From patchwork Tue Sep 3 09:17:19 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 8066 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mail01.haj.ipfire.org", Issuer "R10" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4Wyg4z1Jt4z3wwg for ; Tue, 3 Sep 2024 09:17:39 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature ECDSA (secp384r1) client-digest SHA384) (Client CN "mail02.haj.ipfire.org", Issuer "E6" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4Wyg4v68PWzcS; Tue, 3 Sep 2024 09:17:35 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4Wyg4v4HSNz340B; Tue, 3 Sep 2024 09:17:35 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mail01.haj.ipfire.org", Issuer "R10" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4Wyg4r49lYz30Bx for ; Tue, 3 Sep 2024 09:17:32 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4Wyg4p5hvczJH; Tue, 3 Sep 2024 09:17:30 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1725355050; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=bmIbeSDbbf01qx3RS9qgfAJwWH5996pT4eTYAFnlpt8=; b=7wbRQmQXH7HcRorZB8N8BOVIdoVht3CkhnWWjJoTMZJhwVKPznDpDxQW5DIDqW1IABlMP3 RbYGuywuiCxrD5Cw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1725355050; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=bmIbeSDbbf01qx3RS9qgfAJwWH5996pT4eTYAFnlpt8=; b=hraRijWbrASr+14TMPLEuhPvrwMzAFe42uU6llsMrVQik5XzwTaEbfe42ccJaZ0ZW1PD9C oypXYIAhJcg5Ocw7wRZdylSjFVUIuUPyc35uIfIPtA72XRTM4EipbYjBikWIn+afbX2LeW YxJ5YeDpsQrES+OxkAWYaMQMoTLT0Jlu1Ps+jXXNS3uoGS1KnHbEb7wFF+b/RAwoXjEbEJ TWgEzDClM9FtdIYGCFkETbqf/EAEM5JOZWSVkB+nt4loFqnpo/RxLWJ40paoAmZusIYY/c DZIxjWslb3X1bsE6w/WhsUlp1R8QNiS1ZV5HpY0I0m4ygES9FDyFRknyP1M2xQ== From: Adolf Belka To: development@lists.ipfire.org Subject: [PATCH] clamav: Update to version 1.3.1 Date: Tue, 3 Sep 2024 11:17:19 +0200 Message-ID: <20240903091725.7068-1-adolf.belka@ipfire.org> MIME-Version: 1.0 Message-ID-Hash: ITIX3CY7CKCCKAXWY2IEQQ2GH7DMJJTA X-Message-ID-Hash: ITIX3CY7CKCCKAXWY2IEQQ2GH7DMJJTA X-MailFrom: adolf.belka@ipfire.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.8 Precedence: list List-Id: IPFire development talk Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: - Update from version 1.3.0 to 1.3.1 - Update of rootfile not required - As we can not upgrade currently to version 1.4.0 due to the rust/ruby issue we need to update to 1.3.1 as it has a CVE fix in it. - There are three rust dependencies that have been updated but all have a rust-1.57 requirement so have no problem with our current rust-1.67.0 version - Changelog 1.3.1 This is a critical patch release with the following fixes: - [CVE-2024-20380](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20380): Fixed a possible crash in the HTML file parser that could cause a denial-of-service (DoS) condition. This issue affects version 1.3.0 only and does not affect prior versions. - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1242) - Updated select Rust dependencies to the latest versions. This resolved Cargo audit complaints and included PNG parser bug fixes. - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1227) - Fixed a bug causing some text to be truncated when converting from UTF-16. - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1230) - Fixed assorted complaints identified by Coverity static analysis. - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1235) - Fixed a bug causing CVDs downloaded by the `DatabaseCustomURL` Freshclam config option to be pruned and then re-downloaded with every update. - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1238) - Added the new 'valhalla' database name to the list of optional databases in preparation for future work. - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1238) - Added symbols to the `libclamav.map` file to enable additional build configurations. - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1244) Signed-off-by: Adolf Belka --- lfs/clamav | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lfs/clamav b/lfs/clamav index 5a1089187..32b4aa4f9 100644 --- a/lfs/clamav +++ b/lfs/clamav @@ -26,7 +26,7 @@ include Config SUMMARY = Antivirus Toolkit -VER = 1.3.0 +VER = 1.3.1 THISAPP = clamav-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = clamav -PAK_VER = 71 +PAK_VER = 72 DEPS = @@ -50,7 +50,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = dc411b1a905d2699c497870877fbe99e3910f8e29bc77830085c8ab75161c80066ca1396f47c3cd6a098c06c839464dbe31feb2e7e64622c657ad4a6a9401282 +$(DL_FILE)_BLAKE2 = 49fc5f2f9b4497c095c4d19f86ebcdbcd49cac0e1355c0dbaba8bd56cbbc5af94404b6e6b04fbfb5e3d4364b7ff110b8461f93ba485ddc3f6b56cd86dbe4b362 install : $(TARGET)