NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
123a63df6f
kumquat-buildroot/package/clamav/clamav.mk
Bernd Kuhls 4037c0a397 package/clamav: security bump to version 0.101.2 
Release notes:
https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html

- Fixes for the following vulnerabilities affecting 0.101.1 and prior:
  - CVE-2019-1787:
    An out-of-bounds heap read condition may occur when scanning PDF
    documents. The defect is a failure to correctly keep track of the number
    of bytes remaining in a buffer when indexing file data.
  - CVE-2019-1789:
    An out-of-bounds heap read condition may occur when scanning PE files
    (i.e. Windows EXE and DLL files) that have been packed using Aspack as a
    result of inadequate bound-checking.
  - CVE-2019-1788:
    An out-of-bounds heap write condition may occur when scanning OLE2 files
    such as Microsoft Office 97-2003 documents. The invalid write happens when
    an invalid pointer is mistakenly used to initialize a 32bit integer to
    zero. This is likely to crash the application.

- Fixes for the following vulnerabilities affecting 0.101.1 and 0.101.0 only:
  - CVE-2019-1786:
    An out-of-bounds heap read condition may occur when scanning malformed PDF
    documents as a result of improper bounds-checking.
  - CVE-2019-1785:
    A path-traversal write condition may occur as a result of improper input
    validation when scanning RAR archives. Issue reported by aCaB.
  - CVE-2019-1798:
    A use-after-free condition may occur as a result of improper error
    handling when scanning nested RAR archives. Issue reported by David L.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-27 09:31:35 +01:00

101 lines
2.5 KiB
Makefile
Raw Blame History

################################################################################
#
# clamav
#
################################################################################
CLAMAV_VERSION = 0.101.2
CLAMAV_SITE = https://www.clamav.net/downloads/production
CLAMAV_LICENSE = GPL-2.0
CLAMAV_LICENSE_FILES = COPYING COPYING.bzip2 COPYING.file COPYING.getopt \
COPYING.LGPL COPYING.llvm COPYING.lzma COPYING.pcre COPYING.regex \
COPYING.unrar COPYING.zlib
CLAMAV_DEPENDENCIES = \
host-pkgconf \
libtool \
openssl \
zlib \
$(TARGET_NLS_DEPENDENCIES)
# mmap cannot be detected when cross-compiling, needed for mempool support
CLAMAV_CONF_ENV = \
ac_cv_c_mmap_private=yes \
have_cv_ipv6=yes
ifeq ($(BR2_TOOLCHAIN_HAS_LIBATOMIC),y)
CLAMAV_CONF_ENV += LIBS=-latomic
endif
# UCLIBC_HAS_FTS is disabled, therefore disable fanotify (missing fts.h)
CLAMAV_CONF_OPTS = \
--with-dbdir=/var/lib/clamav \
--with-ltdl-include=$(STAGING_DIR)/usr/include \
--with-ltdl-lib=$(STAGING_DIR)/usr/lib \
--with-openssl=$(STAGING_DIR)/usr \
--with-zlib=$(STAGING_DIR)/usr \
--disable-zlib-vcheck \
--disable-rpath \
--disable-clamav \
--disable-fanotify \
--disable-milter \
--disable-llvm \
--disable-clamdtop \
--enable-mempool
ifeq ($(BR2_PACKAGE_BZIP2),y)
CLAMAV_DEPENDENCIES += bzip2
# autodetection gets confused if host has bzip2, so force it
CLAMAV_CONF_ENV += \
ac_cv_libbz2_libs=-lbz2 \
ac_cv_libbz2_ltlibs=-lbz2
else
CLAMAV_CONF_OPTS += --disable-bzip2
endif
ifeq ($(BR2_PACKAGE_JSON_C),y)
CLAMAV_CONF_OPTS += --with-libjson=$(STAGING_DIR)/usr
CLAMAV_DEPENDENCIES += json-c
else
CLAMAV_CONF_OPTS += --without-libjson
endif
ifeq ($(BR2_PACKAGE_LIBXML2),y)
CLAMAV_CONF_OPTS += --with-xml=$(STAGING_DIR)/usr
CLAMAV_DEPENDENCIES += libxml2
else
CLAMAV_CONF_OPTS += --disable-xml
endif
ifeq ($(BR2_PACKAGE_LIBCURL),y)
CLAMAV_CONF_OPTS += --with-libcurl=$(STAGING_DIR)/usr
CLAMAV_DEPENDENCIES += libcurl
else
CLAMAV_CONF_OPTS += --without-libcurl
endif
ifeq ($(BR2_PACKAGE_LIBICONV),y)
CLAMAV_CONF_OPTS += --with-iconv
CLAMAV_DEPENDENCIES += libiconv
else
CLAMAV_CONF_OPTS += --without-iconv
endif
ifeq ($(BR2_PACKAGE_PCRE2),y)
CLAMAV_CONF_OPTS += --with-pcre=$(STAGING_DIR)/usr
CLAMAV_DEPENDENCIES += pcre2
else ifeq ($(BR2_PACKAGE_PCRE),y)
CLAMAV_CONF_OPTS += --with-pcre=$(STAGING_DIR)/usr
CLAMAV_DEPENDENCIES += pcre
else
CLAMAV_CONF_OPTS += --without-pcre
endif
ifeq ($(BR2_INIT_SYSTEMD),y)
CLAMAV_CONF_OPTS += --with-systemdsystemunitdir=/usr/lib/systemd/system
CLAMAV_DEPENDENCIES += systemd
else
CLAMAV_CONF_OPTS += --with-systemdsystemunitdir=no
endif
$(eval $(autotools-package))
Reference in New Issue View Git Blame Copy Permalink