Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified)) by mollari.NetBSD.org (Postfix) with ESMTPS id 5FBBE1A9239 for ; Thu, 13 Jan 2022 15:28:25 +0000 (UTC) Received: by mail.netbsd.org (Postfix, from userid 605) id 77E3E84EBA; Thu, 13 Jan 2022 15:28:24 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id B223784D16 for ; Thu, 13 Jan 2022 15:28:23 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.netbsd.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id 7oRGNB783Wq5 for ; Thu, 13 Jan 2022 15:28:23 +0000 (UTC) Received: from cvs.NetBSD.org (ivanova.NetBSD.org [IPv6:2001:470:a085:999:28c:faff:fe03:5984]) by mail.netbsd.org (Postfix) with ESMTP id 0EB5D84EB8 for ; Thu, 13 Jan 2022 15:28:23 +0000 (UTC) Received: by cvs.NetBSD.org (Postfix, from userid 500) id 086E4FB24; Thu, 13 Jan 2022 15:28:23 +0000 (UTC) Content-Transfer-Encoding: 7bit Content-Type: multipart/mixed; boundary="_----------=_1642087703282530" MIME-Version: 1.0 Date: Thu, 13 Jan 2022 15:28:23 +0000 From: "Takahiro Kambe" Subject: CVS commit: pkgsrc/security/clamav To: pkgsrc-changes@NetBSD.org Reply-To: taca@netbsd.org X-Mailer: log_accum Message-Id: <20220113152823.086E4FB24@cvs.NetBSD.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: Precedence: bulk List-Unsubscribe: This is a multi-part message in MIME format. --_----------=_1642087703282530 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Module Name: pkgsrc Committed By: taca Date: Thu Jan 13 15:28:22 UTC 2022 Modified Files: pkgsrc/security/clamav: Makefile Makefile.common distinfo Log Message: security/clamav: update to 0.103.5 0.103.5 (2022-01-12) ClamAV 0.103.5 is a critical patch release with the following fixes: * CVE-2022-20698: Fix for invalid pointer read that may cause a crash. This issue affects 0.104.1, 0.103.4 and prior when ClamAV is compiled with libjson-c and the CL_SCAN_GENERAL_COLLECT_METADATA scan option (the clamscan --gen-json option) is enabled. Cisco would like to thank Laurent Delosieres of ManoMano for reporting this vulnerability. * Fixed ability to disable the file size limit with libclamav C API, like this: cl_engine_set_num(engine, CL_ENGINE_MAX_FILESIZE, 0); This issue didn't affect ClamD or ClamScan which also can disable the limit by setting it to zero using MaxFileSize 0 in clamd.conf for ClamD, or clamscan --max-filesize=0 for ClamScan. Note: Internally, the max file size is still set to 2 GiB. Disabling the limit for a scan will fall back on the internal 2 GiB limitation. * Increased the maximum line length for ClamAV config files from 512 bytes to 1,024 bytes to allow for longer config option strings. * SigTool: Fix insufficient buffer size for --list-sigs that caused a failure when listing a database containing one or more very long signatures. This fix was backported from 0.104. Special thanks to the following for code contributions and bug reports: * Laurent Delosieres To generate a diff of this commit: cvs rdiff -u -r1.81 -r1.82 pkgsrc/security/clamav/Makefile cvs rdiff -u -r1.21 -r1.22 pkgsrc/security/clamav/Makefile.common cvs rdiff -u -r1.40 -r1.41 pkgsrc/security/clamav/distinfo Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. --_----------=_1642087703282530 Content-Disposition: inline Content-Length: 2315 Content-Transfer-Encoding: binary Content-Type: text/x-diff; charset=us-ascii Modified files: Index: pkgsrc/security/clamav/Makefile diff -u pkgsrc/security/clamav/Makefile:1.81 pkgsrc/security/clamav/Makefile:1.82 --- pkgsrc/security/clamav/Makefile:1.81 Wed Dec 8 16:02:33 2021 +++ pkgsrc/security/clamav/Makefile Thu Jan 13 15:28:22 2022 @@ -1,6 +1,5 @@ -# $NetBSD: Makefile,v 1.81 2021/12/08 16:02:33 adam Exp $ +# $NetBSD: Makefile,v 1.82 2022/01/13 15:28:22 taca Exp $ -PKGREVISION= 1 .include "Makefile.common" COMMENT= Anti-virus toolkit Index: pkgsrc/security/clamav/Makefile.common diff -u pkgsrc/security/clamav/Makefile.common:1.21 pkgsrc/security/clamav/Makefile.common:1.22 --- pkgsrc/security/clamav/Makefile.common:1.21 Mon Nov 8 14:49:23 2021 +++ pkgsrc/security/clamav/Makefile.common Thu Jan 13 15:28:22 2022 @@ -1,9 +1,9 @@ -# $NetBSD: Makefile.common,v 1.21 2021/11/08 14:49:23 taca Exp $ +# $NetBSD: Makefile.common,v 1.22 2022/01/13 15:28:22 taca Exp $ # # used by security/clamav/Makefile # used by security/clamav-doc/Makefile -DISTNAME= clamav-0.103.4 +DISTNAME= clamav-0.103.5 CATEGORIES= security MASTER_SITES= http://www.clamav.net/downloads/production/ Index: pkgsrc/security/clamav/distinfo diff -u pkgsrc/security/clamav/distinfo:1.40 pkgsrc/security/clamav/distinfo:1.41 --- pkgsrc/security/clamav/distinfo:1.40 Mon Nov 8 14:49:23 2021 +++ pkgsrc/security/clamav/distinfo Thu Jan 13 15:28:22 2022 @@ -1,8 +1,8 @@ -$NetBSD: distinfo,v 1.40 2021/11/08 14:49:23 taca Exp $ +$NetBSD: distinfo,v 1.41 2022/01/13 15:28:22 taca Exp $ -BLAKE2s (clamav-0.103.4.tar.gz) = 0a64b0534d4b8919c787fbd7152ff87eb875b702215bccf0b586b8d9e854d69f -SHA512 (clamav-0.103.4.tar.gz) = 422a8cb98d355be098b0a0c575e4f08cf964e992d10ee02e7600eb9db6dfa943efbd988489f268e81e4d2ef29cfe582b236688ea209d6d2e46467f3c08eb475e -Size (clamav-0.103.4.tar.gz) = 16425023 bytes +BLAKE2s (clamav-0.103.5.tar.gz) = 045c523bcbd02439cc05095cc19d102eee7af6db5cda340e19ed47fb885a3ae9 +SHA512 (clamav-0.103.5.tar.gz) = 242423b507eacbbd31dbae6dd0325dff87da25bb8072f2cee7a5e7cab4b8eb5ee6196c759570c1d75986a2777f0f79f92cfbd6250a30ae5b53390c75b238c29a +Size (clamav-0.103.5.tar.gz) = 16434316 bytes SHA1 (patch-Makefile.in) = 51e0f42323f07b7ae0cb35a640469dce4e1a2041 SHA1 (patch-aa) = c07a7b6e883f384ce278964645f0658c0d986ab5 SHA1 (patch-ab) = 78793f0267ce8c820b51937186dc17dabb4a1ccf --_----------=_1642087703282530--