Accepting request 870558 from security

OBS-URL: https://build.opensuse.org/request/show/870558
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/clamav?expand=0&rev=111

clamav-0.103.0.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:32a9745277bfdda80e77ac9ca2f5990897418e9416880f3c31553ca673e80546
-size 13357078

clamav-0.103.0.tar.gz.sig

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIcBAABAgAGBQJfXhjDAAoJEPE/nha8pb+t6REP/3zOJuiijx9luneQ89YJbKa1
-F7FDGzmqm26B/jAeAZIrS8rRrpUHaKs9qI7vLgkX1gG5QJFrnDy1Lj26rJ82YZ08
-3HCkAScmxNqE7unI0Azyd034oYY/1+nWBipnrQe5oRVDuPF0EFxFrjqVSkXEJ264
-kZR/jXk+8ktLXKAjTw4B4Furmr8iWlRcrrDzISjZKIQtq7SkveiIbvhK98UcQKhK
-KF4XhuPfw+qkUZTz6ImJTK9rO705E1wgKthyqE06ZIt858RtXyshE3SVHjZKdxFi
-h1TxliYr5UxXVauJu7hjw5fwQFyE44QGK/PAFnOt7+aIE6ucQ3ErR6LAjz9xH3Xn
-MK1yRmXql72IhB8b+JG6c8VneljqAqBg36Hh5G+qv0Yk90bUWE8aSxQ4MIljB3aU
-OAl9+g6S+48W+v9z0cTzgS3FxHcFl18ulLEK4/ox8TJuq2XBKZZ8H5f2i59Ub2BJ
-PDYrlTTamj+s/axRqATyHeqdfZB+11idZiLl+WauVl75NEwefVwZAa+Lv6cF6Poz
-Wo28vPe2yyUu/RKUcMTNGD4KwUxC7oiY8vNEXje4tZop8QIzFQ6+F7VtlydA7eEj
-GWr4+S8BZoudAlA11AE5ipI9ghsGQIONf+mn+e6/liVYeDI3nZlg4SP+25+ZKmWk
-kDkn6ZmWUQaVScd5AFPy
-=bhFw
------END PGP SIGNATURE-----

clamav-0.103.1.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:7308c47b89b268af3b9f36140528927a49ff3e633a9c9c0aac2712d81056e257
+size 13369791

clamav-0.103.1.tar.gz.sig

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIcBAABAgAGBQJgGVyXAAoJEPE/nha8pb+tmvIP/2eluegyIzQ88Q0LJv/WTPpF
+t02op8hnzbM/79gglU1bCdfuXLS9/OkT1QBM71xjndn/qN4/9gp7E3nd4dX+6MJB
+YnfUx5atx6faxFs10hfVYrZBD/AYwtXlAAJpuEwB6iyJtDEUgBapQNGkeULuw2iO
+gvuxDc7U8Tu+BjyDgPESxRtd6p5/3tMoXGhKTnYaOILEwveLgKvSJLv47d/Ew4EW
+NU6m9erw4jumCm2qvkIyziZcjMSORiCGoyI9fXBWDADbXVTIYsOqSknshP3Om6He
+lqNdrkok7pk6AsSY1PAepsPt6BT6n3MuZJKFU3/iHZLqqyL97Y/IaqzvSJj5q0++
+sy0ljsU88YIdV7bhJnN7khkpkq3DYsrZVg+nCyIoQ9iErNdwBWXGsgcclBSrwzDy
+5UUz3MJvliqG9FKC5Va3BiHvK35d41Q99jZG0X9huSs+Atj0t1FkrOScnj+ZZd1E
+OJKUYn7Pnb7asacJLOeCqCVuJaOsNSjidv1jtdwAEcOMbnwatHU0WVYlzqaxMpBh
+WXXy0tR2Bpv7SjejV4F4LMNOux0v1gTogQ0iKRIk2FUtRpeLAXvnm3UrqB/bJyc+
+nx1s4+kUJo2PLhJN8XzbPpMEm5fymnPnuVQH5qjmJ6/WPxws+tKi0b4DuWOnlzxQ
+r8r7QDor+YJ3F7BTPPay
+=5QiJ
+-----END PGP SIGNATURE-----

clamav-conf.patch

@@ -194,4 +194,4 @@
 +NotifyClamd /etc/clamd.conf
  
  # Run command after successful database update.
- # Default: disabled
+ # Use EXIT_1 to return 1 after successful database update.

clamav-disable-timestamps.patch

@@ -82,4 +82,4 @@ Index: configure
 +_ACEOF
  
  
- VERSION="0.103.0"
+ VERSION="0.103.1"

clamav.changes

@@ -1,3 +1,56 @@
+-------------------------------------------------------------------
+Sat Feb  6 11:20:37 UTC 2021 - Arjen de Korte <suse+build@de-korte.org>
+
+- Update to 0.103.1
+  * Added a new scan option to alert on broken media (graphics) file
+    formats. This feature mitigates the risk of malformed media files
+    intended to exploit vulnerabilities in other software. At present
+    media validation exists for JPEG, TIFF, PNG, and GIF files. To
+    enable this feature, set AlertBrokenMedia yes in clamd.conf, or
+    use the --alert-broken-media option when using clamscan. These
+    options are disabled by default in this patch release, but may be
+    enabled in a subsequent release. Application developers may enable
+    this scan option by enabling CL_SCAN_HEURISTIC_BROKEN_MEDIA for
+    the heuristic scan option bit field.
+  * Added CL_TYPE_TIFF, CL_TYPE_JPEG types to match GIF, PNG typing
+    behavior. BMP and JPEG 2000 files will continue to detect as
+    CL_TYPE_GRAPHICS because ClamAV does not yet have BMP or JPEG
+    2000 format checking capabilities.
+  * Fixed PNG parser logic bugs that caused an excess of parsing
+    errors and fixed a stack exhaustion issue affecting some systems
+    when scanning PNG files. PNG file type detection was disabled via
+    signature database update for ClamAV version 0.103.0 to mitigate
+    the effects from these bugs.
+  * Fixed an issue where PNG and GIF files no longer work with
+    Target:5 graphics signatures if detected as CL_TYPE_PNG/GIF rather
+    than as CL_TYPE_GRAPHICS. Target types now support up to 10
+    possible file types to make way for additional graphics types in
+    future releases.
+  * Fixed clamonacc's --fdpass option.
+    - Interprocess file descriptor passing for clamonacc was broken
+      since version 0.102.0 due to a bug introduced by the switch to
+      curl for communicating with clamd. On Linux, passing file
+      descriptors from one process to another is handled by the
+      kernel, so we reverted clamonacc to use standard system calls
+      for socket communication when fd passing is enabled.
+  * Fixed a clamonacc stack corruption issue on some systems when
+    using an older version of libcurl.
+  * Allow clamscan and clamdscan scans to proceed even if the
+    realpath lookup failed. This alleviates an issue on Windows
+    scanning files hosted on file- systems that do not support the
+    GetMappedFileNameW() API such as on ImDisk RAM-disks.
+  * Fixed freshclam --on-update-execute=EXIT_1 temporary directory
+    cleanup issue.
+  * clamd's log output and VirusEvent now provide the scan target's
+    file path instead of a file descriptor. The clamd socket API for
+    submitting a scan by FD-passing doesn't include a file path, this
+    feature works by looking up the file path by file descriptor.
+    This feature works on Mac and Linux but is not yet implemented
+    for other UNIX operating systems. FD-passing is not available for
+    Windows.
+  * Fixed an issue where freshclam database validation didn't work
+    correctly when run in daemon mode on Linux/Unix.
+
 -------------------------------------------------------------------
 Thu Nov 12 11:02:09 UTC 2020 - Dominique Leuenberger <dimstar@opensuse.org>
 

clamav.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package clamav
 #
-# Copyright (c) 2020 SUSE LLC
+# Copyright (c) 2021 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -19,7 +19,7 @@
 %define clamav_check --enable-check
 %bcond_with clammspack
 Name:           clamav
-Version:        0.103.0
+Version:        0.103.1
 Release:        0
 Summary:        Antivirus Toolkit
 License:        GPL-2.0-only