NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

package/clamav: security bump to version 0.101.5

Browse Source 
Fixes the following security vulnerabilities:

- CVE-2019-15961: A Denial-of-Service (DoS) vulnerability may occur when
  scanning a specially crafted email file as a result of excessively long
  scan times.  The issue is resolved by implementing several maximums in
  parsing MIME messages and by optimizing use of memory allocation.

Similar to the 0.102.0 bump, building with the internal libmspack copy is
broken, so instead link against the system one.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
Peter Korsgaard 2019-11-22 20:47:50 +01:00
parent 4b71c1f85b
commit dca8e50964
3 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
package/clamav/Config.in
View File

@ -4,6 +4,7 @@ config BR2_PACKAGE_CLAMAV
depends on BR2_TOOLCHAIN_HAS_THREADS
depends on BR2_USE_MMU # fork()
depends on BR2_USE_WCHAR
select BR2_PACKAGE_LIBMSPACK
select BR2_PACKAGE_LIBTOOL
select BR2_PACKAGE_OPENSSL
select BR2_PACKAGE_ZLIB

2
package/clamav/clamav.hash
View File

@ -1,5 +1,5 @@
# Locally calculated
sha256 0bf094f0919d158a578421d66bc2569c8c8181233ba162bb51722f98c802bccd clamav-0.101.4.tar.gz
sha256 04bc4af7aa61cd4ce419a1cfbf77605ee40128455c7627fe2725dd157392d58c clamav-0.101.5.tar.gz
sha256 0c4fd2fa9733fc9122503797648710851e4ee6d9e4969dd33fcbd8c63cd2f584 COPYING
sha256 d72a145c90918184a05ef65a04c9e6f7466faa59bc1b82c8f6a8ddc7ddcb9bed COPYING.bzip2
sha256 dfb818a0d41411c6fb1c193c68b73018ceadd1994bda41ad541cbff292894bc6 COPYING.file

4
package/clamav/clamav.mk
View File

@ -4,7 +4,7 @@
#
################################################################################
CLAMAV_VERSION = 0.101.4
CLAMAV_VERSION = 0.101.5
CLAMAV_SITE = https://www.clamav.net/downloads/production
CLAMAV_LICENSE = GPL-2.0
CLAMAV_LICENSE_FILES = COPYING COPYING.bzip2 COPYING.file COPYING.getopt \
@ -12,6 +12,7 @@ CLAMAV_LICENSE_FILES = COPYING COPYING.bzip2 COPYING.file COPYING.getopt \
COPYING.unrar COPYING.zlib
CLAMAV_DEPENDENCIES = \
host-pkgconf \
libmspack \
libtool \
openssl \
zlib \
@ -32,6 +33,7 @@ CLAMAV_CONF_OPTS = \
--with-ltdl-include=$(STAGING_DIR)/usr/include \
--with-ltdl-lib=$(STAGING_DIR)/usr/lib \
--with-openssl=$(STAGING_DIR)/usr \
--with-system-libmspack=$(STAGING_DIR)/usr \
--with-zlib=$(STAGING_DIR)/usr \
--disable-zlib-vcheck \
--disable-rpath \