From a96a0d07da7e67c83c7682f53d45173944258e05 Mon Sep 17 00:00:00 2001 From: Sérgio M. Basto Date: May 29 2024 13:25:53 +0000 Subject: Update clamav to 1.0.6 Use %build_rustflags on EL8 --- diff --git a/README.fedora b/README.fedora deleted file mode 100644 index dd9cfe5..0000000 --- a/README.fedora +++ /dev/null @@ -1,111 +0,0 @@ -Please note for Fedora and EPEL 7+ we use only systemd. - -A clamav-milter setup consists of the following three components: - -* the clamav-milter itself - - The main configuration is in /etc/mail/clamav-milter.conf and MUST - be changed before first use. - - This can be enabled with: 'systemctl enable clamav-milter.service' - -* a clamav scanner daemon - - The daemon is configured by /etc/clamd.d/scan.conf (which MUST be - edited before first use). - - This can be enabled with: 'systemctl enable clamd@scan.service' - -* the MTA (sendmail/postfix) - - --> you should know how to install this... - - When communicating across unix sockets with the clamav-milter, it is - suggested to use the /run/clamav-milter/clamav-milter.socket - path. You have to add something like - - INPUT_MAIL_FILTER(`clamav', `S=local:/run/clamav-milter/clamav-milter.socket, F=, T=S:4m;R:4m')dnl - - to your sendmail.mc. - -* Changing permissions of directory /var/lib/clamav - Whenever ClamAV is upgraded by dnf, the permissions for the /var/lib/clamav directory change to user clamupdate - If for some reason you need DatabaseOwner be another user, you may copy /usr/lib/systemd/system/clamav-freshclam.service to /etc/systemd/system/ - and add ExecStartPre=+/usr/bin/chown youruser:yourgroup /var/lib/clamav and updates won't break your configuration ... - Please add comments to https://bugzilla.redhat.com/show_bug.cgi?id=2023371 if not work for you or if you have any suggestion. - Note: =+ on systemd.service (man 5 systemd.service, Special executable prefixes) - If the executable path is prefixed with "+" then the process is executed with full privileges. - - -EXAMPLE -======= - -For clamav-milter, a possible setup might be created by - -A) On the MTA (assumed hostname 'host-mta') - - 1. Add to sendmail.mc - - | INPUT_MAIL_FILTER(`clamav', `S=inet:6666@host-milter, F=, T=S:4m;R:4m')dnl - - 2. Rebuild sendmail.cf - - -B) On the clamav-milter host (assumed hostname 'host-milter') - - 1. Install clamav-milter + clamav-milter-upstart packages - - 2. Set in /etc/mail/clamav-milter.conf - - | MilterSocket inet:6666 - | ClamdSocket tcp:host-scanner:6665 - - and all the other options which are required on your system - - 3. Enable clamav-milter.service: - - | systemctl enable clamav-milter.service - - Restart your system or execute - - | systemctl start clamav-milter.service - - 4. Add something like - - | iptables -N IN-cmilt - | iptables -A IN-cmilt -s host-mta -j ACCEPT - | iptables -A IN-cmilt -j DROP - - | iptables -A INPUT -p tcp --dport 6666 -j IN-cmilt - - to your firewall setup - -C) On the clamav-scanner host (assumed hostname 'host-scanner') - - 1. Install clamd - - 2. Add to /etc/clamd.d/scan.conf - - | TCPSocket 6665 - | TCPAddr host-scanner - - comment out possible 'LocalSocket' lines and set all the other - options which are required on your system - - 3. Enable clamd@scan.service: - - | systemctl enable clamd@scan.service - - Restart your system or execute - - | systemctl start clamd@scan.service - - 4. Add something like - - | iptables -N IN-cscan - | iptables -A IN-cscan -s host-milter -j ACCEPT - | iptables -A IN-cscan -j DROP - - | iptables -A INPUT -p tcp --dport 6665 -j IN-csan - - to your firewall setup diff --git a/README.fedora.md b/README.fedora.md new file mode 100644 index 0000000..aa2a988 --- /dev/null +++ b/README.fedora.md @@ -0,0 +1,113 @@ +## README.fedora.md (mainly clamav-milter) + + +Please note for Fedora and EPEL 7+ we use only systemd. + +A clamav-milter setup consists of the following three components: + +### The clamav-milter itself + + The main configuration is in /etc/mail/clamav-milter.conf and MUST + be changed before first use. + + This can be enabled with: 'systemctl enable clamav-milter.service' + +### A clamav scanner daemon + + The daemon is configured by /etc/clamd.d/scan.conf (which MUST be + edited before first use). + + This can be enabled with: 'systemctl enable clamd@scan.service' + +### The MTA (sendmail/postfix) + + --> you should know how to install this... + + When communicating across unix sockets with the clamav-milter, it is + suggested to use the /run/clamav-milter/clamav-milter.socket + path. You have to add something like + + INPUT_MAIL_FILTER(`clamav', `S=local:/run/clamav-milter/clamav-milter.socket, F=, T=S:4m;R:4m')dnl + + to your sendmail.mc. + +### Changing permissions of directory /var/lib/clamav + + - Whenever ClamAV is upgraded by dnf, the permissions for the /var/lib/clamav directory change to user clamupdate + - If for some reason you need DatabaseOwner be another user, you may copy /usr/lib/systemd/system/clamav-freshclam.service to /etc/systemd/system/ and add ExecStartPre=+/usr/bin/chown youruser:yourgroup /var/lib/clamav and updates won't break your configuration ... + - Please add comments to https://bugzilla.redhat.com/show_bug.cgi?id=2023371 if not work for you or if you have any suggestion. + - Note: =+ on systemd.service (man 5 systemd.service, Special executable prefixes) If the executable path is prefixed with "+" then the process is executed with full privileges. + + +EXAMPLE +======= + +For clamav-milter, a possible setup might be created by + +A) On the MTA (assumed hostname 'host-mta') + + 1. Add to sendmail.mc + + | INPUT_MAIL_FILTER(`clamav', `S=inet:6666@host-milter, F=, T=S:4m;R:4m')dnl + + 2. Rebuild sendmail.cf + + +B) On the clamav-milter host (assumed hostname 'host-milter') + + 1. Install clamav-milter + clamav-milter-upstart packages + + 2. Set in /etc/mail/clamav-milter.conf + + | MilterSocket inet:6666 + | ClamdSocket tcp:host-scanner:6665 + + and all the other options which are required on your system + + 3. Enable clamav-milter.service: + + | systemctl enable clamav-milter.service + + Restart your system or execute + + | systemctl start clamav-milter.service + + 4. Add something like + + | iptables -N IN-cmilt + | iptables -A IN-cmilt -s host-mta -j ACCEPT + | iptables -A IN-cmilt -j DROP + + | iptables -A INPUT -p tcp --dport 6666 -j IN-cmilt + + to your firewall setup + +C) On the clamav-scanner host (assumed hostname 'host-scanner') + + 1. Install clamd + + 2. Add to /etc/clamd.d/scan.conf + + | TCPSocket 6665 + | TCPAddr host-scanner + + comment out possible 'LocalSocket' lines and set all the other + options which are required on your system + + 3. Enable clamd@scan.service: + + | systemctl enable clamd@scan.service + + Restart your system or execute + + | systemctl start clamd@scan.service + + 4. Add something like + + | iptables -N IN-cscan + | iptables -A IN-cscan -s host-milter -j ACCEPT + | iptables -A IN-cscan -j DROP + + | iptables -A INPUT -p tcp --dport 6665 -j IN-csan + + to your firewall setup diff --git a/clamav-0.99-private.patch b/clamav-0.99-private.patch deleted file mode 100644 index 7f9f563..0000000 --- a/clamav-0.99-private.patch +++ /dev/null @@ -1,27 +0,0 @@ ---- clamav-0.99/libclamav.pc.in 2015-09-18 22:48:25.000000000 +0200 -+++ clamav-0.99/libclamav.pc.in.private 2015-12-02 01:30:30.055231319 +0100 -@@ -7,6 +7,6 @@ - Description: A GPL virus scanner - Version: @PACKAGE_VERSION@ - Libs: -L${libdir} -lclamav --Libs.private: @LIBCLAMAV_LIBS@ -+Libs.private: -L${libdir} -lclamav @LIBCLAMAV_LIBS@ - Cflags: -I${includedir} - ---- clamav-0.99/clamav-config.in 2015-05-28 23:56:25.000000000 +0200 -+++ clamav-0.99/clamav-config.in.private 2015-12-02 01:31:34.933705763 +0100 -@@ -54,12 +54,8 @@ - usage 0 - ;; - -- --cflags) -- echo -I@includedir@ @CFLAGS@ -- ;; -- -- --libs) -- echo -L@libdir@ @LIBCLAMAV_LIBS@ -+ (--cflags|--libs) -+ ${PKG_CONFIG:-pkg-config} "$1" libclamav - ;; - - *) diff --git a/clamav-default_confs.patch b/clamav-default_confs.patch index 97bbc10..5b06f9e 100644 --- a/clamav-default_confs.patch +++ b/clamav-default_confs.patch @@ -1,6 +1,6 @@ -diff -up clamav-0.103.0/clamconf/clamconf.c.default_confs clamav-0.103.0/clamconf/clamconf.c ---- clamav-0.103.0/clamconf/clamconf.c.default_confs 2020-09-12 18:27:09.000000000 -0600 -+++ clamav-0.103.0/clamconf/clamconf.c 2020-09-17 22:00:20.792879792 -0600 +diff -up clamav-0.104.3/clamconf/clamconf.c.default_confs clamav-0.104.3/clamconf/clamconf.c +--- clamav-0.104.3/clamconf/clamconf.c.default_confs 2022-05-02 00:24:50.000000000 -0600 ++++ clamav-0.104.3/clamconf/clamconf.c 2022-05-12 22:04:42.883348923 -0600 @@ -63,9 +63,9 @@ static struct _cfgfile { const char *name; int tool; @@ -13,66 +13,66 @@ diff -up clamav-0.103.0/clamconf/clamconf.c.default_confs clamav-0.103.0/clamcon {NULL, 0}}; static void printopts(struct optstruct *opts, int nondef) -diff -up clamav-0.103.0/docs/man/clamav-milter.8.in.default_confs clamav-0.103.0/docs/man/clamav-milter.8.in ---- clamav-0.103.0/docs/man/clamav-milter.8.in.default_confs 2020-09-12 18:27:09.000000000 -0600 -+++ clamav-0.103.0/docs/man/clamav-milter.8.in 2020-09-17 22:00:20.793879800 -0600 +diff -up clamav-0.104.3/docs/man/clamav-milter.8.in.default_confs clamav-0.104.3/docs/man/clamav-milter.8.in +--- clamav-0.104.3/docs/man/clamav-milter.8.in.default_confs 2022-05-12 22:04:42.885348940 -0600 ++++ clamav-0.104.3/docs/man/clamav-milter.8.in 2022-05-12 22:05:25.031719791 -0600 @@ -27,7 +27,7 @@ Print the version number and exit. Read configuration from FILE. .SH "FILES" - .LP --@CFGDIR@/clamav-milter.conf -+@CFGDIR@/mail/clamav-milter.conf + .LP +-@CONFDIR@/clamav-milter.conf ++@CONFDIR@/mail/clamav-milter.conf .SH "AUTHOR" - .LP + .LP aCaB -diff -up clamav-0.103.0/docs/man/clamav-milter.conf.5.in.default_confs clamav-0.103.0/docs/man/clamav-milter.conf.5.in ---- clamav-0.103.0/docs/man/clamav-milter.conf.5.in.default_confs 2020-09-12 18:27:09.000000000 -0600 -+++ clamav-0.103.0/docs/man/clamav-milter.conf.5.in 2020-09-17 22:00:20.794879808 -0600 +diff -up clamav-0.104.3/docs/man/clamav-milter.conf.5.in.default_confs clamav-0.104.3/docs/man/clamav-milter.conf.5.in +--- clamav-0.104.3/docs/man/clamav-milter.conf.5.in.default_confs 2022-05-12 22:04:42.887348958 -0600 ++++ clamav-0.104.3/docs/man/clamav-milter.conf.5.in 2022-05-12 22:05:48.834929418 -0600 @@ -239,7 +239,7 @@ Default: no All options expressing a size are limited to max 4GB. Values in excess will be reset to the maximum. .SH "FILES" - .LP --@CFGDIR@/clamav-milter.conf -+@CFGDIR@/mail/clamav-milter.conf + .LP +-@CONFDIR@/clamav-milter.conf ++@CONFDIR@/mail/clamav-milter.conf .SH "AUTHOR" - .LP + .LP aCaB -diff -up clamav-0.103.0/docs/man/clamd.8.in.default_confs clamav-0.103.0/docs/man/clamd.8.in ---- clamav-0.103.0/docs/man/clamd.8.in.default_confs 2020-09-12 18:27:09.000000000 -0600 -+++ clamav-0.103.0/docs/man/clamd.8.in 2020-09-17 22:00:20.794879808 -0600 +diff -up clamav-0.104.3/docs/man/clamd.8.in.default_confs clamav-0.104.3/docs/man/clamd.8.in +--- clamav-0.104.3/docs/man/clamd.8.in.default_confs 2022-05-12 22:04:42.888348967 -0600 ++++ clamav-0.104.3/docs/man/clamd.8.in 2022-05-12 22:07:01.657570942 -0600 @@ -7,7 +7,7 @@ clamd \- an anti\-virus daemon clamd [options] .SH "DESCRIPTION" - .LP --The daemon listens for incoming connections on Unix and/or TCP socket and scans files or directories on demand. It reads the configuration from @CFGDIR@/clamd.conf -+The daemon listens for incoming connections on Unix and/or TCP socket and scans files or directories on demand. It reads the configuration from @CFGDIR@/clamd.d/scan.conf + .LP +-The daemon listens for incoming connections on Unix and/or TCP socket and scans files or directories on demand. It reads the configuration from @CONFDIR@/clamd.conf ++The daemon listens for incoming connections on Unix and/or TCP socket and scans files or directories on demand. It reads the configuration from @CONFDIR@/clamd.d/scan.conf .SH "COMMANDS" - .LP + .LP It's recommended to prefix clamd commands with the letter \fBz\fR (eg. zSCAN) to indicate that the command will be delimited by a NULL character and that clamd should continue reading command data until a NULL character is read. The null delimiter assures that the complete command and its entire argument will be processed as a single command. Alternatively commands may be prefixed with the letter \fBn\fR (e.g. nSCAN) to use a newline character as the delimiter. Clamd replies will honour the requested terminator in turn. -@@ -125,7 +125,7 @@ Reload the signature databases. +@@ -133,7 +133,7 @@ Reload the signature databases. Perform a clean exit. .SH "FILES" - .LP --@CFGDIR@/clamd.conf -+@CFGDIR@/clamd.d/scan.conf + .LP +-@CONFDIR@/clamd.conf ++@CONFDIR@/clamd.d/scan.conf .SH "CREDITS" Please check the full documentation for credits. .SH "AUTHOR" -diff -up clamav-0.103.0/docs/man/clamd.conf.5.in.default_confs clamav-0.103.0/docs/man/clamd.conf.5.in ---- clamav-0.103.0/docs/man/clamd.conf.5.in.default_confs 2020-09-17 22:00:20.795879816 -0600 -+++ clamav-0.103.0/docs/man/clamd.conf.5.in 2020-09-17 22:01:21.414353121 -0600 -@@ -759,7 +759,7 @@ Default: no +diff -up clamav-0.104.3/docs/man/clamd.conf.5.in.default_confs clamav-0.104.3/docs/man/clamd.conf.5.in +--- clamav-0.104.3/docs/man/clamd.conf.5.in.default_confs 2022-05-12 22:04:42.889348976 -0600 ++++ clamav-0.104.3/docs/man/clamd.conf.5.in 2022-05-12 22:06:21.800219822 -0600 +@@ -765,7 +765,7 @@ Default: no All options expressing a size are limited to max 4GB. Values in excess will be reset to the maximum. .SH "FILES" .LP --@CFGDIR@/clamd.conf -+@CFGDIR@/clamd.d/scan.conf +-@CONFDIR@/clamd.conf ++@CONFDIR@/clamd.d/scan.conf .SH "AUTHORS" .LP Tomasz Kojm , Kevin Lin -diff -up clamav-0.103.0/platform.h.in.default_confs clamav-0.103.0/platform.h.in ---- clamav-0.103.0/platform.h.in.default_confs 2020-09-17 22:00:20.796879824 -0600 -+++ clamav-0.103.0/platform.h.in 2020-09-17 22:01:56.842629739 -0600 +diff -up clamav-0.104.3/platform.h.in.default_confs clamav-0.104.3/platform.h.in +--- clamav-0.104.3/platform.h.in.default_confs 2022-05-02 00:24:50.000000000 -0600 ++++ clamav-0.104.3/platform.h.in 2022-05-12 22:04:42.891348993 -0600 @@ -112,9 +112,9 @@ typedef unsigned int in_addr_t; #endif diff --git a/clamav-freshclam.service.patch b/clamav-freshclam.service.patch index 2c29f03..24295ce 100644 --- a/clamav-freshclam.service.patch +++ b/clamav-freshclam.service.patch @@ -1,17 +1,12 @@ ---- ./freshclam/clamav-freshclam.service.in.orig 2021-06-14 10:36:39.029730737 +0100 -+++ ./freshclam/clamav-freshclam.service.in 2021-06-14 10:37:53.621423748 +0100 -@@ -2,13 +2,12 @@ +diff -up clamav-0.104.3/freshclam/clamav-freshclam.service.in.freshclam-service clamav-0.104.3/freshclam/clamav-freshclam.service.in +--- clamav-0.104.3/freshclam/clamav-freshclam.service.in.freshclam-service 2022-05-12 22:07:25.472780737 -0600 ++++ clamav-0.104.3/freshclam/clamav-freshclam.service.in 2022-05-12 22:08:06.280140224 -0600 +@@ -2,7 +2,7 @@ Description=ClamAV virus database updater Documentation=man:freshclam(1) man:freshclam.conf(5) https://docs.clamav.net/ # If user wants it run from cron, don't start the daemon. -ConditionPathExists=!/etc/cron.d/clamav-freshclam -+# ConditionPathExists=!/etc/cron.d/clamav-update ++# ConditionPathExists=!/etc/cron.d/clamav-freshclam Wants=network-online.target After=network-online.target - [Service] - ExecStart=@prefix@/bin/freshclam -d --foreground=true --StandardOutput=syslog - - [Install] - WantedBy=multi-user.target diff --git a/clamav-private.patch b/clamav-private.patch new file mode 100644 index 0000000..41dd4c5 --- /dev/null +++ b/clamav-private.patch @@ -0,0 +1,36 @@ +--- clamav-0.99/libclamav.pc.in 2015-09-18 22:48:25.000000000 +0200 ++++ clamav-0.99/libclamav.pc.in.private 2015-12-02 01:30:30.055231319 +0100 +@@ -7,6 +7,6 @@ + Description: A GPL virus scanner + Version: @PACKAGE_VERSION@ + Libs: -L${libdir} -lclamav +-Libs.private: @LIBCLAMAV_LIBS@ ++Libs.private: -L${libdir} -lclamav @LIBCLAMAV_LIBS@ + Cflags: -I${includedir} + +diff -up clamav-1.0.0/clamav-config.in.private clamav-1.0.0/clamav-config.in +--- clamav-1.0.0/clamav-config.in.private 2023-01-22 17:40:01.711757908 -0700 ++++ clamav-1.0.0/clamav-config.in 2023-01-22 18:01:06.188743168 -0700 +@@ -4,7 +4,6 @@ + prefix=@prefix@ + exec_prefix=@exec_prefix@ + includedir=@includedir@ +-libdir=@libdir@ + + usage() + { +@@ -54,12 +54,8 @@ + usage 0 + ;; + +- --cflags) +- echo -I@includedir@ @CFLAGS@ +- ;; +- +- --libs) +- echo -L@libdir@ @LIBCLAMAV_LIBS@ ++ (--cflags|--libs) ++ ${PKG_CONFIG:-pkg-config} "$1" libclamav + ;; + + *) diff --git a/clamav-rpath.patch b/clamav-rpath.patch new file mode 100644 index 0000000..b55cab9 --- /dev/null +++ b/clamav-rpath.patch @@ -0,0 +1,18 @@ +diff -up clamav-1.0.0/CMakeLists.txt.rpath clamav-1.0.0/CMakeLists.txt +--- clamav-1.0.0/CMakeLists.txt.rpath 2023-01-15 22:04:58.217120124 -0700 ++++ clamav-1.0.0/CMakeLists.txt 2023-01-15 22:05:57.121818812 -0700 +@@ -180,14 +180,6 @@ endif() + + include(GNUInstallDirs) + +-if (NOT DEFINED CMAKE_INSTALL_RPATH) +- if(CMAKE_INSTALL_FULL_LIBDIR) +- set(CMAKE_INSTALL_RPATH "${CMAKE_INSTALL_FULL_LIBDIR}") +- else() +- set(CMAKE_INSTALL_RPATH "${CMAKE_INSTALL_PREFIX}/lib") +- endif() +-endif() +- + if("${CMAKE_CXX_COMPILER_ID}" MATCHES "Clang") + set(USING_CLANG ON) + else() diff --git a/clamav-rustflags.patch b/clamav-rustflags.patch new file mode 100644 index 0000000..1f7281e --- /dev/null +++ b/clamav-rustflags.patch @@ -0,0 +1,54 @@ +diff -up clamav-1.0.2/cmake/FindRust.cmake.rustflags clamav-1.0.2/cmake/FindRust.cmake +--- clamav-1.0.2/cmake/FindRust.cmake.rustflags 2023-08-15 16:24:07.000000000 -0600 ++++ clamav-1.0.2/cmake/FindRust.cmake 2023-08-17 21:17:03.957070383 -0600 +@@ -236,7 +236,7 @@ function(add_rust_executable) + # Build the executable. + add_custom_command( + OUTPUT "${OUTPUT}" +- COMMAND ${CMAKE_COMMAND} -E env "CARGO_TARGET_DIR=${ARGS_BINARY_DIRECTORY}" ${cargo_EXECUTABLE} ARGS ${MY_CARGO_ARGS} ++ COMMAND ${CMAKE_COMMAND} -E env "CARGO_TARGET_DIR=${ARGS_BINARY_DIRECTORY}" ${cargo_EXECUTABLE} ${MY_CARGO_ARGS} + WORKING_DIRECTORY "${ARGS_SOURCE_DIRECTORY}" + DEPENDS ${EXE_SOURCES} + COMMENT "Building ${ARGS_TARGET} in ${ARGS_BINARY_DIRECTORY} with:\n\t ${cargo_EXECUTABLE} ${MY_CARGO_ARGS_STRING}") +@@ -287,8 +287,8 @@ function(add_rust_library) + if("${CMAKE_OSX_ARCHITECTURES}" MATCHES "^(arm64;x86_64|x86_64;arm64)$") + add_custom_command( + OUTPUT "${OUTPUT}" +- COMMAND ${CMAKE_COMMAND} -E env "CARGO_CMD=build" "CARGO_TARGET_DIR=${ARGS_BINARY_DIRECTORY}" "MAINTAINER_MODE=${MAINTAINER_MODE}" "RUSTFLAGS=\"${RUSTFLAGS}\"" ${cargo_EXECUTABLE} ARGS ${MY_CARGO_ARGS} --target=x86_64-apple-darwin +- COMMAND ${CMAKE_COMMAND} -E env "CARGO_CMD=build" "CARGO_TARGET_DIR=${ARGS_BINARY_DIRECTORY}" "MAINTAINER_MODE=${MAINTAINER_MODE}" "RUSTFLAGS=\"${RUSTFLAGS}\"" ${cargo_EXECUTABLE} ARGS ${MY_CARGO_ARGS} --target=aarch64-apple-darwin ++ COMMAND ${CMAKE_COMMAND} -E env "CARGO_CMD=build" "CARGO_TARGET_DIR=${ARGS_BINARY_DIRECTORY}" "MAINTAINER_MODE=${MAINTAINER_MODE}" "RUSTFLAGS=${RUSTFLAGS}" ${cargo_EXECUTABLE} ARGS ${MY_CARGO_ARGS} --target=x86_64-apple-darwin ++ COMMAND ${CMAKE_COMMAND} -E env "CARGO_CMD=build" "CARGO_TARGET_DIR=${ARGS_BINARY_DIRECTORY}" "MAINTAINER_MODE=${MAINTAINER_MODE}" "RUSTFLAGS=${RUSTFLAGS}" ${cargo_EXECUTABLE} ARGS ${MY_CARGO_ARGS} --target=aarch64-apple-darwin + COMMAND ${CMAKE_COMMAND} -E make_directory "${ARGS_BINARY_DIRECTORY}/${RUST_COMPILER_TARGET}/${CARGO_BUILD_TYPE}" + COMMAND lipo ARGS -create ${ARGS_BINARY_DIRECTORY}/x86_64-apple-darwin/${CARGO_BUILD_TYPE}/lib${ARGS_TARGET}.a ${ARGS_BINARY_DIRECTORY}/aarch64-apple-darwin/${CARGO_BUILD_TYPE}/lib${ARGS_TARGET}.a -output "${OUTPUT}" + WORKING_DIRECTORY "${ARGS_SOURCE_DIRECTORY}" +@@ -312,7 +312,7 @@ function(add_rust_library) + else() + add_custom_command( + OUTPUT "${OUTPUT}" +- COMMAND ${CMAKE_COMMAND} -E env "CARGO_CMD=build" "CARGO_TARGET_DIR=${ARGS_BINARY_DIRECTORY}" "MAINTAINER_MODE=${MAINTAINER_MODE}" "RUSTFLAGS=\"${RUSTFLAGS}\"" ${cargo_EXECUTABLE} ARGS ${MY_CARGO_ARGS} ++ COMMAND ${CMAKE_COMMAND} -E env "CARGO_CMD=build" "CARGO_TARGET_DIR=${ARGS_BINARY_DIRECTORY}" "MAINTAINER_MODE=${MAINTAINER_MODE}" "RUSTFLAGS=${RUSTFLAGS}" ${cargo_EXECUTABLE} ${MY_CARGO_ARGS} + WORKING_DIRECTORY "${ARGS_SOURCE_DIRECTORY}" + DEPENDS ${LIB_SOURCES} + COMMENT "Building ${ARGS_TARGET} in ${ARGS_BINARY_DIRECTORY} with: ${cargo_EXECUTABLE} ${MY_CARGO_ARGS_STRING}") +@@ -465,8 +465,6 @@ if(NOT "${RUST_COMPILER_TARGET}" MATCHES + list(APPEND CARGO_ARGS "--target" ${RUST_COMPILER_TARGET}) + endif() + +-set(RUSTFLAGS "") +- + if(NOT CMAKE_BUILD_TYPE) + set(CARGO_BUILD_TYPE "debug") + elseif(${CMAKE_BUILD_TYPE} STREQUAL "Release" OR ${CMAKE_BUILD_TYPE} STREQUAL "MinSizeRel") +@@ -475,10 +473,11 @@ elseif(${CMAKE_BUILD_TYPE} STREQUAL "Rel + elseif(${CMAKE_BUILD_TYPE} STREQUAL "RelWithDebInfo") + set(CARGO_BUILD_TYPE "release") + list(APPEND CARGO_ARGS "--release") +- set(RUSTFLAGS "-g") ++ string(APPEND RUSTFLAGS " -g") + else() + set(CARGO_BUILD_TYPE "debug") + endif() ++string(STRIP "${RUSTFLAGS}" RUSTFLAGS) + + find_package_handle_standard_args(Rust + REQUIRED_VARS cargo_EXECUTABLE diff --git a/clamav-stats-deprecation.patch b/clamav-stats-deprecation.patch deleted file mode 100644 index a12f138..0000000 --- a/clamav-stats-deprecation.patch +++ /dev/null @@ -1,17 +0,0 @@ -diff -up clamav-0.102.0/shared/optparser.c.stats-deprecation clamav-0.102.0/shared/optparser.c ---- clamav-0.102.0/shared/optparser.c.stats-deprecation 2019-10-10 21:55:31.245995091 -0600 -+++ clamav-0.102.0/shared/optparser.c 2019-10-11 20:40:04.580067432 -0600 -@@ -524,6 +524,13 @@ const struct clam_option __clam_options[ - {"ArchiveLimitMemoryUsage", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, -1, NULL, 0, OPT_CLAMD | OPT_DEPRECATED, "", ""}, - {"MailFollowURLs", "mail-follow-urls", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, -1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN | OPT_DEPRECATED, "", ""}, - {"AllowSupplementaryGroups", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_MILTER | OPT_DEPRECATED, "Initialize a supplementary group access (the process must be started by root).", "no"}, -+ {"StatsHostID", "stats-host-id", 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_CLAMD | OPT_CLAMSCAN | OPT_DEPRECATED, "", "" }, -+ {"StatsEnabled", "enable-stats", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_CLAMSCAN | OPT_DEPRECATED, "", ""}, -+ {"StatsPEDisabled", "disable-pe-stats", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN | OPT_DEPRECATED, "", ""}, -+ {"StatsTimeout", "stats-timeout", 0, CLOPT_TYPE_NUMBER, MATCH_NUMBER, -1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN | OPT_FRESHCLAM | OPT_DEPRECATED, "", ""}, -+ {"SubmitDetectionStats", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_DEPRECATED, "", ""}, -+ {"DetectionStatsCountry", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_DEPRECATED, "", ""}, -+ {"DetectionStatsHostID", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_DEPRECATED, "", ""}, - {"ScanOnAccess", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, -1, NULL, 0, OPT_CLAMD | OPT_DEPRECATED, "", ""}, - - /* Milter specific options */ diff --git a/clamav-types.h b/clamav-types.h new file mode 100644 index 0000000..ffa83b7 --- /dev/null +++ b/clamav-types.h @@ -0,0 +1,14 @@ +#ifndef CLAMAV_TYPES_H_MULTILIB +#define CLAMAV_TYPES_H_MULTILIB + +#include + +#if __WORDSIZE == 32 +# include "clamav-types-32.h" +#elif __WORDSIZE == 64 +# include "clamav-types-64.h" +#else +# error "unexpected value for __WORDSIZE macro" +#endif + +#endif diff --git a/clamav.spec b/clamav.spec index 89f6b9e..0fa3103 100644 --- a/clamav.spec +++ b/clamav.spec @@ -1,26 +1,18 @@ -#global prerelease rc1 +#global prerelease -rc2 %global _hardened_build 1 ## Fedora specific customization below... %bcond_without clamonacc %bcond_with unrar -%ifnarch ppc64 -%bcond_without llvm -%else -%bcond_with llvm -%endif +# Failing with llvm 14 https://github.com/Cisco-Talos/clamav/issues/581 +%bcond_with llvm -%if 0%{?fedora} || 0%{?rhel} >= 8 -%bcond_with old_freshclam +# No ocaml on ix86 +%ifarch %{ix86} +%bcond_with ocaml %else -%bcond_without old_freshclam -%endif - -%ifnarch s390 s390x -%global have_ocaml 1 -%else -%global have_ocaml 0 +%bcond_without ocaml %endif %global scanuser clamscan @@ -33,8 +25,8 @@ Summary: End-user tools for the Clam Antivirus scanner Name: clamav -Version: 0.103.11 -Release: 2%{?dist} +Version: 1.0.6 +Release: 1%{?dist} License: %{?with_unrar:proprietary}%{!?with_unrar:GPLv2} URL: https://www.clamav.net/ %if %{with unrar} @@ -46,69 +38,96 @@ Source999: https://www.clamav.net/downloads/production/%{name}-%{version}%{?pre # tarball was created with update_clamav.sh Source0: %{name}-%{version}%{?prerelease}-norar.tar.xz %endif +# Multilib headers +Source1: clamav-types.h #for server Source3: clamd.logrotate Source5: clamd-README -# To download the cvd file run update_clamav.sh 1 -# Need file >= 5.33-7 see https://bugzilla.redhat.com/show_bug.cgi?id=1539107 +# To download the *.cvd, go to https://www.clamav.net and use the links +# there (I renamed the files to add the -version suffix for verifying). +# Check the first line of the file for version or run file *cvd +# Attention file < 5.33-7 have bugs see https://bugzilla.redhat.com/show_bug.cgi?id=1539107 #http://database.clamav.net/main.cvd Source10: main-62.cvd #http://database.clamav.net/daily.cvd -Source11: daily-27075.cvd +Source11: daily-27285.cvd #http://database.clamav.net/bytecode.cvd -Source12: bytecode-334.cvd +Source12: bytecode-335.cvd #for update Source200: freshclam-sleep Source201: freshclam.sysconfig Source202: clamav-update.crond Source203: clamav-update.logrotate #for milter -Source300: README.fedora +Source300: README.fedora.md #for clamav-milter.systemd Source330: clamav-milter.systemd #for scanner-systemd/server-systemd Source530: clamd@.service -# Restore some options removed in 0.100 as deprecated -# Could be dropped in F32 with a note -# https://bugzilla.redhat.com/show_bug.cgi?id=1565381#c1 -Patch0: clamav-stats-deprecation.patch +# Accept RUSTFLAGS +# https://github.com/Cisco-Talos/clamav/pull/835 +Patch0: clamav-rustflags.patch # Change default config locations for Fedora Patch1: clamav-default_confs.patch # Fix pkg-config flags for static linking, multilib -Patch2: clamav-0.99-private.patch +Patch2: clamav-private.patch +# Remove rpath +Patch3: clamav-rpath.patch # Modify clamav-clamonacc.service for Fedora compatibility Patch5: clamav-clamonacc-service.patch - +# Allow freshclam service to run if cron.d file is present Patch6: clamav-freshclam.service.patch +# Debian patch to fix big-endian +Patch7: https://salsa.debian.org/clamav-team/clamav/-/raw/unstable/debian/patches/libclamav-pe-Use-endian-wrapper-in-more-places.patch -BuildRequires: autoconf -BuildRequires: automake +BuildRequires: cmake3 BuildRequires: gettext-devel -BuildRequires: libtool -BuildRequires: libtool-ltdl-devel BuildRequires: make BuildRequires: gcc-c++ +BuildRequires: rust +%if 0%{?fedora} || 0%{?rhel} >= 9 +BuildRequires: rust-packaging +%else +# Undefining the appropriate __cmake*_in_source_build macro causes the +# build to use a separate build path, so the build does not output to +# the source path. This separate build path is the default behavior +# for >=EL9 and fedora. +%if 0%{?rhel} == 8 +# EL8 defines cmake_in_source_build +%undefine __cmake_in_source_build +%else +# EL7 defines cmake3_in_source_build +%undefine __cmake3_in_source_build +%endif +BuildRequires: rust-toolset +%endif +BuildRequires: cargo +BuildRequires: rust-srpm-macros BuildRequires: bzip2-devel +BuildRequires: check-devel BuildRequires: curl-devel +BuildRequires: git-core BuildRequires: gmp-devel BuildRequires: json-c-devel BuildRequires: libprelude-devel # libprelude-config --libs brings in gnutls, pcre # https://bugzilla.redhat.com/show_bug.cgi?id=1830473 BuildRequires: gnutls-devel -BuildRequires: pcre2-devel BuildRequires: libxml2-devel BuildRequires: ncurses-devel BuildRequires: openssl-devel BuildRequires: pcre2-devel +# Explicitly needed on EL8 +BuildRequires: python3 +BuildRequires: python3-pytest BuildRequires: zlib-devel #BuildRequires: %%{_includedir}/tcpd.h BuildRequires: bc BuildRequires: tcl BuildRequires: groff BuildRequires: graphviz -%{?have_ocaml:BuildRequires: ocaml} +%{?with_ocaml:BuildRequires: ocaml} # nc required for tests BuildRequires: nc %{?systemd_requires} @@ -117,6 +136,9 @@ BuildRequires: systemd-devel BuildRequires: systemd-rpm-macros #for milter BuildRequires: sendmail-devel +%ifarch %{valgrind_arches} +BuildRequires: valgrind +%endif Requires: clamav-filesystem = %{version}-%{release} Requires: clamav-lib = %{version}-%{release} @@ -191,26 +213,24 @@ BuildArch: noarch This package contains the documentation for clamav. -%package update +%package freshclam Summary: Auto-updater for the Clam Antivirus scanner data-files Requires: clamav-filesystem = %{version}-%{release} Requires: clamav-lib = %{version}-%{release} -%if %{with old_freshclam} -Requires: crontabs -Requires: /etc/cron.d -Requires(post): %{__chown} %{__chmod} +%if 0%{?fedora} || 0%{?rhel} >= 8 +Supplements:clamd %endif Provides: data(clamav) = empty Provides: clamav-data-empty = %{version}-%{release} Obsoletes: clamav-data-empty < %{version}-%{release} +Provides: clamav-update = %{version}-%{release} +Obsoletes: clamav-update < %{version}-%{release} -%description update -This package contains programs which can be used to update the clamav -anti-virus database automatically. It uses the freshclam(1) utility for -this task. To activate it use, uncomment the entry in /etc/cron.d/clamav-update. -Use this package when you go updating the virus database regulary and -do not want to download a >160MB sized rpm-package with outdated virus -definitions. +%description freshclam +This package contains the freshclam(1) program and clamav-freshclam +service which can be used to update the clamav anti-virus database +automatically. Most users should install this package in order to +keep their definitions up to date. %package -n clamd @@ -250,15 +270,25 @@ This package contains files which are needed to run the clamav-milter. %prep %setup -q -n %{name}-%{version}%{?prerelease} - -# No longer support deprecated options in F32+ and EL8+ -%if (0%{?fedora} && 0%{?fedora} < 32) || (0%{?rhel} && 0%{?rhel} < 8) -%patch -P0 -p1 -b .stats-deprecation +%if 0%{?fedora} || 0%{?rhel} >= 9 +# EL8 and earlier do not have the Rust cargo dependencies that are +# defined by the generate_buildrequires stage in EL9 and later, so the +# vendored packages included in the ClamAV sources suffice. +sed -i -e '/cbindgen/s/version = *"0.20"/version = "0.24"/' -e '/^bindgen *=/s/= .*/= "0.63"/' libclamav_rust/Cargo.toml +%cargo_prep +cd libclamav_rust +rm -r .cargo +%cargo_prep +cd .. %endif + +%patch -P0 -p1 -b .rustflags %patch -P1 -p1 -b .default_confs %patch -P2 -p1 -b .private +%patch -P3 -p1 -b .rpath %patch -P5 -p1 -b .clamonacc-service %patch -P6 -p1 -b .freshclam-service +%patch -P7 -p1 -b .big-endian install -p -m0644 %{SOURCE300} clamav-milter/ @@ -266,47 +296,49 @@ mkdir -p libclamunrar{,_iface} %{!?with_unrar:touch libclamunrar/{Makefile.in,all,install}} +%if 0%{?fedora} || 0%{?rhel} >= 9 +%generate_buildrequires +# The generate_buildrequires stage doesn't exist prior to EL9, so this +# section is conditionally removed in these build environments. +cd libclamav_rust +%cargo_generate_buildrequires +%endif + + %build # add -Wl,--as-needed if not exist export LDFLAGS=$(echo %{?__global_ldflags} | sed '/-Wl,--as-needed/!s/$/ -Wl,--as-needed/') # IPv6 check is buggy and does not work when there are no IPv6 interface on build machine export have_cv_ipv6=yes -rm -rf libltdl autom4te.cache Makefile.in -autoreconf -i -%configure \ - --enable-milter \ - --disable-clamav \ - --disable-static \ - --disable-zlib-vcheck \ - %{!?with_unrar:--disable-unrar} \ - --enable-id-check \ - --enable-dns \ - --with-dbdir=%{homedir} \ - --with-group=%{updateuser} \ - --with-user=%{updateuser} \ - --disable-rpath \ - --disable-silent-rules \ - --enable-clamdtop \ - --enable-prelude \ - %{!?with_clamonacc:--disable-clamonacc} \ - %{!?with_llvm:--disable-llvm} +%cmake3 \ +%if 0%{?fedora} || 0%{?rhel} >= 8 + -DRUSTFLAGS="%build_rustflags" \ +%else + -DRUSTFLAGS="%__global_rustflags" \ +%endif + -DAPP_CONFIG_DIRECTORY=%{_sysconfdir} \ + -DCMAKE_INSTALL_DOCDIR=%{_pkgdocdir} \ + -DCLAMAV_USER=%{updateuser} -DCLAMAV_GROUP=%{updateuser} \ + -DDATABASE_DIRECTORY=%{homedir} \ + %{!?with_clamonacc:-DENABLE_CLAMONACC=OFF} \ + %{?with_llvm:-DBYTECODE_RUNTIME=llvm -D LLVM_FIND_VERSION="3.6.0"} \ + %{!?with_unrar:-DENABLE_UNRAR=OFF} # TODO: check periodically that CLAMAVUSER is used for freshclam only -%make_build +%cmake3_build %install -%make_install +rm -rf _doc* +%cmake3_install install -d -m 0755 \ %{buildroot}%{_tmpfilesdir} \ %{buildroot}%{homedir} \ %{buildroot}%{quarantinedir} -rm -f %{buildroot}%{_libdir}/*.la - ### data install -D -m 0644 -p %{SOURCE10} %{buildroot}%{homedir}/main.cvd install -D -m 0644 -p %{SOURCE11} %{buildroot}%{homedir}/daily.cvd @@ -322,15 +354,6 @@ mv %{buildroot}%{_sysconfdir}/freshclam.conf{.sample,} # Can contain HTTPProxyPassword (bugz#1733112) chmod 600 %{buildroot}%{_sysconfdir}/freshclam.conf -%if %{with old_freshclam} -install -d -m 0755 %{buildroot}%{_var}/log -install -d -m 0755 %{buildroot}%{_sysconfdir}/logrotate.d -install -D -p -m 0755 %{SOURCE200} %{buildroot}%{_datadir}/%{name}/freshclam-sleep -install -D -p -m 0644 %{SOURCE201} %{buildroot}%{_sysconfdir}/sysconfig/freshclam -install -D -p -m 0600 %{SOURCE202} %{buildroot}%{_sysconfdir}/cron.d/clamav-update -install -D -m 0644 -p %{SOURCE203} %{buildroot}%{_sysconfdir}/logrotate.d/clamav-update -%endif - ### The scanner stuff install -D -m 0644 -p %{SOURCE3} _doc_server/clamd.logrotate install -D -m 0644 -p %{SOURCE5} _doc_server/README @@ -381,12 +404,24 @@ cat << EOF > %{buildroot}%{_tmpfilesdir}/clamav-milter.conf d %{_rundir}/clamav-milter 0710 %{milteruser} %{milteruser} EOF +#Fixup headers and scripts for multilib +%if 0%{?__isa_bits} == 64 +mv %{buildroot}%{_includedir}/clamav-types.h \ + %{buildroot}%{_includedir}/clamav-types-64.h +%else +mv %{buildroot}%{_includedir}/clamav-types.h \ + %{buildroot}%{_includedir}/clamav-types-32.h +%endif +install -m 0644 %SOURCE1 %{buildroot}%{_includedir}/clamav-types.h + # TODO: Evaluate using upstream's unit with clamav-daemon.socket rm %{buildroot}%{_unitdir}/clamav-daemon.* %check -make check +%ctest3 -- -E valgrind +# valgrind tests fail https://github.com/Cisco-Talos/clamav/issues/584 +%ctest3 -- -R valgrind || : %post @@ -399,6 +434,17 @@ make check %systemd_postun_with_restart clamav-clamonacc.service +%post data +# nullglob. If set, Bash allows filename patterns which match no files to expand to a null string, rather than themselves +shopt -s nullglob +# Let newer .cld files take precedence over the shipped .cvd files +for f in %{homedir}/*.cld +do + cvd=${f/.cld/.cvd} + [ -f $f -a $f -nt $cvd ] && rm -f $cvd || : +done + + %pre filesystem getent group %{updateuser} >/dev/null || groupadd -r %{updateuser} getent passwd %{updateuser} >/dev/null || \ @@ -422,12 +468,6 @@ exit 0 [ -L /etc/systemd/system/multi-user.target.wants/clamd@scan.service ] && ln -sf /usr/lib/systemd/system/clamd@.service /etc/systemd/system/multi-user.target.wants/clamd@scan.service || : %systemd_post clamd@scan.service -%if 0%{?rhel} -if [ $1 -eq 1 ] && [ -x /usr/bin/systemctl ]; then -# Initial installation -/bin/systemd-tmpfiles --create %{_tmpfilesdir}/clamd.scan.conf -fi -%endif %preun -n clamd %systemd_preun clamd@scan.service @@ -451,12 +491,6 @@ exit 0 %post milter %systemd_post clamav-milter.service -%if 0%{?rhel} -if [ $1 -eq 1 ] && [ -x /usr/bin/systemctl ]; then -# Initial installation -/bin/systemd-tmpfiles --create %{_tmpfilesdir}/clamav-milter.conf || : -fi -%endif %preun milter %systemd_preun clamav-milter.service @@ -464,28 +498,13 @@ fi %postun milter %systemd_postun_with_restart clamav-milter.service -%post update -%if %{with old_freshclam} -test -e %{freshclamlog} || { - touch %{freshclamlog} - %{__chmod} 0664 %{freshclamlog} - %{__chown} root:%{updateuser} %{freshclamlog} - ! test -x /sbin/restorecon || /sbin/restorecon %{freshclamlog} -} -#%%else -#if [ $1 -eq 2 ] ; then -# echo "Warning: clamav-update package changed" -# echo "Now we provide clamav-freshclam.service systemd unit instead old scripts and the cron.d entry." -# echo "Unfortunately this may break existing unattended installations." -# echo "Please run 'systemctl enable clamav-freshclam --now' to enable freshclam updates again." -#fi -%endif +%post freshclam %systemd_post clamav-freshclam.service -%preun update +%preun freshclam %systemd_preun clamav-freshclam.service -%postun update +%postun freshclam %systemd_postun_with_restart clamav-freshclam.service %ldconfig_scriptlets lib @@ -514,10 +533,10 @@ test -e %{freshclamlog} || { %files lib -%{_libdir}/libclamav.so.9* +%{_libdir}/libclamav.so.11* %{_libdir}/libclammspack.so.0* %if %{with unrar} -%{_libdir}/libclamunrar*.so.9* +%{_libdir}/libclamunrar*.so.11* %endif @@ -545,27 +564,22 @@ test -e %{freshclamlog} || { %files doc %license COPYING -%doc docs/html +%{_pkgdocdir}/html/ -%files update +%files freshclam %{_bindir}/freshclam %{_libdir}/libfreshclam.so.2* %{_mandir}/*/freshclam* %{_unitdir}/clamav-freshclam.service %config(noreplace) %verify(not mtime) %{_sysconfdir}/freshclam.conf -%if %{with old_freshclam} -%{_datadir}/%{name}/freshclam-sleep -%config(noreplace) %{_sysconfdir}/cron.d/clamav-update -%config(noreplace) %{_sysconfdir}/sysconfig/freshclam -%config(noreplace) %verify(not mtime) %{_sysconfdir}/logrotate.d/* -# freshclamlog file is created in post -%ghost %attr(0664,root,%{updateuser}) %verify(not size md5 mtime) %{freshclamlog} -%endif -%ghost %attr(0644,%{updateuser},%{updateuser}) %{homedir}/main.cvd +%ghost %attr(0644,%{updateuser},%{updateuser}) %{homedir}/bytecode.cld +%ghost %attr(0644,%{updateuser},%{updateuser}) %{homedir}/bytecode.cvd %ghost %attr(0644,%{updateuser},%{updateuser}) %{homedir}/freshclam.dat %ghost %attr(0644,%{updateuser},%{updateuser}) %{homedir}/daily.cld -%ghost %attr(0644,%{updateuser},%{updateuser}) %{homedir}/bytecode.cld +%ghost %attr(0644,%{updateuser},%{updateuser}) %{homedir}/daily.cvd +%ghost %attr(0644,%{updateuser},%{updateuser}) %{homedir}/main.cld +%ghost %attr(0644,%{updateuser},%{updateuser}) %{homedir}/main.cvd %files -n clamd @@ -578,7 +592,7 @@ test -e %{freshclamlog} || { %files milter -%doc clamav-milter/README.fedora +%doc clamav-milter/README.fedora.md %{_sbindir}/*milter* %{_unitdir}/clamav-milter.service %{_mandir}/man8/clamav-milter* @@ -588,6 +602,51 @@ test -e %{freshclamlog} || { %changelog +* Fri Apr 26 2024 Orion Poplawski - 1.0.6-1 +- Update to 1.0.6 + + * Mon Apr 08 2024 Sérgio Basto - 1.0.5-5 + - Update clamav-data and README.fedora.md + + * Thu Apr 04 2024 John Sullivan - 1.0.5-4 + - Update EPEL 7 and 8 support for 1.0.5 + + * Sat Mar 16 2024 Sérgio Basto - 1.0.5-3 + - (#1679375) fixes syntax error in /etc/logrotate.d/clamd.exim + + * Tue Mar 05 2024 Sérgio Basto - 1.0.5-2 + - set nullblog to fix post script (#2253914) + - Properly check valgrind arches + + * Thu Feb 08 2024 Orion Poplawski - 1.0.5-1 + - Update to 1.0.5 + + * Tue Jan 23 2024 Fedora Release Engineering - 1.0.4-3 + - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + + * Fri Jan 19 2024 Fedora Release Engineering - 1.0.4-2 + - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + + * Sun Oct 29 2023 Orion Poplawski - 1.0.4-1 + - Update to 1.0.4 + - Remove docs again from main package (bz#2230512) + + * Fri Aug 18 2023 Orion Poplawski - 1.0.2-1 + - Update to 1.0.2 CVE-2023-20197 (bz#2232508) + + * Wed Jul 19 2023 Fedora Release Engineering - 1.0.1-5 + - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + + * Mon Feb 27 2023 Orion Poplawski - 1.0.1-4 + - Mark cvd files is clamav-data as %%config(noreplace) (bz#2170876) + - Rename clamav-update to clamav-freshclam + - Make clamav-freshclam supplement clamd + - Have clamav-freshclam ghost all of the .cld and .cvd files + - Update data files with help of Cisco-Talos/cvdupdate + - Update to 1.0.1 + - Make sure RUSTFLAGS are passed to rustc (bz#2167194) + - Fix multilib install + * Mon Mar 18 2024 Sérgio Basto - 0.103.11-2 - (#1679375) fixes syntax error in /etc/logrotate.d/clamd.exim diff --git a/libclamav-pe-Use-endian-wrapper-in-more-places.patch b/libclamav-pe-Use-endian-wrapper-in-more-places.patch new file mode 100644 index 0000000..3053713 --- /dev/null +++ b/libclamav-pe-Use-endian-wrapper-in-more-places.patch @@ -0,0 +1,91 @@ +From 5a7b1cdfadc980fb1c4fa32e6275e7c96a963110 Mon Sep 17 00:00:00 2001 +From: Sebastian Andrzej Siewior +Date: Fri, 6 Jan 2023 21:42:30 +0100 +Subject: libclamav/pe: Use endian wrapper in more places. + +A few user of VirtualAddress and Size in cli_exe_info::pe_image_data_dir +don't use the endian wrapper while other places do. This leads to +testsuite failures on big endian machines. + +Use the endian wrapper in all places across pe.c for the two members. + +Patch-Name: libclamav-pe-Use-endian-wrapper-in-more-places.patch +Signed-off-by: Sebastian Andrzej Siewior +--- + libclamav/pe.c | 18 +++++++++--------- + 1 file changed, 9 insertions(+), 9 deletions(-) + +diff --git a/libclamav/pe.c b/libclamav/pe.c +index f5dcea9..19cd2d4 100644 +--- a/libclamav/pe.c ++++ b/libclamav/pe.c +@@ -2422,22 +2422,22 @@ static cl_error_t hash_imptbl(cli_ctx *ctx, unsigned char **digest, uint32_t *im + + /* If the PE doesn't have an import table then skip it. This is an + * uncommon case but can happen. */ +- if (peinfo->dirs[1].VirtualAddress == 0 || peinfo->dirs[1].Size == 0) { ++ if (EC32(peinfo->dirs[1].VirtualAddress) == 0 || EC32(peinfo->dirs[1].Size) == 0) { + cli_dbgmsg("scan_pe: import table data dir does not exist (skipping .imp scanning)\n"); + status = CL_BREAK; + goto done; + } + + // TODO Add EC32 wrappers +- impoff = cli_rawaddr(peinfo->dirs[1].VirtualAddress, peinfo->sections, peinfo->nsections, &err, fsize, peinfo->hdr_size); +- if (err || impoff + peinfo->dirs[1].Size > fsize) { ++ impoff = cli_rawaddr(EC32(peinfo->dirs[1].VirtualAddress), peinfo->sections, peinfo->nsections, &err, fsize, peinfo->hdr_size); ++ if (err || impoff + EC32(peinfo->dirs[1].Size) > fsize) { + cli_dbgmsg("scan_pe: invalid rva for import table data\n"); + status = CL_BREAK; + goto done; + } + + // TODO Add EC32 wrapper +- impdes = (const struct pe_image_import_descriptor *)fmap_need_off(map, impoff, peinfo->dirs[1].Size); ++ impdes = (const struct pe_image_import_descriptor *)fmap_need_off(map, impoff, EC32(peinfo->dirs[1].Size)); + if (impdes == NULL) { + cli_dbgmsg("scan_pe: failed to acquire fmap buffer\n"); + status = CL_EREAD; +@@ -2447,7 +2447,7 @@ static cl_error_t hash_imptbl(cli_ctx *ctx, unsigned char **digest, uint32_t *im + + /* Safety: We can trust peinfo->dirs[1].Size only because `fmap_need_off()` (above) + * would have failed if the size exceeds the end of the fmap. */ +- left = peinfo->dirs[1].Size; ++ left = EC32(peinfo->dirs[1].Size); + + if (genhash[CLI_HASH_MD5]) { + hashctx[CLI_HASH_MD5] = cl_hash_init("md5"); +@@ -2546,7 +2546,7 @@ static cl_error_t hash_imptbl(cli_ctx *ctx, unsigned char **digest, uint32_t *im + + done: + if (needed_impoff) { +- fmap_unneed_off(map, impoff, peinfo->dirs[1].Size); ++ fmap_unneed_off(map, impoff, EC32(peinfo->dirs[1].Size)); + } + + for (type = CLI_HASH_MD5; type < CLI_HASH_AVAIL_TYPES; type++) { +@@ -3250,7 +3250,7 @@ int cli_scanpe(cli_ctx *ctx) + + /* Trojan.Swizzor.Gen */ + if (SCAN_HEURISTICS && (DCONF & PE_CONF_SWIZZOR) && peinfo->nsections > 1 && fsize > 64 * 1024 && fsize < 4 * 1024 * 1024) { +- if (peinfo->dirs[2].Size) { ++ if (EC32(peinfo->dirs[2].Size)) { + struct swizz_stats *stats = cli_calloc(1, sizeof(*stats)); + unsigned int m = 1000; + ret = CL_CLEAN; +@@ -5292,13 +5292,13 @@ cl_error_t cli_peheader(fmap_t *map, struct cli_exe_info *peinfo, uint32_t opts, + cli_dbgmsg("EntryPoint offset: 0x%x (%d)\n", peinfo->ep, peinfo->ep); + } + +- if (is_dll || peinfo->ndatadirs < 3 || !peinfo->dirs[2].Size) ++ if (is_dll || peinfo->ndatadirs < 3 || !EC32(peinfo->dirs[2].Size)) + peinfo->res_addr = 0; + else + peinfo->res_addr = EC32(peinfo->dirs[2].VirtualAddress); + + while (opts & CLI_PEHEADER_OPT_EXTRACT_VINFO && +- peinfo->ndatadirs >= 3 && peinfo->dirs[2].Size) { ++ peinfo->ndatadirs >= 3 && EC32(peinfo->dirs[2].Size)) { + struct vinfo_list vlist; + const uint8_t *vptr, *baseptr; + uint32_t rva, res_sz; diff --git a/sources b/sources index fe684f4..db391df 100644 --- a/sources +++ b/sources @@ -1,4 +1,4 @@ -SHA512 (clamav-0.103.11-norar.tar.xz) = a215a48be417d351353babf8a54778f35a2ce88c8b90431f983d890a1cfa19715896bab7655c5fa50961997861884a09193e1a0da76dc22817b9b144b400778f +SHA512 (clamav-1.0.6-norar.tar.xz) = 8e056ec657f379a5de3cd62dfb90dfc9bac5814497ee8e917484b4203f04d5765b23691415b11eafbd084d1e55c6c864b7424e82a760993765194360d0acb609 SHA512 (main-62.cvd) = b52e5d9ecacbd9b11c3b0cc460388746fccb353a7520522ed15ee25f645a432bed5be7e6b38512f134f085eb9be76a1e26c19de8b09491d4ec46da8c5afc318e -SHA512 (daily-27075.cvd) = 4cc826f58a45ceb28faba4bf7dd9f8c5ec47f5c0467e73c70d76f415ba3e36cb8585c8924fad59e8818a6e33499744e04378adc27abcca018d2b5ece4cd6a52f -SHA512 (bytecode-334.cvd) = 83478af4e097b4b3fe136c943d3dd018f3e678c6859873dc1aef527db40a018b77439be2113ac251dfb797074ef8c201336570c3fe03c7ac507d5b94ab6d61c9 +SHA512 (daily-27285.cvd) = c8cf2aa70c18c577754226b4777a250f9c0a09afe5dd9fcf5150e0642d093094b022e5441885017bae9a06255b72b16cf5da4e937bcd314c99adda9b0d711b14 +SHA512 (bytecode-335.cvd) = 9177c0533658b21584de0623ff9b7c70b2ec92ce9f6fecf98a881902c98025930430415715e9914ce7c0c6fb91aad532b4c907677c3010a0da47583b7ad24d4f diff --git a/update_clamav.sh b/update_clamav.sh index aaf9897..2c34016 100755 --- a/update_clamav.sh +++ b/update_clamav.sh @@ -1,6 +1,5 @@ -# this script is to run on branch f37 -VERSION=0.103.11 -REPOS="epel8 epel7" +VERSION=1.0.6 +REPOS="f40 f39 f38 epel9" if [ -z "$1" ] then @@ -30,38 +29,18 @@ wget -c https://www.clamav.net/downloads/production/${TARBALL} wget -c https://www.clamav.net/downloads/production/${TARBALL}.sig gpg --verify ${TARBALL}.sig ${TARBALL} zcat ${TARBALL} | tar --delete -f - '*/libclamunrar/*' | xz -c > ${TARBALL_CLEAN} -git checkout f37 +git checkout rawhide git pull rpmdev-bumpspec -n $VERSION -c "Update to $VERSION" clamav.spec fi fi -#python3 -m pip install --user cvdupdate -#python -m cvdupdate.cvdupdate --help -cvd config set --dbdir my_dbs -cvdupdate list -cvdupdate update -pushd my_dbs -main_ver=$(file main.cvd | sed -e 's/.*version /main-/;s/,.*/.cvd/') -daily_ver=$(file daily.cvd | sed -e 's/.*version /daily-/;s/,.*/.cvd/') -bytecode_ver=$(file bytecode.cvd | sed -e 's/.*version /bytecode-/;s/,.*/.cvd/') -popd - if test $stage -le 1 then echo STAGE 1 echo Press enter convert cvd into spec or n to skip ; read dummy; if [[ "$dummy" != "n" ]]; then - -pushd my_dbs -cp -f main.cvd ../$main_ver -cp -f daily.cvd ../$daily_ver -cp -f bytecode.cvd ../$bytecode_ver -popd - -sed -i "s|^Source10: .*|Source10: $main_ver|" clamav.spec -sed -i "s|^Source11: .*|Source11: $daily_ver|" clamav.spec -sed -i "s|^Source12: .*|Source12: $bytecode_ver|" clamav.spec +./update_clamav_data.sh fi fi @@ -84,7 +63,7 @@ fi if test $stage -le 3 then echo STAGE 3 -echo Press enter to build f37 or n to skip; read dummy; +echo Press enter to build rawhide or n to skip; read dummy; if [[ "$dummy" != "n" ]]; then git push && fedpkg build --nowait fi @@ -94,7 +73,7 @@ echo STAGE 4 for repo in $REPOS ; do echo Press enter to build on branch $repo or n to skip; read dummy; if [[ "$dummy" != "n" ]]; then -git checkout $repo && git merge f37 && fedpkg push && fedpkg build --nowait; git checkout f37 +git checkout $repo && git merge rawhide && fedpkg push && fedpkg build --nowait; git checkout rawhide fi done diff --git a/update_clamav_data.sh b/update_clamav_data.sh new file mode 100755 index 0000000..94734df --- /dev/null +++ b/update_clamav_data.sh @@ -0,0 +1,20 @@ +# dnf install python3-cvdupdate +# python -m cvdupdate.cvdupdate --help +cvd config set --dbdir my_dbs +cvdupdate list +cvdupdate update +pushd my_dbs +main_ver=$(file main.cvd | sed -e 's/.*version /main-/;s/,.*/.cvd/') +daily_ver=$(file daily.cvd | sed -e 's/.*version /daily-/;s/,.*/.cvd/') +bytecode_ver=$(file bytecode.cvd | sed -e 's/.*version /bytecode-/;s/,.*/.cvd/') +popd + +pushd my_dbs +cp -f main.cvd ../$main_ver +cp -f daily.cvd ../$daily_ver +cp -f bytecode.cvd ../$bytecode_ver +popd + +sed -i "s|^Source10: .*|Source10: $main_ver|" clamav.spec +sed -i "s|^Source11: .*|Source11: $daily_ver|" clamav.spec +sed -i "s|^Source12: .*|Source12: $bytecode_ver|" clamav.spec