Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package clamav for openSUSE:Factory checked in at 2021-02-09 21:17:31 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/clamav (Old) and /work/SRC/openSUSE:Factory/.clamav.new.28504 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "clamav" Tue Feb 9 21:17:31 2021 rev:111 rq:870558 version:0.103.1 Changes: -------- --- /work/SRC/openSUSE:Factory/clamav/clamav.changes 2020-11-13 19:00:41.762223510 +0100 +++ /work/SRC/openSUSE:Factory/.clamav.new.28504/clamav.changes 2021-02-09 21:17:35.098864803 +0100 @@ -1,0 +2,53 @@ +Sat Feb 6 11:20:37 UTC 2021 - Arjen de Korte <[email protected]> + +- Update to 0.103.1 + * Added a new scan option to alert on broken media (graphics) file + formats. This feature mitigates the risk of malformed media files + intended to exploit vulnerabilities in other software. At present + media validation exists for JPEG, TIFF, PNG, and GIF files. To + enable this feature, set AlertBrokenMedia yes in clamd.conf, or + use the --alert-broken-media option when using clamscan. These + options are disabled by default in this patch release, but may be + enabled in a subsequent release. Application developers may enable + this scan option by enabling CL_SCAN_HEURISTIC_BROKEN_MEDIA for + the heuristic scan option bit field. + * Added CL_TYPE_TIFF, CL_TYPE_JPEG types to match GIF, PNG typing + behavior. BMP and JPEG 2000 files will continue to detect as + CL_TYPE_GRAPHICS because ClamAV does not yet have BMP or JPEG + 2000 format checking capabilities. + * Fixed PNG parser logic bugs that caused an excess of parsing + errors and fixed a stack exhaustion issue affecting some systems + when scanning PNG files. PNG file type detection was disabled via + signature database update for ClamAV version 0.103.0 to mitigate + the effects from these bugs. + * Fixed an issue where PNG and GIF files no longer work with + Target:5 graphics signatures if detected as CL_TYPE_PNG/GIF rather + than as CL_TYPE_GRAPHICS. Target types now support up to 10 + possible file types to make way for additional graphics types in + future releases. + * Fixed clamonacc's --fdpass option. + - Interprocess file descriptor passing for clamonacc was broken + since version 0.102.0 due to a bug introduced by the switch to + curl for communicating with clamd. On Linux, passing file + descriptors from one process to another is handled by the + kernel, so we reverted clamonacc to use standard system calls + for socket communication when fd passing is enabled. + * Fixed a clamonacc stack corruption issue on some systems when + using an older version of libcurl. + * Allow clamscan and clamdscan scans to proceed even if the + realpath lookup failed. This alleviates an issue on Windows + scanning files hosted on file- systems that do not support the + GetMappedFileNameW() API such as on ImDisk RAM-disks. + * Fixed freshclam --on-update-execute=EXIT_1 temporary directory + cleanup issue. + * clamd's log output and VirusEvent now provide the scan target's + file path instead of a file descriptor. The clamd socket API for + submitting a scan by FD-passing doesn't include a file path, this + feature works by looking up the file path by file descriptor. + This feature works on Mac and Linux but is not yet implemented + for other UNIX operating systems. FD-passing is not available for + Windows. + * Fixed an issue where freshclam database validation didn't work + correctly when run in daemon mode on Linux/Unix. + +------------------------------------------------------------------- Old: ---- clamav-0.103.0.tar.gz clamav-0.103.0.tar.gz.sig New: ---- clamav-0.103.1.tar.gz clamav-0.103.1.tar.gz.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ clamav.spec ++++++ --- /var/tmp/diff_new_pack.ZvoQ0P/_old 2021-02-09 21:17:35.962865819 +0100 +++ /var/tmp/diff_new_pack.ZvoQ0P/_new 2021-02-09 21:17:35.966865824 +0100 @@ -1,7 +1,7 @@ # # spec file for package clamav # -# Copyright (c) 2020 SUSE LLC +# Copyright (c) 2021 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -19,7 +19,7 @@ %define clamav_check --enable-check %bcond_with clammspack Name: clamav -Version: 0.103.0 +Version: 0.103.1 Release: 0 Summary: Antivirus Toolkit License: GPL-2.0-only ++++++ clamav-0.103.0.tar.gz -> clamav-0.103.1.tar.gz ++++++ /work/SRC/openSUSE:Factory/clamav/clamav-0.103.0.tar.gz /work/SRC/openSUSE:Factory/.clamav.new.28504/clamav-0.103.1.tar.gz differ: char 5, line 1 ++++++ clamav-conf.patch ++++++ --- /var/tmp/diff_new_pack.ZvoQ0P/_old 2021-02-09 21:17:36.042865914 +0100 +++ /var/tmp/diff_new_pack.ZvoQ0P/_new 2021-02-09 21:17:36.046865918 +0100 @@ -194,4 +194,4 @@ +NotifyClamd /etc/clamd.conf # Run command after successful database update. - # Default: disabled + # Use EXIT_1 to return 1 after successful database update. ++++++ clamav-disable-timestamps.patch ++++++ --- /var/tmp/diff_new_pack.ZvoQ0P/_old 2021-02-09 21:17:36.058865932 +0100 +++ /var/tmp/diff_new_pack.ZvoQ0P/_new 2021-02-09 21:17:36.058865932 +0100 @@ -82,4 +82,4 @@ +_ACEOF - VERSION="0.103.0" + VERSION="0.103.1"
