On 9/30/10 8:57 PM, Syed Zubair wrote: > This is what I get when I try to install ClamAV 96.3: Help > configure: Summary of engine detection features > autoit_ea06 : yes > bzip2 : bugged (CVE-2010-0405) > zlib : /usr > unrar : yes > configure: WARNING: > ****** WARNING: > ****** You are cross compiling to a different host or you are > ****** linking to bugged system libraries or you have manually > ****** disabled important configure checks. > ****** Please be aware that this build may be badly broken. > ****** DO NOT REPORT BUGS BASED ON THIS BUILD !!! > > -bash-2.05b$ > In a similar situation, the following reply was sent:
> We released ClamAV 0.96.3 ~8 hours after the new version of bzip2 was > published on http://www.bzip.org/ and which disclosed the integer > overflow bug at the same time. The aim of this release was to fix the > INTERNAL bzip2 library shipped with our package (it's a modified version > used by the NSIS unpacker - we can't rely on the system library in this > case). > > We also added a check to INFORM YOU, whether or not your system's own > bzip2 library (which ClamAV uses to process .bz2 files) is affected. If > you decided to type "make" after running configure, the final build was > still dynamically linked against it and you could upgrade this library > later. There was no point in waiting for the distros to provide new > packages for bzip2. > > -- > oo ..... Tomasz Kojm <tk...@clamav.net> > (\/)\......... http://www.ClamAV.net/gpg/tkojm.gpg > \..........._ 0DCA5A08407D5288279DB43454822DC8985A444B > //\ /\ Wed Sep 22 20:09:50 CEST 2010 -Al- -- Al Varnell Mountain View, CA _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
