Hello community, here is the log from the commit of package clamav for openSUSE:Factory checked in at 2019-11-26 17:02:30 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/clamav (Old) and /work/SRC/openSUSE:Factory/.clamav.new.26869 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "clamav" Tue Nov 26 17:02:30 2019 rev:101 rq:750886 version:0.102.1 Changes: -------- --- /work/SRC/openSUSE:Factory/clamav/clamav.changes 2019-10-27 13:41:06.277273539 +0100 +++ /work/SRC/openSUSE:Factory/.clamav.new.26869/clamav.changes 2019-11-26 17:03:29.700025095 +0100 @@ -1,0 +2,53 @@ +Wed Nov 20 19:01:10 UTC 2019 - Arjen de Korte <[email protected]> + +- update to 0.102.1 + * CVE-2019-15961: A Denial-of-Service (DoS) vulnerability may + occur when scanning a specially crafted email file as a result + of excessively long scan times. The issue is resolved by + implementing several maximums in parsing MIME messages and by + optimizing use of memory allocation. + * Build system fixes to build clamav-milter, to correctly link + with libxml2 when detected, and to correctly detect fanotify + for on-access scanning feature support. + * Signature load time is significantly reduced by changing to a + more efficient algorithm for loading signature patterns and + allocating the AC trie. Patch courtesy of Alberto Wu. + * Introduced a new configure option to statically link libjson-c + with libclamav. Static linking with libjson is highly + recommended to prevent crashes in applications that use + libclamav alongside another JSON parsing library. + * Null-dereference fix in email parser when using the + --gen-json metadata option. + * Fixes for Authenticode parsing and certificate signature + (.crb database) bugs. +- dropped clamav-fix_building_milter.patch (upstreamed) + +------------------------------------------------------------------- +Fri Nov 1 09:46:17 UTC 2019 - Arjen de Korte <[email protected]> + +- update to 0.102.0 + * The On-Access Scanning feature has been migrated out of clamd + and into a brand new utility named clamonacc. This utility is + similar to clamdscan and clamav-milter in that it acts as a + client to clamd. This separation from clamd means that clamd no + longer needs to run with root privileges while scanning potentially + malicious files. Instead, clamd may drop privileges to run under an + account that does not have super-user. In addition to improving the + security posture of running clamd with On-Access enabled, this + update fixed a few outstanding defects: + - On-Access scanning for created and moved files (Extra-Scanning) + is fixed. + - VirusEvent for On-Access scans is fixed. + - With clamonacc, it is now possible to copy, move, or remove a + file if the scan triggered an alert, just like with clamdscan. + * The freshclam database update utility has undergone a significant + update. This includes: + - Added support for HTTPS. + - Support for database mirrors hosted on ports other than 80. + - Removal of the mirror management feature (mirrors.dat). + - An all new libfreshclam library API. +- created new subpackage libfreshclam2 +- dropped clamav-max_patch.patch (upstreamed) +- added clamav-fix_building_milter.patch to fix build of milter + +------------------------------------------------------------------- Old: ---- clamav-0.101.4.tar.gz clamav-0.101.4.tar.gz.sig clamav-max_patch.patch New: ---- clamav-0.102.1.tar.gz clamav-0.102.1.tar.gz.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ clamav.spec ++++++ --- /var/tmp/diff_new_pack.TqPYRa/_old 2019-11-26 17:03:34.948023282 +0100 +++ /var/tmp/diff_new_pack.TqPYRa/_new 2019-11-26 17:03:34.948023282 +0100 @@ -1,7 +1,7 @@ # # spec file for package clamav # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -20,12 +20,12 @@ %define clamav_check --enable-check Name: clamav -Version: 0.101.4 +Version: 0.102.1 Release: 0 Summary: Antivirus Toolkit License: GPL-2.0-only Group: Productivity/Security -Url: http://www.clamav.net +URL: http://www.clamav.net Source0: http://www.clamav.net/downloads/production/%name-%version.tar.gz Source1: http://www.clamav.net/downloads/production/%name-%version.tar.gz.sig Source4: clamav-rpmlintrc @@ -39,8 +39,6 @@ Patch5: clamav-obsolete-config.patch Patch6: clamav-disable-yara.patch Patch7: clamav-str-h.patch -#PATCH-FIX-UPSTREAM clamav-max_patch.patch -Patch8: clamav-max_patch.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: bc @@ -94,6 +92,14 @@ ClamAV is an antivirus engine designed for detecting trojans, viruses, malware and other malicious threats. +%package -n libfreshclam2 +Summary: ClamAV updater library +Group: System/Libraries + +%description -n libfreshclam2 +ClamAV is an antivirus engine designed for detecting trojans, +viruses, malware and other malicious threats. + %package -n libclammspack0 Summary: ClamAV antivirus engine runtime Group: System/Libraries @@ -106,6 +112,7 @@ Summary: Development files for libclamav, an antivirus engine Group: Development/Libraries/C and C++ Requires: libclamav9 = %version +Requires: libfreshclam2 = %version %description devel ClamAV is an antivirus engine designed for detecting trojans, @@ -121,7 +128,6 @@ %patch5 %patch6 %patch7 -%patch8 %build CFLAGS="-fstack-protector" @@ -195,6 +201,8 @@ %post -n libclamav9 -p /sbin/ldconfig %postun -n libclamav9 -p /sbin/ldconfig +%post -n libfreshclam2 -p /sbin/ldconfig +%postun -n libfreshclam2 -p /sbin/ldconfig %post -n libclammspack0 -p /sbin/ldconfig %postun -n libclammspack0 -p /sbin/ldconfig @@ -218,6 +226,9 @@ %files -n libclamav9 %_libdir/libclam*.so.9* +%files -n libfreshclam2 +%_libdir/libfreshclam.so.2* + %if %{with clammspack} %files -n libclammspack0 %_libdir/libclammspack.so.0* @@ -226,6 +237,7 @@ %files devel %_libdir/pkgconfig/* %_libdir/libclam*.so +%_libdir/libfreshclam*.so %_includedir/* %pre ++++++ clamav-0.101.4.tar.gz -> clamav-0.102.1.tar.gz ++++++ /work/SRC/openSUSE:Factory/clamav/clamav-0.101.4.tar.gz /work/SRC/openSUSE:Factory/.clamav.new.26869/clamav-0.102.1.tar.gz differ: char 5, line 1 ++++++ clamav-conf.patch ++++++ --- /var/tmp/diff_new_pack.TqPYRa/_old 2019-11-26 17:03:35.016023258 +0100 +++ /var/tmp/diff_new_pack.TqPYRa/_new 2019-11-26 17:03:35.020023257 +0100 @@ -140,17 +140,6 @@ # Stop daemon when libclamav reports out of memory condition. #ExitOnOOM yes -@@ -613,6 +609,10 @@ Example - ## - ## On-access Scan Settings - ## -+# -+# When enabling this, you most probably have to set "User root" above, -+# so that clamav can access the files to be scanned. -+# - - # Enable on-access scanning. Currently, this is supported via fanotify. - # Clamuko/Dazuko support has been deprecated. --- etc/freshclam.conf.sample.orig +++ etc/freshclam.conf.sample @@ -1,12 +1,8 @@ ++++++ clamav-disable-timestamps.patch ++++++ --- /var/tmp/diff_new_pack.TqPYRa/_old 2019-11-26 17:03:35.024023256 +0100 +++ /var/tmp/diff_new_pack.TqPYRa/_new 2019-11-26 17:03:35.028023254 +0100 @@ -32,15 +32,15 @@ --- configure.orig +++ configure @@ -814,6 +814,7 @@ FGREP - SED - LIBTOOL + LIBFRESHCLAM_VERSION + LIBCLAMAV_VERSION_NUM LIBCLAMAV_VERSION +ENABLE_TIMESTAMPS + PACKAGE_VERSION_NUM EGREP GREP - CPP @@ -924,6 +925,7 @@ ac_user_opts=' - enable_option_checking + enable_mmap_for_cross_compiling enable_dependency_tracking enable_silent_rules +enable_timestamps @@ -82,4 +82,4 @@ +_ACEOF - VERSION="0.101.4" + VERSION="0.102.1" ++++++ clamav-obsolete-config.patch ++++++ --- /var/tmp/diff_new_pack.TqPYRa/_old 2019-11-26 17:03:35.040023250 +0100 +++ /var/tmp/diff_new_pack.TqPYRa/_new 2019-11-26 17:03:35.040023250 +0100 @@ -1,9 +1,9 @@ --- shared/optparser.c.orig +++ shared/optparser.c @@ -517,6 +517,13 @@ const struct clam_option __clam_options[ - { "ClamukoExcludeUID", NULL, 0, CLOPT_TYPE_NUMBER, MATCH_NUMBER, -1, NULL, FLAG_MULTIPLE, OPT_CLAMD | OPT_DEPRECATED, "", "" }, - { "ClamukoMaxFileSize", NULL, 0, CLOPT_TYPE_SIZE, MATCH_SIZE, 5242880, NULL, 0, OPT_CLAMD | OPT_DEPRECATED, "", "" }, - { "AllowSupplementaryGroups", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_MILTER | OPT_DEPRECATED, "Initialize a supplementary group access (the process must be started by root).", "no" }, + {"MailFollowURLs", "mail-follow-urls", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, -1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN | OPT_DEPRECATED, "", ""}, + {"AllowSupplementaryGroups", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_MILTER | OPT_DEPRECATED, "Initialize a supplementary group access (the process must be started by root).", "no"}, + {"ScanOnAccess", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, -1, NULL, 0, OPT_CLAMD | OPT_DEPRECATED, "", ""}, + { "StatsHostID", "stats-host-id", 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_CLAMD | OPT_CLAMSCAN | OPT_DEPRECATED, "", "" }, + { "StatsEnabled", "enable-stats", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_CLAMSCAN | OPT_DEPRECATED, "", "" }, + { "StatsPEDisabled", "disable-pe-stats", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN | OPT_DEPRECATED, "", "" },
