Wed May 20 21:15:26 2015 UTC ()
Update clamav to 0.98.7.
This release contains new scanning features and bug fixes.
- Improvements to PDF processing: decryption, escape sequence
handling, and file property collection.
- Scanning/analysis of additional Microsoft Office 2003 XML format.
- Fix infinite loop condition on crafted y0da cryptor file. Identified
and patch suggested by Sebastian Andrzej Siewior. CVE-2015-2221.
- Fix crash on crafted petite packed file. Reported and patch
supplied by Sebastian Andrzej Siewior. CVE-2015-2222.
- Fix false negatives on files within iso9660 containers. This issue
was reported by Minzhuan Gong.
- Fix a couple crashes on crafted upack packed file. Identified and
patches supplied by Sebastian Andrzej Siewior.
- Fix a crash during algorithmic detection on crafted PE file.
Identified and patch supplied by Sebastian Andrzej Siewior.
- Fix an infinite loop condition on a crafted "xz" archive file.
This was reported by Dimitri Kirchner and Goulven Guiheux.
CVE-2015-2668.
- Fix compilation error after ./configure --disable-pthreads.
Reported and fix suggested by John E. Krokes.
- Apply upstream patch for possible heap overflow in Henry Spencer's
regex library. CVE-2015-2305.
- Fix crash in upx decoder with crafted file. Discovered and patch
supplied by Sebastian Andrzej Siewior. CVE-2015-2170.
- Fix segfault scanning certain HTML files. Reported with sample by
Kai Risku.
- Improve detections within xar/pkg files.
(bouyer)
diff -r1.23 -r1.24 pkgsrc/security/clamav/Makefile
diff -r1.1 -r1.2 pkgsrc/security/clamav/Makefile.common
diff -r1.18 -r1.19 pkgsrc/security/clamav/distinfo
--- pkgsrc/security/clamav/Makefile 2015/03/17 08:55:57 1.23
+++ pkgsrc/security/clamav/Makefile 2015/05/20 21:15:26 1.24
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.23 2015/03/17 08:55:57 taca Exp $
+# $NetBSD: Makefile,v 1.24 2015/05/20 21:15:26 bouyer Exp $
DISTNAME= clamav-${CLAMAV_VERSION}
-PKGREVISION= 2
+#PKGREVISION= 2
CATEGORIES= security
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=clamav/}
--- pkgsrc/security/clamav/Makefile.common 2015/03/15 00:52:53 1.1
+++ pkgsrc/security/clamav/Makefile.common 2015/05/20 21:15:26 1.2
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile.common,v 1.1 2015/03/15 00:52:53 taca Exp $
+# $NetBSD: Makefile.common,v 1.2 2015/05/20 21:15:26 bouyer Exp $
#
# used by clamav/Makefile
# used by clamav-doc/Makefile
-CLAMAV_VERSION= 0.98.6
+CLAMAV_VERSION= 0.98.7
DISTINFO_FILE= ${.CURDIR}/../../security/clamav/distinfo
--- pkgsrc/security/clamav/distinfo 2015/03/17 06:00:07 1.18
+++ pkgsrc/security/clamav/distinfo 2015/05/20 21:15:26 1.19
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.18 2015/03/17 06:00:07 taca Exp $
+$NetBSD: distinfo,v 1.19 2015/05/20 21:15:26 bouyer Exp $
-SHA1 (clamav-0.98.6.tar.gz) = 03cb9a20a08aba9176b1f58d5527d06ec8261f9c
-RMD160 (clamav-0.98.6.tar.gz) = 48d5fbbdb183e61309212c6bc69f777f99346bd5
-Size (clamav-0.98.6.tar.gz) = 15148292 bytes
+SHA1 (clamav-0.98.7.tar.gz) = c9793d67c041e2b944116d912f8681c8bd6e4432
+RMD160 (clamav-0.98.7.tar.gz) = 140561a2d1a0c013cb679f6af0ae48cc4cb92484
+Size (clamav-0.98.7.tar.gz) = 15118851 bytes
SHA1 (patch-Makefile.in) = 070fe734113de9fc6ce5f02de088b10281913b00
SHA1 (patch-aa) = 8539a90ac5591c86f7e9f6b8c073f36523f221a5
SHA1 (patch-ab) = fea995ea944c2ae0f51a41e1a1076badf65c6c8b