CVS commit: pkgsrc/security/clamav

["Takahiro Kambe" <taca%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   taca
Date:           Sat Feb 15 02:40:43 UTC 2020

Modified Files:
        pkgsrc/security/clamav: Makefile Makefile.common distinfo

Log Message:
security/clamav: update to 0.102.2

Update clamav to 0.102.2.

## 0.102.2

ClamAV 0.102.2 is a bug patch release to address the following issues.

- [CVE-2020-3123](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3123):
  An Denial-of-Service (DoS) condition may occur when using the optional credit
  card data-loss-prevention (DLP) feature. Improper bounds checking of an
  unsigned variable resulted in an out-of-bounds read which causes a crash.

- Significantly improved scan speed of PDF files on Windows.

- Re-applied a fix to alleviate file access issues when scanning RAR files in
  downstream projects that use libclamav where the scanning engine is operating
  in a low-privelege process. This bug was originally fixed in 0.101.2 and the
  fix was mistakenly omitted from 0.102.0.

- Fixed an issue wherein freshclam failed to update if the database version
  downloaded is 1 version older than advertised. This situation may occur after
  a new database version is published. The issue affected users downloading the
  whole CVD database file.

- Changed the default freshclam ReceiveTimeout setting to 0 (infinite).
  The ReceiveTimeout had caused needless database update failures for users with
  slower internet connections.

- Correctly display number of kilobytes (KiB) in progress bar and reduced the
  size of the progress bar to accomodate 80-char width terminals.

- Fixed an issue where running freshclam manually causes a daemonized freshclam
  process to fail when it updates because the manual instance deletes the
  temporary download directory. Freshclam temporary files will now download to a
  unique directory created at the time of an update instead of using a hardcoded
  directory created/destroyed at the program start/exit.

- Fix for Freshclam's OnOutdatedExecute config option.

- Fixes a memory leak in the error condition handling for the email parser.

- Improved bound checking and error handling in ARJ archive parser.

- Improved error handling in PDF parser.

- Fix for memory leak in byte-compare signature handler.

- Updates to the unit test suite to support libcheck 0.13.

- Updates to support autoconf 2.69 and automake 1.15.

Special thanks to the following for code contributions and bug reports:

- Antoine Deschênes
- Eric Lindblad
- Gianluigi Tiesi
- Tuomo Soini


To generate a diff of this commit:
cvs rdiff -u -r1.61 -r1.62 pkgsrc/security/clamav/Makefile
cvs rdiff -u -r1.14 -r1.15 pkgsrc/security/clamav/Makefile.common
cvs rdiff -u -r1.31 -r1.32 pkgsrc/security/clamav/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/security/clamav/Makefile
diff -u pkgsrc/security/clamav/Makefile:1.61 pkgsrc/security/clamav/Makefile:1.62
--- pkgsrc/security/clamav/Makefile:1.61        Sat Jan 18 21:50:34 2020
+++ pkgsrc/security/clamav/Makefile     Sat Feb 15 02:40:43 2020
@@ -1,6 +1,5 @@
-# $NetBSD: Makefile,v 1.61 2020/01/18 21:50:34 jperkin Exp $
+# $NetBSD: Makefile,v 1.62 2020/02/15 02:40:43 taca Exp $
 
-PKGREVISION= 2
 .include "Makefile.common"
 
 COMMENT=       Anti-virus toolkit

Index: pkgsrc/security/clamav/Makefile.common
diff -u pkgsrc/security/clamav/Makefile.common:1.14 pkgsrc/security/clamav/Makefile.common:1.15
--- pkgsrc/security/clamav/Makefile.common:1.14 Sun Jan 26 17:32:02 2020
+++ pkgsrc/security/clamav/Makefile.common      Sat Feb 15 02:40:43 2020
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile.common,v 1.14 2020/01/26 17:32:02 rillig Exp $
+# $NetBSD: Makefile.common,v 1.15 2020/02/15 02:40:43 taca Exp $
 #
 # used by security/clamav/Makefile
 # used by security/clamav-doc/Makefile
 
-DISTNAME=      clamav-0.102.1
+DISTNAME=      clamav-0.102.2
 CATEGORIES=    security
 MASTER_SITES=  http://www.clamav.net/downloads/production/
 

Index: pkgsrc/security/clamav/distinfo
diff -u pkgsrc/security/clamav/distinfo:1.31 pkgsrc/security/clamav/distinfo:1.32
--- pkgsrc/security/clamav/distinfo:1.31        Tue Dec  3 12:55:16 2019
+++ pkgsrc/security/clamav/distinfo     Sat Feb 15 02:40:43 2020
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.31 2019/12/03 12:55:16 taca Exp $
+$NetBSD: distinfo,v 1.32 2020/02/15 02:40:43 taca Exp $
 
-SHA1 (clamav-0.102.1.tar.gz) = 88040368d506b923b627eab3c8a96c941f1719f9
-RMD160 (clamav-0.102.1.tar.gz) = 3b3c652c6b9f01bd2cc0e14390b841e48cfdee90
-SHA512 (clamav-0.102.1.tar.gz) = 2d0cd2dece771ab8228771f9a95eb0342e756083a0107b2bef31bd2f5f46c36aa692e15d7eb2ea321f535ea4e18c8df043c8663ae350d40fbe1bdb4d073dcb90
-Size (clamav-0.102.1.tar.gz) = 13215586 bytes
+SHA1 (clamav-0.102.2.tar.gz) = 9adabeac41736770aa22ae1ee1f8aba9e253cfaa
+RMD160 (clamav-0.102.2.tar.gz) = a1ef9999257f02ca55abc8da73b4456e0f02ec80
+SHA512 (clamav-0.102.2.tar.gz) = 7db53e0e2b4d6b0e4cf5048d3c9dfbcabcffd680c3a2b718c763b9599b0c1c14e56bae70c54c251ee9e8fd1acd3134657196dbaad2d23a16bad76a088c6fc41f
+Size (clamav-0.102.2.tar.gz) = 13227538 bytes
 SHA1 (patch-Makefile.in) = a11766ea353d81fb281a07c8120e8a1f5c8dc60f
 SHA1 (patch-aa) = 8539a90ac5591c86f7e9f6b8c073f36523f221a5
 SHA1 (patch-ab) = 78793f0267ce8c820b51937186dc17dabb4a1ccf