[Pkg-clamav-devel] remaining clamav bugs
Andreas Cadhalpun
andreas.cadhalpun at googlemail.com
Thu Jul 10 21:33:06 UTC 2014
Hi Sebastian,
On 10.07.2014 22:35, Sebastian Andrzej Siewior wrote:
> On 2014-07-10 01:30:41 [+0200], Andreas Cadhalpun wrote:
>> The matched string is:
>> $ strings /usr/lib/libclamav.so.6.1.23 | grep -P '(?m)(?<!4 )(?:in|de)flate
>> (?:\d[ \w.\-]{1,20}[\w.\-])'
>> inflate 1.2.3 Copyright 1995-2005 Mark Adler
>>
>> This is actually what lintian wants to detect.
>> It's defined in libclamav/inflate64.c, which is a modified version of zlib's
>> inflate.c, defining inflate64* functions, that are not available in zlib.
>>
>> I don't think lintian can detect that, so we probably should just add a
>> comment to the lintian override, explaining the situation.
>
> You are right. The problem is the inflate64 function, just verified it. Still
> it is a modified version of zlib's code for the "zip method 9" according
> to the header file.
> libzzip goes upto 8. Maybe there is something else that can also uncompress
> that kind of file.
Better would be to add 'method 9' support to zlib.
Maybe I misunderstand something, but to me it seems the situation is as
follows:
In the (distant) past, clamav had a problem decompressing "zip method 9"
and zlib was asked to add this funcionality [1].
As this hasn't happend during the last decade, clamav implemented it in
it's own source.
So to get rid of this lintian error, someone should follow up on
#308799, probably sending inflate64.c etc. as patches and see if
upstream zlib is willing to add them.
Best regards,
Andreas
1: https://bugs.debian.org/308799
More information about the Pkg-clamav-devel
mailing list