Date: Sat, 3 Jan 2004 17:56:42 +0100 (CET) From: Rob Evers <rob@debank.tv> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/60865: Critical Update for security/clamav-devel Message-ID: <200401031656.i03GugqQ047859@haha.debank.tv> Resent-Message-ID: <200401031700.i03H0X9I061118@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 60865
>Category: ports
>Synopsis: Critical Update for security/clamav-devel
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Sat Jan 03 09:00:33 PST 2004
>Closed-Date:
>Last-Modified:
>Originator: Rob Evers
>Release: FreeBSD 4.9-RELEASE i386
>Organization:
>Environment:
System: FreeBSD haha.debank.tv 4.9-RELEASE FreeBSD 4.9-RELEASE #1: Thu Nov 13 01:17:26 CET 2003 rob@haha.debank.tv:/usr/obj/usr/src/sys/HAHA i386
>Description:
Critical Update for security/clamav-devel
Mote that the distfiles 'hack' is very temporary, and will be removed
in the next update.
(E-mail from the dev-list):
----------------------------------------------------------------------
Dear Users,
all ClamAV snapshots newer than clamav-20031201 contain a bug that
completely disables detection of polymorphic viruses (Hybris, Magistr)
and other malware with multipart signatures. Please update to the latest
version and make sure the changelog contains the following entry:
* libclamav: fixed handling of multipart signatures (broken since
Dec 2). The bug was introduced by _me_ and not by the
Thomas Lamy's patch. Problem found and reported by René
Bellora <rbellora*tecnoaccion.com.ar>, Jean-Christophe
Heger <jcheger*acytec.com> and Tomasz Papszun
<tomek*clamav.net>. Many thanks !
ClamAV 0.65 is NOT affected by this problem.
Best regards,
Tomasz Kojm
------------------------------------------------------------------------
>How-To-Repeat:
>Fix:
--- clamav-devel.patch begins here ---
diff -ru clamav-devel.orig/Makefile clamav-devel/Makefile
--- clamav-devel.orig/Makefile Sat Jan 3 17:35:23 2004
+++ clamav-devel/Makefile Sat Jan 3 17:51:45 2004
@@ -6,15 +6,16 @@
#
PORTNAME= clamav
-PORTVERSION= 20031229
+PORTVERSION= 20040103
CATEGORIES= security
MASTER_SITES= http://clamav.sourceforge.net/snapshot/
PKGNAMESUFFIX= -devel
-DISTNAME= ${PORTNAME}${PKGNAMESUFFIX}-${PORTVERSION}
+DISTFILES= ${PORTNAME}-${PORTVERSION}-fixed.tar.gz
MAINTAINER= rob@debank.tv
COMMENT= Command line virus scanner written entirely in C
+WRKSRC= work/${PORTNAME}${PKGNAMESUFFIX}-${PORTVERSION}
LIB_DEPENDS= gmp.6:${PORTSDIR}/math/libgmp4
RUN_DEPENDS= lha:${PORTSDIR}/archivers/lha \
unarj:${PORTSDIR}/archivers/unarj \
diff -ru clamav-devel.orig/distinfo clamav-devel/distinfo
--- clamav-devel.orig/distinfo Sat Jan 3 17:35:23 2004
+++ clamav-devel/distinfo Sat Jan 3 17:40:49 2004
@@ -1 +1 @@
-MD5 (clamav-devel-20031229.tar.gz) = 30f399d402d6805b8908da02182e83ec
+MD5 (clamav-20040103-fixed.tar.gz) = dff88aaa21e56f2f30efbfb1509ba8e4
--- clamav-devel.patch ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200401031656.i03GugqQ047859>