Hello community,
here is the log from the commit of package clamav for openSUSE:Factory checked
in at 2019-09-09 23:59:38
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/clamav (Old)
and /work/SRC/openSUSE:Factory/.clamav.new.7948 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "clamav"
Mon Sep 9 23:59:38 2019 rev:99 rq:729457 version:0.101.4
Changes:
--------
--- /work/SRC/openSUSE:Factory/clamav/clamav.changes 2019-08-09
16:54:14.505456365 +0200
+++ /work/SRC/openSUSE:Factory/.clamav.new.7948/clamav.changes 2019-09-09
23:59:41.697222794 +0200
@@ -1,0 +2,11 @@
+Wed Sep 4 19:12:01 UTC 2019 - Andreas Stieger <andreas.stie...@gmx.de>
+
+- update to 0.101.4:
+ * CVE-2019-12900: An out of bounds write in the NSIS bzip2
+ (boo#1149458)
+ * CVE-2019-12625: Introduce a configurable time limit to mitigate
+ zip bomb vulnerability completely. Default is 2 minutes,
+ configurable useing the clamscan --max-scantime and for clamd
+ using the MaxScanTime config option (boo#1144504)
+
+-------------------------------------------------------------------
Old:
----
clamav-0.101.3.tar.gz
clamav-0.101.3.tar.gz.sig
New:
----
clamav-0.101.4.tar.gz
clamav-0.101.4.tar.gz.sig
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ clamav.spec ++++++
--- /var/tmp/diff_new_pack.XALD63/_old 2019-09-09 23:59:42.853222716 +0200
+++ /var/tmp/diff_new_pack.XALD63/_new 2019-09-09 23:59:42.857222715 +0200
@@ -20,7 +20,7 @@
%define clamav_check --enable-check
Name: clamav
-Version: 0.101.3
+Version: 0.101.4
Release: 0
Summary: Antivirus Toolkit
License: GPL-2.0-only
++++++ clamav-0.101.3.tar.gz -> clamav-0.101.4.tar.gz ++++++
/work/SRC/openSUSE:Factory/clamav/clamav-0.101.3.tar.gz
/work/SRC/openSUSE:Factory/.clamav.new.7948/clamav-0.101.4.tar.gz differ: char
5, line 1
++++++ clamav-disable-timestamps.patch ++++++
--- /var/tmp/diff_new_pack.XALD63/_old 2019-09-09 23:59:42.897222713 +0200
+++ /var/tmp/diff_new_pack.XALD63/_new 2019-09-09 23:59:42.897222713 +0200
@@ -1,3 +1,5 @@
+Index: libclamav/tomsfastmath/misc/fp_ident.c
+===================================================================
--- libclamav/tomsfastmath/misc/fp_ident.c.orig
+++ libclamav/tomsfastmath/misc/fp_ident.c
@@ -15,7 +15,11 @@ const char *fp_ident(void)
@@ -25,9 +27,11 @@
if (sizeof(fp_digit) == sizeof(fp_word)) {
strncat(buf, "WARNING: sizeof(fp_digit) == sizeof(fp_word), this build
is likely to not work properly.\n",
+Index: configure
+===================================================================
--- configure.orig
+++ configure
-@@ -812,6 +812,7 @@ FGREP
+@@ -814,6 +814,7 @@ FGREP
SED
LIBTOOL
LIBCLAMAV_VERSION
@@ -35,7 +39,7 @@
EGREP
GREP
CPP
-@@ -922,6 +923,7 @@ ac_user_opts='
+@@ -924,6 +925,7 @@ ac_user_opts='
enable_option_checking
enable_dependency_tracking
enable_silent_rules
@@ -43,7 +47,7 @@
enable_static
enable_shared
with_pic
-@@ -1641,6 +1643,8 @@ Optional Features:
+@@ -1644,6 +1646,8 @@ Optional Features:
--enable-silent-rules less verbose build output (undo: "make V=1")
--disable-silent-rules verbose build output (undo: "make V=0")
--enable-static[=PKGS] build static libraries [default=no]
@@ -52,7 +56,7 @@
--enable-shared[=PKGS] build shared libraries [default=yes]
--enable-fast-install[=PKGS]
optimize for fast installation [default=yes]
-@@ -5923,6 +5927,26 @@ $as_echo "$ac_cv_safe_to_define___extens
+@@ -5927,6 +5931,26 @@ $as_echo "$ac_cv_safe_to_define___extens
$as_echo "#define _TANDEM_SOURCE 1" >>confdefs.h
@@ -78,4 +82,4 @@
+_ACEOF
- VERSION="0.101.3"
+ VERSION="0.101.4"
