Bug 2170297 - clamav-1.3.1 is available
Summary: clamav-1.3.1 is available
Keywords:
Status: NEW
Alias: None
Product: Fedora
Classification: Fedora
Component: clamav
Version: rawhide
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Sergio Basto
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2023-02-16 04:47 UTC by Upstream Release Monitoring
Modified: 2024-04-17 23:01 UTC (History)
16 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Type: ---
Embargoed:


Attachments (Terms of Use)
Update to 1.1.0 (#2170297) (1.04 KB, patch)
2023-05-01 22:09 UTC, Upstream Release Monitoring
no flags Details | Diff
Update to 1.2.0-rc (#2170297) (1.02 KB, patch)
2023-08-04 07:33 UTC, Upstream Release Monitoring
no flags Details | Diff
Update to 1.2.0-rc (#2170297) (1.02 KB, patch)
2023-08-16 18:47 UTC, Upstream Release Monitoring
no flags Details | Diff
Update to 1.2.0 (#2170297) (956 bytes, patch)
2023-08-29 09:09 UTC, Upstream Release Monitoring
no flags Details | Diff
Update to 1.2.1 (#2170297) (956 bytes, patch)
2023-10-26 02:19 UTC, Upstream Release Monitoring
no flags Details | Diff
Update to 1.3.0-rc (#2170297) (1023 bytes, patch)
2023-12-16 20:21 UTC, Upstream Release Monitoring
no flags Details | Diff
Update to 1.3.0-rc2 (#2170297) (1.02 KB, patch)
2024-01-26 01:06 UTC, Upstream Release Monitoring
no flags Details | Diff
Update to 1.3.0 (#2170297) (1.02 KB, patch)
2024-02-07 23:14 UTC, Upstream Release Monitoring
no flags Details | Diff
Update to 1.3.1 (#2170297) (998 bytes, patch)
2024-04-17 23:01 UTC, Upstream Release Monitoring
no flags Details | Diff

Description Upstream Release Monitoring 2023-02-16 04:47:33 UTC
Releases retrieved: 0.103.8, 0.105.2, 1.0.1
Upstream release that is considered latest: 1.0.1
Current version/release in rawhide: 1.0.0-3.fc39
URL: http://www.clamav.net/

Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/


More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release_Monitoring


Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream.


Based on the information from Anitya: https://release-monitoring.org/project/291/


To change the monitoring settings for the project, please visit:
https://src.fedoraproject.org/rpms/clamav

Comment 1 Upstream Release Monitoring 2023-02-16 04:47:40 UTC
Scratch build failed. Details below:

BuilderException: Build failed:
Command '['rpmbuild', '-D', '_sourcedir .', '-D', '_topdir .', '-bs', '/var/tmp/thn-5udq654q/clamav.spec']' returned non-zero exit status 1.

StdOut:
error: Bad source: ./clamav-1.0.1-norar.tar.xz: No such file or directory


Traceback:
  File "/usr/local/lib/python3.10/site-packages/hotness/use_cases/package_scratch_build_use_case.py", line 56, in build
    result = self.builder.build(request.package, request.opts)
  File "/usr/local/lib/python3.10/site-packages/hotness/builders/koji.py", line 188, in build
    raise BuilderException(

If you think this issue is caused by some bug in the-new-hotness, please report it on the-new-hotness issue tracker: https://github.com/fedora-infra/the-new-hotness/issues

Comment 2 Orion Poplawski 2023-02-16 13:47:29 UTC
I've started the build for 1.0.1 in rawhide and f38.  But we'll need to update to 0.103.8 in the stable releases.  Hopefully Sérgio can get to that soon.

Comment 3 Scott Kile 2023-02-17 16:32:55 UTC
Thank you for updating the stable releases to 0.103.8.  As upstream ClamAV lists the 0.103.x LTS reaching EoL in Sept 2023, is there a plan to update the stable releases to 1.0.x LTS?

Comment 4 Orion Poplawski 2023-02-18 22:54:57 UTC
(In reply to Scott Kile from comment #3)
> Thank you for updating the stable releases to 0.103.8.  As upstream ClamAV
> lists the 0.103.x LTS reaching EoL in Sept 2023, is there a plan to update
> the stable releases to 1.0.x LTS?

Good question - I've started a discussion here: https://lists.clamav.net/pipermail/clamav-users/2023-February/013283.html

Comment 5 bunkobugsy 2023-02-21 18:26:06 UTC
https://docs.clamav.net/faq/faq-rust.html

"I've heard that Rust requires an internet connection to work. Will I need the internet to compile ClamAV?
Yes and no.

If you're using the release tarball from clamav.net/downloads then the third-party libraries from the Rust ecosystem will be vendored into the tarball and an internet connection will not be required for the build.

If you're using some other means to obtain the ClamAV source code, such as Git or the release artifacts provided automatically by GitHub, then an internet connection will be required in order to build ClamAV."

So can't this be built for EPEL?

https://www.clamav.net/downloads/production/clamav-1.0.1.tar.gz
https://www.clamav.net/downloads/production/clamav-1.0.1.tar.gz.sig

Comment 6 Jan ONDREJ 2023-02-22 07:49:50 UTC
(In reply to bunkobugsy from comment #5)
> So can't this be built for EPEL?

Bundled libraries are forbidden in Fedora/EPEL. See:

https://fedoraproject.org/wiki/Bundled_Libraries
https://docs.fedoraproject.org/en-US/packaging-guidelines/#bundling

May be it's possible with exception, but not sure.

It's possible to add new libraries in EPEL, but it's a lot of work.

Comment 7 Robert Scheck 2023-02-22 09:14:14 UTC
(In reply to Jan ONDREJ from comment #6)
> Bundled libraries are forbidden in Fedora/EPEL. See:

As per https://docs.fedoraproject.org/en-US/packaging-guidelines/#bundling this is not forbidden, but it should be avoided.

And for Rust on EPEL 7 and 8, there might be no other choice than bundling (other than no ClamAV in EPEL).

Comment 8 Orion Poplawski 2023-02-22 15:55:20 UTC
Yes, it looks like we will be using the bundled rust source for EPEL 7/8 if/when we update to 1.X in EPEL.

Comment 9 Sergio Basto 2023-02-24 14:41:19 UTC
It seems to me that it's possible to have clamav 1.0.0 on EPEL 7 with devtools (rust-toolset-7).

Having to use the devtoolset is a constraint?

https://www.softwarecollections.org/en/scls/rhscl/rust-toolset-7/

Comment 10 Orion Poplawski 2023-02-24 16:23:37 UTC
There is a rust package in EPEL 7 that is newer.  I've filed https://src.fedoraproject.org/rpms/rust/pull-request/19 to help with that, though it's not strictly necessary.  The main blocker at this point is a test failure reported here: https://github.com/Cisco-Talos/clamav/issues/842

Comment 11 Upstream Release Monitoring 2023-03-31 12:49:52 UTC
Releases retrieved: 1.1.0-rc
Upstream release that is considered latest: 1.1.0-rc
Current version/release in rawhide: 1.0.1-4.fc39
URL: http://www.clamav.net/

Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/


More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release_Monitoring


Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream.


Based on the information from Anitya: https://release-monitoring.org/project/291/


To change the monitoring settings for the project, please visit:
https://src.fedoraproject.org/rpms/clamav

Comment 12 Upstream Release Monitoring 2023-03-31 12:49:58 UTC
Scratch build failed. Details below:

BuilderException: Build failed:
Command '['rpmbuild', '-D', '_sourcedir .', '-D', '_topdir .', '-bs', '/var/tmp/thn-enldntjz/clamav.spec']' returned non-zero exit status 1.

StdOut:
error: Bad source: ./clamav-1.1.0-norar.tar.xz: No such file or directory


Traceback:
  File "/usr/local/lib/python3.10/site-packages/hotness/use_cases/package_scratch_build_use_case.py", line 56, in build
    result = self.builder.build(request.package, request.opts)
  File "/usr/local/lib/python3.10/site-packages/hotness/builders/koji.py", line 188, in build
    raise BuilderException(

If you think this issue is caused by some bug in the-new-hotness, please report it on the-new-hotness issue tracker: https://github.com/fedora-infra/the-new-hotness/issues

Comment 13 Upstream Release Monitoring 2023-05-01 22:09:48 UTC
Releases retrieved: 1.1.0
Upstream release that is considered latest: 1.1.0
Current version/release in rawhide: 1.0.1-4.fc39
URL: http://www.clamav.net/

Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/


More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release_Monitoring


Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream.


Based on the information from Anitya: https://release-monitoring.org/project/291/


To change the monitoring settings for the project, please visit:
https://src.fedoraproject.org/rpms/clamav

Comment 14 Upstream Release Monitoring 2023-05-01 22:09:55 UTC
Scratch build failed. Details below:

BuilderException: Build failed:
Command '['rpmbuild', '-D', '_sourcedir .', '-D', '_topdir .', '-bs', '/var/tmp/thn-2kd6ubsc/clamav.spec']' returned non-zero exit status 1.

StdOut:
error: Bad source: ./clamav-1.1.0-norar.tar.xz: No such file or directory


Traceback:
  File "/usr/local/lib/python3.10/site-packages/hotness/use_cases/package_scratch_build_use_case.py", line 56, in build
    result = self.builder.build(request.package, request.opts)
  File "/usr/local/lib/python3.10/site-packages/hotness/builders/koji.py", line 225, in build
    raise BuilderException(

If you think this issue is caused by some bug in the-new-hotness, please report it on the-new-hotness issue tracker: https://github.com/fedora-infra/the-new-hotness/issues

Comment 15 Upstream Release Monitoring 2023-05-01 22:09:57 UTC
Created attachment 1961559 [details]
Update to 1.1.0 (#2170297)

Comment 16 Orion Poplawski 2023-05-03 03:56:16 UTC
So, what are people's thoughts about tracking the latest (non-LTS) clamav releases in Fedora?  I think it would be a good thing to do.

Comment 17 Sergio Basto 2023-05-03 14:03:16 UTC
yes, I think we should update clamav on Fedora releases with 1.1

Comment 18 Upstream Release Monitoring 2023-08-04 07:33:46 UTC
Releases retrieved: 1.2.0-rc
Upstream release that is considered latest: 1.2.0-rc
Current version/release in rawhide: 1.0.1-5.fc39
URL: http://www.clamav.net/

Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/


More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release_Monitoring


Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream.


Based on the information from Anitya: https://release-monitoring.org/project/291/


To change the monitoring settings for the project, please visit:
https://src.fedoraproject.org/rpms/clamav

Comment 19 Upstream Release Monitoring 2023-08-04 07:33:53 UTC
Scratch build failed. Details below:

BuilderException: Build failed:
Command '['rpmbuild', '-D', '_sourcedir .', '-D', '_topdir .', '-bs', '/var/tmp/thn-vozfvemn/clamav.spec']' returned non-zero exit status 1.

StdOut:
warning: %patchN is deprecated (7 usages found), use %patch N (or %patch -P N)
setting SOURCE_DATE_EPOCH=1691107200
error: Bad file: ./clamav-1.2.0-norar.tar.xz: No such file or directory

RPM build warnings:
    %patchN is deprecated (7 usages found), use %patch N (or %patch -P N)

RPM build errors:
    Bad file: ./clamav-1.2.0-norar.tar.xz: No such file or directory


Traceback:
  File "/usr/local/lib/python3.11/site-packages/hotness/use_cases/package_scratch_build_use_case.py", line 56, in build
    result = self.builder.build(request.package, request.opts)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/hotness/builders/koji.py", line 229, in build
    raise BuilderException(

If you think this issue is caused by some bug in the-new-hotness, please report it on the-new-hotness issue tracker: https://github.com/fedora-infra/the-new-hotness/issues

Comment 20 Upstream Release Monitoring 2023-08-04 07:33:55 UTC
Created attachment 1981601 [details]
Update to 1.2.0-rc (#2170297)

Comment 21 Upstream Release Monitoring 2023-08-16 18:47:06 UTC
Scratch build failed. Details below:

BuilderException: Build failed:
Command '['rpmbuild', '-D', '_sourcedir .', '-D', '_topdir .', '-bs', '/var/tmp/thn-gzmg3dmu/clamav.spec']' returned non-zero exit status 1.

StdOut:
warning: %patchN is deprecated (7 usages found), use %patch N (or %patch -P N)
setting SOURCE_DATE_EPOCH=1692144000
error: Bad file: ./clamav-1.2.0-norar.tar.xz: No such file or directory

RPM build warnings:
    %patchN is deprecated (7 usages found), use %patch N (or %patch -P N)

RPM build errors:
    Bad file: ./clamav-1.2.0-norar.tar.xz: No such file or directory


Traceback:
  File "/usr/local/lib/python3.11/site-packages/hotness/use_cases/package_scratch_build_use_case.py", line 56, in build
    result = self.builder.build(request.package, request.opts)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/hotness/builders/koji.py", line 229, in build
    raise BuilderException(

If you think this issue is caused by some bug in the-new-hotness, please report it on the-new-hotness issue tracker: https://github.com/fedora-infra/the-new-hotness/issues

Comment 22 Upstream Release Monitoring 2023-08-16 18:47:08 UTC
Created attachment 1983642 [details]
Update to 1.2.0-rc (#2170297)

Comment 23 Upstream Release Monitoring 2023-08-29 09:09:35 UTC
Releases retrieved: 0.103.10, 1.0.3, 1.1.2, 1.2.0
Upstream release that is considered latest: 1.2.0
Current version/release in rawhide: 1.0.2-1.fc40
URL: http://www.clamav.net/

Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/


More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release_Monitoring


Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream.


Based on the information from Anitya: https://release-monitoring.org/project/291/


To change the monitoring settings for the project, please visit:
https://src.fedoraproject.org/rpms/clamav

Comment 24 Upstream Release Monitoring 2023-08-29 09:09:41 UTC
Scratch build failed. Details below:

BuilderException: Build failed:
Command '['rpmbuild', '-D', '_sourcedir .', '-D', '_topdir .', '-bs', '/var/tmp/thn-g_7eun7d/clamav.spec']' returned non-zero exit status 1.

StdOut:
setting SOURCE_DATE_EPOCH=1693267200
error: Bad file: ./clamav-1.2.0-norar.tar.xz: No such file or directory

RPM build errors:
    Bad file: ./clamav-1.2.0-norar.tar.xz: No such file or directory


Traceback:
  File "/usr/local/lib/python3.11/site-packages/hotness/use_cases/package_scratch_build_use_case.py", line 56, in build
    result = self.builder.build(request.package, request.opts)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/hotness/builders/koji.py", line 229, in build
    raise BuilderException(

If you think this issue is caused by some bug in the-new-hotness, please report it on the-new-hotness issue tracker: https://github.com/fedora-infra/the-new-hotness/issues

Comment 25 Upstream Release Monitoring 2023-08-29 09:09:43 UTC
Created attachment 1985798 [details]
Update to 1.2.0 (#2170297)

Comment 26 Upstream Release Monitoring 2023-10-26 02:19:30 UTC
Releases retrieved: 0.103.11, 1.0.4, 1.1.3, 1.2.1
Upstream release that is considered latest: 1.2.1
Current version/release in rawhide: 1.0.2-1.fc40
URL: http://www.clamav.net/

Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/


More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release_Monitoring


Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream.


Based on the information from Anitya: https://release-monitoring.org/project/291/


To change the monitoring settings for the project, please visit:
https://src.fedoraproject.org/rpms/clamav

Comment 27 Upstream Release Monitoring 2023-10-26 02:19:35 UTC
Scratch build failed. Details below:

BuilderException: Build failed:
Command '['rpmbuild', '-D', '_sourcedir .', '-D', '_topdir .', '-bs', '/var/tmp/thn-cen5faq7/clamav.spec']' returned non-zero exit status 1.

StdOut:
setting SOURCE_DATE_EPOCH=1698278400
error: Bad file: ./clamav-1.2.1-norar.tar.xz: No such file or directory

RPM build errors:
    Bad file: ./clamav-1.2.1-norar.tar.xz: No such file or directory


Traceback:
  File "/usr/local/lib/python3.11/site-packages/hotness/use_cases/package_scratch_build_use_case.py", line 56, in build
    result = self.builder.build(request.package, request.opts)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/hotness/builders/koji.py", line 229, in build
    raise BuilderException(

If you think this issue is caused by some bug in the-new-hotness, please report it on the-new-hotness issue tracker: https://github.com/fedora-infra/the-new-hotness/issues

Comment 28 Upstream Release Monitoring 2023-10-26 02:19:37 UTC
Created attachment 1995502 [details]
Update to 1.2.1 (#2170297)

Comment 29 Upstream Release Monitoring 2023-12-16 20:21:46 UTC
Releases retrieved: 1.3.0-rc
Upstream release that is considered latest: 1.3.0-rc
Current version/release in rawhide: 1.0.4-1.fc40
URL: http://www.clamav.net/

Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/


More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release_Monitoring


Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream.


Based on the information from Anitya: https://release-monitoring.org/project/291/


To change the monitoring settings for the project, please visit:
https://src.fedoraproject.org/rpms/clamav

Comment 30 Upstream Release Monitoring 2023-12-16 20:21:53 UTC
Scratch build failed. Details below:

BuilderException: Build failed:
Command '['rpmbuild', '-D', '_sourcedir .', '-D', '_topdir .', '-bs', '/var/tmp/thn-f4c_lz4w/clamav.spec']' returned non-zero exit status 1.

StdOut:
setting SOURCE_DATE_EPOCH=1702684800
error: Bad file: ./clamav-1.3.0-norar.tar.xz: No such file or directory

RPM build errors:
    Bad file: ./clamav-1.3.0-norar.tar.xz: No such file or directory


Traceback:
  File "/usr/local/lib/python3.11/site-packages/hotness/use_cases/package_scratch_build_use_case.py", line 56, in build
    result = self.builder.build(request.package, request.opts)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/hotness/builders/koji.py", line 229, in build
    raise BuilderException(

If you think this issue is caused by some bug in the-new-hotness, please report it on the-new-hotness issue tracker: https://github.com/fedora-infra/the-new-hotness/issues

Comment 31 Upstream Release Monitoring 2023-12-16 20:21:55 UTC
Created attachment 2004594 [details]
Update to 1.3.0-rc (#2170297)

Comment 32 Upstream Release Monitoring 2024-01-26 01:06:34 UTC
Releases retrieved: 1.3.0-rc2
Upstream release that is considered latest: 1.3.0-rc2
Current version/release in rawhide: 1.0.4-1.fc40
URL: https://www.clamav.net

Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/


More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release_Monitoring


Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream.


Based on the information from Anitya: https://release-monitoring.org/project/291/


To change the monitoring settings for the project, please visit:
https://src.fedoraproject.org/rpms/clamav

Comment 33 Upstream Release Monitoring 2024-01-26 01:06:41 UTC
Scratch build failed. Details below:

BuilderException: Build failed:
Command '['rpmbuild', '-D', '_sourcedir .', '-D', '_topdir .', '-bs', '/var/tmp/thn-ps88i81u/clamav.spec']' returned non-zero exit status 1.

StdOut:
setting SOURCE_DATE_EPOCH=1706227200
error: Bad file: ./clamav-1.3.0-norar.tar.xz: No such file or directory

RPM build errors:
    Bad file: ./clamav-1.3.0-norar.tar.xz: No such file or directory


Traceback:
  File "/usr/local/lib/python3.11/site-packages/hotness/use_cases/package_scratch_build_use_case.py", line 56, in build
    result = self.builder.build(request.package, request.opts)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/hotness/builders/koji.py", line 229, in build
    raise BuilderException(

If you think this issue is caused by some bug in the-new-hotness, please report it on the-new-hotness issue tracker: https://github.com/fedora-infra/the-new-hotness/issues

Comment 34 Upstream Release Monitoring 2024-01-26 01:06:43 UTC
Created attachment 2010608 [details]
Update to 1.3.0-rc2 (#2170297)

Comment 35 Upstream Release Monitoring 2024-02-07 23:14:02 UTC
Releases retrieved: 1.0.5, 1.2.2, 1.3.0
Upstream release that is considered latest: 1.3.0
Current version/release in rawhide: 1.0.4-3.fc40
URL: https://www.clamav.net

Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/


More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release_Monitoring


Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream.


Based on the information from Anitya: https://release-monitoring.org/project/291/


To change the monitoring settings for the project, please visit:
https://src.fedoraproject.org/rpms/clamav

Comment 36 Upstream Release Monitoring 2024-02-07 23:14:09 UTC
Scratch build failed. Details below:

BuilderException: Build failed:
Command '['rpmbuild', '-D', '_sourcedir .', '-D', '_topdir .', '-bs', '/var/tmp/thn-z1v3dwdc/clamav.spec']' returned non-zero exit status 1.

StdOut:
setting SOURCE_DATE_EPOCH=1707264000
error: Bad file: ./clamav-1.3.0-norar.tar.xz: No such file or directory

RPM build errors:
    Bad file: ./clamav-1.3.0-norar.tar.xz: No such file or directory


Traceback:
  File "/usr/local/lib/python3.11/site-packages/hotness/use_cases/package_scratch_build_use_case.py", line 56, in build
    result = self.builder.build(request.package, request.opts)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/hotness/builders/koji.py", line 229, in build
    raise BuilderException(

If you think this issue is caused by some bug in the-new-hotness, please report it on the-new-hotness issue tracker: https://github.com/fedora-infra/the-new-hotness/issues

Comment 37 Upstream Release Monitoring 2024-02-07 23:14:11 UTC
Created attachment 2015743 [details]
Update to 1.3.0 (#2170297)

Comment 38 Xose Vazquez Perez 2024-02-08 11:15:11 UTC
(In reply to Upstream Release Monitoring from comment #35)

> Releases retrieved: 1.0.5, 1.2.2, 1.3.0
> Upstream release that is considered latest: 1.3.0
> Current version/release in rawhide: 1.0.4-3.fc40
> URL: https://www.clamav.net
> Based on the information from Anitya: https://release-monitoring.org/project/291/
> To change the monitoring settings for the project, please visit: https://src.fedoraproject.org/rpms/clamav

# ClamAV News

## 1.0.5

ClamAV 1.0.5 is a critical patch release with the following fixes:

- [CVE-2024-20290](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20290):
  Fixed a possible heap overflow read bug in the OLE2 file parser that could
  cause a denial-of-service (DoS) condition.

  Affected versions:
  - 1.0.0 through 1.0.4 (LTS)
  - 1.1 (all patch versions)
  - 1.2.0 and 1.2.1

  Thank you to OSS-Fuzz for identifying this issue.

- [CVE-2024-20328](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20328):
  Fixed a possible command injection vulnerability in the `VirusEvent` feature
  of ClamAV's ClamD service.

  To fix this issue, we disabled the '%f' format string parameter.
  ClamD administrators may continue to use the `CLAM_VIRUSEVENT_FILENAME`
  environment variable, instead of '%f'. But you should do so only from within
  an executable, such as a Python script, and not directly in the `clamd.conf`
  `VirusEvent` command.

  Affected versions:
  - 0.104 (all patch versions)
  - 0.105 (all patch versions)
  - 1.0.0 through 1.0.4 (LTS)
  - 1.1 (all patch versions)
  - 1.2.0 and 1.2.1

  Thank you to Amit Schendel for identifying this issue.

Comment 39 Orion Poplawski 2024-02-13 02:34:16 UTC
For the record:

1.0.5 has been built for F38+ and EL9+.
0.103 is unaffected (EL7/8)

1.3.0 is using a forked version of rust-onenote.  I'm going to let that settle down before looking into packaging the latest clamav again.

Comment 40 Sergio Basto 2024-02-14 13:38:43 UTC
(In reply to Orion Poplawski from comment #39)
> For the record:
> 
> 1.0.5 has been built for F38+ and EL9+.
> 0.103 is unaffected (EL7/8)
> 
> 1.3.0 is using a forked version of rust-onenote.  I'm going to let that
> settle down before looking into packaging the latest clamav again.

thanks for the update

Comment 41 Upstream Release Monitoring 2024-04-17 23:01:31 UTC
Releases retrieved: 1.0.6, 1.2.3, 1.3.1
Upstream release that is considered latest: 1.3.1
Current version/release in rawhide: 1.0.5-5.fc41
URL: https://www.clamav.net

Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/


More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release_Monitoring


Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream.


Based on the information from Anitya: https://release-monitoring.org/project/291/


To change the monitoring settings for the project, please visit:
https://src.fedoraproject.org/rpms/clamav

Comment 42 Upstream Release Monitoring 2024-04-17 23:01:41 UTC
Scratch build failed. Details below:

BuilderException: Build failed:
Command '['rpmbuild', '-D', '_sourcedir .', '-D', '_topdir .', '-bs', '/var/tmp/thn-8rcnlwoe/clamav.spec']' returned non-zero exit status 1.

StdOut:
setting SOURCE_DATE_EPOCH=1713312000
error: Bad file: ./clamav-1.3.1-norar.tar.xz: No such file or directory

RPM build errors:
    Bad file: ./clamav-1.3.1-norar.tar.xz: No such file or directory


Traceback:
  File "/usr/local/lib/python3.11/site-packages/hotness/use_cases/package_scratch_build_use_case.py", line 56, in build
    result = self.builder.build(request.package, request.opts)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/hotness/builders/koji.py", line 229, in build
    raise BuilderException(

If you think this issue is caused by some bug in the-new-hotness, please report it on the-new-hotness issue tracker: https://github.com/fedora-infra/the-new-hotness/issues

Comment 43 Upstream Release Monitoring 2024-04-17 23:01:43 UTC
Created attachment 2027517 [details]
Update to 1.3.1 (#2170297)


Note You need to log in before you can comment on or make changes to this bug.