2e339e7994
- Add clamav-workaround.patch to work around symbol removals in version 1.5.0 and 1.5.1.
Reinhard Max2025-11-04 16:10:50 +00:00
587df753db
- Add clamav-workaround.patch to work around symbol removals in version 1.5.0 and 1.5.1.
Reinhard Max2025-11-04 16:10:50 +00:00
f3a8b10616
Accepting request 1311754 from security
Ana Guerrero2025-10-17 15:25:39 +00:00
9391c9830a
Accepting request 1311754 from security
Ana Guerrero2025-10-17 15:25:39 +00:00
5edb532f85
- New version: 1.5.1: * Fixed a significant performance issue when scanning some PE files. * Fixed an issue recording file entries from a ZIP archive central directory which resulted in "Heuristics.Limits.Exceeded.MaxFiles" alerts when using the ClamScan --alert-exceeds-max command line option or ClamD AlertExceedsMax config file option. * Improved performance when scanning TNEF email attachments. * Fixed an issue with recording metadata for OOXML office documents. * Fixed an issue with signature matches for VBA in OLE2 office documents. * Loosened overly restrictive rules for embedded file identification and increased the limit for finding PE files embedded in other PE files. * Fixed an issue with extracting some RAR archives embedded in other files. * Fixed an issue with calculating fuzzy hashes affecting some images by updating the version for several Rust library dependencies.
Reinhard Max2025-10-16 16:17:10 +00:00
70fd3ca873
- New version: 1.5.1: * Fixed a significant performance issue when scanning some PE files. * Fixed an issue recording file entries from a ZIP archive central directory which resulted in "Heuristics.Limits.Exceeded.MaxFiles" alerts when using the ClamScan --alert-exceeds-max command line option or ClamD AlertExceedsMax config file option. * Improved performance when scanning TNEF email attachments. * Fixed an issue with recording metadata for OOXML office documents. * Fixed an issue with signature matches for VBA in OLE2 office documents. * Loosened overly restrictive rules for embedded file identification and increased the limit for finding PE files embedded in other PE files. * Fixed an issue with extracting some RAR archives embedded in other files. * Fixed an issue with calculating fuzzy hashes affecting some images by updating the version for several Rust library dependencies.
Reinhard Max2025-10-16 16:17:10 +00:00
75be8165be
- Add json-c-json-c-0.18-20240915.tar.gz and link it statically into libclamav on SLE-12, because version 0.12 is too old. - Use rust 1.86 for SLE-12 and SLE-15-SP2.
Reinhard Max2025-10-16 12:20:22 +00:00
bacef9e332
- Add json-c-json-c-0.18-20240915.tar.gz and link it statically into libclamav on SLE-12, because version 0.12 is too old. - Use rust 1.86 for SLE-12 and SLE-15-SP2.
Reinhard Max2025-10-16 12:20:22 +00:00
2c2327adc1
- New version 1.5.0: * Added checks to determine if an OLE2-based Microsoft Office document is encrypted. * Added the ability to record URIs found in HTML if the generate-JSON-metadata feature is enabled. * Added the ability to record URIs found in PDFs if the generate-JSON-metadata feature is enabled. * Added regex support for the clamd.conf OnAccessExcludePath config option. * Added CVD signing/verification with external .sign files. * Freshclam, ClamD, ClamScan, and Sigtool: Added an option to enable FIPS-like limits disabling MD5 and SHA1 from being used for verifying digital signatures or for being used to trust a file when checking for false positives * ClamD: Added an option to disable select administrative commands including SHUTDOWN, RELOAD, STATS and VERSION. * libclamav: Added extended hashing functions with a "flags" parameter that allows the caller to choose if they want to bypass FIPS hash algorithm limits. * See the release announcement for the full list of changes: https://blog.clamav.net/2025/10/clamav-150-released.html - Obsoleted patches: * clamav-freshclam_test.patch * clamav-disable-administrative-commands.patch * clamav-fips.patch - Use macros for library versions - Remove service symlinks: rcclamd, rcfreshclam, rcclamav-milter, and clamonacc.
Reinhard Max2025-10-08 17:59:39 +00:00
d799383b2c
- New version 1.5.0: * Added checks to determine if an OLE2-based Microsoft Office document is encrypted. * Added the ability to record URIs found in HTML if the generate-JSON-metadata feature is enabled. * Added the ability to record URIs found in PDFs if the generate-JSON-metadata feature is enabled. * Added regex support for the clamd.conf OnAccessExcludePath config option. * Added CVD signing/verification with external .sign files. * Freshclam, ClamD, ClamScan, and Sigtool: Added an option to enable FIPS-like limits disabling MD5 and SHA1 from being used for verifying digital signatures or for being used to trust a file when checking for false positives * ClamD: Added an option to disable select administrative commands including SHUTDOWN, RELOAD, STATS and VERSION. * libclamav: Added extended hashing functions with a "flags" parameter that allows the caller to choose if they want to bypass FIPS hash algorithm limits. * See the release announcement for the full list of changes: https://blog.clamav.net/2025/10/clamav-150-released.html - Obsoleted patches: * clamav-freshclam_test.patch * clamav-disable-administrative-commands.patch * clamav-fips.patch - Use macros for library versions - Remove service symlinks: rcclamd, rcfreshclam, rcclamav-milter, and clamonacc.
Reinhard Max2025-10-08 17:59:39 +00:00
ad6f4c1e96
Accepting request 1290236 from security
Ana Guerrero2025-07-06 15:07:59 +00:00
74d9af3e13
Accepting request 1290236 from security
Ana Guerrero2025-07-06 15:07:59 +00:00
8c66e61d7f
Accepting request 1287021 from home:adkorte:branches:security
Reinhard Max2025-06-20 08:44:30 +00:00
316788d67a
- New version 1.4.3: ClamAV 1.4.3 is a patch release with the following fixes: * CVE-2025-20260: Fixed a possible buffer overflow write bug in the PDF file parser that could cause a denial-of-service (DoS) condition or enable remote code execution. This issue only affects configurations where both: - The max file-size scan limit is set greater than or equal to 1024MB. - The max scan-size scan limit is set greater than or equal to 1025MB. The code flaw was present prior to version 1.0.0, but a change in version 1.0.0 that enables larger allocations based on untrusted data made it possible to trigger this bug. This issue affects all currently supported versions. * CVE-2025-20234: Fixed a possible buffer overflow read bug in the UDF file parser that may write to a temp file and thus disclose information, or it may crash and cause a denial-of-service (DoS) condition. This issue was introduced in version 1.2.0. * Fixed a possible use-after-free bug in the Xz decompression module in the bundled lzma-sdk library. This issue was fixed in the lzma-sdk version 18.03. ClamAV bundles a copy of the lzma-sdk with some performance changes specific to libclamav, plus select bug fixes like this one in lieu of a full upgrade to newer lzma-sdk. This issue affects all ClamAV versions at least as far back as 0.99.4. * Windows: Fixed a build install issue when a DLL dependency such as libcrypto has the exact same name as one provided by the Windows operating system. - Renew clamav.keyring
Reinhard Max2025-06-20 08:44:30 +00:00
9a25addab1
Accepting request 1282251 from security
Ana Guerrero2025-06-03 15:55:16 +00:00
bb82058b9e
Accepting request 1282251 from security
Ana Guerrero2025-06-03 15:55:16 +00:00
a135f831da
- bsc#1243565: Add clamav-freshclam_test.patch to fix a race condition between the mockup servers started by different test cases in freshclam_test.py.
Reinhard Max2025-05-28 14:46:22 +00:00
04dbce1534
- bsc#1243565: Add clamav-freshclam_test.patch to fix a race condition between the mockup servers started by different test cases in freshclam_test.py.
Reinhard Max2025-05-28 14:46:22 +00:00
64f4d810b3
Accepting request 1265932 from security
Ana Guerrero2025-04-02 15:12:19 +00:00
8ba34f8cce
Accepting request 1265932 from security
Ana Guerrero2025-04-02 15:12:19 +00:00
d73bd710d2
Accepting request 1241514 from security
Ana Guerrero2025-01-31 15:04:55 +00:00
ced495d4f9
Accepting request 1241514 from security
Ana Guerrero2025-01-31 15:04:55 +00:00
8bf02642a5
- Drop the version dependency on libcurl. Building against versions older than 7.45 does not fail anymore, but disables support for fdpassing in clamonacc. This only affects SLE-12 up to SP3.
Reinhard Max2025-01-23 17:37:45 +00:00
6c3f2d2904
- Drop the version dependency on libcurl. Building against versions older than 7.45 does not fail anymore, but disables support for fdpassing in clamonacc. This only affects SLE-12 up to SP3.
Reinhard Max2025-01-23 17:37:45 +00:00
18bed56917
Accepting request 1239891 from security
Ana Guerrero2025-01-23 17:03:00 +00:00
fb4c75ee8e
Accepting request 1239891 from security
Ana Guerrero2025-01-23 17:03:00 +00:00
2ab3f27527
- New version 1.4.2: * CVE-2025-20128: Fixed a possible buffer overflow read bug in the OLE2 file parser that could cause a denial-of-service (DoS) condition.
Reinhard Max2025-01-22 18:21:29 +00:00
29a48de7ff
- New version 1.4.2: * CVE-2025-20128: Fixed a possible buffer overflow read bug in the OLE2 file parser that could cause a denial-of-service (DoS) condition.
Reinhard Max2025-01-22 18:21:29 +00:00
51188acd38
Accepting request 1238512 from security
Ana Guerrero2025-01-17 17:43:50 +00:00
f48e5bb1af
Accepting request 1238512 from security
Ana Guerrero2025-01-17 17:43:50 +00:00
47ae5d915f
- bsc#1232242: Start clamonacc with --fdpass to avoid errors due to clamd not being able to access user files.
Reinhard Max2025-01-10 13:08:05 +00:00
017c761fff
- bsc#1232242: Start clamonacc with --fdpass to avoid errors due to clamd not being able to access user files.
Reinhard Max2025-01-10 13:08:05 +00:00
da50748d3f
Accepting request 1231926 from security
Ana Guerrero2024-12-18 19:11:19 +00:00
0c3339881d
Accepting request 1231926 from security
Ana Guerrero2024-12-18 19:11:19 +00:00
9a73056fdb
Accepting request 1231922 from home:AndreasStieger:branches:security
Reinhard Max2024-12-18 16:14:20 +00:00
dfd4947ab7
- New version 1.4.1: * [CVE-2024-20506, bsc#1230162]: Changed the logging module to disable following symlinks on Linux and Unix systems so as to prevent an attacker with existing access to the 'clamd' or 'freshclam' services from using a symlink to corrupt system files. * [CVE-2024-20505, bsc#1230161]: Fixed a possible out-of-bounds read bug in the PDF file parser that could cause a denial-of-service (DoS) condition. * https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html - New version 1.4.0: * Added support for extracting ALZ archives. * Added support for extracting LHA/LZH archives. * Added the ability to disable image fuzzy hashing, if needed. For context, image fuzzy hashing is a detection mechanism useful for identifying malware by matching images included with the malware or phishing email/document. * https://blog.clamav.net/2024/08/clamav-140-feature-release-and-clamav.htmlReinhard Max2024-09-10 13:35:10 +00:00
4be77ca9be
- New version 1.4.1: * [CVE-2024-20506, bsc#1230162]: Changed the logging module to disable following symlinks on Linux and Unix systems so as to prevent an attacker with existing access to the 'clamd' or 'freshclam' services from using a symlink to corrupt system files. * [CVE-2024-20505, bsc#1230161]: Fixed a possible out-of-bounds read bug in the PDF file parser that could cause a denial-of-service (DoS) condition. * https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html - New version 1.4.0: * Added support for extracting ALZ archives. * Added support for extracting LHA/LZH archives. * Added the ability to disable image fuzzy hashing, if needed. For context, image fuzzy hashing is a detection mechanism useful for identifying malware by matching images included with the malware or phishing email/document. * https://blog.clamav.net/2024/08/clamav-140-feature-release-and-clamav.htmlReinhard Max2024-09-10 13:35:10 +00:00
7bf48a149d
Accepting request 1198813 from home:adkorte:branches:security
Reinhard Max2024-09-09 12:39:53 +00:00
896f44d06a
Accepting request 1198813 from home:adkorte:branches:security
Reinhard Max2024-09-09 12:39:53 +00:00
d542431625
- New Version: 1.3.1: * CVE-2024-20380: Fixed a possible crash in the HTML file parser that could cause a denial-of-service (DoS) condition. * Updated select Rust dependencies to the latest versions. * Fixed a bug causing some text to be truncated when converting from UTF-16. * Fixed assorted complaints identified by Coverity static analysis. * Fixed a bug causing CVDs downloaded by the DatabaseCustomURL Freshclam config option to be pruned and then re-downloaded with every update. * Added the new 'valhalla' database name to the list of optional databases in preparation for future work. - Drop clamav-disable-yara.patch as yara cannot be disabled anymore
Reinhard Max2024-04-22 15:34:13 +00:00
a7e3babd61
- New Version: 1.3.1: * CVE-2024-20380: Fixed a possible crash in the HTML file parser that could cause a denial-of-service (DoS) condition. * Updated select Rust dependencies to the latest versions. * Fixed a bug causing some text to be truncated when converting from UTF-16. * Fixed assorted complaints identified by Coverity static analysis. * Fixed a bug causing CVDs downloaded by the DatabaseCustomURL Freshclam config option to be pruned and then re-downloaded with every update. * Added the new 'valhalla' database name to the list of optional databases in preparation for future work. - Drop clamav-disable-yara.patch as yara cannot be disabled anymore
Reinhard Max2024-04-22 15:34:13 +00:00
Ana Guerrero
Reinhard Max
Dominique Leuenberger