ports/113174: Security update: clamav .90.2 to .90.3
Michael Scheidell
scheidell at secnap.net
Thu May 31 00:40:05 UTC 2007
>Number: 113174
>Category: ports
>Synopsis: Security update: clamav .90.2 to .90.3
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Thu May 31 00:40:04 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator: Michael Scheidell
>Release: FreeBSD 5.5-RELEASE-p8 i386
>Organization:
SECNAP
>Environment:
System: FreeBSD scanner.secnap.net 5.5-RELEASE-p8 FreeBSD 5.5-RELEASE-p8 #2: Fri Dec 29 22:23:34 EST 2006 scheidell at scanner.secnap.net:/usr/obj/usr/src/sys/HACKERTRAP_750 i386
>Description:
Update clamav from .90.2 to .90.3
Includes support for FBSD7 in ../configure
This release fixes some security bugs in libclamav and improves
stability under Solaris. Please see ChangeLog for complete list of
changes.
If your system is suffering from long clamscan startup times, please
consider installing 0.91rc1 which is due to be released shortly
after 0.90.3.
Security updates in this release include:
#1: patch-libclamav__matcher-ac.c already patched (remove this file)
#2: I removed dependency on unzoo (it is not maintained and has DOS
attacks against it) MAYBE, reenable support for ZOO if you apply
security patch at:
http://www.guay-leroux.com/projects/zoo-infinite-advisory.txt
and enable that patch minimum dependency. MAYBE
- libclamav/unrar/unrar.c: improve handling of corrupted/handcrafted
headers (bb#511, patch from Trog)
- libclamav/unsp.c: fix end of buffer calculation (bb#464, patch from
aCaB)
- libclamav/ole2_extract.c: detect block list loop (bb#466), patch from
Trog
(others, see README)
>How-To-Repeat:
make
>Fix:
this patch (also, please remove files/patch-libclamav__matcher-ac.c
seems to run fine clamd, clamdscan, clamscan, freshclam on FBSD 5.5
--- Makefile.orig Mon Apr 16 07:18:26 2007
+++ Makefile Wed May 30 20:05:30 2007
@@ -6,8 +6,7 @@
#
PORTNAME= clamav
-PORTVERSION= 0.90.2
-PORTREVISION= 1
+PORTVERSION= 0.90.3
CATEGORIES= security
MASTER_SITES= SF
@@ -17,7 +16,6 @@
LIB_DEPENDS= gmp.7:${PORTSDIR}/math/libgmp4
RUN_DEPENDS= lha:${PORTSDIR}/archivers/lha \
arj:${PORTSDIR}/archivers/arj \
- unzoo:${PORTSDIR}/archivers/unzoo \
arc:${PORTSDIR}/archivers/arc
OPTIONS= MILTER "Compile the milter interface" Off \
--- distinfo.orig Fri Apr 13 14:25:19 2007
+++ distinfo Wed May 30 20:11:29 2007
@@ -1,3 +1,3 @@
-MD5 (clamav-0.90.2.tar.gz) = 39d1f07a399b551b55096b6ec7325c33
-SHA256 (clamav-0.90.2.tar.gz) = 30df6a5d4a591dcd4acd7d4cce54dcfd260280fce6bbc9d19d240967bcdabbfa
-SIZE (clamav-0.90.2.tar.gz) = 12062886
+MD5 (clamav-0.90.3.tar.gz) = d42ccf7a32daeb7c7cc3c8c23a7793ea
+SHA256 (clamav-0.90.3.tar.gz) = 939913d15ad0dc583ba609274ae61a948f4fa18b848bd503d958feacdaab54a4
+SIZE (clamav-0.90.3.tar.gz) = 12496857
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list