Accepting request 975373 from security
update clamav to 0.103.6 OBS-URL: https://build.opensuse.org/request/show/975373 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/clamav?expand=0&rev=118
This commit is contained in:
Git OBS Bridge
@@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:1e74b1e1d2a8a9056449c313f48a6983b9d5ba0d6fb5ef0b2be6ad3c841a5426
|
|
||||||
size 16434316
|
|
||||||
@@ -1,16 +0,0 @@
|
|||||||
-----BEGIN PGP SIGNATURE-----
|
|
||||||
|
|
||||||
iQIcBAABAgAGBQJh3ZK/AAoJEGCbAk8rPt0HxwkP/iSf9aUJipn5YgqjqyVC1fKl
|
|
||||||
wUwvV8KoPH7C2kgo0AKZFTKRxaRahvL1WLx6PnnArl1ZVoH2JVrqm/1+Z8MT9U7J
|
|
||||||
YOKG3aI+KgBNG6ihxizsL37ZNn4aE7ne4SY7219rei7IW12OyiUvIkF3kA9lHtDX
|
|
||||||
/cqkrqu9GT7pB5dxt+GCQ/oX1cgMzV6/Hg9wE4DS0hSuQy74WRUZ/Rp+JAeQ7dUv
|
|
||||||
4u1dkGoUJQpo4g94amwOqcHlc+bBZMItTVSoJercjl8eOZqxSEN7kkHa2MrPFiaX
|
|
||||||
AJN4B4wMfrxi+jn+HUo7TshrRkzUzP0i+rIAn3hsvG4sjOxH/vWrCyfOGCIQb/l+
|
|
||||||
ug1gBJ4LDSoQ9rL41c1OBYFPKhbrTYCSs+TULoKSFCJv8RgQA7/Vu3bulIHFRhtp
|
|
||||||
Lpvhgo1fsb741EVSoPFqQJe+XUAdH5BsW03TZuHnuIEnLvHbctYDJlkg0KN2IYg+
|
|
||||||
4JgO65spoEHW2hldKR0A8W8U4+bPC2+94QuLoV6OXrnlL8qCj9RhRqywBM4gqSgC
|
|
||||||
p9rnx0E0tTrCDmevXn0IvTbwqxjtC8ig/mJejc4TiV70ps8xgLBeml4xsgr+PLYn
|
|
||||||
Obwf8/GOY3RwGQQMROLQSChenvXU/qnjqDRRzVtZSgBF7xBlGJ1xVm7pRLA/OF5d
|
|
||||||
sbOrPkTfkT+0ayLU46vg
|
|
||||||
=lf26
|
|
||||||
-----END PGP SIGNATURE-----
|
|
||||||
3
clamav-0.103.6.tar.gz
Normal file
3
clamav-0.103.6.tar.gz
Normal file
@@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:aaa12e3dc19f1d323b1c50d7a10fa8af557e4390149e864d59bde39b6ad9ba33
|
||||||
|
size 16491761
|
||||||
16
clamav-0.103.6.tar.gz.sig
Normal file
16
clamav-0.103.6.tar.gz.sig
Normal file
@@ -0,0 +1,16 @@
|
|||||||
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
|
||||||
|
iQIcBAABAgAGBQJicDP4AAoJEGCbAk8rPt0HoMcP/i4uV0VatuqjIL1ULq5/Q7Wl
|
||||||
|
EQoo6J3SvnvbyDQSeQV/eBT3kmSvFonz1d2erg85uM/+JHzMPatFu44xJ8cXDmX8
|
||||||
|
RhjVeJepMnKkXnP3MIdIbXnQJFkFxlOrNuJQ19waDbbe0PSySj9Z8XjhepdnnWFW
|
||||||
|
bZH0Oo+EyXK/KGLQkdNEXJH0hJtcy2VowYizNO15xszTcZn/weiggzkVUOj99i8N
|
||||||
|
oLtnQ6g9gLZtI7AFSw35ISnJ4ZEGGsuOy7ABTzu0rgJEka2A5JxicNhh/X058EXe
|
||||||
|
7UmqDJWHpc6CCu9cip03M/q7yNFz3mO+Su7P3fPZ0q3wGuYbodIVXec57j7BvvMO
|
||||||
|
/ehEmUg9FAeQa6Y9ub6c2HNYRkt652uRYvpRBh/Fwd/Jlx14kddW3pfNq7TUDJaU
|
||||||
|
KHQuEyfXRs96kwzKI5SWb7T6/bdvwl8mxzIBbCvftsxtuRVbDsIsgzduq8Yyct1L
|
||||||
|
kcdzs5jPNzPeLPD02W/6GeVbaJiJC2P3Ic4u0EKBjjLHuTYwOtIqp+He76aBx09Y
|
||||||
|
/lMfkFCteld8ivy29IRuidgsbgx5fyp3pB7c6CWZJU1ks/6gxcfY6VGKDVdbRPiq
|
||||||
|
n1w0xG9leSX3C3aAsRNVAaTyifqrjZZurFZTLFeM9W8/pB02MvsNo2wx/ALEWKzc
|
||||||
|
YHfGNkn6ucI+Rf7ShWiq
|
||||||
|
=nD0e
|
||||||
|
-----END PGP SIGNATURE-----
|
||||||
@@ -1,22 +0,0 @@
|
|||||||
From 58d199cbe00e8a5ef5858ffc7991a346b9f3469e Mon Sep 17 00:00:00 2001
|
|
||||||
From: Orion Poplawski <orion@nwra.com>
|
|
||||||
Date: Thu, 17 Sep 2020 22:26:04 -0600
|
|
||||||
Subject: [PATCH] Fix ck_assert_msg() call
|
|
||||||
|
|
||||||
---
|
|
||||||
unit_tests/check_jsnorm.c | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/unit_tests/check_jsnorm.c b/unit_tests/check_jsnorm.c
|
|
||||||
index 5067a21a55..64f6bf8b37 100644
|
|
||||||
--- a/unit_tests/check_jsnorm.c
|
|
||||||
+++ b/unit_tests/check_jsnorm.c
|
|
||||||
@@ -247,7 +247,7 @@ static void tokenizer_test(const char *in, const char *expected, int split)
|
|
||||||
fd = open(filename, O_RDONLY);
|
|
||||||
if (fd < 0) {
|
|
||||||
jstest_teardown();
|
|
||||||
- ck_assert_msg("failed to open output file: %s", filename);
|
|
||||||
+ ck_assert_msg(0, "failed to open output file: %s", filename);
|
|
||||||
}
|
|
||||||
|
|
||||||
diff_file_mem(fd, expected, len);
|
|
||||||
@@ -1,3 +1,37 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu May 5 15:50:42 UTC 2022 - Arjen de Korte <suse+build@de-korte.org>
|
||||||
|
|
||||||
|
- Update to 0.103.6
|
||||||
|
* CVE-2022-20770: Fixed a possible infinite loop vulnerability in the CHM
|
||||||
|
file parser. Issue affects versions 0.104.0 through 0.104.2 and LTS
|
||||||
|
version 0.103.5 and prior versions. (boo#1199242)
|
||||||
|
* CVE-2022-20796: Fixed a possible NULL-pointer dereference crash in the
|
||||||
|
scan verdict cache check. Issue affects versions 0.103.4, 0.103.5,
|
||||||
|
0.104.1, and 0.104.2. (boo#1199246)
|
||||||
|
* CVE-2022-20771: Fixed a possible infinite loop vulnerability in the
|
||||||
|
TIFF file parser. Issue affects versions 0.104.0 through 0.104.2 and
|
||||||
|
LTS version 0.103.5 and prior versions. The issue only occurs if the
|
||||||
|
"--alert-broken-media" ClamScan option is enabled. For ClamD, the
|
||||||
|
affected option is "AlertBrokenMedia yes", and for libclamav it is the
|
||||||
|
"CL_SCAN_HEURISTIC_BROKEN_MEDIA" scan option. (boo#1199244)
|
||||||
|
* CVE-2022-20785: Fixed a possible memory leak in the HTML file parser /
|
||||||
|
Javascript normalizer. Issue affects versions 0.104.0 through 0.104.2
|
||||||
|
and LTS version 0.103.5 and prior versions. (boo#1199245)
|
||||||
|
* CVE-2022-20792: Fixed a possible multi-byte heap buffer overflow write
|
||||||
|
vulnerability in the signature database load module. The fix was to
|
||||||
|
update the vendored regex library to the latest version. Issue affects
|
||||||
|
versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior
|
||||||
|
versions. (boo#1199274)
|
||||||
|
* ClamOnAcc: Fixed a number of assorted stability issues and added
|
||||||
|
niceties for debugging ClamOnAcc.
|
||||||
|
* Fixed an issue causing byte-compare subsignatures to cause an alert
|
||||||
|
when they match even if other conditions of the given logical
|
||||||
|
signatures were not met.
|
||||||
|
* Fix memleak when using multiple byte-compare subsignatures. This fix
|
||||||
|
was backported from 0.104.0.
|
||||||
|
* Assorted bug fixes and improvements.
|
||||||
|
- Remove upstreamed clamav-ck_assert_msg.patch
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Apr 12 13:56:37 UTC 2022 - Marcus Meissner <meissner@suse.com>
|
Tue Apr 12 13:56:37 UTC 2022 - Marcus Meissner <meissner@suse.com>
|
||||||
|
|
||||||
|
|||||||
@@ -19,7 +19,7 @@
|
|||||||
%bcond_with clammspack
|
%bcond_with clammspack
|
||||||
%bcond_with valgrind
|
%bcond_with valgrind
|
||||||
Name: clamav
|
Name: clamav
|
||||||
Version: 0.103.5
|
Version: 0.103.6
|
||||||
Release: 0
|
Release: 0
|
||||||
Summary: Antivirus Toolkit
|
Summary: Antivirus Toolkit
|
||||||
License: GPL-2.0-only
|
License: GPL-2.0-only
|
||||||
@@ -39,7 +39,6 @@ Patch1: clamav-conf.patch
|
|||||||
Patch5: clamav-obsolete-config.patch
|
Patch5: clamav-obsolete-config.patch
|
||||||
Patch6: clamav-disable-yara.patch
|
Patch6: clamav-disable-yara.patch
|
||||||
Patch12: clamav-fips.patch
|
Patch12: clamav-fips.patch
|
||||||
Patch13: clamav-ck_assert_msg.patch
|
|
||||||
Patch14: clamav-document-maxsize.patch
|
Patch14: clamav-document-maxsize.patch
|
||||||
|
|
||||||
BuildRequires: autoconf
|
BuildRequires: autoconf
|
||||||
@@ -148,7 +147,6 @@ that want to make use of libclamav.
|
|||||||
%patch5
|
%patch5
|
||||||
%patch6
|
%patch6
|
||||||
%patch12
|
%patch12
|
||||||
%patch13 -p1
|
|
||||||
%patch14 -p1
|
%patch14 -p1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
|
|||||||
Reference in New Issue
Block a user