Merge branch 'master' into epel8

2019-11-23 19:19:43 -07:00 · 2019-11-23 19:19:43 -07:00 · eed7f20be0
commit eed7f20be0
parent cdb13b6482 a7555a5b2e
6 changed files with 51 additions and 321 deletions
--- a/README.fedora
+++ b/README.fedora
@ -1,5 +1,5 @@
-Please note since el7 and Fedora 15 or 19 we use only systemd.
+Please note for Fedora and EPEL 7+ we use only systemd.
-upstart and sysv was dropped, this document may still applies to el6.
+upstart and sysvinit only apply to EPEL 6.
 A clamav-milter setup consists of the following three components:
@ -11,18 +11,22 @@ A clamav-milter setup consists of the following three components:
  The main configuration is in /etc/mail/clamav-milter.conf and MUST
  be changed before first use.
  This can be enabled with: 'systemctl enable clamav-milter.service'
  The -sysvinit package is managed by the traditional tools, but
  -upstart requires modification of /etc/event.d/clamav-milter to
  enable automatic startup.  See comments there for more details.
 * a clamav scanner daemon
-  --> this package is called 'clamav-scanner' plus (alternatively)
+  --> this is in the clamd package (or on EL6:
-      'clamav-scanner-upstart' or 'clamav-scanner-sysvinit'
+      'clamav-scanner-upstart' or 'clamav-scanner-sysvinit')
  The daemon is configured by /etc/clamd.d/scan.conf (which MUST be
  edited before first use).
  This can be enabled with: 'systemctl enable clamd@scan.service'
  The -sysvinit package is managed by the traditional tools, but
  -upstart requires modification of /etc/event.d/clamd.scan to enable
  automatic startup.  See comments there for more details.
@ -32,19 +36,14 @@ A clamav-milter setup consists of the following three components:
  --> you should know how to install this...
  When communicating across unix sockets with the clamav-milter, it is
-  suggested to use the /var/run/clamav-milter/clamav-milter.socket
+  suggested to use the /run/clamav-milter/clamav-milter.socket
  path.  You have to add something like
-    INPUT_MAIL_FILTER(`clamav', `S=local:/var/run/clamav-milter/clamav-milter.socket, F=, T=S:4m;R:4m')dnl
+    INPUT_MAIL_FILTER(`clamav', `S=local:/run/clamav-milter/clamav-milter.socket, F=, T=S:4m;R:4m')dnl
  to your sendmail.mc.
 It is suggested that components communicate through TCP sockets as
 this eases setup.  Please add corresponding packet filter rules!
 EXAMPLE
 =======
@ -70,13 +69,13 @@ B)  On the clamav-milter host (assumed hostname 'host-milter')
     and all the other options which are required on your system
-  3. Edit /etc/event.d/clamav-milter and uncomment the
+  3. Enable clamav-milter.service:
-    | start on starting local
+    | systemctl enable clamav-milter.service
-     line. Restart your system or execute
+     Restart your system or execute
-    | initctl emit starting local
+    | systemctl start clamav-milter.service
  4. Add something like
@ -90,7 +89,7 @@ B)  On the clamav-milter host (assumed hostname 'host-milter')
 C)  On the clamav-scanner host (assumed hostname 'host-scanner')
-  1. Install clamav-scanner + clamav-scanner-upstart packages
+  1. Install clamd
  2. Add to /etc/clamd.d/scan.conf
@ -100,13 +99,13 @@ C)  On the clamav-scanner host (assumed hostname 'host-scanner')
     comment out possible 'LocalSocket' lines and set all the other
     options which are required on your system
-  3. Edit /etc/event.d/clamav-scanner and uncomment the
+  3. Enable clamd@scan.service:
-    | start on starting local
+    | systemctl enable clamd@scan.service
-     line. Restart your system or execute
+     Restart your system or execute
-    | initctl emit starting local
+    | systemctl start clamd@scan.service
  4. Add something like
--- a/clamav.spec
+++ b/clamav.spec
@ -53,8 +53,8 @@
 Summary:    End-user tools for the Clam Antivirus scanner
 Name:       clamav
-Version:    0.101.4
+Version:    0.101.5
-Release:    2%{?dist}
+Release:    1%{?dist}
 License:    %{?with_unrar:proprietary}%{!?with_unrar:GPLv2}
 URL:        https://www.clamav.net/
 %if %{with unrar}
@ -82,8 +82,6 @@ Source10:   main-58.cvd
 Source11:   daily-25550.cvd
 #http://database.clamav.net/bytecode.cvd
 Source12:   bytecode-330.cvd
 #for devel
 Source100:  clamd-gen
 #for update
 Source200:  freshclam-sleep
 Source201:  freshclam.sysconfig
@ -326,8 +324,8 @@ mkdir -p libclamunrar{,_iface}
 sed -ri \
    -e 's!^#?(LogFile ).*!#\1/var/log/clamd.<SERVICE>!g' \
-    -e 's!^#?(LocalSocket ).*!#\1/var/run/clamd.<SERVICE>/clamd.sock!g' \
+    -e 's!^#?(LocalSocket ).*!#\1%{_rundir}/clamd.<SERVICE>/clamd.sock!g' \
-    -e 's!^(#?PidFile ).*!\1/var/run/clamd.<SERVICE>/clamd.pid!g' \
+    -e 's!^(#?PidFile ).*!\1%{_rundir}/clamd.<SERVICE>/clamd.pid!g' \
    -e 's!^#?(User ).*!\1<USER>!g' \
    -e 's!^#?(AllowSupplementaryGroups|LogSyslog).*!\1 yes!g' \
    -e 's! /usr/local/share/clamav,! %homedir,!g' \
@ -433,7 +431,6 @@ install -D -m 0644 -p etc/clamd.conf.sample _doc_server/clamd.conf
 %if %{with sysv}
 install -m 0644 -p %SOURCE520       $RPM_BUILD_ROOT%pkgdatadir/
 %endif
 install -m 0755 -p %SOURCE100       $RPM_BUILD_ROOT%pkgdatadir/
 cp -pa _doc_server/*            $RPM_BUILD_ROOT%pkgdatadir/template
 %if %{with sysv}
@ -471,7 +468,6 @@ sed -e 's!<SERVICE>!scan!g;' $RPM_BUILD_ROOT%pkgdatadir/template/clamd.init \
 %endif
 install -D -p -m 0644 %SOURCE410 $RPM_BUILD_ROOT%_sysconfdir/init/clamd.scan.conf
 install -D -p -m 0644 %SOURCE430 $RPM_BUILD_ROOT%_unitdir/clamd@scan.service
 cat << EOF > $RPM_BUILD_ROOT%_tmpfilesdir/clamd.scan.conf
 d %scanstatedir 0710 %scanuser virusgroup
@ -553,8 +549,10 @@ exit 0
 /usr/bin/killall -u %scanuser clamd 2>/dev/null || :
 %endif
 %if %{with systemd}
-%systemd_post clamd@.service
+# Point to the new service unit
-%systemd_post clamd@scan.service
+[ -L /etc/systemd/system/multi-user.target.wants/clamd@scan.service ] &&
    ln -sf /usr/lib/systemd/system/clamd@.service /etc/systemd/system/multi-user.target.wants/clamd@scan.service || :
 %systemd_post clamd@\*.service
 %{?with_tmpfiles:/bin/systemd-tmpfiles --create %_tmpfilesdir/clamd.scan.conf || :}
 %endif
@ -567,8 +565,7 @@ test "$1" != 0 || /sbin/chkconfig --del clamd.scan
 test "$1" != "0" || /sbin/initctl -q stop clamd.scan || :
 %endif
 %if %{with systemd}
-%systemd_preun clamd@.service
+%systemd_preun clamd@\*.service
 %systemd_preun clamd@scan.service
 %endif
 %postun -n clamd
@ -576,8 +573,7 @@ test "$1" != "0" || /sbin/initctl -q stop clamd.scan || :
 test "$1"  = 0 || %_initrddir/clamd.scan condrestart >/dev/null || :
 %endif
 %if %{with systemd}
-%systemd_postun_with_restart clamd@.service
+%systemd_postun_with_restart clamd@\*.service
 %systemd_postun_with_restart clamd@scan.service
 %endif
@ -670,7 +666,6 @@ test "$1"  = 0 || %_initrddir/clamav-milter condrestart >/dev/null || :
 %_includedir/*
 %_libdir/*.so
 %pkgdatadir/template
 %pkgdatadir/clamd-gen
 %_libdir/pkgconfig/*
 %_bindir/clamav-config
@ -735,9 +730,6 @@ test "$1"  = 0 || %_initrddir/clamav-milter condrestart >/dev/null || :
 %if %{with upstart}
  %config(noreplace) %_sysconfdir/init/clamd.scan*
 %endif
 %if %{with systemd}
  %_unitdir/clamd@scan.service
 %endif
 ## -----------------------
@ -769,6 +761,13 @@ test "$1"  = 0 || %_initrddir/clamav-milter condrestart >/dev/null || :
 %changelog
 * Sat Nov 23 2019 Orion Poplawski <orion@nwra.com> - 0.101.5-1
 - Update to 0.101.5 (CVE-2019-15961) (bz#1775550)
 * Mon Nov 18 2019 Orion Poplawski <orion@nwra.com> - 0.101.4-3
 - Drop clamd@scan.service file (bz#1725810)
 - Change /var/run to /run
 * Mon Nov 18 2019 Orion Poplawski <orion@nwra.com> - 0.101.4-2
 - Add TimeoutStartSec=420 to clamd@.service to match upstream (bz#1764835)
--- a/15
+++ b/15
@ -1,10 +1,9 @@
 To create individual clamd-instance take the following files and
 modify/copy them in the suggested way:
-clamd.conf:
+/etc/clamd/scan.conf:
-  * set LocalSocket (or better: TCPSocket) and User to suitable values;
+  * set LocalSocket for localhost access or TCPSocket for network access
-    avoid PidFile unless it is required by system monitoring or something
+    and User to suitable values. Logging through syslog is usually better than an individual
    else. Logging through syslog is usually better than an individual
    Logfile.
  * place this file into /etc/clamd.d with an unique service-name;
    e.g. as /etc/clamd.d/<SERVICE>.conf
@ -40,10 +39,10 @@ clamd@<SERVICE>.service: (systemd instance)
 Additionally, when using LocalSocket instead of TCPSocket, the directory
 for the socket file must be created.  For tmpfiles based systems, you
-might want to create a file /usr/lib/tmpfiles.d/clamd.<SERVICE>.conf
+might want to create a file /etc/tmpfiles.d/clamd.<SERVICE>.conf
 with a content of
- | d /var/run/clamd.<SERVICE> <MODE> <USER> <GROUP>
+ | d /run/clamd.<SERVICE> <MODE> <USER> <GROUP>
 Adjust <MODE> (0710 should suffice for most cases) and <USER> + <GROUP>
 so that the socket can be accessed by clamd and by the applications
@ -53,9 +52,9 @@ DOS attacks or worse are trivial.
 After emulating these steps by hand (or else rebooting), you still need set
 SELinux:
- chcon -t clamd_var_run_t /var/run/clamd.<SERVICE>
+ chcon -t clamd_var_run_t /run/clamd.<SERVICE>
 or
- restorecon -R -v "/var/run/clamd.<SERVICE>"
+ restorecon -R -v "/run/clamd.<SERVICE>"
 More SELinux notes:
 you may need run:
--- a/269
+++ b/269
@ -1,269 +0,0 @@
 #! /bin/bash
 # Copyright (C) 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de>
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation; version 2 of the License.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 function showHelp()
 {
    echo \
 $"Usage: clamd-gen --service=<SERVICE> --version=<VERSION> --release=<RELEASE>
                 --license=<LICENSE> --username=>USERNAME>
 "
    exit 0
 }
 function rpm.generatePreamble()
 {
    cat <<EOF
 %{!?release_func:%define release_func()	%1%{?dist}}
 # The name of the minit service
 %define minitsvcdir	%minitdir/services/%name
 # The configuration file for the SysV initservice
 %define conffile	%_sysconfdir/clamd.d/%service.conf
 # The directory, where the milter socket will be placed into; this
 # socket will be named clamd.sock
 %define rundir		/var/run/clamd.%service
 # The name of the logfile
 %define logfile		/var/log/clamd.%service
 # The user under whose id, the clamd shall be running. This user must
 # be able to read the files from the base-service and is usually
 # created there.
 %define username	$USERNAME
 # The packagename of the service
 %define service		$SERVICE
 # The service name as used by the system's initscripts; usually this
 # is %service
 %define baseservice	%service
 %define __chkconfig	/sbin/chkconfig
 %define minitdir	%_sysconfdir/minit
 EOF
 }
 function rpm.generateHeader()
 {
    cat <<EOF
 Summary:		Clamav server for '%service'
 Name:			clamd.%service
 Version:		$VERSION
 Release:		%release_func $RELEASE
 Epoch:			0
 License:		$LICENSE
 Group:			System Environment/Daemons
 BuildRoot:		%_tmppath/%name-%version-%release-root
 BuildArch:		noarch
 Requires:		init(%name)
 Requires(pre):		%service
 Requires:		clamav-server
 BuildRequires:		clamav-devel
 %package sysv
 Summary:		SysV initscripts for a %service clamav-server
 Group:			System Environment/Daemons
 Provides:		init(%name) = sysv
 Conflicts:		init(%name) < sysv
 Conflicts:		init(%name) > sysv
 Requires:		clamav-server-sysv
 Requires(post):		%name = %epoch:%version-%release
 Requires(post):		diffutils mktemp %__chkconfig
 Requires(preun):	%__chkconfig
 Requires(pre):		%_initrddir
 Requires(postun):	%_initrddir
 %package minit
 Summary:		minit initscripts for a %service clamav-server
 Group:			System Environment/Daemons
 Provides:		init(%name) = minit
 Conflicts:		init(%name) < minit
 Conflicts:		init(%name) > minit
 Requires(post):		%name = %epoch:%version-%release
 Requires(post):		diffutils mktemp
 Requires(pre):		minit-setup
 Requires(postun):	minit-setup
 Requires(triggers):	minit-tools
 %description
 Basic setup for a clamav server for '%service'.
 %description sysv
 Basic setup for a clamav server for '%service'.
 This package contains initscripts for SysV based systems.
 %description minit
 Basic setup for a clamav server for '%service'.
 This package contains initscripts for minit based systems.
 EOF
 }
 function rpm.genBody()
 {
    cat <<"XEOFX"
 %prep
 %build
 %install
 rm -rf $RPM_BUILD_ROOT
 %__install -d -m755 $RPM_BUILD_ROOT{%minitsvcdir,%_sbindir,%rundir,/var/log}
 d=/usr/share/clamav/template
 function subst
 {
 	src=$d/$1
 	dst=$RPM_BUILD_ROOT$2
 	%__install -d -m755 $(dirname "$dst")
 	sed -e 's!^\(#?LogFile \).*!\1%logfile!g;
 		s!^#?\(LocalSocket \).*!\1%rundir/clamd.sock!g;
 		s!^#?\(PidFile \).*!\1%rundir/clamd.pid!g;
 		s!<SERVICE>!%service!g;
 		s!<USER>!%username!g;' "$src" >"$dst"
 	chmod --reference "$src" "$dst"
 }
 subst clamd.conf      %conffile
 subst clamd.logrotate %_sysconfdir/logrotate.d/clamd.%service
 %if 0%{!?_without_sysv:1}
 subst clamd.sysconfig %_sysconfdir/sysconfig/clamd.%service
 subst clamd.init      %_initrddir/clamd.%service
 %endif
 ln -s clamd $RPM_BUILD_ROOT%_sbindir/clamd.%service
 touch $RPM_BUILD_ROOT%logfile
 touch $RPM_BUILD_ROOT%rundir/clamd.sock
 %if 0%{!?_without_minit:1}
 ln -s %_sbindir/clamd.%service $RPM_BUILD_ROOT%minitsvcdir/run
 touch                          $RPM_BUILD_ROOT%minitsvcdir/respawn
 cat <<EOF                     >$RPM_BUILD_ROOT%minitsvcdir/params
 -c
 %conffile
 EOF
 %endif
 %clean
 rm -rf $RPM_BUILD_ROOT
 %triggerin minit -- %baseservice
 minit-svc add services/clamd.%service services/%baseservice/
 %triggerun minit -- %baseservice
 test "$1" != 0 -a "$2" != 0 || \
 	minit-svc del services/clamd.%service services/%baseservice/
 %post minit
 d=$(mktemp /tmp/clamd.%service.XXXXXX)
 sed -e 's!^#Foreground!Foreground!' "%conffile" >"$d"
 grep -q '^Foreground' $d || echo 'Foreground' >>$d
 cmp -s "$d" %conffile || cat "$d" >"%conffile"
 rm -f "$d"
 %post sysv
 d=$(mktemp /tmp/clamd.%service.XXXXXX)
 sed -e 's!^Foreground!#Foreground!' "%conffile" >"$d"
 cmp -s "$d" %conffile || cat "$d" >"%conffile"
 rm -f "$d"
 %__chkconfig --add %name
 %preun sysv
 test "$1" != 0 || %__chkconfig --del %name
 XEOFX
 }
 function rpm.genFiles
 {
    cat <<"EOF"
 %files
 %defattr(-,root,root,-)
 %doc
 %config(noreplace) %verify(not size md5 mtime) %attr(0620,root,%username)  %logfile
 %config(noreplace) %verify(not mtime) %conffile
 %config(noreplace) %verify(not mtime) %_sysconfdir/logrotate.d/clamd.%service
 %_sbindir/clamd.%service
 %dir %attr(0700,%username,root) %rundir
 %ghost %rundir/clamd.sock
 %if 0%{!?_without_sysv:1}
 %files sysv
 %defattr(-,root,root,-)
 %config            %verify(not mtime) %_initrddir/clamd.%service
 %config(noreplace) %verify(not mtime) %_sysconfdir/sysconfig/clamd.%service
 %endif
 %if 0%{!?_without_minit:1}
 %files minit
 %defattr(-,root,root,-)
 %dir                                  %minitsvcdir
 %config(noreplace) %verify(not mtime) %minitsvcdir/params
 %config                               %minitsvcdir/run
 				      %minitsvcdir/respawn
 %endif
 EOF
 }
 SERVICE=
 VERSION=
 RELEASE=
 LICENSE=
 USERNAME=
 tmp=$(getopt -o '' --long service:,version:,release:,license:,username:,help -n "$0" -- "$@") || exit 1
 eval set -- "$tmp"
 while true; do
    case "$1" in
 	(--help)	showHelp $0;;
 	(--service)	SERVICE=$2;  shift;;
 	(--version)	VERSION=$2;  shift;;
 	(--release)	RELEASE=$2;  shift;;
 	(--license)	LICENSE=$2;  shift;;
 	(--username)	USERNAME=$2; shift;;
 	(--)		shift; break;;
    esac
    shift
 done
 for i in SERVICE VERSION RELEASE LICENSE USERNAME; do
    eval tmp=\$${i}
    test "$tmp" || {
 	echo $"No value for $i specified; assuming @${i}@"  >&2;
 	eval $i=@${i}@;
    }
 done
 rpm.generatePreamble
 rpm.generateHeader
 rpm.genBody
 rpm.genFiles
--- a/clamd@.service
+++ b/clamd@.service
@ -1,13 +1,15 @@
 [Unit]
 Description = clamd scanner (%i) daemon
 Documentation=man:clamd(8) man:clamd.conf(5) https://www.clamav.net/documents/
 # Check for database existence
 # ConditionPathExistsGlob=@DBDIR@/main.{c[vl]d,inc}
 # ConditionPathExistsGlob=@DBDIR@/daily.{c[vl]d,inc}
 After = syslog.target nss-lookup.target network.target
 [Service]
 Type = forking
 ExecStart = /usr/sbin/clamd -c /etc/clamd.d/%i.conf
 # Reload the database
 ExecReload=/bin/kill -USR2 $MAINPID
 Restart = on-failure
 TimeoutStartSec=420
 [Install]
 WantedBy = multi-user.target
--- a/6
+++ b/6
@ -1,4 +1,4 @@
-SHA512 (clamav-0.101.4-norar.tar.xz) = 4c1b7b77cd6fceea76fdfcf9b2ab24cf302f9abd50169dcf2069e6299bcd9dea5309536eba5214963046f8bca029ecbe71aebc54d9932d1ec7fa3820816312ab
+SHA512 (clamav-0.101.5-norar.tar.xz) = f649ec4de6a77b766c2c17ed7a974eb29c1f3604faa12f204448d0025e61dcf417baa1cc07978d3cfa18535a7c52f117e85dcf4703264614d03e6c214039de60
 SHA512 (main-58.cvd) = 71309a7ea26f0fbfe329252c728173c895b107b7ea2e0bd613b12475db1d0270a496d707c4d80c842bf8b6f21680e86edfa7fa3b8aea075e93d67c91d696603a
-SHA512 (bytecode-330.cvd) = aac2b7705861f5e115f09cc06cfb4903429ed7de93f5519221901936aef9b2c5bec1dfce3cb5e221093eefc29945543d6cb3d8be85891af1349c259398174369
+SHA512 (bytecode-331.cvd) = 41957106337cb28fd0eb6459bd70ab23b4ce218b3691d592e0f1bc14841696b36b1fbbc4feaef64f7b572b6cbe400f5d44fc4efedd07afe37921a9044a1a8f53
-SHA512 (daily-25550.cvd) = d3b969477e79adcea63c364b25b240bc276f4110253a472293434927e00ed2c915c980d3d08950235b8f23504f9917c3e8243fd48991d70b15de1f50ed60cc8a
+SHA512 (daily-25642.cvd) = 021cb0e57d18c655a76dd8b48cf311106feed5c3e7a4349433d2956c42bfc6ff77741e6f470d3f6a90f3eb56ac2f4e8870c33678814f240a2b5467a6bdc5667c