[pkgsrc/trunk]: pkgsrc/security/clamav security/clamav: update to 0.103.5

[taca <taca%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/437cb47dc7ea
branches:  trunk
changeset: 371743:437cb47dc7ea
user:      taca <taca%pkgsrc.org@localhost>
date:      Thu Jan 13 15:28:22 2022 +0000

description:
security/clamav: update to 0.103.5

0.103.5 (2022-01-12)

ClamAV 0.103.5 is a critical patch release with the following fixes:

* CVE-2022-20698<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20698>:
  Fix for invalid pointer read that may cause a crash. This issue affects
  0.104.1, 0.103.4 and prior when ClamAV is compiled with libjson-c and the
  CL_SCAN_GENERAL_COLLECT_METADATA scan option (the clamscan --gen-json
  option) is enabled.

  Cisco would like to thank Laurent Delosieres of ManoMano for reporting
  this vulnerability.

* Fixed ability to disable the file size limit with libclamav C API, like
  this:

  cl_engine_set_num(engine, CL_ENGINE_MAX_FILESIZE, 0);

  This issue didn't affect ClamD or ClamScan which also can disable the
  limit by setting it to zero using MaxFileSize 0 in clamd.conf for ClamD,
  or clamscan --max-filesize=0 for ClamScan.

  Note: Internally, the max file size is still set to 2 GiB. Disabling the
  limit for a scan will fall back on the internal 2 GiB limitation.

* Increased the maximum line length for ClamAV config files from 512 bytes
  to 1,024 bytes to allow for longer config option strings.

* SigTool: Fix insufficient buffer size for --list-sigs that caused a
  failure when listing a database containing one or more very long
  signatures. This fix was backported from 0.104.

Special thanks to the following for code contributions and bug reports:

* Laurent Delosieres

diffstat:

 security/clamav/Makefile        |  3 +--
 security/clamav/Makefile.common |  4 ++--
 security/clamav/distinfo        |  8 ++++----
 3 files changed, 7 insertions(+), 8 deletions(-)

diffs (42 lines):

diff -r 78149cedc134 -r 437cb47dc7ea security/clamav/Makefile
--- a/security/clamav/Makefile  Thu Jan 13 14:25:22 2022 +0000
+++ b/security/clamav/Makefile  Thu Jan 13 15:28:22 2022 +0000
@@ -1,6 +1,5 @@
-# $NetBSD: Makefile,v 1.81 2021/12/08 16:02:33 adam Exp $
+# $NetBSD: Makefile,v 1.82 2022/01/13 15:28:22 taca Exp $
 
-PKGREVISION= 1
 .include "Makefile.common"
 
 COMMENT=       Anti-virus toolkit
diff -r 78149cedc134 -r 437cb47dc7ea security/clamav/Makefile.common
--- a/security/clamav/Makefile.common   Thu Jan 13 14:25:22 2022 +0000
+++ b/security/clamav/Makefile.common   Thu Jan 13 15:28:22 2022 +0000
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile.common,v 1.21 2021/11/08 14:49:23 taca Exp $
+# $NetBSD: Makefile.common,v 1.22 2022/01/13 15:28:22 taca Exp $
 #
 # used by security/clamav/Makefile
 # used by security/clamav-doc/Makefile
 
-DISTNAME=      clamav-0.103.4
+DISTNAME=      clamav-0.103.5
 CATEGORIES=    security
 MASTER_SITES=  http://www.clamav.net/downloads/production/
 
diff -r 78149cedc134 -r 437cb47dc7ea security/clamav/distinfo
--- a/security/clamav/distinfo  Thu Jan 13 14:25:22 2022 +0000
+++ b/security/clamav/distinfo  Thu Jan 13 15:28:22 2022 +0000
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.40 2021/11/08 14:49:23 taca Exp $
+$NetBSD: distinfo,v 1.41 2022/01/13 15:28:22 taca Exp $
 
-BLAKE2s (clamav-0.103.4.tar.gz) = 0a64b0534d4b8919c787fbd7152ff87eb875b702215bccf0b586b8d9e854d69f
-SHA512 (clamav-0.103.4.tar.gz) = 422a8cb98d355be098b0a0c575e4f08cf964e992d10ee02e7600eb9db6dfa943efbd988489f268e81e4d2ef29cfe582b236688ea209d6d2e46467f3c08eb475e
-Size (clamav-0.103.4.tar.gz) = 16425023 bytes
+BLAKE2s (clamav-0.103.5.tar.gz) = 045c523bcbd02439cc05095cc19d102eee7af6db5cda340e19ed47fb885a3ae9
+SHA512 (clamav-0.103.5.tar.gz) = 242423b507eacbbd31dbae6dd0325dff87da25bb8072f2cee7a5e7cab4b8eb5ee6196c759570c1d75986a2777f0f79f92cfbd6250a30ae5b53390c75b238c29a
+Size (clamav-0.103.5.tar.gz) = 16434316 bytes
 SHA1 (patch-Makefile.in) = 51e0f42323f07b7ae0cb35a640469dce4e1a2041
 SHA1 (patch-aa) = c07a7b6e883f384ce278964645f0658c0d986ab5
 SHA1 (patch-ab) = 78793f0267ce8c820b51937186dc17dabb4a1ccf