pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/pkgsrc-2019Q2]: pkgsrc/security/clamav Pullup ticket #6036 - requeste...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/ade17f4bfc75
branches:  pkgsrc-2019Q2
changeset: 408197:ade17f4bfc75
user:      bsiegert <bsiegert%pkgsrc.org@localhost>
date:      Thu Sep 05 09:26:25 2019 +0000

description:
Pullup ticket #6036 - requested by taca
security/clamav: security fix

Revisions pulled up:
- security/clamav/Makefile                                      1.51
- security/clamav/Makefile.common                               1.11
- security/clamav/PLIST                                         1.7
- security/clamav/buildlink3.mk                                 1.8
- security/clamav/distinfo                                      1.28
- security/clamav/options.mk                                    1.6
- security/clamav/patches/patch-Makefile.in                     1.5
- security/clamav/patches/patch-ab                              1.2

---
   Module Name: pkgsrc
   Committed By:        wiz
   Date:                Sat Jul 20 22:46:59 UTC 2019

   Modified Files:

        pkgsrc/security/clamav: Makefile

   Log Message:
   *: recursive bump for nettle 3.5.1

---
   Module Name: pkgsrc
   Committed By:        prlw1
   Date:                Mon Aug  5 14:44:20 UTC 2019

   Modified Files:
        pkgsrc/security/clamav: Makefile Makefile.common PLIST buildlink3.mk
            distinfo options.mk
        pkgsrc/security/clamav/patches: patch-Makefile.in patch-ab

   Log Message:
   Update clamav to 0.101.2

   Remove rar support to workaround PR pkg/54420

     This release includes 3 extra security related bug fixes that do not
      apply to prior versions. In addition, it includes a number of minor bug
      fixes and improvements.
        * Fixes for the following vulnerabilities affecting 0.101.1 and
          prior:
             + CVE-2019-1787: An out-of-bounds heap read condition may occur
               when scanning PDF documents. The defect is a failure to
               correctly keep track of the number of bytes remaining in a
               buffer when indexing file data.
             + CVE-2019-1789: An out-of-bounds heap read condition may occur
               when scanning PE files (i.e. Windows EXE and DLL files) that
               have been packed using Aspack as a result of inadequate
               bound-checking.
             + CVE-2019-1788: An out-of-bounds heap write condition may occur
               when scanning OLE2 files such as Microsoft Office 97-2003
               documents. The invalid write happens when an invalid pointer
               is mistakenly used to initialize a 32bit integer to zero. This
               is likely to crash the application.
        * Fixes for the following ClamAV vulnerabilities:
             + CVE-2018-15378: Vulnerability in ClamAV's MEW unpacking
               feature that could allow an unauthenticated, remote attacker
               to cause a denial of service (DoS) condition on an affected
               device. Reported by Secunia Research at Flexera.
             + Fix for a 2-byte buffer over-read bug in ClamAV's PDF parsing
               code. Reported by Alex Gaynor.
        * Fixes for the following vulnerabilities in bundled third-party
          libraries:
             + CVE-2018-14680: An issue was discovered in mspack/chmd.c in
               libmspack before 0.7alpha. It does not reject blank CHM
               filenames.
             + CVE-2018-14681: An issue was discovered in kwajd_read_headers
               in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file
               header extensions could cause a one or two byte overwrite.
             + CVE-2018-14682: An issue was discovered in mspack/chmd.c in
               libmspack before 0.7alpha. There is an off-by-one error in the
               TOLOWER() macro for CHM decompression.
             + Additionally, 0.100.2 reverted 0.100.1's patch for
               CVE-2018-14679, and applied libmspack's version of the fix in
               its place.
        * Fixes for the following CVE's:
             + CVE-2017-16932: Vulnerability in libxml2 dependency (affects
               ClamAV on Windows only).
             + CVE-2018-0360: HWP integer overflow, infinite loop
               vulnerability. Reported by Secunia Research at Flexera.
             + CVE-2018-0361: ClamAV PDF object length check, unreasonably
               long time to parse relatively small file. Reported by aCaB.

   For the full release notes, see:
   https://github.com/Cisco-Talos/clamav-devel/blob/clamav-0.101.2/NEWS.md

diffstat:

 security/clamav/Makefile                  |  21 +++++++++++----------
 security/clamav/Makefile.common           |   4 ++--
 security/clamav/PLIST                     |   8 ++++----
 security/clamav/buildlink3.mk             |   5 +++--
 security/clamav/distinfo                  |  14 +++++++-------
 security/clamav/options.mk                |   3 ++-
 security/clamav/patches/patch-Makefile.in |  22 +++++++++++-----------
 security/clamav/patches/patch-ab          |   4 ++--
 8 files changed, 42 insertions(+), 39 deletions(-)

diffs (227 lines):

diff -r 3f3aebbba012 -r ade17f4bfc75 security/clamav/Makefile
--- a/security/clamav/Makefile  Tue Sep 03 10:37:57 2019 +0000
+++ b/security/clamav/Makefile  Thu Sep 05 09:26:25 2019 +0000
@@ -1,6 +1,5 @@
-# $NetBSD: Makefile,v 1.48 2019/05/04 16:12:00 rillig Exp $
+# $NetBSD: Makefile,v 1.48.2.1 2019/09/05 09:26:25 bsiegert Exp $
 
-PKGREVISION= 3
 .include "Makefile.common"
 
 COMMENT=       Anti-virus toolkit
@@ -16,16 +15,20 @@
 CONFIGURE_ARGS+=       --with-group=${CLAMAV_GROUP}
 CONFIGURE_ARGS+=       --with-user=${CLAMAV_USER}
 CONFIGURE_ARGS+=       --with-libcurl=${BUILDLINK_PREFIX.curl}
+CONFIGURE_ARGS+=       --with-libjson=${BUILDLINK_PREFIX.json-c}
 CONFIGURE_ARGS+=       --with-ltdl-include=${BUILDLINK_PREFIX.libltdl}/include
 CONFIGURE_ARGS+=       --with-ltdl-lib=${BUILDLINK_PREFIX.libltdl}/lib
 CONFIGURE_ARGS+=       --with-openssl=${BUILDLINK_PREFIX.openssl}
 CONFIGURE_ARGS+=       --with-pcre=${BUILDLINK_PREFIX.pcre2}
+CONFIGURE_ARGS+=       --with-system-libmspack=${BUILDLINK_PREFIX.libmspack}
 CONFIGURE_ARGS+=       --with-xml=${BUILDLINK_PREFIX.libxml2}
 CONFIGURE_ARGS+=       --with-zlib=${BUILDLINK_PREFIX.zlib}
 CONFIGURE_ARGS+=       --enable-readdir_r
 # pkgsrc enforces a "secure" version of zlib, so don't let this check
 # bomb the build
 CONFIGURE_ARGS+=       --disable-zlib-vcheck
+# Work around build failure PR pkg/54420
+CONFIGURE_ARGS+=       --disable-unrar
 
 CHECK_PORTABILITY_SKIP=        contrib/* unit_tests/* win32/*
 
@@ -46,11 +49,6 @@
 FILES_SUBST+=  CLAMAV_DBDIR=${CLAMAV_DBDIR}
 MESSAGE_SUBST+=        CLAMAV_USER=${CLAMAV_USER}
 
-SUBST_CLASSES+=                vars
-SUBST_STAGE.vars=      pre-configure
-SUBST_FILES.vars=      etc/clamav-milter.conf.sample etc/clamd.conf.sample
-SUBST_VARS.vars=       CLAMAV_DBDIR
-
 RCD_SCRIPTS=   clamd freshclamd
 SMF_METHODS=   ${RCD_SCRIPTS}
 SMF_INSTANCES= ${SMF_METHODS}
@@ -63,10 +61,11 @@
 
 EGDIR=         ${PREFIX}/share/examples/clamav
 
+CONF_SAMPLES=          clamd.conf freshclam.conf
 OWN_DIRS_PERMS=                ${CLAMAV_DBDIR} ${CLAMAV_USER} ${CLAMAV_GROUP} 0775
 CONF_FILES=            # empty
 CONF_FILES_PERMS=      # empty
-.for i in clamav-milter.conf clamd.conf freshclam.conf
+.for i in ${CONF_SAMPLES}
 CONF_FILES+=           ${EGDIR}/${i} ${PKG_SYSCONFDIR}/${i}
 .endfor
 
@@ -75,16 +74,18 @@
 .include "options.mk"
 
 post-install:
-.for i in clamav-milter.conf clamd.conf freshclam.conf
-       ${INSTALL_DATA} ${WRKSRC}/etc/${i}.sample ${DESTDIR}${EGDIR}/${i}
+.for i in ${CONF_SAMPLES}
+       ${MV} ${DESTDIR}${PREFIX}/etc/${i}.sample ${DESTDIR}${EGDIR}/${i}
 .endfor
 
 .include "../../archivers/bzip2/buildlink3.mk"
+.include "../../archivers/libmspack/buildlink3.mk"
 .include "../../devel/libltdl/buildlink3.mk"
 .include "../../devel/pcre2/buildlink3.mk"
 .include "../../devel/zlib/buildlink3.mk"
 .include "../../devel/gmp/buildlink3.mk"
 .include "../../security/openssl/buildlink3.mk"
+.include "../../textproc/json-c/buildlink3.mk"
 .include "../../textproc/libxml2/buildlink3.mk"
 .include "../../www/curl/buildlink3.mk"
 .include "../../mk/curses.buildlink3.mk"
diff -r 3f3aebbba012 -r ade17f4bfc75 security/clamav/Makefile.common
--- a/security/clamav/Makefile.common   Tue Sep 03 10:37:57 2019 +0000
+++ b/security/clamav/Makefile.common   Thu Sep 05 09:26:25 2019 +0000
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile.common,v 1.10 2018/03/21 06:55:57 prlw1 Exp $
+# $NetBSD: Makefile.common,v 1.10.12.1 2019/09/05 09:26:25 bsiegert Exp $
 #
 # used by security/clamav/Makefile
 # used by security/clamav-doc/Makefile
 
-DISTNAME=      clamav-0.99.4
+DISTNAME=      clamav-0.101.2
 CATEGORIES=    security
 MASTER_SITES=  http://www.clamav.net/downloads/production/
 
diff -r 3f3aebbba012 -r ade17f4bfc75 security/clamav/PLIST
--- a/security/clamav/PLIST     Tue Sep 03 10:37:57 2019 +0000
+++ b/security/clamav/PLIST     Thu Sep 05 09:26:25 2019 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.6 2014/05/08 16:01:09 jperkin Exp $
+@comment $NetBSD: PLIST,v 1.6.44.1 2019/09/05 09:26:25 bsiegert Exp $
 bin/clamav-config
 bin/clambc
 bin/clamconf
@@ -8,10 +8,10 @@
 bin/clamsubmit
 bin/freshclam
 bin/sigtool
+include/clamav-types.h
 include/clamav.h
 lib/libclamav.la
-lib/libclamunrar.la
-lib/libclamunrar_iface.la
+lib/libclammspack.la
 lib/pkgconfig/libclamav.pc
 man/man1/clambc.1
 man/man1/clamconf.1
@@ -28,6 +28,6 @@
 man/man8/clamd.8
 ${PLIST.milter}sbin/clamav-milter
 sbin/clamd
-share/examples/clamav/clamav-milter.conf
+${PLIST.milter}share/examples/clamav/clamav-milter.conf
 share/examples/clamav/clamd.conf
 share/examples/clamav/freshclam.conf
diff -r 3f3aebbba012 -r ade17f4bfc75 security/clamav/buildlink3.mk
--- a/security/clamav/buildlink3.mk     Tue Sep 03 10:37:57 2019 +0000
+++ b/security/clamav/buildlink3.mk     Thu Sep 05 09:26:25 2019 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: buildlink3.mk,v 1.7 2017/09/25 22:27:43 joerg Exp $
+# $NetBSD: buildlink3.mk,v 1.7.18.1 2019/09/05 09:26:25 bsiegert Exp $
 
 BUILDLINK_TREE+=       clamav
 
@@ -8,10 +8,11 @@
 BUILDLINK_API_DEPENDS.clamav+= clamav>=0.95.3nb1
 BUILDLINK_ABI_DEPENDS.clamav+= clamav>=0.98.7nb2
 BUILDLINK_PKGSRCDIR.clamav?=   ../../security/clamav
-.endif # CLAMAV_BUILDLINK3_MK
 
 .include "../../archivers/bzip2/buildlink3.mk"
 .include "../../devel/pcre2/buildlink3.mk"
+.include "../../textproc/json-c/buildlink3.mk"
 .include "../../textproc/libxml2/buildlink3.mk"
+.endif # CLAMAV_BUILDLINK3_MK
 
 BUILDLINK_TREE+=       -clamav
diff -r 3f3aebbba012 -r ade17f4bfc75 security/clamav/distinfo
--- a/security/clamav/distinfo  Tue Sep 03 10:37:57 2019 +0000
+++ b/security/clamav/distinfo  Thu Sep 05 09:26:25 2019 +0000
@@ -1,12 +1,12 @@
-$NetBSD: distinfo,v 1.27 2019/04/13 08:48:22 szptvlfn Exp $
+$NetBSD: distinfo,v 1.27.2.1 2019/09/05 09:26:25 bsiegert Exp $
 
-SHA1 (clamav-0.99.4.tar.gz) = 31f91cb63329385325821a03db46e7001dc40fa2
-RMD160 (clamav-0.99.4.tar.gz) = 5925f4727c98d328f7f12267bb1af11fc368f9d8
-SHA512 (clamav-0.99.4.tar.gz) = 778d5ef510d8d4bdfac5dc33d92469ed4283c414b3d42da6e1a0b13ed70e37755d5c837622dc336bc728ba1f8bf5485fc8a8d3a67a90e9aaa9e4dc71ece0691d
-Size (clamav-0.99.4.tar.gz) = 16083015 bytes
-SHA1 (patch-Makefile.in) = c7f106f812952ef22f32aaa0354a15d501460c01
+SHA1 (clamav-0.101.2.tar.gz) = 6545fc72fbc4e3e8b7e845e08edd0a36142d033e
+RMD160 (clamav-0.101.2.tar.gz) = 53fddb9858c49c8b11654b204cf2e5938e193a7c
+SHA512 (clamav-0.101.2.tar.gz) = f9ea4589a8081acf7b6d454d1a068da05ae6574a9070a08f9438935795cb6dc084ffb9222b11fb1623f31962f859e6536a2f5bd1de29ef6b9b314efa5edc8c7e
+Size (clamav-0.101.2.tar.gz) = 21722932 bytes
+SHA1 (patch-Makefile.in) = c3bdefe7f7d0fee58ce3a1f16c00b3739ab8586a
 SHA1 (patch-aa) = 8539a90ac5591c86f7e9f6b8c073f36523f221a5
-SHA1 (patch-ab) = fea995ea944c2ae0f51a41e1a1076badf65c6c8b
+SHA1 (patch-ab) = 78793f0267ce8c820b51937186dc17dabb4a1ccf
 SHA1 (patch-af) = d217633ed33c72b6d01a9aeef03f0f5dd33b4336
 SHA1 (patch-configure) = d3a0a77c522b8abb4a5144e29aacc8b110f31c5a
 SHA1 (patch-etc_clamav-milter.conf.sample) = 0cbf22bf380213c9e9f2b9baf15d7eba745afd46
diff -r 3f3aebbba012 -r ade17f4bfc75 security/clamav/options.mk
--- a/security/clamav/options.mk        Tue Sep 03 10:37:57 2019 +0000
+++ b/security/clamav/options.mk        Thu Sep 05 09:26:25 2019 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: options.mk,v 1.5 2016/02/01 12:45:38 jperkin Exp $
+# $NetBSD: options.mk,v 1.5.30.1 2019/09/05 09:26:25 bsiegert Exp $
 
 PKG_OPTIONS_VAR=       PKG_OPTIONS.clamav
 PKG_SUPPORTED_OPTIONS= milter clamav-experimental unit-test
@@ -15,6 +15,7 @@
 .  include "../../mail/libmilter/buildlink3.mk"
 CONFIGURE_ARGS+=       --enable-milter
 PLIST.milter=          yes
+CONF_SAMPLES+=         clamav-milter.conf
 SMF_INSTANCES+=                clamav-milter
 .else
 CONFIGURE_ARGS+=       --disable-milter
diff -r 3f3aebbba012 -r ade17f4bfc75 security/clamav/patches/patch-Makefile.in
--- a/security/clamav/patches/patch-Makefile.in Tue Sep 03 10:37:57 2019 +0000
+++ b/security/clamav/patches/patch-Makefile.in Thu Sep 05 09:26:25 2019 +0000
@@ -1,15 +1,15 @@
-$NetBSD: patch-Makefile.in,v 1.4 2016/06/12 16:06:01 taca Exp $
+$NetBSD: patch-Makefile.in,v 1.4.28.1 2019/09/05 09:26:25 bsiegert Exp $
 
 Install etc files manually.
 
---- Makefile.in.orig   2016-04-22 16:19:51.000000000 +0000
+--- Makefile.in.orig   2018-09-19 19:29:07.000000000 +0000
 +++ Makefile.in
-@@ -551,7 +551,7 @@ top_builddir = @top_builddir@
- top_srcdir = @top_srcdir@
- ACLOCAL_AMFLAGS = -I m4
- SUBDIRS = libltdl libclamav clamscan clamd clamdscan freshclam sigtool \
--      clamconf database docs etc clamav-milter test clamdtop clambc \
-+      clamconf database docs clamav-milter test clamdtop clambc \
-       unit_tests $(am__append_1) $(am__append_2)
- EXTRA_DIST = FAQ examples BUGS shared libclamav.pc.in libclamunrar_iface/Makefile.am libclamunrar_iface/Makefile.in UPGRADE COPYING.bzip2 COPYING.lzma COPYING.unrar COPYING.LGPL COPYING.llvm 
COPYING.file COPYING.zlib COPYING.getopt COPYING.regex COPYING.YARA COPYING.pcre platform.h.in clamdscan/clamdscan.map win32
- bin_SCRIPTS = clamav-config
+@@ -303,7 +303,7 @@ ETAGS = etags
+ CTAGS = ctags
+ CSCOPE = cscope
+ DIST_SUBDIRS = libltdl libclamav clamscan clamd clamdscan freshclam \
+-      sigtool clamconf database docs etc clamav-milter test clamdtop \
++      sigtool clamconf database docs clamav-milter test clamdtop \
+       clambc unit_tests clamsubmit libfreshclam fuzz
+ DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ distdir = $(PACKAGE)-$(VERSION)
diff -r 3f3aebbba012 -r ade17f4bfc75 security/clamav/patches/patch-ab
--- a/security/clamav/patches/patch-ab  Tue Sep 03 10:37:57 2019 +0000
+++ b/security/clamav/patches/patch-ab  Thu Sep 05 09:26:25 2019 +0000
@@ -1,6 +1,6 @@
-$NetBSD: patch-ab,v 1.1.1.1 2010/12/24 07:11:05 kefren Exp $
+$NetBSD: patch-ab,v 1.1.1.1.72.1 2019/09/05 09:26:25 bsiegert Exp $
 
-Make this pkgsrc friedly.
+Make this pkgsrc friendly.
 
 --- libclamav/c++/llvm/utils/buildit/build_llvm.orig   2010-11-10 16:57:04.000000000 +0000
 +++ libclamav/c++/llvm/utils/buildit/build_llvm



Home | Main Index | Thread Index | Old Index