Commit graph

40 commits

Author SHA1 Message Date
jperkin
38b256b1d4 Pull in GNU sed, required for correct LLVM detection. Fixes SunOS. 2016-07-07 14:36:34 +00:00
prlw1
231e0c632b Sync buildlink3.mk with Makefile
/usr/pkg/lib/libclamav.so:
        -lxml2.2 => /usr/pkg/lib/libxml2.so.2
        -lz.1 => /usr/lib/libz.so.1
        -lc.12 => /usr/lib/libc.so.12
        -llzma.2 => /usr/lib/liblzma.so.2
        -lpthread.1 => /usr/lib/libpthread.so.1
        -lm.0 => /usr/lib/libm.so.0
        -lbz2.1 => /usr/lib/libbz2.so.1
        -lltdl.7 => /usr/pkg/lib/libltdl.so.7
        -lstdc++.7 => /usr/lib/libstdc++.so.7
        -lssl.11 => /usr/lib/libssl.so.11
        -lcrypto.11 => /usr/lib/libcrypto.so.11
        -lcrypt.1 => /lib/libcrypt.so.1
        -lpcre.1 => /usr/pkg/lib/libpcre.so.1
2016-06-17 15:15:41 +00:00
taca
e2c7a9c651 Update clamav to 0.99.2, based on patch vy Matthias Ferdinand
on pkgsrc-users.


Changes from 0.99.1 to 0.99.2 are available only with ChangeLog and it
is too many to write here.  Please refer ChangeLog file.

0.99.1
------

ClamAV 0.99.1 contains a new feature for parsing Hancom Office files
including extracting and scanning embedded objects. ClamAV 0.99.1
also contains important bug fixes. Please see ChangeLog for details.
2016-06-12 16:06:01 +00:00
jperkin
36e6903fd8 Remove the stability entity, it has no meaning outside of an official context. 2016-06-08 10:16:50 +00:00
jperkin
13a8dd759b Change the service_bundle name to "export" to reduce diffs between the
original manifest.xml file and the output from "svccfg export".
2016-06-08 10:02:24 +00:00
jperkin
a377258fbc Add or fix manpath entries to use the correct path. 2016-06-08 09:58:04 +00:00
pgoyette
7a2efab269 bin/freshclam also needs paxctl +m
Bump revision
2016-06-06 22:49:36 +00:00
pgoyette
3d61f3a41a Seems that clamd needs to disable mprotect. Bump pkg revision. 2016-05-30 12:25:36 +00:00
jperkin
17661ff9a5 Bump PKGREVISION for security/openssl ABI bump. 2016-03-05 11:27:40 +00:00
jperkin
8d1f88558f Add an SMF manifest entry for clamav-milter. 2016-02-01 12:45:38 +00:00
adam
c3f0e7d8f0 ClamAV 0.99 contains major new features and changes. YARA rules,
Perl Compatible Regular Expressions, revamped on-access scanning
for Linux, and other new features join the many great features of ClamAV:

    - Processing of YARA rules(some limitations- see signatures.pdf).
    - Support in ClamAV logical signatures for many of the features
      added for YARA, such as Perl Compatible Regular Expressions,
      alternate strings, and YARA string attributes. See signatures.pdf
      for full details.
    - New and improved on-access scanning for Linux. See the recent blog
      post and clamdoc.pdf for details on the new on-access capabilities.
    - A new ClamAV API callback function that is invoked when a virus
      is found. This is intended primarily for applications running in
      all-match mode. Any applications using all-match mode must use
      the new callback function to record and report detected viruses.
    - Configurable default password list to attempt zip file decryption.
    - TIFF file support.
    - Upgrade Windows pthread library to 2.9.1.
    - A new signature target type for designating signatures to run
      against files with unknown file types.
    - Improved fidelity of the "data loss prevention" heuristic
      algorithm. Code supplied by Bill Parker.
    - Support for LZMA decompression within Adobe Flash files.
    - Support for MSO attachments within Microsoft Office 2003 XML files.
    - A new sigtool option(--ascii-normalize) allowing signature authors
      to more easily generate normalized versions of ascii files.
    - Windows installation directories changed from \Program Files\Sourcefire\
      ClamAV to \Program Files\ClamAV or \Program Files\ClamAV-x64.
2015-12-11 16:31:06 +00:00
agc
5293710fb4 Add SHA512 digests for distfiles for security category
Problems found locating distfiles:
	Package f-prot-antivirus6-fs-bin: missing distfile fp-NetBSD.x86.32-fs-6.2.3.tar.gz
	Package f-prot-antivirus6-ws-bin: missing distfile fp-NetBSD.x86.32-ws-6.2.3.tar.gz
	Package libidea: missing distfile libidea-0.8.2b.tar.gz
	Package openssh: missing distfile openssh-7.1p1-hpn-20150822.diff.bz2
	Package uvscan: missing distfile vlp4510e.tar.Z

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.
2015-11-04 01:17:40 +00:00
wiz
c7383780db Bump all packages that depend on curses.bui* or terminfo.bui* since they
might incur ncurses dependencies on some platforms, and ncurses just bumped
its shlib.
Some packages were bumped twice now, sorry for that.
2015-08-18 07:31:00 +00:00
wiz
0eb141f110 Bump PKGREVISION for ncurses shlib bump. 2015-08-17 17:11:19 +00:00
bouyer
13a420a3f4 Update clamav to 0.98.7.
This release contains new scanning features and bug fixes.
    - Improvements to PDF processing: decryption, escape sequence
      handling, and file property collection.
    - Scanning/analysis of additional Microsoft Office 2003 XML format.
    - Fix infinite loop condition on crafted y0da cryptor file. Identified
      and patch suggested by Sebastian Andrzej Siewior. CVE-2015-2221.
    - Fix crash on crafted petite packed file. Reported and patch
      supplied by Sebastian Andrzej Siewior. CVE-2015-2222.
    - Fix false negatives on files within iso9660 containers. This issue
      was reported by Minzhuan Gong.
    - Fix a couple crashes on crafted upack packed file. Identified and
      patches supplied by Sebastian Andrzej Siewior.
    - Fix a crash during algorithmic detection on crafted PE file.
      Identified and patch supplied by Sebastian Andrzej Siewior.
    - Fix an infinite loop condition on a crafted "xz" archive file.
      This was reported by Dimitri Kirchner and Goulven Guiheux.
      CVE-2015-2668.
    - Fix compilation error after ./configure --disable-pthreads.
      Reported and fix suggested by John E. Krokes.
    - Apply upstream patch for possible heap overflow in Henry Spencer's
      regex library. CVE-2015-2305.
    - Fix crash in upx decoder with crafted file. Discovered and patch
      supplied by Sebastian Andrzej Siewior. CVE-2015-2170.
    - Fix segfault scanning certain HTML files. Reported with sample by
      Kai Risku.
    - Improve detections within xar/pkg files.
2015-05-20 21:15:26 +00:00
taca
3f81e84dec Bump PKGREVISION.
Missing entries for patch files might cause creating broken binary package.
Noted by bouyer@.
2015-03-17 08:55:57 +00:00
taca
195c235212 Revice checksum for patch files which were accidently removed. 2015-03-17 06:00:07 +00:00
taca
322e7376b6 * Add unit-test PKG_OPTIONS.
* Allow version information to be shared with an another package
  (documentation).

Bump PKGREVISION.
2015-03-15 00:52:53 +00:00
hiramatsu
c1f9098ae3 Update clamav to 0.98.6.
Changes from 0.98.5.
--------------------
- library shared object revisions.
- installation issues on some Mac OS X and FreeBSD platforms.
- includes a patch from Sebastian Andrzej Siewior making
  ClamAV pid files compatible with systemd.
- Fix a heap out of bounds condition with crafted Yoda's
  crypter files. This issue was discovered by Felix Groebert
  of the Google Security Team.
- Fix a heap out of bounds condition with crafted mew packer
  files. This issue was discovered by Felix Groebert of the
  Google Security Team.
- Fix a heap out of bounds condition with crafted upx packer
  files. This issue was discovered by Kevin Szkudlapski of
  Quarkslab.
- Fix a heap out of bounds condition with crafted upack packer
  files. This issue was discovered by Sebastian Andrzej Siewior.
  CVE-2014-9328.
- Compensate a crash due to incorrect compiler optimization when
  handling crafted petite packer files. This issue was discovered
  by Sebastian Andrzej Siewior.
2015-02-24 07:28:59 +00:00
khorben
4460faef25 Updated security/clamav to version 0.98.5
ChangeLog for this version:

Wed, 12 Nov 2014 14:30:39 EDT (swebb)
-------------------------------------
* bb11176 - Instruct OpenSSL to allow MD5 when in FIPS-compliant mode.
  Patch submitted by Reinhard Max.

Mon, 10 Nov 2014 11:03:29 EDT (swebb)
-------------------------------------
* bb11155 - Adjust the logic surrounding adjusting the PE section sizes
  This fixes a crash with maliciously crafted yoda's crypter files and
  also improves virus detections for PE files.

Thu, 6 Nov 2014 14:51:26 EDT (swebb)
-------------------------------------
* bb11088 - Merge in fixes for clamscan -a crash bug

Mon, 20 Oct 2014 11:33:18 EDT (swebb)
-------------------------------------
* Revert "bb#10731 - Allow to specificy a group for the socket of which
  the user is not a member"

Thu, 31 Jul 2014 19:11:22 EDT (swebb)
-------------------------------------
* Add support for XDP PDF file format

Thu, Jul 31 11:50:23 EDT 2014 (swebb)
------------------------------------
* bb#10731 - Allow specification of a group for the milter socket of which
the user is not a member - patch submitted by Sebastian Andrzej Siewior

Fri, 25 Jul 2014 12:26:04 EDT (klin)
------------------------------------
* bb#10981 - applied LLVM 3.1-3.4 - patch submitted by Andreas Cadhalpun

Fri, 25 Jul 2014 12:06:13 (klin)
--------------------------------
* clambc: added diagnostic tools for bytecode IR

Tue, 8 Jul 2014 19:53:41 EDT (swebb)
------------------------------------
* mass cleanup of compiler warnings

Tue, 08 Jul 11:30:00 EDT 2014 (morgan)
------------------------------------
* 0.98.5 beta release

Mon, 07 Jul 09:00:00 EDT 2014 (swebb)
------------------------------------
* 0.98.5-beta1 release engineering

Thu, 03 Jul 22:14:40 EDT 2014 (swebb)
------------------------------------
* Call cl_initialize_crypto() in cl_init()

Thu, 03 Jul 16:28:10 EDT 2014 (swebb)
------------------------------------
* Finalize PDF parsing code for the preclassification feature

Wed, 25 Jun 16:26:33 EDT 2014 (swebb)
------------------------------------
* Finalize linking in libjson, a new optional dependency

Fri, 13 Jun 2014 16:11:15 EDT (smorgan)
---------------------------------------
* add timeout facility for file property scanning

Tue, 3 Jun 2014 13:31:50 EDT (smorgan)
--------------------------------------
* add callback for user processing of json string and json scan result

Wed, 7 May 2014 10:56:35 EDT (swebb)
------------------------------------
* PE file properties collection

Tue, 6 May 2014 15:26:30 EDT (klin)
-----------------------------------
* add api to read json to the bytecode api

Thu, 1 May 2014 16:59:01 EDT (klin)
-----------------------------------
* docx/pptx/xlsx file properties collection

Wed, 30 Apr 2014 16:38:55 EDT (swebb)
-------------------------------------
* pdf file properties collection

Tue, 22 Apr 2014 14:22:39 EDT (klin)
------------------------------------
* json api wrapper

Mon, 21 Apr 2014 18:30:28 EDT (klin)
------------------------------------
* doc/ppt/xls file properties collection

Wed, 16 Apr 18:14:45 2014 EDT (smorgan)
--------------------------------------
* Initial libjson-c configure/build support and json file properties work
2014-12-06 07:31:33 +00:00
wiz
cda18437be Remove pkgviews: don't set PKG_INSTALLATION_TYPES in Makefiles. 2014-10-09 14:05:50 +00:00
adam
fc6de457d4 Changes 0.98.4:
- Various build problems on Solaris, OpenBSD, AIX.
- Crashes of clamd on Windows and Mac OS X platforms when reloading the virus signature database.
- Infinite loop in clamdscan when clamd is not running.
- Freshclam failure on Solaris 10.
- Buffer underruns when handling multi-part MIME email attachments.
- Configuration of OpenSSL on various platforms.
- Name collisions on Ubuntu 14.04, Debian sid, and Slackware 14.1.
- Linking issues with libclamunrar
2014-07-02 11:38:28 +00:00
jperkin
dadce68110 Update to clamav-0.98.3. Changes:
- Support for common raw disk image formats using 512 byte sectors,
   specifically GPT, APM, and MBR partitioning.

 - Experimental support of OpenIOC files. ClamAV will now extract file
   hashes from OpenIOC files residing in the signature database location,
   and generate ClamAV hash signatures. ClamAV uses no other OpenIOC
   features at this time. No OpenIOC files will be delivered through
   freshclam. See openioc.org and iocbucket.com for additional information
   about OpenIOC.

 - All ClamAV sockets (clamd, freshclam, clamav-milter, clamdscan, clamdtop)
   now support IPV6 addresses and configuration parameters.

 - Use OpenSSL file hash functions for improved performance. OpenSSL
   is now prerequisite software for ClamAV 0.98.3.

 - Improved detection of malware scripts within image files. Issue reported
   by Maarten Broekman.

 - Change to circumvent possible denial of service when processing icons within
   specially crafted PE files. Icon limits are now in place with corresponding
   clamd and clamscan configuration parameters. This issue was reported by
   Joxean Koret.

 - Improvements to the fidelity of the ClamAV pattern matcher, an issue
   reported by Christian Blichmann.

 - Opt-in collection of statistics. Statistics collected are: sizes and MD5
   hashes of files, PE file section counts and section MD5 hashes, and names
   and counts of detected viruses. Enable statistics collection with the
  --enable-stats clamscan flag or StatsEnabled clamd configuration
   parameter.

 - Improvements to ClamAV build process, unit tests, and platform support with
   assistance and suggestions by Sebastian Andrzej Siewior, Scott Kitterman,
   and Dave Simonson.

 - Patch by Arkadiusz Miskiewicz to improve error handling in freshclam.

 - ClamAV 0.98.3 also includes miscellaneous bug fixes and documentation
   improvements.
2014-05-08 16:01:09 +00:00
jperkin
1388b301ea Pull in libxml2 for additional functionality, from Matthias Ferdinand. 2014-05-08 10:19:53 +00:00
jperkin
222f8dc36b Import initial SMF support for individual packages. 2014-03-11 14:34:36 +00:00
jperkin
45bc40abb4 Remove example rc.d scripts from PLISTs.
These are now handled dynamically if INIT_SYSTEM is set to "rc.d", or
ignored otherwise.
2014-03-11 14:04:57 +00:00
adam
d13acae988 ClamAV 0.98.1 provides improved support of Mac OS X platform, support for new file types, and
quality improvements. These include:

    - Extraction, decompression, and scanning of files within Apple Disk Image (DMG) format.

    - Extraction, decompression, and scanning of files within Extensible Archive (XAR) format.
      XAR format is commonly used for software packaging, such as PKG and RPM, as well as
      general archival.

    - Decompression and scanning of files in "Xz" compression format.

    - Improvements and fixes to extraction and scanning of ole formats.

    - Option to force all scanned data to disk. This impacts only a few file types where
      some embedded content is normally scanned in memory. Enabling this option
      ensures that a file descriptor exists when callback functions are used, at a small
      performance cost. This should only be needed when callback functions are used
      that need file access.

    - Various improvements to ClamAV configuration, support of third party libraries,
      and unit tests.
2014-01-16 09:51:54 +00:00
adam
46b3c4aee0 ClamAV 0.98 includes many new features, across many different components
of ClamAV. There are new scanning options, extensions to the libclamav API,
support for additional filetypes, and internal upgrades.
2013-10-02 18:30:13 +00:00
adam
c1a4bbb8ad Changes 0.97.8:
ClamAV 0.97.8 addresses several reported potential security bugs.
2013-04-23 18:27:41 +00:00
adam
4996bdc498 Changes 0.97.7:
This is a bugfix release.
2013-03-15 08:48:37 +00:00
asau
1a433eae91 Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days. 2012-10-23 18:16:19 +00:00
adam
69071e0c48 ClamAV 0.97.6 includes minor bug fixes and detection improvements. 2012-10-03 10:39:13 +00:00
adam
f9cc9ed261 Changes 0.97.5:
* libclamav: Scan output at end of truncated tar
* libclamav: Fix handling of tar file with malformed header
* libclamav: Scan chm with invalid handling
* freshclam: give custom dbs higher priority during update
* libclamav: detect read races and abort the scan with an error
* libclamav/pe.c: drop old header check
2012-07-02 07:12:58 +00:00
sbd
75e2e0e387 Use SET_LIBDIR with packages that want to use to lib64 2012-01-26 06:34:18 +00:00
sbd
0fea84f4dc Convert packages with add --libdir=* to CONFIGURE_ARGS to use
GNU_CONFIGURE_LIBDIR or GNU_CONFIGURE_LIBSUBDIR.
2012-01-17 21:43:18 +00:00
tez
8fdee66141 update to 0.97.3 fixes SA46455
freshclam/manager.c: fix error when compiling without DNS support (bb#3056)
libclamav/pdf.c: flag and dump PDF objects with /Launch (bb #3514)
libclamav/bytecode.c,bytecode_api.c: fix recursion level crash
2011-10-26 17:55:05 +00:00
adam
19799c1dc3 Changes 0.97.2
ClamAV 0.97.2 fixes problems with the bytecode engine, Safebrowsing detection,
hash matcher, and other minor issues. Please see the ChangeLog file for
details.
2011-07-25 22:59:12 +00:00
adam
38a2c332ee Changes 0.97.1:
This is a bugfix release recommended for all users. Please refer to the
ChangeLog file for details.
2011-07-08 09:28:06 +00:00
adam
2780cca323 Changes 0.97:
ClamAV 0.97 brings many improvements, including complete Windows support
(all major components compile out-of-box under Visual Studio), support for
signatures based on SHA1 and SHA256, better error detection, as well as
speed and memory optimizations. The complete list of changes is available
in the ChangeLog file.
2011-02-08 07:56:09 +00:00
kefren
41826c09c8 Move clamav into security/. No objections on tech-pkg@
Part of PR/32554
2010-12-24 07:11:05 +00:00