rediffed patches for 0.96.2

2010-08-15 22:35:32 +02:00 · 2010-08-15 22:35:32 +02:00 · e23ab1c21a
commit e23ab1c21a
parent 1b9c20a71e
6 changed files with 48 additions and 246 deletions
--- a/clamav-0.92-open.patch
+++ b/clamav-0.92-open.patch
@ -1,7 +1,7 @@
-Index: clamav-0.96.1/clamd/dazukoio_compat12.c
+Index: clamav-0.96.2/clamd/dazukoio_compat12.c
 ===================================================================
--- clamav-0.96.1.orig/clamd/dazukoio_compat12.c
-+++ clamav-0.96.1/clamd/dazukoio_compat12.c
+--- clamav-0.96.2.orig/clamd/dazukoio_compat12.c
+++ clamav-0.96.2/clamd/dazukoio_compat12.c
@@ -89,7 +89,7 @@ int dazukoRegister_TS_compat12(struct da
 	if (dazuko->device < 0)
 	{
--- a/clamav-0.95.3-umask.patch
+++ b/clamav-0.95.3-umask.patch
@ -1,8 +1,8 @@
-Index: clamav-0.96.1/clamav-milter/clamav-milter.c
+Index: clamav-0.96.2/clamav-milter/clamav-milter.c
 ===================================================================
--- clamav-0.96.1.orig/clamav-milter/clamav-milter.c
-+++ clamav-0.96.1/clamav-milter/clamav-milter.c
-@@ -365,7 +365,7 @@ int main(int argc, char **argv) {
+--- clamav-0.96.2.orig/clamav-milter/clamav-milter.c
+++ clamav-0.96.2/clamav-milter/clamav-milter.c
+@@ -370,7 +370,7 @@ int main(int argc, char **argv) {
 
     if((opt = optget(opts, "PidFile"))->enabled) {
 	FILE *fd;
@ -11,10 +11,10 @@ Index: clamav-0.96.1/clamav-milter/clamav-milter.c
 
 	if((fd = fopen(opt->strarg, "w")) == NULL) {
 	    logg("!Can't save PID in file %s\n", opt->strarg);
-Index: clamav-0.96.1/shared/output.c
+Index: clamav-0.96.2/shared/output.c
 ===================================================================
--- clamav-0.96.1.orig/shared/output.c
-+++ clamav-0.96.1/shared/output.c
+--- clamav-0.96.2.orig/shared/output.c
+++ clamav-0.96.2/shared/output.c
@@ -280,7 +280,7 @@ int logg(const char *str, ...)
 #endif
     if(logg_file) {
@ -24,10 +24,10 @@ Index: clamav-0.96.1/shared/output.c
 	    if((logg_fp = fopen(logg_file, "at")) == NULL) {
 		umask(old_umask);
 #ifdef CL_THREAD_SAFE
-Index: clamav-0.96.1/freshclam/freshclam.c
+Index: clamav-0.96.2/freshclam/freshclam.c
 ===================================================================
--- clamav-0.96.1.orig/freshclam/freshclam.c
-+++ clamav-0.96.1/freshclam/freshclam.c
+--- clamav-0.96.2.orig/freshclam/freshclam.c
+++ clamav-0.96.2/freshclam/freshclam.c
@@ -106,7 +106,7 @@ static void writepid(const char *pidfile
 {
 	FILE *fd;
--- a/clamav-0.96-disable-jit.patch
+++ b/clamav-0.96-disable-jit.patch
@ -1,150 +0,0 @@
-Index: clamav-0.96.1/clamd/clamd.c
-===================================================================
--- clamav-0.96.1.orig/clamd/clamd.c
-+++ clamav-0.96.1/clamd/clamd.c
-@@ -434,6 +434,9 @@ int main(int argc, char **argv)
-     if((opt = optget(opts,"BytecodeTimeout"))->enabled) {
- 	cl_engine_set_num(engine, CL_ENGINE_BYTECODE_TIMEOUT, opt->numarg);
-     }
-+    if((opt = optget(opts,"BytecodeDisableJIT"))->enabled) {
-+	cl_engine_set_num(engine, CL_ENGINE_BYTECODE_DISABLEJIT, opt->numarg);
-+    }
- 
-     if(optget(opts,"PhishingScanURLs")->enabled)
- 	dboptions |= CL_DB_PHISHING_URLS;
-Index: clamav-0.96.1/clamscan/manager.c
-===================================================================
--- clamav-0.96.1.orig/clamscan/manager.c
-+++ clamav-0.96.1/clamscan/manager.c
-@@ -404,6 +404,8 @@ int scanmanager(const struct optstruct *
- 	cl_engine_set_num(engine, CL_ENGINE_BYTECODE_SECURITY, CL_BYTECODE_TRUST_ALL);
-     if((opt = optget(opts,"bytecode-timeout"))->enabled)
- 	cl_engine_set_num(engine, CL_ENGINE_BYTECODE_TIMEOUT, opt->numarg);
-+    if((opt = optget(opts,"bytecode-disable-jit"))->enabled)
-+	cl_engine_set_num(engine, CL_ENGINE_BYTECODE_DISABLEJIT, opt->numarg);
- 
-     if((opt = optget(opts, "tempdir"))->enabled) {
- 	if((ret = cl_engine_set_str(engine, CL_ENGINE_TMPDIR, opt->strarg))) {
-Index: clamav-0.96.1/docs/man/clamd.conf.5.in
-===================================================================
--- clamav-0.96.1.orig/docs/man/clamd.conf.5.in
-+++ clamav-0.96.1/docs/man/clamd.conf.5.in
-@@ -253,6 +253,12 @@ Default: TrustSigned
- Set bytecode timeout in milliseconds.
- .br
- Default: 60000
-+.TP
-+\fBBytecodeDisableJIT BOOL\fR
-+Disable the JIT and fallback to interpreter mode.
-+WARNING: disabling the JIT affects performance!
-+.br
-+Default: No
- .TP 
- \fBDetectPUA BOOL\fR
- Detect Possibly Unwanted Applications.
-Index: clamav-0.96.1/docs/man/clamscan.1.in
-===================================================================
--- clamav-0.96.1.orig/docs/man/clamscan.1.in
-+++ clamav-0.96.1/docs/man/clamscan.1.in
-@@ -86,6 +86,10 @@ This option disables safety checks and m
- .TP 
- \fB\-\-bytecode\-timeout=N\fR
- Set bytecode timeout in milliseconds (default: 60000 = 60s)
-+.TP
-+\fB\-\-bytecode\-disable\-jit\fR
-+Disable the JIT and fallback to interpreter mode.
-+WARNING: disable the JIT affects performance!
- .TP 
- \fB\-\-detect\-pua[=yes/no(*)]\fR
- Detect Possibly Unwanted Applications.
-Index: clamav-0.96.1/etc/clamd.conf
-===================================================================
--- clamav-0.96.1.orig/etc/clamd.conf
-+++ clamav-0.96.1/etc/clamd.conf
-@@ -472,3 +472,8 @@ Example
- # 
- # Default: 60000
- # BytecodeTimeout 60000
-+ 
-+# Disable JIT and fallback to interpreter. WARNING: disabling JIT affects performance.
-+# 
-+# Default: no
-+#BytecodeDisableJIT no
-Index: clamav-0.96.1/libclamav/clamav.h
-===================================================================
--- clamav-0.96.1.orig/libclamav/clamav.h
-+++ clamav-0.96.1/libclamav/clamav.h
-@@ -144,7 +144,8 @@ enum cl_engine_field {
-     CL_ENGINE_TMPDIR,		    /* (char *) */
-     CL_ENGINE_KEEPTMP,		    /* uint32_t */
-     CL_ENGINE_BYTECODE_SECURITY,     /* uint32_t */
-    CL_ENGINE_BYTECODE_TIMEOUT       /* uint32_t */
-+    CL_ENGINE_BYTECODE_TIMEOUT,       /* uint32_t */
-+    CL_ENGINE_BYTECODE_DISABLEJIT        /* uint32_t */
- };
- 
- enum bytecode_security {
-Index: clamav-0.96.1/libclamav/others.c
-===================================================================
--- clamav-0.96.1.orig/libclamav/others.c
-+++ clamav-0.96.1/libclamav/others.c
-@@ -301,6 +301,7 @@ struct cl_engine *cl_engine_new(void)
-     new->bytecode_security = CL_BYTECODE_TRUST_SIGNED;
-     /* 5 seconds timeout */
-     new->bytecode_timeout = 60000;
-+    new->disablejit = 0;
-     new->refcount = 1;
-     new->ac_only = 0;
-     new->ac_mindepth = CLI_DEFAULT_AC_MINDEPTH;
-@@ -399,6 +400,9 @@ int cl_engine_set_num(struct cl_engine *
- 	case CL_ENGINE_BYTECODE_TIMEOUT:
- 	    engine->bytecode_timeout = num;
- 	    break;
-+	case CL_ENGINE_BYTECODE_DISABLEJIT:
-+	    engine->disablejit = num;
-+	    break;
- 	default:
- 	    cli_errmsg("cl_engine_set_num: Incorrect field number\n");
- 	    return CL_EARG;
-Index: clamav-0.96.1/libclamav/others.h
-===================================================================
--- clamav-0.96.1.orig/libclamav/others.h
-+++ clamav-0.96.1/libclamav/others.h
-@@ -253,6 +253,7 @@ struct cl_engine {
-     unsigned hook_lsig_ids;
-     enum bytecode_security bytecode_security;
-     uint32_t bytecode_timeout;
-+    unsigned disablejit;
- };
- 
- struct cl_settings {
-Index: clamav-0.96.1/libclamav/readdb.c
-===================================================================
--- clamav-0.96.1.orig/libclamav/readdb.c
-+++ clamav-0.96.1/libclamav/readdb.c
-@@ -2595,7 +2595,10 @@ int cl_load(const char *path, struct cl_
- 	    return ret;
- 
-     if((dboptions & CL_DB_BYTECODE) && !engine->bcs.engine && (engine->dconf->bytecode & BYTECODE_ENGINE_MASK)) {
-	if((ret = cli_bytecode_init(&engine->bcs, engine->dconf->bytecode)))
-+	unsigned dconfmask = engine->dconf->bytecode;
-+	if (engine->disablejit)
-+	    dconfmask &= BYTECODE_INTERPRETER;
-+	if((ret = cli_bytecode_init(&engine->bcs, dconfmask)))
- 	    return ret;
-     } else {
- 	cli_dbgmsg("Bytecode engine disabled\n");
-Index: clamav-0.96.1/shared/optparser.c
-===================================================================
--- clamav-0.96.1.orig/shared/optparser.c
-+++ clamav-0.96.1/shared/optparser.c
-@@ -252,6 +252,9 @@ const struct clam_option __clam_options[
- 	"Set bytecode security level.\nPossible values:\n\tNone - no security at all, meant for debugging. DO NOT USE THIS ON PRODUCTION SYSTEMS\n\tTrustSigned - trust bytecode loaded from signed .c[lv]d files,\n\t\t insert runtime safety checks for bytecode loaded from other sources\n\tParanoid - don't trust any bytecode, insert runtime checks for all\nRecommended: TrustSigned, because bytecode in .cvd files already has these checks\n","TrustSigned"},
-     { "BytecodeTimeout", "bytecode-timeout", 0, TYPE_NUMBER, MATCH_NUMBER, 60000, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, 
- 	"Set bytecode timeout in miliseconds.\n","60000"},
-+    { "BytecodeDisableJIT", "bytecode-disable-jit", 0, TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, 
-+	"Disable JIT and fallback to interpreter. WARNING: disabling JIT affects performance.\n","no"},
-+
-     { "DetectPUA", "detect-pua", 0, TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "Detect Potentially Unwanted Applications.", "yes" },
- 
-     { "ExcludePUA", "exclude-pua", 0, TYPE_STRING, NULL, -1, NULL, FLAG_MULTIPLE, OPT_CLAMD | OPT_CLAMSCAN, "Exclude a specific PUA category. This directive can be used multiple times.\nSee http://www.clamav.net/support/pua for the complete list of PUA\ncategories.", "NetTool\nPWTool" },
--- a/clamav-0.96-jitoff.patch
+++ b/clamav-0.96-jitoff.patch
@ -1,80 +0,0 @@
-Index: clamav-0.96.1/etc/clamd.conf
-===================================================================
--- clamav-0.96.1.orig/etc/clamd.conf
-+++ clamav-0.96.1/etc/clamd.conf
-@@ -11,7 +11,7 @@ Example
- # LogFile must be writable for the user running daemon.
- # A full path is required.
- # Default: disabled
-#LogFile /tmp/clamd.log
-+#LogFile /var/log/clamd.<SERVICE>
- 
- # By default the log file is locked for writing - the lock protects against
- # running clamd multiple times (if want to run another clamd, please
-@@ -40,7 +40,7 @@ Example
- 
- # Use system logger (can work together with LogFile).
- # Default: no
-#LogSyslog yes
-+LogSyslog yes
- 
- # Specify the type of syslog messages - please refer to 'man syslog'
- # for facility names.
-@@ -54,7 +54,7 @@ Example
- # This option allows you to save a process identifier of the listening
- # daemon (main thread).
- # Default: disabled
-#PidFile /var/run/clamd.pid
-+#PidFile /var/run/clamd.<SERVICE>/clamd.pid
- 
- # Optional path to the global temporary directory.
- # Default: system specific (usually /tmp or /var/tmp).
-@@ -73,7 +73,7 @@ Example
- 
- # Path to a local socket file the daemon will listen on.
- # Default: disabled (must be specified by a user)
-#LocalSocket /tmp/clamd.socket
-+#LocalSocket /var/run/clamd.<SERVICE>/clamd.sock
- 
- # Sets the group ownership on the unix socket.
- # Default: disabled (the primary group of the user running clamd)
-@@ -183,11 +183,11 @@ Example
- 
- # Run as another user (clamd must be started by root for this option to work)
- # Default: don't drop privileges
-#User clamav
-+User <USER>
- 
- # Initialize supplementary group access (clamd must be started by root).
- # Default: no
-#AllowSupplementaryGroups no
-+AllowSupplementaryGroups yes
- 
- # Stop daemon when libclamav reports out of memory condition.
- #ExitOnOOM yes
-@@ -474,6 +474,10 @@ Example
- # BytecodeTimeout 60000
-  
- # Disable JIT and fallback to interpreter. WARNING: disabling JIT affects performance.
-# 
-# Default: no
-+#
-+# This option has been turned off in Fedora due to security concerns
-+# by default.  You might need to enable the 'clamd_use_jit' SELinux
-+# boolean after enabling this option.
-+#
-+# Default: yes
- #BytecodeDisableJIT no
-Index: clamav-0.96.1/shared/optparser.c
-===================================================================
--- clamav-0.96.1.orig/shared/optparser.c
-+++ clamav-0.96.1/shared/optparser.c
-@@ -252,7 +252,7 @@ const struct clam_option __clam_options[
- 	"Set bytecode security level.\nPossible values:\n\tNone - no security at all, meant for debugging. DO NOT USE THIS ON PRODUCTION SYSTEMS\n\tTrustSigned - trust bytecode loaded from signed .c[lv]d files,\n\t\t insert runtime safety checks for bytecode loaded from other sources\n\tParanoid - don't trust any bytecode, insert runtime checks for all\nRecommended: TrustSigned, because bytecode in .cvd files already has these checks\n","TrustSigned"},
-     { "BytecodeTimeout", "bytecode-timeout", 0, TYPE_NUMBER, MATCH_NUMBER, 60000, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, 
- 	"Set bytecode timeout in miliseconds.\n","60000"},
-    { "BytecodeDisableJIT", "bytecode-disable-jit", 0, TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, 
-+    { "BytecodeDisableJIT", "bytecode-disable-jit", 0, TYPE_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, 
- 	"Disable JIT and fallback to interpreter. WARNING: disabling JIT affects performance.\n","no"},
- 
-     { "DetectPUA", "detect-pua", 0, TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "Detect Potentially Unwanted Applications.", "yes" },
--- a/clamav-0.96.2-jitoff.patch
+++ b/clamav-0.96.2-jitoff.patch
@ -0,0 +1,34 @@
+Index: clamav-0.96.2/etc/clamd.conf
+===================================================================
+--- clamav-0.96.2.orig/etc/clamd.conf
+++ clamav-0.96.2/etc/clamd.conf
+@@ -459,6 +459,16 @@ Example
+ # Default: yes
+ #Bytecode yes
+ 
+# Bytecode mode
+#
+# This option has been set to 'ForceInterpreter' in Fedora due to
+# security concerns by default.  You might need to enable the
+# 'clamd_use_jit' SELinux boolean after setting this option to the
+# more efficient 'ForceJIT' value.
+#
+# Default: ForceInterpreter
+#ByteCodeMode ForceInterpreter
+
+ # Set bytecode security level.
+ # Possible values:
+ #       None - no security at all, meant for debugging. DO NOT USE THIS ON PRODUCTION SYSTEMS
+Index: clamav-0.96.2/shared/optparser.c
+===================================================================
+--- clamav-0.96.2.orig/shared/optparser.c
+++ clamav-0.96.2/shared/optparser.c
+@@ -254,7 +254,7 @@ const struct clam_option __clam_options[
+ 	"Set bytecode security level.\nPossible values:\n\tNone - no security at all, meant for debugging. DO NOT USE THIS ON PRODUCTION SYSTEMS\n\tTrustSigned - trust bytecode loaded from signed .c[lv]d files,\n\t\t insert runtime safety checks for bytecode loaded from other sources\n\tParanoid - don't trust any bytecode, insert runtime checks for all\nRecommended: TrustSigned, because bytecode in .cvd files already has these checks\n","TrustSigned"},
+     { "BytecodeTimeout", "bytecode-timeout", 0, TYPE_NUMBER, MATCH_NUMBER, 60000, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, 
+ 	"Set bytecode timeout in miliseconds.\n","60000"},
+-    { "BytecodeMode", "bytecode-mode", 0, TYPE_STRING, "^(Auto|ForceJIT|ForceInterpreter|Test)$", -1, "Auto", FLAG_REQUIRED, OPT_CLAMD | OPT_CLAMSCAN,
+    { "BytecodeMode", "bytecode-mode", 0, TYPE_STRING, "^(Auto|ForceJIT|ForceInterpreter|Test)$", -1, "ForceInterpreter", FLAG_REQUIRED, OPT_CLAMD | OPT_CLAMSCAN,
+ 	"Set bytecode execution mode.\nPossible values:\n\tAuto - automatically choose JIT if possible, fallback to interpreter\nForceJIT - always choose JIT, fail if not possible\nForceIntepreter - always choose interpreter\nTest - run with both JIT and interpreter and compare results. Make all failures fatal\n","Auto"},
+     { "DetectPUA", "detect-pua", 0, TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "Detect Potentially Unwanted Applications.", "yes" },
+ 
--- a/clamav.spec
+++ b/clamav.spec
@ -59,8 +59,7 @@ Patch25:	clamav-0.92-open.patch
 Patch26:	clamav-0.95-cliopts.patch
 Patch27:	clamav-0.95.3-umask.patch
 # https://bugzilla.redhat.com/attachment.cgi?id=403775&action=diff&context=patch&collapsed=&headers=1&format=raw
-Patch28:	clamav-0.96-disable-jit.patch
-Patch29:	clamav-0.96-jitoff.patch
+Patch29:	clamav-0.96.2-jitoff.patch
 BuildRoot:	%_tmppath/%name-%version-%release-root
 Requires:	clamav-lib = %version-%release
 Requires:	data(clamav)
@ -326,7 +325,6 @@ The Upstart initscripts for clamav-milter.
 %apply -n25 -p1 -b .open
 %apply -n26 -p1 -b .cliopts
 %apply -n27 -p1 -b .umask
-%apply -n28 -p1 -b .jit-disable
 %apply -n29 -p1 -b .jitoff

 install -p -m0644 %SOURCE300 clamav-milter/