Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package clamav for openSUSE:Factory checked in at 2024-12-18 20:11:19 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/clamav (Old) and /work/SRC/openSUSE:Factory/.clamav.new.29675 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "clamav" Wed Dec 18 20:11:19 2024 rev:127 rq:1231926 version:1.4.1 Changes: -------- --- /work/SRC/openSUSE:Factory/clamav/clamav.changes 2024-07-29 21:53:49.180198578 +0200 +++ /work/SRC/openSUSE:Factory/.clamav.new.29675/clamav.changes 2024-12-18 20:12:10.694396310 +0100 @@ -1,0 +2,48 @@ +Wed Dec 18 16:00:45 UTC 2024 - Andreas Stieger <andreas.stie...@gmx.de> + +- fix factory submission (clam.tcl, clamscan.log) + +------------------------------------------------------------------- +Tue Sep 10 13:05:08 UTC 2024 - Reinhard Max <m...@suse.com> + +- New version 1.4.1: + * [CVE-2024-20506, bsc#1230162]: Changed the logging module to + disable following symlinks on Linux and Unix systems so as to + prevent an attacker with existing access to the 'clamd' or + 'freshclam' services from using a symlink to corrupt system + files. + * [CVE-2024-20505, bsc#1230161]: Fixed a possible out-of-bounds + read bug in the PDF file parser that could cause a + denial-of-service (DoS) condition. + * https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html + +- New version 1.4.0: + * Added support for extracting ALZ archives. + * Added support for extracting LHA/LZH archives. + * Added the ability to disable image fuzzy hashing, if needed. + For context, image fuzzy hashing is a detection mechanism + useful for identifying malware by matching images included with + the malware or phishing email/document. + * https://blog.clamav.net/2024/08/clamav-140-feature-release-and-clamav.html + +------------------------------------------------------------------- +Wed Sep 4 19:29:48 UTC 2024 - Arjen de Korte <suse+bu...@de-korte.org> + +- New version 1.3.2: + * CVE-2024-20506: Changed the logging module to disable following + symlinks on Linux and Unix systems so as to prevent an attacker + with existing access to the 'clamd' or 'freshclam' services from + using a symlink to corrupt system files. + * CVE-2024-20505: Fixed a possible out-of-bounds read bug in the PDF + file parser that could cause a denial-of-service condition. + * Removed unused Python modules from freshclam tests including + deprecated 'cgi' module that is expected to cause test failures in + Python 3.13. + * Fix unit test caused by expiring signing certificate. + * Fixed a build issue on Windows with newer versions of Rust. Also + upgraded GitHub Actions imports to fix CI failures. + * Fixed an unaligned pointer dereference issue on select architectures. + * Fixes to Jenkins CI pipeline. +- Remove upstreamed 1305.patch + +------------------------------------------------------------------- Old: ---- 1305.patch clamav-1.3.1.tar.gz clamav-1.3.1.tar.gz.sig New: ---- clamav-1.4.1.tar.gz clamav-1.4.1.tar.gz.sig BETA DEBUG BEGIN: Old: * Fixes to Jenkins CI pipeline. - Remove upstreamed 1305.patch BETA DEBUG END: ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ clamav.spec ++++++ --- /var/tmp/diff_new_pack.TukRuz/_old 2024-12-18 20:12:13.874528875 +0100 +++ /var/tmp/diff_new_pack.TukRuz/_new 2024-12-18 20:12:13.886529376 +0100 @@ -2,6 +2,7 @@ # spec file for package clamav # # Copyright (c) 2024 SUSE LLC +# Copyright (c) 2024 Andreas Stieger <andreas.stie...@gmx.de> # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -25,14 +26,14 @@ %if 0%{?suse_version} <= 1500 %define vgcc 13 %if 0%{?sle_version} < 150400 -%define vrust 1.69 +%define vrust 1.78 %define vcmake 3 %endif %endif %global confdir %_prefix%_sysconfdir Name: clamav -Version: 1.3.1 +Version: 1.4.1 Release: 0 Summary: Antivirus Toolkit License: GPL-2.0-only @@ -55,15 +56,12 @@ Patch12: clamav-fips.patch Patch14: clamav-document-maxsize.patch Patch15: clamav-format.patch -Patch16: https://github.com/Cisco-Talos/clamav/pull/1305.patch ExcludeArch: %{arml} BuildRequires: cargo%{?vrust} BuildRequires: cmake%{?vcmake} BuildRequires: gcc%{?vgcc} BuildRequires: gcc%{?vgcc}-c++ -# temp for Patch16 -BuildRequires: git-core BuildRequires: libbz2-devel BuildRequires: libjson-c-devel BuildRequires: libopenssl-devel >= 1.0.2 @@ -187,7 +185,6 @@ %patch -P 12 %patch -P 14 %patch -P 15 -git apply %{PATCH16} chmod -x docs/html/images/flamegraph.svg %build @@ -209,6 +206,7 @@ -DENABLE_CLAMONACC=ON \ -DENABLE_MILTER=ON \ -DSYSTEMD_UNIT_DIR=%{_unitdir} \ + -DPCRE2_LIBRARY=%{_libdir}/libpcre2-8.so \ %if %{without clammspack} -DENABLE_EXTERNAL_MSPACK=ON %endif ++++++ clamav-1.3.1.tar.gz -> clamav-1.4.1.tar.gz ++++++ /work/SRC/openSUSE:Factory/clamav/clamav-1.3.1.tar.gz /work/SRC/openSUSE:Factory/.clamav.new.29675/clamav-1.4.1.tar.gz differ: char 5, line 1 ++++++ clamav-conf.patch ++++++ --- /var/tmp/diff_new_pack.TukRuz/_old 2024-12-18 20:12:14.382550052 +0100 +++ /var/tmp/diff_new_pack.TukRuz/_new 2024-12-18 20:12:14.438552387 +0100 @@ -123,7 +123,7 @@ # Stop daemon when libclamav reports out of memory condition. #ExitOnOOM yes -@@ -708,7 +704,7 @@ Example +@@ -727,7 +723,7 @@ Example # multiple OnAccessIncludePath directives but each directory must be added # in a separate line. # Default: disabled @@ -132,7 +132,7 @@ #OnAccessIncludePath /students # Set the exclude paths. All subdirectories are also excluded. -@@ -778,7 +774,7 @@ Example +@@ -797,7 +793,7 @@ Example # It has the same potential race condition limitations of the # OnAccessExcludeUID option. # Default: disabled @@ -156,8 +156,8 @@ - # Path to the database directory. # WARNING: It must match clamd.conf's directive! - # Default: hardcoded (depends on installation options) -@@ -52,12 +48,12 @@ Example + # WARNING: It must already exist, be an absolute path, be writeable by +@@ -54,12 +50,12 @@ Example # It is recommended that the directory where this file is stored is # also owned by root to keep other users from tampering with it. # Default: disabled @@ -172,7 +172,7 @@ # Use DNS to verify virus database version. FreshClam uses DNS TXT records # to verify database and software versions. With this directive you can change -@@ -148,7 +144,7 @@ DatabaseMirror database.clamav.net +@@ -150,7 +146,7 @@ DatabaseMirror database.clamav.net # Send the RELOAD command to clamd. # Default: no ++++++ clamav-format.patch ++++++ --- /var/tmp/diff_new_pack.TukRuz/_old 2024-12-18 20:12:14.586558557 +0100 +++ /var/tmp/diff_new_pack.TukRuz/_new 2024-12-18 20:12:14.614559723 +0100 @@ -64,7 +64,7 @@ } --- libclamav/pe.c.orig +++ libclamav/pe.c -@@ -5185,12 +5185,12 @@ cl_error_t cli_peheader(fmap_t *map, str +@@ -5117,12 +5117,12 @@ cl_error_t cli_peheader(fmap_t *map, str /* If a section is truncated, adjust its size value */ if (!CLI_ISCONTAINED_0_TO(fsize, section->raw, section->rsz)) { @@ -81,7 +81,7 @@ } --- libfreshclam/libfreshclam_internal.c.orig +++ libfreshclam/libfreshclam_internal.c -@@ -226,7 +226,7 @@ fc_error_t load_freshclam_dat(void) +@@ -229,7 +229,7 @@ fc_error_t load_freshclam_dat(void) if (-1 == lseek(handle, strlen(MIRRORS_DAT_MAGIC), SEEK_SET)) { char error_message[260]; cli_strerror(errno, error_message, 260); @@ -92,7 +92,7 @@ --- unit_tests/check_clamav.c.orig +++ unit_tests/check_clamav.c -@@ -1939,7 +1939,7 @@ void diff_file_mem(int fd, const char *r +@@ -1925,7 +1925,7 @@ void diff_file_mem(int fd, const char *r ck_assert_msg(!!buf, "unable to malloc buffer: %zu", len); p = read(fd, buf, len); @@ -101,7 +101,7 @@ p = 0; while (len > 0) { c1 = ref[p]; -@@ -1950,10 +1950,10 @@ void diff_file_mem(int fd, const char *r +@@ -1936,10 +1936,10 @@ void diff_file_mem(int fd, const char *r len--; } if (len > 0) @@ -114,7 +114,7 @@ close(fd); } -@@ -1969,7 +1969,7 @@ void diff_files(int fd, int ref_fd) +@@ -1955,7 +1955,7 @@ void diff_files(int fd, int ref_fd) ck_assert_msg(lseek(ref_fd, 0, SEEK_SET) == 0, "lseek failed"); nread = read(ref_fd, ref, siz); @@ -154,7 +154,7 @@ rc = memcmp(p, expect, expect_len); --- libclamav/others_common.c.orig +++ libclamav/others_common.c -@@ -312,7 +312,7 @@ char *cli_strdup(const char *s) +@@ -362,7 +362,7 @@ char *cli_safer_strdup(const char *s) } alloc = strdup(s); @@ -162,5 +162,5 @@ + if (!alloc) { perror("strdup_problem"); - cli_errmsg("cli_strdup(): Can't allocate memory (%u bytes).\n", (unsigned int)strlen(s)); + cli_errmsg("cli_safer_strdup(): Can't allocate memory (%u bytes).\n", (unsigned int)strlen(s)); ++++++ clamav-obsolete-config.patch ++++++ --- /var/tmp/diff_new_pack.TukRuz/_old 2024-12-18 20:12:14.746565226 +0100 +++ /var/tmp/diff_new_pack.TukRuz/_new 2024-12-18 20:12:14.774566393 +0100 @@ -1,6 +1,6 @@ --- common/optparser.c.orig +++ common/optparser.c -@@ -598,6 +598,13 @@ const struct clam_option __clam_options[ +@@ -602,6 +602,13 @@ const struct clam_option __clam_options[ {"MailFollowURLs", "mail-follow-urls", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, -1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN | OPT_DEPRECATED, "", ""}, {"AllowSupplementaryGroups", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_MILTER | OPT_DEPRECATED, "Initialize a supplementary group access (the process must be started by root).", "no"}, {"ScanOnAccess", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, -1, NULL, 0, OPT_CLAMD | OPT_DEPRECATED, "", ""},
