openSUSE Build Service

Overview Repositories Revisions Requests Users Attributes Meta

Revisions of clamav

Reinhard Max (rmax) committed over 3 years ago (revision 214)

Add missing bug references

Reinhard Max (rmax) accepted request 848100 from

Dominique Leuenberger (dimstar) over 3 years ago (revision 213)

- Do not hard-depend on systemd: use systemd_ordering instead of
  systemd_requires.

Reinhard Max (rmax) committed over 3 years ago (revision 212)

- Sync Factory to SLE-15 to implement jsc#ECO-3010.

Reinhard Max (rmax) committed over 3 years ago (revision 211)

- bsc#1119353, clamav-fips.patch: Fix freshclam crash in FIPS mode.
- Keep OBS from installing an existing clamav instance to scan the
  sources, because this makes "make check" use the old library
  instead of the just built one. This is only a workaround until
  we found a way to keep libtool from adding libdir to rpath and
  LD_LIBRARY_PATH of the binaries in the testsuite.

buildservice-autocommit accepted request 835433 from

Reinhard Max (rmax) over 3 years ago (revision 210)

baserev update by copy to link target

Reinhard Max (rmax) accepted request 834369 from

Arjen de Korte (adkorte) over 3 years ago (revision 209)

- Update to 0.103.0
  * clamd can now reload the signature database without blocking
    scanning. This multi-threaded database reload improvement was made
    possible thanks to a community effort.
    - Non-blocking database reloads are now the default behavior. Some
      systems that are more constrained on RAM may need to disable
      non-blocking reloads as it will temporarily consume two times as
      much memory. We added a new clamd config option
      ConcurrentDatabaseReload, which may be set to no.
  * Dropped clamav-str-h.patch (no longer needed)
  * Fix clamav-milter.service (requires clamd.service to run)

buildservice-autocommit accepted request 821532 from

Reinhard Max (rmax) almost 4 years ago (revision 208)

baserev update by copy to link target

Reinhard Max (rmax) accepted request 821356 from

Arjen de Korte (adkorte) almost 4 years ago (revision 207)

- Update to 0.102.4
  * CVE-2020-3350: Fix a vulnerability wherein a malicious user could
    replace a scan target's directory with a symlink to another path
    to trick clamscan, clamdscan, or clamonacc into removing or moving
    a different file (eg. a critical system file). The issue would
    affect users that use the --move or --remove options for clamscan,
    clamdscan, and clamonacc.
  * CVE-2020-3327: Fix a vulnerability in the ARJ archive parsing
    module in ClamAV 0.102.3 that could cause a Denial-of-Service
    (DoS) condition. Improper bounds checking results in an
    out-of-bounds read which could cause a crash. The previous fix for
    this CVE in 0.102.3 was incomplete. This fix correctly resolves
    the issue.
  * CVE-2020-3481: Fix a vulnerability in the EGG archive module in
    ClamAV 0.102.0 - 0.102.3 could cause a Denial-of-Service (DoS)
    condition. Improper error handling may result in a crash due to a
    NULL pointer dereference. This vulnerability is mitigated for
    those using the official ClamAV signature databases because the
    file type signatures in daily.cvd will not enable the EGG archive
    parser in versions affected by the vulnerability.

buildservice-autocommit accepted request 803386 from

Reinhard Max (rmax) about 4 years ago (revision 206)

baserev update by copy to link target

Reinhard Max (rmax) accepted request 803374 from

Arjen de Korte (adkorte) about 4 years ago (revision 205)

- Update to 0.102.3
  * CVE-2020-3327: Fix a vulnerability in the ARJ archive parsing
    module in ClamAV 0.102.2 that could cause a Denial-of-Service (DoS)
    condition. Improper bounds checking of an unsigned variable results
    in an out-of-bounds read which causes a crash.
  * CVE-2020-3341: Fix a vulnerability in the PDF parsing module in
    ClamAV 0.101 - 0.102.2 that could cause a Denial-of-Service (DoS)
    condition. Improper size checking of a buffer used to initialize AES
    decryption routines results in an out-of-bounds read which may cause
    a crash.
  * Fix "Attempt to allocate 0 bytes" error when parsing some PDF
    documents.
  * Fix a couple of minor memory leaks.
  * Updated libclamunrar to UnRAR 5.9.2.

buildservice-autocommit accepted request 794379 from

Lars Vogdt (lrupp) about 4 years ago (revision 204)

baserev update by copy to link target

Lars Vogdt (lrupp) accepted request 790518 from

Martin Pluskal (pluskalm) about 4 years ago (revision 203)

- Drop python build dependency as it is not needed

buildservice-autocommit accepted request 770647 from

Reinhard Max (rmax) over 4 years ago (revision 202)

baserev update by copy to link target

Reinhard Max (rmax) accepted request 770381 from

Arjen de Korte (adkorte) over 4 years ago (revision 201)

- update to 0.102.2
  * CVE-2020-3123: A denial-of-service (DoS) condition may occur when
    using the optional credit card data-loss-prevention (DLP) feature.
    Improper bounds checking of an unsigned variable resulted in an
    out-of-bounds read, which causes a crash.
  * Significantly improved the scan speed of PDF files on Windows.
  * Re-applied a fix to alleviate file access issues when scanning RAR
    files in downstream projects that use libclamav where the scanning
    engine is operating in a low-privilege process. This bug was originally
    fixed in 0.101.2 and the fix was mistakenly omitted from 0.102.0.
  * Fixed an issue where freshclam failed to update if the database version
    downloaded is one version older than advertised. This situation may
    occur after a new database version is published. The issue affected
    users downloading the whole CVD database file.
  * Changed the default freshclam ReceiveTimeout setting to 0 (infinite).
    The ReceiveTimeout had caused needless database update failures for
    users with slower internet connections.
  * Correctly display the number of kilobytes (KiB) in progress bar and
    reduced the size of the progress bar to accommodate 80-character width
    terminals.
  * Fixed an issue where running freshclam manually causes a daemonized
    freshclam process to fail when it updates because the manual instance
    deletes the temporary download directory. The freshclam temporary files
    will now download to a unique directory created at the time of an update
    instead of using a hardcoded directory created/destroyed at the program
    start/exit.
  * Fix for freshclam's OnOutdatedExecute config option.
  * Fixes a memory leak in the error condition handling for the email
    parser.
  * Improved bound checking and error handling in ARJ archive parser.
  * Improved error handling in PDF parser.
  * Fix for memory leak in byte-compare signature handler.

buildservice-autocommit accepted request 759922 from

Lars Vogdt (lrupp) over 4 years ago (revision 200)

baserev update by copy to link target

Lars Vogdt (lrupp) accepted request 759130 from

Arjen de Korte (adkorte) over 4 years ago (revision 199)

- The freshclam.service should not be started before the network is online (it checks for updates immediately upon service start)

buildservice-autocommit accepted request 759585 from

Factory Maintainer (factory-maintainer) over 4 years ago (revision 198)

baserev update by copy to link target

buildservice-autocommit accepted request 758279 from

Robert Frohl (rfrohl) over 4 years ago (revision 197)

baserev update by copy to link target

Lars Vogdt (lrupp) accepted request 758289 from

Dominique Leuenberger (dimstar) over 4 years ago (revision 196)

Fix a typo in the changelog

Robert Frohl (rfrohl) accepted request 758248 from

Dominique Leuenberger (dimstar) over 4 years ago (revision 195)

- BuildRequire pkgconfig(libsystemd) instead of systemd-devel:
  Aloow OBS to shortcut through the -mini flavors.

Displaying revisions 41 - 60 of 254

Places

Revisions of clamav

Places