Accepting request 367410 from security

1

OBS-URL: https://build.opensuse.org/request/show/367410
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/clamav?expand=0&rev=81

clamav-0.99.1.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:e144689122d3f91293808c82cbb06b7d3ac9eca7ae29564c5d148ffe7b25d58a
+size 15990867

clamav-0.99.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:d2792c8cfadd685fffc40b2199679628815df031fd3149ccf961649fc8787ea9
-size 15968038

clamav.changes

@@ -1,3 +1,58 @@
+-------------------------------------------------------------------
+Thu Mar  3 11:30:10 UTC 2016 - ecsos@opensuse.org
+
+- Update to version 0.99.1
+ * hwp5.x: fix for streams without names
+ * libclamav: yara: avoid unaliged access to 64bit variable
+ * patch by Mark Allan to add show-progress option to freshclam.
+ * added 'CustomXML' as trigger for likely OOXML
+ * ClamAV 0.99.1 beta1 release.
+ * add scanning options for scanning xml-based documents
+   (MSXML, OOXML, HWPML) and HWP3
+ * add dconfs for XDP, MBR, GPT, APM, OOXML, MSXML, and HWP formats
+ * hwp: scan decompressed data on limits exceeded
+ * Fix for signature name length<3 in .ign & .ign2 CVD files.
+ * Change RTF file magic from '{\rtf' to '{\rt'
+ * zeroing out buffer at allocation to avoid writing uninitialized
+   bytes to a file
+ * adding check for compressed input stream
+ * clean up and boost accuracy to detecting OOXML documents
+ * Fix crash when using pcre statistics due to inconsistent memory
+   management function calls
+ * adding check to verify a valid number of rounds for rijndael aes
+   encryption/decryption
+ * fixing edge case revealed by unit testing
+ * let html be scanned raw when --scan-html=no is in effect.
+ * fix crash due to memory overlay with crafted 7z files.
+ * fixing off by one OOB write in htmlnorm
+ * fixing autoit OOB bufferread
+ * sigtool: adding support for decoding cdb sigs
+ * fix embedded http links.
+ * fix regression crash on sid 1005597703 due to uninitialzed
+   (i.e., garbage initialized) structure.
+ * corrects mso stream prefix value for big endian processors.
+ * ooxml_hwp: add support for filetyping and preclassification
+ * hwpole2: new filetype and handler for hwp embedded ole2 files
+ * fixing possible oob dereference when parsing mbox files
+ * adding explicit wwunpack oob checks
+ * fixing edge case where a null terminator was unintentionally
+   written into an adjacent buffer.
+ * hwpml: use msxml_parser callback scanner for binary data
+ * msxml_parser: add callback-based scanning mechanism
+ * HWPML: added hwpml_keys for hwpml parsing
+ * add HMPML filetype, tab fixes in filetype.c
+ * Hwp3.x: inflate compressed segment and offset tracking
+ * Hwp3.x file header parsing and preclass
+ * pcre: fixed minimum pcre version check
+ * fix detection of libcheck without pkg-config file
+ * add HWP5 filetype tracking to preclassification
+ * add HWP 3.x internal filetypes
+ * add hwp5 contents to preclass set
+ * proper identification of HWP file format
+ * strengthen file typing for OOXML.
+ * normalization of whitelist signatures
+ * github issue #9 - wrong length & offset.
+
 -------------------------------------------------------------------
 Fri Dec 25 19:22:23 UTC 2015 - meissner@suse.com
 

clamav.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package clamav
 #
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -40,7 +40,7 @@ BuildRequires:  python-devel
 Summary:        Antivirus Toolkit
 License:        GPL-2.0
 Group:          Productivity/Security
-Version:        0.99
+Version:        0.99.1
 Release:        0
 Url:            http://www.clamav.net
 Requires:       latex2html-pngicons