From 8f73d332e94f08acbc914f6c0bec696e94c9ac31 Mon Sep 17 00:00:00 2001 From: Robert Scheck Date: Oct 06 2013 21:23:25 +0000 Subject: Merge remote branch 'origin/master' into f18 Conflicts: .gitignore --- diff --git a/.gitignore b/.gitignore index fa89431..7a759e6 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,3 @@ -/clamav-0.97.7-norar.tar.xz -/main.cvd -/daily.cvd -/daily-16898.cvd -/clamav-0.97.8-norar.tar.xz -/daily-17144.cvd +/clamav-*-norar.tar.xz +/main*.cvd +/daily*.cvd diff --git a/clamav-0.92-open.patch b/clamav-0.92-open.patch deleted file mode 100644 index e300279..0000000 --- a/clamav-0.92-open.patch +++ /dev/null @@ -1,13 +0,0 @@ -Index: clamav-0.96.2/clamd/dazukoio_compat12.c -=================================================================== ---- clamav-0.96.2.orig/clamd/dazukoio_compat12.c -+++ clamav-0.96.2/clamd/dazukoio_compat12.c -@@ -89,7 +89,7 @@ int dazukoRegister_TS_compat12(struct da - if (dazuko->device < 0) - { - -- dazuko->device = open("/dev/dazuko", 0); -+ dazuko->device = open("/dev/dazuko", O_RDONLY); - if (dazuko->device < 0) - return -1; - diff --git a/clamav-0.95-cliopts.patch b/clamav-0.95-cliopts.patch deleted file mode 100644 index e2bb19b..0000000 --- a/clamav-0.95-cliopts.patch +++ /dev/null @@ -1,13 +0,0 @@ -Index: clamav-0.96.1/shared/optparser.c -=================================================================== ---- clamav-0.96.1.orig/shared/optparser.c -+++ clamav-0.96.1/shared/optparser.c -@@ -242,7 +242,7 @@ const struct clam_option __clam_options[ - - { "ExitOnOOM", NULL, 0, TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD, "Stop the daemon when libclamav reports an out of memory condition.", "yes" }, - -- { "Foreground", NULL, 0, TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_MILTER, "Don't fork into background.", "no" }, -+ { "Foreground", "nofork", 0, TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_MILTER, "Don't fork into background.", "no" }, - - { "Debug", NULL, 0, TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM, "Enable debug messages in libclamav.", "no" }, - diff --git a/clamav-0.95.3-umask.patch b/clamav-0.95.3-umask.patch deleted file mode 100644 index 22e7c06..0000000 --- a/clamav-0.95.3-umask.patch +++ /dev/null @@ -1,39 +0,0 @@ -Index: clamav-0.96.2/clamav-milter/clamav-milter.c -=================================================================== ---- clamav-0.96.2.orig/clamav-milter/clamav-milter.c -+++ clamav-0.96.2/clamav-milter/clamav-milter.c -@@ -370,7 +370,7 @@ int main(int argc, char **argv) { - - if((opt = optget(opts, "PidFile"))->enabled) { - FILE *fd; -- mode_t old_umask = umask(0002); -+ mode_t old_umask = umask(0022); - - if((fd = fopen(opt->strarg, "w")) == NULL) { - logg("!Can't save PID in file %s\n", opt->strarg); -Index: clamav-0.96.2/shared/output.c -=================================================================== ---- clamav-0.96.2.orig/shared/output.c -+++ clamav-0.96.2/shared/output.c -@@ -280,7 +280,7 @@ int logg(const char *str, ...) - #endif - if(logg_file) { - if(!logg_fp) { -- old_umask = umask(0037); -+ old_umask = umask(0077); - if((logg_fp = fopen(logg_file, "at")) == NULL) { - umask(old_umask); - #ifdef CL_THREAD_SAFE -Index: clamav-0.96.2/freshclam/freshclam.c -=================================================================== ---- clamav-0.96.2.orig/freshclam/freshclam.c -+++ clamav-0.96.2/freshclam/freshclam.c -@@ -114,7 +114,7 @@ static void writepid(const char *pidfile - { - FILE *fd; - int old_umask; -- old_umask = umask(0006); -+ old_umask = umask(0022); - if((fd = fopen(pidfile, "w")) == NULL) { - logg("!Can't save PID to file %s: %s\n", pidfile, strerror(errno)); - } else { diff --git a/clamav-0.96.2-jitoff.patch b/clamav-0.96.2-jitoff.patch deleted file mode 100644 index b34fc81..0000000 --- a/clamav-0.96.2-jitoff.patch +++ /dev/null @@ -1,34 +0,0 @@ -Index: clamav-0.97.1/etc/clamd.conf -=================================================================== ---- clamav-0.97.1.orig/etc/clamd.conf -+++ clamav-0.97.1/etc/clamd.conf -@@ -469,6 +469,16 @@ Example - # Default: yes - #Bytecode yes - -+# Bytecode mode -+# -+# This option has been set to 'ForceInterpreter' in Fedora due to -+# security concerns by default. You might need to enable the -+# 'clamd_use_jit' SELinux boolean after setting this option to the -+# more efficient 'ForceJIT' value. -+# -+# Default: ForceInterpreter -+#ByteCodeMode ForceInterpreter -+ - # Set bytecode security level. - # Possible values: - # None - no security at all, meant for debugging. DO NOT USE THIS ON PRODUCTION SYSTEMS -Index: clamav-0.97.1/shared/optparser.c -=================================================================== ---- clamav-0.97.1.orig/shared/optparser.c -+++ clamav-0.97.1/shared/optparser.c -@@ -264,7 +264,7 @@ const struct clam_option __clam_options[ - { "BytecodeUnsigned", "bytecode-unsigned", 0, TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, - "Allow loading bytecode from outside digitally signed .c[lv]d files.\n","no"}, - -- { "BytecodeMode", "bytecode-mode", 0, TYPE_STRING, "^(Auto|ForceJIT|ForceInterpreter|Test)$", -1, "Auto", FLAG_REQUIRED, OPT_CLAMD | OPT_CLAMSCAN, -+ { "BytecodeMode", "bytecode-mode", 0, TYPE_STRING, "^(Auto|ForceJIT|ForceInterpreter|Test)$", -1, "ForceInterpreter", FLAG_REQUIRED, OPT_CLAMD | OPT_CLAMSCAN, - "Set bytecode execution mode.\nPossible values:\n\tAuto - automatically choose JIT if possible, fallback to interpreter\nForceJIT - always choose JIT, fail if not possible\nForceIntepreter - always choose interpreter\nTest - run with both JIT and interpreter and compare results. Make all failures fatal\n","Auto"}, - - { "DetectPUA", "detect-pua", 0, TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "Detect Potentially Unwanted Applications.", "yes" }, diff --git a/clamav-0.98-arm-fanotify.patch b/clamav-0.98-arm-fanotify.patch new file mode 100644 index 0000000..7a08715 --- /dev/null +++ b/clamav-0.98-arm-fanotify.patch @@ -0,0 +1,30 @@ +Patch by Robert Scheck for clamav <= 0.98 which adds support for +ARM. The syscall is taken from arch/arm/include/asm/unistd.h from the Linux kernel. Without +this patch building on (at least) ARMv7 fails like this: + +In file included from fan.c:38:0: +fan-syscalllib.h:14:3: error: #error "System call numbers not defined for this architecture" + # error "System call numbers not defined for this architecture" + ^ +fan-syscalllib.h: In function 'fanotify_init': +fan-syscalllib.h:19:17: error: '__NR_fanotify_init' undeclared (first use in this function) + return syscall(__NR_fanotify_init, flags, event_f_flags); + ^ +fan-syscalllib.h:19:17: note: each undeclared identifier is reported only once for each function it appears in +fan-syscalllib.h: In function 'fanotify_mark': +fan-syscalllib.h:25:17: error: '__NR_fanotify_mark' undeclared (first use in this function) + return syscall(__NR_fanotify_mark, fanotify_fd, flags, mask, + ^ + +--- clamav-0.98/clamd/fan-syscalllib.h 2013-09-16 21:28:14.000000000 +0200 ++++ clamav-0.98/clamd/fan-syscalllib.h.arm-fanotify 2013-10-06 22:29:26.000000000 +0200 +@@ -10,6 +10,9 @@ + #elif defined(__i386__) + # define __NR_fanotify_init 338 + # define __NR_fanotify_mark 339 ++#elif defined(__ARM_EABI__) ++# define __NR_fanotify_init 367 ++# define __NR_fanotify_mark 368 + #else + # error "System call numbers not defined for this architecture" + #endif diff --git a/clamav-0.98-cliopts.patch b/clamav-0.98-cliopts.patch new file mode 100644 index 0000000..5644d68 --- /dev/null +++ b/clamav-0.98-cliopts.patch @@ -0,0 +1,11 @@ +--- clamav-0.98/shared/optparser.c 2013-09-16 21:28:14.000000000 +0200 ++++ clamav-0.98/shared/optparser.c.cliopts 2013-10-06 20:34:18.000000000 +0200 +@@ -255,7 +255,7 @@ + + { "AllowAllMatchScan", NULL, 0, TYPE_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_CLAMD, "Permit use of the ALLMATCHSCAN command.", "yes" }, + +- { "Foreground", NULL, 0, TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_MILTER, "Don't fork into background.", "no" }, ++ { "Foreground", "nofork", 0, TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_MILTER, "Don't fork into background.", "no" }, + + { "Debug", NULL, 0, TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM, "Enable debug messages in libclamav.", "no" }, + diff --git a/clamav-0.98-jitoff.patch b/clamav-0.98-jitoff.patch new file mode 100644 index 0000000..2e366f4 --- /dev/null +++ b/clamav-0.98-jitoff.patch @@ -0,0 +1,30 @@ +--- clamav-0.98/etc/clamd.conf.sample 2013-09-16 21:28:14.000000000 +0200 ++++ clamav-0.98/etc/clamd.conf.sample.jitoff 2013-10-06 20:46:59.000000000 +0200 +@@ -543,6 +543,16 @@ + # Default: yes + #Bytecode yes + ++# Bytecode mode ++# ++# This option has been set to 'ForceInterpreter' in Fedora due to ++# security concerns by default. You might need to enable the ++# 'clamd_use_jit' SELinux boolean after setting this option to the ++# more efficient 'ForceJIT' value. ++# ++# Default: ForceInterpreter ++#ByteCodeMode ForceInterpreter ++ + # Set bytecode security level. + # Possible values: + # None - no security at all, meant for debugging. DO NOT USE THIS ON PRODUCTION SYSTEMS +--- clamav-0.98/shared/optparser.c 2013-09-16 21:28:14.000000000 +0200 ++++ clamav-0.98/shared/optparser.c.jitoff 2013-10-06 20:46:12.000000000 +0200 +@@ -277,7 +277,7 @@ + { "BytecodeUnsigned", "bytecode-unsigned", 0, TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, + "Allow loading bytecode from outside digitally signed .c[lv]d files.","no"}, + +- { "BytecodeMode", "bytecode-mode", 0, TYPE_STRING, "^(Auto|ForceJIT|ForceInterpreter|Test)$", -1, "Auto", FLAG_REQUIRED, OPT_CLAMD | OPT_CLAMSCAN, ++ { "BytecodeMode", "bytecode-mode", 0, TYPE_STRING, "^(Auto|ForceJIT|ForceInterpreter|Test)$", -1, "ForceInterpreter", FLAG_REQUIRED, OPT_CLAMD | OPT_CLAMSCAN, + "Set bytecode execution mode.\nPossible values:\n\tAuto - automatically choose JIT if possible, fallback to interpreter\nForceJIT - always choose JIT, fail if not possible\nForceIntepreter - always choose interpreter\nTest - run with both JIT and interpreter and compare results. Make all failures fatal.","Auto"}, + + { "BytecodeStatistics", "bytecode-statistics", 0, TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMSCAN, "Collect and print bytecode execution statistics.", "no" }, diff --git a/clamav-0.98-umask.patch b/clamav-0.98-umask.patch new file mode 100644 index 0000000..b9aa421 --- /dev/null +++ b/clamav-0.98-umask.patch @@ -0,0 +1,33 @@ +--- clamav-0.98/clamav-milter/clamav-milter.c 2013-09-16 21:28:14.000000000 +0200 ++++ clamav-0.98/clamav-milter/clamav-milter.c.umask 2013-10-06 20:39:08.000000000 +0200 +@@ -374,7 +374,7 @@ + + if((opt = optget(opts, "PidFile"))->enabled) { + FILE *fd; +- mode_t old_umask = umask(0002); ++ mode_t old_umask = umask(0022); + + if((fd = fopen(opt->strarg, "w")) == NULL) { + logg("!Can't save PID in file %s\n", opt->strarg); +--- clamav-0.98/shared/output.c 2013-09-16 21:28:14.000000000 +0200 ++++ clamav-0.98/shared/output.c.umask 2013-10-06 20:39:28.000000000 +0200 +@@ -348,7 +348,7 @@ + logg_open(); + + if(!logg_fp && logg_file) { +- old_umask = umask(0037); ++ old_umask = umask(0077); + if((logg_fp = fopen(logg_file, "at")) == NULL) { + umask(old_umask); + #ifdef CL_THREAD_SAFE +--- clamav-0.98/freshclam/freshclam.c 2013-09-16 21:28:14.000000000 +0200 ++++ clamav-0.98/freshclam/freshclam.c.umask 2013-10-06 20:39:47.000000000 +0200 +@@ -123,7 +123,7 @@ + { + FILE *fd; + int old_umask; +- old_umask = umask (0006); ++ old_umask = umask (0022); + if ((fd = fopen (pidfile, "w")) == NULL) + { + logg ("!Can't save PID to file %s: %s\n", pidfile, strerror (errno)); diff --git a/clamav.spec b/clamav.spec index f7b3bcb..7ad1b72 100644 --- a/clamav.spec +++ b/clamav.spec @@ -52,8 +52,8 @@ Requires(postun): /bin/systemctl\ Summary: End-user tools for the Clam Antivirus scanner Name: clamav -Version: 0.97.8 -Release: 2%{?dist} +Version: 0.98 +Release: 1%{?dist} License: %{?with_unrar:proprietary}%{!?with_unrar:GPLv2} Group: Applications/File URL: http://www.clamav.net @@ -67,18 +67,19 @@ Source999: http://download.sourceforge.net/sourceforge/clamav/%name-%version%{?p # make clean-sources [TARBALL=] [VERSION=] Source0: %name-%version%{?prerelease}-norar.tar.xz %endif -#To download the .cvd, go to http://www.clamav.net and use the links there (I renamed the files to add the -version suffix) -Source10: http://db.local.clamav.net/main-54.cvd -Source11: http://db.local.clamav.net/daily-17144.cvd +# To download the *.cvd, go to http://www.clamav.net and use the links +# there (I renamed the files to add the -version suffix for verifying). +Source10: http://db.local.clamav.net/main-55.cvd +Source11: http://db.local.clamav.net/daily-17940.cvd Patch24: clamav-0.92-private.patch -Patch25: clamav-0.92-open.patch -Patch26: clamav-0.95-cliopts.patch -Patch27: clamav-0.95.3-umask.patch +Patch26: clamav-0.98-cliopts.patch +Patch27: clamav-0.98-umask.patch # https://bugzilla.redhat.com/attachment.cgi?id=403775&action=diff&context=patch&collapsed=&headers=1&format=raw -Patch29: clamav-0.96.2-jitoff.patch +Patch29: clamav-0.98-jitoff.patch # https://llvm.org/viewvc/llvm-project/llvm/trunk/lib/ExecutionEngine/JIT/Intercept.cpp?r1=128086&r2=137567 Patch30: llvm-glibc.patch +Patch31: clamav-0.98-arm-fanotify.patch BuildRoot: %_tmppath/%name-%version-%release-root Requires: clamav-lib = %version-%release Requires: data(clamav) @@ -138,7 +139,8 @@ Source200: freshclam-sleep Source201: freshclam.sysconfig Source202: clamav-update.crond Source203: clamav-update.logrotate -Requires: clamav-filesystem = %version-%release +Requires: clamav-filesystem = %version-%release +Requires: crontabs Requires(pre): /etc/cron.d Requires(postun): /etc/cron.d Requires(post): %__chown %__chmod @@ -387,11 +389,11 @@ The systemd initscripts for clamav-scanner. %setup -q -n %{name}-%{version}%{?prerelease} %apply -n24 -p1 -b .private -%apply -n25 -p1 -b .open %apply -n26 -p1 -b .cliopts %apply -n27 -p1 -b .umask %apply -n29 -p1 -b .jitoff %apply -n30 -p1 +%apply -n31 -p1 -b .arm-fanotify %{?apply_end} install -p -m0644 %SOURCE300 clamav-milter/ @@ -406,12 +408,12 @@ sed -ri \ -e 's!^#?(User ).*!\1!g' \ -e 's!^#?(AllowSupplementaryGroups|LogSyslog).*!\1 yes!g' \ -e 's! /usr/local/share/clamav,! %homedir,!g' \ - etc/clamd.conf + etc/clamd.conf.sample sed -ri \ -e 's!^#?(UpdateLogFile )!#\1!g;' \ -e 's!^#?(LogSyslog).*!\1 yes!g' \ - -e 's!(DatabaseOwner *)clamav$!\1%username!g' etc/freshclam.conf + -e 's!(DatabaseOwner *)clamav$!\1%username!g' etc/freshclam.conf.sample ## ------------------------------------------------------------ @@ -478,7 +480,7 @@ install -d -m 0755 \ $RPM_BUILD_ROOT%homedir \ $RPM_BUILD_ROOT%scanstatedir -rm -f $RPM_BUILD_ROOT%_sysconfdir/clamd.conf \ +rm -f $RPM_BUILD_ROOT%_sysconfdir/clamd.conf.sample \ $RPM_BUILD_ROOT%_libdir/*.la @@ -493,7 +495,7 @@ install -D -m 0644 -p %SOURCE2 _doc_server/clamd.sysconfig install -D -m 0644 -p %SOURCE3 _doc_server/clamd.logrotate install -D -m 0755 -p %SOURCE7 _doc_server/clamd.init install -D -m 0644 -p %SOURCE5 _doc_server/README -install -D -m 0644 -p etc/clamd.conf _doc_server/clamd.conf +install -D -m 0644 -p etc/clamd.conf.sample _doc_server/clamd.conf install -m 0644 -p %SOURCE520 $RPM_BUILD_ROOT%pkgdatadir/ install -m 0755 -p %SOURCE100 $RPM_BUILD_ROOT%pkgdatadir/ @@ -511,6 +513,7 @@ touch $RPM_BUILD_ROOT%freshclamlog install -D -p -m 0755 %SOURCE200 $RPM_BUILD_ROOT%pkgdatadir/freshclam-sleep install -D -p -m 0644 %SOURCE201 $RPM_BUILD_ROOT%_sysconfdir/sysconfig/freshclam install -D -p -m 0600 %SOURCE202 $RPM_BUILD_ROOT%_sysconfdir/cron.d/clamav-update +mv -f $RPM_BUILD_ROOT%_sysconfdir/freshclam.conf{.sample,} smartsubst 's!webmaster,clamav!webmaster,%username!g; s!/usr/share/clamav!%pkgdatadir!g; @@ -522,7 +525,7 @@ smartsubst 's!webmaster,clamav!webmaster,%username!g; ### The scanner stuff sed -e 's!!scan!g;s!!%scanuser!g' \ - etc/clamd.conf > $RPM_BUILD_ROOT%_sysconfdir/clamd.d/scan.conf + etc/clamd.conf.sample > $RPM_BUILD_ROOT%_sysconfdir/clamd.d/scan.conf sed -e 's!!scan!g;' $RPM_BUILD_ROOT%pkgdatadir/template/clamd.init \ > $RPM_BUILD_ROOT%_initrddir/clamd.scan @@ -544,7 +547,7 @@ sed -r \ -e 's! /tmp/clamav-milter.socket! %milterstatedir/clamav-milter.socket!g' \ -e 's! /var/run/clamav-milter.pid! %milterstatedir/clamav-milter.pid!g' \ -e 's! /tmp/clamav-milter.log! %milterlog!g' \ - etc/clamav-milter.conf > $RPM_BUILD_ROOT%_sysconfdir/mail/clamav-milter.conf + etc/clamav-milter.conf.sample > $RPM_BUILD_ROOT%_sysconfdir/mail/clamav-milter.conf install -D -p -m 0644 %SOURCE310 $RPM_BUILD_ROOT%_sysconfdir/init/clamav-milter.conf install -D -p -m 0755 %SOURCE320 $RPM_BUILD_ROOT%_initrddir/clamav-milter @@ -554,7 +557,7 @@ cat << EOF > $RPM_BUILD_ROOT%_sysconfdir/tmpfiles.d/clamav-milter.conf d %milterstatedir 0710 %milteruser %milteruser EOF -rm -f $RPM_BUILD_ROOT%_sysconfdir/clamav-milter.conf +rm -f $RPM_BUILD_ROOT%_sysconfdir/clamav-milter.conf.sample touch $RPM_BUILD_ROOT{%milterstatedir/clamav-milter.{socket,pid},%milterlog} %{!?with_upstart: rm -rf $RPM_BUILD_ROOT%_sysconfdir/init} @@ -853,6 +856,16 @@ test "$1" != "0" || /sbin/initctl -q stop clamav-milter || : %changelog +* Sun Oct 06 2013 Robert Scheck - 0.98-1 +- Upgrade to 0.98 and updated main.cvd and daily.cvd (#1010168) + +* Wed Aug 07 2013 Pierre-Yves Chibon - 0.97.8-4 +- Add a missing requirement on crontabs to spec file +- Fix RHBZ#988605 + +* Sat Aug 03 2013 Fedora Release Engineering - 0.97.8-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + * Thu May 2 2013 Nick Bebout - 0.97.8-1 - Update to 0.97.8 @@ -982,7 +995,7 @@ test "$1" != "0" || /sbin/initctl -q stop clamav-milter || : - updated to 0.96.1 - rediffed patches -* Sat May 19 2010 Rakesh Pandit - 0.96.1403 +* Sat May 29 2010 Rakesh Pandit - 0.96.1403 - CVE-2010-1639 Clam AntiVirus: Heap-based overflow, when processing malicious PDF file(s) * Wed Apr 21 2010 Enrico Scholz - 0.96-1402 diff --git a/sources b/sources index aff5931..89dd5b5 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -8cfa8b280084a97518d3e80575e98938 clamav-0.97.8-norar.tar.xz -eb12490fda87d602e476d4b163f8a34b main-54.cvd -18c3f0e756b59e69c717d2883914c088 daily-17144.cvd +500ed097cdd1f27ba2ed5fbc605eba37 clamav-0.98-norar.tar.xz +06f660f474d1a6863de4a00eb02521e3 main-55.cvd +012af1d3ee7156db8bad20650c89a94d daily-17940.cvd