From 29e3c02f6ad886649d1ee8dfe71b1baaf2699872 Mon Sep 17 00:00:00 2001 From: bsiegert Date: Sat, 22 Feb 2020 19:45:06 +0000 Subject: Pullup ticket #6137 - requested by taca security/clamav: security fix + partial fix for PR pkg/54951 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Revisions pulled up: - security/clamav/Makefile 1.60-1.62 - security/clamav/Makefile.common 1.14-1.15 - security/clamav/distinfo 1.32 --- Module Name: pkgsrc Committed By: ryoon Date: Sun Jan 12 20:20:50 UTC 2020 Modified Files: pkgsrc/security/clamav: Makefile Log Message: *: Recursive revbump from devel/boost-libs --- Module Name: pkgsrc Committed By: jperkin Date: Sat Jan 18 21:51:16 UTC 2020 Modified Files: pkgsrc/security/clamav: Makefile Log Message: *: Recursive revision bump for openssl 1.1.1. --- Module Name: pkgsrc Committed By: rillig Date: Sun Jan 26 17:32:28 UTC 2020 Modified Files: pkgsrc/security/clamav: Makefile.common Log Message: all: migrate homepages from http to https pkglint -r --network --only "migrate" As a side-effect of migrating the homepages, pkglint also fixed a few indentations in unrelated lines. These and the new homepages have been checked manually. --- Module Name: pkgsrc Committed By: taca Date: Sat Feb 15 02:40:43 UTC 2020 Modified Files: pkgsrc/security/clamav: Makefile Makefile.common distinfo Log Message: security/clamav: update to 0.102.2 Update clamav to 0.102.2. ## 0.102.2 ClamAV 0.102.2 is a bug patch release to address the following issues. - [CVE-2020-3123](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3123): An Denial-of-Service (DoS) condition may occur when using the optional credit card data-loss-prevention (DLP) feature. Improper bounds checking of an unsigned variable resulted in an out-of-bounds read which causes a crash. - Significantly improved scan speed of PDF files on Windows. - Re-applied a fix to alleviate file access issues when scanning RAR files in downstream projects that use libclamav where the scanning engine is operating in a low-privelege process. This bug was originally fixed in 0.101.2 and the fix was mistakenly omitted from 0.102.0. - Fixed an issue wherein freshclam failed to update if the database version downloaded is 1 version older than advertised. This situation may occur after a new database version is published. The issue affected users downloading the whole CVD database file. - Changed the default freshclam ReceiveTimeout setting to 0 (infinite). The ReceiveTimeout had caused needless database update failures for users with slower internet connections. - Correctly display number of kilobytes (KiB) in progress bar and reduced the size of the progress bar to accomodate 80-char width terminals. - Fixed an issue where running freshclam manually causes a daemonized freshclam process to fail when it updates because the manual instance deletes the temporary download directory. Freshclam temporary files will now download to a unique directory created at the time of an update instead of using a hardcoded directory created/destroyed at the program start/exit. - Fix for Freshclam's OnOutdatedExecute config option. - Fixes a memory leak in the error condition handling for the email parser. - Improved bound checking and error handling in ARJ archive parser. - Improved error handling in PDF parser. - Fix for memory leak in byte-compare signature handler. - Updates to the unit test suite to support libcheck 0.13. - Updates to support autoconf 2.69 and automake 1.15. Special thanks to the following for code contributions and bug reports: - Antoine DeschĂȘnes - Eric Lindblad - Gianluigi Tiesi - Tuomo Soini --- security/clamav/Makefile.common | 6 +++--- security/clamav/distinfo | 10 +++++----- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/security/clamav/Makefile.common b/security/clamav/Makefile.common index 709bd673742..36bc53147d1 100644 --- a/security/clamav/Makefile.common +++ b/security/clamav/Makefile.common @@ -1,14 +1,14 @@ -# $NetBSD: Makefile.common,v 1.13 2019/12/03 12:55:16 taca Exp $ +# $NetBSD: Makefile.common,v 1.13.4.1 2020/02/22 19:45:06 bsiegert Exp $ # # used by security/clamav/Makefile # used by security/clamav-doc/Makefile -DISTNAME= clamav-0.102.1 +DISTNAME= clamav-0.102.2 CATEGORIES= security MASTER_SITES= http://www.clamav.net/downloads/production/ MAINTAINER?= pkgsrc-users@NetBSD.org -HOMEPAGE= http://www.clamav.net/ +HOMEPAGE= https://www.clamav.net/ LICENSE= gnu-gpl-v2 DISTINFO_FILE= ${.CURDIR}/../../security/clamav/distinfo diff --git a/security/clamav/distinfo b/security/clamav/distinfo index 9ef5b15a4ce..72e752a859b 100644 --- a/security/clamav/distinfo +++ b/security/clamav/distinfo @@ -1,9 +1,9 @@ -$NetBSD: distinfo,v 1.31 2019/12/03 12:55:16 taca Exp $ +$NetBSD: distinfo,v 1.31.4.1 2020/02/22 19:45:06 bsiegert Exp $ -SHA1 (clamav-0.102.1.tar.gz) = 88040368d506b923b627eab3c8a96c941f1719f9 -RMD160 (clamav-0.102.1.tar.gz) = 3b3c652c6b9f01bd2cc0e14390b841e48cfdee90 -SHA512 (clamav-0.102.1.tar.gz) = 2d0cd2dece771ab8228771f9a95eb0342e756083a0107b2bef31bd2f5f46c36aa692e15d7eb2ea321f535ea4e18c8df043c8663ae350d40fbe1bdb4d073dcb90 -Size (clamav-0.102.1.tar.gz) = 13215586 bytes +SHA1 (clamav-0.102.2.tar.gz) = 9adabeac41736770aa22ae1ee1f8aba9e253cfaa +RMD160 (clamav-0.102.2.tar.gz) = a1ef9999257f02ca55abc8da73b4456e0f02ec80 +SHA512 (clamav-0.102.2.tar.gz) = 7db53e0e2b4d6b0e4cf5048d3c9dfbcabcffd680c3a2b718c763b9599b0c1c14e56bae70c54c251ee9e8fd1acd3134657196dbaad2d23a16bad76a088c6fc41f +Size (clamav-0.102.2.tar.gz) = 13227538 bytes SHA1 (patch-Makefile.in) = a11766ea353d81fb281a07c8120e8a1f5c8dc60f SHA1 (patch-aa) = 8539a90ac5591c86f7e9f6b8c073f36523f221a5 SHA1 (patch-ab) = 78793f0267ce8c820b51937186dc17dabb4a1ccf -- cgit v1.2.3