Hello community, here is the log from the commit of package clamav for openSUSE:Factory checked in at 2020-02-07 15:54:44 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/clamav (Old) and /work/SRC/openSUSE:Factory/.clamav.new.26092 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "clamav" Fri Feb 7 15:54:44 2020 rev:105 rq:770647 version:0.102.2 Changes: -------- --- /work/SRC/openSUSE:Factory/clamav/clamav.changes 2019-12-30 12:35:09.911815280 +0100 +++ /work/SRC/openSUSE:Factory/.clamav.new.26092/clamav.changes 2020-02-07 15:56:25.263574437 +0100 @@ -1,0 +2,36 @@ +Wed Feb 5 18:31:17 UTC 2020 - Arjen de Korte <[email protected]> + +- update to 0.102.2 + * CVE-2020-3123: A denial-of-service (DoS) condition may occur when + using the optional credit card data-loss-prevention (DLP) feature. + Improper bounds checking of an unsigned variable resulted in an + out-of-bounds read, which causes a crash. + * Significantly improved the scan speed of PDF files on Windows. + * Re-applied a fix to alleviate file access issues when scanning RAR + files in downstream projects that use libclamav where the scanning + engine is operating in a low-privilege process. This bug was originally + fixed in 0.101.2 and the fix was mistakenly omitted from 0.102.0. + * Fixed an issue where freshclam failed to update if the database version + downloaded is one version older than advertised. This situation may + occur after a new database version is published. The issue affected + users downloading the whole CVD database file. + * Changed the default freshclam ReceiveTimeout setting to 0 (infinite). + The ReceiveTimeout had caused needless database update failures for + users with slower internet connections. + * Correctly display the number of kilobytes (KiB) in progress bar and + reduced the size of the progress bar to accommodate 80-character width + terminals. + * Fixed an issue where running freshclam manually causes a daemonized + freshclam process to fail when it updates because the manual instance + deletes the temporary download directory. The freshclam temporary files + will now download to a unique directory created at the time of an update + instead of using a hardcoded directory created/destroyed at the program + start/exit. + * Fix for freshclam's OnOutdatedExecute config option. + * Fixes a memory leak in the error condition handling for the email + parser. + * Improved bound checking and error handling in ARJ archive parser. + * Improved error handling in PDF parser. + * Fix for memory leak in byte-compare signature handler. + +------------------------------------------------------------------- Old: ---- clamav-0.102.1.tar.gz clamav-0.102.1.tar.gz.sig New: ---- clamav-0.102.2.tar.gz clamav-0.102.2.tar.gz.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ clamav.spec ++++++ --- /var/tmp/diff_new_pack.COobvR/_old 2020-02-07 15:56:26.631575135 +0100 +++ /var/tmp/diff_new_pack.COobvR/_new 2020-02-07 15:56:26.635575137 +0100 @@ -1,7 +1,7 @@ # # spec file for package clamav # -# Copyright (c) 2019 SUSE LLC +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -20,7 +20,7 @@ %define clamav_check --enable-check Name: clamav -Version: 0.102.1 +Version: 0.102.2 Release: 0 Summary: Antivirus Toolkit License: GPL-2.0-only @@ -60,9 +60,9 @@ BuildRequires: python-devel BuildRequires: sed BuildRequires: sendmail-devel -BuildRequires: pkgconfig(libsystemd) BuildRequires: systemd-rpm-macros BuildRequires: zlib-devel +BuildRequires: pkgconfig(libsystemd) Requires(pre): %_bindir/awk Requires(pre): %_sbindir/groupadd Requires(pre): %_sbindir/useradd ++++++ clamav-0.102.1.tar.gz -> clamav-0.102.2.tar.gz ++++++ /work/SRC/openSUSE:Factory/clamav/clamav-0.102.1.tar.gz /work/SRC/openSUSE:Factory/.clamav.new.26092/clamav-0.102.2.tar.gz differ: char 5, line 1 ++++++ clamav-disable-timestamps.patch ++++++ --- /var/tmp/diff_new_pack.COobvR/_old 2020-02-07 15:56:26.683575162 +0100 +++ /var/tmp/diff_new_pack.COobvR/_new 2020-02-07 15:56:26.691575166 +0100 @@ -37,8 +37,8 @@ LIBCLAMAV_VERSION +ENABLE_TIMESTAMPS PACKAGE_VERSION_NUM - EGREP - GREP + ac_ct_AR + AR @@ -924,6 +925,7 @@ ac_user_opts=' enable_mmap_for_cross_compiling enable_dependency_tracking @@ -58,8 +58,8 @@ optimize for fast installation [default=yes] @@ -5927,6 +5931,26 @@ $as_echo "$ac_cv_safe_to_define___extens - $as_echo "#define _TANDEM_SOURCE 1" >>confdefs.h + $as_echo "#define PACKAGE PACKAGE_NAME" >>confdefs.h +# Check whether --enable-timestamps was given. +if test "${enable_timestamps+set}" = set; then : + enableval=$enable_timestamps; @@ -82,4 +82,4 @@ +_ACEOF - VERSION="0.102.1" + VERSION="0.102.2"
