[Pkg-clamav-devel] remaining clamav bugs
Sebastian Andrzej Siewior
sebastian at breakpoint.cc
Thu Jul 10 20:35:19 UTC 2014
On 2014-07-10 01:30:41 [+0200], Andreas Cadhalpun wrote:
> >>I'm not sure what string in libclamav this matches, but comparing this
> >>with the strings lintian matches for other libraries, it seems quite
> >>generic. Looking at the affected packages [2], it seems this tag is
> >>always overridden, so maybe a bug report against lintian should be
> >>opened about this.
> >
> >It's always overridden because it's on the FTP master autoreject list if not
> >overridden. You either override it or your package doesn't get in the
> >archive.
>
> So that's the reason...
>
> >If we could find out what is matching it, then it'd be great to file a
> >bug against lintian.
>
> The matched string is:
> $ strings /usr/lib/libclamav.so.6.1.23 | grep -P '(?m)(?<!4 )(?:in|de)flate
> (?:\d[ \w.\-]{1,20}[\w.\-])'
> inflate 1.2.3 Copyright 1995-2005 Mark Adler
>
> This is actually what lintian wants to detect.
> It's defined in libclamav/inflate64.c, which is a modified version of zlib's
> inflate.c, defining inflate64* functions, that are not available in zlib.
>
> I don't think lintian can detect that, so we probably should just add a
> comment to the lintian override, explaining the situation.
You are right. The problem is the inflate64 function, just verified it. Still
it is a modified version of zlib's code for the "zip method 9" according
to the header file.
libzzip goes upto 8. Maybe there is something else that can also uncompress
that kind of file.
Sebastian
More information about the Pkg-clamav-devel
mailing list