From nobody Wed Mar 9 02:16:24 2022 X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 52F5419F6E76; Wed, 9 Mar 2022 02:16:24 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4KCwmS1j8dz3Dnw; Wed, 9 Mar 2022 02:16:24 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1646792184; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=U5/fhWMNg/7+qc2YzSqhDGDMqzuEGGGa1mqFuaNUpM8=; b=sItYFJNFw2Du+NJQR5F7YOo/mlRI2v+CiTtLDFK5YTmt6ixlAIBtEf8J+21f1weDx9yCTo iOhn+1fPVZTnrg6WVP4zJSyM2u4/4ve4Qx2K3cpKtknz8CVY7GolHcQVZBJI9K9uZq1A8J rghsfS4QuboIni2HR024yDpt93Ss+VAKyxubKICWSORyxs1yvetYD9Mpcq816+ZtZzSsep n8Pz1F1Tb3zVzXDWhkNNnrDbG/mk40+rplMqFLhLXs1dphY/GNL2zImTSzXOS3uOdcEJc5 IhoJv6dGfndBDaZLk52E5Nn3D7TEieL1GVfjvKxWYgcky3IORb9iCJqWJWru9Q== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 1A1362C4; Wed, 9 Mar 2022 02:16:24 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 2292GO5G059277; Wed, 9 Mar 2022 02:16:24 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 2292GOss059276; Wed, 9 Mar 2022 02:16:24 GMT (envelope-from git) Date: Wed, 9 Mar 2022 02:16:24 GMT Message-Id: <202203090216.2292GOss059276@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Larry Rosenman Subject: git: a1caa829560c - main - security/clamav-unofficial-sigs: update to 7.2.5 List-Id: Commit messages for all branches of the ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-all@freebsd.org X-BeenThere: dev-commits-ports-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: ler X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: a1caa829560cdca7ae4e1ff71cb721ae27a3bed0 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1646792184; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=U5/fhWMNg/7+qc2YzSqhDGDMqzuEGGGa1mqFuaNUpM8=; b=dDC5xWetE8vdMFrZsHDa2ADDnOtZkuFH2H4xtS2Y9R2506zBx86XNU08Q9AO2LPn4p7UhN Dr8QMR5nmiKO34DKHkdwYgSlFbBcs4WBsdUY3NlBXGwlhzQGD50EDGDdEQSCuAvzIfrvne ddsdcPFgDffqT1o45NRAZBI3Rm0Q+ZL14ELIdw08t6Ilf1yO+CAvV8VeCkQ4aD7KSrDMYt Zr2MBSVktkLpTp9PHn+P0cwADGf9E3NZkJbbtOU2tM1X9GpSahJWMk7aQoD5PwAjE7rI/Y lG3erqenO1anqUKR8NGwY0Jar/Qm4uybkj6yeqQPtpee/Ywf/mJN1Vv11jg3Tw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1646792184; a=rsa-sha256; cv=none; b=oE8djdJ1VDGi4BMDBYW4SPL1yizslChGlOyN/sal7GvlvPlQ/T3RccxiJZgzz/IAewP2PK OIu4qQBLjeGlXqJkVB1bElcjv+i9HpgnkiFUGkD4i+bcIsCn29EbCOKWB0Hcm/uNvI4FSf /mPAb+FuN3U7YRQRhLkmJGk9sfQRvIO7d4O+3s2coZWyA3qjpIsIKqY1F7Vn06viYHUMDS DZBjxmX/x9Uxh1jT5R59RLeUYQ8nJVrDiZLKtoSnL5T9sdyh/NukHOuqdBZfLo0+5TDpUH 0WOmrE9iz0bWjh5oc9uWE1HyYtENMmzhbxIApLD2xv13yJiAliWM2iNC30gXIw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by ler: URL: https://cgit.FreeBSD.org/ports/commit/?id=a1caa829560cdca7ae4e1ff71cb721ae27a3bed0 commit a1caa829560cdca7ae4e1ff71cb721ae27a3bed0 Author: Larry Rosenman AuthorDate: 2022-03-09 01:26:50 +0000 Commit: Larry Rosenman CommitDate: 2022-03-09 02:16:17 +0000 security/clamav-unofficial-sigs: update to 7.2.5 Changes: 7.2.5 eXtremeSHOK.com Maintenance Added : os.centos7-cpanel.conf Refactor : bsd support for tar, remove gnu-tar requirement Refactor : remove gnu-sed requirement Refactor : bsd support for stat command 7.2.4 eXtremeSHOK.com Maintenance Disabled winnow_malware.yara , duplicated in EMAIL_Cryptowall.yar and no longer maintained Removed gtar requirement (--wildcards is the default) Incremented the config to version 97 7.2.3 eXtremeSHOK.com Maintenance Whitelist support for yararules (whitelist signature tracking is disabled for yararules) Disable JJencode.yar , due to excessive CPU usage Disable scamnailer , discontinued Update pfsense guide for 2.5 Fix working directory variable "urlhausy" to "urlhaus" Fix missing tracker-tmp.txt Thank you @perplexityjeff 7.2.2 eXtremeSHOK.com Maintenance Use POSIX character classes instead of literals Prevent linuxmalwaredetect yara files being extracted when yara is not supported Replace echo with xshok_pretty_echo_and_log to silence database cleanup cron messages 7.2.1 eXtremeSHOK.com Maintenance Change yararule email/Email_generic_phishing.yar to HIGH New config option: force_host, by default dig is used when dig and host is present. Refactor and correct the assigning of binaries/commands Fix broken yara rule database names: Maldoc_hancitor_dropper and Maldoc_APT19_CVE-2017-1099 Ensure only dig or host is used when either dig or host is enabled Enable remove_disabled_databases by default Fix disabled databases removed when "$remove_disabled_databases" is set to "no" Incremented the config to version 95 7.2 eXtremeSHOK.com maintenance Database rating downgrades are now supported, eg, changing from HIGH to LOW will remove the HIGH and MEDIUM rated databases. Disabled databases are automatically removed Disable databases by setting the rating to "DISABLED" eg. securiteinfo_dbs_rating="DISABLED" will disable all securiteinfo databases Added Malware Expert databases (non-free) Added interServer databases (free) Reworked securiteinfo premium databases (non-free) Added malwarepatrol_db to specify the exact database name (default: malwarepatrol.db) Added detection of tar executable (use gtar on mac and bsd) Config os.macosx.conf renamed to os.macos.conf Fix: set ownership of last-version-check.txt More automated linting and testing (markdown and macOS / osx) via travis-ci Updated macOS installation guide for Big Sur (OSX 11) Incremented the config to version 94 Thank you @dandanio @jkellerer @msapiro @shawniverson Enforce HTTPS validation by default Updated sanesecurity publickey.gpg url to use SSL Ignore yara files that include modules Enabled yararulesproject rules by default os.gentoo.conf: disable updates and upgrade checks Fix: URLhaus log message Fix wrong download URL for MalwarePatrol Fix: fallback to host if dig is not used Disable cron MAILTO BSD read config fix Incremented the config to version 92 Thank you @dandanio @jkellerer @m0urs @Mrothyr @msapiro @orlitzky @RobbieTheK @SlothOfAnarchy --- security/clamav-unofficial-sigs/Makefile | 3 +- security/clamav-unofficial-sigs/distinfo | 6 +- .../files/patch-clamav-unofficial-sigs.sh | 127 ++++++--------------- .../files/patch-config_user.conf | 11 +- 4 files changed, 48 insertions(+), 99 deletions(-) diff --git a/security/clamav-unofficial-sigs/Makefile b/security/clamav-unofficial-sigs/Makefile index 6b46c864d44c..773930aa0e48 100644 --- a/security/clamav-unofficial-sigs/Makefile +++ b/security/clamav-unofficial-sigs/Makefile @@ -1,7 +1,7 @@ # Created by: Marko Njezic PORTNAME= clamav-unofficial-sigs -PORTVERSION= 7.0.1 +PORTVERSION= 7.2.5 CATEGORIES= security MAINTAINER= freebsd@mnd.sc @@ -14,6 +14,7 @@ COMMON_DEPENDS= clamscan:security/clamav \ rsync:net/rsync \ curl:ftp/curl \ gpg:security/gnupg \ + gsed:textproc/gsed \ bash:shells/bash BUILD_DEPENDS= ${COMMON_DEPENDS} RUN_DEPENDS= ${COMMON_DEPENDS} diff --git a/security/clamav-unofficial-sigs/distinfo b/security/clamav-unofficial-sigs/distinfo index 909a25357574..c80dfd7e2838 100644 --- a/security/clamav-unofficial-sigs/distinfo +++ b/security/clamav-unofficial-sigs/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1581201339 -SHA256 (extremeshok-clamav-unofficial-sigs-7.0.1_GH0.tar.gz) = 20e1bd6da863513ec1dc42c3f498ca1dfe1c1845110442c2e4595df6ab8341ed -SIZE (extremeshok-clamav-unofficial-sigs-7.0.1_GH0.tar.gz) = 59517 +TIMESTAMP = 1646720893 +SHA256 (extremeshok-clamav-unofficial-sigs-7.2.5_GH0.tar.gz) = f42f9d68e111f892bfd71393e869e53c806f48966c768d219925de6652960c50 +SIZE (extremeshok-clamav-unofficial-sigs-7.2.5_GH0.tar.gz) = 68425 diff --git a/security/clamav-unofficial-sigs/files/patch-clamav-unofficial-sigs.sh b/security/clamav-unofficial-sigs/files/patch-clamav-unofficial-sigs.sh index 160cba0f5b8e..e8735f60f9a4 100644 --- a/security/clamav-unofficial-sigs/files/patch-clamav-unofficial-sigs.sh +++ b/security/clamav-unofficial-sigs/files/patch-clamav-unofficial-sigs.sh @@ -1,6 +1,6 @@ ---- clamav-unofficial-sigs.sh.orig 2020-02-08 22:48:12 UTC +--- clamav-unofficial-sigs.sh.orig 2022-03-08 06:43:27 UTC +++ clamav-unofficial-sigs.sh -@@ -1541,48 +1541,17 @@ force_wget="no" +@@ -1595,48 +1595,17 @@ enable_log="no" custom_config="no" we_have_a_config="0" @@ -21,103 +21,48 @@ -fi # Default config files -if [ -r "${config_dir}/master.conf" ] ; then -- config_files+=( "${config_dir}/master.conf" ) +- config_files+=( "${config_dir}/master.conf" ) -else -- xshok_pretty_echo_and_log "ERROR: ${config_dir}/master.conf is not readable" -- exit 1 +- xshok_pretty_echo_and_log "ERROR: ${config_dir}/master.conf is not readable" +- exit 1 -fi +config_dir="%%PREFIX%%/etc/clamav-unofficial-sigs" +config_files=("${config_dir}/master.conf") if [ -r "${config_dir}/os.conf" ] ; then - config_files+=( "${config_dir}/os.conf" ) + config_files+=( "${config_dir}/os.conf" ) -else -- #find the a suitable os.*.conf file -- os_config_number=$(find "$config_dir" -type f -iname "os.*.conf" | wc -l) -- if [ "$os_config_number" == "0" ] ; then -- xshok_pretty_echo_and_log "WARNING: no os.conf or os.*.conf found" -- elif [ "$os_config_number" == "1" ] ; then -- config_file="$(find "$config_dir" -type f -iname "os.*.conf" | head -n1)" -- if [ -r "${config_file}" ]; then -- config_files+=( "${config_file}" ) -- else -- xshok_pretty_echo_and_log "WARNING: ${config_file} is not readable" -- fi -- else -- xshok_pretty_echo_and_log "WARNING: Too many os.*.conf configs found" -- fi +- #find the a suitable os.*.conf file +- os_config_number=$(find "$config_dir" -type f -iname "os.*.conf" | wc -l) +- if [ "$os_config_number" == "0" ] ; then +- xshok_pretty_echo_and_log "WARNING: no os.conf or os.*.conf found" +- elif [ "$os_config_number" == "1" ] ; then +- config_file="$(find "$config_dir" -type f -iname "os.*.conf" | head -n1)" +- if [ -r "${config_file}" ]; then +- config_files+=( "${config_file}" ) +- else +- xshok_pretty_echo_and_log "WARNING: ${config_file} is not readable" +- fi +- else +- xshok_pretty_echo_and_log "WARNING: Too many os.*.conf configs found" +- fi fi if [ -r "${config_dir}/user.conf" ] ; then - config_files+=( "${config_dir}/user.conf" ) + config_files+=( "${config_dir}/user.conf" ) -else -- xshok_pretty_echo_and_log "WARNING: ${config_dir}/user.conf is not readable" +- xshok_pretty_echo_and_log "WARNING: ${config_dir}/user.conf is not readable" fi - # Solaris command -v function returns garbage when the program is not found -@@ -1718,10 +1687,8 @@ if [ "$custom_config" != "no" ] ; then - else - xshok_pretty_echo_and_log "WARNING: ${config_dir}/master.conf not found" - fi -- #find the a suitable os.conf or os.*.conf file -- config_file="$(find "$config_dir" -type f -iname "os.conf" -o -iname "os.*.conf" | tail -n1)" -- if [ -r "${config_file}" ] ; then -- config_files+=( "${config_file}" ) -+ if [ -r "${config_dir}/os.conf" ] ; then -+ config_files+=( "${config_dir}/os.conf" ) - else - xshok_pretty_echo_and_log "WARNING: ${config_dir}/os.conf not found" - fi -@@ -1767,7 +1734,7 @@ for config_file in "${config_files[@]}" ; do - # Delete both trailing and leading whitespace - # Delete all trailing whitespace - # Delete all empty lines -- clean_config="$(command sed -e '/^#.*/d' -e 's/[[:space:]]#.*//' -e 's/#[[:space:]].*//' -e 's/^[ \t]*//;s/[ \t]*$//' -e '/^\s*$/d' "$config_file")" -+ clean_config="$(command sed -e '/^#.*/d' -e 's/[[:space:]]#.*//' -e 's/#[[:space:]].*//' -e 's/^[[:blank:]]*//;s/[[:blank:]]*$//' -e '/^[[:space:]]*$/d' "$config_file")" - fi - - #fix eval of | -@@ -1782,7 +1749,7 @@ for config_file in "${config_files[@]}" ; do - fi - - # Check there is an = for every set of "" optional whitespace \s* between = and " -- config_check_vars="$(echo "$clean_config" | $grep_bin -c '=\s*\"' )" -+ config_check_vars="$(echo "$clean_config" | $grep_bin -c '=[[:space:]]*\"' )" - - if [ $(( ${#config_check} / 2 )) -ne "$config_check_vars" ] ; then - xshok_pretty_echo_and_log "ERROR: Your configuration has errors, every = requires a pair of \"\"" -@@ -2504,24 +2471,12 @@ if [ "$sanesecurity_enabled" == "yes" ] ; then - echo "$current_time" > "${work_dir_work_configs}/last-ss-update.txt" - xshok_pretty_echo_and_log "Sanesecurity Database & GPG Signature File Updates" "=" - xshok_pretty_echo_and_log "Checking for Sanesecurity updates..." -- # shellcheck disable=SC2086 -- sanesecurity_mirror_ips="$(dig $dig_proxy +ignore +short "$sanesecurity_url")" -- # Add fallback to host if dig returns no records -- if [ ${#sanesecurity_mirror_ips} -lt 1 ] ; then -- # shellcheck disable=SC2086 -- sanesecurity_mirror_ips="$(host $host_proxy -t A "$sanesecurity_url" | sed -n '/has address/{s/.*address \([^ ]*\).*/\1/;p;}')" -- fi - -+ sanesecurity_mirror_ips=$(host "$sanesecurity_url" | sed 's/.*[[:space:]]//') -+ - if [ ${#sanesecurity_mirror_ips} -ge 1 ] ; then - for sanesecurity_mirror_ip in $sanesecurity_mirror_ips ; do -- sanesecurity_mirror_name="" -- # shellcheck disable=SC2086 -- sanesecurity_mirror_name="$(dig $dig_proxy +short -x "$sanesecurity_mirror_ip" | command sed 's/\.$//')" -- # Add fallback to host if dig returns no records -- if [ -z "$sanesecurity_mirror_name" ] ; then -- # shellcheck disable=SC2086 -- sanesecurity_mirror_name="$(host $host_proxy "$sanesecurity_mirror_ip" | sed -n '/name pointer/{s/.*pointer \([^ ]*\).*\.$/\1/;p;}')" -- fi -+ sanesecurity_mirror_name=$(host "$sanesecurity_mirror_ip" | sed 's/.*[[:space:]]//' | sed 's/\.$//') - sanesecurity_mirror_site_info="$sanesecurity_mirror_name $sanesecurity_mirror_ip" - xshok_pretty_echo_and_log "Sanesecurity mirror site used: ${sanesecurity_mirror_site_info}" - # shellcheck disable=SC2086 -@@ -2834,7 +2789,7 @@ if [ "$linuxmalwaredetect_enabled" == "yes" ] ; then - ret="$?" - if [ "$ret" -eq 0 ] ; then - # shellcheck disable=SC2035 -- $tar_bin --strip-components=1 --wildcards --overwrite -xzf "${work_dir_linuxmalwaredetect}/sigpack.tgz" --directory "${work_dir_linuxmalwaredetect}" */rfxn.* -+ $tar_bin --strip-components=1 -xzf "${work_dir_linuxmalwaredetect}/sigpack.tgz" --directory "${work_dir_linuxmalwaredetect}" "*/rfxn.*" - for db_file in "${linuxmalwaredetect_dbs[@]}" ; do - if [ "$loop" == "1" ] ; then - xshok_pretty_echo_and_log "---" + # Solaris command -v function returns garbage when the program is not found k +@@ -1762,10 +1731,8 @@ + else + xshok_pretty_echo_and_log "WARNING: ${config_dir}/master.conf not found" + fi +- #find the a suitable os.conf or os.*.conf file +- config_file="$(find "$config_dir" -type f -iname "os.conf" -o -iname "os.*.conf" | tail -n1)" +- if [ -r "${config_file}" ] ; then +- config_files+=( "${config_file}" ) ++ if [ -r "${config_dir}/os.conf" ] ; then ++ config_files+=( "${config_dir}/os.conf" ) + else + xshok_pretty_echo_and_log "WARNING: ${config_dir}/os.conf not found" + fi diff --git a/security/clamav-unofficial-sigs/files/patch-config_user.conf b/security/clamav-unofficial-sigs/files/patch-config_user.conf index cab2825783e9..384bd87a196c 100644 --- a/security/clamav-unofficial-sigs/files/patch-config_user.conf +++ b/security/clamav-unofficial-sigs/files/patch-config_user.conf @@ -1,17 +1,20 @@ ---- config/user.conf.orig 2020-01-25 12:02:06 UTC +--- config/user.conf.orig 2021-03-20 02:49:21 UTC +++ config/user.conf -@@ -54,13 +54,11 @@ +@@ -64,7 +64,7 @@ #) #END ADDITIONAL DATABASES # Uncomment the following line to enable the script -user_configuration_complete="yes" +#user_configuration_complete="yes" + # HTTPS validation + # Uncomment to allow and ignore SSL errors leading to insecure transfers +@@ -73,8 +73,6 @@ # Proxy Support # If necessary to proxy database downloads, define the rsync, curl, wget, dig, hosr proxy settings here. #curl_proxy="--proxy http://username:password@proxy_host:proxy_port" -#dig_proxy="@proxy_host -p proxy_host:proxy_port" -#host_proxy="@proxy_host" #does not support port #rsync_proxy="username:password@proxy_host:proxy_port" - #wget_proxy="-e http_proxy=http://username:password@proxy_host:proxy_port -e https_proxy=https://username:password@proxy_host:proxy_port" - + # Define rsync to use netcat for socks tunnel + #rsync_connect_prog="nc -X 5 -x socksproxy_host:socksproxy_port %H 873"