The attached is for Ubuntu's 0.92.1. It should be very similar (make sure to set the correct CL_FLEVEL) for 0.90.1. I did verify that the modules are re- enabled, but that capability didn't change looking at the output of clamscan --debug.
Scott K
diff -u clamav-0.92.1~dfsg2/debian/changelog clamav-0.92.1~dfsg2/debian/changelog --- clamav-0.92.1~dfsg2/debian/changelog +++ clamav-0.92.1~dfsg2/debian/changelog @@ -1,3 +1,12 @@ +clamav (0.92.1~dfsg2-1.1ubuntu0.5) hardy-security; urgency=low + + * SECURITY UPDATE: re-enable modules disabled due to resolved security + deficiencies: + * References + * Clamav svn commit 4550 + + -- Scott Kitterman <[email protected]> Fri, 16 Jan 2009 02:07:38 -0500 + clamav (0.92.1~dfsg2-1.1ubuntu0.4) hardy-security; urgency=low * SECURITY UPDATE: denial of service via out-of-memory null dereferences, diff -u clamav-0.92.1~dfsg2/debian/patches/00list clamav-0.92.1~dfsg2/debian/patches/00list --- clamav-0.92.1~dfsg2/debian/patches/00list +++ clamav-0.92.1~dfsg2/debian/patches/00list @@ -12,0 +13 @@ +33_dconf_renable.dpatch only in patch2: unchanged: --- clamav-0.92.1~dfsg2.orig/debian/patches/33_dconf_renable.dpatch +++ clamav-0.92.1~dfsg2/debian/patches/33_dconf_renable.dpatch @@ -0,0 +1,76 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 33_dconf_renable.dpatch by <[email protected]> +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Clamav svn 4550 - separate engine capability level and security patch +## DP: levels so disabled modules can be re-enabled after security problems +## DP: are fixeds. Set CL_FLEVEL_DCONF to match 0.94.2. Leave CL_FLEVEL at +## DP: the same level as 0.92.1. + +...@dpatch@ +diff -urNad clamav-0.92.1~dfsg2~/ChangeLog clamav-0.92.1~dfsg2/ChangeLog +--- clamav-0.92.1~dfsg2~/ChangeLog 2008-02-11 13:32:03.000000000 -0500 ++++ clamav-0.92.1~dfsg2/ChangeLog 2009-01-16 01:48:31.000000000 -0500 +@@ -1,3 +1,7 @@ ++Wed Dec 10 20:09:00 CET 2008 (tk) ++--------------------------------- ++ * libclamav: add CL_FLEVEL_DCONF (bb#1313) ++ + Mon Feb 11 19:32:02 CET 2008 + ---------------------------- + * libclamav/mew.c: fix possible heap corruption (bb#806) +diff -urNad clamav-0.92.1~dfsg2~/libclamav/dconf.c clamav-0.92.1~dfsg2/libclamav/dconf.c +--- clamav-0.92.1~dfsg2~/libclamav/dconf.c 2007-12-12 18:15:19.000000000 -0500 ++++ clamav-0.92.1~dfsg2/libclamav/dconf.c 2009-01-16 01:57:26.000000000 -0500 +@@ -233,7 +233,7 @@ + return 0; + } + +- if((unsigned int) atoi(pt) > cl_retflevel()) { ++ if((unsigned int) atoi(pt) > CL_FLEVEL_DCONF) { + free(pt); + return 0; + } +@@ -246,7 +246,7 @@ + return 0; + } + +- if((unsigned int) atoi(pt) < cl_retflevel()) { ++ if((unsigned int) atoi(pt) < CL_FLEVEL_DCONF) { + free(pt); + return 0; + } +diff -urNad clamav-0.92.1~dfsg2~/libclamav/others.c clamav-0.92.1~dfsg2/libclamav/others.c +--- clamav-0.92.1~dfsg2~/libclamav/others.c 2009-01-16 01:47:00.000000000 -0500 ++++ clamav-0.92.1~dfsg2/libclamav/others.c 2009-01-16 01:50:34.000000000 -0500 +@@ -85,8 +85,6 @@ + #define P_tmpdir "C:\\WINDOWS\\TEMP" + #endif + +-#define CL_FLEVEL 26 /* don't touch it */ +- + uint8_t cli_debug_flag = 0, cli_leavetemps_flag = 0; + + static unsigned char name_salt[16] = { 16, 38, 97, 12, 8, 4, 72, 196, 217, 144, 33, 124, 18, 11, 17, 253 }; +diff -urNad clamav-0.92.1~dfsg2~/libclamav/others.h clamav-0.92.1~dfsg2/libclamav/others.h +--- clamav-0.92.1~dfsg2~/libclamav/others.h 2009-01-16 01:47:00.000000000 -0500 ++++ clamav-0.92.1~dfsg2/libclamav/others.h 2009-01-16 02:01:31.000000000 -0500 +@@ -30,6 +30,18 @@ + #include "clamav.h" + #include "dconf.h" + ++/* ++ * CL_FLEVEL is the signature f-level specific to the current code and ++ * should never be modified ++ * CL_FLEVEL_DCONF is used in the dconf module and can be bumped by ++ * distribution packagers provided they fix *all* security issues found ++ * in the old versions of ClamAV. Updating CL_FLEVEL_DCONF will result ++ * in re-enabling affected modules. ++ */ ++ ++#define CL_FLEVEL 26 ++#define CL_FLEVEL_DCONF 38 ++ + extern uint8_t cli_debug_flag, cli_leavetemps_flag; + + /*
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Pkg-clamav-devel mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/pkg-clamav-devel
