Accepting request 901217 from home:adkorte

- Update to 0.103.3
  * Fixed a scan performance issue when ENGINE_OPTIONS_FORCE_TO_DISK is
    enabled. This issue did not impacted most users but for those
    affected it caused every scanned file to be copied to the temp
    directory before the scan.
  * Fix ClamDScan crashes when using the --fdpass --multiscan
    command-line options in combination with the ClamD ExcludePath
    config file options.
  * Fixed an issue where the mirrors.dat file is owned by root when
    starting as root (or with sudo) and using daemon-mode. File
    ownership will be set to the DatabaseOwner just before FreshClam
    switches to run as that user.
  * Renamed the mirrors.dat file to freshclam.dat.
  * Disabled the HTTPUserAgent config option if the DatabaseMirror uses
    clamav.net. This will prevent users from being inadvertently blocked
    and will ensure that we can keep better metrics on which ClamAV
    versions are being used.
  * Moved the detection for Heuristics.PNG.CVE-2010-1205 behind the
    ClamScan --alert-broken-media option (ClamD AlertBrokenMedia yes)
    option. This type of PNG issue appears to be common enough to be an
    annoyance, and the CVE is old enough that no one should be
    vulnerable at this point.
  * Fix ClamSubmit failures after changes to Cloudflare "__cfduid"
    cookies. See: https://blog.cloudflare.com/deprecating-cfduid-cookie/

OBS-URL: https://build.opensuse.org/request/show/901217
OBS-URL: https://build.opensuse.org/package/show/security/clamav?expand=0&rev=223

clamav-0.103.2.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:d4b5d0ac666262e423a326fb54778caa7c69624d6c3f9542895feb8478271bd2
-size 13387954

clamav-0.103.2.tar.gz.sig

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIcBAABAgAGBQJgba4lAAoJEGCbAk8rPt0H5r4P/jeT1CCWK56iYedEZbCJ7QDi
-Oax1D/rynYXp4HJYksAFexCUDQ8L4Aj1UAVDtfAKDrsiE1xkR/EJso+ht3gisOen
-C/iAhemGZh/cUdrMEBMyPatym4jzeiJ7Cwx5Zf/3viyHQWGvWKqIWINJvkmRZOSu
-Whw7WqlXOzgdRFtwQ+gQKdPotguhKJdBomj2ODUMGtEn/suIihmIQYfnE6XMubao
-7N4PGnGa8DGcN/uDVpPrWtHXq2WQ78W//o/s44OxabKnZrmCMu2TZbB0IsrivYfa
-qgEuVfOEU+v0QX/KZl463t1ZLFJ7VoFf48Uf0RQ+Xsb6xEYWZenTPsq37oG+fV9T
-lz8p6woeyHPU6fZfxl4+9RUhWi1hwWjW2Nhd0Zm9YLbImgKvDU3dg2nyvOihZX8w
-vyb8iA1AvzJ0uSgqABY1wLL4bZDpgb/1vQkYahOypOvZ/PaNs+9gWiowkpcsq1l0
-VitOgr3UdkA8InsSaRwY77E4rjXl7kC7TTA7j9JtMxBGDfAYym0O2OGf2s6J7gmB
-rYxdHc0jpTeZO5w/ku6M10uCBJDqO8ILWbvxHF7i4VCuuupeWUDCKrGd9wNS4hmg
-i7pyKa9b1HAzODfDhBiBXAuTaND0NywlmwVq/GPVAWLcZJcvl2ORliqDfZBzPfiU
-lUafz0W54+2DS0ujPbK4
-=99oG
------END PGP SIGNATURE-----

clamav-0.103.3.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:9f6e3d18449f3d1a3992771d696685249dfa12736fe2b2929858f2c7d8276ae9
+size 13389239

clamav-0.103.3.tar.gz.sig

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIcBAABAgAGBQJg0JhdAAoJEGCbAk8rPt0HftoP/jPXSxEc6xwiMLeNpnUeOLv0
+MImj+riqMUaRFaKVb0j9Gsw3iW0e/2BmlAyTgPjp/+4m/q17YT6tY1gBu2V4x2eA
+thW0FW/RoAe6aqYEgKQrXMBft+tnK8qX4TeSLeVSXED00y8REHfeqGmmd9COKzkN
+AJdCE8k2Af3zbYFsTTg28T5aZk4UsTs/whJVpUX1y/dLiPRljCPXGxA+Wg/DjIZm
+p4dTwNfym5R+lzJTyp7HgNNQcCYZZeXpRF3pkmX1FZ+HjlQY6SfRkR01M/Zuljgj
+wjJq65zWzPq0UT0suOveDuu0+hgESj/J/0s4BmTKphq3gOTLrzDjdCduHpxWtCrN
+r82WcWe1eAoCX8qZXlnG1rrJJ3A69sRuZ1YOSa52xkJ6ewmL6BLyyJ3O+f76kyiK
+0X40W5Pcz7wMiNqG+UvOMc79Py8RjOVkOzKo0+ACPTl1ZsYe60xPKwF4sp3sSfrr
+V40DsS6WS/1j+qgDICagJDniep0ZvqdPZIH6DjbfNdIn1/XKBgx4RSLPDTDaNqM5
+nL16rlpCMos1r8yhlwsqCgP0BRx2duuiz0S05blrfF+gh+SNPuaev0W6DTgn+9cR
+z1Qr8T7aUoXl0pb/M2F1qWuUPJv+lIE1ol08dhzTa4VN3QaE+Qm5VG7WsLKbDVeX
+aCuquIBImOG+ERh7Fusg
+=jaU1
+-----END PGP SIGNATURE-----

clamav.changes

@@ -1,3 +1,31 @@
+-------------------------------------------------------------------
+Mon Jun 21 18:44:32 UTC 2021 - Arjen de Korte <suse+build@de-korte.org>
+
+- Update to 0.103.3
+  * Fixed a scan performance issue when ENGINE_OPTIONS_FORCE_TO_DISK is
+    enabled. This issue did not impacted most users but for those
+    affected it caused every scanned file to be copied to the temp
+    directory before the scan.
+  * Fix ClamDScan crashes when using the --fdpass --multiscan
+    command-line options in combination with the ClamD ExcludePath
+    config file options.
+  * Fixed an issue where the mirrors.dat file is owned by root when
+    starting as root (or with sudo) and using daemon-mode. File
+    ownership will be set to the DatabaseOwner just before FreshClam
+    switches to run as that user.
+  * Renamed the mirrors.dat file to freshclam.dat.
+  * Disabled the HTTPUserAgent config option if the DatabaseMirror uses
+    clamav.net. This will prevent users from being inadvertently blocked
+    and will ensure that we can keep better metrics on which ClamAV
+    versions are being used.
+  * Moved the detection for Heuristics.PNG.CVE-2010-1205 behind the
+    ClamScan --alert-broken-media option (ClamD AlertBrokenMedia yes)
+    option. This type of PNG issue appears to be common enough to be an
+    annoyance, and the CVE is old enough that no one should be
+    vulnerable at this point.
+  * Fix ClamSubmit failures after changes to Cloudflare "__cfduid"
+    cookies. See: https://blog.cloudflare.com/deprecating-cfduid-cookie/
+
 -------------------------------------------------------------------
 Fri Apr  9 10:33:04 UTC 2021 - Reinhard Max <max@suse.com>
 

clamav.spec

@@ -19,7 +19,7 @@
 %bcond_with	clammspack
 %bcond_with	valgrind
 Name:           clamav
-Version:        0.103.2
+Version:        0.103.3
 Release:        0
 Summary:        Antivirus Toolkit
 License:        GPL-2.0-only