From 7c0e6529e0d308ffbec1d792075b1abea51c950e Mon Sep 17 00:00:00 2001 From: taca Date: Thu, 5 Sep 2024 15:10:15 +0000 Subject: [PATCH] security/clamav: update to 0.103.12 0.103.12 (2024-09-04) ClamAV 0.103.12 is a patch release with the following fixes: - [CVE-2024-20506](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20506): Changed the logging module to disable following symlinks on Linux and Unix systems so as to prevent an attacker with existing access to the 'clamd' or 'freshclam' services from using a symlink to corrupt system files. This issue affects all currently supported versions. It will be fixed in: - 1.4.1 - 1.3.2 - 1.0.7 - 0.103.12 Thank you to Detlef for identifying this issue. - [CVE-2024-20505](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20505): Fixed a possible out-of-bounds read bug in the PDF file parser that could cause a denial-of-service (DoS) condition. This issue affects all currently supported versions. It will be fixed in: - 1.4.1 - 1.3.2 - 1.0.7 - 0.103.12 Thank you to OSS-Fuzz for identifying this issue. - ClamOnAcc: Fixed an infinite loop when a watched directory does not exist. - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1198) - Fixed a bug causing CVDs downloaded by the `DatabaseCustomURL` Freshclam config option to be pruned and then re-downloaded with every update. Also added the new 'valhalla' database name to the list of optional databases in preparation for future work. - Backport of [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1233) - Fixed an unaligned pointer dereference issue on select architectures. Fix courtesy of Sebastian Andrzej Siewior. - Backport of [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1293) --- security/clamav/Makefile | 3 +-- security/clamav/Makefile.common | 6 +++--- security/clamav/distinfo | 8 ++++---- 3 files changed, 8 insertions(+), 9 deletions(-) diff --git a/security/clamav/Makefile b/security/clamav/Makefile index e7904d8ce9a7..fb3ef289141b 100644 --- a/security/clamav/Makefile +++ b/security/clamav/Makefile @@ -1,6 +1,5 @@ -# $NetBSD: Makefile,v 1.93 2024/05/29 16:34:13 adam Exp $ +# $NetBSD: Makefile,v 1.94 2024/09/05 15:10:15 taca Exp $ -PKGREVISION= 4 .include "Makefile.common" COMMENT= Anti-virus toolkit diff --git a/security/clamav/Makefile.common b/security/clamav/Makefile.common index a01543702de6..527e2c24c3a0 100644 --- a/security/clamav/Makefile.common +++ b/security/clamav/Makefile.common @@ -1,11 +1,11 @@ -# $NetBSD: Makefile.common,v 1.26 2023/08/29 14:43:01 taca Exp $ +# $NetBSD: Makefile.common,v 1.27 2024/09/05 15:10:15 taca Exp $ # # used by security/clamav/Makefile # used by security/clamav-doc/Makefile -DISTNAME= clamav-0.103.10 +DISTNAME= clamav-0.103.12 CATEGORIES= security -MASTER_SITES= http://www.clamav.net/downloads/production/ +MASTER_SITES= https://www.clamav.net/downloads/production/ MAINTAINER?= pkgsrc-users@NetBSD.org HOMEPAGE= https://www.clamav.net/ diff --git a/security/clamav/distinfo b/security/clamav/distinfo index 443a93d14a35..f6e94f26f458 100644 --- a/security/clamav/distinfo +++ b/security/clamav/distinfo @@ -1,8 +1,8 @@ -$NetBSD: distinfo,v 1.45 2023/08/29 14:43:01 taca Exp $ +$NetBSD: distinfo,v 1.46 2024/09/05 15:10:15 taca Exp $ -BLAKE2s (clamav-0.103.10.tar.gz) = b3c19d4d3f55f17d10e4afd45c8f74df36abfbb9c62793fa7a10cb0a325c21c0 -SHA512 (clamav-0.103.10.tar.gz) = fceda0297f32b0741a978e365a9fb9fe1c24c0d5027ee41665516917fbff405c01621cb0894bcfa70bc0884332987e1ecaa096a344580b67c3b401f2a77bc78c -Size (clamav-0.103.10.tar.gz) = 16538627 bytes +BLAKE2s (clamav-0.103.12.tar.gz) = a329d1da82016fce84d87bee336cd7364f0a93b8347e81f607fba11607109b4d +SHA512 (clamav-0.103.12.tar.gz) = 0e870a5fd035fbf090359ef7634b1b36e346ff3066b896ff17c2c6ace04f4c17e16181a21fead8b8b2f397de9ea47b928515b717a41996bac4c8efed4d16ec4e +Size (clamav-0.103.12.tar.gz) = 16507685 bytes SHA1 (patch-Makefile.in) = 51e0f42323f07b7ae0cb35a640469dce4e1a2041 SHA1 (patch-aa) = c07a7b6e883f384ce278964645f0658c0d986ab5 SHA1 (patch-ab) = 78793f0267ce8c820b51937186dc17dabb4a1ccf