From patchwork Wed Apr 7 19:49:08 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matthias Fischer X-Patchwork-Id: 4119 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4FFw2P6qWQz3yBV for ; Wed, 7 Apr 2021 19:49:17 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4FFw2N4nT4z1Tb; Wed, 7 Apr 2021 19:49:16 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4FFw2N20Jlz2xVn; Wed, 7 Apr 2021 19:49:16 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4FFw2L6SHbz2xBf for ; Wed, 7 Apr 2021 19:49:14 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4FFw2L25jyzZ3 for ; Wed, 7 Apr 2021 19:49:14 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1617824954; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc; bh=IYhD2v9/A4i3b3wSRbPjBkagzLYlzxSmzOd5PPuSEJ0=; b=wF4TNcQpddhuaLi6j7Bf/J54mcLU+fMGn9ip6K/0wE2h9+GFAjtmKAn5p6lzU3YOuYhjLP ZKRPgwGvIPKttxDw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1617824954; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc; bh=IYhD2v9/A4i3b3wSRbPjBkagzLYlzxSmzOd5PPuSEJ0=; b=OkSzAy8JyEzTxj7WAiNCI69xtGjwygIrU8Q0lQ+1g1cb8HZKVu8qEnmk4MMzSw2um0Rgt6 chzGLufuruXt/4L7/Bj/2dyT2nXEWzOXCBGeKVda8ZZ16EwhCkJkTU6jcSKNaZG2y4LRbh bMoPHAzPHBMCgLJmzkCVBRlmYB1G04DHcebPihtw6stIEEtiCf4Tm5BHmdilfNY7d1QySO SXXXuy4HIeLo0JNu8J4dD7R4FqY8LOkFy8Fp7wUvE24tQqA4a5Si7ZvtR3O256twpm9rW7 VxE2XuRDQ/yzwGw+4x33HHdcmtJoTyHJmQBI6/I+vKMLfVeMmS5GP9Dgi+GT/A== From: Matthias Fischer To: development@lists.ipfire.org Subject: [PATCH] clamav: Update to 0.103.2 Date: Wed, 7 Apr 2021 21:49:08 +0200 Message-Id: <20210407194908.1612-1-matthias.fischer@ipfire.org> X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" For details see: https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html "This is a security patch release with the following fixes: CVE-2021-1386: Fix for UnRAR DLL load privilege escalation. Affects 0.103.1 and prior on Windows only. CVE-2021-1252: Fix for Excel XLM parser infinite loop. Affects 0.103.0 and 0.103.1 only. CVE-2021-1404: Fix for PDF parser buffer over-read; possible crash. Affects 0.103.0 and 0.103.1 only. CVE-2021-1405: Fix for mail parser NULL-dereference crash. Affects 0.103.1 and prior. Fix possible memory leak in PNG parser. Fix ClamOnAcc scan on file-creation race condition so files are scanned after their contents are written. FreshClam: Deprecate the SafeBrowsing config option. The SafeBrowsing option will no longer do anything. For more details, see our blog post from last year about the future of the ClamAV Safe Browsing database. Tip: If creating and hosting your own safebrowing.gdb database, you can use the DatabaseCustomURL option in freshclam.conf to download it. FreshClam: Improved HTTP 304, 403 and 429 handling. FreshClam: Added the mirrors.dat file back to the database directory. This new mirrors.dat file will store: A randomly generated UUID for the FreshClam User-Agent. A retry-after timestamp that so FreshClam won't try to update after having received an HTTP 429 response until the Retry-After timeout has expired. FreshClam will now exit with a failure in daemon mode if an HTTP 403 (Forbidden) was received because the outcome won't change if it tries again later. The FreshClam user will have to take appropriate action to get unblocked. Fix the FreshClam mirror-sync issue where a downloaded database is "older than the version advertised." If a new CVD download gets a version that is older than advertised, FreshClam will keep the older version and retry the update so that the incremental update process (CDIFF patch process) will update to the latest version." Signed-off-by: Matthias Fischer --- lfs/clamav | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/lfs/clamav b/lfs/clamav index 2c4d6a6ba..e36b4003d 100644 --- a/lfs/clamav +++ b/lfs/clamav @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2020 IPFire Team # +# Copyright (C) 2007-2021 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 0.103.1 +VER = 0.103.2 THISAPP = clamav-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = clamav -PAK_VER = 54 +PAK_VER = 55 DEPS = @@ -50,7 +50,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = f895e9a261937ed91f5cb3ead4791555 +$(DL_FILE)_MD5 = 508e6988e2937985e702cc3a2202b6e7 install : $(TARGET)