From mboxrd@z Thu Jan 1 00:00:00 1970 From: Matthias Fischer To: development@lists.ipfire.org Subject: [PATCH] clamav: Update to 0.103.2 Date: Wed, 07 Apr 2021 21:49:08 +0200 Message-ID: <20210407194908.1612-1-matthias.fischer@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============3607883168204261252==" List-Id: --===============3607883168204261252== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable For details see: https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html "This is a security patch release with the following fixes: CVE-2021-1386: Fix for UnRAR DLL load privilege escalation. Affects 0.103= .1 and prior on Windows only. CVE-2021-1252: Fix for Excel XLM parser infinite loop. Affects 0.103.0 an= d 0.103.1 only. CVE-2021-1404: Fix for PDF parser buffer over-read; possible crash. Affec= ts 0.103.0 and 0.103.1 only. CVE-2021-1405: Fix for mail parser NULL-dereference crash. Affects 0.103.= 1 and prior. Fix possible memory leak in PNG parser. Fix ClamOnAcc scan on file-creation race condition so files are scanned a= fter their contents are written. FreshClam: Deprecate the SafeBrowsing config option. The SafeBrowsing opt= ion will no longer do anything. For more details, see our blog post from last year about the= future of the ClamAV Safe Browsing database. Tip: If creating and hosting your own safebrowing.gdb database, you c= an use the DatabaseCustomURL option in freshclam.conf to download it. FreshClam: Improved HTTP 304, 403 and 429 handling. FreshClam: Added the mirrors.dat file back to the database directory. This new mirrors.dat file will store: A randomly generated UUID for the FreshClam User-Agent. A retry-after timestamp that so FreshClam won't try to update after h= aving received an HTTP 429 response until the Retry-After timeout has expired. FreshClam will now exit with a failure in daemon mode if an HTTP 403 (For= bidden) was received because the outcome won't change if it tries again later. The FreshClam u= ser will have to take appropriate action to get unblocked. Fix the FreshClam mirror-sync issue where a downloaded database is "older= than the version advertised." If a new CVD download gets a version that is older than advertised, FreshClam= will keep the older version and retry the update so that the incremental update process (CDIFF patch process)= will update to the latest version." Signed-off-by: Matthias Fischer --- lfs/clamav | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/lfs/clamav b/lfs/clamav index 2c4d6a6ba..e36b4003d 100644 --- a/lfs/clamav +++ b/lfs/clamav @@ -1,7 +1,7 @@ ############################################################################= ### # = # # IPFire.org - A linux based firewall = # -# Copyright (C) 2007-2020 IPFire Team = # +# Copyright (C) 2007-2021 IPFire Team = # # = # # This program is free software: you can redistribute it and/or modify = # # it under the terms of the GNU General Public License as published by = # @@ -24,7 +24,7 @@ =20 include Config =20 -VER =3D 0.103.1 +VER =3D 0.103.2 =20 THISAPP =3D clamav-$(VER) DL_FILE =3D $(THISAPP).tar.gz @@ -32,7 +32,7 @@ DL_FROM =3D $(URL_IPFIRE) DIR_APP =3D $(DIR_SRC)/$(THISAPP) TARGET =3D $(DIR_INFO)/$(THISAPP) PROG =3D clamav -PAK_VER =3D 54 +PAK_VER =3D 55 =20 DEPS =3D =20 @@ -50,7 +50,7 @@ objects =3D $(DL_FILE) =20 $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE) =20 -$(DL_FILE)_MD5 =3D f895e9a261937ed91f5cb3ead4791555 +$(DL_FILE)_MD5 =3D 508e6988e2937985e702cc3a2202b6e7 =20 install : $(TARGET) =20 --=20 2.18.0 --===============3607883168204261252==--