pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/security/clamav
Module Name: pkgsrc
Committed By: taca
Date: Sun Feb 28 17:14:10 UTC 2021
Modified Files:
pkgsrc/security/clamav: Makefile Makefile.common distinfo
pkgsrc/security/clamav/patches: patch-libclamav_fmap.c
Log Message:
security/clamav: update to 0.103.1
0.103.1 (2021-01-31)
ClamAV 0.103.1 is a patch release with the following fixes and improvements.
Notable changes
* Added a new scan option to alert on broken media (graphics) file formats.
This feature mitigates the risk of malformed media files intended to
exploit vulnerabilities in other software. At present media validation
exists for JPEG, TIFF, PNG, and GIF files. To enable this feature, set
AlertBrokenMedia yes in clamd.conf, or use the --alert-broken-media option
when using clamscan. These options are disabled by default in this patch
release, but may be enabled in a subsequent release. Application
developers may enable this scan option by enabling
CL_SCAN_HEURISTIC_BROKEN_MEDIA for the heuristic scan option bit field.
* Added CL_TYPE_TIFF, CL_TYPE_JPEG types to match GIF, PNG typing behavior.
BMP and JPEG 2000 files will continue to detect as CL_TYPE_GRAPHICS
because ClamAV does not yet have BMP or JPEG 2000 format checking
capabilities.
Bug fixes
* Fixed PNG parser logic bugs that caused an excess of parsing errors and
fixed a stack exhaustion issue affecting some systems when scanning PNG
files. PNG file type detection was disabled via signature database update
for ClamAV version 0.103.0 to mitigate the effects from these bugs.
* Fixed an issue where PNG and GIF files no longer work with Target:5
graphics signatures if detected as CL_TYPE_PNG/GIF rather than as
CL_TYPE_GRAPHICS. Target types now support up to 10 possible file types
to make way for additional graphics types in future releases.
* Fixed clamonacc's --fdpass option.
* File descriptor passing (or "fd-passing") is a mechanism by which
clamonacc and clamdscan may transfer an open file to clamd to scan, even
if clamd is running as a non-privileged user and wouldn't otherwise have
read-access to the file. This enables clamd to scan all files without
having to run clamd as root. If possible, clamd should never be run as
root so as to mitigate the risk in case clamd is somehow compromised while
scanning malware.
* Interprocess file descriptor passing for clamonacc was broken since
version 0.102.0 due to a bug introduced by the switch to curl for
communicating with clamd. On Linux, passing file descriptors from one
process to another is handled by the kernel, so we reverted clamonacc to
use standard system calls for socket communication when fd passing is
enabled.
* Fixed a clamonacc stack corruption issue on some systems when using an
older version of libcurl. Patch courtesy of Emilio Pozuelo Monfort.
* Allow clamscan and clamdscan scans to proceed even if the realpath lookup
failed. This alleviates an issue on Windows scanning files hosted on
file- systems that do not support the GetMappedFileNameW() API such as on
ImDisk RAM-disks.
* Fixed freshclam --on-update-execute=EXIT_1 temporary directory cleanup
issue.
* clamd's log output and VirusEvent now provide the scan target's file path
instead of a file descriptor. The clamd socket API for submitting a scan
by FD-passing doesn't include a file path, this feature works by looking
up the file path by file descriptor. This feature works on Mac and Linux
but is not yet implemented for other UNIX operating systems. FD-passing
is not available for Windows.
* Fixed an issue where freshclam database validation didn't work correctly
when run in daemon mode on Linux/Unix.
Other improvements
* Scanning JPEG, TIFF, PNG, and GIF files will no longer return "parse"
errors when file format validation fails. Instead, the scan will alert
with the "Heuristics.Broken.Media" signature prefix and a descriptive
suffix to indicate the issue, provided that the "alert broken media"
feature is enabled.
* GIF format validation will no longer fail if the GIF image is missing the
trailer byte, as this appears to be a relatively common issue in otherwise
functional GIF files.
* Added a TIFF dynamic configuration (DCONF) option, which was missing.
This will allow us to disable TIFF format validation via signature
database update in the event that it proves to be problematic. This
feature already exists for many other file types.
Acknowledgements
The ClamAV team thanks the following individuals for their code submissions:
Emilio Pozuelo Monfort
To generate a diff of this commit:
cvs rdiff -u -r1.73 -r1.74 pkgsrc/security/clamav/Makefile
cvs rdiff -u -r1.18 -r1.19 pkgsrc/security/clamav/Makefile.common
cvs rdiff -u -r1.35 -r1.36 pkgsrc/security/clamav/distinfo
cvs rdiff -u -r1.3 -r1.4 \
pkgsrc/security/clamav/patches/patch-libclamav_fmap.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/security/clamav/Makefile
diff -u pkgsrc/security/clamav/Makefile:1.73 pkgsrc/security/clamav/Makefile:1.74
--- pkgsrc/security/clamav/Makefile:1.73 Thu Nov 5 09:07:06 2020
+++ pkgsrc/security/clamav/Makefile Sun Feb 28 17:14:10 2021
@@ -1,6 +1,5 @@
-# $NetBSD: Makefile,v 1.73 2020/11/05 09:07:06 ryoon Exp $
+# $NetBSD: Makefile,v 1.74 2021/02/28 17:14:10 taca Exp $
-PKGREVISION= 1
.include "Makefile.common"
COMMENT= Anti-virus toolkit
Index: pkgsrc/security/clamav/Makefile.common
diff -u pkgsrc/security/clamav/Makefile.common:1.18 pkgsrc/security/clamav/Makefile.common:1.19
--- pkgsrc/security/clamav/Makefile.common:1.18 Sat Sep 19 13:41:42 2020
+++ pkgsrc/security/clamav/Makefile.common Sun Feb 28 17:14:10 2021
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile.common,v 1.18 2020/09/19 13:41:42 taca Exp $
+# $NetBSD: Makefile.common,v 1.19 2021/02/28 17:14:10 taca Exp $
#
# used by security/clamav/Makefile
# used by security/clamav-doc/Makefile
-DISTNAME= clamav-0.103.0
+DISTNAME= clamav-0.103.1
CATEGORIES= security
MASTER_SITES= http://www.clamav.net/downloads/production/
Index: pkgsrc/security/clamav/distinfo
diff -u pkgsrc/security/clamav/distinfo:1.35 pkgsrc/security/clamav/distinfo:1.36
--- pkgsrc/security/clamav/distinfo:1.35 Sat Sep 19 13:41:42 2020
+++ pkgsrc/security/clamav/distinfo Sun Feb 28 17:14:10 2021
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.35 2020/09/19 13:41:42 taca Exp $
+$NetBSD: distinfo,v 1.36 2021/02/28 17:14:10 taca Exp $
-SHA1 (clamav-0.103.0.tar.gz) = 259a726e7aaeebeed138578192a80e06f949638c
-RMD160 (clamav-0.103.0.tar.gz) = c44cf27d6974af14103328d81ba562c513d764b7
-SHA512 (clamav-0.103.0.tar.gz) = e0712ed3c068dc8dab1d31b7cbc19cd69c62875fdcf314abb28e6f42660daf162a3aae69e0a008919e7b809675b68d35f79d3cb98379442bcbc6f5c8ee4313bf
-Size (clamav-0.103.0.tar.gz) = 13357078 bytes
+SHA1 (clamav-0.103.1.tar.gz) = 4520c0c574362beba35b947ca8d0fa0823f93b1f
+RMD160 (clamav-0.103.1.tar.gz) = a5234d1b022ae9dbaba681e7dd611a82d8e9e67e
+SHA512 (clamav-0.103.1.tar.gz) = f13e9542898ef42c0db6f7826bcb220b9cb57de2a88bfedc6c991b76ff06c59290522d31119132eaa2093da58c5069d63103f6260e271497bda2b472c3cd6ffb
+Size (clamav-0.103.1.tar.gz) = 13369791 bytes
SHA1 (patch-Makefile.in) = 51e0f42323f07b7ae0cb35a640469dce4e1a2041
SHA1 (patch-aa) = c07a7b6e883f384ce278964645f0658c0d986ab5
SHA1 (patch-ab) = 78793f0267ce8c820b51937186dc17dabb4a1ccf
@@ -11,5 +11,5 @@ SHA1 (patch-af) = d217633ed33c72b6d01a9a
SHA1 (patch-etc_clamav-milter.conf.sample) = fa65d9b25cb51c62365b1d5a8b6dafe89d505057
SHA1 (patch-etc_clamd.conf.sample) = e2c60b81675e73600409f76457fbc7cd8ec51a8f
SHA1 (patch-etc_freshclam.conf.sample) = 804df5480560acb915f9fcb5f2097673c657ae34
-SHA1 (patch-libclamav_fmap.c) = cae93dc627bb8048867054126e4c96688ac9c2f0
+SHA1 (patch-libclamav_fmap.c) = 562ea6f07e495fb4e34b5788485c0afb5105cf6b
SHA1 (patch-libclamav_fmap.h) = b9d19b872bc7946da4a321d3d84b7e916f84d31c
Index: pkgsrc/security/clamav/patches/patch-libclamav_fmap.c
diff -u pkgsrc/security/clamav/patches/patch-libclamav_fmap.c:1.3 pkgsrc/security/clamav/patches/patch-libclamav_fmap.c:1.4
--- pkgsrc/security/clamav/patches/patch-libclamav_fmap.c:1.3 Sat Sep 19 13:41:42 2020
+++ pkgsrc/security/clamav/patches/patch-libclamav_fmap.c Sun Feb 28 17:14:10 2021
@@ -1,20 +1,20 @@
-$NetBSD: patch-libclamav_fmap.c,v 1.3 2020/09/19 13:41:42 taca Exp $
+$NetBSD: patch-libclamav_fmap.c,v 1.4 2021/02/28 17:14:10 taca Exp $
rename gets to my_gets to avoid conflict with fortify/ssp - they use
macros to override libc functions
---- libclamav/fmap.c.orig 2020-09-13 00:27:10.000000000 +0000
+--- libclamav/fmap.c.orig 2021-02-01 20:49:26.000000000 +0000
+++ libclamav/fmap.c
-@@ -427,7 +427,7 @@ extern cl_fmap_t *cl_fmap_open_handle(vo
+@@ -424,7 +424,7 @@ extern cl_fmap_t *cl_fmap_open_handle(vo
m->unmap = unmap_handle;
m->need = handle_need;
m->need_offstr = handle_need_offstr;
- m->gets = handle_gets;
+ m->my_gets = handle_gets;
m->unneed_off = handle_unneed_off;
+ m->handle_is_fd = 1;
- status = CL_SUCCESS;
-@@ -842,7 +842,7 @@ fmap_t *fmap_open_memory(const void *sta
+@@ -849,7 +849,7 @@ fmap_t *fmap_open_memory(const void *sta
m->unmap = unmap_malloc;
m->need = mem_need;
m->need_offstr = mem_need_offstr;
Home |
Main Index |
Thread Index |
Old Index