CVS commit: pkgsrc/security/clamav

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/security/clamav
From: "Takahiro Kambe" <taca%netbsd.org@localhost>
Date: Thu, 3 Jun 2021 15:47:34 +0000

Module Name:    pkgsrc
Committed By:   taca
Date:           Thu Jun  3 15:47:34 UTC 2021

Modified Files:
        pkgsrc/security/clamav: Makefile Makefile.common distinfo

Log Message:
security/clamav: update to 0.103.2

0.103.2 (2021-04-07)

ClamAV 0.103.2 is a security patch release with the following fixes:

* CVE-2021-1386: Fix for UnRAR DLL load privilege escalation.  Affects
  0.103.1 and prior on Windows only.

* CVE-2021-1252: Fix for Excel XLM parser infinite loop.  Affects 0.103.0
  and 0.103.1 only.

* CVE-2021-1404: Fix for PDF parser buffer over-read; possible crash.
  Affects 0.103.0 and 0.103.1 only.

* CVE-2021-1405: Fix for mail parser NULL-dereference crash.  Affects
  0.103.1 and prior.

* Fix possible memory leak in PNG parser.

* Fix ClamOnAcc scan on file-creation race condition so files are scanned
  after their contents are written.

* FreshClam: Deprecate the SafeBrowsing config option.  The SafeBrowsing
  option will no longer do anything.

* For more details, see our blog post from last year about the future of the
  ClamAV Safe Browsing database.

* Tip: If creating and hosting your own safebrowing.gdb database, you can
  use the DatabaseCustomURL option in freshclam.conf to download it.

* FreshClam: Improved HTTP 304, 403, & 429 handling.

* FreshClam: Added back the mirrors.dat file to the database directory.
  This new mirrors.dat file will store:

        - A randomly generated UUID for the FreshClam User-Agent.
        - A retry-after timestamp that so FreshClam won't try to update
          after having received an HTTP 429 response until the Retry-After
          timeout has expired.

* FreshClam will now exit with a failure in daemon mode if an HTTP 403
  (Forbidden) was received, because retrying later won't help any.  The
  FreshClam user will have to take actions to get unblocked.

* Fix the FreshClam mirror-sync issue where a downloaded database is "older
  than the version advertised."

* If a new CVD download gets a version that is older than advertised,
  FreshClam will keep the older version and retry the update so that the
  incremental update process (CDIFF patch process) will update to the latest
  version.


To generate a diff of this commit:
cvs rdiff -u -r1.76 -r1.77 pkgsrc/security/clamav/Makefile
cvs rdiff -u -r1.19 -r1.20 pkgsrc/security/clamav/Makefile.common
cvs rdiff -u -r1.36 -r1.37 pkgsrc/security/clamav/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/security/clamav/Makefile
diff -u pkgsrc/security/clamav/Makefile:1.76 pkgsrc/security/clamav/Makefile:1.77
--- pkgsrc/security/clamav/Makefile:1.76        Wed Apr 21 13:25:18 2021
+++ pkgsrc/security/clamav/Makefile     Thu Jun  3 15:47:34 2021
@@ -1,6 +1,5 @@
-# $NetBSD: Makefile,v 1.76 2021/04/21 13:25:18 adam Exp $
+# $NetBSD: Makefile,v 1.77 2021/06/03 15:47:34 taca Exp $
 
-PKGREVISION= 2
 .include "Makefile.common"
 
 COMMENT=       Anti-virus toolkit

Index: pkgsrc/security/clamav/Makefile.common
diff -u pkgsrc/security/clamav/Makefile.common:1.19 pkgsrc/security/clamav/Makefile.common:1.20
--- pkgsrc/security/clamav/Makefile.common:1.19 Sun Feb 28 17:14:10 2021
+++ pkgsrc/security/clamav/Makefile.common      Thu Jun  3 15:47:34 2021
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile.common,v 1.19 2021/02/28 17:14:10 taca Exp $
+# $NetBSD: Makefile.common,v 1.20 2021/06/03 15:47:34 taca Exp $
 #
 # used by security/clamav/Makefile
 # used by security/clamav-doc/Makefile
 
-DISTNAME=      clamav-0.103.1
+DISTNAME=      clamav-0.103.2
 CATEGORIES=    security
 MASTER_SITES=  http://www.clamav.net/downloads/production/
 

Index: pkgsrc/security/clamav/distinfo
diff -u pkgsrc/security/clamav/distinfo:1.36 pkgsrc/security/clamav/distinfo:1.37
--- pkgsrc/security/clamav/distinfo:1.36        Sun Feb 28 17:14:10 2021
+++ pkgsrc/security/clamav/distinfo     Thu Jun  3 15:47:34 2021
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.36 2021/02/28 17:14:10 taca Exp $
+$NetBSD: distinfo,v 1.37 2021/06/03 15:47:34 taca Exp $
 
-SHA1 (clamav-0.103.1.tar.gz) = 4520c0c574362beba35b947ca8d0fa0823f93b1f
-RMD160 (clamav-0.103.1.tar.gz) = a5234d1b022ae9dbaba681e7dd611a82d8e9e67e
-SHA512 (clamav-0.103.1.tar.gz) = f13e9542898ef42c0db6f7826bcb220b9cb57de2a88bfedc6c991b76ff06c59290522d31119132eaa2093da58c5069d63103f6260e271497bda2b472c3cd6ffb
-Size (clamav-0.103.1.tar.gz) = 13369791 bytes
+SHA1 (clamav-0.103.2.tar.gz) = 67c2ae3e140368a4434282e41072428ad041e9cc
+RMD160 (clamav-0.103.2.tar.gz) = c85f82c4c1f4988936d4c2db31842cf257ee5c20
+SHA512 (clamav-0.103.2.tar.gz) = 87d47c4529a57da0b47b3744a279996ca24fa74ce10d7e27a53c19c1e13098af680e0e48ed767122bb2bbd3f927302451da84ccf51a933e7e3556ef43cbe9f45
+Size (clamav-0.103.2.tar.gz) = 13387954 bytes
 SHA1 (patch-Makefile.in) = 51e0f42323f07b7ae0cb35a640469dce4e1a2041
 SHA1 (patch-aa) = c07a7b6e883f384ce278964645f0658c0d986ab5
 SHA1 (patch-ab) = 78793f0267ce8c820b51937186dc17dabb4a1ccf

Prev by Date: CVS commit: pkgsrc/meta-pkgs/ruby-redmine-themes
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/meta-pkgs/ruby-redmine-themes
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index