[pkgsrc/trunk]: pkgsrc/security/clamav security/clamav: update to 0.103.2

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/trunk]: pkgsrc/security/clamav security/clamav: update to 0.103.2
From: taca <taca%pkgsrc.org@localhost>
Date: Thu, 03 Jun 2021 16:52:05 +0000

details:   https://anonhg.NetBSD.org/pkgsrc/rev/5fc9cadbdb98
branches:  trunk
changeset: 453887:5fc9cadbdb98
user:      taca <taca%pkgsrc.org@localhost>
date:      Thu Jun 03 15:47:34 2021 +0000

description:
security/clamav: update to 0.103.2

0.103.2 (2021-04-07)

ClamAV 0.103.2 is a security patch release with the following fixes:

* CVE-2021-1386: Fix for UnRAR DLL load privilege escalation.  Affects
  0.103.1 and prior on Windows only.

* CVE-2021-1252: Fix for Excel XLM parser infinite loop.  Affects 0.103.0
  and 0.103.1 only.

* CVE-2021-1404: Fix for PDF parser buffer over-read; possible crash.
  Affects 0.103.0 and 0.103.1 only.

* CVE-2021-1405: Fix for mail parser NULL-dereference crash.  Affects
  0.103.1 and prior.

* Fix possible memory leak in PNG parser.

* Fix ClamOnAcc scan on file-creation race condition so files are scanned
  after their contents are written.

* FreshClam: Deprecate the SafeBrowsing config option.  The SafeBrowsing
  option will no longer do anything.

* For more details, see our blog post from last year about the future of the
  ClamAV Safe Browsing database.

* Tip: If creating and hosting your own safebrowing.gdb database, you can
  use the DatabaseCustomURL option in freshclam.conf to download it.

* FreshClam: Improved HTTP 304, 403, & 429 handling.

* FreshClam: Added back the mirrors.dat file to the database directory.
  This new mirrors.dat file will store:

        - A randomly generated UUID for the FreshClam User-Agent.
        - A retry-after timestamp that so FreshClam won't try to update
          after having received an HTTP 429 response until the Retry-After
          timeout has expired.

* FreshClam will now exit with a failure in daemon mode if an HTTP 403
  (Forbidden) was received, because retrying later won't help any.  The
  FreshClam user will have to take actions to get unblocked.

* Fix the FreshClam mirror-sync issue where a downloaded database is "older
  than the version advertised."

* If a new CVD download gets a version that is older than advertised,
  FreshClam will keep the older version and retry the update so that the
  incremental update process (CDIFF patch process) will update to the latest
  version.

diffstat:

 security/clamav/Makefile        |   3 +--
 security/clamav/Makefile.common |   4 ++--
 security/clamav/distinfo        |  10 +++++-----
 3 files changed, 8 insertions(+), 9 deletions(-)

diffs (44 lines):

diff -r 281c99089e74 -r 5fc9cadbdb98 security/clamav/Makefile
--- a/security/clamav/Makefile  Thu Jun 03 15:45:56 2021 +0000
+++ b/security/clamav/Makefile  Thu Jun 03 15:47:34 2021 +0000
@@ -1,6 +1,5 @@
-# $NetBSD: Makefile,v 1.76 2021/04/21 13:25:18 adam Exp $
+# $NetBSD: Makefile,v 1.77 2021/06/03 15:47:34 taca Exp $
 
-PKGREVISION= 2
 .include "Makefile.common"
 
 COMMENT=       Anti-virus toolkit
diff -r 281c99089e74 -r 5fc9cadbdb98 security/clamav/Makefile.common
--- a/security/clamav/Makefile.common   Thu Jun 03 15:45:56 2021 +0000
+++ b/security/clamav/Makefile.common   Thu Jun 03 15:47:34 2021 +0000
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile.common,v 1.19 2021/02/28 17:14:10 taca Exp $
+# $NetBSD: Makefile.common,v 1.20 2021/06/03 15:47:34 taca Exp $
 #
 # used by security/clamav/Makefile
 # used by security/clamav-doc/Makefile
 
-DISTNAME=      clamav-0.103.1
+DISTNAME=      clamav-0.103.2
 CATEGORIES=    security
 MASTER_SITES=  http://www.clamav.net/downloads/production/
 
diff -r 281c99089e74 -r 5fc9cadbdb98 security/clamav/distinfo
--- a/security/clamav/distinfo  Thu Jun 03 15:45:56 2021 +0000
+++ b/security/clamav/distinfo  Thu Jun 03 15:47:34 2021 +0000
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.36 2021/02/28 17:14:10 taca Exp $
+$NetBSD: distinfo,v 1.37 2021/06/03 15:47:34 taca Exp $
 
-SHA1 (clamav-0.103.1.tar.gz) = 4520c0c574362beba35b947ca8d0fa0823f93b1f
-RMD160 (clamav-0.103.1.tar.gz) = a5234d1b022ae9dbaba681e7dd611a82d8e9e67e
-SHA512 (clamav-0.103.1.tar.gz) = f13e9542898ef42c0db6f7826bcb220b9cb57de2a88bfedc6c991b76ff06c59290522d31119132eaa2093da58c5069d63103f6260e271497bda2b472c3cd6ffb
-Size (clamav-0.103.1.tar.gz) = 13369791 bytes
+SHA1 (clamav-0.103.2.tar.gz) = 67c2ae3e140368a4434282e41072428ad041e9cc
+RMD160 (clamav-0.103.2.tar.gz) = c85f82c4c1f4988936d4c2db31842cf257ee5c20
+SHA512 (clamav-0.103.2.tar.gz) = 87d47c4529a57da0b47b3744a279996ca24fa74ce10d7e27a53c19c1e13098af680e0e48ed767122bb2bbd3f927302451da84ccf51a933e7e3556ef43cbe9f45
+Size (clamav-0.103.2.tar.gz) = 13387954 bytes
 SHA1 (patch-Makefile.in) = 51e0f42323f07b7ae0cb35a640469dce4e1a2041
 SHA1 (patch-aa) = c07a7b6e883f384ce278964645f0658c0d986ab5
 SHA1 (patch-ab) = 78793f0267ce8c820b51937186dc17dabb4a1ccf

Prev by Date: [pkgsrc/trunk]: pkgsrc/meta-pkgs/ruby-redmine-themes meta-pkgs/ruby-redmine-t...
Next by Date: [pkgsrc/trunk]: pkgsrc/doc doc: Updated security/clamav to 0.103.2
Previous by Thread: [pkgsrc/trunk]: pkgsrc/meta-pkgs/ruby-redmine-themes meta-pkgs/ruby-redmine-t...
Next by Thread: [pkgsrc/trunk]: pkgsrc/doc doc: Updated security/clamav to 0.103.2
Indexes:

Home | Main Index | Thread Index | Old Index