Ubuntu
clamav package

Merge clamav from Debian unstable for mantic

Bug #2018063 reported by Bryce Harrington on 2023-04-28

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	clamav (Ubuntu)	Fix Released	Undecided	Vladimir Petko	Ubuntu ubuntu-23.07
	libclamunrar (Ubuntu)	Fix Released	Undecided	Unassigned	Ubuntu ubuntu-23.07

Bug Description

Upstream: tbd
Debian: 1.0.1+dfsg-2
Ubuntu: 0.103.8+dfsg-0ubuntu1

Debian does new releases regularly, so it's likely there will be newer versions available before FF that we can pick up if this merge is done later in the cycle.

If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired.

### New Debian Changes ###

clamav (1.0.1+dfsg-2) unstable; urgency=medium

* Depend on latest libtfm1 (Closes: #1031896, #1027010).

-- Sebastian Andrzej Siewior <email address hidden> Sun, 26 Feb 2023 17:39:06 +0100

clamav (1.0.1+dfsg-1) unstable; urgency=medium

  * Import 1.0.1 (Closes: #1031509)
    - CVE-2023-20032 (Possible RCE in the HFS+ file parser).
    - CVE-2023-20052 (Possible information leak in the DMG file parser).

-- Sebastian Andrzej Siewior <email address hidden> Fri, 17 Feb 2023 20:29:05 +0100

clamav (1.0.0+dfsg-6) unstable; urgency=medium

  [ Sebastian Andrzej Siewior ]
  * Add d/p/Add-an-option-to-avoid-setting-RPATH-on-unix-systems.patch to fix
    rpath issues

  [ Scott Kitterman ]
  * Remove obsolete usr/share/doc/*/NEWS.gz links from debian/*.links, no
    longer provided in the package (Thanks to Paul Wise for reporting)
    (Closes: #1029173)
  * Complete update of d/copyright for upstream file removal/reorganization
  * Restore and update clamav-freshclam and libclamav lintian-overrides for
    current lintian
  * Drop depends on obsolete package lsb-base

-- Scott Kitterman <email address hidden> Sat, 21 Jan 2023 18:02:12 -0500

clamav (1.0.0+dfsg-5) unstable; urgency=medium

  [ Scott Kitterman ]
  * Update paths in d/tests/clamd for new source layout
  * Add misc:Pre-Depends to clamav-daemon and clamav-milter for
    init-system-helpers
  * Remove obsolete debian/NEWS file
  * More lintian override corrections
  * Start of removing obsolete d/copyright entries

[ Sebastian Andrzej Siewior ]
* Fix testsuite on big endian architectures.

-- Scott Kitterman <email address hidden> Fri, 06 Jan 2023 12:33:39 -0500

clamav (1.0.0+dfsg-4) unstable; urgency=medium

* Drop unneeded build-depends on rust-lldb (Closes: #1027948).

-- Scott Kitterman <email address hidden> Wed, 04 Jan 2023 18:32:47 -0500

clamav (1.0.0+dfsg-3) unstable; urgency=medium

  * Upload to unstable
  * Directly trigger html docs build to fix lack of html docs and update
    clamav-docs.install
  * Fixup duplicate globs in d/copyright
  * Update paths for new source layout in lintian overrides
  * Update clean rule for new tests
  * Add debian/source/options to ignore changes in Cargo.lock when regenerated
    during build
  * Remove obsolete overrides from d/rules

-- Scott Kitterman <email address hidden> Wed, 04 Jan 2023 15:06:03 -0500

clamav (1.0.0+dfsg-2) experimental; urgency=medium

  [ Scott Kitterman ]
  * Add libclamav11 replaces libclamav9 since the libfreshclam so name did not
    change (Closes: #1027698).

  [ Sebastian Andrzej Siewior ]
  * Use a version-script and limit the exported symbols of libclamav and
    libfreshclam.

-- Sebastian Andrzej Siewior <email address hidden> Mon, 02 Jan 2023 18:38:42 +0100

clamav (1.0.0+dfsg-1) experimental; urgency=medium

* Update to 1.0.0 (Closes: #1006179).

-- Sebastian Andrzej Siewior <email address hidden> Sat, 31 Dec 2022 13:44:59 +0100

clamav (0.103.7+dfsg-1) unstable; urgency=medium

* Import 0.103.7
- Update symbol file.

-- Sebastian Andrzej Siewior <email address hidden> Sun, 14 Aug 2022 21:33:51 +0200

clamav (0.103.6+dfsg-1) unstable; urgency=medium

  * Import 0.103.6
    - CVE-2022-20770 (Possible infinite loop vulnerability in the CHM file
      parser).
    - CVE-2022-20796 (Possible NULL-pointer dereference crash in the scan
      verdict cache check).
    - CVE-2022-20771 (Possible infinite loop vulnerability in the TIFF file
      parser).

### Old Ubuntu Delta ###

clamav (0.103.8+dfsg-0ubuntu1) lunar; urgency=medium

  * Updated to version 0.103.8 to fix security issues.
    - debian/rules: bump CL_FLEVEL to 129.
    - debian/libclamav9.symbols: updated CLAMAV_PRIVATE symbols to new
      version.
    - CVE-2023-20032, CVE-2023-20052

-- David Fernandez Gonzalez <email address hidden> Fri, 24 Feb 2023 09:27:20 +0100

clamav (0.103.7+dfsg-1ubuntu1) lunar; urgency=medium

  * Merge with Debian unstable (LP: #1993390). Remaining changes:
    - clamav-base.postinst.in: Quell warning from check for clamav user
      (LP #1920217)
  * Dropped:
    - Update translations

-- Bryce Harrington <email address hidden> Fri, 18 Nov 2022 23:35:15 -0800

Tags:

Related branches

~vpa1977/ubuntu/+source/clamav:merge-lp2018063

Merged into ubuntu/+source/clamav:ubuntu/devel at revision 2fd0ea013a5822055512dee4f8803d25e243b01b

Dan Bungert: Pending requested 2023-08-02

git-ubuntu import: Pending requested 2023-08-02

~vpa1977/ubuntu/+source/clamav:merge-lp2018063

Ready for review for merging into ubuntu/+source/clamav:debian/sid

Bryce Harrington (community): Needs Information on 2023-08-03

Dan Bungert (community): Needs Fixing on 2023-08-02

git-ubuntu import: Pending requested 2023-08-01

~vpa1977/ubuntu/+source/clamav:merge-lp2018063

Superseded for merging into ubuntu/+source/clamav:debian/sid

Ubuntu Sponsors: Pending requested 2023-08-01

git-ubuntu import: Pending requested 2023-07-30

CVE References

Bryce Harrington (bryce) on 2023-04-28

Changed in clamav (Ubuntu):
milestone:	none → ubuntu-23.07

Bryce Harrington (bryce) on 2023-04-29

Changed in clamav (Ubuntu):
assignee:	nobody → Bryce Harrington (bryce)

Revision history for this message

Steve Langasek (vorlon) wrote on 2023-06-03:

libclamunrar 1.0.0-2 depends on libclamav11.

tags:

added: update-excuse

Revision history for this message

Vladimir Petko (vpa1977) wrote on 2023-07-31 (last edit on 2023-08-01):

Merged 1.0.1+dfsg-2 in ppa[1]. Package builds but:
- clamav-daemon package fails to install service (clamav-clamonacc.service) [2]

[1]https://launchpad.net/~vpa1977/+archive/ubuntu/clamav/+packages
[2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030171

Bryce Harrington (bryce) on 2023-07-31

Changed in libclamunrar (Ubuntu):
milestone:	none → ubuntu-23.07

Vladimir Petko (vpa1977) on 2023-08-01

Changed in clamav (Ubuntu):
assignee:	Bryce Harrington (bryce) → Vladimir Petko (vpa1977)

Revision history for this message

Dan Bungert (dbungert) wrote on 2023-08-01:

clamav uploaded, thanks!

Changed in clamav (Ubuntu):
assignee:	Vladimir Petko (vpa1977) → Dan Bungert (dbungert)
status:	New → Fix Committed

Revision history for this message

Dan Bungert (dbungert) wrote on 2023-08-02:

armhf FTBFS, fix work ongoing by Vladimir

Changed in clamav (Ubuntu):
assignee:	Dan Bungert (dbungert) → Vladimir Petko (vpa1977)
status:	Fix Committed → Incomplete

Revision history for this message

Launchpad Janitor (janitor) wrote on 2023-08-06:

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in libclamunrar (Ubuntu):
status:	New → Confirmed

Revision history for this message

Vladimir Petko (vpa1977) wrote on 2023-08-23:

Fixed in LP: #2031565

Revision history for this message

Bryce Harrington (bryce) wrote on 2023-08-26:

In -proposed but blocked by glibc transition.

Changed in clamav (Ubuntu):
status:	Incomplete → Fix Released
status:	Fix Released → In Progress
status:	In Progress → Fix Committed
Changed in libclamunrar (Ubuntu):
status:	Confirmed → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2023-08-26:

This bug was fixed in the package clamav - 1.0.2+dfsg-1ubuntu1

---------------
clamav (1.0.2+dfsg-1ubuntu1) mantic; urgency=medium

  [ Marc Deslauriers ]
  * Merge with Debian unstable as security update (LP: #2031565).
    Remaining changes:
    - Extend ifupdown script to support networkd-dispatcher.
      + d/clamav-freshclam-ifupdown: Modernize some parts of
        the script. Implement support for networkd-dispatcher.
      + d/clamav-freshclam.links: Install the
        clamav-freshclam-ifupdown script inside the proper
        /usr/lib/networkd-dispatcher/{off,routable}.d/
        directories. (LP: 1718227)
    - clamav-base.postinst.in: Quell warning from check for clamav user
      (LP: 1920217).
    - CVE-2023-20197
    - CVE-2023-20212

  [ Vladimir Petko ]
  * d/p/resolve-armhf-ftbfs.patch: resolve armhf failure to build from
    source.

clamav (1.0.2+dfsg-1) unstable; urgency=medium

  * Import 1.0.2 (Closes: #1050057)
    - CVE-2023-20197 (Possible DoS in HFS+ file parser).
    - CVE-2023-20212 (Possible DoS in AutoIt file parser).
  * Use cmake for xml2 detection (Closes: #949100).
  * Replace tomsfastmath with OpenSSL's BN.
  * Don't enable clamonacc by default (Closes: #1030171).
  * Let the clamav-daemon.socket depend on the service file again
    (Closes: #1044136).

-- Marc Deslauriers <email address hidden> Wed, 23 Aug 2023 10:44:37 -0400

Changed in clamav (Ubuntu):
status:	Fix Committed → Fix Released

Revision history for this message

Bryce Harrington (bryce) wrote on 2023-08-30:

### Debian ###
libclamunrar | 0.102.3-3 | bullseye/non-free
libclamunrar | 1.0.0-2 | bookworm/non-free
libclamunrar | 1.0.0-2 | trixie/non-free
libclamunrar | 1.0.0-2 | sid/non-free

Changed in libclamunrar (Ubuntu):
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntuclamav package

Merge clamav from Debian unstable for mantic

Bug Description

Related branches

CVE References

Other bug subscribers

Remote bug watches

Ubuntu
clamav package