Gentoo Bug 41248 - New version of clamav (fixes overflow vulnerability)

Description:

Opened: 2004-02-11 07:38 0000

ClamAV v. 0.65 has a serious vulnerability, which version 0.66 fixes.  Also,
clamav now has a new download site.

Reproducible: Always
Steps to Reproduce:
See http://www.secunia.com/advisories/10826




new clamav-0.66.ebuils:

# Copyright 1999-2004 Gentoo Technologies, Inc.
# Distributed under the terms of the GNU General Public License v2
# $Header: /home/cvsroot/gentoo-x86/net-mail/clamav/clamav-0.65.ebuild,v 1.1
2004/01/20 19:03:02 hanno Exp $

IUSE="milter"

inherit eutils flag-o-matic
has_version =sys-libs/glibc-2.2* && filter-flags -D_FILE_OFFSET_BITS=64
-D_LARGEFILE_SOURCE

DESCRIPTION="Clam Anti-Virus Scanner"
HOMEPAGE="http://www.clamav.net/"
SRC_URI="http://clamav.catt.com/stable/${P}.tar.gz"

LICENSE="GPL-2"
SLOT="0"
KEYWORDS="~x86 ~ppc ~sparc ~mips ~alpha ~arm ~hppa ~amd64"

DEPEND="virtual/glibc"
PROVIDE="virtual/antivirus"

pkg_setup() {
        enewgroup clamav
        enewuser clamav -1 /bin/false /dev/null clamav
        pwconv || die
}

src_compile() {
        local myconf

        use milter && myconf="--enable-milter"

        econf ${myconf} --with-dbdir=/var/lib/clamav || die

        emake || die
}

src_install() {
        make DESTDIR=${D} install || die
        dodoc AUTHORS BUGS NEWS README ChangeLog TODO FAQ INSTALL
        exeinto /etc/init.d ; newexe ${FILESDIR}/clamd.rc clamd
        insinto /etc/conf.d ; newins ${FILESDIR}/clamd.conf clamd
        dodoc ${FILESDIR}/clamav-milter.README.gentoo
}

pkg_postinst() {
        if [ `use milter` ]; then
                einfo "For simple instructions howto setup the
clamav-milter..."
                einfo ""
                einfo "less
/usr/share/doc/${PVR}/clamav-milter.README.gentoo.gz"
        fi
}

new digest-clamav-0.66:

MD5 f0a5d7f35106fb7b176bca5cd28a1bed clamav-0.66.tar.gz 2275692

------- Comment #1 From Heinrich Wendel (RETIRED) 2004-02-11 07:42:56 0000 -------

*** Bug 41237 has been marked as a duplicate of this bug. ***

------- Comment #2 From Aida Escriva-Sammer 2004-02-11 11:02:31 0000 -------

Most archs have 0.65 has unstable, 0.60 is stable for x86, ppc, sparc. 

Hanno, can you take a look at this?


*added package maintainer hanno@gentoo.org

------- Comment #3 From Hanno Boeck 2004-02-16 15:32:43 0000 -------

*** Bug 41686 has been marked as a duplicate of this bug. ***

------- Comment #4 From Hanno Boeck 2004-02-16 15:59:13 0000 -------

I've just commited 0.67-ebuild.
We should mark it stable on all platforms as soon as possible.

A GLSA should be written about two issues:
1. the security vulnerability
2. 0.60 uses a deprecated virus-db-format, so you won't get updates for up-to-date viruses

------- Comment #5 From SpanKY 2004-02-16 17:25:22 0000 -------

could you arch peeps please emerge 0.67 and make sure everything is ok for
stable ?

------- Comment #6 From Jason Wever (RETIRED) 2004-02-16 20:24:18 0000 -------

Everything looks good.  Marked stable on sparc.

------- Comment #7 From Aron Griffis (RETIRED) 2004-02-17 08:23:59 0000 -------

All set on alpha and ia64

------- Comment #8 From Jason Wever (RETIRED) 2004-02-20 18:23:08 0000 -------

As we've already released the GLSA on this, is there any reason not to close?

------- Comment #9 From SpanKY 2004-02-20 19:30:32 0000 -------

aight well i just marked it stable for mips/arm/amd64

i'll let hanno clean out the old ebuilds

Bug 41248 depends on:	41855		Show dependency tree
Bug 41248 blocks:			Show dependency tree

Bugzilla Bug 41248

New version of clamav (fixes overflow vulnerability)

Last modified: 2004-02-20 19:30:32 0000