b360fce5b0
Release notes:
https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html
- Fixes for the following vulnerabilities affecting 0.101.1 and prior:
- CVE-2019-1787:
An out-of-bounds heap read condition may occur when scanning PDF
documents. The defect is a failure to correctly keep track of the number
of bytes remaining in a buffer when indexing file data.
- CVE-2019-1789:
An out-of-bounds heap read condition may occur when scanning PE files
(i.e. Windows EXE and DLL files) that have been packed using Aspack as a
result of inadequate bound-checking.
- CVE-2019-1788:
An out-of-bounds heap write condition may occur when scanning OLE2 files
such as Microsoft Office 97-2003 documents. The invalid write happens when
an invalid pointer is mistakenly used to initialize a 32bit integer to
zero. This is likely to crash the application.
- Fixes for the following vulnerabilities affecting 0.101.1 and 0.101.0 only:
- CVE-2019-1786:
An out-of-bounds heap read condition may occur when scanning malformed PDF
documents as a result of improper bounds-checking.
- CVE-2019-1785:
A path-traversal write condition may occur as a result of improper input
validation when scanning RAR archives. Issue reported by aCaB.
- CVE-2019-1798:
A use-after-free condition may occur as a result of improper error
handling when scanning nested RAR archives. Issue reported by David L.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 4037c0a397
)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
101 lines
2.5 KiB
Makefile
101 lines
2.5 KiB
Makefile
################################################################################
|
|
#
|
|
# clamav
|
|
#
|
|
################################################################################
|
|
|
|
CLAMAV_VERSION = 0.101.2
|
|
CLAMAV_SITE = https://www.clamav.net/downloads/production
|
|
CLAMAV_LICENSE = GPL-2.0
|
|
CLAMAV_LICENSE_FILES = COPYING COPYING.bzip2 COPYING.file COPYING.getopt \
|
|
COPYING.LGPL COPYING.llvm COPYING.lzma COPYING.pcre COPYING.regex \
|
|
COPYING.unrar COPYING.zlib
|
|
CLAMAV_DEPENDENCIES = \
|
|
host-pkgconf \
|
|
libtool \
|
|
openssl \
|
|
zlib \
|
|
$(TARGET_NLS_DEPENDENCIES)
|
|
|
|
# mmap cannot be detected when cross-compiling, needed for mempool support
|
|
CLAMAV_CONF_ENV = \
|
|
ac_cv_c_mmap_private=yes \
|
|
have_cv_ipv6=yes
|
|
|
|
ifeq ($(BR2_TOOLCHAIN_HAS_LIBATOMIC),y)
|
|
CLAMAV_CONF_ENV += LIBS=-latomic
|
|
endif
|
|
|
|
# UCLIBC_HAS_FTS is disabled, therefore disable fanotify (missing fts.h)
|
|
CLAMAV_CONF_OPTS = \
|
|
--with-dbdir=/var/lib/clamav \
|
|
--with-ltdl-include=$(STAGING_DIR)/usr/include \
|
|
--with-ltdl-lib=$(STAGING_DIR)/usr/lib \
|
|
--with-openssl=$(STAGING_DIR)/usr \
|
|
--with-zlib=$(STAGING_DIR)/usr \
|
|
--disable-zlib-vcheck \
|
|
--disable-rpath \
|
|
--disable-clamav \
|
|
--disable-fanotify \
|
|
--disable-milter \
|
|
--disable-llvm \
|
|
--disable-clamdtop \
|
|
--enable-mempool
|
|
|
|
ifeq ($(BR2_PACKAGE_BZIP2),y)
|
|
CLAMAV_DEPENDENCIES += bzip2
|
|
# autodetection gets confused if host has bzip2, so force it
|
|
CLAMAV_CONF_ENV += \
|
|
ac_cv_libbz2_libs=-lbz2 \
|
|
ac_cv_libbz2_ltlibs=-lbz2
|
|
else
|
|
CLAMAV_CONF_OPTS += --disable-bzip2
|
|
endif
|
|
|
|
ifeq ($(BR2_PACKAGE_JSON_C),y)
|
|
CLAMAV_CONF_OPTS += --with-libjson=$(STAGING_DIR)/usr
|
|
CLAMAV_DEPENDENCIES += json-c
|
|
else
|
|
CLAMAV_CONF_OPTS += --without-libjson
|
|
endif
|
|
|
|
ifeq ($(BR2_PACKAGE_LIBXML2),y)
|
|
CLAMAV_CONF_OPTS += --with-xml=$(STAGING_DIR)/usr
|
|
CLAMAV_DEPENDENCIES += libxml2
|
|
else
|
|
CLAMAV_CONF_OPTS += --disable-xml
|
|
endif
|
|
|
|
ifeq ($(BR2_PACKAGE_LIBCURL),y)
|
|
CLAMAV_CONF_OPTS += --with-libcurl=$(STAGING_DIR)/usr
|
|
CLAMAV_DEPENDENCIES += libcurl
|
|
else
|
|
CLAMAV_CONF_OPTS += --without-libcurl
|
|
endif
|
|
|
|
ifeq ($(BR2_PACKAGE_LIBICONV),y)
|
|
CLAMAV_CONF_OPTS += --with-iconv
|
|
CLAMAV_DEPENDENCIES += libiconv
|
|
else
|
|
CLAMAV_CONF_OPTS += --without-iconv
|
|
endif
|
|
|
|
ifeq ($(BR2_PACKAGE_PCRE2),y)
|
|
CLAMAV_CONF_OPTS += --with-pcre=$(STAGING_DIR)/usr
|
|
CLAMAV_DEPENDENCIES += pcre2
|
|
else ifeq ($(BR2_PACKAGE_PCRE),y)
|
|
CLAMAV_CONF_OPTS += --with-pcre=$(STAGING_DIR)/usr
|
|
CLAMAV_DEPENDENCIES += pcre
|
|
else
|
|
CLAMAV_CONF_OPTS += --without-pcre
|
|
endif
|
|
|
|
ifeq ($(BR2_INIT_SYSTEMD),y)
|
|
CLAMAV_CONF_OPTS += --with-systemdsystemunitdir=/usr/lib/systemd/system
|
|
CLAMAV_DEPENDENCIES += systemd
|
|
else
|
|
CLAMAV_CONF_OPTS += --with-systemdsystemunitdir=no
|
|
endif
|
|
|
|
$(eval $(autotools-package))
|