Commit Graph

28 Commits

Author SHA1 Message Date
Bernd Kuhls
b80886388d package/clamav: security bump to 0.100.1
Fixes CVE-2017-16932, CVE-2018-0360 & CVE-2018-0361:
http://lists.clamav.net/pipermail/clamav-announce/2018/000032.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-07-10 10:25:09 +02:00
Thomas Petazzoni
037572ee56 clamav: add patch to fix build failure caused by lack of libcurl
When json-c is enabled but libcurl is disabled, clamav tries to build
the clamsubmit program, which fails with:

  CC       clamsubmit.o
clamsubmit.c:6:23: fatal error: curl/curl.h: No such file or directory
 #include <curl/curl.h>

This is due to an incorrect curl-config detection logic, leading to
/bin/curl-config being present making the configure script believe
that curl is available, even when --without-libcurl is explicitly
passed.

This commit adds a patch, submitted upstream, which fixes this
problem.

Fixes:

  http://autobuild.buildroot.net/results/c43d2ebd8ab30016969d642dbd71c297dc5f6bab/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-05-13 22:59:53 +02:00
Thomas Petazzoni
eb4b00129c clamav: reformat patches as Git-formatted patches
ClamAV is using Git upstream
(https://github.com/Cisco-Talos/clamav-devel), so it makes sense to
use Git-formatted patches.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-05-13 22:59:52 +02:00
Bernd Kuhls
6088fedd73 package/clamav: bump version to 0.100.0
Release notes:
http://lists.clamav.net/pipermail/clamav-announce/2018/000031.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-04-11 16:17:55 +02:00
Bernd Kuhls
d02cbe22da package/clamav: security bump to version 0.99.4
Fixes CVE-2012-6706, CVE-2017-6419, CVE-2017-11423, CVE-2018-1000085 &
CVE-2018-0202.

For details see upstream announcement:
http://lists.clamav.net/pipermail/clamav-announce/2018/000029.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-02 07:58:18 +01:00
Bernd Kuhls
ffb5dee113 package/clamav: security bump to version 0.99.3
Fixes CVE-2017-12374, CVE-2017-12375, CVE-2017-12376, CVE-2017-12377,
CVE-2017-12378, CVE-2017-12379, CVE-2017-12380.

For details see upstream announcement:
http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html

Added license hashes.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-27 14:47:03 +01:00
Thomas Petazzoni
c6882af636 clamav: use new gettext logic
This commit switches to use the new gettext logic, which involves:

 - using TARGET_NLS_DEPENDENCIES instead of hand-encoded dependencies
   on gettext/host-gettext

 - dropping BR2_PACKAGE_GETTEXT selection

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-05 01:27:24 +02:00
Peter Korsgaard
11271540bf Merge branch 'next'
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-06-01 22:28:14 +02:00
Adam Duskett
ee71aa2375 package/c*/Config.in: fix help text wrapping
The check-package script when ran gives warnings on text wrapping
on all of these Config files.  This patch cleans up all warnings
related to the text wrapping for the Config files starting with
the letter c in the package directory.

The appropriate indentation is: <tab><2 spaces><62 chars>
See http://nightly.buildroot.org/#writing-rules-config-in for more
information.

Signed-off-by: Adam Duskett <aduskett@codeblue.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-11 23:28:01 +02:00
Bernd Kuhls
c60a54ff8b package/clamav: renumber patch
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-11 21:50:55 +02:00
Adam Duskett
e22b287ca7 package/c*/Config.in: fix ordering of statements
The check-package script when ran gives warnings on ordering issues
on all of these Config files.  This patch cleans up all warnings
related to the ordering in the Config files for packages starting with
the letter c in the package directory.

The appropriate ordering is: type, default, depends on, select, help
See http://nightly.buildroot.org/#_config_files for more information.

Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-29 21:12:10 +02:00
Rahul Bedarkar
af31c309e7 boot, linux, package: use SPDX short identifier for GPLv2/GPLv2+
We want to use SPDX identifier for license strings as much as possible.
SPDX short identifier for GPLv2/GPLv2+ is GPL-2.0/GPL-2.0+.

This change is done by using following command.
find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/\<GPLv2\>/GPL-2.0/g'

Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-01 15:16:38 +02:00
Bernd Kuhls
013207f2e4 package/clamav: add optional dependency to json-c
clamav has optional support for json-c:

$ output/host/usr/bin/i586-buildroot-linux-uclibc-readelf -a output/target/usr/lib/libclamav.so.7.1.1 | grep NEEDED
 0x00000001 (NEEDED)                     Shared library: [libltdl.so.7]
 0x00000001 (NEEDED)                     Shared library: [libssl.so.1.0.0]
 0x00000001 (NEEDED)                     Shared library: [libcrypto.so.1.0.0]
 0x00000001 (NEEDED)                     Shared library: [libz.so.1]
 0x00000001 (NEEDED)                     Shared library: [libjson-c.so.2]
 0x00000001 (NEEDED)                     Shared library: [libc.so.0]

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-03-12 15:41:13 +01:00
Bernd Kuhls
a5b0607b4a package/clamav: needs libtool
clamav contains a copy of libltdl which is used when the libtool
package is not present, this increases the filesize of the target libs:

linked against libltdl.so:

-rwxr-xr-x 1 bernd bernd 1838528 Mär 11 13:21 output/target/usr/lib/libclamav.so.7.1.1

$ output/host/usr/bin/i586-buildroot-linux-uclibc-readelf -a output/target/usr/lib/libclamav.so.7.1.1 | grep NEEDED
 0x00000001 (NEEDED)                     Shared library: [libltdl.so.7]
 0x00000001 (NEEDED)                     Shared library: [libssl.so.1.0.0]
 0x00000001 (NEEDED)                     Shared library: [libcrypto.so.1.0.0]
 0x00000001 (NEEDED)                     Shared library: [libz.so.1]
 0x00000001 (NEEDED)                     Shared library: [libc.so.0]

not linked against libltdl.so:

-rwxr-xr-x 1 bernd bernd 1859548 Mär 11 13:21 output/target/usr/lib/libclamav.so.7.1.1

$ output/host/usr/bin/i586-buildroot-linux-uclibc-readelf -a output/target/usr/lib/libclamav.so.7.1.1 | grep NEEDED
 0x00000001 (NEEDED)                     Shared library: [libssl.so.1.0.0]
 0x00000001 (NEEDED)                     Shared library: [libcrypto.so.1.0.0]
 0x00000001 (NEEDED)                     Shared library: [libz.so.1]
 0x00000001 (NEEDED)                     Shared library: [libc.so.0]

Therefore this patch adds libtool as hard dependency to clamav.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-03-12 15:40:48 +01:00
Peter Korsgaard
4970a780b7 clamav: fix configure breakage after zlib 1.2.10 version bump
Fixes:
http://autobuild.buildroot.net/results/b6b/b6ba2dfb42ee41ed0b8304aa8c78645245f3b341/
http://autobuild.buildroot.net/results/eef/eef9a2dda2c172cd600dc74c1e5e60476d92280d/
http://autobuild.buildroot.net/results/827/82798118795aa6334b4dd6eac06777682131da7f/

The clamav configure script by default checks for old zlib versions with
known vulnerabilities and errors out if found:

configure: error: The installed zlib version may contain a security bug.
Please upgrade to 1.2.2 or later: http://www.zlib.net.  You can omit this
check with --disable-zlib-vcheck but DO NOT REPORT any stability issues
then!

The check is unfortunately not very robust as it simply checks for a version
string matching '1.2.1' (which 1.2.10 does):

vuln=`grep "ZLIB_VERSION \"1.2.1" $ZLIB_HOME/include/zlib.h`

As a workaround, pass --disable-zlib-vcheck to skip this check.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-01-04 17:04:18 +01:00
Bernd Kuhls
71ad4dadb6 package/clamav: bump version to 0.99.2
Changed upstream URL to project site clamav.net, the tarball for the
new version is not available on sourceforge.net anymore.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-05-09 22:26:56 +02:00
Gustavo Zacarias
2c8e5dd69f clamav: bump to version 0.99.1
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-03-03 15:08:04 +01:00
Bernd Kuhls
beb67930c6 package/clamav: Fix LICENSE_FILES after last version bump
Fixes
http://autobuild.buildroot.net/results/3a1/3a12aea6a7a3500883a6d0184da3bd8cebf50e7b/
and many others

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-12-13 14:30:26 +01:00
Bernd Kuhls
2abe487cd6 package/clamav: bump to version 0.99
- removed autoreconf and two patches applied upstream
b20eeffadb
785e4a90e0

- removed clamuko configure option
- disabled fanotify support because UCLIBC_HAS_FTS is disabled
https://github.com/vrtadmin/clamav-devel/blob/master/README
"Support for on-access scanning using Clamuko/Dazuko has been replaced
 with fanotify."

- added host-pkgconf dependency, used by configure
- added optional dependency to pcre
- added sha256 hash

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-12-12 12:05:29 +01:00
Bernd Kuhls
1591799094 package/clamav: bump version to 0.98.7, enable ipv6 support
Clamav uses AC_TRY_RUN in m4/reorganization/code_checks/ipv6.m4 to check
for ipv6 support, which is not cross-compile safe. Since buildroot
supports ipv6 out-of-the-box now this patch forces ipv6 support.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-04-29 23:27:12 +02:00
Peter Korsgaard
298cd8eaa2 package/*: rename patches according to the new policy
Autogenerated from rename-patch.py (http://patchwork.ozlabs.org/patch/403345)

Signed-off-by: Samuel Martin <s.martin49@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-02-03 14:52:56 +01:00
Bernd Kuhls
f67fa48bd6 package/clamav: bump version to 0.98.6
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-01-31 13:02:27 +01:00
Yann E. MORIN
a3926f3a64 package/clamav: fix static build
clamav unconditionally includes dlfcn.h which is missing on a uClibc
that is configured as a pure-static C library.

Thus, the build fails.

But the including file does not even makes use of any function from the
dlopen() familly, so it does not need to include dlfcn.h to start with.

Add a patch to clamav to not include dlfcn.h where not needed.

Fixes:
    http://autobuild.buildroot.net/results/b49/b491f4e5e1760248adb8d21b404e8aa15f7dbdd1/

[Peter: fix typo in patch description]
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-11-25 22:35:43 +01:00
Peter Korsgaard
7e1728bb05 clamav: fix bzip2 detection
Configure gets confused if the host has bzip2 development headers, so force
the results.

Fixes:
http://autobuild.buildroot.net/results/e73/e732d1bac8fe68fd8bba50e4e9d908be3d996c83/
http://autobuild.buildroot.net/results/1a4/1a46e53cf892534f1b3a16c249fa710485290b5a/
http://autobuild.buildroot.net/results/6d0/6d09379aaba0ccddddfee9e319b84687012fd5fc/
http://autobuild.buildroot.net/results/d23/d2310a2f265e7d22c025a61e064a3c29dc6213ef/

And many more.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-11-20 23:06:41 +01:00
Gustavo Zacarias
59119da778 clamav: security bump to version 0.98.5
Fixes:
CVE-2013-6497 - the jwplayer.js file causes ClamAV to seg fault when
scanned with the -a (list archived files).

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-11-20 19:40:13 +01:00
Yann E. MORIN
85101d3741 package/clamav: fix build with uClibc
clamav wants to use backtrace, and decides whether it can use it if it
detects a glibc >= 2.1.

But uClibc does impersonate a glibc >= 2.1, so clamav concludes it is
possible to use backtrace. So it includes execinfo.h, which is missing
in our default uClibc config file.

So, just extend the test so that backtrace support is disable on uClibc,
unless it has been configured with backtrace support.

A far better solution would be to add a ./configure check for backtrace,
but this patch is sufficient enough.

Fixes:
    http://autobuild.buildroot.net/results/cff/cffa32fcedda735983d4805d6d4fa77844539b10/
    http://autobuild.buildroot.net/results/e0a/e0a765a94a538b0b936ea512f7aba0264fac6309/
    ...

Bugtracker: https://bugzilla.clamav.net/show_bug.cgi?id=11170

[Peter: add bugtracker URL as suggested by Bernd]
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Acked-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-11-16 23:03:00 +01:00
Bernd Kuhls
32992aea5b package/clamav: add hash
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-11-08 22:24:13 +01:00
Bernd Kuhls
bf3753064b package/clamav: New package
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-11-01 15:38:57 +01:00