pkg/54951: clamav should be updated

To: pkg-manager%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,pkgsrc-bugs%netbsd.org@localhost
Subject: pkg/54951: clamav should be updated
From: d.veselov%labma.ru@localhost
Date: Mon, 10 Feb 2020 12:00:01 +0000 (UTC)

>Number:         54951
>Category:       pkg
>Synopsis:       clamav 0.102.1 has security flaw and should be replaced
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    pkg-manager
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Mon Feb 10 12:00:00 +0000 2020
>Originator:     Dima Veselov
>Release:        NetBSD 8.1_STABLE
>Organization:
ZAO LMA
>Environment:
System: NetBSD ranir 8.1_STABLE NetBSD 8.1_STABLE (Ranir) #4: Mon Jun 10 10:52:14 MSK 2019 kab00m@almaz:/export/build/obj/amd64/sys/arch/amd64/compile/Ranir amd64
Architecture: x86_64
Machine: amd64
>Description:
	clamav 0.102.1 is vulnerable (CVE-2020-3123). pkgsrc version also lack 
	rc.d script for milter option
>How-To-Repeat:
>Fix:
	Updated package can be found http://lich.phys.spbu.ru/clamav-0.102.2nb2.tgz

Diff follow:

diff -U2 -r ../pkgsrc/security/clamav/Makefile.common security/clamav/Makefile.common
--- ../pkgsrc/security/clamav/Makefile.common   2020-02-03 12:45:57.328973185 +0300
+++ security/clamav/Makefile.common     2020-02-10 13:09:12.148274915 +0300
@@ -4,5 +4,5 @@
 # used by security/clamav-doc/Makefile
 
-DISTNAME=      clamav-0.102.1
+DISTNAME=      clamav-0.102.2
 CATEGORIES=    security
 MASTER_SITES=  http://www.clamav.net/downloads/production/
diff -U2 -r ../pkgsrc/security/clamav/distinfo security/clamav/distinfo
--- ../pkgsrc/security/clamav/distinfo  2020-02-10 13:07:23.529810703 +0300
+++ security/clamav/distinfo    2020-02-10 13:09:12.152275003 +0300
@@ -1,8 +1,8 @@
 $NetBSD: distinfo,v 1.31 2019/12/03 12:55:16 taca Exp $
 
-SHA1 (clamav-0.102.1.tar.gz) = 88040368d506b923b627eab3c8a96c941f1719f9
-RMD160 (clamav-0.102.1.tar.gz) = 3b3c652c6b9f01bd2cc0e14390b841e48cfdee90
-SHA512 (clamav-0.102.1.tar.gz) = 2d0cd2dece771ab8228771f9a95eb0342e756083a0107b2bef31bd2f5f46c36aa692e15d7eb2ea321f535ea4e18c8df043c8663ae350d40fbe1bdb4d073dcb90
-Size (clamav-0.102.1.tar.gz) = 13215586 bytes
+SHA1 (clamav-0.102.2.tar.gz) = 9adabeac41736770aa22ae1ee1f8aba9e253cfaa
+RMD160 (clamav-0.102.2.tar.gz) = a1ef9999257f02ca55abc8da73b4456e0f02ec80
+SHA512 (clamav-0.102.2.tar.gz) = 7db53e0e2b4d6b0e4cf5048d3c9dfbcabcffd680c3a2b718c763b9599b0c1c14e56bae70c54c251ee9e8fd1acd3134657196dbaad2d23a16bad76a088c6fc41f
+Size (clamav-0.102.2.tar.gz) = 13227538 bytes
 SHA1 (patch-Makefile.in) = a11766ea353d81fb281a07c8120e8a1f5c8dc60f
 SHA1 (patch-aa) = 8539a90ac5591c86f7e9f6b8c073f36523f221a5
Only in security/clamav/files: clamav-milter.sh
diff -U2 -r ../pkgsrc/security/clamav/options.mk security/clamav/options.mk
--- ../pkgsrc/security/clamav/options.mk        2020-02-10 13:07:03.441354849 +0300
+++ security/clamav/options.mk  2020-02-10 13:09:12.336279181 +0300
@@ -18,4 +18,5 @@
 CONF_SAMPLES+=         clamav-milter.conf
 SMF_INSTANCES+=                clamav-milter
+RCD_SCRIPTS+=          clamav-milter
 .else
 CONFIGURE_ARGS+=       --disable-milter



rc.d script follow:

[root@ranir pkgsrc-labma]$ cat security/clamav/files/clamav-milter.sh 
#!/bin/sh
#
# $NetBSD:
#
# clamav-milter provides milter socket for mail daemon
#
# PROVIDE: clamav-milter
# REQUIRE: clamd
# BEFORE: mail local
# KEYWORD: shutdown

if [ -f /etc/rc.subr ]; then
        . /etc/rc.subr
fi

name="clamav_milter"
rcvar=$name
command="/usr/pkg/sbin/clamav-milter"
required_files="/usr/pkg/etc/clamav-milter.conf"
start_precmd="clamav_milter_precmd"
#stop_cmd="clamav_milter_stopcmd"

if [ -f "${required_files}" ]; then
        pidfile_=`/usr/bin/awk '/^#/ {next}; /^PidFile[         ]/ {r = $2};
                        END {print r}' ${required_files}`
        if [ -n "${pidfile_}" ]; then
                pidfile=${pidfile_}
        fi
        logfile=`/usr/bin/awk 'BEGIN {r = "/tmp/clamd.log"};
                        /^#/ {next}; /^LogFile[         ]/ {r = $2};
                        END {print r}' ${required_files}`
        socket=`/usr/bin/awk 'BEGIN {r = "/tmp/clamd"};
                        /^#/ {next}; /^LocalSocket[     ]/ {r = $2};
                        END {print r}' ${required_files}`
        clamav_milter_user=`/usr/bin/awk 'BEGIN {r = "clamav"};
                        /^#/ {next}; /^User[    ]/ {r = $2};
                        END {print r}' ${required_files}`
fi

clamav_milter_precmd()
{
        /bin/rm -f ${socket}
        if [ -n "${logfile}" ]; then
                /usr/bin/touch ${logfile}
                /usr/sbin/chown ${clamav_milter_user} ${logfile}
        fi
        if [ -n "${pidfile}" ]; then
                /usr/bin/touch ${pidfile}
                /usr/sbin/chown ${clamav_milter_user} ${pidfile}
        fi
}

clamav_milter_stopcmd()
{
        # Workaround bug when clamd is built against pth by send TERM to
        # clamd, then forcing it to start a worker thread that exits.
        # This forces the main thread to awaken and realize that it's
        # supposed to shutdown.
        #
        echo "Stopping ${name}."
        doit="/usr/bin/su -m ${clamav_milter_user} -c \"kill -TERM $rc_pid\""
        if ! eval $doit && [ -z "$rc_force" ]; then
                return 1
        fi
        #${scan_command} --quiet ${scan_command} 2>/dev/null
        wait_for_pids $rc_pid
}

if [ -f /etc/rc.subr -a -f /etc/rc.conf \
     -a -d /etc/rc.d -a -f /etc/rc.d/DAEMON ]; then
        load_rc_config $name
        run_rc_command "$1"
else
        echo -n " ${name}"
        eval ${start_precmd}
        ${command} ${clamav_milter_flags} ${command_args}
fi

Prev by Date: Re: pkg/42191 (CONF_FILES with spaces in names doesn't work)
Next by Date: pkg/54952: lang/gcc8 build fails on NetBSD-8.1 platform
Previous by Thread: Re: pkg/42191 (CONF_FILES with spaces in names doesn't work)
Next by Thread: pkg/54952: lang/gcc8 build fails on NetBSD-8.1 platform
Indexes:

Home | Main Index | Thread Index | Old Index