| Message ID | 20241221125539.15309-32-adolf.belka@ipfire.org |
|---|---|
| State | New |
| Headers |
Return-Path: <development-bounces@lists.ipfire.org> Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4YFkn40C6jz3xDX for <patchwork@web04.haj.ipfire.org>; Sat, 21 Dec 2024 12:56:24 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) client-signature ECDSA (secp384r1)) (Client CN "mail02.haj.ipfire.org", Issuer "E6" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4YFkn33QRWz7WK; Sat, 21 Dec 2024 12:56:23 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4YFkn32v5Dz34K1; Sat, 21 Dec 2024 12:56:23 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4YFkmW2QgYz34LN for <development@lists.ipfire.org>; Sat, 21 Dec 2024 12:55:55 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4YFkmV1LWKz7Qs; Sat, 21 Dec 2024 12:55:54 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1734785754; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=jRrQqh52TJ4AwQ6OIyRNEc3e+KofWXujuPbffWhTFwU=; b=ZVEMnJYaS4enDbI2HBEQov7xMiot7iu4o6xLNfYoRfUF4CPJoh5DtJkX1ymLubVDHve+Tr snWydjtZ9eJ0R0Bg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1734785754; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=jRrQqh52TJ4AwQ6OIyRNEc3e+KofWXujuPbffWhTFwU=; b=jQVTbZe1xqXp2rlIIvBtXh96YQfPKeb7JU5iDYlrh0vPFCUJ2/s7moVxTqllHMglLSZekV f/M9Ye1hrqsbz/d++3Rn5rf05fywbHmiJW3UWURCnIdE8wzZRTZyKcFEbz40RQn+l3CQ46 eq2USOMzftJTTLBq9oPAWNEJKWcKLvSD5au9IKMjRB7VGKe2MhIeKnwT2PxwZDrH6rUxkz B2N/rl3WBrjX56IoAZI5M/Xid+iSBHxuK3yhauamn7T5u79BCz8Hm+rVHdFeyZ+R+zYpLm UrdQ2AUkrmLvTdwPC1KRWFTflOXoMfOvPUPDYBbrImuDGSvvSG7tJKBquP2BFw== From: Adolf Belka <adolf.belka@ipfire.org> To: development@lists.ipfire.org Subject: [PATCH 32/32] clamav: Update to version 1.4.1 Date: Sat, 21 Dec 2024 13:55:39 +0100 Message-ID: <20241221125539.15309-32-adolf.belka@ipfire.org> In-Reply-To: <20241221125539.15309-1-adolf.belka@ipfire.org> References: <20241221125539.15309-1-adolf.belka@ipfire.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-ID-Hash: XIHZIAYYYUTLNRCW37HY6TOPS2FJAPXA X-Message-ID-Hash: XIHZIAYYYUTLNRCW37HY6TOPS2FJAPXA X-MailFrom: adolf.belka@ipfire.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.8 Precedence: list List-Id: IPFire development talk <development.lists.ipfire.org> Archived-At: <https://lists.ipfire.org/hyperkitty/list/development@lists.ipfire.org/message/XIHZIAYYYUTLNRCW37HY6TOPS2FJAPXA/> List-Archive: <https://lists.ipfire.org/hyperkitty/list/development@lists.ipfire.org/> List-Help: <mailto:development-request@lists.ipfire.org?subject=help> List-Owner: <mailto:development-owner@lists.ipfire.org> List-Post: <mailto:development@lists.ipfire.org> List-Subscribe: <mailto:development-join@lists.ipfire.org> List-Unsubscribe: <mailto:development-leave@lists.ipfire.org> |
| Series |
[01/32] rust: Update to version 1.83.0
|
|
Commit Message
Adolf Belka
Dec. 21, 2024, 12:55 p.m. UTC
- Update from version 1.3.2 to 1.4.1
- Update of rootfile
- Changelog
1.4.1
ClamAV 1.4.1 is a critical patch release with the following fixes:
- [CVE-2024-20506](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20506):
Changed the logging module to disable following symlinks on Linux and Unix
systems so as to prevent an attacker with existing access to the 'clamd' or
'freshclam' services from using a symlink to corrupt system files.
This issue affects all currently supported versions. It will be fixed in:
- 1.4.1
- 1.3.2
- 1.0.7
- 0.103.12
Thank you to Detlef for identifying this issue.
- [CVE-2024-20505](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20505):
Fixed a possible out-of-bounds read bug in the PDF file parser that could
cause a denial-of-service (DoS) condition.
This issue affects all currently supported versions. It will be fixed in:
- 1.4.1
- 1.3.2
- 1.0.7
- 0.103.12
Thank you to OSS-Fuzz for identifying this issue.
- Removed unused Python modules from freshclam tests including deprecated
'cgi' module that is expected to cause test failures in Python 3.13.
1.4.0
Major changes
- Added support for extracting ALZ archives.
The new ClamAV file type for ALZ archives is `CL_TYPE_ALZ`.
Added a [DCONF](https://docs.clamav.net/manual/Signatures/DynamicConfig.html)
option to enable or disable ALZ archive support.
> _Tip_: DCONF (Dynamic CONFiguration) is a feature that allows for some
> configuration changes to be made via ClamAV `.cfg` "signatures".
- [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1183)
- Added support for extracting LHA/LZH archives.
The new ClamAV file type for LHA/LZH archives is `CL_TYPE_LHA_LZH`.
Added a [DCONF](https://docs.clamav.net/manual/Signatures/DynamicConfig.html)
option to enable or disable LHA/LZH archive support.
- [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1192)
- Added the ability to disable image fuzzy hashing, if needed. For context,
image fuzzy hashing is a detection mechanism useful for identifying malware
by matching images included with the malware or phishing email/document.
New ClamScan options:
```
--scan-image[=yes(*)/no]
--scan-image-fuzzy-hash[=yes(*)/no]
```
New ClamD config options:
```
ScanImage yes(*)/no
ScanImageFuzzyHash yes(*)/no
```
New libclamav scan options:
```c
options.parse &= ~CL_SCAN_PARSE_IMAGE;
options.parse &= ~CL_SCAN_PARSE_IMAGE_FUZZY_HASH;
```
Added a [DCONF](https://docs.clamav.net/manual/Signatures/DynamicConfig.html)
option to enable or disable image fuzzy hashing support.
- [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1186)
Other improvements
- Added cross-compiling instructions for targeting ARM64/aarch64 processors for
[Windows](https://github.com/Cisco-Talos/clamav/blob/main/INSTALL-cross-windows-arm64.md)
and
[Linux](https://github.com/Cisco-Talos/clamav/blob/main/INSTALL-cross-linux-arm64.md).
- [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1116)
- Improved the Freshclam warning messages when being blocked or rate limited
so as to include the Cloudflare Ray ID, which helps with issue triage.
- [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1195)
- Removed unnecessary memory allocation checks when the size to be allocated
is fixed or comes from a trusted source.
We also renamed internal memory allocation functions and macros, so it is
more obvious what each function does.
- [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1137)
- Improved the Freshclam documentation to make it clear that the `--datadir`
option must be an absolute path to a directory that already exists, is
writable by Freshclam, and is readable by ClamScan and ClamD.
- [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1199)
- Added an optimization to avoid calculating the file hash if the clean file
cache has been disabled. The file hash may still be calculated as needed to
perform hash-based signature matching if any hash-based signatures exist that
target a file of the same size, or if any hash-based signatures exist that
target "any" file size.
- [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1167)
- Added an improvement to the SystemD service file for ClamOnAcc so that the
service will shut down faster on some systems.
- [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1164)
- Added a CMake build dependency on the version map files so that the build
will re-run if changes are made to the version map files.
Work courtesy of Sebastian Andrzej Siewior.
- [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1294)
- Added an improvement to the CMake build so that the RUSTFLAGS settings
are inherited from the environment.
Work courtesy of liushuyu.
- [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1301)
Bug fixes
- Silenced confusing warning message when scanning some HTML files.
- [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1252)
- Fixed minor compiler warnings.
- [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1197)
- Since the build system changed from Autotools to CMake, ClamAV no longer
supports building with configurations where bzip2, libxml2, libz, libjson-c,
or libpcre2 are not available. Libpcre is no longer supported in favor of
libpcre2. In this release, we removed all the dead code associated with those
unsupported build configurations.
- [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1217)
- Fixed assorted typos. Patch courtesy of RainRat.
- [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1228)
- Added missing documentation for the ClamScan `--force-to-disk` option.
- [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1186)
- Fixed an issue where ClamAV unit tests would prefer an older
libclamunrar_iface library from the install path, if present, rather than
the recently compiled library in the build path.
- [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1258)
- Fixed a build issue on Windows with newer versions of Rust.
Also upgraded GitHub Actions imports to fix CI failures.
Fixes courtesy of liushuyu.
- [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1307)
- Fixed an unaligned pointer dereference issue on select architectures.
Fix courtesy of Sebastian Andrzej Siewior.
- [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1293)
- Fixed a bug that prevented loading plaintext (non-CVD) signature files
when using the `--fail-if-cvd-older-than=DAYS` / `FailIfCvdOlderThan` option.
Fix courtesy of Bark.
- [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1309)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
config/rootfiles/packages/clamav | 8 ++++----
lfs/clamav | 6 +++---
2 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/config/rootfiles/packages/clamav b/config/rootfiles/packages/clamav index f8deb9479..0bf660202 100644 --- a/config/rootfiles/packages/clamav +++ b/config/rootfiles/packages/clamav @@ -14,20 +14,20 @@ usr/bin/sigtool #usr/include/libfreshclam.h usr/lib/libclamav.so usr/lib/libclamav.so.12 -usr/lib/libclamav.so.12.0.2 +usr/lib/libclamav.so.12.0.3 #usr/lib/libclamav_rust.a usr/lib/libclammspack.so usr/lib/libclammspack.so.0 usr/lib/libclammspack.so.0.8.0 usr/lib/libclamunrar.so usr/lib/libclamunrar.so.12 -usr/lib/libclamunrar.so.12.0.2 +usr/lib/libclamunrar.so.12.0.3 usr/lib/libclamunrar_iface.so usr/lib/libclamunrar_iface.so.12 -usr/lib/libclamunrar_iface.so.12.0.2 +usr/lib/libclamunrar_iface.so.12.0.3 usr/lib/libfreshclam.so usr/lib/libfreshclam.so.3 -usr/lib/libfreshclam.so.3.0.1 +usr/lib/libfreshclam.so.3.0.2 #usr/lib/pkgconfig/libclamav.pc usr/sbin/clamd #usr/share/doc/ClamAV diff --git a/lfs/clamav b/lfs/clamav index f98d52532..72a3be790 100644 --- a/lfs/clamav +++ b/lfs/clamav @@ -26,7 +26,7 @@ include Config SUMMARY = Antivirus Toolkit -VER = 1.3.2 +VER = 1.4.1 THISAPP = clamav-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = clamav -PAK_VER = 73 +PAK_VER = 74 DEPS = @@ -50,7 +50,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 65f5e951a0c8b506e4975a7f5ffcf2c0402907ac528075362efd39fece1325ca05127b89a8ae7dcb638577b441af20aed7ab233e5b73d33f5daa0f793e6416e8 +$(DL_FILE)_BLAKE2 = 2cc31d5d4f33ddfffd01a46d88b09965ea8634fa711e5772a303d00c31efab2986727d6d26ca221f6518b80eb5ea3637c26dc0a2c32a493dd0a1cd43d2fd5d10 install : $(TARGET)