pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: pkgsrc/security/clamav



Module Name:    pkgsrc
Committed By:   taca
Date:           Thu Sep  5 15:10:15 UTC 2024

Modified Files:
        pkgsrc/security/clamav: Makefile Makefile.common distinfo

Log Message:
security/clamav: update to 0.103.12

0.103.12 (2024-09-04)

ClamAV 0.103.12 is a patch release with the following fixes:

- [CVE-2024-20506](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20506):
  Changed the logging module to disable following symlinks on Linux and Unix
  systems so as to prevent an attacker with existing access to the 'clamd' or
  'freshclam' services from using a symlink to corrupt system files.

  This issue affects all currently supported versions. It will be fixed in:
  - 1.4.1
  - 1.3.2
  - 1.0.7
  - 0.103.12

  Thank you to Detlef for identifying this issue.

- [CVE-2024-20505](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20505):
  Fixed a possible out-of-bounds read bug in the PDF file parser that could
  cause a denial-of-service (DoS) condition.

  This issue affects all currently supported versions. It will be fixed in:
  - 1.4.1
  - 1.3.2
  - 1.0.7
  - 0.103.12

  Thank you to OSS-Fuzz for identifying this issue.

- ClamOnAcc: Fixed an infinite loop when a watched directory does not exist.
  - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1198)

- Fixed a bug causing CVDs downloaded by the `DatabaseCustomURL` Freshclam
  config option to be pruned and then re-downloaded with every update.
  Also added the new 'valhalla' database name to the list of optional databases
  in preparation for future work.
  - Backport of [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1233)

- Fixed an unaligned pointer dereference issue on select architectures.
  Fix courtesy of Sebastian Andrzej Siewior.
  - Backport of [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1293)


To generate a diff of this commit:
cvs rdiff -u -r1.93 -r1.94 pkgsrc/security/clamav/Makefile
cvs rdiff -u -r1.26 -r1.27 pkgsrc/security/clamav/Makefile.common
cvs rdiff -u -r1.45 -r1.46 pkgsrc/security/clamav/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/security/clamav/Makefile
diff -u pkgsrc/security/clamav/Makefile:1.93 pkgsrc/security/clamav/Makefile:1.94
--- pkgsrc/security/clamav/Makefile:1.93        Wed May 29 16:34:13 2024
+++ pkgsrc/security/clamav/Makefile     Thu Sep  5 15:10:15 2024
@@ -1,6 +1,5 @@
-# $NetBSD: Makefile,v 1.93 2024/05/29 16:34:13 adam Exp $
+# $NetBSD: Makefile,v 1.94 2024/09/05 15:10:15 taca Exp $
 
-PKGREVISION= 4
 .include "Makefile.common"
 
 COMMENT=       Anti-virus toolkit

Index: pkgsrc/security/clamav/Makefile.common
diff -u pkgsrc/security/clamav/Makefile.common:1.26 pkgsrc/security/clamav/Makefile.common:1.27
--- pkgsrc/security/clamav/Makefile.common:1.26 Tue Aug 29 14:43:01 2023
+++ pkgsrc/security/clamav/Makefile.common      Thu Sep  5 15:10:15 2024
@@ -1,11 +1,11 @@
-# $NetBSD: Makefile.common,v 1.26 2023/08/29 14:43:01 taca Exp $
+# $NetBSD: Makefile.common,v 1.27 2024/09/05 15:10:15 taca Exp $
 #
 # used by security/clamav/Makefile
 # used by security/clamav-doc/Makefile
 
-DISTNAME=      clamav-0.103.10
+DISTNAME=      clamav-0.103.12
 CATEGORIES=    security
-MASTER_SITES=  http://www.clamav.net/downloads/production/
+MASTER_SITES=  https://www.clamav.net/downloads/production/
 
 MAINTAINER?=   pkgsrc-users%NetBSD.org@localhost
 HOMEPAGE=      https://www.clamav.net/

Index: pkgsrc/security/clamav/distinfo
diff -u pkgsrc/security/clamav/distinfo:1.45 pkgsrc/security/clamav/distinfo:1.46
--- pkgsrc/security/clamav/distinfo:1.45        Tue Aug 29 14:43:01 2023
+++ pkgsrc/security/clamav/distinfo     Thu Sep  5 15:10:15 2024
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.45 2023/08/29 14:43:01 taca Exp $
+$NetBSD: distinfo,v 1.46 2024/09/05 15:10:15 taca Exp $
 
-BLAKE2s (clamav-0.103.10.tar.gz) = b3c19d4d3f55f17d10e4afd45c8f74df36abfbb9c62793fa7a10cb0a325c21c0
-SHA512 (clamav-0.103.10.tar.gz) = fceda0297f32b0741a978e365a9fb9fe1c24c0d5027ee41665516917fbff405c01621cb0894bcfa70bc0884332987e1ecaa096a344580b67c3b401f2a77bc78c
-Size (clamav-0.103.10.tar.gz) = 16538627 bytes
+BLAKE2s (clamav-0.103.12.tar.gz) = a329d1da82016fce84d87bee336cd7364f0a93b8347e81f607fba11607109b4d
+SHA512 (clamav-0.103.12.tar.gz) = 0e870a5fd035fbf090359ef7634b1b36e346ff3066b896ff17c2c6ace04f4c17e16181a21fead8b8b2f397de9ea47b928515b717a41996bac4c8efed4d16ec4e
+Size (clamav-0.103.12.tar.gz) = 16507685 bytes
 SHA1 (patch-Makefile.in) = 51e0f42323f07b7ae0cb35a640469dce4e1a2041
 SHA1 (patch-aa) = c07a7b6e883f384ce278964645f0658c0d986ab5
 SHA1 (patch-ab) = 78793f0267ce8c820b51937186dc17dabb4a1ccf



Home | Main Index | Thread Index | Old Index