Change log for clamav package in Debian

clamav (1.0.5+dfsg-1.1) unstable; urgency=medium

  * Non-maintainer upload.
  * Rename libraries for 64-bit time_t transition.  Closes: #1062072

 -- Steve Langasek <email address hidden>  Wed, 28 Feb 2024 15:44:10 +0000

clamav (1.0.5+dfsg-1) unstable; urgency=medium

  * Import 1.0.4 (Closes: #1063479).
    - Update symbols.
    - CVE-2024-20290 (Fixed a possible heap overflow read bug in the OLE2 file
      parser that could cause a denial-of-service (DoS) condition.)
    - CVE-2024-20328 (Fixed a possible command injection vulnerability in the
      "VirusEvent" feature of ClamAV's ClamD service.

 -- Sebastian Andrzej Siewior <email address hidden>  Thu, 08 Feb 2024 21:38:51 +0100

clamav (1.2.1+dfsg-3) experimental; urgency=medium

  * Add proper Breaks/Replaces for the docs vs clamav. Rightfully reported by
    Andreas Beckmann (Closes: #1055494).
  * Update Swedish translation. Updated by Martin Bagge and Anders Jonsson
    (Closes: #1062665).
  * Rename libraries for 64-bit time_t transition. Based on NMU from Steve
    Langasek (Closes: #1062072).

 -- Sebastian Andrzej Siewior <email address hidden>  Sat, 03 Feb 2024 12:27:16 +0100

clamav (1.0.4+dfsg-1) unstable; urgency=medium

  * Import 1.0.4
    - Update symbols.
  * Add systemd-dev to Build-Depends (Closes: #1060559).
  * Mark clamav-base as foreign (Closes: #1060889).

 -- Sebastian Andrzej Siewior <email address hidden>  Sat, 20 Jan 2024 11:57:33 +0100

clamav (1.2.1+dfsg-2) experimental; urgency=medium

  * Drop the PE patches, an alternative patch went upstream.
  * Add proper Breaks/Replaces for the docs transitional packages. Rightfully
    reported by Andreas Beckmann (Closes: #1055494).

 -- Sebastian Andrzej Siewior <email address hidden>  Tue, 07 Nov 2023 22:03:07 +0100

clamav (1.2.1+dfsg-1) experimental; urgency=medium

  * Import 1.2.1
  * Add libclamav12 after so bump.
  * Move documentation to clamav-doc.

 -- Sebastian Andrzej Siewior <email address hidden>  Sun, 05 Nov 2023 21:29:59 +0100

clamav (0.103.10+dfsg-0+deb11u1) bullseye; urgency=medium

  * Import 0.103.10

 -- Sebastian Andrzej Siewior <email address hidden>  Sat, 09 Sep 2023 17:25:07 +0200

clamav (1.0.3+dfsg-1~deb12u1) bookworm; urgency=medium

  * Import 1.0.3
  * Remove unnecessary warning messages in freshclam during update.

 -- Sebastian Andrzej Siewior <email address hidden>  Sat, 09 Sep 2023 16:36:13 +0200

clamav (1.0.3+dfsg-2) unstable; urgency=medium

  * Remove unnecessary warning messages in freshclam during update.

 -- Sebastian Andrzej Siewior <email address hidden>  Sat, 09 Sep 2023 12:49:40 +0200

clamav (1.0.2+dfsg-1) unstable; urgency=medium

  * Import 1.0.2 (Closes: #1050057)
    - CVE-2023-20197 (Possible DoS in HFS+ file parser).
    - CVE-2023-20212 (Possible DoS in AutoIt file parser).
  * Use cmake for xml2 detection (Closes: #949100).
  * Replace tomsfastmath with OpenSSL's BN.
  * Don't enable clamonacc by default (Closes: #1030171).
  * Let the clamav-daemon.socket depend on the service file again
    (Closes: #1044136).

 -- Sebastian Andrzej Siewior <email address hidden>  Sat, 19 Aug 2023 19:07:32 +0200

clamav (0.103.8+dfsg-0+deb11u1) bullseye; urgency=medium

  * Import 0.103.8 (Closes: #1031509)
    - CVE-2023-20032 (Possible RCE in the HFS+ file parser).
    - CVE-2023-20052 (Possible information leak in the DMG file parser).

 -- Sebastian Andrzej Siewior <email address hidden>  Fri, 17 Feb 2023 21:43:57 +0100

clamav (1.0.1+dfsg-2) unstable; urgency=medium

  * Depend on latest libtfm1 (Closes: #1031896, #1027010).

 -- Sebastian Andrzej Siewior <email address hidden>  Sun, 26 Feb 2023 17:39:06 +0100

clamav (1.0.1+dfsg-1) unstable; urgency=medium

  * Import 1.0.1 (Closes: #1031509)
    - CVE-2023-20032 (Possible RCE in the HFS+ file parser).
    - CVE-2023-20052 (Possible information leak in the DMG file parser).

 -- Sebastian Andrzej Siewior <email address hidden>  Fri, 17 Feb 2023 20:29:05 +0100

clamav (1.0.0+dfsg-6) unstable; urgency=medium

  [ Sebastian Andrzej Siewior ]
  * Add d/p/Add-an-option-to-avoid-setting-RPATH-on-unix-systems.patch to fix
    rpath issues

  [ Scott Kitterman ]
  * Remove obsolete usr/share/doc/*/NEWS.gz links from debian/*.links, no
    longer provided in the package (Thanks to Paul Wise for reporting)
    (Closes: #1029173)
  * Complete update of d/copyright for upstream file removal/reorganization
  * Restore and update clamav-freshclam and libclamav lintian-overrides for
    current lintian
  * Drop depends on obsolete package lsb-base

 -- Scott Kitterman <email address hidden>  Sat, 21 Jan 2023 18:02:12 -0500

clamav (1.0.0+dfsg-5) unstable; urgency=medium

  [ Scott Kitterman ]
  * Update paths in d/tests/clamd for new source layout
  * Add misc:Pre-Depends to clamav-daemon and clamav-milter for
    init-system-helpers
  * Remove obsolete debian/NEWS file
  * More lintian override corrections
  * Start of removing obsolete d/copyright entries

  [ Sebastian Andrzej Siewior ]
  * Fix testsuite on big endian architecures.

 -- Scott Kitterman <email address hidden>  Fri, 06 Jan 2023 12:33:39 -0500

clamav (1.0.0+dfsg-4) unstable; urgency=medium

  * Drop unneeded build-depends on rust-lldb (Closes: #1027948).

 -- Scott Kitterman <email address hidden>  Wed, 04 Jan 2023 18:32:47 -0500

clamav (1.0.0+dfsg-3) unstable; urgency=medium

  * Upload to unstable
  * Directly trigger html docs build to fix lack of html docs and update
    clamav-docs.install
  * Fixup duplicate globs in d/copyright
  * Update paths for new source layout in lintian overrides
  * Update clean rule for new tests
  * Add debian/source/options to ignore changes in Cargo.lock when regenerated
    during build
  * Remove obsolete overrides from d/rules

 -- Scott Kitterman <email address hidden>  Wed, 04 Jan 2023 15:06:03 -0500

clamav (1.0.0+dfsg-2) experimental; urgency=medium

  [ Scott Kitterman ]
  * Add libclamav11 replaces libclamav9 since the libfreshclam so name did not
    change (Closes: #1027698).

  [ Sebastian Andrzej Siewior ]
  * Use a version-script and limit the exported symbols of libclamav and
    libfreshclam.

 -- Sebastian Andrzej Siewior <email address hidden>  Mon, 02 Jan 2023 18:38:42 +0100

clamav (1.0.0+dfsg-1) experimental; urgency=medium

  * Update to 1.0.0 (Closes: #1006179).

 -- Sebastian Andrzej Siewior <email address hidden>  Sat, 31 Dec 2022 13:44:59 +0100

clamav (0.103.6+dfsg-0+deb10u1) buster; urgency=medium

  * Import 0.103.6
    - CVE-2022-20770 (Possible infinite loop vulnerability in the CHM file
      parser).
    - CVE-2022-20796 (Possible NULL-pointer dereference crash in the scan
      verdict cache check).
    - CVE-2022-20771 (Possible infinite loop vulnerability in the TIFF file
      parser).
    - CVE-2022-20785 (Possible memory leak in the HTML file parser/
      Javascript normalizer).
    - CVE-2022-20792 (Possible multi-byte heap buffer overflow write
      vulnerability in the signature database load module.
    - Update symbol file.

 -- Sebastian Andrzej Siewior <email address hidden>  Thu, 26 May 2022 10:19:13 +0200

clamav (0.103.7+dfsg-0+deb11u1) bullseye; urgency=medium

  * Import 0.103.7
    - Update symbol file.

 -- Sebastian Andrzej Siewior <email address hidden>  Sun, 21 Aug 2022 21:28:52 +0200

clamav (0.103.7+dfsg-1) unstable; urgency=medium

  * Import 0.103.7
    - Update symbol file.

 -- Sebastian Andrzej Siewior <email address hidden>  Sun, 14 Aug 2022 21:33:51 +0200

clamav (0.103.6+dfsg-0+deb11u1) bullseye; urgency=medium

  * Import 0.103.6
    - CVE-2022-20770 (Possible infinite loop vulnerability in the CHM file
      parser).
    - CVE-2022-20796 (Possible NULL-pointer dereference crash in the scan
      verdict cache check).
    - CVE-2022-20771 (Possible infinite loop vulnerability in the TIFF file
      parser).
    - CVE-2022-20785 (Possible memory leak in the HTML file parser/
      Javascript normalizer).
    - CVE-2022-20792 (Possible multi-byte heap buffer overflow write
      vulnerability in the signature database load module.
    - Update symbol file.

 -- Sebastian Andrzej Siewior <email address hidden>  Thu, 26 May 2022 10:17:16 +0200

clamav (0.103.6+dfsg-1) unstable; urgency=medium

  * Import 0.103.6
    - CVE-2022-20770 (Possible infinite loop vulnerability in the CHM file
      parser).
    - CVE-2022-20796 (Possible NULL-pointer dereference crash in the scan
      verdict cache check).
    - CVE-2022-20771 (Possible infinite loop vulnerability in the TIFF file
      parser).
    - CVE-2022-20785 (Possible memory leak in the HTML file parser/
      Javascript normalizer).
    - CVE-2022-20792 (Possible multi-byte heap buffer overflow write
      vulnerability in the signature database load module.
    - Update symbol file.

 -- Sebastian Andrzej Siewior <email address hidden>  Thu, 12 May 2022 18:55:59 +0200

Available diffs

• diff from 0.103.5+dfsg-1 to 0.103.6+dfsg-1 (1.5 MiB)

clamav (0.103.5+dfsg-0+deb10u1) buster; urgency=medium

  * Import 0.103.5
   - CVE-2022-20698 (Fix for invalid pointer read that may cause a crash).
   - Update symbol file.

 -- Sebastian Andrzej Siewior <email address hidden>  Thu, 13 Jan 2022 21:51:03 +0100

clamav (0.103.5+dfsg-0+deb11u1) bullseye; urgency=medium

  * Import 0.103.5
   - CVE-2022-20698 (Fix for invalid pointer read that may cause a crash).
   - Update symbol file.

 -- Sebastian Andrzej Siewior <email address hidden>  Thu, 13 Jan 2022 21:49:00 +0100

clamav (0.103.5+dfsg-1) unstable; urgency=medium

  * Import 0.103.5
   - CVE-2022-20698 (Fix for invalid pointer read that may cause a crash).
   - Update symbol file.

 -- Sebastian Andrzej Siewior <email address hidden>  Wed, 12 Jan 2022 21:31:23 +0100

Available diffs

• diff from 0.103.4+dfsg-1build1 (in Ubuntu) to 0.103.5+dfsg-1 (1.4 MiB)

clamav (0.103.4+dfsg-1) unstable; urgency=medium

  * Import 0.103.4
   - Update symbol file.
  * Add clamonacc.8.
  * Install clamonacc only on Linux. Patch by Laurent Bigonvill
    (Closes: #992776).
  * Drop unused libidn11-dev dependency, suggested by Simon Josefsson
    (Closes: #991976).

 -- Sebastian Andrzej Siewior <email address hidden>  Tue, 16 Nov 2021 22:03:15 +0100

Available diffs

• diff from 0.103.3+dfsg-1 to 0.103.4+dfsg-1 (1.6 MiB)

clamav (0.103.3+dfsg-0+deb10u1) buster; urgency=medium

  * Import 0.103.3
    - Update symbol file.
    - Regression: clamdscan segfaults with --fdpass --multipass and
      ExcludePath (Closes: #988218).
  * Remove clamav user on purge (Closes: #987861).
  * Remove freshclam.dat on purge.

 -- Sebastian Andrzej Siewior <email address hidden>  Sat, 04 Sep 2021 15:51:26 +0200

clamav (0.103.3+dfsg-0+deb11u1) bullseye; urgency=medium

  * Import 0.103.3
    - Update symbol file.
    - Regression: clamdscan segfaults with --fdpass --multipass and
      ExcludePath (Closes: #988218).
  * Remove clamav user on purge (Closes: #987861).
  * Remove freshclam.dat on purge.

 -- Sebastian Andrzej Siewior <email address hidden>  Sat, 04 Sep 2021 16:48:13 +0200

clamav (0.103.3+dfsg-1) unstable; urgency=medium

  * Import 0.103.2
    - Update symbol file.
    - Regression: clamdscan segfaults with --fdpass --multipass and
      ExcludePath (Closes: #988218).
  * Remove clamav user on purge (Closes: #987861).
  * Remove freshclam.dat on purge.

 -- Sebastian Andrzej Siewior <email address hidden>  Fri, 02 Jul 2021 00:06:16 +0200

Available diffs

• diff from 0.103.2+dfsg-2 to 0.103.3+dfsg-1 (20.1 KiB)

clamav (0.103.2+dfsg-0+deb10u1) buster; urgency=medium

  [ Sebastian Andrzej Siewior ]
  * Import 0.103.2
    - CVE-2021-1252 (Fix for Excel XLM parser infinite loop.)
    - CVE-2021-1404 (Fix for PDF parser buffer over-read; possible crash.)
    - CVE-2021-1405 (Fix for mail parser NULL-dereference crash.)
    - Fix testsuite in an IPv6 only environment (Closes: #963853).
    - Update symbol file.
    - Drop CURL_CA_BUNDLE related patch, changes applied upstream.
   (Closes: #986622).
  * Rename NEWS.Debian to NEWS.
  * Update lintian overrides.
  * Update apparmor profile for freshclam. Thanks to Michael Borgelt.
    (Closes: #972974)
  * Update apparmor profile for clamd. Thanks to Stefano Callegari.
    (Closes: #973619).
  * Remove deprecated option SafeBrowsing from debconf templates.

  [ Helmut Grohne ]
  * Honour DEB_BUILD_OPTIONS=nocheck again. (Closes: #960843)

 -- Sebastian Andrzej Siewior <email address hidden>  Wed, 14 Apr 2021 08:38:52 +0200

clamav (0.103.2+dfsg-2) unstable; urgency=medium

  * Remove deprecated option SafeBrowsing from debconf templates.

 -- Sebastian Andrzej Siewior <email address hidden>  Thu, 15 Apr 2021 21:59:11 +0200

Available diffs

• diff from 0.103.2+dfsg-1 to 0.103.2+dfsg-2 (23.8 KiB)

clamav (0.103.2+dfsg-1) unstable; urgency=medium

  * Import 0.103.2
    - CVE-2021-1252 (Fix for Excel XLM parser infinite loop.)
    - CVE-2021-1404 (Fix for PDF parser buffer over-read; possible crash.)
    - CVE-2021-1405 (Fix for mail parser NULL-dereference crash.)
    - Update symbol file.
   (Closes: #986622).

 -- Sebastian Andrzej Siewior <email address hidden>  Mon, 12 Apr 2021 21:31:08 +0200

Available diffs

• diff from 0.103.0+dfsg-3.1 to 0.103.2+dfsg-1 (137.9 KiB)

clamav (0.103.0+dfsg-3.1) unstable; urgency=medium

  * Non-maintainer upload.
  * debian/patches: Apply upstream patch to fix call of ck_assert_msg (Closes:
    #980592)

 -- Sebastian Ramacher <email address hidden>  Sun, 21 Feb 2021 16:00:07 +0100

Available diffs

• diff from 0.103.0+dfsg-3 to 0.103.0+dfsg-3.1 (16.5 KiB)

clamav (0.103.0+dfsg-3) unstable; urgency=medium

  * Update apparmor profile for clamd. Thanks to Stefano Callegari.
    (Closes: #973619).

 -- Sebastian Andrzej Siewior <email address hidden>  Tue, 03 Nov 2020 22:03:19 +0100

Available diffs

• diff from 0.102.4+dfsg-1build1 (in Ubuntu) to 0.103.0+dfsg-3 (499.4 KiB)
• diff from 0.103.0+dfsg-2 to 0.103.0+dfsg-3 (498 bytes)

clamav (0.103.0+dfsg-2) unstable; urgency=medium

  * Update apparmor profile for freshclam. Thanks to Michael Borgelt.
    (Closes: #972974)
  * Fix testsuite in an IPv6 only environment (Closes: #963853).

 -- Sebastian Andrzej Siewior <email address hidden>  Sun, 01 Nov 2020 20:29:46 +0100

Available diffs

• diff from 0.103.0+dfsg-1 to 0.103.0+dfsg-2 (1.7 KiB)

clamav (0.103.0+dfsg-1) unstable; urgency=medium

  * Import 0.103.0
    - Drop CURL_CA_BUNDLE related patch, changes applied upstream.
    - Update symbol file.
  * Rename NEWS.Debian to NEWS.
  * Update lintian overrides.

 -- Sebastian Andrzej Siewior <email address hidden>  Sat, 24 Oct 2020 18:05:10 +0200

clamav (0.102.4+dfsg-0+deb10u1) buster; urgency=medium

  * Import 0.102.4
    - CVE-2020-3350 (A malicious user trick clamav into moving a different file).
    - CVE-2020-3327 (A vulnerability in the ARJ archive parsing module).
    - CVE-2020-3481 (A vulnerability in the EGG archive module).
  * Update symbol file.

 -- Sebastian Andrzej Siewior <email address hidden>  Sat, 18 Jul 2020 00:22:32 +0200

clamav (0.102.3+dfsg-0~deb9u1) stretch; urgency=medium

  [ Sebastian Andrzej Siewior ]
  * Import 0.102.3
   - CVE-2020-3327 (A vulnerability in the ARJ archive parsing module)
   - CVE-2020-3341 (A vulnerability in the PDF parsing module)
  * Update symbol file.

  [ Scott Kitterman ]
  * Add Suggests for unversioned libclamunrar package on clamav-daemon and
    clamav binaries

 -- Sebastian Andrzej Siewior <email address hidden>  Sat, 30 May 2020 00:12:26 +0200

clamav (0.102.4+dfsg-1) unstable; urgency=medium

  [ Helmut Grohne ]
  * Honour DEB_BUILD_OPTIONS=nocheck again. (Closes: #960843)

  [ Scott Kitterman ]
  * Add Suggests for unversioned libclamunrar package on clamav-daemon and
    clamav binaries

  [ Sebastian Andrzej Siewior ]
  * Import 0.102.4
    - CVE-2020-3350 (A malicious user trick clamav into moving a different file).
    - CVE-2020-3327 (A vulnerability in the ARJ archive parsing module).
    - CVE-2020-3481 (A vulnerability in the EGG archive module).
  * Update symbol file.

 -- Sebastian Andrzej Siewior <email address hidden>  Fri, 17 Jul 2020 20:30:03 +0200

Available diffs

• diff from 0.102.3+dfsg-1 to 0.102.4+dfsg-1 (19.4 KiB)

clamav (0.102.3+dfsg-1) unstable; urgency=medium

  * Import 0.102.3
   - CVE-2020-3327 (A vulnerability in the ARJ archive parsing module)
   - CVE-2020-3341 (A vulnerability in the PDF parsing module)
  * Update symbol file.

 -- Sebastian Andrzej Siewior <email address hidden>  Sat, 16 May 2020 17:12:04 +0200

Available diffs

• diff from 0.102.2+dfsg-2ubuntu1 (in Ubuntu) to 0.102.3+dfsg-1 (31.5 KiB)

clamav (0.102.2+dfsg-0+deb10u1) buster; urgency=medium

  * Import 0.102.2
    - CVE-2020-3123 (DoS may occur in the optional DLP feature)
      (Closes: 950944).
  * Update symbol file.
  * Set ReceiveTimeout to 0 which is upstream default.
  * Add a patch to let freshclam consider CURL_CA_BUNDLE environment variable
    to set the CA bundle (like curl does) (Closes: #951057).
  * Recommend ca-certificates, new freshclash uses https by default.

 -- Sebastian Andrzej Siewior <email address hidden>  Sat, 22 Feb 2020 14:39:45 +0100

clamav (0.102.2+dfsg-2) unstable; urgency=medium

  * Add a patch to let freshclam consider CURL_CA_BUNDLE environment variable
    to set the CA bundle (like curl does) (Closes: #951057).
  * Recommend ca-certificates, new freshclash uses https by default.
  * Bump standards-version to 4.5.0 without further change
  * Use dh-compat level 12.

 -- Sebastian Andrzej Siewior <email address hidden>  Sat, 22 Feb 2020 13:41:02 +0100

clamav (0.102.2+dfsg-1) unstable; urgency=medium

  * Import 0.102.2
    - CVE-2020-3123 (DoS may occur in the optional DLP feature)
      (Closes: 950944).
  * Update symbol file.
  * Set ReceiveTimeout to 0 which is upstream default.

 -- Sebastian Andrzej Siewior <email address hidden>  Sun, 09 Feb 2020 20:24:46 +0100

clamav (0.102.1+dfsg-0+deb9u2) stretch; urgency=medium

  * clamav-daemon: Correct error from ScanOnAccess option removal so that
    setting LogFile options via DebConf works again (Closes: #950296)

 -- Scott Kitterman <email address hidden>  Fri, 31 Jan 2020 16:49:37 -0500

clamav (0.102.1+dfsg-0+deb10u2) buster; urgency=medium

  * clamav-daemon: Correct error from ScanOnAccess option removal so that
    setting LogFile options via DebConf works again (Closes: #950296)

 -- Scott Kitterman <email address hidden>  Fri, 31 Jan 2020 16:49:37 -0500

clamav (0.102.1+dfsg-3) unstable; urgency=medium

  * clamav-daemon: Do not cause an error on start if /run/clamav already
    exists
  * clamav-daemon: Correct error from ScanOnAccess option removal so that
    setting LogFile options via DebConf works again (Closes: #950296)
    (LP: #1861497)

 -- Scott Kitterman <email address hidden>  Fri, 31 Jan 2020 16:49:37 -0500

clamav (0.102.1+dfsg-2) unstable; urgency=medium

  * Add the clamonacc binary to the clamav-daemon package.
  * Drop ScanOnAccess option. The clamonacc provides this functionality.

 -- Sebastian Andrzej Siewior <email address hidden>  Mon, 23 Dec 2019 20:54:21 +0100

clamav (0.102.1+dfsg-1) unstable; urgency=medium

  * Import 0.102.1 (Closes: #945265)
   - CVE-2019-15961 (A Denial-of-Service as a result of excessively long scan
      times).
   - Let freshclam show progress during download (Closes: #690789).
  * Update symbol file.
  * Add libfreshclam to the libclamav9 package.

 -- Sebastian Andrzej Siewior <email address hidden>  Sat, 30 Nov 2019 19:22:15 +0100

clamav (0.101.4+dfsg-0+deb9u1) stretch; urgency=medium

  * Import 0.101.4 (Closes: 921190)
   - CVE-2019-12625 (Add scan time limit to limit the processing zip-bombs)
     (Closes:934359)
   - CVE-2019-12900 (An out of bounds write was possible within ClamAV's
     NSIS bzip)
   - update symbols file (bump to 101.4 and drop unused cli_strnstr).

 -- Sebastian Andrzej Siewior <email address hidden>  Sun, 25 Aug 2019 14:08:40 +0200

clamav (0.101.4+dfsg-0+deb10u1) buster; urgency=medium

  * Import 0.101.4
   - CVE-2019-12625 (Add scan time limit to limit the processing zip-bombs)
     (Closes:934359)
   - CVE-2019-12900 (An out of bounds write was possible within ClamAV's
     NSIS bzip)
   - update symbols file (bump to 101.4 and drop unused cli_strnstr).

 -- Sebastian Andrzej Siewior <email address hidden>  Sun, 25 Aug 2019 12:53:19 +0200

clamav (0.101.4+dfsg-1) unstable; urgency=medium

  * Import 0.101.4
   - CVE-2019-12625 (Add scan time limit to limit the processing zip-bombs)
     (Closes:934359)
   - CVE-2019-12900 (An out of bounds write was possible within ClamAV's
     NSIS bzip)
   - update symbols file (bump to 101.4 and drop unused cli_strnstr).

 -- Sebastian Andrzej Siewior <email address hidden>  Sun, 25 Aug 2019 12:38:25 +0200

clamav (0.101.2+dfsg-3) unstable; urgency=medium

  * Cherry-pick a fix from 0.101.3 to address a vulnerability to
    non-recursive zip bombs.

 -- Sebastian Andrzej Siewior <email address hidden>  Tue, 06 Aug 2019 21:42:06 +0200

clamav (0.101.2+dfsg-2) unstable; urgency=medium

  * Remove python from build-depends:
    - Only needed for llvm, which is currently (and probably permanently)
      disabled
    - Support python2 removal, if this comes back, it will need to be python3

 -- Scott Kitterman <email address hidden>  Fri, 02 Aug 2019 09:20:43 -0400

clamav (0.100.3+dfsg-0+deb9u1) stretch; urgency=medium

  * New upstream security release
    - Fixes for the following vulnerabilities:
      - [CVE-2019-1787]:
        An out-of-bounds heap read condition may occur when scanning PDF
        documents. The defect is a failure to correctly keep track of the number
        of bytes remaining in a buffer when indexing file data.
      - [CVE-2019-1789]:
        An out-of-bounds heap read condition may occur when scanning PE files
        (i.e. Windows EXE and DLL files) that have been packed using Aspack as a
        result of inadequate bound-checking.
      - [CVE-2019-1788]:
        An out-of-bounds heap write condition may occur when scanning OLE2 files
        such as Microsoft Office 97-2003 documents. The invalid write happens when
        an invalid pointer is mistakenly used to initialize a 32bit integer to
        zero. This is likely to crash the application.
  * Update debian/copyright
  * Update private symbols for new upstream release

 -- Scott Kitterman <email address hidden>  Fri, 29 Mar 2019 19:40:34 -0400

clamav (0.101.2+dfsg-1) unstable; urgency=high

  * Import 0.101.2
   - CVE-2019-1787 (An out-of-bounds heap read condition may occur when
     scanning PDF documents)
   - CVE-2019-1789 (An out-of-bounds heap read condition may occur when
     scanning PE files)
   - CVE-2019-1788 (An out-of-bounds heap write condition may occur when
     scanning OLE2 files)
   - CVE-2019-1786 (An out-of-bounds heap read condition may occur when
     scanning malformed PDF documents)
   - CVE-2019-1785 (A path-traversal write condition may occur as a result of
     improper input validation when scanning RAR archives)
   - CVE-2019-1798 (A use-after-free condition may occur as a result of
     improper error handling when scanning nested RAR archives)
   - update symbols file
   - Remove DetectBrokenExecutables option from clamd template, it is
     deprecated.
  * Drop the dbgsym migration line.
  * Bump standards-version to 4.3.0 without further change

 -- Sebastian Andrzej Siewior <email address hidden>  Sat, 30 Mar 2019 16:25:48 +0100

clamav (0.101.1+dfsg-3) unstable; urgency=medium

  * Upload to unstable.

 -- Sebastian Andrzej Siewior <email address hidden>  Thu, 28 Feb 2019 23:36:02 +0100

clamav (0.101.1+dfsg-2) experimental; urgency=medium

  [ Scott Kitterman ]
  * Add information to README.Debian on configuring clamav-milter's socket to
    work with postfix

  [ Sebastian Andrzej Siewior ]
  * debian/libclamav-dev.install: also install clamav-types.h

 -- Scott Kitterman <email address hidden>  Mon, 04 Feb 2019 10:12:57 -0500

clamav (0.101.1+dfsg-1) experimental; urgency=medium

  [ Scott Kitterman ]
  * Update debian/copyright
  * Add Build-Depends-Package to libclamav9.symbols
  * Update clamav-docs.doc-base for re-organized documentation
  * Add lintian override for source-is-missing on test file that happens
    to have long line length
  * Drop build-depends on electric-fence, upstream no longer ships the
    relevant tests that used it

  [ Sebastian Andrzej Siewior ]
  * Import 0.101.1
    - update symbol file
    - add back the json/curl configure options (don't rely on autodetect).
  * Add abstractions/openssl to apparmor's profile. Thanks to intrigeri for
    the help (Closes: #913020).
  * Load the apparmor profile before starting the daemon. Thanks to intrigeri
    for the help (Closes: #903834).
  * Add attach_disconnected to freshclam's apparmor profile to hopefully get
    it properly working in overlayfs enviroment. Thanks to Vincas Dargis
    (Closes: #917648).

 -- Sebastian Andrzej Siewior <email address hidden>  Fri, 11 Jan 2019 23:00:17 +0100

clamav (0.101.0+dfsg-1) experimental; urgency=medium

  [ Scott Kitterman ]
  * Increase clamd socket command read timeout to 30 seconds (Closes: #915098)

  [ Sebastian Andrzej Siewior ]
  * Import new upstream release.
   - update symbol file.
   - add new options to the config file.
   - package libclamav9

 -- Sebastian Andrzej Siewior <email address hidden>  Wed, 19 Dec 2018 21:22:53 +0100

clamav (0.100.2+dfsg-2) unstable; urgency=medium

  * Increase clamd socket command read timeout to 30 seconds (Closes: #915098)

 -- Scott Kitterman <email address hidden>  Fri, 07 Dec 2018 14:24:26 -0500

clamav (0.100.2+dfsg-0+deb9u1) stretch; urgency=medium

  * Import new upstream
    - Bump symbol version due to new version.
    - CVE-2018-15378 (Closes: #910430).
  * add NEWS.md and README.md from upstream
  * Fix infinite loop in dpkg-reconfigure, Patch by Santiago Ruano Rincón
    (Closes: #905044).

 -- Sebastian Andrzej Siewior <email address hidden>  Fri, 12 Oct 2018 23:44:44 +0200

clamav (0.100.2+dfsg-1) unstable; urgency=medium

  * Import new upstream
    - Bump symbol version due to new version.
    - CVE-2018-15378 (Closes: #910430).
  * add NEWS.md and README.md from upstream
  * Fix infinite loop in dpkg-reconfigure, Patch by Santiago Ruano Rincón
    (Closes: #905044).

 -- Sebastian Andrzej Siewior <email address hidden>  Wed, 10 Oct 2018 00:15:02 +0200

clamav (0.100.0+dfsg-0+deb9u2) stretch; urgency=medium

  * Don't fail on recently removed config options (Closes: #902290).

 -- Sebastian Andrzej Siewior <email address hidden>  Wed, 04 Jul 2018 23:14:43 +0200

clamav (0.100.1+dfsg-1) unstable; urgency=medium

  [ Scott Kitterman ]
  * Only create clamav user during clamav-base install if it does not exist
    (LP: #121872)
    - Thanks to Shane Williams for the patch
  * Remove spurious debian/changelog entry for the above change from the
    0.100.0~beta+dfsg-1 entry since the change was not actually included

  [ Sebastian Andrzej Siewior ]
  * Import new upstream.
  * Bump symbol version due to new version.
  * Add read permission for freshclam on /var/log in the apparmor profile.
    Thanks to Robie Basak (Closes: #902601).
  * Bump standards-version to 4.1.5 without further change

 -- Sebastian Andrzej Siewior <email address hidden>  Wed, 11 Jul 2018 21:44:30 +0200

clamav (0.100.0+dfsg-0+deb8u1) jessie; urgency=medium

  [ Sebastian Andrzej Siewior ]
  * New upstream release.
    - remove various documentation files including Changelog from the file
      list because they are no longer included in upstream archive.
    - update symbol file
  * Don't replace config file with sample config after debconf gets disabled
    (in milter and daemon (Closes: #870253).
  * Add bytecode.c(l|v)d to log clamav-freshclam.logcheck.ignore.server. Patch
     by Václav Ovsík <email address hidden> (Closes: #868766).
  * Disable the freshclam service if changed to `manual' mode so it does not
    start again after system reboot with systemd (Closes: #881780).
  * Drop "demime = *" from Debian.README for clamav, this option is deprecated
    and will be removed from exim (Closes: #881634).
  * Point Vcs-* tags to salsa.

  [ Scott Kitterman ]
  * Update README.Debian to describe how to disable apparmor for clamav-daemon
    and clamav-freshclam (Closes: #884707)

 -- Sebastian Andrzej Siewior <email address hidden>  Wed, 25 Apr 2018 21:58:31 +0200

clamav (0.100.0+dfsg-1) unstable; urgency=medium

  * New upstream release.
    - remove various documentation files including Changelog from the file
      list because they are no longer included in upstream archive.

 -- Sebastian Andrzej Siewior <email address hidden>  Wed, 11 Apr 2018 23:49:43 +0200

clamav (0.100.0~beta+dfsg-2) unstable; urgency=medium

  * Switch to pcre2 which is newer (Closes: #891195).
  * Cherry pick patches referenced in bb#11973 and bb#11980 to fix
    CVE-2018-0202.
  * Use compat level 11.

 -- Sebastian Andrzej Siewior <email address hidden>  Sat, 10 Mar 2018 14:43:43 +0100

clamav (0.99.4+dfsg-1+deb9u1) stretch; urgency=medium

  * Update to upstream 0.99.4:
    Fixes for CVE: CVE-2018-1000085, CVE-2018-0202.
  * Update the gpg signing key (the old DSA expired).
  * Update version of private symbols due to version change.
  * Bump symbol version of cl_retflevel because CL_FLEVEL changed.

 -- Sebastian Andrzej Siewior <email address hidden>  Sat, 03 Mar 2018 12:15:58 +0100

clamav (0.100.0~beta+dfsg-1) unstable; urgency=medium

  [ Scott Kitterman ]
  * Only create clamav user during clamav-base install if it does not exist
    (LP: #121872)
    - Thanks to Shane Williams for the patch
  * Add lintian override for clamav-freshclam: duplicate-updaterc.d-calls-in-
    postinst clamav-freshclam
  * New upstream beta release
  * Bump standards-version to 4.1.3 without further change
  * Update README.Debian to describe how to disable apparmor for clamav-daemon
    and clamav-freshclam (Closes: #884707)

  [ Sebastian Andrzej Siewior ]
  * Point Vcs-* tags to salsa.

 -- Scott Kitterman <email address hidden>  Fri, 09 Feb 2018 18:23:25 -0500

clamav (0.99.3~beta2+dfsg-1) unstable; urgency=medium

  * Update upstream's signing gpg key
  * Update to beta2:
    - freshclam does not complain that clamav is outdated (Closes: #873401).

 -- Sebastian Andrzej Siewior <email address hidden>  Mon, 08 Jan 2018 23:13:06 +0100

clamav (0.99.3~beta1+dfsg-4) unstable; urgency=medium

  * Ignore errors from update-rc.d in freshclam postins (Closes: #882323).
  * Drop dh-systemd & autoreconf from B-D.

 -- Sebastian Andrzej Siewior <email address hidden>  Wed, 22 Nov 2017 00:00:17 +0100

clamav (0.99.3~beta1+dfsg-3) unstable; urgency=medium

  * Drop "demime = *" from Debian.README for clamav, this option is gone from
    exim (Closes: #881634).
  * Use "ucf" instead "ucp" in clamav-milter's postinst.
  * Disable LLVM support due to 3.8 removal (Closes: #873401).
  * Disable the freshclam service if changed to `manual' mode so it does start
    again after system reboot with systemd (Closes: #881780).
  * Bump standards version to 4.1.1 without further change.
  * Allow to build as non root user.
  * Update dh compat level 10

 -- Sebastian Andrzej Siewior <email address hidden>  Mon, 20 Nov 2017 21:52:34 +0100

clamav (0.99.3~beta1+dfsg-2) unstable; urgency=medium

  * Build again against system's libmspack (dropped by accident)
    (Closes: #872594).
  * Don't replace config file with sample config after debconf gets disabled
    (in milter and daemon (Closes: #870253).
  * Update standards to 4.0.1
    - use invoke-rc.d instead of /etc/init.d.
    - drop priority extra from clamav-milter.
  * Add bytecode.c(l|v)d to log clamav-freshclam.logcheck.ignore.server. Patch
    by Václav Ovsík <email address hidden> (Closes: #868766).

 -- Sebastian Andrzej Siewior <email address hidden>  Sat, 02 Sep 2017 21:26:33 +0200