Subject: CVS commit: [pkgsrc-2021Q4] pkgsrc/security/clamav
From: Benny Siegert
Date: 2022-01-21 16:49:19
Message id: 20220121154919.41352FB24@cvs.NetBSD.org

Log Message:
Pullup ticket #6571 - requested by taca
security/clamav: security fix

Revisions pulled up:
- security/clamav/Makefile                                      1.82
- security/clamav/Makefile.common                               1.22
- security/clamav/distinfo                                      1.41

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Thu Jan 13 15:28:22 UTC 2022

   Modified Files:
   	pkgsrc/security/clamav: Makefile Makefile.common distinfo

   Log Message:
   security/clamav: update to 0.103.5

   0.103.5 (2022-01-12)

   ClamAV 0.103.5 is a critical patch release with the following fixes:

   * \ 
CVE-2022-20698<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20698>:
     Fix for invalid pointer read that may cause a crash. This issue affects
     0.104.1, 0.103.4 and prior when ClamAV is compiled with libjson-c and the
     CL_SCAN_GENERAL_COLLECT_METADATA scan option (the clamscan --gen-json
     option) is enabled.

     Cisco would like to thank Laurent Delosieres of ManoMano for reporting
     this vulnerability.

   * Fixed ability to disable the file size limit with libclamav C API, like
     this:

     cl_engine_set_num(engine, CL_ENGINE_MAX_FILESIZE, 0);

     This issue didn't affect ClamD or ClamScan which also can disable the
     limit by setting it to zero using MaxFileSize 0 in clamd.conf for ClamD,
     or clamscan --max-filesize=0 for ClamScan.

     Note: Internally, the max file size is still set to 2 GiB. Disabling the
     limit for a scan will fall back on the internal 2 GiB limitation.

   * Increased the maximum line length for ClamAV config files from 512 bytes
     to 1,024 bytes to allow for longer config option strings.

   * SigTool: Fix insufficient buffer size for --list-sigs that caused a
     failure when listing a database containing one or more very long
     signatures. This fix was backported from 0.104.

   Special thanks to the following for code contributions and bug reports:

   * Laurent Delosieres

Files:
RevisionActionfile
1.81.2.1modifypkgsrc/security/clamav/Makefile
1.21.2.1modifypkgsrc/security/clamav/Makefile.common
1.40.2.1modifypkgsrc/security/clamav/distinfo