Pullup ticket #6571 - requested by taca
security/clamav: security fix

Revisions pulled up:
- security/clamav/Makefile                                      1.82
- security/clamav/Makefile.common                              1.22
- security/clamav/distinfo                                      1.41

---
  Module Name: pkgsrc
  Committed By: taca
  Date: Thu Jan 13 15:28:22 UTC 2022

  Modified Files:
  pkgsrc/security/clamav: Makefile Makefile.common distinfo

  Log Message:
  security/clamav: update to 0.103.5

  0.103.5 (2022-01-12)

  ClamAV 0.103.5 is a critical patch release with the following fixes:

  * CVE-2022-20698<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20698>:
    Fix for invalid pointer read that may cause a crash. This issue affects
    0.104.1, 0.103.4 and prior when ClamAV is compiled with libjson-c and the
    CL_SCAN_GENERAL_COLLECT_METADATA scan option (the clamscan --gen-json
    option) is enabled.

    Cisco would like to thank Laurent Delosieres of ManoMano for reporting
    this vulnerability.

  * Fixed ability to disable the file size limit with libclamav C API, like
    this:

    cl_engine_set_num(engine, CL_ENGINE_MAX_FILESIZE, 0);

    This issue didn't affect ClamD or ClamScan which also can disable the
    limit by setting it to zero using MaxFileSize 0 in clamd.conf for ClamD,
    or clamscan --max-filesize=0 for ClamScan.

    Note: Internally, the max file size is still set to 2 GiB. Disabling the
    limit for a scan will fall back on the internal 2 GiB limitation.

  * Increased the maximum line length for ClamAV config files from 512 bytes
    to 1,024 bytes to allow for longer config option strings.

  * SigTool: Fix insufficient buffer size for --list-sigs that caused a
    failure when listing a database containing one or more very long
    signatures. This fix was backported from 0.104.

  Special thanks to the following for code contributions and bug reports:

  * Laurent Delosieres

(bsiegert)