316788d67a- New version 1.4.3: ClamAV 1.4.3 is a patch release with the following fixes: * CVE-2025-20260: Fixed a possible buffer overflow write bug in the PDF file parser that could cause a denial-of-service (DoS) condition or enable remote code execution. This issue only affects configurations where both: - The max file-size scan limit is set greater than or equal to 1024MB. - The max scan-size scan limit is set greater than or equal to 1025MB. The code flaw was present prior to version 1.0.0, but a change in version 1.0.0 that enables larger allocations based on untrusted data made it possible to trigger this bug. This issue affects all currently supported versions. * CVE-2025-20234: Fixed a possible buffer overflow read bug in the UDF file parser that may write to a temp file and thus disclose information, or it may crash and cause a denial-of-service (DoS) condition. This issue was introduced in version 1.2.0. * Fixed a possible use-after-free bug in the Xz decompression module in the bundled lzma-sdk library. This issue was fixed in the lzma-sdk version 18.03. ClamAV bundles a copy of the lzma-sdk with some performance changes specific to libclamav, plus select bug fixes like this one in lieu of a full upgrade to newer lzma-sdk. This issue affects all ClamAV versions at least as far back as 0.99.4. * Windows: Fixed a build install issue when a DLL dependency such as libcrypto has the exact same name as one provided by the Windows operating system. - Renew clamav.keyringReinhard Max2025-06-20 08:44:30 +00:00
04dbce1534- bsc#1243565: Add clamav-freshclam_test.patch to fix a race condition between the mockup servers started by different test cases in freshclam_test.py.Reinhard Max2025-05-28 14:46:22 +00:00
6c3f2d2904- Drop the version dependency on libcurl. Building against versions older than 7.45 does not fail anymore, but disables support for fdpassing in clamonacc. This only affects SLE-12 up to SP3.Reinhard Max2025-01-23 17:37:45 +00:00
29a48de7ff- New version 1.4.2: * CVE-2025-20128: Fixed a possible buffer overflow read bug in the OLE2 file parser that could cause a denial-of-service (DoS) condition.Reinhard Max2025-01-22 18:21:29 +00:00
017c761fff- bsc#1232242: Start clamonacc with --fdpass to avoid errors due to clamd not being able to access user files.Reinhard Max2025-01-10 13:08:05 +00:00
4be77ca9be- New version 1.4.1: * [CVE-2024-20506, bsc#1230162]: Changed the logging module to disable following symlinks on Linux and Unix systems so as to prevent an attacker with existing access to the 'clamd' or 'freshclam' services from using a symlink to corrupt system files. * [CVE-2024-20505, bsc#1230161]: Fixed a possible out-of-bounds read bug in the PDF file parser that could cause a denial-of-service (DoS) condition. * https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html - New version 1.4.0: * Added support for extracting ALZ archives. * Added support for extracting LHA/LZH archives. * Added the ability to disable image fuzzy hashing, if needed. For context, image fuzzy hashing is a detection mechanism useful for identifying malware by matching images included with the malware or phishing email/document. * https://blog.clamav.net/2024/08/clamav-140-feature-release-and-clamav.htmlReinhard Max2024-09-10 13:35:10 +00:00
896f44d06aAccepting request 1198813 from home:adkorte:branches:securityReinhard Max2024-09-09 12:39:53 +00:00
a7e3babd61- New Version: 1.3.1: * CVE-2024-20380: Fixed a possible crash in the HTML file parser that could cause a denial-of-service (DoS) condition. * Updated select Rust dependencies to the latest versions. * Fixed a bug causing some text to be truncated when converting from UTF-16. * Fixed assorted complaints identified by Coverity static analysis. * Fixed a bug causing CVDs downloaded by the DatabaseCustomURL Freshclam config option to be pruned and then re-downloaded with every update. * Added the new 'valhalla' database name to the list of optional databases in preparation for future work. - Drop clamav-disable-yara.patch as yara cannot be disabled anymoreReinhard Max2024-04-22 15:34:13 +00:00
97d6c6c999Updating link to change in openSUSE:Factory/clamav revision 114.0
OBS User buildservice-autocommit
2021-11-04 15:42:16 +00:00
7c0f4d5fed- clamav-document-maxsize.patch: in the "clamscan" and "clamdscan" manpages, document that files over a certain size by default will silently not be scanned and how this can be adjusted (bsc#1187509) -------------------------------------------------------------------- - bsc#1192346: Update to 0.103.4 - bsc#1188284: Update to 0.103.3 * obsoletes clamav-disable-timestamps.patchReinhard Max2021-11-04 13:53:57 +00:00
209db825f8Accepting request 929092 from home:adkorte:branches:securityReinhard Max2021-11-04 13:14:31 +00:00
0112d10828Accepting request 848100 from home:dimstar:FactoryReinhard Max2020-11-13 08:23:03 +00:00
f86351c0e0- Sync Factory to SLE-15 to implement jsc#ECO-3010.Reinhard Max2020-11-11 10:16:08 +00:00
7632c657ae- bsc#1119353, clamav-fips.patch: Fix freshclam crash in FIPS mode. - Keep OBS from installing an existing clamav instance to scan the sources, because this makes "make check" use the old library instead of the just built one. This is only a workaround until we found a way to keep libtool from adding libdir to rpath and LD_LIBRARY_PATH of the binaries in the testsuite.Reinhard Max2020-11-10 16:48:44 +00:00