Content-Transfer-Encoding: 7bit
Content-Type: multipart/mixed; boundary="_----------=_15895607053220"
MIME-Version: 1.0
Date: Fri, 15 May 2020 16:38:25 +0000
From: "Benny Siegert" <bsiegert@netbsd.org>
Subject: CVS commit: [pkgsrc-2020Q1] pkgsrc/security/clamav
To: pkgsrc-changes@NetBSD.org
Reply-To: bsiegert@netbsd.org
Message-Id: <20200515163825.E17B4FB27@cvs.NetBSD.org>
Sender: pkgsrc-changes-owner@NetBSD.org
Precedence: bulk

This is a multi-part message in MIME format.

--_----------=_15895607053220
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"

Module Name:	pkgsrc
Committed By:	bsiegert
Date:		Fri May 15 16:38:25 UTC 2020

Modified Files:
	pkgsrc/security/clamav [pkgsrc-2020Q1]: Makefile Makefile.common
	    distinfo

Log Message:
Pullup ticket #6195 - requested by taca
security/clamav: security fix

Revisions pulled up:
- security/clamav/Makefile                                      1.64-1.65
- security/clamav/Makefile.common                               1.16
- security/clamav/distinfo                                      1.33

---
   Module Name:	pkgsrc
   Committed By:	adam
   Date:		Wed May  6 14:05:09 UTC 2020

   Modified Files:
   	pkgsrc/security/clamav: Makefile

   Log Message:
   revbump after boost update

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Wed May 13 14:58:58 UTC 2020

   Modified Files:
   	pkgsrc/security/clamav: Makefile Makefile.common distinfo

   Log Message:
   security/clamav: update to 0.102.3

   Update clamav to 0.102.3.

   ## 0.102.3

   ClamAV 0.102.3 is a bug patch release to address the following issues.

   - [CVE-2020-3327](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3327):
     Fix a vulnerability in the ARJ archive parsing module in ClamAV 0.102.2 that
     could cause a Denial-of-Service (DoS) condition. Improper bounds checking of
     an unsigned variable results in an out-of-bounds read which causes a crash.

     Special thanks to Daehui Chang and Fady Othman for helping identify the ARJ
     parsing vulnerability.

   - [CVE-2020-3341](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3341):
     Fix a vulnerability in the PDF parsing module in ClamAV 0.101 - 0.102.2 that
     could cause a Denial-of-Service (DoS) condition. Improper size checking of
     a buffer used to initialize AES decryption routines results in an out-of-
     bounds read which may cause a crash. Bug found by OSS-Fuzz.

   - Fix "Attempt to allocate 0 bytes" error when parsing some PDF documents.

   - Fix a couple of minor memory leaks.

   - Updated libclamunrar to UnRAR 5.9.2.


To generate a diff of this commit:
cvs rdiff -u -r1.63 -r1.63.2.1 pkgsrc/security/clamav/Makefile
cvs rdiff -u -r1.15 -r1.15.2.1 pkgsrc/security/clamav/Makefile.common
cvs rdiff -u -r1.32 -r1.32.2.1 pkgsrc/security/clamav/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


--_----------=_15895607053220
Content-Disposition: inline
Content-Length: 2446
Content-Transfer-Encoding: binary
Content-Type: text/x-diff; charset=us-ascii

Modified files:

Index: pkgsrc/security/clamav/Makefile
diff -u pkgsrc/security/clamav/Makefile:1.63 pkgsrc/security/clamav/Makefile:1.63.2.1
--- pkgsrc/security/clamav/Makefile:1.63	Sun Mar  8 16:51:06 2020
+++ pkgsrc/security/clamav/Makefile	Fri May 15 16:38:25 2020
@@ -1,6 +1,5 @@
-# $NetBSD: Makefile,v 1.63 2020/03/08 16:51:06 wiz Exp $
+# $NetBSD: Makefile,v 1.63.2.1 2020/05/15 16:38:25 bsiegert Exp $
 
-PKGREVISION= 1
 .include "Makefile.common"
 
 COMMENT=	Anti-virus toolkit

Index: pkgsrc/security/clamav/Makefile.common
diff -u pkgsrc/security/clamav/Makefile.common:1.15 pkgsrc/security/clamav/Makefile.common:1.15.2.1
--- pkgsrc/security/clamav/Makefile.common:1.15	Sat Feb 15 02:40:43 2020
+++ pkgsrc/security/clamav/Makefile.common	Fri May 15 16:38:25 2020
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile.common,v 1.15 2020/02/15 02:40:43 taca Exp $
+# $NetBSD: Makefile.common,v 1.15.2.1 2020/05/15 16:38:25 bsiegert Exp $
 #
 # used by security/clamav/Makefile
 # used by security/clamav-doc/Makefile
 
-DISTNAME=	clamav-0.102.2
+DISTNAME=	clamav-0.102.3
 CATEGORIES=	security
 MASTER_SITES=	http://www.clamav.net/downloads/production/
 

Index: pkgsrc/security/clamav/distinfo
diff -u pkgsrc/security/clamav/distinfo:1.32 pkgsrc/security/clamav/distinfo:1.32.2.1
--- pkgsrc/security/clamav/distinfo:1.32	Sat Feb 15 02:40:43 2020
+++ pkgsrc/security/clamav/distinfo	Fri May 15 16:38:25 2020
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.32 2020/02/15 02:40:43 taca Exp $
+$NetBSD: distinfo,v 1.32.2.1 2020/05/15 16:38:25 bsiegert Exp $
 
-SHA1 (clamav-0.102.2.tar.gz) = 9adabeac41736770aa22ae1ee1f8aba9e253cfaa
-RMD160 (clamav-0.102.2.tar.gz) = a1ef9999257f02ca55abc8da73b4456e0f02ec80
-SHA512 (clamav-0.102.2.tar.gz) = 7db53e0e2b4d6b0e4cf5048d3c9dfbcabcffd680c3a2b718c763b9599b0c1c14e56bae70c54c251ee9e8fd1acd3134657196dbaad2d23a16bad76a088c6fc41f
-Size (clamav-0.102.2.tar.gz) = 13227538 bytes
+SHA1 (clamav-0.102.3.tar.gz) = c6397a35f4ae77a3aa3241551120da45662d1f39
+RMD160 (clamav-0.102.3.tar.gz) = 85d1f1f607edfc9b8deeb68aaba39f0875b31863
+SHA512 (clamav-0.102.3.tar.gz) = d239718814b303fb0f1655d9bdaf3675d888eea57e786d927eafabb7b6f58cd7f5fb7dc149511c2af6f800dcc919f2e1d6954110d45b9e16619c632e8d2b37f2
+Size (clamav-0.102.3.tar.gz) = 13226108 bytes
 SHA1 (patch-Makefile.in) = a11766ea353d81fb281a07c8120e8a1f5c8dc60f
 SHA1 (patch-aa) = 8539a90ac5591c86f7e9f6b8c073f36523f221a5
 SHA1 (patch-ab) = 78793f0267ce8c820b51937186dc17dabb4a1ccf


--_----------=_15895607053220--