ports/113174: Security update: clamav .90.2 to .90.3

Thu May 31 00:40:05 UTC 2007

>Number:         113174
>Category:       ports
>Synopsis:       Security update: clamav .90.2 to .90.3
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Thu May 31 00:40:04 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator:     Michael Scheidell
>Release:        FreeBSD 5.5-RELEASE-p8 i386
>Organization:
SECNAP
>Environment:
System: FreeBSD scanner.secnap.net 5.5-RELEASE-p8 FreeBSD 5.5-RELEASE-p8 #2: Fri Dec 29 22:23:34 EST 2006 scheidell at scanner.secnap.net:/usr/obj/usr/src/sys/HACKERTRAP_750 i386

>Description:
Update clamav from .90.2 to .90.3
Includes support for FBSD7 in ../configure

This release fixes some security bugs in libclamav and improves 
stability under Solaris. Please see ChangeLog for complete list of 
changes.

If your system is suffering from long clamscan startup times, please
consider installing 0.91rc1 which is due to be released shortly
after 0.90.3.


Security updates in this release include:
#1: patch-libclamav__matcher-ac.c already patched (remove this file)
#2: I removed dependency on unzoo (it is not maintained and has DOS 
attacks against it) MAYBE, reenable support for ZOO if you apply 
security patch at:
http://www.guay-leroux.com/projects/zoo-infinite-advisory.txt
and enable that patch minimum dependency. MAYBE

- libclamav/unrar/unrar.c: improve handling of corrupted/handcrafted
      headers (bb#511, patch from Trog)
- libclamav/unsp.c: fix end of buffer calculation (bb#464, patch from 
      aCaB)
- libclamav/ole2_extract.c: detect block list loop (bb#466), patch from 
      Trog

(others, see README)

>How-To-Repeat:
make
>Fix:

this patch (also, please remove files/patch-libclamav__matcher-ac.c
seems to run fine clamd, clamdscan, clamscan, freshclam on FBSD 5.5

--- Makefile.orig       Mon Apr 16 07:18:26 2007
+++ Makefile    Wed May 30 20:05:30 2007
@@ -6,8 +6,7 @@
 #

 PORTNAME=      clamav
-PORTVERSION=   0.90.2
-PORTREVISION=  1
+PORTVERSION=   0.90.3
 CATEGORIES=    security
 MASTER_SITES=  SF

@@ -17,7 +16,6 @@
 LIB_DEPENDS=   gmp.7:${PORTSDIR}/math/libgmp4
 RUN_DEPENDS=   lha:${PORTSDIR}/archivers/lha \
                arj:${PORTSDIR}/archivers/arj \
-               unzoo:${PORTSDIR}/archivers/unzoo \
                arc:${PORTSDIR}/archivers/arc

 OPTIONS=       MILTER "Compile the milter interface" Off \
--- distinfo.orig       Fri Apr 13 14:25:19 2007
+++ distinfo    Wed May 30 20:11:29 2007
@@ -1,3 +1,3 @@
-MD5 (clamav-0.90.2.tar.gz) = 39d1f07a399b551b55096b6ec7325c33
-SHA256 (clamav-0.90.2.tar.gz) = 30df6a5d4a591dcd4acd7d4cce54dcfd260280fce6bbc9d19d240967bcdabbfa
-SIZE (clamav-0.90.2.tar.gz) = 12062886
+MD5 (clamav-0.90.3.tar.gz) = d42ccf7a32daeb7c7cc3c8c23a7793ea
+SHA256 (clamav-0.90.3.tar.gz) = 939913d15ad0dc583ba609274ae61a948f4fa18b848bd503d958feacdaab54a4
+SIZE (clamav-0.90.3.tar.gz) = 12496857


>Release-Note:
>Audit-Trail:
>Unformatted:

