Hello community, here is the log from the commit of package clamav for openSUSE:Factory checked in at 2019-09-09 23:59:38 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/clamav (Old) and /work/SRC/openSUSE:Factory/.clamav.new.7948 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "clamav" Mon Sep 9 23:59:38 2019 rev:99 rq:729457 version:0.101.4 Changes: -------- --- /work/SRC/openSUSE:Factory/clamav/clamav.changes 2019-08-09 16:54:14.505456365 +0200 +++ /work/SRC/openSUSE:Factory/.clamav.new.7948/clamav.changes 2019-09-09 23:59:41.697222794 +0200 @@ -1,0 +2,11 @@ +Wed Sep 4 19:12:01 UTC 2019 - Andreas Stieger <andreas.stie...@gmx.de> + +- update to 0.101.4: + * CVE-2019-12900: An out of bounds write in the NSIS bzip2 + (boo#1149458) + * CVE-2019-12625: Introduce a configurable time limit to mitigate + zip bomb vulnerability completely. Default is 2 minutes, + configurable useing the clamscan --max-scantime and for clamd + using the MaxScanTime config option (boo#1144504) + +------------------------------------------------------------------- Old: ---- clamav-0.101.3.tar.gz clamav-0.101.3.tar.gz.sig New: ---- clamav-0.101.4.tar.gz clamav-0.101.4.tar.gz.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ clamav.spec ++++++ --- /var/tmp/diff_new_pack.XALD63/_old 2019-09-09 23:59:42.853222716 +0200 +++ /var/tmp/diff_new_pack.XALD63/_new 2019-09-09 23:59:42.857222715 +0200 @@ -20,7 +20,7 @@ %define clamav_check --enable-check Name: clamav -Version: 0.101.3 +Version: 0.101.4 Release: 0 Summary: Antivirus Toolkit License: GPL-2.0-only ++++++ clamav-0.101.3.tar.gz -> clamav-0.101.4.tar.gz ++++++ /work/SRC/openSUSE:Factory/clamav/clamav-0.101.3.tar.gz /work/SRC/openSUSE:Factory/.clamav.new.7948/clamav-0.101.4.tar.gz differ: char 5, line 1 ++++++ clamav-disable-timestamps.patch ++++++ --- /var/tmp/diff_new_pack.XALD63/_old 2019-09-09 23:59:42.897222713 +0200 +++ /var/tmp/diff_new_pack.XALD63/_new 2019-09-09 23:59:42.897222713 +0200 @@ -1,3 +1,5 @@ +Index: libclamav/tomsfastmath/misc/fp_ident.c +=================================================================== --- libclamav/tomsfastmath/misc/fp_ident.c.orig +++ libclamav/tomsfastmath/misc/fp_ident.c @@ -15,7 +15,11 @@ const char *fp_ident(void) @@ -25,9 +27,11 @@ if (sizeof(fp_digit) == sizeof(fp_word)) { strncat(buf, "WARNING: sizeof(fp_digit) == sizeof(fp_word), this build is likely to not work properly.\n", +Index: configure +=================================================================== --- configure.orig +++ configure -@@ -812,6 +812,7 @@ FGREP +@@ -814,6 +814,7 @@ FGREP SED LIBTOOL LIBCLAMAV_VERSION @@ -35,7 +39,7 @@ EGREP GREP CPP -@@ -922,6 +923,7 @@ ac_user_opts=' +@@ -924,6 +925,7 @@ ac_user_opts=' enable_option_checking enable_dependency_tracking enable_silent_rules @@ -43,7 +47,7 @@ enable_static enable_shared with_pic -@@ -1641,6 +1643,8 @@ Optional Features: +@@ -1644,6 +1646,8 @@ Optional Features: --enable-silent-rules less verbose build output (undo: "make V=1") --disable-silent-rules verbose build output (undo: "make V=0") --enable-static[=PKGS] build static libraries [default=no] @@ -52,7 +56,7 @@ --enable-shared[=PKGS] build shared libraries [default=yes] --enable-fast-install[=PKGS] optimize for fast installation [default=yes] -@@ -5923,6 +5927,26 @@ $as_echo "$ac_cv_safe_to_define___extens +@@ -5927,6 +5931,26 @@ $as_echo "$ac_cv_safe_to_define___extens $as_echo "#define _TANDEM_SOURCE 1" >>confdefs.h @@ -78,4 +82,4 @@ +_ACEOF - VERSION="0.101.3" + VERSION="0.101.4"