PR/54951 CVS commit: [pkgsrc-2019Q4] pkgsrc/security/clamav

["Benny Siegert" <bsiegert%netbsd.org@localhost>]

The following reply was made to PR pkg/54951; it has been noted by GNATS.

From: "Benny Siegert" <bsiegert%netbsd.org@localhost>
To: gnats-bugs%gnats.NetBSD.org@localhost
Cc: 
Subject: PR/54951 CVS commit: [pkgsrc-2019Q4] pkgsrc/security/clamav
Date: Sat, 22 Feb 2020 19:45:06 +0000

 Module Name:	pkgsrc
 Committed By:	bsiegert
 Date:		Sat Feb 22 19:45:06 UTC 2020
 
 Modified Files:
 	pkgsrc/security/clamav [pkgsrc-2019Q4]: Makefile.common distinfo
 
 Log Message:
 Pullup ticket #6137 - requested by taca
 security/clamav: security fix + partial fix for PR pkg/54951
 
 Revisions pulled up:
 - security/clamav/Makefile                                      1.60-1.62
 - security/clamav/Makefile.common                               1.14-1.15
 - security/clamav/distinfo                                      1.32
 
 ---
    Module Name:    pkgsrc
    Committed By:   ryoon
    Date:           Sun Jan 12 20:20:50 UTC 2020
 
    Modified Files:
            pkgsrc/security/clamav: Makefile
 
    Log Message:
    *: Recursive revbump from devel/boost-libs
 
 ---
    Module Name:    pkgsrc
    Committed By:   jperkin
    Date:           Sat Jan 18 21:51:16 UTC 2020
 
    Modified Files:
            pkgsrc/security/clamav: Makefile
 
    Log Message:
    *: Recursive revision bump for openssl 1.1.1.
 
 ---
    Module Name:    pkgsrc
    Committed By:   rillig
    Date:           Sun Jan 26 17:32:28 UTC 2020
 
    Modified Files:
            pkgsrc/security/clamav: Makefile.common
 
    Log Message:
    all: migrate homepages from http to https
 
    pkglint -r --network --only "migrate"
 
    As a side-effect of migrating the homepages, pkglint also fixed a few
    indentations in unrelated lines. These and the new homepages have been
    checked manually.
 
 ---
    Module Name:    pkgsrc
    Committed By:   taca
    Date:           Sat Feb 15 02:40:43 UTC 2020
 
    Modified Files:
            pkgsrc/security/clamav: Makefile Makefile.common distinfo
 
    Log Message:
    security/clamav: update to 0.102.2
 
    Update clamav to 0.102.2.
 
    ## 0.102.2
 
    ClamAV 0.102.2 is a bug patch release to address the following issues.
 
    - [CVE-2020-3123](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3123):
      An Denial-of-Service (DoS) condition may occur when using the optional credit
      card data-loss-prevention (DLP) feature. Improper bounds checking of an
      unsigned variable resulted in an out-of-bounds read which causes a crash.
 
    - Significantly improved scan speed of PDF files on Windows.
 
    - Re-applied a fix to alleviate file access issues when scanning RAR files in
      downstream projects that use libclamav where the scanning engine is operating
      in a low-privelege process. This bug was originally fixed in 0.101.2 and the
      fix was mistakenly omitted from 0.102.0.
 
    - Fixed an issue wherein freshclam failed to update if the database version
      downloaded is 1 version older than advertised. This situation may occur after
      a new database version is published. The issue affected users downloading the
      whole CVD database file.
 
    - Changed the default freshclam ReceiveTimeout setting to 0 (infinite).
      The ReceiveTimeout had caused needless database update failures for users with
      slower internet connections.
 
    - Correctly display number of kilobytes (KiB) in progress bar and reduced the
      size of the progress bar to accomodate 80-char width terminals.
 
    - Fixed an issue where running freshclam manually causes a daemonized freshclam
      process to fail when it updates because the manual instance deletes the
      temporary download directory. Freshclam temporary files will now download to a
      unique directory created at the time of an update instead of using a hardcoded
      directory created/destroyed at the program start/exit.
 
    - Fix for Freshclam's OnOutdatedExecute config option.
 
    - Fixes a memory leak in the error condition handling for the email parser.
 
    - Improved bound checking and error handling in ARJ archive parser.
 
    - Improved error handling in PDF parser.
 
    - Fix for memory leak in byte-compare signature handler.
 
    - Updates to the unit test suite to support libcheck 0.13.
 
    - Updates to support autoconf 2.69 and automake 1.15.
 
    Special thanks to the following for code contributions and bug reports:
 
    - Antoine Deschênes
    - Eric Lindblad
    - Gianluigi Tiesi
    - Tuomo Soini
 
 
 To generate a diff of this commit:
 cvs rdiff -u -r1.13 -r1.13.4.1 pkgsrc/security/clamav/Makefile.common
 cvs rdiff -u -r1.31 -r1.31.4.1 pkgsrc/security/clamav/distinfo
 
 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.