------------------------------------------------------------------- Wed Jul 11 17:27:51 CEST 2007 - max@suse.de - Update to version 0.91 (#289830) - improved handling of .mdb files (fixes long startup times) - Adds anti-phishing support - unpacker for NSIS (Nullsoft Scriptable Install System) self-extracting archives - unpacker for ASPack 2.12 - new implementation of the Aho-Corasick pattern matcher providing better detection for wildcard enabled signatures - support for nibble matching and floating offsets - extraction of PE files embedded into other executables - better handling of PE & UPX - removed dependency on libcurl (improves stability) - many other improvements and bugfixes ------------------------------------------------------------------- Thu May 31 16:45:25 CEST 2007 - max@suse.de - Security update: 0.90.3 (#279536) - libclamav/unsp.c: fix end of buffer calculation (bb#464) - libclamav/others.c: use strict permissions (0600) for temporary files created in cli_gentempstream() (bb#517). - libclamav/unrar/unrar.c: heap corruption causing DoS with corrupted rar archive, better handle truncated files - libclamav/phishcheck.c: isURL() regex execution hangs on Solaris - libclamav/ole2_extract.c: detect block list loop (bb#466) ------------------------------------------------------------------- Fri Apr 13 11:48:12 CEST 2007 - max@suse.de - Security update: 0.90.2 (#264189) - CVE-2007-1997: CAB File Unstore Buffer Overflow Vulnerability - CVE-2007-1745: file descriptor leak in CHM handler - File descriptor leaks in libclamav/pdf.c and libclamav/lockdb.c ------------------------------------------------------------------- Mon Mar 5 16:00:56 CET 2007 - max@suse.de - Extended the database presence check in rcclamd to accept the main.inc directory in addition to the main.cvd file, because freshclam can delete the file during a scripted update. ------------------------------------------------------------------- Fri Mar 2 14:38:54 CET 2007 - max@suse.de - Update to version 0.90.1 (#250566) - Some bug fixes and code improvements - Bumps the version of libclamav's soname, which should have been done in 0.90 already. ------------------------------------------------------------------- Tue Feb 20 14:55:04 CET 2007 - max@suse.de - Update to version 0.90 (#246214) to fix two Vulnerabilities: - CAB File Denial of Service (CVE-2007-0897) - MIME Parsing Directory Traversal (CVE-2007-0898) - Other changes of 0.90 include: - Changed config file syntax (automatic conversion is done by the RPM on update) - New unpacker for RAR3, RAR2 and RAR1 - Rewritten unpackers for Zip and CAB files - Support for RAR-SFX, Zip-SFX and CAB-SFX archives - New PE parsing model - Support for PE32+ (64-bit) executables - Support for MD5 signatures based on PE sections (.mdb) - ELF file parser - Support for Sensory Networks' NodalCore hardware acceleration technology - Algorithmic detection can be controlled with CL_SCAN_ALGORITHMIC - Support for new obfuscators: SUE, Y0da Cryptor, CryptFF - Support for new packers: NsPack, wwpack32, MEW, Upack - Support for SIS files (SymbianOS packages) - Support for PDF and RTF files - TCP and local sockets can be operated simultaneously - New command: MULTISCAN (scan directory with multiple threads) - There where also some API/ABI changes which might affect packages that link against libclamav. Affected functions are: cl_loaddb, cl_loaddir and cl_scanbuff. - Cleaned up daemonizing of clamd and freshclam. ------------------------------------------------------------------- Tue Dec 12 12:20:34 CET 2006 - max@suse.de - Security update: 0.88.7 (#227827, CVE-2006-5874) - handle consecutive errors in base64 decoding - honour recursion limit when scanning email messages - clamscan: new option --mail-max-recursion - libclamav/untar.c: honour archive limits ------------------------------------------------------------------- Tue Nov 7 15:58:32 CET 2006 - max@suse.de - Add homedir of user vscan to the package (FATE300731). ------------------------------------------------------------------- Mon Nov 6 12:17:53 CET 2006 - max@suse.de - Bugfix release: 0.88.6 (#218313) - freshclam: apply timeout patch from Everton da Silva Marques (new options: ConnectTimeout and ReceiveTimeout) - clamd: change stack size at the right place (closes bug#103) - libclamav/petite.c: sanity check the number of rebuilt sections (speeds up handling of malformed files) ------------------------------------------------------------------- Tue Oct 17 15:26:12 CEST 2006 - max@suse.de - Bugfix release 0.88.5 fixes two serious security issues. #212898, CVE-2006-4182, CVE-2006-5295 ------------------------------------------------------------------- Tue Aug 8 11:02:28 CEST 2006 - lnussel@suse.de - New version 0.88.4 fixes heap overflow in UPX decoder ------------------------------------------------------------------- Thu Jul 6 16:02:15 CEST 2006 - max@suse.de - Bugfix release 0.88.3: - fix possible false matches of alternatives - Large binhex files were not being handled gracefully. - fix zero allocation warning - Added bc and pkgconfig to BuildRequires to fix curl version detection. - Prevent a file conflict on the database files when main and db packages of different versions are installed. - Renamed clamav.conf to clamd.conf for SLES9. - Added the db subpackage to SLES9. - Bugzilla: 190647 ------------------------------------------------------------------- Tue May 2 11:31:54 CEST 2006 - max@suse.de - New version: 0.88.2 - Fixes a buffer overflow in freshclam's get_database function (CVE-2006-1989, Bug #171496). ------------------------------------------------------------------- Mon Apr 10 10:26:49 CEST 2006 - meissner@suse.de - Fixed several implicit warnings which lead to failures on 64bit platforms. ------------------------------------------------------------------- Tue Apr 5 14:50:00 CEST 2006 - max@suse.de - New version: 0.88.1, fixes several security issues: CVE-2006-1614, CVE-2006-1615, CVE-2006-1630, bug #164039. ------------------------------------------------------------------- Thu Feb 9 15:30:43 CET 2006 - max@suse.de - Removed unneeded dependencies from the init script to break a dependency loop. ------------------------------------------------------------------- Wed Jan 25 21:35:02 CET 2006 - mls@suse.de - converted neededforbuild to BuildRequires ------------------------------------------------------------------- Sat Jan 14 13:08:57 CET 2006 - kukuk@suse.de - Add gmp-devel to nfb ------------------------------------------------------------------- Thu Jan 12 16:53:26 CET 2006 - max@suse.de - Added gcc-4.1 stack protection (-fstack-protector). ------------------------------------------------------------------- Mon Jan 9 19:41:07 CET 2006 - max@suse.de - New version: 0.88 (Bug #142298). ------------------------------------------------------------------- Mon Nov 7 17:44:21 CET 2005 - lnussel@suse.de - Security update: version 0.87.1 (#132305, CVE-2005-3239, CVE-2005-3303) ------------------------------------------------------------------- Mon Sep 19 12:18:45 CEST 2005 - max@suse.de - New version: 0.87 (bug #117648). ------------------------------------------------------------------- Mon Jul 25 12:22:09 CEST 2005 - max@suse.de - New version: 0.86.2 ------------------------------------------------------------------- Thu Jul 14 17:37:09 CEST 2005 - max@suse.de - New version: 0.86.1 ------------------------------------------------------------------- Tue Jun 21 15:33:53 CEST 2005 - max@suse.de - New version: 0.86 ------------------------------------------------------------------- Tue May 17 11:21:27 CEST 2005 - max@suse.de - New version: 0.85.1 (Bug #81264). ------------------------------------------------------------------- Wed May 11 18:28:03 CEST 2005 - max@suse.de - New version: 0.85 (Bug #81264). ------------------------------------------------------------------- Tue May 3 11:33:01 CEST 2005 - max@suse.de - New version: 0.84 (Bug #81264). - Added and special-cased the patch that is needed for 9.1/SLES9. ------------------------------------------------------------------- Fri Mar 11 16:34:24 CET 2005 - max@suse.de - Fixed %doc file list (wildcards matched too much). ------------------------------------------------------------------- Mon Feb 28 14:31:56 CET 2005 - max@suse.de - New version: 0.83 ------------------------------------------------------------------- Mon Feb 7 16:45:47 CET 2005 - max@suse.de - New version: 0.82 ------------------------------------------------------------------- Thu Jan 27 12:22:11 CET 2005 - max@suse.de - New version: 0.81 ------------------------------------------------------------------- Thu Nov 11 14:56:06 CET 2004 - max@suse.de - pkgconfig files go to libdir rather than /usr/lib. ------------------------------------------------------------------- Thu Nov 11 11:02:01 CET 2004 - coolo@suse.de - fixing file list for debug packages ------------------------------------------------------------------- Wed Nov 3 15:38:26 CET 2004 - max@suse.de - Fixed path to freshclam in init script, and rcfreshclam link. ------------------------------------------------------------------- Mon Oct 18 17:36:31 CEST 2004 - max@suse.de - Updated to the final 0.80 release. - Added a runlevel script for freshclam. ------------------------------------------------------------------- Mon Oct 11 18:39:37 CEST 2004 - max@suse.de - Updated to 0.80rc4. ------------------------------------------------------------------- Wed Sep 29 15:04:36 CEST 2004 - max@suse.de - Updated to 0.80rc3. The README says: "This release candidate eliminates possible false positive alerts in UPX/FSG compressed files and clarifies behaviour of default actions in clamd and freshclam." - This also eliminates the need to patch configure.in in order to recognize resolv. ------------------------------------------------------------------- Thu Sep 23 15:54:11 CEST 2004 - max@suse.de - Updated to 0.80rc2 which fixes a critical bug in the handling of empty lines in text/plain emails. - Build with curl support. - Fixed building of shared libraries instead of static. - Removed unneeded %run_ldconfig calls. - Fixed file lists. - Check for main.cvd instead of daily.cvd on daemon startup. ------------------------------------------------------------------- Mon Sep 20 17:44:02 CEST 2004 - max@suse.de - Updated to version 0.80rc which adds support for more file formats, and HTML parsing. See the README file for details. - Added a warning to the init script if no virus database is installed. ------------------------------------------------------------------- Thu Aug 5 10:38:15 CEST 2004 - max@suse.de - New version: 0.75.1 - Moved the virus database files into a subpackage, as they are large and not needed if the database is kept up to date with freshclam. ------------------------------------------------------------------- Fri Jul 23 15:37:13 CEST 2004 - max@suse.de - New version: 0.75 ------------------------------------------------------------------- Thu Jul 8 19:31:41 CEST 2004 - max@suse.de - Added -fno-strict-aliasing to CFLAGS. ------------------------------------------------------------------- Mon Jul 5 17:12:50 CEST 2004 - max@suse.de - New version: 0.74 ------------------------------------------------------------------- Tue Jun 15 17:06:58 CEST 2004 - max@suse.de - New version: 0.73 ------------------------------------------------------------------- Mon Apr 26 18:17:35 CEST 2004 - max@suse.de - New version: 0.70 - Changes the format of the virus definition file. ------------------------------------------------------------------- Mon Feb 16 16:01:01 CET 2004 - max@suse.de - New version: 0.67 - Added support for tcpd (/etc/hosts.{allow,deny}). - Obsoletes clamav-manager.patch. ------------------------------------------------------------------- Fri Feb 13 18:26:01 CET 2004 - max@suse.de - New version: 0.66 - Fixes a remote DoS vulnerability (Bug #34412). ------------------------------------------------------------------- Tue Jan 27 12:19:51 CET 2004 - max@suse.de - New package: ClamAV Anti-Virus Toolkit