[PATCH 32/32] clamav: Update to version 1.4.1

21 Dec 2024

- Update from version 1.3.2 to 1.4.1
- Update of rootfile
- Changelog
    1.4.1
    ClamAV 1.4.1 is a critical patch release with the following fixes:
    - [CVE-2024-20506](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20506):
      Changed the logging module to disable following symlinks on Linux and Unix
      systems so as to prevent an attacker with existing access to the 'clamd' or
      'freshclam' services from using a symlink to corrupt system files.
      This issue affects all currently supported versions. It will be fixed in:
      - 1.4.1
      - 1.3.2
      - 1.0.7
      - 0.103.12
      Thank you to Detlef for identifying this issue.
    - [CVE-2024-20505](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20505):
      Fixed a possible out-of-bounds read bug in the PDF file parser that could
      cause a denial-of-service (DoS) condition.
      This issue affects all currently supported versions. It will be fixed in:
      - 1.4.1
      - 1.3.2
      - 1.0.7
      - 0.103.12
      Thank you to OSS-Fuzz for identifying this issue.
    - Removed unused Python modules from freshclam tests including deprecated
      'cgi' module that is expected to cause test failures in Python 3.13.
    1.4.0
      Major changes
    - Added support for extracting ALZ archives.
      The new ClamAV file type for ALZ archives is `CL_TYPE_ALZ`.
      Added a [DCONF](https://docs.clamav.net/manual/Signatures/DynamicConfig.html)
      option to enable or disable ALZ archive support.
      > _Tip_: DCONF (Dynamic CONFiguration) is a feature that allows for some
      > configuration changes to be made via ClamAV `.cfg` "signatures".
      - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1183)
    - Added support for extracting LHA/LZH archives.
      The new ClamAV file type for LHA/LZH archives is `CL_TYPE_LHA_LZH`.
      Added a [DCONF](https://docs.clamav.net/manual/Signatures/DynamicConfig.html)
      option to enable or disable LHA/LZH archive support.
      - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1192)
    - Added the ability to disable image fuzzy hashing, if needed. For context,
      image fuzzy hashing is a detection mechanism useful for identifying malware
      by matching images included with the malware or phishing email/document.
      New ClamScan options:
      ```
      --scan-image[=yes(*)/no]
      --scan-image-fuzzy-hash[=yes(*)/no]
      ```
      New ClamD config options:
      ```
      ScanImage yes(*)/no
      ScanImageFuzzyHash yes(*)/no
      ```
      New libclamav scan options:
      ```c
      options.parse &= ~CL_SCAN_PARSE_IMAGE;
      options.parse &= ~CL_SCAN_PARSE_IMAGE_FUZZY_HASH;
      ```
      Added a [DCONF](https://docs.clamav.net/manual/Signatures/DynamicConfig.html)
      option to enable or disable image fuzzy hashing support.
      - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1186)
      Other improvements
    - Added cross-compiling instructions for targeting ARM64/aarch64 processors for
      [Windows](https://github.com/Cisco-Talos/clamav/blob/main/INSTALL-cross-windows-arm64....)
      and
      [Linux](https://github.com/Cisco-Talos/clamav/blob/main/INSTALL-cross-linux-arm64.md).
      - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1116)
    - Improved the Freshclam warning messages when being blocked or rate limited
      so as to include the Cloudflare Ray ID, which helps with issue triage.
      - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1195)
    - Removed unnecessary memory allocation checks when the size to be allocated
      is fixed or comes from a trusted source.
      We also renamed internal memory allocation functions and macros, so it is
      more obvious what each function does.
      - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1137)
    - Improved the Freshclam documentation to make it clear that the `--datadir`
      option must be an absolute path to a directory that already exists, is
      writable by Freshclam, and is readable by ClamScan and ClamD.
      - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1199)
    - Added an optimization to avoid calculating the file hash if the clean file
      cache has been disabled. The file hash may still be calculated as needed to
      perform hash-based signature matching if any hash-based signatures exist that
      target a file of the same size, or if any hash-based signatures exist that
      target "any" file size.
      - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1167)
    - Added an improvement to the SystemD service file for ClamOnAcc so that the
      service will shut down faster on some systems.
      - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1164)
    - Added a CMake build dependency on the version map files so that the build
      will re-run if changes are made to the version map files.
      Work courtesy of Sebastian Andrzej Siewior.
      - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1294)
    - Added an improvement to the CMake build so that the RUSTFLAGS settings
      are inherited from the environment.
      Work courtesy of liushuyu.
      - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1301)
      Bug fixes
    - Silenced confusing warning message when scanning some HTML files.
      - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1252)
    - Fixed minor compiler warnings.
      - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1197)
    - Since the build system changed from Autotools to CMake, ClamAV no longer
      supports building with configurations where bzip2, libxml2, libz, libjson-c,
      or libpcre2 are not available. Libpcre is no longer supported in favor of
      libpcre2. In this release, we removed all the dead code associated with those
      unsupported build configurations.
      - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1217)
    - Fixed assorted typos. Patch courtesy of RainRat.
      - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1228)
    - Added missing documentation for the ClamScan `--force-to-disk` option.
      - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1186)
    - Fixed an issue where ClamAV unit tests would prefer an older
      libclamunrar_iface library from the install path, if present, rather than
      the recently compiled library in the build path.
      - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1258)
    - Fixed a build issue on Windows with newer versions of Rust.
      Also upgraded GitHub Actions imports to fix CI failures.
      Fixes courtesy of liushuyu.
      - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1307)
    - Fixed an unaligned pointer dereference issue on select architectures.
      Fix courtesy of Sebastian Andrzej Siewior.
      - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1293)
    - Fixed a bug that prevented loading plaintext (non-CVD) signature files
      when using the `--fail-if-cvd-older-than=DAYS` / `FailIfCvdOlderThan` option.
      Fix courtesy of Bark.
      - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1309)
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
---
 config/rootfiles/packages/clamav | 8 ++++----
 lfs/clamav                       | 6 +++---
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/config/rootfiles/packages/clamav b/config/rootfiles/packages/clamav
index f8deb9479..0bf660202 100644
--- a/config/rootfiles/packages/clamav
+++ b/config/rootfiles/packages/clamav
@@ -14,20 +14,20 @@ usr/bin/sigtool
 #usr/include/libfreshclam.h
 usr/lib/libclamav.so
 usr/lib/libclamav.so.12
-usr/lib/libclamav.so.12.0.2
+usr/lib/libclamav.so.12.0.3
 #usr/lib/libclamav_rust.a
 usr/lib/libclammspack.so
 usr/lib/libclammspack.so.0
 usr/lib/libclammspack.so.0.8.0
 usr/lib/libclamunrar.so
 usr/lib/libclamunrar.so.12
-usr/lib/libclamunrar.so.12.0.2
+usr/lib/libclamunrar.so.12.0.3
 usr/lib/libclamunrar_iface.so
 usr/lib/libclamunrar_iface.so.12
-usr/lib/libclamunrar_iface.so.12.0.2
+usr/lib/libclamunrar_iface.so.12.0.3
 usr/lib/libfreshclam.so
 usr/lib/libfreshclam.so.3
-usr/lib/libfreshclam.so.3.0.1
+usr/lib/libfreshclam.so.3.0.2
 #usr/lib/pkgconfig/libclamav.pc
 usr/sbin/clamd
 #usr/share/doc/ClamAV
diff --git a/lfs/clamav b/lfs/clamav
index f98d52532..72a3be790 100644
--- a/lfs/clamav
+++ b/lfs/clamav
@@ -26,7 +26,7 @@ include Config
SUMMARY    = Antivirus Toolkit
-VER        = 1.3.2
+VER        = 1.4.1
THISAPP    = clamav-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -34,7 +34,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = clamav
-PAK_VER    = 73
+PAK_VER    = 74
DEPS       =
@@ -50,7 +50,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 65f5e951a0c8b506e4975a7f5ffcf2c0402907ac528075362efd39fece1325ca05127b89a8ae7dcb638577b441af20aed7ab233e5b73d33f5daa0f793e6416e8
+$(DL_FILE)_BLAKE2 = 2cc31d5d4f33ddfffd01a46d88b09965ea8634fa711e5772a303d00c31efab2986727d6d26ca221f6518b80eb5ea3637c26dc0a2c32a493dd0a1cd43d2fd5d10
install : $(TARGET)
-- 
2.47.1


    

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

[PATCH 32/32] clamav: Update to version 1.4.1