- Update to version 0.100.2:

* bsc#1110723, CVE-2018-15378: Vulnerability in ClamAV's MEW
    unpacking feature that could allow an unauthenticated, remote
    attacker to cause a denial of service (DoS) condition on an
    affected device.
  * bsc#1103040, CVE-2018-14680, CVE-2018-14681, CVE-2018-14682:
    more fixes for embedded libmspack.
  * Make freshclam more robust against lagging signature mirrors.
  * On-Access "Extra Scanning", an opt-in minor feature of
    OnAccess scanning on Linux systems, has been disabled due to a
    known issue with resource cleanup OnAccessExtraScanning will
    be re-enabled in a future release when the issue is
    resolved. In the mean-time, users who enabled the feature in
    clamd.conf will see a warning informing them that the feature
    is not active. For details, see:
    https://bugzilla.clamav.net/show_bug.cgi?id=12048
- Restore exit code compatibility of freshclam with versions before
  0.100.0 when the virus database is already up to date
  (bsc#1104457, clamav-freshclam-exit.patch).

OBS-URL: https://build.opensuse.org/package/show/security/clamav?expand=0&rev=177

clamav-0.100.1.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:84e026655152247de7237184ee13003701c40be030dd68e0316111049f58a59f
-size 16154415

clamav-0.100.1.tar.gz.sig

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIcBAABAgAGBQJbO66OAAoJEPE/nha8pb+t2SkP/0i9fOLm2FCBs/kRGiGgd4zn
-RxLwsW0Wskf0C/5dLhNHP/aeHSqeWZQdasmIgUzxxGhksp/gxwmH66h5y6qjACU2
-LnDytMr5DuM0rPAfNtOmnCQcpKVXvRA5utboCP7BWBLsfdfi1tF/Sw/JknDzDu5a
-AExBpiclix4EEHa4VkG+pMYpLLYUfxMZgKuq9b3ytWgNbCz0riSugr3hkoL72uRy
-xfrN2S0YkHy1Kw/7zohcHJa1qfPXZ/V6S1iSBCSfk3OTeExJhQIDxlLNTkcBr8L0
-H9Fo6RnQ2ttYtdphKU1suN4spFxBJD94zkOB+0cLfk6sCeYb4BXrqX6t19N+9Z9+
-m2fx2zay12skW/eABFtG82ToWTojCfHhKrRRDZRE8iXh2KUKMUkx7kSjhDRNR9eE
-WIpfAom4vdgDwDOgHwziUqr65l8Dr3NFC1LJl8F0uaFGshbjbtMufD88S0TQCvw6
-pJAZ8ZiTXqtmT9Uyw9aObffA2ekKWOY4k/6Z7ved76GkXC+e922Z+LpRE8wE05Cz
-sqwkzIQMLwwBo3468vB0RFxS14AVyLFVogmYxkhLcZC39yFBZVJF4++efsrlt+vq
-+OoJl7JF1NYp8KSGGAIuNY5dyJGtiu709n7ppU6JAY2uhAzEjHYeqM0caDjPDjT2
-/LK7EO0s7O30HEld5gDC
-=xbrK
------END PGP SIGNATURE-----

clamav-0.100.2.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:4a2e4f0cd41e62adb5a713b4a1857c49145cd09a69957e6d946ecad575206dd6
+size 15926420

clamav-0.100.2.tar.gz.sig

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIcBAABAgAGBQJbq9rVAAoJEPE/nha8pb+tWtAQAIoac5u7/0ys8qxcVvE/e2R/
+JCZOkCc1BoVonc8yV9z/cn9/CFMoWq/n/pDZyCDKHU5x4rU+FuC1YolaoAyrF1Qi
+bx6byEg36+EPj/bz9Gp7C13oPAnNSN5vNU1Tpdgz57zxTZ+91aO9SWWiQuIRHZxa
+uNgjvUt55bhIRl6RggrCl1nmvL9OOyA0Vco0BdPZMUj/+hHMfmFHCWLwVzg8LbGq
+DJEKDkxoHXXg77zOAb49VozRKcfLtIPKwpu1JD6HxQwEhPvadc+PyVRbmfhhfrfx
+uFX/HXXSTo23zlgPFXG5K/GPhss8yUbviDZfduxXJENJwuHYvflMPZ5PMyECpTIR
+Kd3Kg6UkFyfUg1AsKx141cRyA8xI+pSCnjHee0rMDRifdCChwMFVrEG/YDmgxA3a
+ehrljZylEaTiT71LwA3RIB8DvTvCfBtRU7HgWsY5+fytPmf3XvugzI/A6c1rPcWs
+nmmvVwc6LInSqFqdEOOqxyOnKNgt+0qmLWHtM0g7Uqo/jfTZGMy1tdMfhSAtER7L
+oqL/r8Ul+/UfbGvbIpS8tWE/KAzQyCJ4wUjyHEGmbWgn1OTyFB8M7EJVXRbrECAP
+cMB6tpORPzNt4ReAsEHhHLE0d4GWuuG29HF8qH+wWspEWCSzXbGZ6zNrGkhFqDvN
+ae/hne2V6DXACNdcQWpG
+=ah8h
+-----END PGP SIGNATURE-----

clamav-disable-timestamps.patch

@@ -27,7 +27,7 @@
        strncat(buf, "WARNING: sizeof(fp_digit) == sizeof(fp_word), this build is likely to not work properly.\n", 
 --- configure.orig
 +++ configure
-@@ -800,6 +800,7 @@ FGREP
+@@ -801,6 +801,7 @@ FGREP
  SED
  LIBTOOL
  LIBCLAMAV_VERSION
@@ -35,7 +35,7 @@
  EGREP
  GREP
  CPP
-@@ -902,6 +903,7 @@ ac_user_opts='
+@@ -903,6 +904,7 @@ ac_user_opts='
  enable_option_checking
  enable_silent_rules
  enable_dependency_tracking
@@ -43,7 +43,7 @@
  enable_static
  enable_shared
  with_pic
-@@ -1616,6 +1618,8 @@ Optional Features:
+@@ -1619,6 +1621,8 @@ Optional Features:
    --disable-dependency-tracking
                            speeds up one-time build
    --enable-static[=PKGS]  build static libraries [default=no]
@@ -52,7 +52,7 @@
    --enable-shared[=PKGS]  build shared libraries [default=yes]
    --enable-fast-install[=PKGS]
                            optimize for fast installation [default=yes]
-@@ -5211,6 +5215,26 @@ $as_echo "$ac_cv_safe_to_define___extens
+@@ -5219,6 +5223,26 @@ $as_echo "$ac_cv_safe_to_define___extens
  
    $as_echo "#define _TANDEM_SOURCE 1" >>confdefs.h
  
@@ -78,4 +78,4 @@
 +_ACEOF
  
  
- VERSION="0.100.1"
+ VERSION="0.100.2"

clamav-freshclam-exit.patch

@@ -0,0 +1,15 @@
+--- freshclam/freshclam.c.orig
++++ freshclam/freshclam.c
+@@ -714,6 +714,12 @@ main (int argc, char **argv)
+             execute ("OnErrorExecute", opt->strarg, opts);
+     }
+ 
++    if (ret == FC_UPTODATE)
++    {
++	/* Restore exit code compatibility with ClamAV < 0.100.0 */
++	ret = 0;
++    }
++
+     if (pidfile)
+     {
+         unlink (pidfile);

clamav.changes

@@ -1,3 +1,27 @@
+-------------------------------------------------------------------
+Thu Oct  4 09:04:01 UTC 2018 - Reinhard Max <max@suse.com>
+
+- Update to version 0.100.2:
+
+  * bsc#1110723, CVE-2018-15378: Vulnerability in ClamAV's MEW
+    unpacking feature that could allow an unauthenticated, remote
+    attacker to cause a denial of service (DoS) condition on an
+    affected device.
+  * bsc#1103040, CVE-2018-14680, CVE-2018-14681, CVE-2018-14682:
+    more fixes for embedded libmspack.
+  * Make freshclam more robust against lagging signature mirrors.
+  * On-Access "Extra Scanning", an opt-in minor feature of
+    OnAccess scanning on Linux systems, has been disabled due to a
+    known issue with resource cleanup OnAccessExtraScanning will
+    be re-enabled in a future release when the issue is
+    resolved. In the mean-time, users who enabled the feature in
+    clamd.conf will see a warning informing them that the feature
+    is not active. For details, see:
+    https://bugzilla.clamav.net/show_bug.cgi?id=12048
+- Restore exit code compatibility of freshclam with versions before
+  0.100.0 when the virus database is already up to date
+  (bsc#1104457, clamav-freshclam-exit.patch).
+
 -------------------------------------------------------------------
 Tue Jul 31 08:43:39 UTC 2018 - max@suse.com
 

clamav.spec

@@ -12,13 +12,13 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.
 
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
 #
 
 
 %define clamav_check --enable-check
 Name:           clamav
-Version:        0.100.1
+Version:        0.100.2
 Release:        0
 Summary:        Antivirus Toolkit
 License:        GPL-2.0-only
@@ -36,6 +36,7 @@ Patch1:         clamav-conf.patch
 Patch4:         clamav-disable-timestamps.patch
 Patch5:         clamav-obsolete-config.patch
 Patch6:         clamav-disable-yara.patch
+Patch7:         clamav-freshclam-exit.patch
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  bc
@@ -111,6 +112,7 @@ that want to make use of libclamav.
 %patch4
 %patch5
 %patch6
+%patch7
 
 %build
 CFLAGS="-fstack-protector"