Update clamav to 0.101.2

Remove rar support to workaround PR pkg/54420

  This release includes 3 extra security related bug fixes that do not
   apply to prior versions. In addition, it includes a number of minor bug
   fixes and improvements.
     * Fixes for the following vulnerabilities affecting 0.101.1 and
       prior:
          + CVE-2019-1787: An out-of-bounds heap read condition may occur
            when scanning PDF documents. The defect is a failure to
            correctly keep track of the number of bytes remaining in a
            buffer when indexing file data.
          + CVE-2019-1789: An out-of-bounds heap read condition may occur
            when scanning PE files (i.e. Windows EXE and DLL files) that
            have been packed using Aspack as a result of inadequate
            bound-checking.
          + CVE-2019-1788: An out-of-bounds heap write condition may occur
            when scanning OLE2 files such as Microsoft Office 97-2003
            documents. The invalid write happens when an invalid pointer
            is mistakenly used to initialize a 32bit integer to zero. This
            is likely to crash the application.
     * Fixes for the following ClamAV vulnerabilities:
          + CVE-2018-15378: Vulnerability in ClamAV's MEW unpacking
            feature that could allow an unauthenticated, remote attacker
            to cause a denial of service (DoS) condition on an affected
            device. Reported by Secunia Research at Flexera.
          + Fix for a 2-byte buffer over-read bug in ClamAV's PDF parsing
            code. Reported by Alex Gaynor.
     * Fixes for the following vulnerabilities in bundled third-party
       libraries:
          + CVE-2018-14680: An issue was discovered in mspack/chmd.c in
            libmspack before 0.7alpha. It does not reject blank CHM
            filenames.
          + CVE-2018-14681: An issue was discovered in kwajd_read_headers
            in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file
            header extensions could cause a one or two byte overwrite.
          + CVE-2018-14682: An issue was discovered in mspack/chmd.c in
            libmspack before 0.7alpha. There is an off-by-one error in the
            TOLOWER() macro for CHM decompression.
          + Additionally, 0.100.2 reverted 0.100.1's patch for
            CVE-2018-14679, and applied libmspack's version of the fix in
            its place.
     * Fixes for the following CVE's:
          + CVE-2017-16932: Vulnerability in libxml2 dependency (affects
            ClamAV on Windows only).
          + CVE-2018-0360: HWP integer overflow, infinite loop
            vulnerability. Reported by Secunia Research at Flexera.
          + CVE-2018-0361: ClamAV PDF object length check, unreasonably
            long time to parse relatively small file. Reported by aCaB.

For the full release notes, see:
https://github.com/Cisco-Talos/clamav-devel/blob/clamav-0.101.2/NEWS.md
This commit is contained in:
prlw1 2019-08-05 14:44:20 +00:00
parent 8d6a0957be
commit 2bbaa92ff0
8 changed files with 42 additions and 39 deletions

View file

@ -1,6 +1,5 @@
# $NetBSD: Makefile,v 1.50 2019/07/20 22:46:46 wiz Exp $
# $NetBSD: Makefile,v 1.51 2019/08/05 14:44:20 prlw1 Exp $
PKGREVISION= 5
.include "Makefile.common"
COMMENT= Anti-virus toolkit
@ -16,16 +15,20 @@ CONFIGURE_ARGS+= --with-dbdir=${CLAMAV_DBDIR}
CONFIGURE_ARGS+= --with-group=${CLAMAV_GROUP}
CONFIGURE_ARGS+= --with-user=${CLAMAV_USER}
CONFIGURE_ARGS+= --with-libcurl=${BUILDLINK_PREFIX.curl}
CONFIGURE_ARGS+= --with-libjson=${BUILDLINK_PREFIX.json-c}
CONFIGURE_ARGS+= --with-ltdl-include=${BUILDLINK_PREFIX.libltdl}/include
CONFIGURE_ARGS+= --with-ltdl-lib=${BUILDLINK_PREFIX.libltdl}/lib
CONFIGURE_ARGS+= --with-openssl=${BUILDLINK_PREFIX.openssl}
CONFIGURE_ARGS+= --with-pcre=${BUILDLINK_PREFIX.pcre2}
CONFIGURE_ARGS+= --with-system-libmspack=${BUILDLINK_PREFIX.libmspack}
CONFIGURE_ARGS+= --with-xml=${BUILDLINK_PREFIX.libxml2}
CONFIGURE_ARGS+= --with-zlib=${BUILDLINK_PREFIX.zlib}
CONFIGURE_ARGS+= --enable-readdir_r
# pkgsrc enforces a "secure" version of zlib, so don't let this check
# bomb the build
CONFIGURE_ARGS+= --disable-zlib-vcheck
# Work around build failure PR pkg/54420
CONFIGURE_ARGS+= --disable-unrar
CHECK_PORTABILITY_SKIP= contrib/* unit_tests/* win32/*
@ -46,11 +49,6 @@ FILES_SUBST+= CLAMAV_GROUP=${CLAMAV_GROUP}
FILES_SUBST+= CLAMAV_DBDIR=${CLAMAV_DBDIR}
MESSAGE_SUBST+= CLAMAV_USER=${CLAMAV_USER}
SUBST_CLASSES+= vars
SUBST_STAGE.vars= pre-configure
SUBST_FILES.vars= etc/clamav-milter.conf.sample etc/clamd.conf.sample
SUBST_VARS.vars= CLAMAV_DBDIR
RCD_SCRIPTS= clamd freshclamd
SMF_METHODS= ${RCD_SCRIPTS}
SMF_INSTANCES= ${SMF_METHODS}
@ -63,10 +61,11 @@ PKG_USERS_VARS= CLAMAV_USER
EGDIR= ${PREFIX}/share/examples/clamav
CONF_SAMPLES= clamd.conf freshclam.conf
OWN_DIRS_PERMS= ${CLAMAV_DBDIR} ${CLAMAV_USER} ${CLAMAV_GROUP} 0775
CONF_FILES= # empty
CONF_FILES_PERMS= # empty
.for i in clamav-milter.conf clamd.conf freshclam.conf
.for i in ${CONF_SAMPLES}
CONF_FILES+= ${EGDIR}/${i} ${PKG_SYSCONFDIR}/${i}
.endfor
@ -75,16 +74,18 @@ INSTALLATION_DIRS+= ${EGDIR}
.include "options.mk"
post-install:
.for i in clamav-milter.conf clamd.conf freshclam.conf
${INSTALL_DATA} ${WRKSRC}/etc/${i}.sample ${DESTDIR}${EGDIR}/${i}
.for i in ${CONF_SAMPLES}
${MV} ${DESTDIR}${PREFIX}/etc/${i}.sample ${DESTDIR}${EGDIR}/${i}
.endfor
.include "../../archivers/bzip2/buildlink3.mk"
.include "../../archivers/libmspack/buildlink3.mk"
.include "../../devel/libltdl/buildlink3.mk"
.include "../../devel/pcre2/buildlink3.mk"
.include "../../devel/zlib/buildlink3.mk"
.include "../../devel/gmp/buildlink3.mk"
.include "../../security/openssl/buildlink3.mk"
.include "../../textproc/json-c/buildlink3.mk"
.include "../../textproc/libxml2/buildlink3.mk"
.include "../../www/curl/buildlink3.mk"
.include "../../mk/curses.buildlink3.mk"

View file

@ -1,9 +1,9 @@
# $NetBSD: Makefile.common,v 1.10 2018/03/21 06:55:57 prlw1 Exp $
# $NetBSD: Makefile.common,v 1.11 2019/08/05 14:44:20 prlw1 Exp $
#
# used by security/clamav/Makefile
# used by security/clamav-doc/Makefile
DISTNAME= clamav-0.99.4
DISTNAME= clamav-0.101.2
CATEGORIES= security
MASTER_SITES= http://www.clamav.net/downloads/production/

View file

@ -1,4 +1,4 @@
@comment $NetBSD: PLIST,v 1.6 2014/05/08 16:01:09 jperkin Exp $
@comment $NetBSD: PLIST,v 1.7 2019/08/05 14:44:20 prlw1 Exp $
bin/clamav-config
bin/clambc
bin/clamconf
@ -8,10 +8,10 @@ bin/clamscan
bin/clamsubmit
bin/freshclam
bin/sigtool
include/clamav-types.h
include/clamav.h
lib/libclamav.la
lib/libclamunrar.la
lib/libclamunrar_iface.la
lib/libclammspack.la
lib/pkgconfig/libclamav.pc
man/man1/clambc.1
man/man1/clamconf.1
@ -28,6 +28,6 @@ man/man8/clamav-milter.8
man/man8/clamd.8
${PLIST.milter}sbin/clamav-milter
sbin/clamd
share/examples/clamav/clamav-milter.conf
${PLIST.milter}share/examples/clamav/clamav-milter.conf
share/examples/clamav/clamd.conf
share/examples/clamav/freshclam.conf

View file

@ -1,4 +1,4 @@
# $NetBSD: buildlink3.mk,v 1.7 2017/09/25 22:27:43 joerg Exp $
# $NetBSD: buildlink3.mk,v 1.8 2019/08/05 14:44:20 prlw1 Exp $
BUILDLINK_TREE+= clamav
@ -8,10 +8,11 @@ CLAMAV_BUILDLINK3_MK:=
BUILDLINK_API_DEPENDS.clamav+= clamav>=0.95.3nb1
BUILDLINK_ABI_DEPENDS.clamav+= clamav>=0.98.7nb2
BUILDLINK_PKGSRCDIR.clamav?= ../../security/clamav
.endif # CLAMAV_BUILDLINK3_MK
.include "../../archivers/bzip2/buildlink3.mk"
.include "../../devel/pcre2/buildlink3.mk"
.include "../../textproc/json-c/buildlink3.mk"
.include "../../textproc/libxml2/buildlink3.mk"
.endif # CLAMAV_BUILDLINK3_MK
BUILDLINK_TREE+= -clamav

View file

@ -1,12 +1,12 @@
$NetBSD: distinfo,v 1.27 2019/04/13 08:48:22 szptvlfn Exp $
$NetBSD: distinfo,v 1.28 2019/08/05 14:44:20 prlw1 Exp $
SHA1 (clamav-0.99.4.tar.gz) = 31f91cb63329385325821a03db46e7001dc40fa2
RMD160 (clamav-0.99.4.tar.gz) = 5925f4727c98d328f7f12267bb1af11fc368f9d8
SHA512 (clamav-0.99.4.tar.gz) = 778d5ef510d8d4bdfac5dc33d92469ed4283c414b3d42da6e1a0b13ed70e37755d5c837622dc336bc728ba1f8bf5485fc8a8d3a67a90e9aaa9e4dc71ece0691d
Size (clamav-0.99.4.tar.gz) = 16083015 bytes
SHA1 (patch-Makefile.in) = c7f106f812952ef22f32aaa0354a15d501460c01
SHA1 (clamav-0.101.2.tar.gz) = 6545fc72fbc4e3e8b7e845e08edd0a36142d033e
RMD160 (clamav-0.101.2.tar.gz) = 53fddb9858c49c8b11654b204cf2e5938e193a7c
SHA512 (clamav-0.101.2.tar.gz) = f9ea4589a8081acf7b6d454d1a068da05ae6574a9070a08f9438935795cb6dc084ffb9222b11fb1623f31962f859e6536a2f5bd1de29ef6b9b314efa5edc8c7e
Size (clamav-0.101.2.tar.gz) = 21722932 bytes
SHA1 (patch-Makefile.in) = c3bdefe7f7d0fee58ce3a1f16c00b3739ab8586a
SHA1 (patch-aa) = 8539a90ac5591c86f7e9f6b8c073f36523f221a5
SHA1 (patch-ab) = fea995ea944c2ae0f51a41e1a1076badf65c6c8b
SHA1 (patch-ab) = 78793f0267ce8c820b51937186dc17dabb4a1ccf
SHA1 (patch-af) = d217633ed33c72b6d01a9aeef03f0f5dd33b4336
SHA1 (patch-configure) = d3a0a77c522b8abb4a5144e29aacc8b110f31c5a
SHA1 (patch-etc_clamav-milter.conf.sample) = 0cbf22bf380213c9e9f2b9baf15d7eba745afd46

View file

@ -1,4 +1,4 @@
# $NetBSD: options.mk,v 1.5 2016/02/01 12:45:38 jperkin Exp $
# $NetBSD: options.mk,v 1.6 2019/08/05 14:44:20 prlw1 Exp $
PKG_OPTIONS_VAR= PKG_OPTIONS.clamav
PKG_SUPPORTED_OPTIONS= milter clamav-experimental unit-test
@ -15,6 +15,7 @@ USE_BUILTIN.libmilter= no
. include "../../mail/libmilter/buildlink3.mk"
CONFIGURE_ARGS+= --enable-milter
PLIST.milter= yes
CONF_SAMPLES+= clamav-milter.conf
SMF_INSTANCES+= clamav-milter
.else
CONFIGURE_ARGS+= --disable-milter

View file

@ -1,15 +1,15 @@
$NetBSD: patch-Makefile.in,v 1.4 2016/06/12 16:06:01 taca Exp $
$NetBSD: patch-Makefile.in,v 1.5 2019/08/05 14:44:20 prlw1 Exp $
Install etc files manually.
--- Makefile.in.orig 2016-04-22 16:19:51.000000000 +0000
--- Makefile.in.orig 2018-09-19 19:29:07.000000000 +0000
+++ Makefile.in
@@ -551,7 +551,7 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
ACLOCAL_AMFLAGS = -I m4
SUBDIRS = libltdl libclamav clamscan clamd clamdscan freshclam sigtool \
- clamconf database docs etc clamav-milter test clamdtop clambc \
+ clamconf database docs clamav-milter test clamdtop clambc \
unit_tests $(am__append_1) $(am__append_2)
EXTRA_DIST = FAQ examples BUGS shared libclamav.pc.in libclamunrar_iface/Makefile.am libclamunrar_iface/Makefile.in UPGRADE COPYING.bzip2 COPYING.lzma COPYING.unrar COPYING.LGPL COPYING.llvm COPYING.file COPYING.zlib COPYING.getopt COPYING.regex COPYING.YARA COPYING.pcre platform.h.in clamdscan/clamdscan.map win32
bin_SCRIPTS = clamav-config
@@ -303,7 +303,7 @@ ETAGS = etags
CTAGS = ctags
CSCOPE = cscope
DIST_SUBDIRS = libltdl libclamav clamscan clamd clamdscan freshclam \
- sigtool clamconf database docs etc clamav-milter test clamdtop \
+ sigtool clamconf database docs clamav-milter test clamdtop \
clambc unit_tests clamsubmit libfreshclam fuzz
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
distdir = $(PACKAGE)-$(VERSION)

View file

@ -1,6 +1,6 @@
$NetBSD: patch-ab,v 1.1.1.1 2010/12/24 07:11:05 kefren Exp $
$NetBSD: patch-ab,v 1.2 2019/08/05 14:44:20 prlw1 Exp $
Make this pkgsrc friedly.
Make this pkgsrc friendly.
--- libclamav/c++/llvm/utils/buildit/build_llvm.orig 2010-11-10 16:57:04.000000000 +0000
+++ libclamav/c++/llvm/utils/buildit/build_llvm