Update Changelog, NEWS, and README for 0.98.5 release.

Cisco-Talos · Nov 13, 2014 · 2f578ec · 2f578ec
1 parent cb47599
commit 2f578ec
Show file tree

Hide file tree

Showing 3 changed files with 56 additions and 12 deletions.
diff --git a/ChangeLog b/ChangeLog
@@ -1,3 +1,23 @@
+Wed, 12 Nov 2014 14:30:39 EDT (swebb)
+-------------------------------------
+* bb11176 - Instruct OpenSSL to allow MD5 when in FIPS-compliant mode.
+  Patch submitted by Reinhard Max.
+
+Mon, 10 Nov 2014 11:03:29 EDT (swebb)
+-------------------------------------
+* bb11155 - Adjust the logic surrounding adjusting the PE section sizes
+  This fixes a crash with maliciously crafted yoda's crypter files and
+  also improves virus detections for PE files. 
+
+Thu, 6 Nov 2014 14:51:26 EDT (swebb)
+-------------------------------------
+* bb11088 - Merge in fixes for clamscan -a crash bug
+
+Mon, 20 Oct 2014 11:33:18 EDT (swebb)
+-------------------------------------
+* Revert "bb#10731 - Allow to specificy a group for the socket of which
+  the user is not a member"
+
 Thu, 31 Jul 2014 19:11:22 EDT (swebb)
 -------------------------------------
 * Add support for XDP PDF file format

diff --git a/NEWS b/NEWS
@@ -3,27 +3,36 @@
 
 Welcome to ClamAV 0.98.5! ClamAV 0.98.5 includes important new features
 for collecting and analyzing file properties. Software developers and
-analysts may collect file properties using the ClamAV API and then
-analyze them with ClamAV bytecode programs. Using the new features will
-require that libjson-c is installed, but otherwise libjson-c will be
-optional.
+analysts may collect file property meta data using the ClamAV API for
+subsequent analysis by ClamAV bytecode programs. Using these features
+will require that libjson-c is installed, but otherwise libjson-c is not
+needed.
 
 Look for our upcoming series of blog posts to learn more about using the
 ClamAV API and bytecode facilities for collecting and analyzing file
 properties.
 
-ClamAV 0.98.5 also includes these new features:
+ClamAV 0.98.5 also includes these new features and bug fixes:
 
     - Support for the XDP file format and extracting, decoding, and
       scanning PDF files within XDP files.
-    - Addition of shared library support for LLVM verions 3.1 - 3.4
+    - Addition of shared library support for LLVM versions 3.1 - 3.5
       for the purpose of just-in-time(JIT) compilation of ClamAV
       bytecode signatures. Andreas Cadhalpun submitted the patch
       implementing this support.
     - Enhancements to the clambc command line utility to assist
       ClamAV bytecode signature authors by providing introspection
       into compiled bytecode programs.
     - Resolution of many of the warning messages from ClamAV compilation.
+    - Improved detection of malicious PE files.
+    - Security fix for ClamAV crash when using 'clamscan -a'. This issue
+      was identified by Kurt Siefried of Red Hat.
+    - Security fix for ClamAV crash when scanning maliciously crafted
+      yoda's crypter files. This issue, as well as several other bugs
+      fixed in this release, were identified by Damien Millescamp of
+      Oppida.
+    - ClamAV 0.98.5 now works with OpenSSL in FIPS compliant mode.
+      Thanks to Reinhard Max for supplying the patch.
     - Bug fixes and other feature enhancements. See Changelog or
       git log for details.
 
@@ -32,6 +41,9 @@ and bug reporting included in ClamAV 0.98.5:
 
 Andreas Cadhalpun
 Sebastian Andrzej Siewior
+Damien Millescamp
+Reinhard Max
+Kurt Seifried
 
 --
 The ClamAV team (http://www.clamav.net/about.html#credits)
diff --git a/README b/README
@@ -7,27 +7,36 @@ here may not be available in binary packages.
 
 Welcome to ClamAV 0.98.5! ClamAV 0.98.5 includes important new features
 for collecting and analyzing file properties. Software developers and
-analysts may collect file properties using the ClamAV API and then
-analyze them with ClamAV bytecode programs. Using the new features will
-require that libjson-c is installed, but otherwise libjson-c will be
-optional.
+analysts may collect file property meta data using the ClamAV API for
+subsequent analysis by ClamAV bytecode programs. Using these features
+will require that libjson-c is installed, but otherwise libjson-c is not
+needed.
 
 Look for our upcoming series of blog posts to learn more about using the
 ClamAV API and bytecode facilities for collecting and analyzing file
 properties.
 
-ClamAV 0.98.5 also includes these new features:
+ClamAV 0.98.5 also includes these new features and bug fixes:
 
     - Support for the XDP file format and extracting, decoding, and
       scanning PDF files within XDP files.
-    - Addition of shared library support for LLVM verions 3.1 - 3.4
+    - Addition of shared library support for LLVM versions 3.1 - 3.5
       for the purpose of just-in-time(JIT) compilation of ClamAV
       bytecode signatures. Andreas Cadhalpun submitted the patch
       implementing this support.
     - Enhancements to the clambc command line utility to assist
       ClamAV bytecode signature authors by providing introspection
       into compiled bytecode programs.
     - Resolution of many of the warning messages from ClamAV compilation.
+    - Improved detection of malicious PE files.
+    - Security fix for ClamAV crash when using 'clamscan -a'. This issue
+      was identified by Kurt Siefried of Red Hat.
+    - Security fix for ClamAV crash when scanning maliciously crafted
+      yoda's crypter files. This issue, as well as several other bugs
+      fixed in this release, were identified by Damien Millescamp of
+      Oppida.
+    - ClamAV 0.98.5 now works with OpenSSL in FIPS compliant mode.
+      Thanks to Reinhard Max for supplying the patch.
     - Bug fixes and other feature enhancements. See Changelog or
       git log for details.
 
@@ -36,6 +45,9 @@ and bug reporting included in ClamAV 0.98.5:
 
 Andreas Cadhalpun
 Sebastian Andrzej Siewior
+Damien Millescamp
+Reinhard Max
+Kurt Seifried
 
 0.98.4
 ------