From patchwork Thu Mar 5 17:11:15 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 9545 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519) (Client CN "mail01.haj.ipfire.org", Issuer "R12" (not verified)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4fRbfs4wHjz3wjb for ; Thu, 05 Mar 2026 17:11:33 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [IPv6:2001:678:b28::201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519) (Client CN "mail02.haj.ipfire.org", Issuer "E7" (not verified)) by mail01.ipfire.org (Postfix) with ESMTPS id 4fRbfr2kC1z67X for ; Thu, 05 Mar 2026 17:11:32 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [IPv6:::1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4fRbfq0lDmz34Cb for ; Thu, 05 Mar 2026 17:11:31 +0000 (UTC) X-Original-To: development@lists.ipfire.org Received: from mail01.ipfire.org (mail01.haj.ipfire.org [IPv6:2001:678:b28::25]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mail01.haj.ipfire.org", Issuer "R12" (not verified)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4fRbfm3lpvz2xKR for ; Thu, 05 Mar 2026 17:11:28 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4fRbfl2Wvbz2kB; Thu, 05 Mar 2026 17:11:27 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1772730687; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=gR9QK5twOmKOmhvhJkvgMeD36f09tlvmwSPmUHpic7A=; b=z86ueSNZeTCdUwYMYh+ipQAxQCOqjP2OH6w2ouXTcyru25cbOiDubhuvaD5mnmN2jvvH/z 8TeKmhNcIEUUw2Dw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1772730687; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=gR9QK5twOmKOmhvhJkvgMeD36f09tlvmwSPmUHpic7A=; b=ecRAQeJuMi/NWjb1apwn8wVWJAdfO3JCTvQQyuqRHDuJSMTwDIP19C6qpozH1lXrCteZYU BJtlXGrWby2wTkjqe9pugP9pMC2jzRUKvT2YqmJtdyIoK2V0/VNTY4r3x7Q9kvKjtwQE+O 6oKk+CLEkz8b+xwnWSVdEfG5FA3fwyNY8bV5JLYeIUlxCJa0DoHJU7BU8iOXX4iQ0K6A8X VzURbwwBd6vN5Q3mGkXvE1cD4JJNcqoXYEUVcVpqx+1tyPMqs6E+Qz/nUdxFxgjWJj2JxI MH813d/SLCM4RNrJjL5JlJ79NjU488OA1bdT4QwYc+jpgztko1vOp/DhvVYgzA== From: Adolf Belka To: development@lists.ipfire.org Cc: Adolf Belka Subject: [PATCH] clamav: Update to version 1.5.2 Date: Thu, 5 Mar 2026 18:11:15 +0100 Message-ID: <20260305171124.2654733-1-adolf.belka@ipfire.org> Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: MIME-Version: 1.0 - Update from version 1.5.1 to 1.5.2 - Update of rootfile - CVE fix in update - Changelog 1.5.2 - [CVE-2026-20031](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-20031): Fixed an error handling bug in the HTML file parser that may crash the program and cause a denial-of-service (DoS) condition. This issue was introduced in version 1.1.0. The fix is included in 1.5.2 and 1.4.4. - Fixed a possible infinite loop when scanning some JPEG files by upgrading affected ClamAV dependency, a Rust image library. Unfortunately, this change requires a newer Rust compiler for ClamAV. The minimum Rust version for ClamAV 1.4.3 was 1.85.1. The minimum Rust version for ClamAV 1.4.4 is now 1.87.0. - Fixed a possible crash on Windows when scanning some files while using the `LeaveTemporaryFiles` and `TemporaryDirectory` features. - The CVD verification process will now ignore certificate files in the CVD certs directory when the user lacks read permissions. - Freshclam: Fixed CLD verification bug with `PrivateMirror` option. - Upgraded the Rust `bytes` dependency to a newer version to resolve the RUSTSEC-2026-0007 advisory. - Fixed a possible crash caused by invalid pointer alignment on some platforms. This fix is courtesy of Hsuan-Ming Chen at Synology PSIRT. Signed-off-by: Adolf Belka --- config/rootfiles/packages/clamav | 82 ++++++++++++++------------------ lfs/clamav | 6 +-- 2 files changed, 39 insertions(+), 49 deletions(-) diff --git a/config/rootfiles/packages/clamav b/config/rootfiles/packages/clamav index 43c5585d9..8cef24999 100644 --- a/config/rootfiles/packages/clamav +++ b/config/rootfiles/packages/clamav @@ -36,18 +36,8 @@ usr/sbin/clamd #usr/share/doc/ClamAV #usr/share/doc/ClamAV/html #usr/share/doc/ClamAV/html/404.html -#usr/share/doc/ClamAV/html/FontAwesome -#usr/share/doc/ClamAV/html/FontAwesome/css -#usr/share/doc/ClamAV/html/FontAwesome/css/font-awesome.css -#usr/share/doc/ClamAV/html/FontAwesome/fonts -#usr/share/doc/ClamAV/html/FontAwesome/fonts/FontAwesome.ttf -#usr/share/doc/ClamAV/html/FontAwesome/fonts/fontawesome-webfont.eot -#usr/share/doc/ClamAV/html/FontAwesome/fonts/fontawesome-webfont.svg -#usr/share/doc/ClamAV/html/FontAwesome/fonts/fontawesome-webfont.ttf -#usr/share/doc/ClamAV/html/FontAwesome/fonts/fontawesome-webfont.woff -#usr/share/doc/ClamAV/html/FontAwesome/fonts/fontawesome-webfont.woff2 #usr/share/doc/ClamAV/html/Introduction.html -#usr/share/doc/ClamAV/html/ace.js +#usr/share/doc/ClamAV/html/ace-2a3cd908.js #usr/share/doc/ClamAV/html/appendix #usr/share/doc/ClamAV/html/appendix/Appendix.html #usr/share/doc/ClamAV/html/appendix/Authenticode.html @@ -55,19 +45,19 @@ usr/sbin/clamd #usr/share/doc/ClamAV/html/appendix/FileTypes.html #usr/share/doc/ClamAV/html/appendix/FunctionalityLevels.html #usr/share/doc/ClamAV/html/appendix/Terminology.html -#usr/share/doc/ClamAV/html/ayu-highlight.css -#usr/share/doc/ClamAV/html/book.js -#usr/share/doc/ClamAV/html/clipboard.min.js +#usr/share/doc/ClamAV/html/ayu-highlight-3fdfc3ac.css +#usr/share/doc/ClamAV/html/book-a0b12cfe.js +#usr/share/doc/ClamAV/html/clipboard-1626706a.min.js #usr/share/doc/ClamAV/html/community_resources #usr/share/doc/ClamAV/html/community_resources/CommunityResources.html #usr/share/doc/ClamAV/html/community_resources/CompileClamAV_AmazonLinux2.txt #usr/share/doc/ClamAV/html/css -#usr/share/doc/ClamAV/html/css/chrome.css -#usr/share/doc/ClamAV/html/css/general.css -#usr/share/doc/ClamAV/html/css/print.css -#usr/share/doc/ClamAV/html/css/variables.css -#usr/share/doc/ClamAV/html/editor.js -#usr/share/doc/ClamAV/html/elasticlunr.min.js +#usr/share/doc/ClamAV/html/css/chrome-ae938929.css +#usr/share/doc/ClamAV/html/css/general-8eed8816.css +#usr/share/doc/ClamAV/html/css/print-9e4910d8.css +#usr/share/doc/ClamAV/html/css/variables-6d03f665.css +#usr/share/doc/ClamAV/html/editor-16ca416c.js +#usr/share/doc/ClamAV/html/elasticlunr-ef4e11c1.min.js #usr/share/doc/ClamAV/html/faq #usr/share/doc/ClamAV/html/faq/faq-cvd.html #usr/share/doc/ClamAV/html/faq/faq-eol.html @@ -86,25 +76,25 @@ usr/sbin/clamd #usr/share/doc/ClamAV/html/faq/faq-whichversion.html #usr/share/doc/ClamAV/html/faq/faq-win32.html #usr/share/doc/ClamAV/html/faq/faq.html -#usr/share/doc/ClamAV/html/favicon.png +#usr/share/doc/ClamAV/html/favicon-ba1b3133.png #usr/share/doc/ClamAV/html/fonts -#usr/share/doc/ClamAV/html/fonts/OPEN-SANS-LICENSE.txt -#usr/share/doc/ClamAV/html/fonts/SOURCE-CODE-PRO-LICENSE.txt -#usr/share/doc/ClamAV/html/fonts/fonts.css -#usr/share/doc/ClamAV/html/fonts/open-sans-v17-all-charsets-300.woff2 -#usr/share/doc/ClamAV/html/fonts/open-sans-v17-all-charsets-300italic.woff2 -#usr/share/doc/ClamAV/html/fonts/open-sans-v17-all-charsets-600.woff2 -#usr/share/doc/ClamAV/html/fonts/open-sans-v17-all-charsets-600italic.woff2 -#usr/share/doc/ClamAV/html/fonts/open-sans-v17-all-charsets-700.woff2 -#usr/share/doc/ClamAV/html/fonts/open-sans-v17-all-charsets-700italic.woff2 -#usr/share/doc/ClamAV/html/fonts/open-sans-v17-all-charsets-800.woff2 -#usr/share/doc/ClamAV/html/fonts/open-sans-v17-all-charsets-800italic.woff2 -#usr/share/doc/ClamAV/html/fonts/open-sans-v17-all-charsets-italic.woff2 -#usr/share/doc/ClamAV/html/fonts/open-sans-v17-all-charsets-regular.woff2 -#usr/share/doc/ClamAV/html/fonts/source-code-pro-v11-all-charsets-500.woff2 +#usr/share/doc/ClamAV/html/fonts/OPEN-SANS-LICENSE-cfc7749b.txt +#usr/share/doc/ClamAV/html/fonts/SOURCE-CODE-PRO-LICENSE-d1e6d465.txt +#usr/share/doc/ClamAV/html/fonts/fonts-9644e21d.css +#usr/share/doc/ClamAV/html/fonts/open-sans-v17-all-charsets-300-7736aa35.woff2 +#usr/share/doc/ClamAV/html/fonts/open-sans-v17-all-charsets-300italic-2c7b95c0.woff2 +#usr/share/doc/ClamAV/html/fonts/open-sans-v17-all-charsets-600-486c6759.woff2 +#usr/share/doc/ClamAV/html/fonts/open-sans-v17-all-charsets-600italic-1a3e8659.woff2 +#usr/share/doc/ClamAV/html/fonts/open-sans-v17-all-charsets-700-c22fe8c7.woff2 +#usr/share/doc/ClamAV/html/fonts/open-sans-v17-all-charsets-700italic-238ae959.woff2 +#usr/share/doc/ClamAV/html/fonts/open-sans-v17-all-charsets-800-3d2c812a.woff2 +#usr/share/doc/ClamAV/html/fonts/open-sans-v17-all-charsets-800italic-ba1521ec.woff2 +#usr/share/doc/ClamAV/html/fonts/open-sans-v17-all-charsets-italic-6c9463f7.woff2 +#usr/share/doc/ClamAV/html/fonts/open-sans-v17-all-charsets-regular-2e3b1d34.woff2 +#usr/share/doc/ClamAV/html/fonts/source-code-pro-v11-all-charsets-500-2bdd9410.woff2 #usr/share/doc/ClamAV/html/googled62299e9391332c4.html -#usr/share/doc/ClamAV/html/highlight.css -#usr/share/doc/ClamAV/html/highlight.js +#usr/share/doc/ClamAV/html/highlight-493f70e1.css +#usr/share/doc/ClamAV/html/highlight-abc7f01d.js #usr/share/doc/ClamAV/html/images #usr/share/doc/ClamAV/html/images/change-fork-name.png #usr/share/doc/ClamAV/html/images/cisco.png @@ -165,21 +155,21 @@ usr/sbin/clamd #usr/share/doc/ClamAV/html/manual/Usage/Services.html #usr/share/doc/ClamAV/html/manual/Usage/SignatureManagement.html #usr/share/doc/ClamAV/html/manual/cisco-talos.gpg -#usr/share/doc/ClamAV/html/mark.min.js -#usr/share/doc/ClamAV/html/mode-rust.js +#usr/share/doc/ClamAV/html/mark-09e88c2c.min.js +#usr/share/doc/ClamAV/html/mode-rust-2c9d5c9a.js #usr/share/doc/ClamAV/html/print.html -#usr/share/doc/ClamAV/html/searcher.js -#usr/share/doc/ClamAV/html/searchindex.js +#usr/share/doc/ClamAV/html/searcher-c2a407aa.js +#usr/share/doc/ClamAV/html/searchindex-1b5ba28b.js #usr/share/doc/ClamAV/html/sitemap.xml -#usr/share/doc/ClamAV/html/theme-dawn.js -#usr/share/doc/ClamAV/html/theme-tomorrow_night.js +#usr/share/doc/ClamAV/html/theme-dawn-4493f9c8.js +#usr/share/doc/ClamAV/html/theme-tomorrow_night-9dbe62a9.js +#usr/share/doc/ClamAV/html/toc-cbaddea7.js #usr/share/doc/ClamAV/html/toc.html -#usr/share/doc/ClamAV/html/toc.js -#usr/share/doc/ClamAV/html/tomorrow-night.css +#usr/share/doc/ClamAV/html/tomorrow-night-4c0ae647.css #var/ipfire/clamav var/ipfire/clamav/clamd.conf var/ipfire/clamav/clamd.conf.sample var/ipfire/clamav/freshclam.conf var/ipfire/clamav/freshclam.conf.sample var/lib/clamav -usr/local/bin/clamavctrl +-usr/local/bin/clamavctrl diff --git a/lfs/clamav b/lfs/clamav index f3debab3b..888803c10 100644 --- a/lfs/clamav +++ b/lfs/clamav @@ -26,7 +26,7 @@ include Config SUMMARY = Antivirus Toolkit -VER = 1.5.1 +VER = 1.5.2 THISAPP = clamav-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = clamav -PAK_VER = 82 +PAK_VER = 83 DEPS = @@ -50,7 +50,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = d6fd0885ea2864b0fecf040d6b0a088b8d9ad05a555697eab6c999b4a8b3d14bc2ee0968ef4dcb3f3b56d8361faecb98afa5ff4ffbb843cf1bf221a4e27a4496 +$(DL_FILE)_BLAKE2 = e63131ac19160a68c6acd9413263fd5793a6acf67adfe30873f6c56bca3a29286bf4f872e439b9c4b75ab772d20e9b05a0e0b3ac19399ac81033c52d7c2b6d42 install : $(TARGET)