Date: Sat, 3 Jan 2004 17:56:42 +0100 (CET) From: Rob Evers <rob@debank.tv> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/60865: Critical Update for security/clamav-devel Message-ID: <200401031656.i03GugqQ047859@haha.debank.tv> Resent-Message-ID: <200401031700.i03H0X9I061118@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 60865 >Category: ports >Synopsis: Critical Update for security/clamav-devel >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Sat Jan 03 09:00:33 PST 2004 >Closed-Date: >Last-Modified: >Originator: Rob Evers >Release: FreeBSD 4.9-RELEASE i386 >Organization: >Environment: System: FreeBSD haha.debank.tv 4.9-RELEASE FreeBSD 4.9-RELEASE #1: Thu Nov 13 01:17:26 CET 2003 rob@haha.debank.tv:/usr/obj/usr/src/sys/HAHA i386 >Description: Critical Update for security/clamav-devel Mote that the distfiles 'hack' is very temporary, and will be removed in the next update. (E-mail from the dev-list): ---------------------------------------------------------------------- Dear Users, all ClamAV snapshots newer than clamav-20031201 contain a bug that completely disables detection of polymorphic viruses (Hybris, Magistr) and other malware with multipart signatures. Please update to the latest version and make sure the changelog contains the following entry: * libclamav: fixed handling of multipart signatures (broken since Dec 2). The bug was introduced by _me_ and not by the Thomas Lamy's patch. Problem found and reported by René Bellora <rbellora*tecnoaccion.com.ar>, Jean-Christophe Heger <jcheger*acytec.com> and Tomasz Papszun <tomek*clamav.net>. Many thanks ! ClamAV 0.65 is NOT affected by this problem. Best regards, Tomasz Kojm ------------------------------------------------------------------------ >How-To-Repeat: >Fix: --- clamav-devel.patch begins here --- diff -ru clamav-devel.orig/Makefile clamav-devel/Makefile --- clamav-devel.orig/Makefile Sat Jan 3 17:35:23 2004 +++ clamav-devel/Makefile Sat Jan 3 17:51:45 2004 @@ -6,15 +6,16 @@ # PORTNAME= clamav -PORTVERSION= 20031229 +PORTVERSION= 20040103 CATEGORIES= security MASTER_SITES= http://clamav.sourceforge.net/snapshot/ PKGNAMESUFFIX= -devel -DISTNAME= ${PORTNAME}${PKGNAMESUFFIX}-${PORTVERSION} +DISTFILES= ${PORTNAME}-${PORTVERSION}-fixed.tar.gz MAINTAINER= rob@debank.tv COMMENT= Command line virus scanner written entirely in C +WRKSRC= work/${PORTNAME}${PKGNAMESUFFIX}-${PORTVERSION} LIB_DEPENDS= gmp.6:${PORTSDIR}/math/libgmp4 RUN_DEPENDS= lha:${PORTSDIR}/archivers/lha \ unarj:${PORTSDIR}/archivers/unarj \ diff -ru clamav-devel.orig/distinfo clamav-devel/distinfo --- clamav-devel.orig/distinfo Sat Jan 3 17:35:23 2004 +++ clamav-devel/distinfo Sat Jan 3 17:40:49 2004 @@ -1 +1 @@ -MD5 (clamav-devel-20031229.tar.gz) = 30f399d402d6805b8908da02182e83ec +MD5 (clamav-20040103-fixed.tar.gz) = dff88aaa21e56f2f30efbfb1509ba8e4 --- clamav-devel.patch ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200401031656.i03GugqQ047859>