Commit graph

117 commits

Author SHA1 Message Date
ghen
035c63cdb4 Update to ClamAV 0.93.3 (security update during freeze, approved by agc).
* fix handling of .cld files
  * libclamav/ole2_extract.c, sigtool: make sigtool compatible with the new
				       OLE2 scan scheme (bb#1086)
  * libclamav/petite.c: fix another out of bounds memory read (bb#1000)
			Reported by Secunia (CVE-2008-2713)
  * clamd/others.c: add missing checks for recv() failures (bb#1079)
  * libclamav/scanners.c: add missing check for file open failure (bb #1083).
  * sigtool/sigtool.c: make use of the UNLINK command in cdiffs (bb#1080)
  * sigtool/sigtool.c: verify MD5's in --run-cdiff
  * libclamav/matcher-ac.c: fix handling of nodes which also match single
			    bytes (bb#1054)
  * libclamav: faster loading of uncompressed .cld files, also fixes bb#1064
  * merge r3816 from trunk (bb #947, AIX name collisions)
  * freshclam/manager.c: add missing closesocket on error path (bb #1073).
2008-07-09 08:40:13 +00:00
joerg
ba171a91fa Add DESTDIR support. 2008-06-12 02:14:13 +00:00
martti
26de1f6fca Updated mail/clamav to 0.93.1
* libclamav/petite.c: fix possible invalid memory access (bb#1000)
    Reported by Damian Put
  * clamdscan/clamdscan.c: don't show scan summary when clamd cannot be
    contacted (bb#1041)
  * libclamav/hashtab.[ch], scanners.c: avoid using C99 flexible array members
    (bb #1039)
  * libclamav/unzip.c: correct the previous fix
  * libclamav/unzip.c: check for unprefixed bz2 - bb#1038
  * libclamav/ole2_extract.c: revert last commit
  * libclamav/ole2_extract.c: use cli_unlink
  * libclamav/ole2_extract.c: partial scan of broken ole files
  * contrib/init/RedHat: check for already running clamav-milter (bb #823)
  * libclamav/regex: avoid name collisions on AIX (bb #947)
    sync with libc: minor cleanups
  * doc/clamdoc.tex: add a note about forking daemons (bb#906)
  * libclamav/Makefile.am: link .la files first, this
    should avoid linking to old libclamav as in bb #931
  * libclamav/readdb.h: read daily.cfg stored inside .cld containers (bb#1006)
  * libclamav/mbox.c, shared/network.c: prevent uninitialized use of hostent
    structure (bb #1003).
  * libclamav/mspack.c: downgrade some error messages (bb#911)
  * clamav-milter: retrieve db version from daily.cld (bb#942)
  * libclamav/scanners.c: don't return CL_EMAX* error codes to
    applications (bb#1001)
  * clamscan/manager.c: print information about clean files when the RAR
    code is not compiled-in (bb#999)
  * libclamav/unzip.c: remove detection of Suspect.Zip and
    Exploit.Zip.ModifiedHeaders (bb#997)
  * libclamav: scan for embedded PEs inside OLE2 files (bb#914)
  * libclamav/cvd.c: add work-around for zlib issues with mixed data (bb#932)
  * libclamav/others.h: explicitely cast some constants (bb#936)
  * sigtool/sigtool.c: bb#938 (sigtool --list-sigs not working with .cld files)
  * libclamav/dconf.h: fix flag code assignment (bb #952)
  * libclamav/iana_tld.h, libclamav/phishcheck.c: update TLD list (bb #925)
2008-06-10 08:23:54 +00:00
martti
8fe137f1da Updated mail/clamav to 0.93
http://secunia.com/secunia_research/2008-11/advisory/
http://www.frsirt.com/english/advisories/2008/1218

Changes since 0.92.1

This release introduces many new features and engine enhancements, please
see the notes below for the list of major changes. The most visible one
is the new logic in scan limits which affects some command line and config
options of clamscan and clamd. Please see clamscan(1) and clamd.conf(5)
and the example config file for more information on the new options.

Most important changes include:

  * libclamav:
    - New logic in scan limits: provides much more efficient protection against
      DoS attacks but also results in different command line and config options
      to clamscan and clamd (see below)
    - New/improved modules: unzip, SIS, cabinet, CHM, SZDD, text normalisator,
      entity converter
    - Improved filetype detection; filetype definitions can be remotely updated
    - Support for .cld containers (which replace .inc directories)
    - Improved pattern matcher and signature formats
    - More efficient scanning of HTML files
    - Many other improvements

  * clamd:
    - NEW CONFIG FILE OPTIONS: MaxScanSize, MaxFileSize, MaxRecursion, MaxFiles
    - ** THE FOLLOWING OPTIONS ARE NO LONGER SUPPORTED **: MailMaxRecursion,
      ArchiveMaxFileSize, ArchiveMaxRecursion, ArchiveMaxFiles,
      ArchiveMaxCompressionRatio, ArchiveBlockMax

  * clamscan:
    - NEW CMDLINE OPTIONS: --max-filesize, --max-scansize
    - REMOVED OPTIONS: --block-max, --max-space, --max-ratio

  * freshclam:
    - NEW CONFIG OPTION CompressLocalDatabase
    - NEW CMDLINE SWITCH --no-warnings
    - main.inc and daily.inc directories are no longer used by ClamAV; please
      remove them manually from your database directory
2008-04-15 07:56:06 +00:00
jlam
841dfa0e7a Convert to use PLIST_VARS instead of manually passing "@comment "
through PLIST_SUBST to the plist module.
2008-04-12 22:42:57 +00:00
martti
7ee1e1c1d3 Updated mail/clamav to 0.92.1
* Fix pkg/36853 with patch from Christos Zoulas (patch-ba)
* Lots of bug fixes since 0.92
2008-02-12 14:17:16 +00:00
martti
9bfdbc64be Updated mail/clamav to 0.92
This release provides various bugfixes, optimisations and improvements
to the scanning engine. The new features include support for ARJ and
SFX-ARJ archives, AutoIt, basic SPF parser in clamav-milter (to reduce
phishing false-positives), faster scanning and others (see ChangeLog).
To get a consistent behaviour of the anti-phishing module on all platforms,
libclamav now includes the regex library from OpenBSD.
2007-12-18 08:16:10 +00:00
martti
775a28413e Updated mail/clamav to 0.91.2
* Bugfixes and changes since 0.91.1:
    - libclamav/rtf.c: fix possible NULL dereference (bb#611)
    - libclamav/ole2_extract.c: properly initialise hdr.max_block_no (bb#603)
    - libclamav/htmlnorm.c: fix possible NULL dereference (bb#582),
      thanks to Stefanos Stamatis
    - libclamav/htmlnorm.c: fix call to tolower() (bb#580)
    - libclamav/filetypes.c: some embedded PEs were not being detected
    - clamav-milter: Fix compilation error on NetBSD2.0
    - clamav-milter: Black-hole-mode no longer needs to be run as root
    - libclamav/pdf.c: Bug 618, --block-max not always honoured
    - libclamav/phishcheck.c, regex_list.c, phish_whitelist.c: make debug
      output look better (patch from Sven)
    - libclamav/phishcheck.c: Don't report phishing on broken urls containing
      '>' in the hostname. (bb #619)
    - libclamav, sigtool: add support for PUA databases (.hdu, .mdu, .ndu),
      requested by Christoph
    - clamscan: add --detect-pua
    - clamd, clamd.conf: add DetectPUA
    - freshclam/mirman.c: properly handle mirror access times (bb#606, only
      outdated installations - three versions behind the latest one were
      affected by this problem),
      Reported by David F. Skoll <dfs*roaringpenguin.com>
    - clamav-milter:      Bug 614
    - libclamav/pdf.c:    Bug 608
    - clamav-milter:      SPF checking no longer experimental
    - libclamav/phishcheck.c: workaround Solaris problem with regexec() [bb #598
]
    - libclamav/matcher-ac.c: fix matching of patterns with prefixes and some
      other issues spotted by Glen <daineng*gmail.com>
    - clamav-milter/clamav-milter.c: Better use of res_init()
    - clamav-milter/clamav-milter.c: HP-UX doesn't have EX_CONFIG, reported
      by clam * ministry.se
2007-08-22 08:02:57 +00:00
martti
1ebbf210cb Updated mail/clamav to 0.91.1nb1
Fix for https://wwws.clamav.net/bugzilla/show_bug.cgi?id=580
2007-07-18 06:57:59 +00:00
martti
dd9b4fc4e6 Updated mail/clamav to 0.91.1
- libclamav/others.c: bump f-level
    - libclamav/unrar/unrarvm.c: fix another occurrence of bb#555, thanks to
      Ludwig Nussel <ludwig.nussel*suse.de>
    - sigtool/sigtool.c: increase MAX_DEL_LOOKAHEAD, requested by Sven
    - libclamav/scanner.c: don't search for embedded PEs in zip files larger
      than 1 MB (bb#573)
    - clamav-milter: Fix memory leak when load balancing
    - clamav-milter: Chroot handling no longer marked as experimental
    - libclamav/nsis: fix macro collision on AIX - bb#570
    - libclamav/phishcheck.c: fix (null) FOUND
    - libclamav: rename x86 macroes due to collisions on HPUX
    - libclamav: Fix warnings on HP-UX
2007-07-17 06:54:31 +00:00
xtraeme
b40a1cdcd3 Update to 0.91:
ClamAV 0.91 is the first release to enable the anti-phishing technology
in default builds. This technology combines heuristics with special
signatures and provides effective protection against phishing threats.
Other important changes and add-ons in this version include:

- unpacker for NSIS (Nullsoft Scriptable Install System) self-extracting
  archives
- unpacker for ASPack 2.12
- new implementation of the Aho-Corasick pattern matcher providing
  better detection for wildcard enabled signatures
- support for nibble matching and floating offsets
- improved handling of .mdb files (fixes long startup times)
- extraction of PE files embedded into other executables
- better handling of PE & UPX
- removed dependency on libcurl (improves stability)
- libclamav.dll available under Windows
- IPv6 support in clamav-milter
- many other improvements and bugfixes
2007-07-11 17:44:22 +00:00
jlam
4390d56940 Make it easier to build and install packages "unprivileged", where
the owner of all installed files is a non-root user.  This change
affects most packages that require special users or groups by making
them use the specified unprivileged user and group instead.

(1) Add two new variables PKG_GROUPS_VARS and PKG_USERS_VARS to
    unprivileged.mk.  These two variables are lists of other bmake
    variables that define package-specific users and groups.  Packages
    that have user-settable variables for users and groups, e.g. apache
    and APACHE_{USER,GROUP}, courier-mta and COURIER_{USER,GROUP},
    etc., should list these variables in PKG_USERS_VARS and PKG_GROUPS_VARS
    so that unprivileged.mk can know to set them to ${UNPRIVILEGED_USER}
    and ${UNPRIVILEGED_GROUP}.

(2) Modify packages to use PKG_GROUPS_VARS and PKG_USERS_VARS.
2007-07-04 20:54:31 +00:00
wiz
486a341397 Fix path to pidfile. Noted by Peter Avalos.
Bump PKGREVISION.
2007-06-17 22:06:33 +00:00
wiz
174334c6be Improvements for freshclamd script from Sergey Svishchev:
For some reason, the script creates the pid file itself, instead
of using '-p' option to freshclamd.  sig_stop=KILL seems unnecessary,
too.

Bump PKGREVISION.
2007-06-15 22:31:39 +00:00
martti
00019267a1 Regenerated. 2007-05-31 05:28:09 +00:00
martti
6dc2178708 Updated mail/clamav to 0.90.3
Lots of bug fixes since 0.90.2. For details, see ChangeLog.
2007-05-31 05:26:46 +00:00
xtraeme
424ab80127 Update to 0.90.2:
This release fixes many problems in libclamav and freshclam.
2007-04-13 08:58:46 +00:00
rillig
f507b28053 NetBSD 1.6 does not have the readdir_r function. 2007-03-15 03:15:25 +00:00
martti
0c6390642d Updated mail/clamav to 0.90.1
Lots of fixes since 0.90. For details, see ChangeLog.
2007-03-06 10:32:33 +00:00
xtraeme
5b082f8e6a Disable --enable-experimental by default, because it does not work
correctly with sparc64.

Make it an option: clamav-experimental.

Move all options into the options.mk file.
2007-02-28 20:42:05 +00:00
xtraeme
d38e283f90 Enable the option readdir_r, clamav will use it if it's available and
if it was enabled correctly in autoconf.
2007-02-17 12:06:10 +00:00
xtraeme
163f0b6c3d Update to 0.90:
The 0.9x series introduces lots of improvements in terms of detection
rate and performance, like support for many new packers and decryptors,
RAR3 and SIS archives, and a new phishing signatures format that proves
to be very effective.
2007-02-16 14:40:41 +00:00
xtraeme
e654ac4c1d Update to 0.88.7:
This version improves scanning of mail and tar files.
2006-12-11 18:55:45 +00:00
wiz
658d9cf876 tv@ pointed out that curl-7.16.0 had a shlib major bump --
increase its BUILDLINK_ABI_DEPENDS, and bump PKGREVISIONs
of dependencies.

Sorry for not finding this earlier.
2006-11-19 11:50:23 +00:00
ghen
ee81f46750 mail/clamav: rename VIRUSDBDIR to CLAMAV_DBDIR and make it user-settable.
Default value is kept but now set in mk/defaults/mk.conf.
2006-11-08 17:33:26 +00:00
martti
217f675802 Updated mail/clamav to 0.88.6
- freshclam: apply timeout patch from Everton da Silva Marques
      <everton*lab.ipaccess.diveo.net.br> (new options: ConnectTimeout and
      ReceiveTimeout)
    - clamd: change stack size at the right place (closes bug#103)
      Patch from Jonathan Chen <jon+clamav*spock.org>
    - libclamav/petite.c: sanity check the number of rebuilt sections (speeds
      up handling of malformed files)
2006-11-07 07:09:06 +00:00
martti
32b8926a98 Updated mail/clamav to 0.88.5
(I tried to contact the MAINTAINER but got no reply. I'm using this in our
production systems so this should work just fine.)

  * Bugfixes:
    - libclamav/rebuildpe.c: fix possible heap overflow [IDEF1597]
    - libclamav/chmunpack.c: fix possible crash [IDEF1736]
    - freshclam/manager.c: "Cache-Control: no-cache" is now disabled by default.
      If you're behind a broken proxy you can recompile freshclam with
      --enable-no-cache.
2006-10-19 07:30:15 +00:00
salo
0d6f3ca590 Security update to version 0.88.4
Changes:
- libclamav/upx.c: fix possible heap overflow
  See http://www.clamav.net/security/0.88.4.html for details.
- libclamav/tnef.c: handle trailing newline at the end of winmail.dat,
  bug reported by Menno Smits <menno*netboxblue.com>
- freshclam/manager.c: fix possible infinite loop when read() fails
  in get_database(), spotted by Everton da Silva Marques
  <everton*lab.ipaccess.diveo.net.br>
2006-08-09 18:35:45 +00:00
jlam
c16221a4db Change the format of BUILDLINK_ORDER to contain depth information as well,
and add a new helper target and script, "show-buildlink3", that outputs
a listing of the buildlink3.mk files included as well as the depth at
which they are included.

For example, "make show-buildlink3" in fonts/Xft2 displays:

	zlib
	fontconfig
	    iconv
	    zlib
	    freetype2
	    expat
	freetype2
	Xrender
	    renderproto
2006-07-08 23:10:35 +00:00
jlam
9430e49307 Track information in a new variable BUILDLINK_ORDER that informs us
of the order in which buildlink3.mk files are (recursively) included
by a package Makefile.
2006-07-08 22:38:58 +00:00
xtraeme
a0dbfe7bf2 Update to 0.88.3:
This version fixes handling of large binhex files and multiple alternatives
in virus signatures.
2006-07-02 12:01:12 +00:00
jnemeth
912c86129a add rcvar to freshclamd rcd script so that it obeys "freshclamd=NO" in
/etc/rc.conf
2006-06-20 20:24:45 +00:00
xtraeme
d2a1bb4313 Update to 0.88.2:
This release improves virus detection, fixes zip handling on 64-bit
architectures and possible security problem in freshclam.
2006-04-30 06:50:00 +00:00
jlam
802ce74fcb Modify packages that set PKG_USERS and PKG_GROUPS to follow the new
syntax as specified in pkgsrc/mk/install/bsd.pkginstall.mk:1.47.
2006-04-23 00:12:35 +00:00
rillig
96fc47c14f Aligned the last line of the buildlink3.mk files with the first line, so
that they look nicer.
2006-04-12 10:26:59 +00:00
grant
df15b69a0c update clamav to 0.88.1.
changes since 0.88:

  * Bugfixes:
    - libclamav/matcher.c: properly handle partial reads in cli_scandesc()
    - libclamav/mbox.c: sync with CVS, fixes detection of Worm.Bagle.CT
    - freshclam: fix support for LocalIPAddress
      Patch by Anton Yuzhaninov <citrin*citrin.ru>
    - docs/man: multiple manpage typo fixes
      Patch by A. Costa <agcosta*gis.net>)
    - shared/output.c: properly handle return value of vsnprintf
      Thanks to Anton Yuzhaninov <citrin*rambler-co.ru>
    - libclamav/htmlnorm.c: fix typo spotted by Gianluigi Tiesi
      <sherpya*netfarm.it>
    - sigtool/sigtool.c: fix possible crash in build(), thanks to Sven
    - clamd/session.c: remove static timeout (5s) for SESSION
      Pointed out by Joseph Benden <joe*thrallingpenguin.com>
    - libclamav/pe.c: fix possible integer overflow reported by Damian Put
      Note: only exploitable if file size limit (ArchiveMaxFileSize) disabled
    - libclamav/scanners.c: properly report archive unpacking errors
      Problem spotted by David F. Skoll <dfs*roaringpenguin.com>
    - libclamav/others.c: fix possible crash in cli_bitset_test()
      Reported by David Luyer <david_luyer*pacific.net.au>
    - libclamav/zziplib: fix possible crash on FreeBSD
      Reported by Robert Rebbun <robert*desertsurf.com>
    - clamav-milter: fall back if sendfile() fails
2006-04-07 11:20:37 +00:00
reed
5abef9be14 Over 1200 files touched but no revisions bumped :)
RECOMMENDED is removed. It becomes ABI_DEPENDS.

BUILDLINK_RECOMMENDED.foo becomes BUILDLINK_ABI_DEPENDS.foo.

BUILDLINK_DEPENDS.foo becomes BUILDLINK_API_DEPENDS.foo.

BUILDLINK_DEPENDS does not change.

IGNORE_RECOMMENDED (which defaulted to "no") becomes USE_ABI_DEPENDS
which defaults to "yes".

Added to obsolete.mk checking for IGNORE_RECOMMENDED.

I did not manually go through and fix any aesthetic tab/spacing issues.

I have tested the above patch on DragonFly building and packaging
subversion and pkglint and their many dependencies.

I have also tested USE_ABI_DEPENDS=no on my NetBSD workstation (where I
have used IGNORE_RECOMMENDED for a long time). I have been an active user
of IGNORE_RECOMMENDED since it was available.

As suggested, I removed the documentation sentences suggesting bumping for
"security" issues.

As discussed on tech-pkg.

I will commit to revbump, pkglint, pkg_install, createbuildlink separately.

Note that if you use wip, it will fail!  I will commit to pkgsrc-wip
later (within day).
2006-04-06 06:21:32 +00:00
jlam
daad0f3d6c Modify the pkginstall framework so that it manages all aspects of
INSTALL/DEINSTALL script creation within pkgsrc.

If an INSTALL or DEINSTALL script is found in the package directory,
it is automatically used as a template for the pkginstall-generated
scripts.  If instead, they should be used simply as the full scripts,
then the package Makefile should set INSTALL_SRC or DEINSTALL_SRC
explicitly, e.g.:

	INSTALL_SRC=	${PKGDIR}/INSTALL
	DEINSTALL_SRC=	# emtpy

As part of the restructuring of the pkginstall framework internals,
we now *always* generate temporary INSTALL or DEINSTALL scripts.  By
comparing these temporary scripts with minimal INSTALL/DEINSTALL
scripts formed from only the base templates, we determine whether or
not the INSTALL/DEINSTALL scripts are actually needed by the package
(see the generate-install-scripts target in bsd.pkginstall.mk).

In addition, more variables in the framework have been made private.
The *_EXTRA_TMPL variables have been renamed to *_TEMPLATE, which are
more sensible names given the very few exported variables in this
framework.  The only public variables relating to the templates are:

	INSTALL_SRC		INSTALL_TEMPLATE
	DEINSTALL_SRC		DEINSTALL_TEMPLATE
				HEADER_TEMPLATE

The packages in pkgsrc have been modified to reflect the changes in
the pkginstall framework.
2006-03-14 01:14:26 +00:00
wiz
89e2c3ea9e clamav-milter(8) is installed even if milter plugin
is not built. Add it to PLIST unconditionally. Bump PKGREVISION.
2006-02-19 00:05:11 +00:00
joerg
5911def816 Recursive revision bump / recommended bump for gettext ABI change. 2006-02-05 23:08:03 +00:00
xtraeme
57e6bcb2b5 Update to 0.88:
A possible heap overflow in the UPX code has been fixed. General improvements
include better zip and mail processing, and support for a self-protection mode.
The security of the UPX, FSG and Petite modules has been improved, too.
2006-01-10 19:00:00 +00:00
jlam
dc9594e09d Remove USE_PKGINSTALL from pkgsrc now that mk/install/pkginstall.mk
automatically detects whether we want the pkginstall machinery to be
used by the package Makefile.
2005-12-29 06:21:30 +00:00
rillig
579e977969 Ran "pkglint --autofix", which corrected some of the quoting issues in
CONFIGURE_ARGS.
2005-12-05 23:55:01 +00:00
rillig
b71a1d488b Fixed pkglint warnings. The warnings are mostly quoting issues, for
example MAKE_ENV+=FOO=${BAR} is changed to MAKE_ENV+=FOO=${BAR:Q}. Some
other changes are outlined in

    http://mail-index.netbsd.org/tech-pkg/2005/12/02/0034.html
2005-12-05 20:49:47 +00:00
grant
67d3a05330 update clamav to 0.87.1.
changes since 0.87:

  * Bugfixes:
    - libclamav/petite.c: fix boundary checks (acab)
    - libclamav/mbox.c: scan attachments that have no filename (njh)
    - libclamav/fsg.c: fix buffer size calculation in unfsg_133
      Reported by Zero Day Initiative (ZDI-CAN-004)
    - libclamav/tnef.c: fix possible infinite loop
      Reported by iDEFENSE (IDEF1169).
    - libclamav/mspack/cabd.c: fix possible infinite loop in cabd_find
      (tk)
      Reported by iDEFENSE (IDEF1180).
    - clamd/others.c: fix compilation error on Cobalt Qube 1 (tk)
    - clamd: properly handle ReadTimeout in SESSION (tk)
      Bug reported by Kamil Kaczkowski <kamil*kamil.eisp.pl>
    - libclamav/others.c,h: Add generic bitset implementation (trog)
    - libclamav/ole2_extract.c: Make sure the property tree doesn't
      loop (trog)
      Fixes CAN-2005-3239. Installations with default settings were
      not affected by this bug.
2005-11-04 03:47:49 +00:00
rillig
78e94603af Added --with-zlib=${BUILDLINK_PREFIX.zlib} to CONFIGURE_ARGS. This
should fix PR 31898.
2005-10-23 22:32:20 +00:00
rillig
4850700f3c Added a chunk to patch-ah that fixes one of the ubiquitous
declaration-after-code occurences. Fixes PR #31576.
2005-10-13 18:09:06 +00:00
xtraeme
1fee0d8f1b Update to 0.87, closes PR pkg/31339.
This version fixes vulnerabilities in handling of UPX and FSG compressed
executables. Support for PE files, Zip and Cabinet archives has been improved
and other small bugfixes have been made. The new option "--on-outdated-execute"
allows freshclam to run a command when system reports a new engine version.
2005-09-27 14:23:41 +00:00
rillig
7a95adad42 The real user name in PKG_USERS does not need to be escaped with double
backslashes anymore. A single backslash is enough. Changed the
definition in all affected packages. For those that are not caught, an
additional check is placed into bsd.pkginstall.mk.
2005-08-23 11:48:47 +00:00
grant
3eb4635a5b bump BUILDLINK_RECOMMENDED to 0.86.2, for security issue described in
http://secunia.com/advisories/16180/
2005-07-27 01:21:49 +00:00