Subject: CVS commit: [pkgsrc-2019Q4] pkgsrc/security/clamav
From: Benny Siegert
Date: 2020-02-22 20:45:06
Message id: 20200222194506.7C0BEFBF4@cvs.NetBSD.org

Log Message:
Pullup ticket #6137 - requested by taca
security/clamav: security fix + partial fix for PR pkg/54951

Revisions pulled up:
- security/clamav/Makefile                                      1.60-1.62
- security/clamav/Makefile.common                               1.14-1.15
- security/clamav/distinfo                                      1.32

---
   Module Name:    pkgsrc
   Committed By:   ryoon
   Date:           Sun Jan 12 20:20:50 UTC 2020

   Modified Files:
           pkgsrc/security/clamav: Makefile

   Log Message:
   *: Recursive revbump from devel/boost-libs

---
   Module Name:    pkgsrc
   Committed By:   jperkin
   Date:           Sat Jan 18 21:51:16 UTC 2020

   Modified Files:
           pkgsrc/security/clamav: Makefile

   Log Message:
   *: Recursive revision bump for openssl 1.1.1.

---
   Module Name:    pkgsrc
   Committed By:   rillig
   Date:           Sun Jan 26 17:32:28 UTC 2020

   Modified Files:
           pkgsrc/security/clamav: Makefile.common

   Log Message:
   all: migrate homepages from http to https

   pkglint -r --network --only "migrate"

   As a side-effect of migrating the homepages, pkglint also fixed a few
   indentations in unrelated lines. These and the new homepages have been
   checked manually.

---
   Module Name:    pkgsrc
   Committed By:   taca
   Date:           Sat Feb 15 02:40:43 UTC 2020

   Modified Files:
           pkgsrc/security/clamav: Makefile Makefile.common distinfo

   Log Message:
   security/clamav: update to 0.102.2

   Update clamav to 0.102.2.

   ## 0.102.2

   ClamAV 0.102.2 is a bug patch release to address the following issues.

   - [CVE-2020-3123](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3123):
     An Denial-of-Service (DoS) condition may occur when using the optional credit
     card data-loss-prevention (DLP) feature. Improper bounds checking of an
     unsigned variable resulted in an out-of-bounds read which causes a crash.

   - Significantly improved scan speed of PDF files on Windows.

   - Re-applied a fix to alleviate file access issues when scanning RAR files in
     downstream projects that use libclamav where the scanning engine is operating
     in a low-privelege process. This bug was originally fixed in 0.101.2 and the
     fix was mistakenly omitted from 0.102.0.

   - Fixed an issue wherein freshclam failed to update if the database version
     downloaded is 1 version older than advertised. This situation may occur after
     a new database version is published. The issue affected users downloading the
     whole CVD database file.

   - Changed the default freshclam ReceiveTimeout setting to 0 (infinite).
     The ReceiveTimeout had caused needless database update failures for users with
     slower internet connections.

   - Correctly display number of kilobytes (KiB) in progress bar and reduced the
     size of the progress bar to accomodate 80-char width terminals.

   - Fixed an issue where running freshclam manually causes a daemonized freshclam
     process to fail when it updates because the manual instance deletes the
     temporary download directory. Freshclam temporary files will now download to a
     unique directory created at the time of an update instead of using a hardcoded
     directory created/destroyed at the program start/exit.

   - Fix for Freshclam's OnOutdatedExecute config option.

   - Fixes a memory leak in the error condition handling for the email parser.

   - Improved bound checking and error handling in ARJ archive parser.

   - Improved error handling in PDF parser.

   - Fix for memory leak in byte-compare signature handler.

   - Updates to the unit test suite to support libcheck 0.13.

   - Updates to support autoconf 2.69 and automake 1.15.

   Special thanks to the following for code contributions and bug reports:

   - Antoine DeschĂȘnes
   - Eric Lindblad
   - Gianluigi Tiesi
   - Tuomo Soini

Files:
RevisionActionfile
1.13.4.1modifypkgsrc/security/clamav/Makefile.common
1.31.4.1modifypkgsrc/security/clamav/distinfo