Bumped version from 1.3.0 -> 1.4.0-devel for new release changes

CMakeLists.txt

@@ -19,10 +19,10 @@ cmake_policy(SET CMP0087 NEW) # support generator expressions in install(CODE) a
 #  For release candidate:     set(VERSION_SUFFIX "-rc")
 #  For release:               set(VERSION_SUFFIX "")
 string(TIMESTAMP TODAY "%Y%m%d")
-set(VERSION_SUFFIX "-rc2")
+set(VERSION_SUFFIX "-devel-${TODAY}")
 
 project( ClamAV
-         VERSION "1.3.0"
+         VERSION "1.4.0"
          DESCRIPTION "ClamAV open source email, web, and end-point anti-virus toolkit." )
 
 set(CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/cmake" ${CMAKE_MODULE_PATH})

Jenkinsfile

@@ -10,31 +10,31 @@ properties(
         parameters(
             [
                 string(name: 'VERSION',
-                       defaultValue: '1.3.0',
+                       defaultValue: '1.4.0',
                        description: 'ClamAV version string'),
                 string(name: 'FRAMEWORK_BRANCH',
-                       defaultValue: '1.3',
+                       defaultValue: '1.4',
                        description: 'test-framework branch'),
                 string(name: 'TESTS_BRANCH',
-                       defaultValue: '1.3',
+                       defaultValue: '1.4',
                        description: 'tests branch'),
                 string(name: 'TESTS_CUSTOM_BRANCH',
-                       defaultValue: '1.3',
+                       defaultValue: '1.4',
                        description: 'tests-custom branch'),
                 string(name: 'TESTS_FUZZ_BRANCH',
-                       defaultValue: '1.3',
+                       defaultValue: '1.4',
                        description: 'tests-fuzz-regression branch'),
                 string(name: 'BUILD_PIPELINE',
-                       defaultValue: 'build-1.3',
+                       defaultValue: 'build-1.4',
                        description: 'test-pipelines branch for build acceptance'),
                 string(name: 'REGULAR_PIPELINE',
-                       defaultValue: 'regular-1.3',
+                       defaultValue: 'regular-1.4',
                        description: 'test-pipelines branch for regular tests.'),
                 string(name: 'CUSTOM_PIPELINE',
-                       defaultValue: 'custom-1.3',
+                       defaultValue: 'custom-1.4',
                        description: 'test-pipelines branch for custom tests'),
                 string(name: 'FUZZ_PIPELINE',
-                       defaultValue: 'fuzz-regression-1.3',
+                       defaultValue: 'fuzz-regression-1.4',
                        description: 'test-pipelines branch for fuzz regression tests'),
                 string(name: 'FUZZ_CORPUS_BRANCH',
                        defaultValue: 'master',

NEWS.md

@@ -3,6 +3,20 @@
 Note: This file refers to the official packages. Things described here may
 differ slightly from third-party binary packages.
 
+## 1.4.0
+
+ClamAV 1.4.0 includes the following improvements and changes:
+
+### Major changes
+
+### Other improvements
+
+### Bug fixes
+
+### Acknowledgments
+
+Special thanks to the following people for code contributions and bug reports:
+
 ## 1.3.0
 
 ClamAV 1.3.0 includes the following improvements and changes:
@@ -97,6 +111,41 @@ Special thanks to the following people for code contributions and bug reports:
 - RainRat
 - teoberi
 
+## 1.2.2
+
+ClamAV 1.2.2 is a critical patch release with the following fix:
+
+- [CVE-2024-20290](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20290):
+  Fixed a possible heap overflow read bug in the OLE2 file parser that could
+  cause a denial-of-service (DoS) condition.
+
+  Affected versions:
+  - 1.0.0 through 1.0.4 (LTS)
+  - 1.1 (all patch versions)
+  - 1.2.0 and 1.2.1
+
+  Thank you to OSS-Fuzz for identifying this issue.
+
+- [CVE-2024-20328](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20328):
+  Fixed a possible command injection vulnerability in the `VirusEvent` feature
+  of ClamAV's ClamD service.
+
+  To fix this issue, we disabled the '%f' format string parameter.
+  ClamD administrators may continue to use the `CLAM_VIRUSEVENT_FILENAME`
+  environment variable, instead of '%f'. But you should do so only from within
+  an executable, such as a Python script, and not directly in the `clamd.conf`
+  `VirusEvent` command.
+
+  Affected versions:
+  - 0.104 (all patch versions)
+  - 0.105 (all patch versions)
+  - 1.0.0 through 1.0.4 (LTS)
+  - 1.1 (all patch versions)
+  - 1.2.0 and 1.2.1
+
+  Thank you to Amit Schendel for identifying this issue.
+
+
 ## 1.2.1
 
 ClamAV 1.2.1 is a patch release with the following fixes:
@@ -501,6 +550,40 @@ Special thanks to the following people for code contributions and bug reports:
 - Sebastian Andrzej Siewior
 - The OSS-Fuzz project
 
+## 1.0.5
+
+ClamAV 1.0.5 is a critical patch release with the following fixes:
+
+- [CVE-2024-20290](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20290):
+  Fixed a possible heap overflow read bug in the OLE2 file parser that could
+  cause a denial-of-service (DoS) condition.
+
+  Affected versions:
+  - 1.0.0 through 1.0.4 (LTS)
+  - 1.1 (all patch versions)
+  - 1.2.0 and 1.2.1
+
+  Thank you to OSS-Fuzz for identifying this issue.
+
+- [CVE-2024-20328](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20328):
+  Fixed a possible command injection vulnerability in the `VirusEvent` feature
+  of ClamAV's ClamD service.
+
+  To fix this issue, we disabled the '%f' format string parameter.
+  ClamD administrators may continue to use the `CLAM_VIRUSEVENT_FILENAME`
+  environment variable, instead of '%f'. But you should do so only from within
+  an executable, such as a Python script, and not directly in the `clamd.conf`
+  `VirusEvent` command.
+
+  Affected versions:
+  - 0.104 (all patch versions)
+  - 0.105 (all patch versions)
+  - 1.0.0 through 1.0.4 (LTS)
+  - 1.1 (all patch versions)
+  - 1.2.0 and 1.2.1
+
+  Thank you to Amit Schendel for identifying this issue.
+
 ## 1.0.4
 
 ClamAV 1.0.4 is a patch release with the following fixes:

libclamav/bytecode_api.h

@@ -173,6 +173,8 @@ enum FunctionalityLevels {
     FUNC_LEVEL_1_2 = 190, /**< LibClamAV release 1.2.0 */
 
     FUNC_LEVEL_1_3 = 200, /**< LibClamAV release 1.3.0 */
+
+    FUNC_LEVEL_1_4 = 210, /**< LibClamAV release 1.4.0 */
 };
 
 /**

libclamav/others.h

@@ -73,7 +73,7 @@
  * in re-enabling affected modules.
  */
 
-#define CL_FLEVEL 200
+#define CL_FLEVEL 210
 #define CL_FLEVEL_DCONF CL_FLEVEL
 #define CL_FLEVEL_SIGTOOL CL_FLEVEL