2bbaa92ff0
Remove rar support to workaround PR pkg/54420
This release includes 3 extra security related bug fixes that do not
apply to prior versions. In addition, it includes a number of minor bug
fixes and improvements.
* Fixes for the following vulnerabilities affecting 0.101.1 and
prior:
+ CVE-2019-1787: An out-of-bounds heap read condition may occur
when scanning PDF documents. The defect is a failure to
correctly keep track of the number of bytes remaining in a
buffer when indexing file data.
+ CVE-2019-1789: An out-of-bounds heap read condition may occur
when scanning PE files (i.e. Windows EXE and DLL files) that
have been packed using Aspack as a result of inadequate
bound-checking.
+ CVE-2019-1788: An out-of-bounds heap write condition may occur
when scanning OLE2 files such as Microsoft Office 97-2003
documents. The invalid write happens when an invalid pointer
is mistakenly used to initialize a 32bit integer to zero. This
is likely to crash the application.
* Fixes for the following ClamAV vulnerabilities:
+ CVE-2018-15378: Vulnerability in ClamAV's MEW unpacking
feature that could allow an unauthenticated, remote attacker
to cause a denial of service (DoS) condition on an affected
device. Reported by Secunia Research at Flexera.
+ Fix for a 2-byte buffer over-read bug in ClamAV's PDF parsing
code. Reported by Alex Gaynor.
* Fixes for the following vulnerabilities in bundled third-party
libraries:
+ CVE-2018-14680: An issue was discovered in mspack/chmd.c in
libmspack before 0.7alpha. It does not reject blank CHM
filenames.
+ CVE-2018-14681: An issue was discovered in kwajd_read_headers
in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file
header extensions could cause a one or two byte overwrite.
+ CVE-2018-14682: An issue was discovered in mspack/chmd.c in
libmspack before 0.7alpha. There is an off-by-one error in the
TOLOWER() macro for CHM decompression.
+ Additionally, 0.100.2 reverted 0.100.1's patch for
CVE-2018-14679, and applied libmspack's version of the fix in
its place.
* Fixes for the following CVE's:
+ CVE-2017-16932: Vulnerability in libxml2 dependency (affects
ClamAV on Windows only).
+ CVE-2018-0360: HWP integer overflow, infinite loop
vulnerability. Reported by Secunia Research at Flexera.
+ CVE-2018-0361: ClamAV PDF object length check, unreasonably
long time to parse relatively small file. Reported by aCaB.
For the full release notes, see:
https://github.com/Cisco-Talos/clamav-devel/blob/clamav-0.101.2/NEWS.md
38 lines
1.1 KiB
Makefile
38 lines
1.1 KiB
Makefile
# $NetBSD: options.mk,v 1.6 2019/08/05 14:44:20 prlw1 Exp $
|
|
|
|
PKG_OPTIONS_VAR= PKG_OPTIONS.clamav
|
|
PKG_SUPPORTED_OPTIONS= milter clamav-experimental unit-test
|
|
|
|
.include "../../mk/bsd.options.mk"
|
|
|
|
PLIST_VARS+= milter
|
|
|
|
.if !empty(PKG_OPTIONS:Mmilter)
|
|
# force use of pkgsrc version of libmilter -- clamav uses the sendmail binary
|
|
# to check API compatibility(!), so it must build with as new a version of
|
|
# libmilter as pkgsrc is capable of providing
|
|
USE_BUILTIN.libmilter= no
|
|
. include "../../mail/libmilter/buildlink3.mk"
|
|
CONFIGURE_ARGS+= --enable-milter
|
|
PLIST.milter= yes
|
|
CONF_SAMPLES+= clamav-milter.conf
|
|
SMF_INSTANCES+= clamav-milter
|
|
.else
|
|
CONFIGURE_ARGS+= --disable-milter
|
|
# XXX --disable-milter doesn't work as expected, so we need this
|
|
CONFIGURE_ENV+= ac_cv_header_libmilter_mfapi_h=no
|
|
.endif
|
|
|
|
.if !empty(PKG_OPTIONS:Mclamav-experimental)
|
|
CONFIGURE_ARGS+= --enable-experimental
|
|
.endif
|
|
|
|
# Enable unit test
|
|
.if !empty(PKG_OPTIONS:Munit-test)
|
|
CONFIGURE_ARGS+= --enable-check
|
|
TEST_TARGET= check
|
|
# unit test's Makefile depends on gmake.
|
|
USE_TOOLS+= gmake
|
|
BUILDLINK_DEPMETHOD.check= build
|
|
. include "../../devel/check/buildlink3.mk"
|
|
.endif
|