Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package clamav for openSUSE:Factory checked in at 2025-10-17 17:25:39 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/clamav (Old) and /work/SRC/openSUSE:Factory/.clamav.new.18484 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "clamav" Fri Oct 17 17:25:39 2025 rev:136 rq:1311754 version:1.5.1 Changes: -------- --- /work/SRC/openSUSE:Factory/clamav/clamav.changes 2025-07-06 17:10:46.934086719 +0200 +++ /work/SRC/openSUSE:Factory/.clamav.new.18484/clamav.changes 2025-10-17 17:26:02.914665013 +0200 @@ -1,0 +2,64 @@ +Thu Oct 16 16:12:58 UTC 2025 - Reinhard Max <[email protected]> + +- New version: 1.5.1: + * Fixed a significant performance issue when scanning some PE + files. + * Fixed an issue recording file entries from a ZIP archive + central directory which resulted in + "Heuristics.Limits.Exceeded.MaxFiles" alerts when using the + ClamScan --alert-exceeds-max command line option or ClamD + AlertExceedsMax config file option. + * Improved performance when scanning TNEF email attachments. + * Fixed an issue with recording metadata for OOXML office + documents. + * Fixed an issue with signature matches for VBA in OLE2 office + documents. + * Loosened overly restrictive rules for embedded file + identification and increased the limit for finding PE files + embedded in other PE files. + * Fixed an issue with extracting some RAR archives embedded in + other files. + * Fixed an issue with calculating fuzzy hashes affecting some + images by updating the version for several Rust library + dependencies. + +------------------------------------------------------------------- +Tue Oct 14 09:02:43 UTC 2025 - Reinhard Max <[email protected]> + +- Add json-c-json-c-0.18-20240915.tar.gz and link it statically + into libclamav on SLE-12, because version 0.12 is too old. + +------------------------------------------------------------------- +Wed Oct 8 08:56:26 UTC 2025 - Reinhard Max <[email protected]> + +- New version 1.5.0: + * Added checks to determine if an OLE2-based Microsoft Office + document is encrypted. + * Added the ability to record URIs found in HTML if the + generate-JSON-metadata feature is enabled. + * Added the ability to record URIs found in PDFs if the + generate-JSON-metadata feature is enabled. + * Added regex support for the clamd.conf OnAccessExcludePath + config option. + * Added CVD signing/verification with external .sign files. + * Freshclam, ClamD, ClamScan, and Sigtool: Added an option to + enable FIPS-like limits disabling MD5 and SHA1 from being used + for verifying digital signatures or for being used to trust a + file when checking for false positives + * ClamD: Added an option to disable select administrative + commands including SHUTDOWN, RELOAD, STATS and VERSION. + * libclamav: Added extended hashing functions with a "flags" + parameter that allows the caller to choose if they want to + bypass FIPS hash algorithm limits. + * See the release announcement for the full list of changes: + https://blog.clamav.net/2025/10/clamav-150-released.html +- Obsoleted patches: + * clamav-freshclam_test.patch + * clamav-disable-administrative-commands.patch + * clamav-fips.patch +- Use macros for library versions +- Remove service symlinks: rcclamd, rcfreshclam, rcclamav-milter, + and clamonacc. +- Use rust 1.86 for SLE-12 and SLE-15-SP2. + +------------------------------------------------------------------- Old: ---- clamav-1.4.3.tar.gz clamav-1.4.3.tar.gz.sig clamav-disable-administrative-commands.patch clamav-fips.patch clamav-freshclam_test.patch New: ---- clamav-1.5.1.tar.gz clamav-1.5.1.tar.gz.sig json-c-json-c-0.18-20240915.tar.gz ----------(Old B)---------- Old: * clamav-freshclam_test.patch * clamav-disable-administrative-commands.patch * clamav-fips.patch Old: * clamav-disable-administrative-commands.patch * clamav-fips.patch - Use macros for library versions Old:- Obsoleted patches: * clamav-freshclam_test.patch * clamav-disable-administrative-commands.patch ----------(Old E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ clamav.spec ++++++ --- /var/tmp/diff_new_pack.Kp3KUe/_old 2025-10-17 17:26:06.762827101 +0200 +++ /var/tmp/diff_new_pack.Kp3KUe/_new 2025-10-17 17:26:06.778827775 +0200 @@ -1,7 +1,7 @@ # # spec file for package clamav # -# Copyright (c) 2025 SUSE LLC +# Copyright (c) 2025 SUSE LLC and contributors # Copyright (c) 2024 Andreas Stieger <[email protected]> # # All modifications and additions to the file contributed by third parties @@ -26,14 +26,25 @@ %if 0%{?suse_version} <= 1500 %define vgcc 13 %if 0%{?sle_version} < 150400 -%define vrust 1.78 +%define vrust 1.86 +%endif +%if 0%{?suse_version} < 1500 %define vcmake 3 +%bcond_without static_jsonc +%else +%bcond_with static_jsonc %endif %endif %global confdir %_prefix%_sysconfdir +%define v_libclamav 12 +%define v_libfreshclam 4 +%define v_libclammspack 0 +%define vjsonc 0.18 +%define jsonc json-c-json-c-%vjsonc-20240915 + Name: clamav -Version: 1.4.3 +Version: 1.5.1 Release: 0 Summary: Antivirus Toolkit License: GPL-2.0-only @@ -41,6 +52,7 @@ URL: https://www.clamav.net Source0: https://www.clamav.net/downloads/production/%{name}-%{version}.tar.gz Source1: https://www.clamav.net/downloads/production/%{name}-%{version}.tar.gz.sig +Source2: %jsonc.tar.gz Source4: clamav-rpmlintrc Source6: clamav-tmpfiles.conf Source7: service.clamd @@ -52,10 +64,7 @@ Source12: service.clamonacc Source65: system-user-vscan.conf Patch1: clamav-conf.patch -Patch2: clamav-freshclam_test.patch -Patch3: clamav-disable-administrative-commands.patch Patch5: clamav-obsolete-config.patch -Patch12: clamav-fips.patch Patch14: clamav-document-maxsize.patch Patch15: clamav-format.patch ExcludeArch: %{arml} @@ -66,8 +75,16 @@ BuildRequires: gcc%{?vgcc}-PIE BuildRequires: gcc%{?vgcc}-c++ BuildRequires: libbz2-devel +%if %{with static_jsonc} +Provides: bundles(json-c) = %vjsonc +%else BuildRequires: libjson-c-devel +%endif +%if 0%{?suse_version} < 1500 +BuildRequires: libopenssl-1_1-devel +%else BuildRequires: libopenssl-devel >= 1.0.2 +%endif BuildRequires: libxml2-devel BuildRequires: make BuildRequires: rust%{?vrust} @@ -144,35 +161,35 @@ between different machines and to keep scanning for viruses even when a server goes down. -%package -n libclamav12 +%package -n libclamav%v_libclamav Summary: ClamAV antivirus engine runtime Group: System/Libraries -%description -n libclamav12 +%description -n libclamav%v_libclamav ClamAV is an antivirus engine designed for detecting trojans, viruses, malware and other malicious threats. -%package -n libfreshclam3 +%package -n libfreshclam4 Summary: ClamAV updater library Group: System/Libraries -%description -n libfreshclam3 +%description -n libfreshclam%v_libfreshclam ClamAV is an antivirus engine designed for detecting trojans, viruses, malware and other malicious threats. -%package -n libclammspack0 +%package -n libclammspack%v_libclammspack Summary: ClamAV antivirus engine runtime Group: System/Libraries -%description -n libclammspack0 +%description -n libclammspack%v_libclammspack ClamAV is an antivirus engine designed for detecting trojans, viruses, malware and other malicious threats. %package devel Summary: Development files for libclamav, an antivirus engine Group: Development/Libraries/C and C++ -Requires: libclamav12 = %{version} -Requires: libfreshclam3 = %{version} +Requires: libclamav%v_libclamav = %{version} +Requires: libfreshclam%v_libfreshclam = %{version} %description devel ClamAV is an antivirus engine designed for detecting trojans, @@ -183,11 +200,11 @@ %prep %setup -q +%if %{with static_jsonc} +%setup -D -T -b 2 -q +%endif %patch -P 1 -%patch -P 2 -%patch -P 3 %patch -P 5 -%patch -P 12 %patch -P 14 %patch -P 15 chmod -x docs/html/images/flamegraph.svg @@ -197,6 +214,21 @@ # Create vscan user %sysusers_generate_pre %{SOURCE65} vscan %endif + +%if %{with static_jsonc} +pushd ../%jsonc +cmake . \ +%if "%{?vgcc}" != "" + -DCMAKE_C_COMPILER=gcc-%{vgcc} \ + -DCMAKE_CXX_COMPILER=g++-%{vgcc} \ +%endif + -DCMAKE_BUILD_TYPE=None \ + -DCMAKE_POLICY_VERSION_MINIMUM=3.5 \ + -DBUILD_SHARED_LIBS=OFF +make +popd +%endif + %cmake \ %if "%{?vgcc}" != "" -DCMAKE_C_COMPILER=gcc-%{vgcc} \ @@ -213,9 +245,16 @@ -DSYSTEMD_UNIT_DIR=%{_unitdir} \ -DPCRE2_LIBRARY=%{_libdir}/libpcre2-8.so \ %if %{without clammspack} - -DENABLE_EXTERNAL_MSPACK=ON + -DENABLE_EXTERNAL_MSPACK=ON \ +%endif +%if %{with static_jsonc} + -DENABLE_JSON_SHARED=OFF \ + -DJSONC_INCLUDE_DIR=../../%jsonc \ + -DJSONC_LIBRARY=../../%jsonc/libjson-c.a %endif +%cmake_build + %install %cmake_install @@ -240,9 +279,6 @@ install -m 0644 %SOURCE9 %{buildroot}%{_unitdir}/clamav-milter.service install -m 0644 %SOURCE10 %{buildroot}%{_unitdir}/freshclam.timer install -m 0644 %SOURCE12 %{buildroot}%{_unitdir}/clamonacc.service -for srvname in clamd freshclam clamav-milter clamonacc; do - (export PATH=%_prefix/sbin:/sbin:$PATH ;ln -sf service %{buildroot}/%{_sbindir}/rc${srvname}) -done %check # regression tests @@ -289,19 +325,19 @@ %service_del_postun clamav-milter.service %if 0%{?suse_version} > 1500 -%ldconfig_scriptlets -n libclamav12 -%ldconfig_scriptlets -n libfreshclam3 +%ldconfig_scriptlets -n libclamav%v_libclamav +%ldconfig_scriptlets -n libfreshclam%v_libfreshclam %if %{with clammspack} -%ldconfig_scriptlets -n libclammspack0 +%ldconfig_scriptlets -n libclammspack%v_libclammspack %endif %else -%post -n libclamav12 -p /sbin/ldconfig -%postun -n libclamav12 -p /sbin/ldconfig -%post -n libfreshclam3 -p /sbin/ldconfig -%postun -n libfreshclam3 -p /sbin/ldconfig +%post -n libclamav%v_libclamav -p /sbin/ldconfig +%postun -n libclamav%v_libclamav -p /sbin/ldconfig +%post -n libfreshclam%v_libfreshclam -p /sbin/ldconfig +%postun -n libfreshclam%v_libfreshclam -p /sbin/ldconfig %if %{with clammspack} -%post -n libclammspack0 -p /sbin/ldconfig -%postun -n libclammspack0 -p /sbin/ldconfig +%post -n libclammspack%v_libclammspack -p /sbin/ldconfig +%postun -n libclammspack%v_libclammspack -p /sbin/ldconfig %endif %endif @@ -309,6 +345,7 @@ %license COPYING.txt COPYING/* %config(noreplace) %{_sysconfdir}/clamd.conf %config(noreplace) %{_sysconfdir}/freshclam.conf +%{_sysconfdir}/certs %{_bindir}/clamav-config %{_bindir}/clambc %{_bindir}/clamconf @@ -320,9 +357,6 @@ %{_bindir}/sigtool %{_sbindir}/clamd %{_sbindir}/clamonacc -%{_sbindir}/rcclamd -%{_sbindir}/rcfreshclam -%{_sbindir}/rcclamonacc %{_mandir}/man1/clambc.1%{?ext_man} %{_mandir}/man1/clamconf.1%{?ext_man} %{_mandir}/man1/clamdscan.1%{?ext_man} @@ -354,25 +388,23 @@ %config(noreplace) %{_sysconfdir}/clamav-milter.conf %{_unitdir}/clamav-milter.service %{_sbindir}/clamav-milter -%{_sbindir}/rcclamav-milter %{_mandir}/man5/clamav-milter.conf.5%{?ext_man} %{_mandir}/man8/clamav-milter.8%{?ext_man} -%files -n libclamav12 -%{_libdir}/libclam*.so.12* +%files -n libclamav%v_libclamav +%{_libdir}/libclam*.so.%{v_libclamav}* -%files -n libfreshclam3 -%{_libdir}/libfreshclam.so.3* +%files -n libfreshclam%v_libfreshclam +%{_libdir}/libfreshclam.so.%{v_libfreshclam}* %if %{with clammspack} -%files -n libclammspack0 -%{_libdir}/libclammspack.so.0* +%files -n libclammspack%v_libclammspack +%{_libdir}/libclammspack.so.%{v_libclammspack}* %endif %files devel %{_includedir}/* %{_libdir}/pkgconfig/* -%{_libdir}/libclam*.so -%{_libdir}/libfreshclam*.so +%{_libdir}/lib*clam*.so %{_libdir}/libclamav_rust.a ++++++ clamav-1.4.3.tar.gz -> clamav-1.5.1.tar.gz ++++++ /work/SRC/openSUSE:Factory/clamav/clamav-1.4.3.tar.gz /work/SRC/openSUSE:Factory/.clamav.new.18484/clamav-1.5.1.tar.gz differ: char 5, line 1 ++++++ clamav-conf.patch ++++++ --- /var/tmp/diff_new_pack.Kp3KUe/_old 2025-10-17 17:26:07.498858103 +0200 +++ /var/tmp/diff_new_pack.Kp3KUe/_new 2025-10-17 17:26:07.534859619 +0200 @@ -105,7 +105,7 @@ # Optional path to the global temporary directory. # Default: system specific (usually /tmp or /var/tmp). -@@ -98,7 +94,7 @@ Example +@@ -109,7 +105,7 @@ Example # Path to a local socket file the daemon will listen on. # Default: disabled (must be specified by a user) @@ -114,7 +114,7 @@ #LocalSocket /tmp/clamd.sock # Sets the group ownership on the unix socket. -@@ -230,7 +226,7 @@ Example +@@ -266,7 +262,7 @@ Example # Run as another user (clamd must be started by root for this option to work) # Default: don't drop privileges @@ -123,7 +123,7 @@ # Stop daemon when libclamav reports out of memory condition. #ExitOnOOM yes -@@ -727,7 +723,7 @@ Example +@@ -781,7 +777,7 @@ Example # multiple OnAccessIncludePath directives but each directory must be added # in a separate line. # Default: disabled @@ -132,7 +132,7 @@ #OnAccessIncludePath /students # Set the exclude paths. All subdirectories are also excluded. -@@ -797,7 +793,7 @@ Example +@@ -851,7 +847,7 @@ Example # It has the same potential race condition limitations of the # OnAccessExcludeUID option. # Default: disabled @@ -157,7 +157,7 @@ # Path to the database directory. # WARNING: It must match clamd.conf's directive! # WARNING: It must already exist, be an absolute path, be writeable by -@@ -54,12 +50,12 @@ Example +@@ -68,12 +64,12 @@ Example # It is recommended that the directory where this file is stored is # also owned by root to keep other users from tampering with it. # Default: disabled @@ -172,7 +172,7 @@ # Use DNS to verify virus database version. FreshClam uses DNS TXT records # to verify database and software versions. With this directive you can change -@@ -150,7 +146,7 @@ DatabaseMirror database.clamav.net +@@ -164,7 +160,7 @@ DatabaseMirror database.clamav.net # Send the RELOAD command to clamd. # Default: no ++++++ clamav-obsolete-config.patch ++++++ --- /var/tmp/diff_new_pack.Kp3KUe/_old 2025-10-17 17:26:07.714867201 +0200 +++ /var/tmp/diff_new_pack.Kp3KUe/_new 2025-10-17 17:26:07.742868381 +0200 @@ -1,6 +1,6 @@ --- common/optparser.c.orig +++ common/optparser.c -@@ -602,6 +602,13 @@ const struct clam_option __clam_options[ +@@ -637,6 +637,13 @@ const struct clam_option __clam_options[ {"MailFollowURLs", "mail-follow-urls", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, -1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN | OPT_DEPRECATED, "", ""}, {"AllowSupplementaryGroups", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_MILTER | OPT_DEPRECATED, "Initialize a supplementary group access (the process must be started by root).", "no"}, {"ScanOnAccess", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, -1, NULL, 0, OPT_CLAMD | OPT_DEPRECATED, "", ""},
