Created by James Westby on 2011-04-08 and last modified on 2015-08-14
Get this branch:
bzr branch lp:debian/clamav
Members of Ubuntu branches can upload to this branch. Log in for directions.

Related bugs

Related blueprints

Branch information

Ubuntu branches

Recent revisions

61. By Sebastian Andrzej Siewior <email address hidden> on 2015-08-14

[ Sebastian Andrzej Siewior ]
* use T=<timeout> so we can drop
  unit_tests-increment-test-timeout-from-40secs-to-5mi from the patch queue.
* add 0013-tfm-fix-compile-errors.patch and
  0014-tfm-duct-tape-misscompile-on-armhf.patch to get it built on armhf
  with gcc-5.

[ Andreas Cadhalpun ]
* Prevent the logrotate scripts from aborting if reloading/restarting fails.
  Thanks to John Zaitseff. (Closes: #788652)

60. By Sebastian Andrzej Siewior <email address hidden> on 2015-06-13

[ Andreas Cadhalpun ]
* Increase MaxRecursion to the upstream default of 16. (Closes: #787249)
* Bump the version for the PidFile removal check in the clamav-daemon and
  clamav-freshclam postinst scripts (Closes: #767353)
* Add database existence check also to clamav-daemon.socket.
  This works around systemd bug #775458. (Closes: #775112)

[ Sebastian Andrzej Siewior ]
* also remove debian/clamav-freshclam.prerm clean

59. By Scott Kitterman on 2015-05-01

[ Andreas Cadhalpun ]
* Use SocketUser, SocketGroup and RemoveOnStop systemd socket options
  instead of using ExecStartPost and ExecStopPost for that.
* Respect clamav-daemon's LocalSocket* options with the systemd unit by
  extending the clamav-daemon.socket file appropriately, when running
  dpkg-reconfigure clamav-daemon. (Closes: #783720)
* Disable this extendend configuration, when handling the configuration
  file with debconf is disabled.
* Disable clamav-daemon.socket in prerm script.

[ Sebastian Andrzej Siewior ]
* Import new upstream:
  - Improvements to PDF processing: decryption, escape sequence
    handling, and file property collection.
  - Scanning/analysis of additional Microsoft Office 2003 XML format.
  - Fix infinite loop condition on crafted y0da cryptor file. Identified
    and patch suggested by Sebastian Andrzej Siewior. CVE-2015-2221.
  - Fix crash on crafted petite packed file. Reported and patch
    supplied by Sebastian Andrzej Siewior. CVE-2015-2222.
  - Fix false negatives on files within iso9660 containers. This issue
    was reported by Minzhuan Gong.
  - Fix a couple crashes on crafted upack packed file. Identified and
    patches supplied by Sebastian Andrzej Siewior.
  - Fix a crash during algorithmic detection on crafted PE file.
    Identified and patch supplied by Sebastian Andrzej Siewior.
  - Fix an infinite loop condition on a crafted "xz" archive file.
    This was reported by Dimitri Kirchner and Goulven Guiheux.
  - Fix compilation error after ./configure --disable-pthreads.
    Reported and fix suggested by John E. Krokes.
  - Apply upstream patch for possible heap overflow in Henry Spencer's
    regex library. CVE-2015-2305 (Closes: #778406).
  - Fix crash in upx decoder with crafted file. Discovered and patch
    supplied by Sebastian Andrzej Siewior. CVE-2015-2170.
  - Fix segfault scanning certain HTML files. Reported with sample by
    Kai Risku.
  - Improve detections within xar/pkg files.
* update GPG key used to verify releases to get uscan/get_orig.sh working
* update symbol version for cl_retflevel due to CL_FLEVEL change.

58. By Andreas Cadhalpun on 2015-04-25

* Fix syntax errors in clamav-freshclam.postinst. Thanks piuparts!
* Fix cleanup on purge in clamav-base.postrm.

57. By Andreas Cadhalpun on 2015-04-24

[ Andreas Cadhalpun ]
* Fix variable name mismatch in clamav-milter.postinst in order to
  make preseeding work correctly. (Closes: #778445)
* Fix clamav-daemon installability with custom PidFile.
  Thanks to Andy Dorman for the bug report and patch. (Closes: #778507)
* Rename DEBCONFILE to DEBCONFFILE in clamav-freshclam.postinst making it
  consistent with the other postinst scripts.
* Build against libsystemd-dev. (Closes: #779758)
* Drop 'XS-Testsuite: autopkgtest' from debian/control.
  Debhelper automatically adds the Testsuite field.
  This fixes the lintian warning xs-testsuite-header-in-debian-control.
* Shorten debian/copyright. This fixes some lintian warnings:
   - dep5-copyright-license-name-not-unique
   - wildcard-matches-nothing-in-dep5-copyright
   - unused-file-paragraph-in-dep5-copyright
* Use pathfind to avoid hardcoding paths.
  This fixes command-with-path-in-maintainer-script lintian warnings.

[ Sebastian Andrzej Siewior ]
* Replace ” with " in debian/common_functions (Closes: #781088)
* Drop __DATE__ from tfm to make the package build reproducible with
  -Werror=date-time. With this change faketime is no longer required.

56. By Scott Kitterman on 2015-01-28

[ Sebastian Andrzej Siewior ]
* update "fix-ssize_t-size_t-off_t-printf-modifier", include of misc.h was
  missing but was pulled in via the systemd patch.
* Don't leak return codes from libmspack to clamav API. (Closes: #774686).

[ Andreas Cadhalpun ]
* Add patch to avoid emitting incremental progress messages when not
  outputting to a terminal. (Closes: #767350)
* Update lintian-overrides for unused-file-paragraph-in-dep5-copyright.
* clamav-base.postinst: always chown /var/log/clamav and /var/lib/clamav
  to clamav:clamav, not only on fresh installations. (Closes: #775400)
* Adapt the clamav-daemon and clamav-freshclam logrotate scripts,
  so that they correctly work under systemd.
* Move the PidFile variable from the clamd/freshclam configuration files
  to the init scripts. This makes the init scripts more robust against
  misconfiguration and avoids error messages with systemd. (Closes: #767353)
* debian/copyright: drop files from Files-Excluded only present in github
* Drop Workaround-a-bug-in-libc-on-Hurd.patch, because hurd got fixed.
  (see #752237)
* debian/rules: Remove useless --with-system-tommath --without-included-ltdl
  configure options.

[ Scott Kitterman ]
* Stop stripping llvm when repacking the tarball as the system llvm on some
  releases is too old to use
* New upstream bugfix release
  - Library shared object revisions.
  - Includes a patch from Sebastian Andrzej Siewior making ClamAV pid files
    compatible with systemd.
  - Fix a heap out of bounds condition with crafted Yoda's crypter files.
    This issue was discovered by Felix Groebert of the Google Security Team.
  - Fix a heap out of bounds condition with crafted mew packer files. This
    issue was discovered by Felix Groebert of the Google Security Team.
  - Fix a heap out of bounds condition with crafted upx packer files. This
    issue was discovered by Kevin Szkudlapski of Quarkslab.
  - Fix a heap out of bounds condition with crafted upack packer files. This
    issue was discovered by Sebastian Andrzej Siewior. CVE-2014-9328.
  - Compensate a crash due to incorrect compiler optimization when handling
    crafted petite packer files. This issue was discovered by Sebastian
    Andrzej Siewior.
* Update lintian override for embedded zlib to match new so version

[ Javier Fernández-Sanguino ]
* Updated Spanish Debconf template translation (Closes: #773563)

55. By Andreas Cadhalpun on 2014-12-04

Fix failure to purge, noticed by piuparts. (Closes: #772092)

54. By Andreas Cadhalpun on 2014-12-03

* Automatically extend the clamav-daemon.socket systemd unit to create the
  TCP socket, when clamd is configured to use TCP. (Closes: #771911)
* Also accept AF_INET6 sockets in clamd, as they are now supported.
  Systemd uses AF_INET6 for TCP sockets without specified address.

53. By Sebastian Andrzej Siewior <email address hidden> on 2014-11-19

[ Sebastian Andrzej Siewior ]
* import new upsstream version, refresh patches:
   - LLVM-3.5-version-check-update.patch
   - add-support-for-LLVM-3.5.patch
   - fix-test-failure-on-powerpc-again.patch
   - hardcode-LLVM-linker-flag-because-llvm-config-return
   - added "bb-10731-Allow-to-specificy-a-group-for-the-socket-o" as
     dependecy for "clamav-milter-add-additinal-SMFIF_-flags-before-invo"
  (Closes: #763300)
* Add "Bump-.so-version-number", likely the RPM version of 769384.
* Add "llvm-don-t-use-system-libs", since we don't link against .a libs, we
  don't need the deps either.

[ Scott Kitterman ]
* Update libclamav6: embedded-library lintian override for new libclamav6 so

52. By Andreas Cadhalpun on 2014-11-13

Bump the version requirement for the cl_retflevel symbol to 0.98.5~rc1,
because the CL_FLEVEL, which this function returns, increased in that
version the last time.
This ensures that the functionality level of libclamav is always new
enough. (Closes: #769384)

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
This branch contains Public information 
Everyone can see this information.