Release notes:
https://blog.clamav.net/2019/10/clamav-01020-has-been-released.html
Added dependencies to libcurl and libmspack.
Although it is technically possible to build this package without
libcurl it makes no sense because only libclamav would be built by
passing the new configure option --enable-libclamav-only but this would
disable most of the package rendering the scan for viruses impossible.
Therefore we decided to make libcurl a mandatory dependency.
libmspack was added as dependency to avoid building the internally
provided code for this package, we prefer to provide needed libraries
ourselves. Linking against internally-built libmspack is broken anyway
but we do not bother to fix the problem, use system libmspack instead.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Release notes:
https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html
- Fixes for the following vulnerabilities affecting 0.101.1 and prior:
- CVE-2019-1787:
An out-of-bounds heap read condition may occur when scanning PDF
documents. The defect is a failure to correctly keep track of the number
of bytes remaining in a buffer when indexing file data.
- CVE-2019-1789:
An out-of-bounds heap read condition may occur when scanning PE files
(i.e. Windows EXE and DLL files) that have been packed using Aspack as a
result of inadequate bound-checking.
- CVE-2019-1788:
An out-of-bounds heap write condition may occur when scanning OLE2 files
such as Microsoft Office 97-2003 documents. The invalid write happens when
an invalid pointer is mistakenly used to initialize a 32bit integer to
zero. This is likely to crash the application.
- Fixes for the following vulnerabilities affecting 0.101.1 and 0.101.0 only:
- CVE-2019-1786:
An out-of-bounds heap read condition may occur when scanning malformed PDF
documents as a result of improper bounds-checking.
- CVE-2019-1785:
A path-traversal write condition may occur as a result of improper input
validation when scanning RAR archives. Issue reported by aCaB.
- CVE-2019-1798:
A use-after-free condition may occur as a result of improper error
handling when scanning nested RAR archives. Issue reported by David L.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Configure check for OpenSSL fails:
/accts/mlweber1/rclinux/rc-buildroot-test/scripts/instance-3/output/host/sparc-buildroot-linux-uclibc/sysroot/usr/lib/libcrypto.a(threads_pthread.o): In function `CRYPTO_atomic_add':
threads_pthread.c:(.text+0x1dc): undefined reference to `__atomic_is_lock_free'
threads_pthread.c:(.text+0x1f4): undefined reference to `__atomic_fetch_add_4'
Fixes
http://autobuild.buildroot.net/results/cae8da81adff3ba493154e0ba8b21d90367f82eb/
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
clamav has an optional systemd dependency
Moreover, since the bump to 1.5.3, pkgconf prepends the sysroot to all
absolute paths found in the .pc file. This is correct when the paths
refer to something in STAGING_DIR (e.g. libdir, includedir), but not
when it refers to something used for the target.
clamav uses the systemdsystemunitdir variable from systemd.pc to decide
where to install things. Since DESTDIR is prepended to the install
destination, this will end up in the wrong location.
Until a better solution is found in pkgconf, pass the
systemdsystemunitdir to use explicitly instead of relying on systemd.pc.
Fixes:
- http://autobuild.buildroot.org/results/fe526c60542527112e6441e453b4df5de49242d9
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When json-c is enabled but libcurl is disabled, clamav tries to build
the clamsubmit program, which fails with:
CC clamsubmit.o
clamsubmit.c:6:23: fatal error: curl/curl.h: No such file or directory
#include <curl/curl.h>
This is due to an incorrect curl-config detection logic, leading to
/bin/curl-config being present making the configure script believe
that curl is available, even when --without-libcurl is explicitly
passed.
This commit adds a patch, submitted upstream, which fixes this
problem.
Fixes:
http://autobuild.buildroot.net/results/c43d2ebd8ab30016969d642dbd71c297dc5f6bab/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This commit switches to use the new gettext logic, which involves:
- using TARGET_NLS_DEPENDENCIES instead of hand-encoded dependencies
on gettext/host-gettext
- dropping BR2_PACKAGE_GETTEXT selection
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
We want to use SPDX identifier for license strings as much as possible.
SPDX short identifier for GPLv2/GPLv2+ is GPL-2.0/GPL-2.0+.
This change is done by using following command.
find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/\<GPLv2\>/GPL-2.0/g'
Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Changed upstream URL to project site clamav.net, the tarball for the
new version is not available on sourceforge.net anymore.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
- removed autoreconf and two patches applied upstream
b20eeffadb785e4a90e0
- removed clamuko configure option
- disabled fanotify support because UCLIBC_HAS_FTS is disabled
https://github.com/vrtadmin/clamav-devel/blob/master/README
"Support for on-access scanning using Clamuko/Dazuko has been replaced
with fanotify."
- added host-pkgconf dependency, used by configure
- added optional dependency to pcre
- added sha256 hash
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Clamav uses AC_TRY_RUN in m4/reorganization/code_checks/ipv6.m4 to check
for ipv6 support, which is not cross-compile safe. Since buildroot
supports ipv6 out-of-the-box now this patch forces ipv6 support.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
CVE-2013-6497 - the jwplayer.js file causes ClamAV to seg fault when
scanned with the -a (list archived files).
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
