From patchwork Thu Sep 5 08:31:53 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 8079 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mail01.haj.ipfire.org", Issuer "R10" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4WzszQ357Bz3wdh for ; Thu, 5 Sep 2024 08:32:02 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) client-signature ECDSA (secp384r1)) (Client CN "mail02.haj.ipfire.org", Issuer "E6" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4WzszN61yRz1kN; Thu, 5 Sep 2024 08:32:00 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4WzszN3mwkz33rH; Thu, 5 Sep 2024 08:32:00 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mail01.haj.ipfire.org", Issuer "R10" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4WzszK65tjz2xkm for ; Thu, 5 Sep 2024 08:31:57 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4WzszJ6GJCz128; Thu, 5 Sep 2024 08:31:56 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1725525117; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=D+RvVoKAIwG8gpUZ7CPtkHQMCLiYoFEKJqcohyx9xCE=; b=YAvTX/ZB5T8VRROB1EuiL6unNjOZsZPN0z86iQNs7nzUgsmp4keOwGfuHVaRPbVmZgFnmJ +r5aB6JDkt+Bv2Bw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1725525117; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=D+RvVoKAIwG8gpUZ7CPtkHQMCLiYoFEKJqcohyx9xCE=; b=f8kFqsBHbjIaoHpCAO7jn2F7KXKbaLrvNXGYLaEopOBzUk/swz/e5DX8KLb5fgWrtn5+Pt JOQKFfPMSV8tvpPyxL8HbrSDLZzGkitucEA5LoKMsPYqh2tbVDAgmD4EqieuPsYuimh+a1 tp9/M+vXBtWh3a8tade02uTp6vOgODgQJVfRCclr4eZJYbMSGxpM/KFXYFVZ3uqw5Qg1No x49SYcWi8mzdF54dhtTZBIwWdB1Qz1Mgb5KJPMaAo9mOyOqj0lGhv+rajE1E/4yd6uaGDW WYrI7fsr+OZ+f0hccN87+vV0b9HJ7ef+RLjdBc83GI0Y8sxSw+awD9O84jgRvA== From: Adolf Belka To: development@lists.ipfire.org Subject: [PATCH] clamav: Update to version 1.3.2 Date: Thu, 5 Sep 2024 10:31:53 +0200 Message-ID: <20240905083153.3413434-1-adolf.belka@ipfire.org> MIME-Version: 1.0 Message-ID-Hash: OP7DVHZ743QSN7AZOBAVH76ZLLO5OPT7 X-Message-ID-Hash: OP7DVHZ743QSN7AZOBAVH76ZLLO5OPT7 X-MailFrom: adolf.belka@ipfire.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.8 Precedence: list List-Id: IPFire development talk Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: - Update from version 1.3.1 to 1.3.2 - Update of rootfile - 2 CVE Fixes - Changelog 1.3.2 - [CVE-2024-20506](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20506): Changed the logging module to disable following symlinks on Linux and Unix systems so as to prevent an attacker with existing access to the 'clamd' or 'freshclam' services from using a symlink to corrupt system files. This issue affects all currently supported versions. It will be fixed in: - 1.4.1 - 1.3.2 - 1.0.7 - 0.103.12 Thank you to Detlef for identifying this issue. - [CVE-2024-20505](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20505): Fixed a possible out-of-bounds read bug in the PDF file parser that could cause a denial-of-service (DoS) condition. This issue affects all currently supported versions. It will be fixed in: - 1.4.1 - 1.3.2 - 1.0.7 - 0.103.12 Thank you to OSS-Fuzz for identifying this issue. - Removed unused Python modules from freshclam tests including deprecated 'cgi' module that is expected to cause test failures in Python 3.13. - Fix unit test caused by expiring signing certificate. - Backport of [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1305) - Fixed a build issue on Windows with newer versions of Rust. Also upgraded GitHub Actions imports to fix CI failures. Fixes courtesy of liushuyu. - Backport of [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1307) - Fixed an unaligned pointer dereference issue on select architectures. Fix courtesy of Sebastian Andrzej Siewior. - Backport of [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1293) - Fixes to Jenkins CI pipeline. For details, see [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1330) Signed-off-by: Adolf Belka --- config/rootfiles/packages/clamav | 4 ++-- lfs/clamav | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/config/rootfiles/packages/clamav b/config/rootfiles/packages/clamav index 2c7242d7e..f8deb9479 100644 --- a/config/rootfiles/packages/clamav +++ b/config/rootfiles/packages/clamav @@ -105,14 +105,13 @@ usr/sbin/clamd #usr/share/doc/ClamAV/html/images #usr/share/doc/ClamAV/html/images/change-fork-name.png #usr/share/doc/ClamAV/html/images/cisco.png +#usr/share/doc/ClamAV/html/images/clamav-git-workflow.png #usr/share/doc/ClamAV/html/images/clone-your-fork.png #usr/share/doc/ClamAV/html/images/create-a-fork.png #usr/share/doc/ClamAV/html/images/demon.png #usr/share/doc/ClamAV/html/images/flamegraph.svg #usr/share/doc/ClamAV/html/images/fork-is-behind.png #usr/share/doc/ClamAV/html/images/logo.png -#usr/share/doc/ClamAV/html/images/new-git-workflow.png -#usr/share/doc/ClamAV/html/images/old-git-workflow.png #usr/share/doc/ClamAV/html/index.html #usr/share/doc/ClamAV/html/manual #usr/share/doc/ClamAV/html/manual/Development @@ -163,6 +162,7 @@ usr/sbin/clamd #usr/share/doc/ClamAV/html/manual/Usage/Scanning.html #usr/share/doc/ClamAV/html/manual/Usage/Services.html #usr/share/doc/ClamAV/html/manual/Usage/SignatureManagement.html +#usr/share/doc/ClamAV/html/manual/cisco-talos.gpg #usr/share/doc/ClamAV/html/mark.min.js #usr/share/doc/ClamAV/html/mode-rust.js #usr/share/doc/ClamAV/html/print.html diff --git a/lfs/clamav b/lfs/clamav index 32b4aa4f9..f98d52532 100644 --- a/lfs/clamav +++ b/lfs/clamav @@ -26,7 +26,7 @@ include Config SUMMARY = Antivirus Toolkit -VER = 1.3.1 +VER = 1.3.2 THISAPP = clamav-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = clamav -PAK_VER = 72 +PAK_VER = 73 DEPS = @@ -50,7 +50,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 49fc5f2f9b4497c095c4d19f86ebcdbcd49cac0e1355c0dbaba8bd56cbbc5af94404b6e6b04fbfb5e3d4364b7ff110b8461f93ba485ddc3f6b56cd86dbe4b362 +$(DL_FILE)_BLAKE2 = 65f5e951a0c8b506e4975a7f5ffcf2c0402907ac528075362efd39fece1325ca05127b89a8ae7dcb638577b441af20aed7ab233e5b73d33f5daa0f793e6416e8 install : $(TARGET)