896f44d06a
- New version 1.3.2:
* CVE-2024-20506: Changed the logging module to disable following
symlinks on Linux and Unix systems so as to prevent an attacker
with existing access to the 'clamd' or 'freshclam' services from
using a symlink to corrupt system files.
* CVE-2024-20505: Fixed a possible out-of-bounds read bug in the PDF
file parser that could cause a denial-of-service condition.
* Removed unused Python modules from freshclam tests including
deprecated 'cgi' module that is expected to cause test failures in
Python 3.13.
* Fix unit test caused by expiring signing certificate.
* Fixed a build issue on Windows with newer versions of Rust. Also
upgraded GitHub Actions imports to fix CI failures.
* Fixed an unaligned pointer dereference issue on select architectures.
* Fixes to Jenkins CI pipeline.
- Remove upstreamed 1305.patch
OBS-URL: https://build.opensuse.org/request/show/1198813
OBS-URL: https://build.opensuse.org/package/show/security/clamav?expand=0&rev=263
13 lines
227 B
Diff
13 lines
227 B
Diff
--- libclamav/crypto.c.orig
|
|
+++ libclamav/crypto.c
|
|
@@ -145,6 +145,9 @@ int cl_initialize_crypto(void)
|
|
ERR_load_crypto_strings();
|
|
#endif
|
|
|
|
+ /* avoid fips issues */
|
|
+ EVP_add_digest(EVP_md5());
|
|
+
|
|
return 0;
|
|
}
|
|
|