-
clamav (0.102.3+dfsg-0~deb9u1) stretch; urgency=medium
[ Sebastian Andrzej Siewior ]
* Import 0.102.3
- CVE-2020-3327 (A vulnerability in the ARJ archive parsing module)
- CVE-2020-3341 (A vulnerability in the PDF parsing module)
* Update symbol file.
[ Scott Kitterman ]
* Add Suggests for unversioned libclamunrar package on clamav-daemon and
clamav binaries
-- Sebastian Andrzej Siewior <email address hidden> Sat, 30 May 2020 00:12:26 +0200
-
clamav (0.102.1+dfsg-0+deb9u2) stretch; urgency=medium
* clamav-daemon: Correct error from ScanOnAccess option removal so that
setting LogFile options via DebConf works again (Closes: #950296)
-- Scott Kitterman <email address hidden> Fri, 31 Jan 2020 16:49:37 -0500
-
clamav (0.101.4+dfsg-0+deb9u1) stretch; urgency=medium
* Import 0.101.4 (Closes: 921190)
- CVE-2019-12625 (Add scan time limit to limit the processing zip-bombs)
(Closes:934359)
- CVE-2019-12900 (An out of bounds write was possible within ClamAV's
NSIS bzip)
- update symbols file (bump to 101.4 and drop unused cli_strnstr).
-- Sebastian Andrzej Siewior <email address hidden> Sun, 25 Aug 2019 14:08:40 +0200
-
clamav (0.100.3+dfsg-0+deb9u1) stretch; urgency=medium
* New upstream security release
- Fixes for the following vulnerabilities:
- [CVE-2019-1787]:
An out-of-bounds heap read condition may occur when scanning PDF
documents. The defect is a failure to correctly keep track of the number
of bytes remaining in a buffer when indexing file data.
- [CVE-2019-1789]:
An out-of-bounds heap read condition may occur when scanning PE files
(i.e. Windows EXE and DLL files) that have been packed using Aspack as a
result of inadequate bound-checking.
- [CVE-2019-1788]:
An out-of-bounds heap write condition may occur when scanning OLE2 files
such as Microsoft Office 97-2003 documents. The invalid write happens when
an invalid pointer is mistakenly used to initialize a 32bit integer to
zero. This is likely to crash the application.
* Update debian/copyright
* Update private symbols for new upstream release
-- Scott Kitterman <email address hidden> Fri, 29 Mar 2019 19:40:34 -0400
-
clamav (0.100.2+dfsg-0+deb9u1) stretch; urgency=medium
* Import new upstream
- Bump symbol version due to new version.
- CVE-2018-15378 (Closes: #910430).
* add NEWS.md and README.md from upstream
* Fix infinite loop in dpkg-reconfigure, Patch by Santiago Ruano Rincón
(Closes: #905044).
-- Sebastian Andrzej Siewior <email address hidden> Fri, 12 Oct 2018 23:44:44 +0200
-
clamav (0.100.0+dfsg-0+deb9u2) stretch; urgency=medium
* Don't fail on recently removed config options (Closes: #902290).
-- Sebastian Andrzej Siewior <email address hidden> Wed, 04 Jul 2018 23:14:43 +0200
-
clamav (0.99.4+dfsg-1+deb9u1) stretch; urgency=medium
* Update to upstream 0.99.4:
Fixes for CVE: CVE-2018-1000085, CVE-2018-0202.
* Update the gpg signing key (the old DSA expired).
* Update version of private symbols due to version change.
* Bump symbol version of cl_retflevel because CL_FLEVEL changed.
-- Sebastian Andrzej Siewior <email address hidden> Sat, 03 Mar 2018 12:15:58 +0100
-
clamav (0.99.2+dfsg-6) unstable; urgency=medium
* Fix detection of curl. Patch by Reiner Herrmann <email address hidden>
(Closes: #852894).
-- Sebastian Andrzej Siewior <email address hidden> Sat, 04 Feb 2017 21:54:51 +0100
-
clamav (0.99.2+dfsg-5) unstable; urgency=medium
[ Andreas Cadhalpun ]
* Add patches to support LLVM 3.7-3.9.
* Re-enable llvm support.
* Update embedded-library lintian override for multiarch locations.
* Update standards version to 3.9.8. (no changes needed)
* Mark clamav-docs and clamav-testfiles as Multi-Arch foreign and
libclamav7 as same.
* Fix spelling errors in the debian files. (Closes: #825055)
* Remove unused package-contains-timestamped-gzip lintian-override.
* Fix wildcard-matches-nothing-in-dep5-copyright lintian warning.
[ Sebastian Andrzej Siewior ]
* Remove clamav-daemon.service.d on purge (Closes: #842074).
* Fix FTCBFS: Annotate interpreter dependencies with :native. Patch by
Helmut Grohne (Closes: #844066).
* Drop bc from B-D, it seems we no longer need it.
* Cherry-pick patch from bb11549 to fix a temp file cleanup issue
(Closes: #824196).
-- Sebastian Andrzej Siewior <email address hidden> Sat, 03 Dec 2016 23:24:48 +0100
-
clamav (0.99.2+dfsg-4) unstable; urgency=medium
* Remove Stephen Gran as Uploader and thank you for your work
(Closes: #838405).
* Drop llvm supported for now. The bytecode will be interpreted by clamav
instead of llvm's JIT - there is loss in functionality. It will come back
once we llvm support again (Closes: #839850).
-- Sebastian Andrzej Siewior <email address hidden> Thu, 06 Oct 2016 21:13:04 +0200
-
clamav (0.99.2+dfsg-3) unstable; urgency=medium
* BD on dh-strip-nondeterminism.
* get it compiled against openssl 1.1.0 (Closes: #828083).
* Drop support for clamav-daemon.socket. Should avoid restart loops if clamd
crashes on start (via OOM for instance). (Closes: #824042).
-- Sebastian Andrzej Siewior <email address hidden> Thu, 25 Aug 2016 21:07:04 +0200
-
clamav (0.99.2+dfsg-2) unstable; urgency=medium
* Ensure the users of PRIVATE symbols (clamd + freshclam) do not fall
behind a upstream version (Closes: #824485).
-- Sebastian Andrzej Siewior <email address hidden> Thu, 19 May 2016 20:04:02 +0200
-
clamav (0.99.2+dfsg-1) unstable; urgency=medium
[ Sebastian Andrzej Siewior ]
* also remove bytecode.cld on purge
* Update to new upstream release 0.99.2
* Drop AllowSupplementaryGroups option which is default now
(Closes: #822445).
* Let the LSB init script have more consistent output. Patch by Guillem
Jover (Closes: #823074).
-- Sebastian Andrzej Siewior <email address hidden> Sat, 07 May 2016 20:39:36 +0200
-
clamav (0.99.1+dfsg-1) unstable; urgency=medium
[ Scott Kitterman ]
* Update version guards for pid file checks in clamav-daemon and clamav-
freshclam to account for squeeze-lts upload that did not include the
related change
* Bump standards version to 3.9.7 without further change
* Bump debhelper minimum version requirement to 9 to match compat
* Drop squeeze related work-arounds now that squeeze-lts is no longer
supported
- Strip llvm from the upstream tarball in Files-Excluded to make it more
compatct (system llvm is always used now)
- Clean up debian/rules by removing squeeze specific configuration and
work arounds
[ Adriano Rafael Gomes ]
* Brazilian Portuguese debconf templates translation (Closes: #816956).
[ Sebastian Andrzej Siewior ]
* Import new upstream
* Drop patches applied upstream:
- add-LLVM-3.6-support.patch
- libclamav-yara-avoid-unaliged-access-to-64bit-variab.patch
* add new clamd.conf options.
* update symbol version for cl_retflevel due to CL_FLEVEL change.
* use a https:// prefix in VCS-* links and for the homepage.
* use "hardening=+all" for building.
* fixup typos in copyright file
* exclude .zip files dh_strip_nondeterminism because it currently breaks
them. This `repairs' the .zip files in clamav-testfiles.
* Update pid checks clamav-daemon and clamav-freshclam match lower than 0.99
version (to catch the upgrade path).
* Apply malloc() check, from clamav's bugzilla #11524, #11526, #11529
-- Sebastian Andrzej Siewior <email address hidden> Fri, 11 Mar 2016 23:32:45 +0100
-
clamav (0.99+dfsg-2) unstable; urgency=medium
* Use compat 9 and drop clamav-dbg in favour of dbgsym.
* use libtfm-dev instead of in-tree copy and drop all tfm related patches.
* Add libclamav-yara-avoid-unaliged-access-to-64bit-variab.patch to get the
testsuite passed on sparc. It also seem avoid invalid loads on ARMv5 cpus.
-- Sebastian Andrzej Siewior <email address hidden> Sun, 21 Feb 2016 15:25:59 +0100
-
clamav (0.99+dfsg-1) unstable; urgency=medium
* Import final release of 0.99
* suggest libclamunrar7 instead of libclamunrar6
-- Sebastian Andrzej Siewior <email address hidden> Sat, 05 Dec 2015 00:06:53 +0100
-
clamav (0.98.7+dfsg-5) unstable; urgency=medium
[ Andreas Cadhalpun ]
* Drop patch numbers, because they cause too much diff noise.
* Fix use-pkg-config-to-determine-CHECK_LIBS.patch so that the tests
actually get run again.
[ Sebastian Andrzej Siewior ]
* Drop LLVM usage on powerpc (it is broken since the v3.6 switch).
-- Sebastian Andrzej Siewior <email address hidden> Tue, 01 Dec 2015 20:58:20 +0100
-
clamav (0.98.7+dfsg-4) unstable; urgency=medium
* Add patch to support LLVM 3.6.
* debian/clamav-milter.postinst.in: Update to reflect the change from
examples/clamav-milter.conf to examples/clamav-milter.conf.sample.
Thanks to Christian Schrötter. (Closes: #795190)
* Use 'grep -a' instead of grep in maintainer scripts. (Closes: #799808)
* Restore the SE Linux context when creating /var/lib/ucf/cache.
Thanks to Russell Coker for the patch. (Closes: #802311)
* Adapt debian/watch to new download location www.clamav.net/download.html.
* Add patch to use pkg-config to determine CHECK_LIBS.
The linker flags for check changed making the hardcoded flags useless.
-- Andreas Cadhalpun <email address hidden> Sun, 25 Oct 2015 19:35:51 +0100
-
clamav (0.98.7+dfsg-3) unstable; urgency=medium
[ Sebastian Andrzej Siewior ]
* use T=<timeout> so we can drop
unit_tests-increment-test-timeout-from-40secs-to-5mi from the patch queue.
* add 0013-tfm-fix-compile-errors.patch and
0014-tfm-duct-tape-misscompile-on-armhf.patch to get it built on armhf
with gcc-5.
[ Andreas Cadhalpun ]
* Prevent the logrotate scripts from aborting if reloading/restarting fails.
Thanks to John Zaitseff. (Closes: #788652)
-- Sebastian Andrzej Siewior <email address hidden> Fri, 14 Aug 2015 08:55:16 +0200
-
clamav (0.98.7+dfsg-2) unstable; urgency=medium
[ Andreas Cadhalpun ]
* Increase MaxRecursion to the upstream default of 16. (Closes: #787249)
* Bump the version for the PidFile removal check in the clamav-daemon and
clamav-freshclam postinst scripts (Closes: #767353)
* Add database existence check also to clamav-daemon.socket.
This works around systemd bug #775458. (Closes: #775112)
[ Sebastian Andrzej Siewior ]
* also remove debian/clamav-freshclam.prerm clean
-- Sebastian Andrzej Siewior <email address hidden> Sat, 13 Jun 2015 15:11:41 +0200
-
clamav (0.98.7+dfsg-1) unstable; urgency=high
[ Andreas Cadhalpun ]
* Use SocketUser, SocketGroup and RemoveOnStop systemd socket options
instead of using ExecStartPost and ExecStopPost for that.
* Respect clamav-daemon's LocalSocket* options with the systemd unit by
extending the clamav-daemon.socket file appropriately, when running
dpkg-reconfigure clamav-daemon. (Closes: #783720)
* Disable this extendend configuration, when handling the configuration
file with debconf is disabled.
* Disable clamav-daemon.socket in prerm script.
[ Sebastian Andrzej Siewior ]
* Import new upstream:
- Improvements to PDF processing: decryption, escape sequence
handling, and file property collection.
- Scanning/analysis of additional Microsoft Office 2003 XML format.
- Fix infinite loop condition on crafted y0da cryptor file. Identified
and patch suggested by Sebastian Andrzej Siewior. CVE-2015-2221.
- Fix crash on crafted petite packed file. Reported and patch
supplied by Sebastian Andrzej Siewior. CVE-2015-2222.
- Fix false negatives on files within iso9660 containers. This issue
was reported by Minzhuan Gong.
- Fix a couple crashes on crafted upack packed file. Identified and
patches supplied by Sebastian Andrzej Siewior.
- Fix a crash during algorithmic detection on crafted PE file.
Identified and patch supplied by Sebastian Andrzej Siewior.
- Fix an infinite loop condition on a crafted "xz" archive file.
This was reported by Dimitri Kirchner and Goulven Guiheux.
CVE-2015-2668.
- Fix compilation error after ./configure --disable-pthreads.
Reported and fix suggested by John E. Krokes.
- Apply upstream patch for possible heap overflow in Henry Spencer's
regex library. CVE-2015-2305 (Closes: #778406).
- Fix crash in upx decoder with crafted file. Discovered and patch
supplied by Sebastian Andrzej Siewior. CVE-2015-2170.
- Fix segfault scanning certain HTML files. Reported with sample by
Kai Risku.
- Improve detections within xar/pkg files.
* update GPG key used to verify releases to get uscan/get_orig.sh working
again.
* update symbol version for cl_retflevel due to CL_FLEVEL change.
-- Scott Kitterman <email address hidden> Fri, 01 May 2015 22:45:55 -0400
