Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package clamav for openSUSE:Factory checked in at 2022-01-16 23:18:32 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/clamav (Old) and /work/SRC/openSUSE:Factory/.clamav.new.1892 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "clamav" Sun Jan 16 23:18:32 2022 rev:116 rq:946798 version:0.103.5 Changes: -------- --- /work/SRC/openSUSE:Factory/clamav/clamav.changes 2021-11-05 22:58:26.832275340 +0100 +++ /work/SRC/openSUSE:Factory/.clamav.new.1892/clamav.changes 2022-01-16 23:19:29.334384087 +0100 @@ -1,0 +2,24 @@ +Wed Jan 12 21:04:58 UTC 2022 - Arjen de Korte <suse+bu...@de-korte.org> + +- Update to 0.103.5 + * CVE-2022-20698: Fix for invalid pointer read that may cause a crash. + This issue affects 0.104.1, 0.103.4 and prior when ClamAV is compiled + with libjson-c and the CL_SCAN_GENERAL_COLLECT_METADATA scan option + (the clamscan --gen-json option) is enabled. + * Fixed ability to disable the file size limit with libclamav C API, + like this: + + cl_engine_set_num(engine, CL_ENGINE_MAX_FILESIZE, 0); + + This issue didn't affect ClamD or ClamScan which also can disable the + limit by setting it to zero using MaxFileSize 0 in clamd.conf for ClamD, + or clamscan --max-filesize=0 for ClamScan. + Note: Internally, the max file size is still set to 2 GiB. Disabling the + limit for a scan will fall back on the internal 2 GiB limitation. + * Increased the maximum line length for ClamAV config files from 512 bytes + to 1,024 bytes to allow for longer config option strings. + * SigTool: Fix insufficient buffer size for --list-sigs that caused a + failure when listing a database containing one or more very long + signatures. This fix was backported from 0.104. + +------------------------------------------------------------------- Old: ---- clamav-0.103.4.tar.gz clamav-0.103.4.tar.gz.sig New: ---- clamav-0.103.5.tar.gz clamav-0.103.5.tar.gz.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ clamav.spec ++++++ --- /var/tmp/diff_new_pack.GjOMJi/_old 2022-01-16 23:19:30.054384441 +0100 +++ /var/tmp/diff_new_pack.GjOMJi/_new 2022-01-16 23:19:30.062384445 +0100 @@ -19,7 +19,7 @@ %bcond_with clammspack %bcond_with valgrind Name: clamav -Version: 0.103.4 +Version: 0.103.5 Release: 0 Summary: Antivirus Toolkit License: GPL-2.0-only ++++++ clamav-0.103.4.tar.gz -> clamav-0.103.5.tar.gz ++++++ /work/SRC/openSUSE:Factory/clamav/clamav-0.103.4.tar.gz /work/SRC/openSUSE:Factory/.clamav.new.1892/clamav-0.103.5.tar.gz differ: char 5, line 1
