From d74f556fea58eb6e0bc032e2349db419205ca99b Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Tue, 28 Jan 2020 14:06:47 +0000 Subject: [PATCH 1/7] - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- clamav.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/clamav.spec b/clamav.spec index 1d72ea2..0c592cb 100644 --- a/clamav.spec +++ b/clamav.spec @@ -34,7 +34,7 @@ Summary: End-user tools for the Clam Antivirus scanner Name: clamav Version: 0.101.5 -Release: 7%{?dist} +Release: 8%{?dist} License: %{?with_unrar:proprietary}%{!?with_unrar:GPLv2} URL: https://www.clamav.net/ %if %{with unrar} @@ -518,6 +518,9 @@ test -e %milterlog || { %changelog +* Tue Jan 28 2020 Fedora Release Engineering - 0.101.5-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + * Mon Jan 27 2020 Sérgio Basto - 0.101.5-7 - More cleanups - Remove llvm-glibc.patch (upstream already fixed it) From 53394fefe4fdcb5094567f0ed198bdd245986427 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9rgio=20M=2E=20Basto?= Date: Fri, 31 Jan 2020 05:09:12 +0000 Subject: [PATCH 2/7] Cleanups --- clamav-clean.sh | 4 +--- clamav.spec | 14 -------------- 2 files changed, 1 insertion(+), 17 deletions(-) diff --git a/clamav-clean.sh b/clamav-clean.sh index 2921592..86eb352 100755 --- a/clamav-clean.sh +++ b/clamav-clean.sh @@ -1,4 +1,4 @@ -VERSION=0.101.4 +VERSION=0.101.5 NAME=clamav TARBALL_CLEAN=${NAME}-${VERSION}-norar.tar.xz TARBALL=${NAME}-${VERSION}.tar.gz @@ -6,6 +6,4 @@ TARBALL=${NAME}-${VERSION}.tar.gz wget https://www.clamav.net/downloads/production/${TARBALL} wget https://www.clamav.net/downloads/production/${TARBALL}.sig gpg --verify ${TARBALL}.sig ${TARBALL} -#rm -f ${TARBALL}.tmp zcat ${TARBALL} | tar --delete -f - '*/libclamunrar/*' | xz -c > ${TARBALL_CLEAN} -#mv ${TARBALL}.tmp ${TARBALL_CLEAN} diff --git a/clamav.spec b/clamav.spec index 0c592cb..c347061 100644 --- a/clamav.spec +++ b/clamav.spec @@ -204,7 +204,6 @@ Obsoletes: clamav-milter-systemd < %{version}-%{release} %description milter This package contains files which are needed to run the clamav-milter. -## ------------------------------------------------------------ %prep %setup -q -n %{name}-%{version}%{?prerelease} @@ -220,8 +219,6 @@ mkdir -p libclamunrar{,_iface} %{!?with_unrar:touch libclamunrar/{Makefile.in,all,install}} -## ------------------------------------------------------------ - %build # add -Wl,--as-needed if not exist echo %{?__global_ldflags} | sed '/-Wl,--as-needed/!s/$/ -Wl,--as-needed/' @@ -257,8 +254,6 @@ sed -i \ %make_build -## ------------------------------------------------------------ - %install rm -rf _doc* %make_install @@ -343,12 +338,10 @@ EOF # TODO: Evaluate using upstream's unit with clamav-daemon.socket rm $RPM_BUILD_ROOT%_unitdir/clamav-daemon.* -## ------------------------------------------------------------ %check make check -## ------------------------------------------------------------ %pre filesystem getent group %{updateuser} >/dev/null || groupadd -r %{updateuser} @@ -437,7 +430,6 @@ test -e %milterlog || { %exclude %_mandir/*/freshclam* %exclude %_mandir/man5/clamd.conf.5* -## ----------------------- %files lib %_libdir/libclamav.so.9* @@ -446,7 +438,6 @@ test -e %milterlog || { %_libdir/libclamunrar*.so.9* %endif -## ----------------------- %files devel %_includedir/* @@ -454,13 +445,11 @@ test -e %milterlog || { %_libdir/pkgconfig/* %_bindir/clamav-config -## ----------------------- %files filesystem %attr(-,%updateuser,%updateuser) %dir %homedir %dir %_sysconfdir/clamd.d -## ----------------------- %files data %defattr(-,%updateuser,%updateuser,-) @@ -479,8 +468,6 @@ test -e %milterlog || { %ghost %attr(0664,%updateuser,%updateuser) %homedir/mirrors.dat -## ----------------------- - %files -n clamd %doc _doc_server/* %_mandir/man5/clamd.conf.5* @@ -497,7 +484,6 @@ test -e %milterlog || { %dir %attr(0710,%scanuser,virusgroup) %scanstatedir %endif -## ----------------------- %files milter %doc clamav-milter/README.fedora From cf32b14aa9a58dcbf3a1e77a1d5871fc67f26b78 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9rgio=20M=2E=20Basto?= Date: Wed, 5 Feb 2020 06:56:52 +0000 Subject: [PATCH 3/7] Add a message warning that We now provide clamav-freshclam.service systemd unit instead old scripts --- clamav.spec | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/clamav.spec b/clamav.spec index c347061..9e4c819 100644 --- a/clamav.spec +++ b/clamav.spec @@ -34,7 +34,7 @@ Summary: End-user tools for the Clam Antivirus scanner Name: clamav Version: 0.101.5 -Release: 8%{?dist} +Release: 9%{?dist} License: %{?with_unrar:proprietary}%{!?with_unrar:GPLv2} URL: https://www.clamav.net/ %if %{with unrar} @@ -405,6 +405,12 @@ test -e %milterlog || { %systemd_postun_with_restart clamav-milter.service %post update +if [ $1 -eq 2 ] ; then + echo "Warning: clamav-update package changed" + echo "Now we provide clamav-freshclam.service systemd unit instead old scripts and the cron.d entry." + echo "Unfortunately this may break existing unattended installations." + echo "Please run 'systemctl enable clamav-freshclam --now' to enable freshclam updates again." +fi %systemd_post clamav-freshclam.service %preun update @@ -504,6 +510,10 @@ test -e %milterlog || { %changelog +* Tue Feb 04 2020 Sérgio Basto - 0.101.5-9 +- Add a message warning that We now provide clamav-freshclam.service systemd + unit instead old scripts + * Tue Jan 28 2020 Fedora Release Engineering - 0.101.5-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild From 2d3f9e81007087754b24d7e2ae01abce544e15ed Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Sun, 9 Feb 2020 13:59:59 -0700 Subject: [PATCH 4/7] Re-add clamav-update.cron (bz#1800226) --- clamav-update.crond | 6 +++++ clamav-update.logrotate | 4 ++++ clamav.spec | 45 +++++++++++++++++++++++++++-------- freshclam-sleep | 52 +++++++++++++++++++++++++++++++++++++++++ freshclam.sysconfig | 18 ++++++++++++++ 5 files changed, 115 insertions(+), 10 deletions(-) create mode 100644 clamav-update.crond create mode 100644 clamav-update.logrotate create mode 100755 freshclam-sleep create mode 100644 freshclam.sysconfig diff --git a/clamav-update.crond b/clamav-update.crond new file mode 100644 index 0000000..dc85745 --- /dev/null +++ b/clamav-update.crond @@ -0,0 +1,6 @@ +## Adjust this line... +MAILTO=root + +## It is ok to execute it as root; freshclam drops privileges and becomes +## user 'clamupdate' as soon as possible +0 */3 * * * root /usr/share/clamav/freshclam-sleep diff --git a/clamav-update.logrotate b/clamav-update.logrotate new file mode 100644 index 0000000..0de6062 --- /dev/null +++ b/clamav-update.logrotate @@ -0,0 +1,4 @@ +/var/log/freshclam.log { + monthly + notifempty +} diff --git a/clamav.spec b/clamav.spec index 9e4c819..4468ed3 100644 --- a/clamav.spec +++ b/clamav.spec @@ -24,9 +24,11 @@ %global updateuser clamupdate %global homedir %_var/lib/clamav +%global freshclamlog %_var/log/freshclam.log %global milteruser clamilt %global milterlog %_var/log/clamav-milter.log %global milterstatedir %_rundir/clamav-milter +%global pkgdatadir %_datadir/%name %global scanuser clamscan %global scanstatedir %_rundir/clamd.scan @@ -34,7 +36,7 @@ Summary: End-user tools for the Clam Antivirus scanner Name: clamav Version: 0.101.5 -Release: 9%{?dist} +Release: 10%{?dist} License: %{?with_unrar:proprietary}%{!?with_unrar:GPLv2} URL: https://www.clamav.net/ %if %{with unrar} @@ -60,6 +62,11 @@ Source10: main-58.cvd Source11: daily-25642.cvd #http://database.clamav.net/bytecode.cvd Source12: bytecode-331.cvd +#for update +Source200: freshclam-sleep +Source201: freshclam.sysconfig +Source202: clamav-update.crond +Source203: clamav-update.logrotate #for milter Source300: README.fedora #for clamav-milter.systemd @@ -147,7 +154,7 @@ BuildArch: noarch %description data This package contains the virus-database needed by clamav. This database should be updated regularly; the 'clamav-update' package -ships a corresponding systemd unit file. Use this package when you want a +ships a corresponding cron-job. Use this package when you want a working (but perhaps outdated) virus scanner immediately after package installation. @@ -155,6 +162,8 @@ installation. %package update Summary: Auto-updater for the Clam Antivirus scanner data-files Requires: clamav-filesystem = %version-%release +Requires: crontabs +Requires: /etc/cron.d Provides: data(clamav) = empty Provides: clamav-data-empty = %{version}-%{release} Obsoletes: clamav-data-empty < %{version}-%{release} @@ -162,7 +171,7 @@ Obsoletes: clamav-data-empty < %{version}-%{release} %description update This package contains programs which can be used to update the clamav anti-virus database automatically. It uses the freshclam(1) utility for -this task. To activate it use, systemctl enable --now clamav-freshclam . +this task. To activate it use, uncomment the entry in /etc/cron.d/clamav-update. Use this package when you go updating the virus database regulary and do not want to download a >160MB sized rpm-package with outdated virus definitions. @@ -259,7 +268,7 @@ rm -rf _doc* %make_install install -d -m 0755 \ - $RPM_BUILD_ROOT%_sysconfdir/{mail,clamd.d} \ + $RPM_BUILD_ROOT%_sysconfdir/{mail,clamd.d,logrotate.d} \ $RPM_BUILD_ROOT%_tmpfilesdir \ $RPM_BUILD_ROOT%_rundir \ $RPM_BUILD_ROOT%_var/log \ @@ -284,6 +293,14 @@ install -D -m 0644 -p %SOURCE5 _doc_server/README install -D -p -m 0644 %SOURCE530 $RPM_BUILD_ROOT%_unitdir/clamd@.service +## prepare the update-files +install -D -m 0644 -p %SOURCE203 $RPM_BUILD_ROOT%_sysconfdir/logrotate.d/clamav-update +touch $RPM_BUILD_ROOT%freshclamlog + +install -D -p -m 0755 %SOURCE200 $RPM_BUILD_ROOT%pkgdatadir/freshclam-sleep +install -D -p -m 0644 %SOURCE201 $RPM_BUILD_ROOT%_sysconfdir/sysconfig/freshclam +install -D -p -m 0600 %SOURCE202 $RPM_BUILD_ROOT%_sysconfdir/cron.d/clamav-update + ### The freshclam stuff sed -ri \ -e 's!^Example!#Example!' \ @@ -405,13 +422,13 @@ test -e %milterlog || { %systemd_postun_with_restart clamav-milter.service %post update -if [ $1 -eq 2 ] ; then - echo "Warning: clamav-update package changed" - echo "Now we provide clamav-freshclam.service systemd unit instead old scripts and the cron.d entry." - echo "Unfortunately this may break existing unattended installations." - echo "Please run 'systemctl enable clamav-freshclam --now' to enable freshclam updates again." -fi %systemd_post clamav-freshclam.service +test -e %freshclamlog || { + touch %freshclamlog + %__chmod 0664 %freshclamlog + %__chown root:%updateuser %freshclamlog + ! test -x /sbin/restorecon || /sbin/restorecon %freshclamlog +} %preun update %systemd_preun clamav-freshclam.service @@ -468,8 +485,13 @@ fi %files update %_bindir/freshclam %_mandir/*/freshclam* +%pkgdatadir/freshclam-sleep %_unitdir/clamav-freshclam.service %config(noreplace) %verify(not mtime) %_sysconfdir/freshclam.conf +%config(noreplace) %verify(not mtime) %_sysconfdir/logrotate.d/* +%config(noreplace) %_sysconfdir/cron.d/clamav-update +%config(noreplace) %_sysconfdir/sysconfig/freshclam +%ghost %attr(0664,root,%updateuser) %verify(not size md5 mtime) %freshclamlog %ghost %attr(0664,%updateuser,%updateuser) %homedir/*.cld %ghost %attr(0664,%updateuser,%updateuser) %homedir/mirrors.dat @@ -510,6 +532,9 @@ fi %changelog +* Sun Feb 09 2020 Orion Poplawski - 0.101.5-10 +- Re-add clamav-update.cron (bz#1800226) + * Tue Feb 04 2020 Sérgio Basto - 0.101.5-9 - Add a message warning that We now provide clamav-freshclam.service systemd unit instead old scripts diff --git a/freshclam-sleep b/freshclam-sleep new file mode 100755 index 0000000..fddb922 --- /dev/null +++ b/freshclam-sleep @@ -0,0 +1,52 @@ +#! /bin/bash +# Copyright (C) 2005 Enrico Scholz +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + + +FRESHCLAM_MOD=$[ 3*60 ] # 3 hours + +f=/etc/sysconfig/freshclam +test ! -e "$f" || . "$f" + + +case x"$1" in + (xnow) FRESHCLAM_DELAY=0;; + (x|xrandom) : ${FRESHCLAM_DELAY:=$[ 0x`hostid` ]};; + (*) FRESHCLAM_DELAY=$1;; +esac + +set -e + +case $FRESHCLAM_DELAY in + (disabled-warn) + echo $"\ +WARNING: update of clamav database is disabled; please see + '$f' + for information how to enable the periodic update resp. how to turn + off this message." >&2 + exit 1 + ;; + + (disabled) + exit 0 + ;; + + (*) + let FRESHCLAM_MOD*=60 + sleep $[ (FRESHCLAM_DELAY % FRESHCLAM_MOD + FRESHCLAM_MOD) % FRESHCLAM_MOD ] + ;; +esac + +/usr/bin/freshclam --quiet diff --git a/freshclam.sysconfig b/freshclam.sysconfig new file mode 100644 index 0000000..417dafc --- /dev/null +++ b/freshclam.sysconfig @@ -0,0 +1,18 @@ +## When changing the periodicity of freshclam runs in the crontab, +## this value must be adjusted also. Its value is the timespan between +## two subsequent freshclam runs in minutes. E.g. for the default +## +## | 0 */3 * * * ... +## +## crontab line, the value is 180 (minutes). +# FRESHCLAM_MOD= + +## A predefined value for the delay in seconds. By default, the value is +## calculated by the 'hostid' program. This predefined value guarantees +## constant timespans of 3 hours between two subsequent freshclam runs. +## +## This option accepts two special values: +## 'disabled-warn' ... disables the automatic freshclam update and +## gives out a warning +## 'disabled' ... disables the automatic freshclam silently +# FRESHCLAM_DELAY= From 53414b291957d9895c0af61bc7ae5d6039f2fcb2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9rgio=20M=2E=20Basto?= Date: Sun, 9 Feb 2020 22:03:38 +0000 Subject: [PATCH 5/7] Add conditional old_freshclam --- clamav-clean.sh | 2 +- clamav.spec | 51 ++++++++++++++++++++++++++++++++++++++++++++----- 2 files changed, 47 insertions(+), 6 deletions(-) diff --git a/clamav-clean.sh b/clamav-clean.sh index 86eb352..eede64d 100755 --- a/clamav-clean.sh +++ b/clamav-clean.sh @@ -1,4 +1,4 @@ -VERSION=0.101.5 +VERSION=0.102.2 NAME=clamav TARBALL_CLEAN=${NAME}-${VERSION}-norar.tar.xz TARBALL=${NAME}-${VERSION}.tar.gz diff --git a/clamav.spec b/clamav.spec index 4468ed3..7bd613e 100644 --- a/clamav.spec +++ b/clamav.spec @@ -1,5 +1,7 @@ #global prerelease rc1 +%global _hardened_build 1 + ## Fedora Extras specific customization below... %bcond_without tmpfiles %bcond_with unrar @@ -9,9 +11,11 @@ %bcond_with llvm %endif -## - -%global _hardened_build 1 +%if 0%{?fedora} && 0%{?rhel} >= 8 +%bcond_with old_freshclam +%else +%bcond_without old_freshclam +%endif %ifnarch s390 s390x %global have_ocaml 1 @@ -162,8 +166,10 @@ installation. %package update Summary: Auto-updater for the Clam Antivirus scanner data-files Requires: clamav-filesystem = %version-%release +%if %{with old_freshclam} Requires: crontabs Requires: /etc/cron.d +%endif Provides: data(clamav) = empty Provides: clamav-data-empty = %{version}-%{release} Obsoletes: clamav-data-empty < %{version}-%{release} @@ -293,6 +299,7 @@ install -D -m 0644 -p %SOURCE5 _doc_server/README install -D -p -m 0644 %SOURCE530 $RPM_BUILD_ROOT%_unitdir/clamd@.service +%if %{with old_freshclam} ## prepare the update-files install -D -m 0644 -p %SOURCE203 $RPM_BUILD_ROOT%_sysconfdir/logrotate.d/clamav-update touch $RPM_BUILD_ROOT%freshclamlog @@ -300,6 +307,7 @@ touch $RPM_BUILD_ROOT%freshclamlog install -D -p -m 0755 %SOURCE200 $RPM_BUILD_ROOT%pkgdatadir/freshclam-sleep install -D -p -m 0644 %SOURCE201 $RPM_BUILD_ROOT%_sysconfdir/sysconfig/freshclam install -D -p -m 0600 %SOURCE202 $RPM_BUILD_ROOT%_sysconfdir/cron.d/clamav-update +%endif ### The freshclam stuff sed -ri \ @@ -312,6 +320,27 @@ mv $RPM_BUILD_ROOT%_sysconfdir/freshclam.conf{.sample,} # Can contain HTTPProxyPassword (bugz#1733112) chmod 600 $RPM_BUILD_ROOT%_sysconfdir/freshclam.conf +%if %{with old_freshclam} +function smartsubst() { + local tmp + local regexp=$1 + shift + + tmp=$(mktemp /tmp/%name-subst.XXXXXX) + for i; do + sed -e "$regexp" "$i" >$tmp + cmp -s $tmp "$i" || cat $tmp >"$i" + rm -f $tmp + done +} +smartsubst 's!webmaster,clamav!webmaster,%updateuser!g; + s!/usr/share/clamav!%pkgdatadir!g; + s!/usr/bin!%_bindir!g; + s!/usr/sbin!%_sbindir!g;' \ + $RPM_BUILD_ROOT%_sysconfdir/cron.d/clamav-update \ + $RPM_BUILD_ROOT%pkgdatadir/freshclam-sleep +%endif + ### The scanner stuff sed -ri \ -e 's!^Example!#Example!' \ @@ -422,13 +451,22 @@ test -e %milterlog || { %systemd_postun_with_restart clamav-milter.service %post update -%systemd_post clamav-freshclam.service +%if %{with old_freshclam} test -e %freshclamlog || { touch %freshclamlog %__chmod 0664 %freshclamlog %__chown root:%updateuser %freshclamlog ! test -x /sbin/restorecon || /sbin/restorecon %freshclamlog } +%else +if [ $1 -eq 2 ] ; then + echo "Warning: clamav-update package changed" + echo "Now we provide clamav-freshclam.service systemd unit instead old scripts and the cron.d entry." + echo "Unfortunately this may break existing unattended installations." + echo "Please run 'systemctl enable clamav-freshclam --now' to enable freshclam updates again." +fi +%endif +%systemd_post clamav-freshclam.service %preun update %systemd_preun clamav-freshclam.service @@ -485,13 +523,15 @@ test -e %freshclamlog || { %files update %_bindir/freshclam %_mandir/*/freshclam* -%pkgdatadir/freshclam-sleep %_unitdir/clamav-freshclam.service %config(noreplace) %verify(not mtime) %_sysconfdir/freshclam.conf +%if %{with old_freshclam} +%pkgdatadir/freshclam-sleep %config(noreplace) %verify(not mtime) %_sysconfdir/logrotate.d/* %config(noreplace) %_sysconfdir/cron.d/clamav-update %config(noreplace) %_sysconfdir/sysconfig/freshclam %ghost %attr(0664,root,%updateuser) %verify(not size md5 mtime) %freshclamlog +%endif %ghost %attr(0664,%updateuser,%updateuser) %homedir/*.cld %ghost %attr(0664,%updateuser,%updateuser) %homedir/mirrors.dat @@ -534,6 +574,7 @@ test -e %freshclamlog || { %changelog * Sun Feb 09 2020 Orion Poplawski - 0.101.5-10 - Re-add clamav-update.cron (bz#1800226) +- Add conditional old_freshclam * Tue Feb 04 2020 Sérgio Basto - 0.101.5-9 - Add a message warning that We now provide clamav-freshclam.service systemd From d526a971f919956861cba5ea66e4d3c0bc4432e4 Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Sun, 9 Feb 2020 15:39:30 -0700 Subject: [PATCH 6/7] Update to 0.102.2 Drop supporting deprecated options for F32+ and EL8+ Drop old umask patch --- clamav-0.100.0-stats-deprecation.patch | 18 --- clamav-0.100.0-umask.patch | 33 ----- ...ations.patch => clamav-default_confs.patch | 136 +++++++++--------- clamav-stats-deprecation.patch | 17 +++ clamav.spec | 51 +++++-- sources | 6 +- 6 files changed, 130 insertions(+), 131 deletions(-) delete mode 100644 clamav-0.100.0-stats-deprecation.patch delete mode 100644 clamav-0.100.0-umask.patch rename clamav-0.100.1-defaults_locations.patch => clamav-default_confs.patch (54%) create mode 100644 clamav-stats-deprecation.patch diff --git a/clamav-0.100.0-stats-deprecation.patch b/clamav-0.100.0-stats-deprecation.patch deleted file mode 100644 index 16f81d2..0000000 --- a/clamav-0.100.0-stats-deprecation.patch +++ /dev/null @@ -1,18 +0,0 @@ -https://bugzilla.clamav.net/show_bug.cgi?id=12097 - ---- shared/optparser.c -+++ shared/optparser.c -@@ -505,6 +505,13 @@ const struct clam_option __clam_options[ - { "ClamukoExcludeUID", NULL, 0, CLOPT_TYPE_NUMBER, MATCH_NUMBER, -1, NULL, FLAG_MULTIPLE, OPT_CLAMD | OPT_DEPRECATED, "", "" }, - { "ClamukoMaxFileSize", NULL, 0, CLOPT_TYPE_SIZE, MATCH_SIZE, 5242880, NULL, 0, OPT_CLAMD | OPT_DEPRECATED, "", "" }, - { "AllowSupplementaryGroups", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_MILTER | OPT_DEPRECATED, "Initialize a supplementary group access (the process must be started by root).", "no" }, -+ { "StatsHostID", "stats-host-id", 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_CLAMD | OPT_CLAMSCAN | OPT_DEPRECATED, "", "" }, -+ { "StatsEnabled", "enable-stats", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_CLAMSCAN | OPT_DEPRECATED, "", "" }, -+ { "StatsPEDisabled", "disable-pe-stats", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN | OPT_DEPRECATED, "", "" }, -+ { "StatsTimeout", "stats-timeout", 0, CLOPT_TYPE_NUMBER, MATCH_NUMBER, -1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN | OPT_FRESHCLAM | OPT_DEPRECATED, "", "" }, -+ { "SubmitDetectionStats", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_DEPRECATED, "", "" }, -+ { "DetectionStatsCountry", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_DEPRECATED, "", "" }, -+ { "DetectionStatsHostID", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_DEPRECATED, "", "" }, - - /* Milter specific options */ - diff --git a/clamav-0.100.0-umask.patch b/clamav-0.100.0-umask.patch deleted file mode 100644 index 0e7c6ec..0000000 --- a/clamav-0.100.0-umask.patch +++ /dev/null @@ -1,33 +0,0 @@ ---- clamav-0.100.0/clamav-milter/clamav-milter.c 2018-04-04 02:13:58.000000000 +0200 -+++ clamav-0.100.0/clamav-milter/clamav-milter.c.umask 2018-05-28 23:25:12.374047156 +0200 -@@ -432,7 +432,7 @@ - - if((opt = optget(opts, "PidFile"))->enabled) { - FILE *fd; -- mode_t old_umask = umask(0002); -+ mode_t old_umask = umask(0022); - - if((fd = fopen(opt->strarg, "w")) == NULL) { - logg("!Can't save PID in file %s\n", opt->strarg); ---- clamav-0.100.0/shared/output.c 2018-04-04 02:13:58.000000000 +0200 -+++ clamav-0.100.0/shared/output.c.umask 2018-05-28 23:24:41.968851516 +0200 -@@ -379,7 +379,7 @@ - - if (!logg_fp && logg_file) - { -- old_umask = umask(0037); -+ old_umask = umask(0077); - if ((logg_fp = fopen(logg_file, "at")) == NULL) - { - umask(old_umask); ---- clamav-0.100.0/freshclam/freshclam.c 2018-04-04 02:13:58.000000000 +0200 -+++ clamav-0.100.0/freshclam/freshclam.c.umask 2018-05-28 23:25:30.675164850 +0200 -@@ -127,7 +127,7 @@ - { - FILE *fd; - int old_umask; -- old_umask = umask (0006); -+ old_umask = umask (0022); - if ((fd = fopen (pidfile, "w")) == NULL) - { - logg ("!Can't save PID to file %s: %s\n", pidfile, strerror (errno)); diff --git a/clamav-0.100.1-defaults_locations.patch b/clamav-default_confs.patch similarity index 54% rename from clamav-0.100.1-defaults_locations.patch rename to clamav-default_confs.patch index 5bcfa2d..481c9ce 100644 --- a/clamav-0.100.1-defaults_locations.patch +++ b/clamav-default_confs.patch @@ -1,19 +1,78 @@ ---- ./clamconf/clamconf.c.orig 2018-07-30 05:28:40.199759145 +0100 -+++ ./clamconf/clamconf.c 2018-07-30 05:30:12.083760295 +0100 -@@ -58,9 +58,9 @@ static struct _cfgfile { +diff -up clamav-0.102.0/clamconf/clamconf.c.default_confs clamav-0.102.0/clamconf/clamconf.c +--- clamav-0.102.0/clamconf/clamconf.c.default_confs 2019-10-11 20:46:32.216962895 -0600 ++++ clamav-0.102.0/clamconf/clamconf.c 2019-10-11 20:47:16.201174669 -0600 +@@ -60,9 +60,9 @@ static struct _cfgfile { const char *name; int tool; } cfgfile[] = { -- { "clamd.conf", OPT_CLAMD }, -+ { "clamd.d/scan.conf", OPT_CLAMD }, - { "freshclam.conf", OPT_FRESHCLAM }, -- { "clamav-milter.conf", OPT_MILTER }, -+ { "mail/clamav-milter.conf", OPT_MILTER }, - { NULL, 0 } - }; +- {"clamd.conf", OPT_CLAMD}, ++ {"clamd.d/scan.conf", OPT_CLAMD}, + {"freshclam.conf", OPT_FRESHCLAM}, +- {"clamav-milter.conf", OPT_MILTER}, ++ {"mail/clamav-milter.conf", OPT_MILTER}, + {NULL, 0}}; ---- ./platform.h.in.orig 2018-07-30 06:27:54.437257754 +0100 -+++ ./platform.h.in 2018-07-30 06:29:18.920124404 +0100 + static void printopts(struct optstruct *opts, int nondef) +diff -up clamav-0.102.0/docs/man/clamav-milter.8.in.default_confs clamav-0.102.0/docs/man/clamav-milter.8.in +--- clamav-0.102.0/docs/man/clamav-milter.8.in.default_confs 2019-10-01 11:24:08.000000000 -0600 ++++ clamav-0.102.0/docs/man/clamav-milter.8.in 2019-10-11 20:46:32.218962904 -0600 +@@ -27,7 +27,7 @@ Print the version number and exit. + Read configuration from FILE. + .SH "FILES" + .LP +-@CFGDIR@/clamav-milter.conf ++@CFGDIR@/mail/clamav-milter.conf + .SH "AUTHOR" + .LP + aCaB +diff -up clamav-0.102.0/docs/man/clamav-milter.conf.5.in.default_confs clamav-0.102.0/docs/man/clamav-milter.conf.5.in +--- clamav-0.102.0/docs/man/clamav-milter.conf.5.in.default_confs 2019-10-01 11:24:08.000000000 -0600 ++++ clamav-0.102.0/docs/man/clamav-milter.conf.5.in 2019-10-11 20:46:32.218962904 -0600 +@@ -239,7 +239,7 @@ Default: no + All options expressing a size are limited to max 4GB. Values in excess will be reset to the maximum. + .SH "FILES" + .LP +-@CFGDIR@/clamav-milter.conf ++@CFGDIR@/mail/clamav-milter.conf + .SH "AUTHOR" + .LP + aCaB +diff -up clamav-0.102.0/docs/man/clamd.8.in.default_confs clamav-0.102.0/docs/man/clamd.8.in +--- clamav-0.102.0/docs/man/clamd.8.in.default_confs 2019-10-01 11:24:08.000000000 -0600 ++++ clamav-0.102.0/docs/man/clamd.8.in 2019-10-11 20:46:32.220962914 -0600 +@@ -7,7 +7,7 @@ clamd \- an anti\-virus daemon + clamd [options] + .SH "DESCRIPTION" + .LP +-The daemon listens for incoming connections on Unix and/or TCP socket and scans files or directories on demand. It reads the configuration from @CFGDIR@/clamd.conf ++The daemon listens for incoming connections on Unix and/or TCP socket and scans files or directories on demand. It reads the configuration from @CFGDIR@/clamd.d/scan.conf + .SH "COMMANDS" + .LP + It's recommended to prefix clamd commands with the letter \fBz\fR (eg. zSCAN) to indicate that the command will be delimited by a NULL character and that clamd should continue reading command data until a NULL character is read. The null delimiter assures that the complete command and its entire argument will be processed as a single command. Alternatively commands may be prefixed with the letter \fBn\fR (e.g. nSCAN) to use a newline character as the delimiter. Clamd replies will honour the requested terminator in turn. +@@ -125,7 +125,7 @@ Reload the signature databases. + Perform a clean exit. + .SH "FILES" + .LP +-@CFGDIR@/clamd.conf ++@CFGDIR@/clamd.d/scan.conf + .SH "CREDITS" + Please check the full documentation for credits. + .SH "AUTHOR" +diff -up clamav-0.102.0/docs/man/clamd.conf.5.in.default_confs clamav-0.102.0/docs/man/clamd.conf.5.in +--- clamav-0.102.0/docs/man/clamd.conf.5.in.default_confs 2019-10-01 11:24:08.000000000 -0600 ++++ clamav-0.102.0/docs/man/clamd.conf.5.in 2019-10-11 20:46:32.219962909 -0600 +@@ -742,7 +742,7 @@ Default: no + All options expressing a size are limited to max 4GB. Values in excess will be reset to the maximum. + .SH "FILES" + .LP +-@CFGDIR@/clamd.conf ++@CFGDIR@/clamd.d/scan.conf + .SH "AUTHORS" + .LP + Tomasz Kojm , Kevin Lin +diff -up clamav-0.102.0/platform.h.in.default_confs clamav-0.102.0/platform.h.in +--- clamav-0.102.0/platform.h.in.default_confs 2019-10-01 11:24:09.000000000 -0600 ++++ clamav-0.102.0/platform.h.in 2019-10-11 20:46:32.217962899 -0600 @@ -34,9 +34,9 @@ typedef unsigned int in_addr_t; #define PATHSEP "/" #endif @@ -26,56 +85,3 @@ #define cli_to_utf8_maybe_alloc(x) (x) #define cli_strdup_to_utf8(x) strdup(x) ---- ./docs/man/clamav-milter.conf.5.in.orig 2018-07-31 02:47:52.768212114 +0100 -+++ ./docs/man/clamav-milter.conf.5.in 2018-07-31 02:48:57.295032444 +0100 -@@ -239,7 +239,7 @@ Default: no - All options expressing a size are limited to max 4GB. Values in excess will be reset to the maximum. - .SH "FILES" - .LP --@CFGDIR@/clamav-milter.conf -+@CFGDIR@/mail/clamav-milter.conf - .SH "AUTHOR" - .LP - aCaB ---- ./docs/man/clamav-milter.8.in.orig 2018-07-31 02:47:45.154130364 +0100 -+++ ./docs/man/clamav-milter.8.in 2018-07-31 02:48:39.484792893 +0100 -@@ -27,7 +27,7 @@ Print the version number and exit. - Read configuration from FILE. - .SH "FILES" - .LP --@CFGDIR@/clamav-milter.conf -+@CFGDIR@/mail/clamav-milter.conf - .SH "AUTHOR" - .LP - aCaB ---- ./docs/man/clamd.conf.5.in.orig 2018-07-31 02:52:12.607659460 +0100 -+++ ./docs/man/clamd.conf.5.in 2018-07-31 02:52:37.396992885 +0100 -@@ -703,7 +703,7 @@ Default: no - All options expressing a size are limited to max 4GB. Values in excess will be reset to the maximum. - .SH "FILES" - .LP --@CFGDIR@/clamd.conf -+@CFGDIR@/clamd.d/scan.conf - .SH "AUTHORS" - .LP - Tomasz Kojm , Kevin Lin ---- ./docs/man/clamd.8.in.orig 2018-07-31 02:51:22.897990849 +0100 -+++ ./docs/man/clamd.8.in 2018-07-31 02:53:22.170595103 +0100 -@@ -7,7 +7,7 @@ clamd \- an anti\-virus daemon - clamd [options] - .SH "DESCRIPTION" - .LP --The daemon listens for incoming connections on Unix and/or TCP socket and scans files or directories on demand. It reads the configuration from @CFGDIR@/clamd.conf -+The daemon listens for incoming connections on Unix and/or TCP socket and scans files or directories on demand. It reads the configuration from @CFGDIR@/clamd.d/scan.conf - .SH "COMMANDS" - .LP - It's recommended to prefix clamd commands with the letter \fBz\fR (eg. zSCAN) to indicate that the command will be delimited by a NULL character and that clamd should continue reading command data until a NULL character is read. The null delimiter assures that the complete command and its entire argument will be processed as a single command. Alternatively commands may be prefixed with the letter \fBn\fR (e.g. nSCAN) to use a newline character as the delimiter. Clamd replies will honour the requested terminator in turn. -@@ -119,7 +119,7 @@ Reload the signature databases. - Perform a clean exit. - .SH "FILES" - .LP --@CFGDIR@/clamd.conf -+@CFGDIR@/clamd.d/scan.conf - .SH "CREDITS" - Please check the full documentation for credits. - .SH "AUTHOR" diff --git a/clamav-stats-deprecation.patch b/clamav-stats-deprecation.patch new file mode 100644 index 0000000..a12f138 --- /dev/null +++ b/clamav-stats-deprecation.patch @@ -0,0 +1,17 @@ +diff -up clamav-0.102.0/shared/optparser.c.stats-deprecation clamav-0.102.0/shared/optparser.c +--- clamav-0.102.0/shared/optparser.c.stats-deprecation 2019-10-10 21:55:31.245995091 -0600 ++++ clamav-0.102.0/shared/optparser.c 2019-10-11 20:40:04.580067432 -0600 +@@ -524,6 +524,13 @@ const struct clam_option __clam_options[ + {"ArchiveLimitMemoryUsage", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, -1, NULL, 0, OPT_CLAMD | OPT_DEPRECATED, "", ""}, + {"MailFollowURLs", "mail-follow-urls", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, -1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN | OPT_DEPRECATED, "", ""}, + {"AllowSupplementaryGroups", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_MILTER | OPT_DEPRECATED, "Initialize a supplementary group access (the process must be started by root).", "no"}, ++ {"StatsHostID", "stats-host-id", 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_CLAMD | OPT_CLAMSCAN | OPT_DEPRECATED, "", "" }, ++ {"StatsEnabled", "enable-stats", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_CLAMSCAN | OPT_DEPRECATED, "", ""}, ++ {"StatsPEDisabled", "disable-pe-stats", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN | OPT_DEPRECATED, "", ""}, ++ {"StatsTimeout", "stats-timeout", 0, CLOPT_TYPE_NUMBER, MATCH_NUMBER, -1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN | OPT_FRESHCLAM | OPT_DEPRECATED, "", ""}, ++ {"SubmitDetectionStats", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_DEPRECATED, "", ""}, ++ {"DetectionStatsCountry", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_DEPRECATED, "", ""}, ++ {"DetectionStatsHostID", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_DEPRECATED, "", ""}, + {"ScanOnAccess", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, -1, NULL, 0, OPT_CLAMD | OPT_DEPRECATED, "", ""}, + + /* Milter specific options */ diff --git a/clamav.spec b/clamav.spec index 7bd613e..237cb15 100644 --- a/clamav.spec +++ b/clamav.spec @@ -3,6 +3,12 @@ %global _hardened_build 1 ## Fedora Extras specific customization below... +# EL7's curl is too old +%if 0%{?fedora} || 0%{?rhel} >= 8 +%bcond_without clamonacc +%else +%bcond_with clamonacc +%endif %bcond_without tmpfiles %bcond_with unrar %ifnarch ppc64 @@ -39,8 +45,8 @@ Summary: End-user tools for the Clam Antivirus scanner Name: clamav -Version: 0.101.5 -Release: 10%{?dist} +Version: 0.102.2 +Release: 1%{?dist} License: %{?with_unrar:proprietary}%{!?with_unrar:GPLv2} URL: https://www.clamav.net/ %if %{with unrar} @@ -78,17 +84,26 @@ Source330: clamav-milter.systemd #for scanner-systemd/server-systemd Source530: clamd@.service -Patch0: clamav-0.100.0-stats-deprecation.patch -Patch1: clamav-0.100.1-defaults_locations.patch -Patch24: clamav-0.99-private.patch -Patch27: clamav-0.100.0-umask.patch - +# Restore some options removed in 0.100 as deprecated +# Could be dropped in F32 with a note +# https://bugzilla.redhat.com/show_bug.cgi?id=1565381#c1 +Patch0: clamav-stats-deprecation.patch +# Change default config locations for Fedora +Patch1: clamav-default_confs.patch +# Fix pkg-config flags for static linking, multilib +Patch2: clamav-0.99-private.patch BuildRequires: autoconf automake gettext-devel libtool libtool-ltdl-devel BuildRequires: gcc-c++ -BuildRequires: zlib-devel bzip2-devel gmp-devel curl-devel json-c-devel -BuildRequires: ncurses-devel openssl-devel libxml2-devel +BuildRequires: bzip2-devel +BuildRequires: curl-devel +BuildRequires: gmp-devel +BuildRequires: json-c-devel +BuildRequires: libxml2-devel +BuildRequires: ncurses-devel +BuildRequires: openssl-devel BuildRequires: pcre2-devel +BuildRequires: zlib-devel #BuildRequires: %%_includedir/tcpd.h BuildRequires: bc tcl groff graphviz %{?have_ocaml:BuildRequires: ocaml} @@ -223,10 +238,12 @@ This package contains files which are needed to run the clamav-milter. %prep %setup -q -n %{name}-%{version}%{?prerelease} -%patch0 -p0 -b .stats-deprecation +# No longer support deprecated options in F32+ and EL8+ +%if (0%{?fedora} && 0%{?fedora} < 32) || (0%{?rhel} && 0%{?rhel} < 8) +%patch0 -p1 -b .stats-deprecation +%endif %patch1 -p1 -b .default_confs -%patch24 -p1 -b .private -%patch27 -p1 -b .umask +%patch2 -p1 -b .private install -p -m0644 %SOURCE300 clamav-milter/ @@ -257,6 +274,7 @@ autoreconf -i --disable-rpath \ --disable-silent-rules \ --enable-clamdtop \ + %{!?with_clamonacc:--disable-clamonacc} \ %{!?with_llvm:--disable-llvm} # TODO: check periodically that CLAMAVUSER is used for freshclam only @@ -484,6 +502,9 @@ fi %_bindir/clamconf %_bindir/clamdscan %_bindir/clamdtop +%if %{with clamonacc} +%_bindir/clamonacc +%endif %_bindir/clamscan %_bindir/clamsubmit %_bindir/sigtool @@ -522,6 +543,7 @@ fi %files update %_bindir/freshclam +%_libdir/libfreshclam.so.2* %_mandir/*/freshclam* %_unitdir/clamav-freshclam.service %config(noreplace) %verify(not mtime) %_sysconfdir/freshclam.conf @@ -572,6 +594,11 @@ fi %changelog +* Sun Feb 9 2020 Orion Poplawski - 0.102.2-1 +- Update to 0.102.2 +- Drop supporting deprecated options for F32+ and EL8+ +- Drop old umask patch + * Sun Feb 09 2020 Orion Poplawski - 0.101.5-10 - Re-add clamav-update.cron (bz#1800226) - Add conditional old_freshclam diff --git a/sources b/sources index fcae603..3ee750d 100644 --- a/sources +++ b/sources @@ -1,4 +1,4 @@ -SHA512 (clamav-0.101.5-norar.tar.xz) = f649ec4de6a77b766c2c17ed7a974eb29c1f3604faa12f204448d0025e61dcf417baa1cc07978d3cfa18535a7c52f117e85dcf4703264614d03e6c214039de60 -SHA512 (main-58.cvd) = 71309a7ea26f0fbfe329252c728173c895b107b7ea2e0bd613b12475db1d0270a496d707c4d80c842bf8b6f21680e86edfa7fa3b8aea075e93d67c91d696603a +SHA512 (clamav-0.102.2-norar.tar.xz) = e03368f37a3d98c6301924c21cf5af815e01238a022d87f572fcbc8452844e83c5fca92135a88e967a67671fb3b3e3ecb9b621f4937aa4ce44ba4b1c1fe1eedc +SHA512 (main-59.cvd) = c01792bdb9e07889af04ead91ba49f440cd4510b81b1c83bdfb10c65f099cf29416699f5485cc13b07c4d24195c81abc0b1c4439f5ba6d5d391b7406ba9fe26c SHA512 (bytecode-331.cvd) = 41957106337cb28fd0eb6459bd70ab23b4ce218b3691d592e0f1bc14841696b36b1fbbc4feaef64f7b572b6cbe400f5d44fc4efedd07afe37921a9044a1a8f53 -SHA512 (daily-25642.cvd) = 021cb0e57d18c655a76dd8b48cf311106feed5c3e7a4349433d2956c42bfc6ff77741e6f470d3f6a90f3eb56ac2f4e8870c33678814f240a2b5467a6bdc5667c +SHA512 (daily-25719.cvd) = 652320ff562862d7daa93020173ff43791c4b34618b725879b6ce520f8b364687a8ad7a851a4ffe6d4d4631ec2d527641c70c5678a15bf3733b0914ad9c57822 From e3658c00edcb1cb2c325a086b32b9b25b5136f65 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9rgio=20M=2E=20Basto?= Date: Mon, 10 Feb 2020 02:48:27 +0000 Subject: [PATCH 7/7] Fix names of cvd files --- clamav.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/clamav.spec b/clamav.spec index 237cb15..0da1f1d 100644 --- a/clamav.spec +++ b/clamav.spec @@ -67,9 +67,9 @@ Source5: clamd-README # Check the first line of the file for version or run file *cvd # Attention file < 5.33-7 have bugs see https://bugzilla.redhat.com/show_bug.cgi?id=1539107 #http://database.clamav.net/main.cvd -Source10: main-58.cvd +Source10: main-59.cvd #http://database.clamav.net/daily.cvd -Source11: daily-25642.cvd +Source11: daily-25719.cvd #http://database.clamav.net/bytecode.cvd Source12: bytecode-331.cvd #for update