libfreshclam3-1.4.2-1.1 RPM for i586

From OpenSuSE Ports Tumbleweed for i586

ClamAV is an antivirus engine designed for detecting trojans,
viruses, malware and other malicious threats.

Provides

• libfreshclam3
• libfreshclam.so.3
• libfreshclam.so.3(FRESHCLAM_PRIVATE)
• libfreshclam.so.3(FRESHCLAM_PUBLIC)
• libfreshclam3(x86-32)

Requires

• /sbin/ldconfig
• /sbin/ldconfig
• ld-linux.so.2
• ld-linux.so.2(GLIBC_2.3)
• libc.so.6
• libc.so.6(GLIBC_2.0)
• libc.so.6(GLIBC_2.1)
• libc.so.6(GLIBC_2.1.2)
• libc.so.6(GLIBC_2.1.3)
• libc.so.6(GLIBC_2.10)
• libc.so.6(GLIBC_2.15)
• libc.so.6(GLIBC_2.16)
• libc.so.6(GLIBC_2.17)
• libc.so.6(GLIBC_2.18)
• libc.so.6(GLIBC_2.2)
• libc.so.6(GLIBC_2.2.4)
• libc.so.6(GLIBC_2.25)
• libc.so.6(GLIBC_2.27)
• libc.so.6(GLIBC_2.28)
• libc.so.6(GLIBC_2.29)
• libc.so.6(GLIBC_2.3)
• libc.so.6(GLIBC_2.3.4)
• libc.so.6(GLIBC_2.32)
• libc.so.6(GLIBC_2.33)
• libc.so.6(GLIBC_2.34)
• libc.so.6(GLIBC_2.38)
• libc.so.6(GLIBC_2.39)
• libc.so.6(GLIBC_2.4)
• libc.so.6(GLIBC_2.5)
• libc.so.6(GLIBC_2.6)
• libc.so.6(GLIBC_2.9)
• libclamav.so.12
• libclamav.so.12(CLAMAV_1.0.0)
• libclamav.so.12(CLAMAV_PRIVATE)
• libclamav.so.12(CLAMAV_PUBLIC)
• libcrypto.so.3
• libcrypto.so.3(OPENSSL_3.0.0)
• libcurl.so.4
• libgcc_s.so.1
• libgcc_s.so.1(GCC_3.0)
• libgcc_s.so.1(GCC_3.3)
• libgcc_s.so.1(GCC_4.2.0)
• libm.so.6
• libm.so.6(GLIBC_2.0)
• libm.so.6(GLIBC_2.1)
• libm.so.6(GLIBC_2.27)
• libm.so.6(GLIBC_2.29)
• libz.so.1
• rpmlib(CompressedFileNames) <= 3.0.4-1
• rpmlib(FileDigests) <= 4.6.0-1
• rpmlib(PayloadFilesHavePrefix) <= 4.0-1
• rpmlib(PayloadIsZstd) <= 5.4.18-1

License

GPL-2.0-only

Changelog

* Wed Jan 22 2025 Reinhard Max <max@suse.com>
  - New version 1.4.2:
    * CVE-2025-20128, bsc#1236307: Fixed a possible buffer overflow
      read bug in the OLE2 file parser that could cause a
      denial-of-service (DoS) condition.
* Fri Jan 10 2025 Reinhard Max <max@suse.com>
  - bsc#1232242: Start clamonacc with --fdpass to avoid errors due to
    clamd not being able to access user files.
* Wed Dec 18 2024 Andreas Stieger <andreas.stieger@gmx.de>
  - fix factory submission (clam.tcl, clamscan.log)
* Tue Sep 10 2024 Reinhard Max <max@suse.com>
  - New version 1.4.1:
    * [CVE-2024-20506, bsc#1230162]: Changed the logging module to
      disable following symlinks on Linux and Unix systems so as to
      prevent an attacker with existing access to the 'clamd' or
      'freshclam' services from using a symlink to corrupt system
      files.
    * [CVE-2024-20505, bsc#1230161]: Fixed a possible out-of-bounds
      read bug in the PDF file parser that could cause a
      denial-of-service (DoS) condition.
    * https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html
  - New version 1.4.0:
    * Added support for extracting ALZ archives.
    * Added support for extracting LHA/LZH archives.
    * Added the ability to disable image fuzzy hashing, if needed.
      For context, image fuzzy hashing is a detection mechanism
      useful for identifying malware by matching images included with
      the malware or phishing email/document.
    * https://blog.clamav.net/2024/08/clamav-140-feature-release-and-clamav.html
* Wed Sep 04 2024 Arjen de Korte <suse+build@de-korte.org>
  - New version 1.3.2:
    * CVE-2024-20506: Changed the logging module to disable following
      symlinks on Linux and Unix systems so as to prevent an attacker
      with existing access to the 'clamd' or 'freshclam' services from
      using a symlink to corrupt system files.
    * CVE-2024-20505: Fixed a possible out-of-bounds read bug in the PDF
      file parser that could cause a denial-of-service condition.
    * Removed unused Python modules from freshclam tests including
      deprecated 'cgi' module that is expected to cause test failures in
      Python 3.13.
    * Fix unit test caused by expiring signing certificate.
    * Fixed a build issue on Windows with newer versions of Rust. Also
      upgraded GitHub Actions imports to fix CI failures.
    * Fixed an unaligned pointer dereference issue on select architectures.
    * Fixes to Jenkins CI pipeline.
  - Remove upstreamed 1305.patch
* Mon Jul 29 2024 Bernhard Wiedemann <bwiedemann@suse.com>
  - Add upstream 1305.patch to fix tests (boo#1102840, https://github.com/Cisco-Talos/clamav/issues/1300)
* Mon Apr 22 2024 Reinhard Max <max@suse.com>
  - New Version: 1.3.1:
    * CVE-2024-20380: Fixed a possible crash in the HTML file parser
      that could cause a denial-of-service (DoS) condition.
    * Updated select Rust dependencies to the latest versions.
    * Fixed a bug causing some text to be truncated when converting
      from UTF-16.
    * Fixed assorted complaints identified by Coverity static
      analysis.
    * Fixed a bug causing CVDs downloaded by the DatabaseCustomURL
      Freshclam config option to be pruned and then re-downloaded
      with every update.
    * Added the new 'valhalla' database name to the list of optional
      databases in preparation for future work.
* Fri Mar 15 2024 Reinhard Max <max@suse.com>
  - New version: 1.3.0:
    * Added support for extracting and scanning attachments found in
      Microsoft OneNote section files. OneNote parsing will be
      enabled by default, but may be optionally disabled.
    * Added file type recognition for compiled Python (`.pyc`) files.
    * Improved support for decrypting PDFs with empty passwords.
    * Fixed a warning when scanning some HTML files.
    * ClamOnAcc: Fixed an infinite loop when a watched directory
      does not exist.
    * ClamOnAcc: Fixed an infinite loop when a file has been deleted
      before a scan.
  - New version: 1.2.0:
    * Added support for extracting Universal Disk Format (UDF)
      partitions.
    * Added an option to customize the size of ClamAV's clean file
      cache.
    * Raised the MaxScanSize limit so the total amount of data
      scanned when scanning a file or archive may exceed 4 gigabytes.
    * Added ability for Freshclam to use a client certificate PEM
      file and a private key PEM file for authentication to a private
      mirror.
    * Fix an issue extracting files from ISO9660 partitions where the
      files are listed in the plain ISO tree and there also exists an
      empty Joliet tree.
    * PID and socket are now located under /run/clamav/clamd.pid and
      /run/clamav/clamd.sock .
    * bsc#1211594: Fixed an issue where ClamAV does not abort the
      signature load process after partially loading an invalid
      signature.
  - New version 1.1.0:
    * https://blog.clamav.net/2023/05/clamav-110-released.html
    * Added the ability to extract images embedded in HTML CSS
      <style> blocks.
    * Updated to Sigtool so that the --vba option will extract VBA
      code from Microsoft Office documents the same way that
      libclamav extracts VBA.
    * Added a new option --fail-if-cvd-older-than=days to clamscan
      and clamd, and FailIfCvdOlderThan to clamd.conf
    * Added a new function cl_cvdgetage() to the libclamav API.
    * Added a new function cl_engine_set_clcb_vba() to the
      libclamav API.
    * obsoletes clamav-ec32.patch.
  - boo#1180296: Integrate clamonacc as a service.
  - New version 1.0.1 LTS (including changes in 0.104 and 0.105):
    * As of ClamAV 0.104, CMake is required to build ClamAV.
    * As of ClamAV 0.105, Rust is now required to compile ClamAV.
    * Increased the default limits for file and scan size:
    * MaxScanSize: 100M to 400M
    * MaxFileSize: 25M to 100M
    * StreamMaxLength: 25M to 100M
    * PCREMaxFileSize: 25M to 100M
    * MaxEmbeddedPE: 10M to 40M
    * MaxHTMLNormalize: 10M to 40M
    * MaxScriptNormalize: 5M to 20M
    * MaxHTMLNoTags: 2M to 8M
    * Added image fuzzy hash subsignatures for logical signatures.
    * Support for decrypting read-only OLE2-based XLS files that are
      encrypted with the default password.
    * Overhauled the implementation of the all-match feature.
    * Added a new callback to the public API for inspecting file
      content during a scan at each layer of archive extraction.
    * Added a new function to the public API for unpacking CVD
      signature archives.
    * The option to build with an external TomsFastMath library has
      been removed. ClamAV requires non-default build options for
      TomsFastMath to support bigger floating point numbers.
    * For a full list of changes see the release announcements:
    * https://blog.clamav.net/2022/11/clamav-100-lts-released.html
    * https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html
    * https://blog.clamav.net/2021/09/clamav-01040-released.html
  - Build clamd with systemd support.
  - Fix format strings on 32bit platforms (clamav-format.patch).
  - Add missing endianness conversions (clamav-ec32.patch).
  - Don't build on armv7l for now due to some test failures.
  - Drop clamav-disable-yara.patch as yara cannot be disabled anymore
* Mon Feb 26 2024 Dominique Leuenberger <dimstar@opensuse.org>
  - Use %patch -P N instead of deprecated %patchN.
* Wed Oct 25 2023 Arjen de Korte <suse+build@de-korte.org>
  - Update to 0.103.11
    * Upgrade the bundled UnRAR library (libclamunrar) to version 6.2.12.
    * Windows: libjson-c 0.17 compatibility fix. with ssize_t type definition.
    * Windows: Update build system to use OpenSSL 3 and PThreads-Win32 v3.
  - Update to 0.103.10
    * Upgrade the bundled UnRAR library (libclamunrar) to version 6.2.10.
      (bsc#1216625, CVE-2023-40477)
* Fri Aug 18 2023 Reinhard Max <max@suse.com>
  - Renew clamav.keyring .
* Wed Aug 16 2023 Arjen de Korte <suse+build@de-korte.org>
  - Update to 0.103.9
    * CVE-2023-20197: Fixed a possible denial of service vulnerability in
      the HFS+ file parser. This issue affects versions 1.1.0, 1.0.1 through
      1.0.0, 0.105.2 through 0.105.0, 0.104.4 through 0.104.0, and 0.103.8
      through 0.103.0. (boo#1214342)
    * Fixed compiler warnings that may turn into errors in Clang 16.
* Wed Feb 15 2023 Arjen de Korte <suse+build@de-korte.org>
  - Update to 0.103.8
    * CVE-2023-20032: Fixed a possible remote code execution vulnerability
      in the HFS+ file parser. Issue affects versions 1.0.0 and earlier,
      0.105.1 and earlier, and 0.103.7 and earlier. (bsc#1208363)
    * CVE-2023-20052: Fixed a possible remote information leak
      vulnerability in the DMG file parser. Issue affects versions 1.0.0
      and earlier, 0.105.1 and earlier, and 0.103.7 and earlier.
      (bsc#1208365)
    * Update vendored libmspack library to version 0.11alpha.
      (bsc#1103032: CVE-2018-14679)
  - Package huge .html documentation in a separate subpackage.
* Fri Aug 05 2022 ecsos <ecsos@opensuse.org>
  - Update to 0.103.7 (bsc#1202986)
    - Zip parser: tolerate 2-byte overlap in file entries
    - Fix bug with logical signature Intermediates feature
    - Update to UnRAR v6.1.7
    - Patch UnRAR: allow skipping files in solid archives
    - Patch UnRAR: limit dict winsize to 1GB
* Thu May 05 2022 Arjen de Korte <suse+build@de-korte.org>
  - Update to 0.103.6
    * CVE-2022-20770: Fixed a possible infinite loop vulnerability in the CHM
      file parser. Issue affects versions 0.104.0 through 0.104.2 and LTS
      version 0.103.5 and prior versions. (boo#1199242)
    * CVE-2022-20796: Fixed a possible NULL-pointer dereference crash in the
      scan verdict cache check. Issue affects versions 0.103.4, 0.103.5,
      0.104.1, and 0.104.2. (boo#1199246)
    * CVE-2022-20771: Fixed a possible infinite loop vulnerability in the
      TIFF file parser. Issue affects versions 0.104.0 through 0.104.2 and
      LTS version 0.103.5 and prior versions. The issue only occurs if the
      "--alert-broken-media" ClamScan option is enabled. For ClamD, the
      affected option is "AlertBrokenMedia yes", and for libclamav it is the
      "CL_SCAN_HEURISTIC_BROKEN_MEDIA" scan option. (boo#1199244)
    * CVE-2022-20785: Fixed a possible memory leak in the HTML file parser /
      Javascript normalizer. Issue affects versions 0.104.0 through 0.104.2
      and LTS version 0.103.5 and prior versions. (boo#1199245)
    * CVE-2022-20792: Fixed a possible multi-byte heap buffer overflow write
      vulnerability in the signature database load module. The fix was to
      update the vendored regex library to the latest version. Issue affects
      versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior
      versions. (boo#1199274)
    * ClamOnAcc: Fixed a number of assorted stability issues and added
      niceties for debugging ClamOnAcc.
    * Fixed an issue causing byte-compare subsignatures to cause an alert
      when they match even if other conditions of the given logical
      signatures were not met.
    * Fix memleak when using multiple byte-compare subsignatures. This fix
      was backported from 0.104.0.
    * Assorted bug fixes and improvements.
  - Remove upstreamed clamav-ck_assert_msg.patch
* Tue Apr 12 2022 Marcus Meissner <meissner@suse.com>
  - https source urls
* Wed Jan 12 2022 Arjen de Korte <suse+build@de-korte.org>
  - Update to 0.103.5
    * CVE-2022-20698: Fix for invalid pointer read that may cause a crash.
      This issue affects 0.104.1, 0.103.4 and prior when ClamAV is compiled
      with libjson-c and the CL_SCAN_GENERAL_COLLECT_METADATA scan option
      (the clamscan --gen-json option) is enabled. (bsc#1194731)
    * Fixed ability to disable the file size limit with libclamav C API,
      like this:
      cl_engine_set_num(engine, CL_ENGINE_MAX_FILESIZE, 0);
      This issue didn't affect ClamD or ClamScan which also can disable the
      limit by setting it to zero using MaxFileSize 0 in clamd.conf for ClamD,
      or clamscan --max-filesize=0 for ClamScan.
      Note: Internally, the max file size is still set to 2 GiB. Disabling the
      limit for a scan will fall back on the internal 2 GiB limitation.
    * Increased the maximum line length for ClamAV config files from 512 bytes
      to 1,024 bytes to allow for longer config option strings.
    * SigTool: Fix insufficient buffer size for --list-sigs that caused a
      failure when listing a database containing one or more very long
      signatures. This fix was backported from 0.104.

Files

/usr/lib/libfreshclam.so.3
/usr/lib/libfreshclam.so.3.0.2

Generated by rpm2html 1.8.1

Fabrice Bellet, Sat Feb 1 00:03:07 2025