This commit is contained in:
Sérgio M. Basto 2018-01-04 17:29:15 +00:00
parent c7796f6d58
commit eec7d43883
2 changed files with 5 additions and 34 deletions

View File

@ -1,30 +0,0 @@
--- clamav-0.99/etc/clamd.conf.sample 2015-11-24 00:13:46.000000000 +0100
+++ clamav-0.99/etc/clamd.conf.sample.jitoff 2015-12-02 01:36:11.766462183 +0100
@@ -614,6 +614,16 @@
# Default: yes
#Bytecode yes
+# Bytecode mode
+#
+# This option has been set to 'ForceInterpreter' in Fedora due to
+# security concerns by default. You might need to enable the
+# 'antivirus_use_jit' SELinux boolean after setting this option to
+# the more efficient 'ForceJIT' value.
+#
+# Default: ForceInterpreter
+#ByteCodeMode ForceInterpreter
+
# Set bytecode security level.
# Possible values:
# None - no security at all, meant for debugging. DO NOT USE THIS ON PRODUCTION SYSTEMS
--- clamav-0.99/shared/optparser.c 2015-12-02 01:35:26.632828082 +0100
+++ clamav-0.99/shared/optparser.c.jitoff 2015-12-02 01:36:54.249117737 +0100
@@ -298,7 +298,7 @@
{ "BytecodeUnsigned", "bytecode-unsigned", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN,
"Allow loading bytecode from outside digitally signed .c[lv]d files.","no"},
- { "BytecodeMode", "bytecode-mode", 0, CLOPT_TYPE_STRING, "^(Auto|ForceJIT|ForceInterpreter|Test)$", -1, "Auto", FLAG_REQUIRED, OPT_CLAMD | OPT_CLAMSCAN,
+ { "BytecodeMode", "bytecode-mode", 0, CLOPT_TYPE_STRING, "^(Auto|ForceJIT|ForceInterpreter|Test)$", -1, "ForceInterpreter", FLAG_REQUIRED, OPT_CLAMD | OPT_CLAMSCAN,
"Set bytecode execution mode.\nPossible values:\n\tAuto - automatically choose JIT if possible, fallback to interpreter\nForceJIT - always choose JIT, fail if not possible\nForceInterpreter - always choose interpreter\nTest - run with both JIT and interpreter and compare results. Make all failures fatal.","Auto"},
{ "Statistics", "statistics", 0, CLOPT_TYPE_STRING, "^(none|None|bytecode|Bytecode|pcre|PCRE)$", -1, NULL, FLAG_MULTIPLE, OPT_CLAMSCAN | OPT_CLAMBC, "Collect and print execution statistics.\nPossible values:\n\tBytecode - reports bytecode statistics\nPCRE - reports PCRE execution statistics\nNone - reports no statistics", "None" },

View File

@ -59,7 +59,7 @@ Requires(postun): /bin/systemctl\
Summary: End-user tools for the Clam Antivirus scanner
Name: clamav
Version: 0.99.2
Release: 13%{?dist}
Release: 14%{?dist}
License: %{?with_unrar:proprietary}%{!?with_unrar:GPLv2}
Group: Applications/File
URL: http://www.clamav.net
@ -81,8 +81,6 @@ Source11: http://db.local.clamav.net/daily-21723.cvd
Patch24: clamav-0.99-private.patch
Patch27: clamav-0.98-umask.patch
# https://bugzilla.redhat.com/attachment.cgi?id=403775&action=diff&context=patch&collapsed=&headers=1&format=raw
Patch29: clamav-0.99.1-jitoff.patch
# https://llvm.org/viewvc/llvm-project/llvm/trunk/lib/ExecutionEngine/JIT/Intercept.cpp?r1=128086&r2=137567
Patch30: llvm-glibc.patch
Patch31: clamav-0.99.1-setsebool.patch
@ -417,7 +415,6 @@ The systemd initscripts for clamav-scanner.
%apply -n24 -p1 -b .private
%apply -n27 -p1 -b .umask
%apply -n29 -p1 -b .jitoff
%apply -n30 -p1
%apply -n31 -p1 -b .setsebool
%apply -n32 -p1 -b .openssl_1.1.0
@ -904,6 +901,10 @@ test "$1" != "0" || /sbin/initctl -q stop clamav-milter || :
%changelog
* Thu Jan 04 2018 Sérgio Basto <sergio@serjux.com> - 0.99.2-14
- Fix rhbz #1530678
- Fix rhbz #1518016
* Sun Nov 26 2017 Robert Scheck <robert@fedoraproject.org> - 0.99.2-13
- Backported upstream patch to unbreak e2guardian vs. temp files