From mboxrd@z Thu Jan  1 00:00:00 1970
From: Adolf Belka <adolf.belka@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH 32/32] clamav: Update to version 1.4.1
Date: Sat, 21 Dec 2024 13:55:39 +0100
Message-ID: <20241221125539.15309-32-adolf.belka@ipfire.org>
In-Reply-To: <20241221125539.15309-1-adolf.belka@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============3142846530964619590=="
List-Id: <development.lists.ipfire.org>

--===============3142846530964619590==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

- Update from version 1.3.2 to 1.4.1
- Update of rootfile
- Changelog
    1.4.1
	ClamAV 1.4.1 is a critical patch release with the following fixes:
	- [CVE-2024-20506](https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2024=
-20506):
	  Changed the logging module to disable following symlinks on Linux and Unix
	  systems so as to prevent an attacker with existing access to the 'clamd' or
	  'freshclam' services from using a symlink to corrupt system files.
	  This issue affects all currently supported versions. It will be fixed in:
	  - 1.4.1
	  - 1.3.2
	  - 1.0.7
	  - 0.103.12
	  Thank you to Detlef for identifying this issue.
	- [CVE-2024-20505](https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2024=
-20505):
	  Fixed a possible out-of-bounds read bug in the PDF file parser that could
	  cause a denial-of-service (DoS) condition.
	  This issue affects all currently supported versions. It will be fixed in:
	  - 1.4.1
	  - 1.3.2
	  - 1.0.7
	  - 0.103.12
	  Thank you to OSS-Fuzz for identifying this issue.
	- Removed unused Python modules from freshclam tests including deprecated
	  'cgi' module that is expected to cause test failures in Python 3.13.
    1.4.0
      Major changes
	- Added support for extracting ALZ archives.
	  The new ClamAV file type for ALZ archives is `CL_TYPE_ALZ`.
	  Added a [DCONF](https://docs.clamav.net/manual/Signatures/DynamicConfig.ht=
ml)
	  option to enable or disable ALZ archive support.
	  > _Tip_: DCONF (Dynamic CONFiguration) is a feature that allows for some
	  > configuration changes to be made via ClamAV `.cfg` "signatures".
	  - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1183)
	- Added support for extracting LHA/LZH archives.
	  The new ClamAV file type for LHA/LZH archives is `CL_TYPE_LHA_LZH`.
	  Added a [DCONF](https://docs.clamav.net/manual/Signatures/DynamicConfig.ht=
ml)
	  option to enable or disable LHA/LZH archive support.
	  - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1192)
	- Added the ability to disable image fuzzy hashing, if needed. For context,
	  image fuzzy hashing is a detection mechanism useful for identifying malware
	  by matching images included with the malware or phishing email/document.
	  New ClamScan options:
	  ```
	  --scan-image[=3Dyes(*)/no]
	  --scan-image-fuzzy-hash[=3Dyes(*)/no]
	  ```
	  New ClamD config options:
	  ```
	  ScanImage yes(*)/no
	  ScanImageFuzzyHash yes(*)/no
	  ```
	  New libclamav scan options:
	  ```c
	  options.parse &=3D ~CL_SCAN_PARSE_IMAGE;
	  options.parse &=3D ~CL_SCAN_PARSE_IMAGE_FUZZY_HASH;
	  ```
	  Added a [DCONF](https://docs.clamav.net/manual/Signatures/DynamicConfig.ht=
ml)
	  option to enable or disable image fuzzy hashing support.
	  - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1186)
      Other improvements
	- Added cross-compiling instructions for targeting ARM64/aarch64 processors =
for
	  [Windows](https://github.com/Cisco-Talos/clamav/blob/main/INSTALL-cross-wi=
ndows-arm64.md)
	  and
	  [Linux](https://github.com/Cisco-Talos/clamav/blob/main/INSTALL-cross-linu=
x-arm64.md).
	  - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1116)
	- Improved the Freshclam warning messages when being blocked or rate limited
	  so as to include the Cloudflare Ray ID, which helps with issue triage.
	  - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1195)
	- Removed unnecessary memory allocation checks when the size to be allocated
	  is fixed or comes from a trusted source.
	  We also renamed internal memory allocation functions and macros, so it is
	  more obvious what each function does.
	  - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1137)
	- Improved the Freshclam documentation to make it clear that the `--datadir`
	  option must be an absolute path to a directory that already exists, is
	  writable by Freshclam, and is readable by ClamScan and ClamD.
	  - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1199)
	- Added an optimization to avoid calculating the file hash if the clean file
	  cache has been disabled. The file hash may still be calculated as needed to
	  perform hash-based signature matching if any hash-based signatures exist t=
hat
	  target a file of the same size, or if any hash-based signatures exist that
	  target "any" file size.
	  - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1167)
	- Added an improvement to the SystemD service file for ClamOnAcc so that the
	  service will shut down faster on some systems.
	  - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1164)
	- Added a CMake build dependency on the version map files so that the build
	  will re-run if changes are made to the version map files.
	  Work courtesy of Sebastian Andrzej Siewior.
	  - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1294)
	- Added an improvement to the CMake build so that the RUSTFLAGS settings
	  are inherited from the environment.
	  Work courtesy of liushuyu.
	  - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1301)
      Bug fixes
	- Silenced confusing warning message when scanning some HTML files.
	  - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1252)
	- Fixed minor compiler warnings.
	  - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1197)
	- Since the build system changed from Autotools to CMake, ClamAV no longer
	  supports building with configurations where bzip2, libxml2, libz, libjson-=
c,
	  or libpcre2 are not available. Libpcre is no longer supported in favor of
	  libpcre2. In this release, we removed all the dead code associated with th=
ose
	  unsupported build configurations.
	  - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1217)
	- Fixed assorted typos. Patch courtesy of RainRat.
	  - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1228)
	- Added missing documentation for the ClamScan `--force-to-disk` option.
	  - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1186)
	- Fixed an issue where ClamAV unit tests would prefer an older
	  libclamunrar_iface library from the install path, if present, rather than
	  the recently compiled library in the build path.
	  - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1258)
	- Fixed a build issue on Windows with newer versions of Rust.
	  Also upgraded GitHub Actions imports to fix CI failures.
	  Fixes courtesy of liushuyu.
	  - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1307)
	- Fixed an unaligned pointer dereference issue on select architectures.
	  Fix courtesy of Sebastian Andrzej Siewior.
	  - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1293)
	- Fixed a bug that prevented loading plaintext (non-CVD) signature files
	  when using the `--fail-if-cvd-older-than=3DDAYS` / `FailIfCvdOlderThan` op=
tion.
	  Fix courtesy of Bark.
	  - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1309)

Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
---
 config/rootfiles/packages/clamav | 8 ++++----
 lfs/clamav                       | 6 +++---
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/config/rootfiles/packages/clamav b/config/rootfiles/packages/cla=
mav
index f8deb9479..0bf660202 100644
--- a/config/rootfiles/packages/clamav
+++ b/config/rootfiles/packages/clamav
@@ -14,20 +14,20 @@ usr/bin/sigtool
 #usr/include/libfreshclam.h
 usr/lib/libclamav.so
 usr/lib/libclamav.so.12
-usr/lib/libclamav.so.12.0.2
+usr/lib/libclamav.so.12.0.3
 #usr/lib/libclamav_rust.a
 usr/lib/libclammspack.so
 usr/lib/libclammspack.so.0
 usr/lib/libclammspack.so.0.8.0
 usr/lib/libclamunrar.so
 usr/lib/libclamunrar.so.12
-usr/lib/libclamunrar.so.12.0.2
+usr/lib/libclamunrar.so.12.0.3
 usr/lib/libclamunrar_iface.so
 usr/lib/libclamunrar_iface.so.12
-usr/lib/libclamunrar_iface.so.12.0.2
+usr/lib/libclamunrar_iface.so.12.0.3
 usr/lib/libfreshclam.so
 usr/lib/libfreshclam.so.3
-usr/lib/libfreshclam.so.3.0.1
+usr/lib/libfreshclam.so.3.0.2
 #usr/lib/pkgconfig/libclamav.pc
 usr/sbin/clamd
 #usr/share/doc/ClamAV
diff --git a/lfs/clamav b/lfs/clamav
index f98d52532..72a3be790 100644
--- a/lfs/clamav
+++ b/lfs/clamav
@@ -26,7 +26,7 @@ include Config
=20
 SUMMARY    =3D Antivirus Toolkit
=20
-VER        =3D 1.3.2
+VER        =3D 1.4.1
=20
 THISAPP    =3D clamav-$(VER)
 DL_FILE    =3D $(THISAPP).tar.gz
@@ -34,7 +34,7 @@ DL_FROM    =3D $(URL_IPFIRE)
 DIR_APP    =3D $(DIR_SRC)/$(THISAPP)
 TARGET     =3D $(DIR_INFO)/$(THISAPP)
 PROG       =3D clamav
-PAK_VER    =3D 73
+PAK_VER    =3D 74
=20
 DEPS       =3D
=20
@@ -50,7 +50,7 @@ objects =3D $(DL_FILE)
=20
 $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE)
=20
-$(DL_FILE)_BLAKE2 =3D 65f5e951a0c8b506e4975a7f5ffcf2c0402907ac528075362efd39=
fece1325ca05127b89a8ae7dcb638577b441af20aed7ab233e5b73d33f5daa0f793e6416e8
+$(DL_FILE)_BLAKE2 =3D 2cc31d5d4f33ddfffd01a46d88b09965ea8634fa711e5772a303d0=
0c31efab2986727d6d26ca221f6518b80eb5ea3637c26dc0a2c32a493dd0a1cd43d2fd5d10
=20
=20
 install : $(TARGET)
--=20
2.47.1


--===============3142846530964619590==--