV_BUILDLINK3_MK:= BUILDLINK_API_DEPENDS.clamav+= clamav>=0.95.3nb1 BUILDLINK_ABI_DEPENDS.clamav+= clamav>=0.98.7nb2 BUILDLINK_PKGSRCDIR.clamav?= ../../security/clamav -.endif # CLAMAV_BUILDLINK3_MK .include "../../archivers/bzip2/buildlink3.mk" .include "../../devel/pcre2/buildlink3.mk" +.include "../../textproc/json-c/buildlink3.mk" .include "../../textproc/libxml2/buildlink3.mk" +.endif # CLAMAV_BUILDLINK3_MK BUILDLINK_TREE+= -clamav diff --git a/security/clamav/distinfo b/security/clamav/distinfo index 0102b2c5b5f..e343bb0b153 100644 --- a/security/clamav/distinfo +++ b/security/clamav/distinfo @@ -1,12 +1,12 @@ -$NetBSD: distinfo,v 1.27 2019/04/13 08:48:22 szptvlfn Exp $ +$NetBSD: distinfo,v 1.28 2019/08/05 14:44:20 prlw1 Exp $ -SHA1 (clamav-0.99.4.tar.gz) = 31f91cb63329385325821a03db46e7001dc40fa2 -RMD160 (clamav-0.99.4.tar.gz) = 5925f4727c98d328f7f12267bb1af11fc368f9d8 -SHA512 (clamav-0.99.4.tar.gz) = 778d5ef510d8d4bdfac5dc33d92469ed4283c414b3d42da6e1a0b13ed70e37755d5c837622dc336bc728ba1f8bf5485fc8a8d3a67a90e9aaa9e4dc71ece0691d -Size (clamav-0.99.4.tar.gz) = 16083015 bytes -SHA1 (patch-Makefile.in) = c7f106f812952ef22f32aaa0354a15d501460c01 +SHA1 (clamav-0.101.2.tar.gz) = 6545fc72fbc4e3e8b7e845e08edd0a36142d033e +RMD160 (clamav-0.101.2.tar.gz) = 53fddb9858c49c8b11654b204cf2e5938e193a7c +SHA512 (clamav-0.101.2.tar.gz) = f9ea4589a8081acf7b6d454d1a068da05ae6574a9070a08f9438935795cb6dc084ffb9222b11fb1623f31962f859e6536a2f5bd1de29ef6b9b314efa5edc8c7e +Size (clamav-0.101.2.tar.gz) = 21722932 bytes +SHA1 (patch-Makefile.in) = c3bdefe7f7d0fee58ce3a1f16c00b3739ab8586a SHA1 (patch-aa) = 8539a90ac5591c86f7e9f6b8c073f36523f221a5 -SHA1 (patch-ab) = fea995ea944c2ae0f51a41e1a1076badf65c6c8b +SHA1 (patch-ab) = 78793f0267ce8c820b51937186dc17dabb4a1ccf SHA1 (patch-af) = d217633ed33c72b6d01a9aeef03f0f5dd33b4336 SHA1 (patch-configure) = d3a0a77c522b8abb4a5144e29aacc8b110f31c5a SHA1 (patch-etc_clamav-milter.conf.sample) = 0cbf22bf380213c9e9f2b9baf15d7eba745afd46 diff --git a/security/clamav/options.mk b/security/clamav/options.mk index 0bea29e38dc..ff1b33d2b7d 100644 --- a/security/clamav/options.mk +++ b/security/clamav/options.mk @@ -1,4 +1,4 @@ -# $NetBSD: options.mk,v 1.5 2016/02/01 12:45:38 jperkin Exp $ +# $NetBSD: options.mk,v 1.6 2019/08/05 14:44:20 prlw1 Exp $ PKG_OPTIONS_VAR= PKG_OPTIONS.clamav PKG_SUPPORTED_OPTIONS= milter clamav-experimental unit-test @@ -15,6 +15,7 @@ USE_BUILTIN.libmilter= no . include "../../mail/libmilter/buildlink3.mk" CONFIGURE_ARGS+= --enable-milter PLIST.milter= yes +CONF_SAMPLES+= clamav-milter.conf SMF_INSTANCES+= clamav-milter .else CONFIGURE_ARGS+= --disable-milter diff --git a/security/clamav/patches/patch-Makefile.in b/security/clamav/patches/patch-Makefile.in index 5789e4f582c..9d52a783c7d 100644 --- a/security/clamav/patches/patch-Makefile.in +++ b/security/clamav/patches/patch-Makefile.in @@ -1,15 +1,15 @@ -$NetBSD: patch-Makefile.in,v 1.4 2016/06/12 16:06:01 taca Exp $ +$NetBSD: patch-Makefile.in,v 1.5 2019/08/05 14:44:20 prlw1 Exp $ Install etc files manually. ---- Makefile.in.orig 2016-04-22 16:19:51.000000000 +0000 +--- Makefile.in.orig 2018-09-19 19:29:07.000000000 +0000 +++ Makefile.in -@@ -551,7 +551,7 @@ top_builddir = @top_builddir@ - top_srcdir = @top_srcdir@ - ACLOCAL_AMFLAGS = -I m4 - SUBDIRS = libltdl libclamav clamscan clamd clamdscan freshclam sigtool \ -- clamconf database docs etc clamav-milter test clamdtop clambc \ -+ clamconf database docs clamav-milter test clamdtop clambc \ - unit_tests $(am__append_1) $(am__append_2) - EXTRA_DIST = FAQ examples BUGS shared libclamav.pc.in libclamunrar_iface/Makefile.am libclamunrar_iface/Makefile.in UPGRADE COPYING.bzip2 COPYING.lzma COPYING.unrar COPYING.LGPL COPYING.llvm COPYING.file COPYING.zlib COPYING.getopt COPYING.regex COPYING.YARA COPYING.pcre platform.h.in clamdscan/clamdscan.map win32 - bin_SCRIPTS = clamav-config +@@ -303,7 +303,7 @@ ETAGS = etags + CTAGS = ctags + CSCOPE = cscope + DIST_SUBDIRS = libltdl libclamav clamscan clamd clamdscan freshclam \ +- sigtool clamconf database docs etc clamav-milter test clamdtop \ ++ sigtool clamconf database docs clamav-milter test clamdtop \ + clambc unit_tests clamsubmit libfreshclam fuzz + DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) + distdir = $(PACKAGE)-$(VERSION) diff --git a/security/clamav/patches/patch-ab b/security/clamav/patches/patch-ab index 1dcf445568d..834aeb4bd33 100644 --- a/security/clamav/patches/patch-ab +++ b/security/clamav/patches/patch-ab @@ -1,6 +1,6 @@ -$NetBSD: patch-ab,v 1.1.1.1 2010/12/24 07:11:05 kefren Exp $ +$NetBSD: patch-ab,v 1.2 2019/08/05 14:44:20 prlw1 Exp $ -Make this pkgsrc friedly. +Make this pkgsrc friendly. --- libclamav/c++/llvm/utils/buildit/build_llvm.orig 2010-11-10 16:57:04.000000000 +0000 +++ libclamav/c++/llvm/utils/buildit/build_llvm |