commit clamav for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package clamav for openSUSE:Factory checked
in at 2024-07-29 21:52:52
Comparing /work/SRC/openSUSE:Factory/clamav (Old)
and /work/SRC/openSUSE:Factory/.clamav.new.1882 (New)
Package is "clamav"
Mon Jul 29 21:52:52 2024 rev:126 rq:1190182 version:1.3.1
Changes:
--- /work/SRC/openSUSE:Factory/clamav/clamav.changes2024-07-02
18:17:42.686189302 +0200
+++ /work/SRC/openSUSE:Factory/.clamav.new.1882/clamav.changes 2024-07-29
21:53:49.180198578 +0200
@@ -1,0 +2,5 @@
+Mon Jul 29 07:03:44 UTC 2024 - Bernhard Wiedemann
+
+- Add upstream 1305.patch to fix tests (boo#1102840,
https://github.com/Cisco-Talos/clamav/issues/1300)
+
+---
New:
1305.patch
BETA DEBUG BEGIN:
New:
- Add upstream 1305.patch to fix tests (boo#1102840,
https://github.com/Cisco-Talos/clamav/issues/1300)
BETA DEBUG END:
Other differences:
--
++ clamav.spec ++
--- /var/tmp/diff_new_pack.4wMQBy/_old 2024-07-29 21:53:50.180239075 +0200
+++ /var/tmp/diff_new_pack.4wMQBy/_new 2024-07-29 21:53:50.184239236 +0200
@@ -55,12 +55,15 @@
Patch12:clamav-fips.patch
Patch14:clamav-document-maxsize.patch
Patch15:clamav-format.patch
+Patch16:https://github.com/Cisco-Talos/clamav/pull/1305.patch
ExcludeArch:%{arml}
BuildRequires: cargo%{?vrust}
BuildRequires: cmake%{?vcmake}
BuildRequires: gcc%{?vgcc}
BuildRequires: gcc%{?vgcc}-c++
+# temp for Patch16
+BuildRequires: git-core
BuildRequires: libbz2-devel
BuildRequires: libjson-c-devel
BuildRequires: libopenssl-devel >= 1.0.2
@@ -184,6 +187,7 @@
%patch -P 12
%patch -P 14
%patch -P 15
+git apply %{PATCH16}
chmod -x docs/html/images/flamegraph.svg
%build
++ 1305.patch ++
2256 lines (skipped)
commit clamav for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package clamav for openSUSE:Factory checked in at 2024-07-02 18:17:36 Comparing /work/SRC/openSUSE:Factory/clamav (Old) and /work/SRC/openSUSE:Factory/.clamav.new.18349 (New) Package is "clamav" Tue Jul 2 18:17:36 2024 rev:125 rq:1184343 version:1.3.1 Changes: --- /work/SRC/openSUSE:Factory/clamav/clamav.changes2024-02-26 19:49:21.898528909 +0100 +++ /work/SRC/openSUSE:Factory/.clamav.new.18349/clamav.changes 2024-07-02 18:17:42.686189302 +0200 @@ -1,0 +2,96 @@ +Mon Apr 22 15:30:18 UTC 2024 - Reinhard Max + +- New Version: 1.3.1: + * CVE-2024-20380: Fixed a possible crash in the HTML file parser +that could cause a denial-of-service (DoS) condition. + * Updated select Rust dependencies to the latest versions. + * Fixed a bug causing some text to be truncated when converting +from UTF-16. + * Fixed assorted complaints identified by Coverity static +analysis. + * Fixed a bug causing CVDs downloaded by the DatabaseCustomURL +Freshclam config option to be pruned and then re-downloaded +with every update. + * Added the new 'valhalla' database name to the list of optional +databases in preparation for future work. + +--- +Fri Mar 15 13:52:57 UTC 2024 - Reinhard Max + +- New version: 1.3.0: + * Added support for extracting and scanning attachments found in +Microsoft OneNote section files. OneNote parsing will be +enabled by default, but may be optionally disabled. + * Added file type recognition for compiled Python (`.pyc`) files. + * Improved support for decrypting PDFs with empty passwords. + * Fixed a warning when scanning some HTML files. + * ClamOnAcc: Fixed an infinite loop when a watched directory +does not exist. + * ClamOnAcc: Fixed an infinite loop when a file has been deleted +before a scan. +- New version: 1.2.0: + * Added support for extracting Universal Disk Format (UDF) +partitions. + * Added an option to customize the size of ClamAV's clean file +cache. + * Raised the MaxScanSize limit so the total amount of data +scanned when scanning a file or archive may exceed 4 gigabytes. + * Added ability for Freshclam to use a client certificate PEM +file and a private key PEM file for authentication to a private +mirror. + * Fix an issue extracting files from ISO9660 partitions where the +files are listed in the plain ISO tree and there also exists an +empty Joliet tree. + * PID and socket are now located under /run/clamav/clamd.pid and +/run/clamav/clamd.sock . + * bsc#1211594: Fixed an issue where ClamAV does not abort the +signature load process after partially loading an invalid +signature. +- New version 1.1.0: + * https://blog.clamav.net/2023/05/clamav-110-released.html + * Added the ability to extract images embedded in HTML CSS +
commit clamav for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package clamav for openSUSE:Factory checked in at 2023-11-02 20:23:16 Comparing /work/SRC/openSUSE:Factory/clamav (Old) and /work/SRC/openSUSE:Factory/.clamav.new.17445 (New) Package is "clamav" Thu Nov 2 20:23:16 2023 rev:123 rq:1122919 version:0.103.11 Changes: --- /work/SRC/openSUSE:Factory/clamav/clamav.changes2023-10-26 17:16:10.088123303 +0200 +++ /work/SRC/openSUSE:Factory/.clamav.new.17445/clamav.changes 2023-11-02 20:23:45.900902705 +0100 @@ -10,0 +11 @@ +(bsc#1216625, CVE-2023-40477) Other differences: --
commit clamav for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package clamav for openSUSE:Factory checked
in at 2023-10-26 17:15:20
Comparing /work/SRC/openSUSE:Factory/clamav (Old)
and /work/SRC/openSUSE:Factory/.clamav.new.24901 (New)
Package is "clamav"
Thu Oct 26 17:15:20 2023 rev:122 rq:1120590 version:0.103.11
Changes:
--- /work/SRC/openSUSE:Factory/clamav/clamav.changes2023-08-28
17:13:29.768946884 +0200
+++ /work/SRC/openSUSE:Factory/.clamav.new.24901/clamav.changes 2023-10-26
17:16:10.088123303 +0200
@@ -1,0 +2,11 @@
+Wed Oct 25 18:38:13 UTC 2023 - Arjen de Korte
+
+- Update to 0.103.11
+ * Upgrade the bundled UnRAR library (libclamunrar) to version 6.2.12.
+ * Windows: libjson-c 0.17 compatibility fix. with ssize_t type definition.
+ * Windows: Update build system to use OpenSSL 3 and PThreads-Win32 v3.
+
+- Update to 0.103.10
+ * Upgrade the bundled UnRAR library (libclamunrar) to version 6.2.10.
+
+---
Old:
clamav-0.103.9.tar.gz
clamav-0.103.9.tar.gz.sig
New:
clamav-0.103.11.tar.gz
clamav-0.103.11.tar.gz.sig
Other differences:
--
++ clamav.spec ++
--- /var/tmp/diff_new_pack.8ZeInT/_old 2023-10-26 17:16:10.768148278 +0200
+++ /var/tmp/diff_new_pack.8ZeInT/_new 2023-10-26 17:16:10.768148278 +0200
@@ -19,7 +19,7 @@
%bcond_withclammspack
%bcond_withvalgrind
Name: clamav
-Version:0.103.9
+Version:0.103.11
Release:0
Summary:Antivirus Toolkit
License:GPL-2.0-only
@@ -168,7 +168,7 @@
CFLAGS="-fstack-protector"
CXXFLAGS="-fstack-protector"
export CFLAGS="%optflags $CFLAGS -fPIE -fno-strict-aliasing"
-export CXXFLAGS="%optflags $CXXFLAGS -fPIE -fno-strict-aliasing -std=gnu++98"
+export CXXFLAGS="%optflags $CXXFLAGS -fPIE -fno-strict-aliasing"
export LDFLAGS="-pie"
%if "%{_lib}" == "lib64"
# tomsfastmath needs this for correct operation on 64-bit platforms
++ clamav-0.103.9.tar.gz -> clamav-0.103.11.tar.gz ++
/work/SRC/openSUSE:Factory/clamav/clamav-0.103.9.tar.gz
/work/SRC/openSUSE:Factory/.clamav.new.24901/clamav-0.103.11.tar.gz differ:
char 5, line 1
commit clamav for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package clamav for openSUSE:Factory checked in at 2023-08-28 17:13:25 Comparing /work/SRC/openSUSE:Factory/clamav (Old) and /work/SRC/openSUSE:Factory/.clamav.new.1766 (New) Package is "clamav" Mon Aug 28 17:13:25 2023 rev:121 rq:1105919 version:0.103.9 Changes: --- /work/SRC/openSUSE:Factory/clamav/clamav.changes2023-02-16 16:57:14.904301690 +0100 +++ /work/SRC/openSUSE:Factory/.clamav.new.1766/clamav.changes 2023-08-28 17:13:29.768946884 +0200 @@ -1,0 +2,15 @@ +Fri Aug 18 14:03:06 UTC 2023 - Reinhard Max + +- Renew clamav.keyring . + +--- +Wed Aug 16 17:32:03 UTC 2023 - Arjen de Korte + +- Update to 0.103.9 + * CVE-2023-20197: Fixed a possible denial of service vulnerability in +the HFS+ file parser. This issue affects versions 1.1.0, 1.0.1 through +1.0.0, 0.105.2 through 0.105.0, 0.104.4 through 0.104.0, and 0.103.8 +through 0.103.0. (boo#1214342) + * Fixed compiler warnings that may turn into errors in Clang 16. + +--- Old: clamav-0.103.8.tar.gz clamav-0.103.8.tar.gz.sig New: clamav-0.103.9.tar.gz clamav-0.103.9.tar.gz.sig Other differences: -- ++ clamav.spec ++ --- /var/tmp/diff_new_pack.LkflQk/_old 2023-08-28 17:13:32.013027468 +0200 +++ /var/tmp/diff_new_pack.LkflQk/_new 2023-08-28 17:13:32.017027612 +0200 @@ -19,7 +19,7 @@ %bcond_withclammspack %bcond_withvalgrind Name: clamav -Version:0.103.8 +Version:0.103.9 Release:0 Summary:Antivirus Toolkit License:GPL-2.0-only @@ -33,6 +33,7 @@ Source8:service.freshclam Source9:service.clamav-milter Source10: timer.freshclam +# w3m https://www.clamav.net/downloads | sed -n '/-BEGIN /,/-END /p' Source11: clamav.keyring Source65: system-user-vscan.conf Patch1: clamav-conf.patch ++ clamav-0.103.8.tar.gz -> clamav-0.103.9.tar.gz ++ /work/SRC/openSUSE:Factory/clamav/clamav-0.103.8.tar.gz /work/SRC/openSUSE:Factory/.clamav.new.1766/clamav-0.103.9.tar.gz differ: char 5, line 1 ++ clamav.keyring ++ --- /var/tmp/diff_new_pack.LkflQk/_old 2023-08-28 17:13:32.101030628 +0200 +++ /var/tmp/diff_new_pack.LkflQk/_new 2023-08-28 17:13:32.113031059 +0200 @@ -1,65 +1,64 @@ -BEGIN PGP PUBLIC KEY BLOCK- -mQINBGBjkiwBEADgJTEabt5zCareK9pJJswGU62smrq3uOaaDhtgztj3bxRY/UGT -jypxMee1S/fGWQZQy52lFOXLud5gFC5QU8Yk+7EAsh2ZJSKtWUw8/iMxZ4vsrKVV -QQRLTqMUY16R6/8UzdIT/hD6CbgWgiXF4NH5AGleNqjkF4TXrGof0AK0veekZYJV -WWStqJR/cIiG0nxDQ87RWfeZgrULZmA8uii22po7rGGzxT0byb83dKK+7IoJ/6B/ -ZlI0PmzuJ9/Xp6Mmm//sdPEqRwedt2aGrvtdF79xYJ1tDhOVMpID0aPdURBwlliq -fyKGaIUEa1ke+Dy7sQF8i3zY7ce6PZOtbsts9xsJLvF98VhRsFy0vProPv1mVbiU -PoxxPTnyLeGUm27amIMl4NfX4a8Hdu+ExzKprqWo3Ir08HQzNt6QoFghDIpi9nm4 -k327CJzJv/g2dq5kY/KU6wFHbdH3zP7u+p9DDqKJYFebPCvwM1hMxPdLqemTsfob -kJ4iXcAXjpMqwXX9m0lyQcRHdIdc99yyCUMdPNfapLgY7rOahsS16795/5KSrCuF -h2RcoAWUjh6sGjgGIY4Hy1qQwp3t6X/L6TOhDkBDWId5bTKFR9NqrVprOVsUutbs -0TOqLyH4GXCpE9vzg8DX7FTdRiCTpbyQ7VuSxRN/vAyVRP4chrABNfvh/QARAQAB +mQINBGQPO58BEACsF0vtWepeSZRklvCG170RKuZL+9aH8U3zVVtQgDlmcboVRiFf ++fgraQCRVh8cbRM76mqqGoMT0BlwZ1OfrzpZcrNUg5uAgok51P7SoCy3zummnv4M +TadwDLEHNf/38HSnrJe196IiwMEtyuKMGDfzyjQnr357Owem+7FgT2/sU7XwWD2B ++tn/yhbw+HpJuUjdmxmEqJr/4okRSj9OSWV+EFhS9owMNK8zntwHkJzmv4ctS1Ak +Zryh/J3jEnPqzSJDsH729XzKpG4BxCxnybP5WuMsJuNvSlVhVko1PaSi84Dy003w +WoQIgtQHNm6i8CcetrpNCULELTU8sViwdBQXIlGjCa3N+dq1ZOErasp4QzlCVOus +iOkm1KltvbJWPfVDW0A0Z4mP19YRlQTc0jn4w9R5ROmwcLf6Co8nBD2AV8MFjVJA +E21Mfj6LfksplmYg/DEa4kCe8KYPSATq6LFSf+o96fkmnsZovOi6zZ6RtV9l4Aya +pkcvk9iO2cvJMDYJ6iA2dC8EHC2m1tt1Rs2abJqOmsUJATo7MUpK7MD7NyhVvkjJ +j5QRES25uV4OY9ck091GB+XXAf3gGf3Pi2jop1gauGoxyBqLT4SkwqsnsrFF8eEh +A8UdBmo4K6MWFaxw6JsBPpIM63Qe848RzlQRanxS2n50ZZwMLIJrI2MEFQARAQAB tDtUYWxvcyAoVGFsb3MsIENpc2NvIFN5c3RlbXMgSW5jLikgPHJlc2VhcmNoQHNv -dXJjZWZpcmUuY29tPokCPgQTAQIAKAUCYGOSLAIbAwUJA8JnAAYLCQgHAwIGFQgC -CQoLBBYCAwECHgECF4AACgkQYJsCTys+3QfbLg//eZ0yCLr957FtztVlLIHYLpJn -LIl8m+hu3KeUTIwvMoCLiw48cWqFZaJS9PTmrraSj5SKMDnAYFl4O0fhHfQiWDjb -sZ32hQni1PcqxoXqSnkXD7mXjcPH2WuNnQM5WZoAD2VmksqRT57I/K2omW/sjaVe -Nbq3GSOy8WThibswxzioDHtTPFa0/Ah2qq8OkcVJuTwCS1xkLijJc3jx/pOBHWFA -BA4VX5pwcSou/woJ+ySsgBGEo5hOsd0r7h3a0O8EiuGulHTqQt87rVWGv0JKhnub -FULr/ld8+d1zGvJL3OzFG6udjWjw3QqsLDZa94G1ksZWgqr/RgexlSYuxPW+lKUC -QkgotLaEKQC4cpBLRcJEjWyrf4IjoJvkFrUtPsVH9VStICUQATyXARNVWbnJHq3Y -qynCXSB4NZvdo9BF6Tx3FA+ZUjK4/X/UsjL/Hmv99huBctQsWL7gQCoSw9YOt4qs -/As6fgPaNpYb9woJqNMEQNmrhfnnX9PGaM5dM769/E5vF67mkhBNqVJ0+4gyrpTU -T7Pmavrc3T4aSSde8eG6zSlmW8wM5xELfK5TeTexBKGAaDV8c2BkfenRO8OvBSvr -Gz+Xp/YzO9uGUP
commit clamav for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package clamav for openSUSE:Factory checked
in at 2023-02-16 16:57:09
Comparing /work/SRC/openSUSE:Factory/clamav (Old)
and /work/SRC/openSUSE:Factory/.clamav.new.22824 (New)
Package is "clamav"
Thu Feb 16 16:57:09 2023 rev:120 rq:1066149 version:0.103.8
Changes:
--- /work/SRC/openSUSE:Factory/clamav/clamav.changes2022-08-09
15:28:11.765598393 +0200
+++ /work/SRC/openSUSE:Factory/.clamav.new.22824/clamav.changes 2023-02-16
16:57:14.904301690 +0100
@@ -1,0 +2,14 @@
+Wed Feb 15 17:26:43 UTC 2023 - Arjen de Korte
+
+- Update to 0.103.8
+ * CVE-2023-20032: Fixed a possible remote code execution vulnerability
+in the HFS+ file parser. Issue affects versions 1.0.0 and earlier,
+0.105.1 and earlier, and 0.103.7 and earlier. (bsc#1208363)
+ * CVE-2023-20052: Fixed a possible remote information leak
+vulnerability in the DMG file parser. Issue affects versions 1.0.0
+and earlier, 0.105.1 and earlier, and 0.103.7 and earlier.
+(bsc#1208365)
+ * Update vendored libmspack library to version 0.11alpha.
+- Package huge .html documentation in a separate subpackage.
+
+---
Old:
clamav-0.103.7.tar.gz
clamav-0.103.7.tar.gz.sig
New:
clamav-0.103.8.tar.gz
clamav-0.103.8.tar.gz.sig
Other differences:
--
++ clamav.spec ++
--- /var/tmp/diff_new_pack.acqbLL/_old 2023-02-16 16:57:15.752305378 +0100
+++ /var/tmp/diff_new_pack.acqbLL/_new 2023-02-16 16:57:15.756305395 +0100
@@ -1,7 +1,7 @@
#
# spec file for package clamav
#
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -19,7 +19,7 @@
%bcond_withclammspack
%bcond_withvalgrind
Name: clamav
-Version:0.103.7
+Version:0.103.8
Release:0
Summary:Antivirus Toolkit
License:GPL-2.0-only
@@ -90,6 +90,15 @@
support, archive support, and multiple signature languages for
detecting threats.
+%package docs-html
+Summary:Documentation for ClamAV in HTML format
+Group: Productivity/Security
+Requires: %{name} = %{version}
+BuildArch: noarch
+
+%description docs-html
+Optional HTML documentation for ClamAV antivirus engine
+
%package milter
Summary:ClamAV Milter compatible mail scanner
Group: Productivity/Security
@@ -148,6 +157,7 @@
%patch6
%patch12
%patch14 -p1
+chmod -x docs/html/images/flamegraph.svg
%build
%if 0%{?suse_version} <= 1500
@@ -272,7 +282,6 @@
%files
%license COPYING*
-%doc docs/html/*
%config(noreplace) %{_sysconfdir}/clamd.conf
%config(noreplace) %{_sysconfdir}/freshclam.conf
%{_bindir}/clamav-config
@@ -311,6 +320,9 @@
%endif
%ghost %attr(755,vscan,vscan) /run/clamav
+%files docs-html
+%doc docs/html/*
+
%files milter
%config(noreplace) %{_sysconfdir}/clamav-milter.conf
%{_unitdir}/clamav-milter.service
++ clamav-0.103.7.tar.gz -> clamav-0.103.8.tar.gz ++
/work/SRC/openSUSE:Factory/clamav/clamav-0.103.7.tar.gz
/work/SRC/openSUSE:Factory/.clamav.new.22824/clamav-0.103.8.tar.gz differ: char
5, line 1
++ clamav-rpmlintrc ++
--- /var/tmp/diff_new_pack.acqbLL/_old 2023-02-16 16:57:15.856305830 +0100
+++ /var/tmp/diff_new_pack.acqbLL/_new 2023-02-16 16:57:15.860305847 +0100
@@ -1,5 +1,5 @@
-addFilter("non-standard-uid.*")
-addFilter("devel-file-in-non-devel-package.*")
addFilter("obsolete-not-provided")
addFilter("systemd-service-without-service_.* freshclam.service")
+addFilter("missing-call-to-setgroups-before-setuid /usr/bin/clamscan")
+addFilter("files-duplicated-waste")
commit clamav for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package clamav for openSUSE:Factory checked in at 2022-08-09 15:27:30 Comparing /work/SRC/openSUSE:Factory/clamav (Old) and /work/SRC/openSUSE:Factory/.clamav.new.1521 (New) Package is "clamav" Tue Aug 9 15:27:30 2022 rev:119 rq:993801 version:0.103.7 Changes: --- /work/SRC/openSUSE:Factory/clamav/clamav.changes2022-05-06 19:00:19.669421367 +0200 +++ /work/SRC/openSUSE:Factory/.clamav.new.1521/clamav.changes 2022-08-09 15:28:11.765598393 +0200 @@ -1,0 +2,10 @@ +Fri Aug 5 06:42:21 UTC 2022 - ecsos + +- Update to 0.103.7 + - Zip parser: tolerate 2-byte overlap in file entries + - Fix bug with logical signature Intermediates feature + - Update to UnRAR v6.1.7 + - Patch UnRAR: allow skipping files in solid archives + - Patch UnRAR: limit dict winsize to 1GB + +--- Old: clamav-0.103.6.tar.gz clamav-0.103.6.tar.gz.sig New: clamav-0.103.7.tar.gz clamav-0.103.7.tar.gz.sig Other differences: -- ++ clamav.spec ++ --- /var/tmp/diff_new_pack.kpEgoI/_old 2022-08-09 15:28:12.625600851 +0200 +++ /var/tmp/diff_new_pack.kpEgoI/_new 2022-08-09 15:28:12.629600862 +0200 @@ -19,7 +19,7 @@ %bcond_withclammspack %bcond_withvalgrind Name: clamav -Version:0.103.6 +Version:0.103.7 Release:0 Summary:Antivirus Toolkit License:GPL-2.0-only ++ clamav-0.103.6.tar.gz -> clamav-0.103.7.tar.gz ++ /work/SRC/openSUSE:Factory/clamav/clamav-0.103.6.tar.gz /work/SRC/openSUSE:Factory/.clamav.new.1521/clamav-0.103.7.tar.gz differ: char 5, line 1
commit clamav for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package clamav for openSUSE:Factory checked in at 2022-05-06 18:59:55 Comparing /work/SRC/openSUSE:Factory/clamav (Old) and /work/SRC/openSUSE:Factory/.clamav.new.1538 (New) Package is "clamav" Fri May 6 18:59:55 2022 rev:118 rq:975373 version:0.103.6 Changes: --- /work/SRC/openSUSE:Factory/clamav/clamav.changes2022-04-20 16:57:13.598617255 +0200 +++ /work/SRC/openSUSE:Factory/.clamav.new.1538/clamav.changes 2022-05-06 19:00:19.669421367 +0200 @@ -1,0 +2,34 @@ +Thu May 5 15:50:42 UTC 2022 - Arjen de Korte + +- Update to 0.103.6 + * CVE-2022-20770: Fixed a possible infinite loop vulnerability in the CHM +file parser. Issue affects versions 0.104.0 through 0.104.2 and LTS +version 0.103.5 and prior versions. (boo#1199242) + * CVE-2022-20796: Fixed a possible NULL-pointer dereference crash in the +scan verdict cache check. Issue affects versions 0.103.4, 0.103.5, +0.104.1, and 0.104.2. (boo#1199246) + * CVE-2022-20771: Fixed a possible infinite loop vulnerability in the +TIFF file parser. Issue affects versions 0.104.0 through 0.104.2 and +LTS version 0.103.5 and prior versions. The issue only occurs if the +"--alert-broken-media" ClamScan option is enabled. For ClamD, the +affected option is "AlertBrokenMedia yes", and for libclamav it is the +"CL_SCAN_HEURISTIC_BROKEN_MEDIA" scan option. (boo#1199244) + * CVE-2022-20785: Fixed a possible memory leak in the HTML file parser / +Javascript normalizer. Issue affects versions 0.104.0 through 0.104.2 +and LTS version 0.103.5 and prior versions. (boo#1199245) + * CVE-2022-20792: Fixed a possible multi-byte heap buffer overflow write +vulnerability in the signature database load module. The fix was to +update the vendored regex library to the latest version. Issue affects +versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior +versions. (boo#1199274) + * ClamOnAcc: Fixed a number of assorted stability issues and added +niceties for debugging ClamOnAcc. + * Fixed an issue causing byte-compare subsignatures to cause an alert +when they match even if other conditions of the given logical +signatures were not met. + * Fix memleak when using multiple byte-compare subsignatures. This fix +was backported from 0.104.0. + * Assorted bug fixes and improvements. +- Remove upstreamed clamav-ck_assert_msg.patch + +--- Old: clamav-0.103.5.tar.gz clamav-0.103.5.tar.gz.sig clamav-ck_assert_msg.patch New: clamav-0.103.6.tar.gz clamav-0.103.6.tar.gz.sig Other differences: -- ++ clamav.spec ++ --- /var/tmp/diff_new_pack.pLXLEN/_old 2022-05-06 19:00:20.549422329 +0200 +++ /var/tmp/diff_new_pack.pLXLEN/_new 2022-05-06 19:00:20.557422338 +0200 @@ -19,7 +19,7 @@ %bcond_withclammspack %bcond_withvalgrind Name: clamav -Version:0.103.5 +Version:0.103.6 Release:0 Summary:Antivirus Toolkit License:GPL-2.0-only @@ -39,7 +39,6 @@ Patch5: clamav-obsolete-config.patch Patch6: clamav-disable-yara.patch Patch12:clamav-fips.patch -Patch13:clamav-ck_assert_msg.patch Patch14:clamav-document-maxsize.patch BuildRequires: autoconf @@ -148,7 +147,6 @@ %patch5 %patch6 %patch12 -%patch13 -p1 %patch14 -p1 %build ++ clamav-0.103.5.tar.gz -> clamav-0.103.6.tar.gz ++ /work/SRC/openSUSE:Factory/clamav/clamav-0.103.5.tar.gz /work/SRC/openSUSE:Factory/.clamav.new.1538/clamav-0.103.6.tar.gz differ: char 5, line 1
commit clamav for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package clamav for openSUSE:Factory checked
in at 2022-04-20 16:56:41
Comparing /work/SRC/openSUSE:Factory/clamav (Old)
and /work/SRC/openSUSE:Factory/.clamav.new.1941 (New)
Package is "clamav"
Wed Apr 20 16:56:41 2022 rev:117 rq:970848 version:0.103.5
Changes:
--- /work/SRC/openSUSE:Factory/clamav/clamav.changes2022-01-16
23:19:29.334384087 +0100
+++ /work/SRC/openSUSE:Factory/.clamav.new.1941/clamav.changes 2022-04-20
16:57:13.598617255 +0200
@@ -1,0 +2,5 @@
+Tue Apr 12 13:56:37 UTC 2022 - Marcus Meissner
+
+- https source urls
+
+---
Other differences:
--
++ clamav.spec ++
--- /var/tmp/diff_new_pack.QGBF7y/_old 2022-04-20 16:57:14.314617924 +0200
+++ /var/tmp/diff_new_pack.QGBF7y/_new 2022-04-20 16:57:14.318617927 +0200
@@ -1,7 +1,7 @@
#
# spec file for package clamav
#
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -24,9 +24,9 @@
Summary:Antivirus Toolkit
License:GPL-2.0-only
Group: Productivity/Security
-URL:http://www.clamav.net
-Source0:
http://www.clamav.net/downloads/production/%{name}-%{version}.tar.gz
-Source1:
http://www.clamav.net/downloads/production/%{name}-%{version}.tar.gz.sig
+URL:https://www.clamav.net
+Source0:
https://www.clamav.net/downloads/production/%{name}-%{version}.tar.gz
+Source1:
https://www.clamav.net/downloads/production/%{name}-%{version}.tar.gz.sig
Source4:clamav-rpmlintrc
Source6:clamav-tmpfiles.conf
Source7:service.clamd
commit clamav for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package clamav for openSUSE:Factory checked in at 2022-01-16 23:18:32 Comparing /work/SRC/openSUSE:Factory/clamav (Old) and /work/SRC/openSUSE:Factory/.clamav.new.1892 (New) Package is "clamav" Sun Jan 16 23:18:32 2022 rev:116 rq:946798 version:0.103.5 Changes: --- /work/SRC/openSUSE:Factory/clamav/clamav.changes2021-11-05 22:58:26.832275340 +0100 +++ /work/SRC/openSUSE:Factory/.clamav.new.1892/clamav.changes 2022-01-16 23:19:29.334384087 +0100 @@ -1,0 +2,24 @@ +Wed Jan 12 21:04:58 UTC 2022 - Arjen de Korte + +- Update to 0.103.5 + * CVE-2022-20698: Fix for invalid pointer read that may cause a crash. +This issue affects 0.104.1, 0.103.4 and prior when ClamAV is compiled +with libjson-c and the CL_SCAN_GENERAL_COLLECT_METADATA scan option +(the clamscan --gen-json option) is enabled. + * Fixed ability to disable the file size limit with libclamav C API, +like this: + + cl_engine_set_num(engine, CL_ENGINE_MAX_FILESIZE, 0); + +This issue didn't affect ClamD or ClamScan which also can disable the +limit by setting it to zero using MaxFileSize 0 in clamd.conf for ClamD, +or clamscan --max-filesize=0 for ClamScan. +Note: Internally, the max file size is still set to 2 GiB. Disabling the +limit for a scan will fall back on the internal 2 GiB limitation. + * Increased the maximum line length for ClamAV config files from 512 bytes +to 1,024 bytes to allow for longer config option strings. + * SigTool: Fix insufficient buffer size for --list-sigs that caused a +failure when listing a database containing one or more very long +signatures. This fix was backported from 0.104. + +--- Old: clamav-0.103.4.tar.gz clamav-0.103.4.tar.gz.sig New: clamav-0.103.5.tar.gz clamav-0.103.5.tar.gz.sig Other differences: -- ++ clamav.spec ++ --- /var/tmp/diff_new_pack.GjOMJi/_old 2022-01-16 23:19:30.054384441 +0100 +++ /var/tmp/diff_new_pack.GjOMJi/_new 2022-01-16 23:19:30.062384445 +0100 @@ -19,7 +19,7 @@ %bcond_withclammspack %bcond_withvalgrind Name: clamav -Version:0.103.4 +Version:0.103.5 Release:0 Summary:Antivirus Toolkit License:GPL-2.0-only ++ clamav-0.103.4.tar.gz -> clamav-0.103.5.tar.gz ++ /work/SRC/openSUSE:Factory/clamav/clamav-0.103.4.tar.gz /work/SRC/openSUSE:Factory/.clamav.new.1892/clamav-0.103.5.tar.gz differ: char 5, line 1
commit clamav for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package clamav for openSUSE:Factory checked
in at 2021-11-05 22:58:21
Comparing /work/SRC/openSUSE:Factory/clamav (Old)
and /work/SRC/openSUSE:Factory/.clamav.new.1890 (New)
Package is "clamav"
Fri Nov 5 22:58:21 2021 rev:115 rq:929611 version:0.103.4
Changes:
--- /work/SRC/openSUSE:Factory/clamav/clamav.changes2021-11-04
16:42:21.762024511 +0100
+++ /work/SRC/openSUSE:Factory/.clamav.new.1890/clamav.changes 2021-11-05
22:58:26.832275340 +0100
@@ -4 +4 @@
-- Update to 0.103.4
+- bsc#1192346: Update to 0.103.4
@@ -64,0 +65,7 @@
+Wed Jun 30 12:17:30 UTC 2021 - Marcus Meissner
+
+- clamav-document-maxsize.patch: in the "clamscan" and "clamdscan" manpages,
+ document that files over a certain size by default will silently not be
+ scanned and how this can be adjusted (bsc#1187509)
+
+---
@@ -67 +74 @@
-- Update to 0.103.3
+- bsc#1188284: Update to 0.103.3
New:
clamav-document-maxsize.patch
Other differences:
--
++ clamav.spec ++
--- /var/tmp/diff_new_pack.ebHelc/_old 2021-11-05 22:58:28.324276259 +0100
+++ /var/tmp/diff_new_pack.ebHelc/_new 2021-11-05 22:58:28.328276261 +0100
@@ -40,6 +40,8 @@
Patch6: clamav-disable-yara.patch
Patch12:clamav-fips.patch
Patch13:clamav-ck_assert_msg.patch
+Patch14:clamav-document-maxsize.patch
+
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: gcc-c++
@@ -147,6 +149,7 @@
%patch6
%patch12
%patch13 -p1
+%patch14 -p1
%build
%if 0%{?suse_version} <= 1500
++ clamav-document-maxsize.patch ++
Index: clamav-0.103.2/docs/man/clamscan.1.in
===
--- clamav-0.103.2.orig/docs/man/clamscan.1.in
+++ clamav-0.103.2/docs/man/clamscan.1.in
@@ -8,6 +8,18 @@ clamscan [options] [file/directory/\-]
.SH "DESCRIPTION"
.LP
clamscan is a command line anti\-virus scanner.
+.SH "NOTE"
+.LP
+If a file or an archive is larger than the default or configured size (see
\-\-max\-filesize and \-\-max-scansize options) scanning will abort at the
limit, and the file will be marked as "OK".
+.TP
+The archive scan limits are currently set to 25MB or 100MB respectively.
+.TP
+There are more options that limit scanning, please check all the
\-\-max\-something options.
+.TP
+To report files that are exceeding these limits, you need to specify
\-\-alert\-exceeds\-max=yes option. This will then report a
"Heuristics.Limits.Exceeded FOUND" for such files.
+
+.TP
+Please note that such a FOUND message does not imply infection, and your
tooling should be able to handle this.
.SH "OPTIONS"
.LP
Most of the options are simple switches which enable or disable some features.
Options marked with [=yes/no(*)] can be optionally followed by =yes/=no; if
they get called without the boolean argument the scanner will assume 'yes'. The
asterisk marks the default internal setting for a given option.
Index: clamav-0.103.2/docs/man/clamdscan.1.in
===
--- clamav-0.103.2.orig/docs/man/clamdscan.1.in
+++ clamav-0.103.2/docs/man/clamdscan.1.in
@@ -8,6 +8,17 @@ clamdscan [options] [file/directory]
.SH "DESCRIPTION"
.LP
clamdscan is a clamd client which may be used as a clamscan replacement. It
accepts all the options implemented in clamscan but most of them will be
ignored because its scanning abilities only depend on clamd.
+.SH "NOTE"
+.LP
+If a file or an archive is larger than the default or configured size (see
MaxFileSize and MaxScanSize options in clamd.conf) scanning will abort at the
limit, and the file will be marked as "OK".
+.TP
+The archive scan limits are currently set to 25MB or 100MB respectively.
+.TP
+There are more options that limit scanning, please check all the MaxSomething
options in clamd.conf.
+.TP
+To report files that are exceeding these limits, you need to specify
AlertExceedsMax TRUE in clamd.conf. This will then report a
"Heuristics.Limits.Exceeded FOUND" for such files.
+.TP
+Please note that such a FOUND message does not imply infection, and your
tooling should be able to handle this.
.SH "OPTIONS"
.LP
commit clamav for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package clamav for openSUSE:Factory checked in at 2021-11-04 16:42:16 Comparing /work/SRC/openSUSE:Factory/clamav (Old) and /work/SRC/openSUSE:Factory/.clamav.new.1890 (New) Package is "clamav" Thu Nov 4 16:42:16 2021 rev:114 rq:929179 version:0.103.4 Changes: --- /work/SRC/openSUSE:Factory/clamav/clamav.changes2021-06-26 21:25:43.895364579 +0200 +++ /work/SRC/openSUSE:Factory/.clamav.new.1890/clamav.changes 2021-11-04 16:42:21.762024511 +0100 @@ -1,0 +2,63 @@ +Wed Nov 3 20:52:19 UTC 2021 - Arjen de Korte + +- Update to 0.103.4 + * FreshClam: +- Add a 24-hour cool-down for FreshClam clients that have received + an HTTP 403 (Forbidden) response from the CDN. This is to reduce + the volume of 403-response data served to blocked FreshClam + clients that are configured with a tight update-loop. +- Fixed a bug where FreshClam treats an empty CDIFF as an + incremental update failure instead of as an intentional request + to download the whole CVD. + * ClamDScan: Fix a scan error when broken symlinks are encountered on +macOS with "FollowDirectorySymlinks" and "FollowFileSymlinks" +options disabled. + * Overhauled the scan recursion / nested archive extraction logic and +added new limits on embedded file-type recognition performed during +the "raw" scan of each file. This limits embedded file-type +misidentification and prevents detecting embedded file content that +is found/extracted and scanned at other layers in the scanning +process. + * Fix an issue with the FMap module that failed to read from some +nested files. + * Fixed an issue where failing to load some rules from a Yara file +containing multiple rules may cause a crash. + * Fixed assorted compiler warnings. + * Fixed assorted Coverity static code analysis issues. + * Scan limits: +- Added virus-name suffixes to the alerts that trigger when a scan + limit has been exceeded. Rather than simply + Heuristics.Limits.Exceeded, you may now see limit-specific + virus-names, to include: + + Heuristics.Limits.Exceeded.MaxFileSize + + Heuristics.Limits.Exceeded.MaxScanSize + + Heuristics.Limits.Exceeded.MaxFiles + + Heuristics.Limits.Exceeded.MaxRecursion + + Heuristics.Limits.Exceeded.MaxScanTime +- Renamed the Heuristics.Email.ExceedsMax.* alerts to align with + the other limit alerts names. These alerts include: + + Heuristics.Limits.Exceeded.EmailLineFoldcnt + + Heuristics.Limits.Exceeded.EmailHeaderBytes + + Heuristics.Limits.Exceeded.EmailHeaders + + Heuristics.Limits.Exceeded.EmailMIMEPartsPerMessage + + Heuristics.Limits.Exceeded.EmailMIMEArguments +- Fixed an issue where the Email-related scan limits would alert + even when the "AlertExceedsMax" (--alert-exceeds-max) scan option + is not enabled. +- Fixes an issue in the Zip parser where exceeding the "MaxFiles" + limit or the "MaxFileSize" limit would abort the scan but would + fail to alert. The Zip scan limit issues were independently + identified and reported by Aaron Leliaert and Max Allan. + * Fixed a leak in the Email parser when using the --gen-json scan +option. + * Fixed an issue where a failure to record metadata in the Email +parser when using the --gen-json scan option could cause the Email +parser to abort the scan early and fail to extract and scan +additional content. + * Fixed a file name memory leak in the Zip parser. + * Fixed an issue where certain signature patterns may cause a crash or +cause unintended matches on some systems when converting characters +to uppercase if a UTF-8 unicode single-byte grapheme becomes a +multi-byte grapheme. Patch courtesy of Andrea De Pasquale. + +--- Old: clamav-0.103.3.tar.gz clamav-0.103.3.tar.gz.sig New: clamav-0.103.4.tar.gz clamav-0.103.4.tar.gz.sig Other differences: -- ++ clamav.spec ++ --- /var/tmp/diff_new_pack.tM2MV0/_old 2021-11-04 16:42:22.526024550 +0100 +++ /var/tmp/diff_new_pack.tM2MV0/_new 2021-11-04 16:42:22.530024551 +0100 @@ -19,7 +19,7 @@ %bcond_withclammspack %bcond_withvalgrind Name: clamav -Version:0.103.3 +Version:0.103.4 Release:0 Summary:Antivirus Toolkit License:GPL-2.0-only ++ clamav-0.103.3.tar.gz -> clamav-0.103.4.tar.gz ++ /work/SRC/openSUSE:Factory/clamav/clamav-0.103.3.tar.gz /work/SRC/openSUSE:Factory/.clamav.new.1890/clamav-0.103.4.tar.gz differ: char 5, line 1
commit clamav for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package clamav for openSUSE:Factory checked in at 2021-06-26 21:25:26 Comparing /work/SRC/openSUSE:Factory/clamav (Old) and /work/SRC/openSUSE:Factory/.clamav.new.2625 (New) Package is "clamav" Sat Jun 26 21:25:26 2021 rev:113 rq:902389 version:0.103.3 Changes: --- /work/SRC/openSUSE:Factory/clamav/clamav.changes2021-04-10 15:28:57.810490410 +0200 +++ /work/SRC/openSUSE:Factory/.clamav.new.2625/clamav.changes 2021-06-26 21:25:43.895364579 +0200 @@ -1,0 +2,28 @@ +Mon Jun 21 18:44:32 UTC 2021 - Arjen de Korte + +- Update to 0.103.3 + * Fixed a scan performance issue when ENGINE_OPTIONS_FORCE_TO_DISK is +enabled. This issue did not impacted most users but for those +affected it caused every scanned file to be copied to the temp +directory before the scan. + * Fix ClamDScan crashes when using the --fdpass --multiscan +command-line options in combination with the ClamD ExcludePath +config file options. + * Fixed an issue where the mirrors.dat file is owned by root when +starting as root (or with sudo) and using daemon-mode. File +ownership will be set to the DatabaseOwner just before FreshClam +switches to run as that user. + * Renamed the mirrors.dat file to freshclam.dat. + * Disabled the HTTPUserAgent config option if the DatabaseMirror uses +clamav.net. This will prevent users from being inadvertently blocked +and will ensure that we can keep better metrics on which ClamAV +versions are being used. + * Moved the detection for Heuristics.PNG.CVE-2010-1205 behind the +ClamScan --alert-broken-media option (ClamD AlertBrokenMedia yes) +option. This type of PNG issue appears to be common enough to be an +annoyance, and the CVE is old enough that no one should be +vulnerable at this point. + * Fix ClamSubmit failures after changes to Cloudflare "__cfduid" +cookies. See: https://blog.cloudflare.com/deprecating-cfduid-cookie/ + +--- Old: clamav-0.103.2.tar.gz clamav-0.103.2.tar.gz.sig New: clamav-0.103.3.tar.gz clamav-0.103.3.tar.gz.sig Other differences: -- ++ clamav.spec ++ --- /var/tmp/diff_new_pack.thVcVL/_old 2021-06-26 21:25:44.691365630 +0200 +++ /var/tmp/diff_new_pack.thVcVL/_new 2021-06-26 21:25:44.695365635 +0200 @@ -19,7 +19,7 @@ %bcond_withclammspack %bcond_withvalgrind Name: clamav -Version:0.103.2 +Version:0.103.3 Release:0 Summary:Antivirus Toolkit License:GPL-2.0-only ++ clamav-0.103.2.tar.gz -> clamav-0.103.3.tar.gz ++ /work/SRC/openSUSE:Factory/clamav/clamav-0.103.2.tar.gz /work/SRC/openSUSE:Factory/.clamav.new.2625/clamav-0.103.3.tar.gz differ: char 5, line 1
commit clamav for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package clamav for openSUSE:Factory checked
in at 2021-04-10 15:27:51
Comparing /work/SRC/openSUSE:Factory/clamav (Old)
and /work/SRC/openSUSE:Factory/.clamav.new.2401 (New)
Package is "clamav"
Sat Apr 10 15:27:51 2021 rev:112 rq:884035 version:0.103.2
Changes:
--- /work/SRC/openSUSE:Factory/clamav/clamav.changes2021-02-09
21:17:35.098864803 +0100
+++ /work/SRC/openSUSE:Factory/.clamav.new.2401/clamav.changes 2021-04-10
15:28:57.810490410 +0200
@@ -1,0 +2,58 @@
+Fri Apr 9 10:33:04 UTC 2021 - Reinhard Max
+
+- Use a split-provides for clamav-milter instead of recommending it.
+
+---
+Wed Apr 7 20:05:49 UTC 2021 - Arjen de Korte
+
+- Update to 0.103.2
+ * CVE-2021-1252, bsc#1184532: Fix for Excel XLM parser infinite
+loop. Affects 0.103.0 and 0.103.1 only.
+ * CVE-2021-1404, bsc#1184533: Fix for PDF parser buffer over-read;
+possible crash. Affects 0.103.0 and 0.103.1 only.
+ * CVE-2021-1405, bsc#1184534: Fix for mail parser
+NULL-dereference crash. Affects 0.103.1 and prior.
+ * Fix possible memory leak in PNG parser.
+ * Fix ClamOnAcc scan on file-creation race condition so files are
+scanned after their contents are written.
+ * FreshClam: Deprecate the SafeBrowsing config option. The
+SafeBrowsing option will no longer do anything.
+ * For more details, see our blog post from last year about the
+future of the ClamAV Safe Browsing database.
+ * FreshClam: Improved HTTP 304, 403, & 429 handling.
+ * FreshClam: Added back the mirrors.dat file to the database directory.
+ * FreshClam will now exit with a failure in daemon mode if an HTTP 403
+(Forbidden) was received, because retrying later won't help any. The
+FreshClam user will have to take actions to get unblocked.
+ * Fix the FreshClam mirror-sync issue where a downloaded database is
+"older than the version advertised."
+ * bsc#1181256: Fix errors when scanning files > 4G
+- Update package signing key (from https://www.clamav.net/downloads)
+ % clamav.keyring
+
+---
+Thu Feb 25 13:48:51 UTC 2021 - Arjen de Korte
+
+- Package clamav-milter in a subpackage
+- Remove virus signatures upon uninstall
+- Check for database existence before starting clamd
+- Restart clamd when it exits
+
+---
+Tue Feb 9 16:00:25 UTC 2021 - Arjen de Korte
+
+- Don't daemonize freshclam, but use a systemd timer instead to
+ trigger updates
+ + timer.freshclam
+ % service.freshclam
+ % clamav-conf.patch
+- Remove obsolete patch (replaced by SOURCE_DATE_EPOCH)
+ - clamav-disable-timestamps.patch
+- Fix unit test
+ + clamav-ck_assert_msg.patch
+- Cleanup spec
+ * use pkgconfig() to resolve BuildRequires where upstream uses it
+ * rework creating vscan user (new system-user in Tumbleweed)
+ * remove obsolete configure option --disable-zlib-vcheck
+
+---
Old:
clamav-0.103.1.tar.gz
clamav-0.103.1.tar.gz.sig
clamav-disable-timestamps.patch
New:
clamav-0.103.2.tar.gz
clamav-0.103.2.tar.gz.sig
clamav-ck_assert_msg.patch
system-user-vscan.conf
timer.freshclam
Other differences:
--
++ clamav.spec ++
--- /var/tmp/diff_new_pack.wNNHo0/_old 2021-04-10 15:28:58.802491577 +0200
+++ /var/tmp/diff_new_pack.wNNHo0/_new 2021-04-10 15:28:58.806491582 +0200
@@ -16,49 +16,44 @@
#
-%define clamav_check --enable-check
%bcond_with clammspack
+%bcond_withvalgrind
Name: clamav
-Version:0.103.1
+Version:0.103.2
Release:0
Summary:Antivirus Toolkit
License:GPL-2.0-only
Group: Productivity/Security
URL:http://www.clamav.net
-Source0:
http://www.clamav.net/downloads/production/%name-%version.tar.gz
-Source1:
http://www.clamav.net/downloads/production/%name-%version.tar.gz.sig
+Source0:
http://www.clamav.net/downloads/production/%{name}-%{version}.tar.gz
+Source1:
http://www.clamav.net/downloads/production/%{name}-%{version}.tar.gz.sig
Source4:clamav-rpmlintrc
Source6:clamav-tmpfiles.conf
Source7:service.clamd
Source8:service.freshclam
Source9:service.clamav-milter
+Source10: timer.freshclam
Source11: clamav.keyring
+Source65: system-user-vscan.conf
Patch1: clamav-conf.patch
-Patch4: clamav-disable-timestamps.patch
Patch5: clamav-obsolete-config.patch
Patch6: clamav-disable-yara.patch
Patch12:
commit clamav for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package clamav for openSUSE:Factory checked in at 2021-02-09 21:17:31 Comparing /work/SRC/openSUSE:Factory/clamav (Old) and /work/SRC/openSUSE:Factory/.clamav.new.28504 (New) Package is "clamav" Tue Feb 9 21:17:31 2021 rev:111 rq:870558 version:0.103.1 Changes: --- /work/SRC/openSUSE:Factory/clamav/clamav.changes2020-11-13 19:00:41.762223510 +0100 +++ /work/SRC/openSUSE:Factory/.clamav.new.28504/clamav.changes 2021-02-09 21:17:35.098864803 +0100 @@ -1,0 +2,53 @@ +Sat Feb 6 11:20:37 UTC 2021 - Arjen de Korte + +- Update to 0.103.1 + * Added a new scan option to alert on broken media (graphics) file +formats. This feature mitigates the risk of malformed media files +intended to exploit vulnerabilities in other software. At present +media validation exists for JPEG, TIFF, PNG, and GIF files. To +enable this feature, set AlertBrokenMedia yes in clamd.conf, or +use the --alert-broken-media option when using clamscan. These +options are disabled by default in this patch release, but may be +enabled in a subsequent release. Application developers may enable +this scan option by enabling CL_SCAN_HEURISTIC_BROKEN_MEDIA for +the heuristic scan option bit field. + * Added CL_TYPE_TIFF, CL_TYPE_JPEG types to match GIF, PNG typing +behavior. BMP and JPEG 2000 files will continue to detect as +CL_TYPE_GRAPHICS because ClamAV does not yet have BMP or JPEG +2000 format checking capabilities. + * Fixed PNG parser logic bugs that caused an excess of parsing +errors and fixed a stack exhaustion issue affecting some systems +when scanning PNG files. PNG file type detection was disabled via +signature database update for ClamAV version 0.103.0 to mitigate +the effects from these bugs. + * Fixed an issue where PNG and GIF files no longer work with +Target:5 graphics signatures if detected as CL_TYPE_PNG/GIF rather +than as CL_TYPE_GRAPHICS. Target types now support up to 10 +possible file types to make way for additional graphics types in +future releases. + * Fixed clamonacc's --fdpass option. +- Interprocess file descriptor passing for clamonacc was broken + since version 0.102.0 due to a bug introduced by the switch to + curl for communicating with clamd. On Linux, passing file + descriptors from one process to another is handled by the + kernel, so we reverted clamonacc to use standard system calls + for socket communication when fd passing is enabled. + * Fixed a clamonacc stack corruption issue on some systems when +using an older version of libcurl. + * Allow clamscan and clamdscan scans to proceed even if the +realpath lookup failed. This alleviates an issue on Windows +scanning files hosted on file- systems that do not support the +GetMappedFileNameW() API such as on ImDisk RAM-disks. + * Fixed freshclam --on-update-execute=EXIT_1 temporary directory +cleanup issue. + * clamd's log output and VirusEvent now provide the scan target's +file path instead of a file descriptor. The clamd socket API for +submitting a scan by FD-passing doesn't include a file path, this +feature works by looking up the file path by file descriptor. +This feature works on Mac and Linux but is not yet implemented +for other UNIX operating systems. FD-passing is not available for +Windows. + * Fixed an issue where freshclam database validation didn't work +correctly when run in daemon mode on Linux/Unix. + +--- Old: clamav-0.103.0.tar.gz clamav-0.103.0.tar.gz.sig New: clamav-0.103.1.tar.gz clamav-0.103.1.tar.gz.sig Other differences: -- ++ clamav.spec ++ --- /var/tmp/diff_new_pack.ZvoQ0P/_old 2021-02-09 21:17:35.962865819 +0100 +++ /var/tmp/diff_new_pack.ZvoQ0P/_new 2021-02-09 21:17:35.966865824 +0100 @@ -1,7 +1,7 @@ # # spec file for package clamav # -# Copyright (c) 2020 SUSE LLC +# Copyright (c) 2021 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -19,7 +19,7 @@ %define clamav_check --enable-check %bcond_with clammspack Name: clamav -Version:0.103.0 +Version:0.103.1 Release:0 Summary:Antivirus Toolkit License:GPL-2.0-only ++ clamav-0.103.0.tar.gz -> clamav-0.103.1.tar.gz ++ /work/SRC/openSUSE:Factory/clamav/clamav-0.103.0.tar.gz /work/SRC/openSUSE:Factory/.clamav.new.28504/clamav-0.103.1.tar.gz differ: char 5, line 1 ++ clamav-conf.patch ++ ---
[opensuse-commit] commit clamav for openSUSE:Factory
Hello community,
here is the log from the commit of package clamav for openSUSE:Factory checked
in at 2020-11-13 19:00:07
Comparing /work/SRC/openSUSE:Factory/clamav (Old)
and /work/SRC/openSUSE:Factory/.clamav.new.24930 (New)
Package is "clamav"
Fri Nov 13 19:00:07 2020 rev:110 rq:848312 version:0.103.0
Changes:
--- /work/SRC/openSUSE:Factory/clamav/clamav.changes2020-09-21
17:42:01.160833651 +0200
+++ /work/SRC/openSUSE:Factory/.clamav.new.24930/clamav.changes 2020-11-13
19:00:41.762223510 +0100
@@ -1,0 +2,17 @@
+Thu Nov 12 11:02:09 UTC 2020 - Dominique Leuenberger
+
+- Do not hard-depend on systemd: use systemd_ordering instead of
+ systemd_requires.
+
+---
+Tue Nov 10 16:44:57 UTC 2020 - Reinhard Max
+
+- Sync Factory to SLE-15 to implement jsc#ECO-3010 and bsc#1118459.
+- bsc#1119353, clamav-fips.patch: Fix freshclam crash in FIPS mode.
+- Keep OBS from installing an existing clamav instance to scan the
+ sources, because this makes "make check" use the old library
+ instead of the just built one. This is only a workaround until
+ we found a way to keep libtool from adding libdir to rpath and
+ LD_LIBRARY_PATH of the binaries in the testsuite.
+
+---
@@ -115,5 +132,5 @@
- * CVE-2019-15961: A Denial-of-Service (DoS) vulnerability may
-occur when scanning a specially crafted email file as a result
-of excessively long scan times. The issue is resolved by
-implementing several maximums in parsing MIME messages and by
-optimizing use of memory allocation.
+ * CVE-2019-15961, bsc#1157763: A Denial-of-Service (DoS)
+vulnerability may occur when scanning a specially crafted email
+file as a result of excessively long scan times. The issue is
+resolved by implementing several maximums in parsing MIME
+messages and by optimizing use of memory allocation.
New:
clamav-fips.patch
Other differences:
--
++ clamav.spec ++
--- /var/tmp/diff_new_pack.rxA7Nk/_old 2020-11-13 19:00:42.634224596 +0100
+++ /var/tmp/diff_new_pack.rxA7Nk/_new 2020-11-13 19:00:42.638224602 +0100
@@ -37,6 +37,7 @@
Patch4: clamav-disable-timestamps.patch
Patch5: clamav-obsolete-config.patch
Patch6: clamav-disable-yara.patch
+Patch12:clamav-fips.patch
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: bc
@@ -58,6 +59,13 @@
#BuildRequires: valgrind
BuildRequires: zlib-devel
BuildRequires: pkgconfig(libsystemd)
+#
+# Workaround to keep "make check" from using an existing libclamav
+# instead of the just built one. This should rather be fixed
+# by keeping libtool from adding libdir to rpath and LD_LIBRARY_PATH
+# of the test binaries.
+#
+#!BuildIgnore:clamav
Requires(pre): %_bindir/awk
Requires(pre): %_sbindir/groupadd
Requires(pre): %_sbindir/useradd
@@ -67,7 +75,7 @@
Obsoletes: clamav-db < 0.88.3
Provides: clamav-nodb = %version
Obsoletes: clamav-nodb <= 0.98.4
-%systemd_requires
+%systemd_ordering
%if %{without clammspack}
BuildRequires: libmspack-devel
%endif
@@ -125,6 +133,7 @@
%patch4
%patch5
%patch6
+%patch12
%build
CFLAGS="-fstack-protector"
++ clamav-fips.patch ++
--- libclamav/crypto.c.orig
+++ libclamav/crypto.c
@@ -145,6 +145,9 @@ int cl_initialize_crypto(void)
ERR_load_crypto_strings();
#endif
+/* avoid fips issues */
+EVP_add_digest(EVP_md5());
+
return 0;
}
___
openSUSE Commits mailing list -- commit@lists.opensuse.org
To unsubscribe, email commit-le...@lists.opensuse.org
List Netiquette: https://en.opensuse.org/openSUSE:Mailing_list_netiquette
List Archives:
https://lists.opensuse.org/archives/list/commit@lists.opensuse.org
