... | ... |
@@ -1,3 +1,206 @@ |
1 |
+Mon, 27 Apr 12:00:00 EDT |
|
2 |
+----------------------------------- |
|
3 |
+ * 0.98.7 Release. |
|
4 |
+ |
|
5 |
+Tue, 14 Apr 2015 15:53:17 EDT (klin) |
|
6 |
+----------------------------------- |
|
7 |
+ * bb#11296 - various fixes to pdf string base64 string conversion |
|
8 |
+ |
|
9 |
+Mon, 13 Apr 2015 12:14:41 EDT (smorgan) |
|
10 |
+----------------------------------- |
|
11 |
+ * bb11298 - look for TOC element name <unarchived-checksum> |
|
12 |
+ (as a synonynm for <extracted-checksum>). Continue processing rather |
|
13 |
+ than exit in the event of missing or error in TOC checksum specification. |
|
14 |
+ |
|
15 |
+Wed, 8 Apr 2015 15:51:04 EDT (smorgan) |
|
16 |
+----------------------------------- |
|
17 |
+ * iso9660: remove unnecessaty parameter on iso_parse_dir() and reset return |
|
18 |
+ code when scanall is in effect. |
|
19 |
+ |
|
20 |
+Wed, 1 Apr 2015 17:41:59 EDT (klin) |
|
21 |
+----------------------------------- |
|
22 |
+ * pdf: correctly handle decoding, decryption, character set conversions, |
|
23 |
+ and file properties collection(base64 encoded as needed). |
|
24 |
+ |
|
25 |
+Fri, 27 Mar 2015 13:21:49 EDT (klin) |
|
26 |
+----------------------------------- |
|
27 |
+ * converted cb_file_props from using engine-based ctx to file-based ctx |
|
28 |
+ |
|
29 |
+Thu, 26 Mar 2015 12:24:02 EDT (smorgan) |
|
30 |
+----------------------------------- |
|
31 |
+ * bb11281 - Reworked reverted upack.c crash patch to fix regression |
|
32 |
+ false negatives. |
|
33 |
+ |
|
34 |
+Tue, 24 Mar 2015 12:06:57 EDT (klin) |
|
35 |
+----------------------------------- |
|
36 |
+ * make check: added env check 'T' to set timeout |
|
37 |
+ |
|
38 |
+Mon, 23 Mar 2015 17:58:35 EDT (klin) |
|
39 |
+----------------------------------- |
|
40 |
+ * bb#11282 - patch for code clean up in rebuildpe. Patch |
|
41 |
+ supplied by Sebastian Andrzej Siewior. |
|
42 |
+ |
|
43 |
+Mon, 23 Mar 2015 13:04:54 EDT (klin) |
|
44 |
+----------------------------------- |
|
45 |
+ * bb#11284 - fixed integer underflow in detecting W32.Polipos.A method. |
|
46 |
+ Patch supplied by Sebastian Andrzej Siewior. |
|
47 |
+ |
|
48 |
+Mon, 16 Mar 2015 18:35:14 EDT (klin) |
|
49 |
+----------------------------------- |
|
50 |
+ * updated documentation on document property collection |
|
51 |
+ |
|
52 |
+Mon, 16 Mar 2015 18:26:07 EDT (klin) |
|
53 |
+----------------------------------- |
|
54 |
+ * added support for MS Office 2003 XML(msxml) document types and msxml |
|
55 |
+ file properties collection. |
|
56 |
+ |
|
57 |
+Mon, 16 Mar 2015 13:11:56 EDT (klin) |
|
58 |
+----------------------------------- |
|
59 |
+ * fixed converity issue ID 12109 buffer was not freed on rare error case |
|
60 |
+ |
|
61 |
+Mon, 16 Mar 2015 13:08:03 EDT (klin) |
|
62 |
+----------------------------------- |
|
63 |
+ * fixed coverity ID 12110 12111 changed a the type of a value from unsigned |
|
64 |
+ to signed due to possible negative values |
|
65 |
+ |
|
66 |
+Thu, 12 Mar 2015 19:06:23 EDT (smorgan) |
|
67 |
+----------------------------------- |
|
68 |
+ * Fix for infinite loop on crafted xz file. |
|
69 |
+ |
|
70 |
+Wed, 11 Mar 2015 15:03:43 EDT (smorgan) |
|
71 |
+----------------------------------- |
|
72 |
+ * bb11278 - was not detecting viruses on files inside iso9660. |
|
73 |
+ Also fix up all-match logic. |
|
74 |
+ |
|
75 |
+Mon, 9 Mar 2015 13:02:25 EDT (smorgan) |
|
76 |
+----------------------------------- |
|
77 |
+ * bb11274 - adds out of bounds check for petite packed files. |
|
78 |
+ Patch from Sebastian Andrzej Siewior. |
|
79 |
+ |
|
80 |
+Wed, 4 Mar 2015 14:04:24 EDT (klin) |
|
81 |
+----------------------------------- |
|
82 |
+ * updated example fileprop analysis bytecodes moved old example bytecodes |
|
83 |
+ to examples/fileprop_analysis/old/ |
|
84 |
+ |
|
85 |
+Wed, 4 Mar 2015 12:08:34 EDT (klin) |
|
86 |
+----------------------------------- |
|
87 |
+ * backwards compatibility for target type 13 json scanning |
|
88 |
+ |
|
89 |
+Tue, 3 Mar 2015 17:47:55 EDT (klin) |
|
90 |
+----------------------------------- |
|
91 |
+ * generates fmap from desc if no map is NULL |
|
92 |
+ |
|
93 |
+Tue, 3 Mar 2015 16:37:08 EDT (smorgan) |
|
94 |
+----------------------------------- |
|
95 |
+ * Apply y0da cryptor patch sent in by Sebastian Andrzej Siewior. |
|
96 |
+ |
|
97 |
+Tue, 3 Mar 2015 16:12:48 EDT (klin) |
|
98 |
+----------------------------------- |
|
99 |
+ * flevel updated to 80 (new bytecode hook type) |
|
100 |
+ |
|
101 |
+Tue, 3 Mar 2015 16:12:22 EDT (klin) |
|
102 |
+----------------------------------- |
|
103 |
+ * clambc info option updated for new hook type |
|
104 |
+ |
|
105 |
+Tue, 3 Mar 2015 15:00:41 EDT (klin) |
|
106 |
+----------------------------------- |
|
107 |
+ * added BC_PRECLASS hook support; replaces target type 13 |
|
108 |
+ |
|
109 |
+Mon, 2 Mar 2015 19:06:23 EDT (klin) |
|
110 |
+----------------------------------- |
|
111 |
+ * pdf string UTF-16 conversion no longer solely depends on ICONV reason: |
|
112 |
+ no ICONV meant no conversion even though conversion function existed |
|
113 |
+ |
|
114 |
+Fri, 27 Feb 2015 15:23:51 EDT (klin) |
|
115 |
+----------------------------------- |
|
116 |
+ * bb#11269 - bm matcher no longer sets scanning window offset reason: |
|
117 |
+ certain segments could be hashed multiple times |
|
118 |
+ |
|
119 |
+Wed, 25 Feb 2015 14:55:21 EDT (klin) |
|
120 |
+----------------------------------- |
|
121 |
+ * bb#11269 - hash does not compute on segments smaller than the maxpatlen |
|
122 |
+ |
|
123 |
+Tue, 24 Feb 2015 16:21:09 EDT (klin) |
|
124 |
+----------------------------------- |
|
125 |
+ * bb#11267 - libclamav upx cover against hand crafted section ove patch |
|
126 |
+ supplied bySebastian Andrzej Siewior. |
|
127 |
+ |
|
128 |
+Fri, 27 Feb 2015 16:57:19 EDT (smorgan) |
|
129 |
+----------------------------------- |
|
130 |
+ * Patch for integer overflow checks for petite unpack code supplied by |
|
131 |
+ Sebastian Andrzej Siewior. |
|
132 |
+ |
|
133 |
+Fri, 27 Feb 2015 16:54:55 EDT (smorgan) |
|
134 |
+----------------------------------- |
|
135 |
+ * remove obsolete parameters from the clamd.conf man page: MailMaxRecursion, |
|
136 |
+ ArchiveMaxFileSize, ArchiveMaxRecursion, ArchiveMaxFiles, |
|
137 |
+ ArchiveMaxCompressionRatio, ArchiveBlockMax, ArchiveLimitMemoryUsage, Clamuko*. |
|
138 |
+ |
|
139 |
+Wed, 18 Feb 2015 15:23:54 EDT (klin) |
|
140 |
+----------------------------------- |
|
141 |
+ * bb#11212 - fix MEW unpacker |
|
142 |
+ |
|
143 |
+Mon, 16 Feb 2015 11:46:21 EDT (smorgan) |
|
144 |
+----------------------------------- |
|
145 |
+ * bb11264 - patch for 'possible' heap overflow submitted by the Debian team. |
|
146 |
+ |
|
147 |
+Tue, 10 Feb 2015 15:16:48 EDT (smorgan) |
|
148 |
+----------------------------------- |
|
149 |
+ * bb11260: fix compile error when './configure --disable-pthreads' is specified. |
|
150 |
+ |
|
151 |
+Fri, 6 Feb 2015 14:59:43 EDT (klin) |
|
152 |
+----------------------------------- |
|
153 |
+ * bb#11254 - removed built-in llvm configure check and added |
|
154 |
+ --with-llvm-linking option to specify system-llvm linking method |
|
155 |
+ |
|
156 |
+Fri, 6 Feb 2015 13:22:35 EDT (klin) |
|
157 |
+----------------------------------- |
|
158 |
+ * improved documentation on macro subsignatures |
|
159 |
+ |
|
160 |
+Wed, 4 Feb 2015 18:52:01 EDT (smorgan) |
|
161 |
+----------------------------------- |
|
162 |
+ * fix documentation errors in example logical signature. |
|
163 |
+ |
|
164 |
+Fri, 30 Jan 2015 12:15:07 EDT (klin) |
|
165 |
+----------------------------------- |
|
166 |
+ * bb#12887 - fixed an issue regarding (fd==-1) in WinAPI |
|
167 |
+ |
|
168 |
+Wed, 28 Jan 2015 11:20:35 EDT (klin) |
|
169 |
+----------------------------------- |
|
170 |
+ * fixed Windows API SetOption/GetOption CLAM_LIMIT_RECURSION |
|
171 |
+ |
|
172 |
+Wed, 21 Jan 2015 11:41:07 EDT (klin) |
|
173 |
+----------------------------------- |
|
174 |
+ * added ICONV to clamconf optional features report |
|
175 |
+ |
|
176 |
+Thu, 15 Jan 2015 15:15:01 EDT (klin) |
|
177 |
+----------------------------------- |
|
178 |
+ * fixed an incorrect return value for magic_scandesc |
|
179 |
+ |
|
180 |
+Wed, 14 Jan 2015 09:25:47 EDT (klin) |
|
181 |
+----------------------------------- |
|
182 |
+ * cleaned up configure help strings by using AS_HELP_STRING |
|
183 |
+ |
|
184 |
+Mon, 12 Jan 2015 13:45:36 EDT (klin) |
|
185 |
+----------------------------------- |
|
186 |
+ * bb#11238 - added missing PDF preclass operations |
|
187 |
+ > added whitespace fix for indirect references strings |
|
188 |
+ > added PDF escape sequence handling (including octal) |
|
189 |
+ |
|
190 |
+Thu, 8 Jan 2015 09:48:20 EDT (klin) |
|
191 |
+----------------------------------- |
|
192 |
+ * bb#11237 - fixed bug in building CUD file |
|
193 |
+ |
|
194 |
+Wed, 7 Jan 2015 04:46:15 EDT (smorgan) |
|
195 |
+----------------------------------- |
|
196 |
+ * bb11233 - fix a strange bus error on Mac OS X PPC when using debug mode. |
|
197 |
+ |
|
198 |
+Mon, 22 Dec 2014 12:13:38 EDT (klin) |
|
199 |
+----------------------------------- |
|
200 |
+ * bb#11226 - fixed gpt GUID debugging message |
|
201 |
+ |
|
202 |
+ *** End of 0.98.6, Start of 0.98.7 |
|
203 |
+ |
|
1 | 204 |
|
2 | 205 |
Tue Dec 16 16:21:40 2014 EDT (swebb) |
3 | 206 |
------------------------------------- |
... | ... |
@@ -1,36 +1,45 @@ |
1 |
-0.98.6 |
|
1 |
+0.98.7 |
|
2 | 2 |
------ |
3 | 3 |
|
4 |
-ClamAV 0.98.6 is a bug fix release correcting the following: |
|
4 |
+ClamAV 0.98.7 is here! This release contains new scanning features |
|
5 |
+and bug fixes. |
|
5 | 6 |
|
6 |
- - library shared object revisions. |
|
7 |
- - installation issues on some Mac OS X and FreeBSD platforms. |
|
8 |
- - includes a patch from Sebastian Andrzej Siewior making |
|
9 |
- ClamAV pid files compatible with systemd. |
|
10 |
- - Fix a heap out of bounds condition with crafted Yoda's |
|
11 |
- crypter files. This issue was discovered by Felix Groebert |
|
12 |
- of the Google Security Team. |
|
13 |
- - Fix a heap out of bounds condition with crafted mew packer |
|
14 |
- files. This issue was discovered by Felix Groebert of the |
|
15 |
- Google Security Team. |
|
16 |
- - Fix a heap out of bounds condition with crafted upx packer |
|
17 |
- files. This issue was discovered by Kevin Szkudlapski of |
|
18 |
- Quarkslab. |
|
19 |
- - Fix a heap out of bounds condition with crafted upack packer |
|
20 |
- files. This issue was discovered by Sebastian Andrzej Siewior. |
|
21 |
- CVE-2014-9328. |
|
22 |
- - Compensate a crash due to incorrect compiler optimization when |
|
23 |
- handling crafted petite packer files. This issue was discovered |
|
24 |
- by Sebastian Andrzej Siewior. |
|
25 |
- |
|
26 |
-Thanks to the following ClamAV community members for code submissions |
|
27 |
-and bug reporting included in ClamAV 0.98.6: |
|
7 |
+ - Improvements to PDF processing: decryption, escape sequence |
|
8 |
+ handling, and file property collection. |
|
9 |
+ - Scanning/analysis of additional Microsoft Office 2003 XML format. |
|
10 |
+ - Fix infinite loop condition on crafted y0da cryptor file. Identified |
|
11 |
+ and patch suggested by Sebastian Andrzej Siewior. CVE-2015-2221. |
|
12 |
+ - Fix crash on crafted petite packed file. Reported and patch |
|
13 |
+ supplied by Sebastian Andrzej Siewior. CVE-2015-2222. |
|
14 |
+ - Fix false negatives on files within iso9660 containers. This issue |
|
15 |
+ was reported by Minzhuan Gong. |
|
16 |
+ - Fix a couple crashes on crafted upack packed file. Identified and |
|
17 |
+ patches supplied by Sebastian Andrzej Siewior. |
|
18 |
+ - Fix a crash during algorithmic detection on crafted PE file. |
|
19 |
+ Identified and patch supplied by Sebastian Andrzej Siewior. |
|
20 |
+ - Fix an infinite loop condition on a crafted "xz" archive file. |
|
21 |
+ This was reported by Dimitri Kirchner and Goulven Guiheux. |
|
22 |
+ CVE-2015-2668. |
|
23 |
+ - Fix compilation error after ./configure --disable-pthreads. |
|
24 |
+ Reported and fix suggested by John E. Krokes. |
|
25 |
+ - Apply upstream patch for possible heap overflow in Henry Spencer's |
|
26 |
+ regex library. CVE-2015-2305. |
|
27 |
+ - Fix crash in upx decoder with crafted file. Discovered and patch |
|
28 |
+ supplied by Sebastian Andrzej Siewior. CVE-2015-2170. |
|
29 |
+ - Fix segfault scanning certain HTML files. Reported with sample by |
|
30 |
+ Kai Risku. |
|
31 |
+ - Improve detections within xar/pkg files. |
|
32 |
+ |
|
33 |
+As always, we appreciate contributions of bug reports, code fixes, |
|
34 |
+and sample submission from the ClamAV community members: |
|
28 | 35 |
|
29 | 36 |
Sebastian Andrzej Siewior |
30 |
-Felix Groebert |
|
31 |
-Kevin Szkudlapski |
|
32 |
-Mark Pizzolato |
|
33 |
-Daniel J. Luke |
|
37 |
+Minzhaun Gong |
|
38 |
+Dimitri Kirchner |
|
39 |
+Goulven Guiheux |
|
40 |
+John E. Krokes |
|
41 |
+Kai Risku |
|
42 |
+ |
|
34 | 43 |
|
35 | 44 |
-- |
36 | 45 |
The ClamAV team (http://www.clamav.net/about.html#credits) |
... | ... |
@@ -2,6 +2,48 @@ Note: This README/NEWS file refers to the source tarball. Some things described |
2 | 2 |
here may not be available in binary packages. |
3 | 3 |
-- |
4 | 4 |
|
5 |
+0.98.7 |
|
6 |
+------ |
|
7 |
+ |
|
8 |
+ClamAV 0.98.7 is here! This release contains new scanning features |
|
9 |
+and bug fixes. |
|
10 |
+ |
|
11 |
+ - Improvements to PDF processing: decryption, escape sequence |
|
12 |
+ handling, and file property collection. |
|
13 |
+ - Scanning/analysis of additional Microsoft Office 2003 XML format. |
|
14 |
+ - Fix infinite loop condition on crafted y0da cryptor file. Identified |
|
15 |
+ and patch suggested by Sebastian Andrzej Siewior. CVE-2015-2221. |
|
16 |
+ - Fix crash on crafted petite packed file. Reported and patch |
|
17 |
+ supplied by Sebastian Andrzej Siewior. CVE-2015-2222. |
|
18 |
+ - Fix false negatives on files within iso9660 containers. This issue |
|
19 |
+ was reported by Minzhuan Gong. |
|
20 |
+ - Fix a couple crashes on crafted upack packed file. Identified and |
|
21 |
+ patches supplied by Sebastian Andrzej Siewior. |
|
22 |
+ - Fix a crash during algorithmic detection on crafted PE file. |
|
23 |
+ Identified and patch supplied by Sebastian Andrzej Siewior. |
|
24 |
+ - Fix an infinite loop condition on a crafted "xz" archive file. |
|
25 |
+ This was reported by Dimitri Kirchner and Goulven Guiheux. |
|
26 |
+ CVE-2015-2668. |
|
27 |
+ - Fix compilation error after ./configure --disable-pthreads. |
|
28 |
+ Reported and fix suggested by John E. Krokes. |
|
29 |
+ - Apply upstream patch for possible heap overflow in Henry Spencer's |
|
30 |
+ regex library. CVE-2015-2305. |
|
31 |
+ - Fix crash in upx decoder with crafted file. Discovered and patch |
|
32 |
+ supplied by Sebastian Andrzej Siewior. CVE-2015-2170. |
|
33 |
+ - Fix segfault scanning certain HTML files. Reported with sample by |
|
34 |
+ Kai Risku. |
|
35 |
+ - Improve detections within xar/pkg files. |
|
36 |
+ |
|
37 |
+As always, we appreciate contributions of bug reports, code fixes, |
|
38 |
+and sample submission from the ClamAV community members: |
|
39 |
+ |
|
40 |
+Sebastian Andrzej Siewior |
|
41 |
+Minzhaun Gong |
|
42 |
+Dimitri Kirchner |
|
43 |
+Goulven Guiheux |
|
44 |
+John E. Krokes |
|
45 |
+Kai Risku |
|
46 |
+ |
|
5 | 47 |
0.98.6 |
6 | 48 |
------ |
7 | 49 |
|