Hello,
Insist :) Well, its considered bad practice to upgrade packages
independently on a RH-based system where dependancies break. Security
fixes are back-ported to older versions to preserve versioning an
compatibility. Thats a Redhat feature I agree, and RHEL5 will be EOL in
28 days, so perhaps that point will be moot on April 1 2017.
So insisting on upgrading libraries on a .rpm system in a scenario where
the distro is not EOL'ed is probably not what the general userbase of
those distros will be able/willing to perform. This particular case
has less weight since the distro is about to go out of support from the
vendor, however that doesn't mean there won't be anyone still using it.
I guess once its out of support its not all that hard to start breaking
package dependancies since there will be no upgrades (although, there is
an additional "extended life phase" that RHEL5 systems can obtain, so
the April 1st date is not necessarily accurate).
Your favorite distro probably handles this versioning better than RH does.
Chris
On 3/3/2017 6:53 PM, Scott Kitterman wrote:
As far as I can tell, pcre 7 came out before 2008. I think a decade is enough
time to insist people upgrade.
Scott K
On Friday, March 03, 2017 11:21:30 PM Joel Esler wrote:
If we required pcre 7, it would allow us to publish this kind of sig in the
future of 99.3 and high versions by requiring a certain "flevel".
--
Sent from my iPhone
On Mar 3, 2017, at 18:18, Chris Conn <cc...@abacom.com> wrote:
Hello,
Looks like my off-list email went on the list LOL. So much for not making
noise. Woops.
If the 0.99.3 or whatever later version where this would be implemented
requires PCRE 7, would that break database updates for versions that have
not upgraded if this pcre format is re-used in the future, or would it
simply disable pcre support in previous version of clamd that have not
been upgraded?
Thanks,
Chris
On 3/3/2017 6:13 PM, Joel Esler (jesler) wrote:
A new daily with the Sig dropped.
Probably what we will do to prevent this from happening again, is to have
0.99.3 (the upcoming version) require pcre 7.
How does that sound?
--
Sent from my iPhone
On Mar 3, 2017, at 18:08, Chris Conn <cc...@abacom.com> wrote:
Hello,
I hope you don't mind my contact off-list, I don't want to make noise on
it for all. Apologies.
This new build, are we talking about a daily.cvd (23162?) or a new build
of clam/pcre?
Thanks again in advance for your help,
Chris
On 3/3/2017 4:00 PM, Alain Zidouemba wrote:
We are coming to the same conclusions.
The issue seem to isolated to using pcre libraries older than 7.0. I
does
not affect users of newer versions of pcre or users of pcre2.
A new build with the fix is in progress now.
Apologies for the impact this has caused.
Alain
On Fri, Mar 3, 2017 at 2:34 PM, Steve Basford <
steveb_cla...@sanesecurity.com> wrote:
On Fri, March 3, 2017 7:20 pm, Alain Zidouemba wrote:
We're pulling the signature causing the issue now, while we
investigate
the cause.
- Alain
Hi Alain,
I think the fix is... Replace ? with ?P when the PCRE library is old
ie. ?< to ?P<
On...
Doc.Macro.GenericHeuristic-5901772-0
Doc.Macro.GenericHeuristic-5931846-1
--
Cheers,
Steve
Twitter: @sanesecurity
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
