| |
@@ -1,26 +1,18 @@
|
| |
- #global prerelease rc1
|
| |
+ #global prerelease -rc2
|
| |
|
| |
%global _hardened_build 1
|
| |
|
| |
## Fedora specific customization below...
|
| |
%bcond_without clamonacc
|
| |
%bcond_with unrar
|
| |
- %ifnarch ppc64
|
| |
- %bcond_without llvm
|
| |
- %else
|
| |
- %bcond_with llvm
|
| |
- %endif
|
| |
-
|
| |
- %if 0%{?fedora} || 0%{?rhel} >= 8
|
| |
- %bcond_with old_freshclam
|
| |
- %else
|
| |
- %bcond_without old_freshclam
|
| |
- %endif
|
| |
+ # Failing with llvm 14 https://github.com/Cisco-Talos/clamav/issues/581
|
| |
+ %bcond_with llvm
|
| |
|
| |
- %ifnarch s390 s390x
|
| |
- %global have_ocaml 1
|
| |
+ # No ocaml on ix86
|
| |
+ %ifarch %{ix86}
|
| |
+ %bcond_with ocaml
|
| |
%else
|
| |
- %global have_ocaml 0
|
| |
+ %bcond_without ocaml
|
| |
%endif
|
| |
|
| |
%global scanuser clamscan
|
| |
@@ -33,8 +25,8 @@
|
| |
|
| |
Summary: End-user tools for the Clam Antivirus scanner
|
| |
Name: clamav
|
| |
- Version: 0.103.11
|
| |
- Release: 2%{?dist}
|
| |
+ Version: 1.0.6
|
| |
+ Release: 1%{?dist}
|
| |
License: %{?with_unrar:proprietary}%{!?with_unrar:GPLv2}
|
| |
URL: https://www.clamav.net/
|
| |
%if %{with unrar}
|
| |
@@ -46,69 +38,95 @@
|
| |
# tarball was created with update_clamav.sh
|
| |
Source0: %{name}-%{version}%{?prerelease}-norar.tar.xz
|
| |
%endif
|
| |
+ # Multilib headers
|
| |
+ Source1: clamav-types.h
|
| |
#for server
|
| |
Source3: clamd.logrotate
|
| |
Source5: clamd-README
|
| |
- # To download the cvd file run update_clamav.sh 1
|
| |
- # Need file >= 5.33-7 see https://bugzilla.redhat.com/show_bug.cgi?id=1539107
|
| |
+ # To download the *.cvd, go to https://www.clamav.net and use the links
|
| |
+ # there (I renamed the files to add the -version suffix for verifying).
|
| |
+ # Check the first line of the file for version or run file *cvd
|
| |
+ # Attention file < 5.33-7 have bugs see https://bugzilla.redhat.com/show_bug.cgi?id=1539107
|
| |
#http://database.clamav.net/main.cvd
|
| |
Source10: main-62.cvd
|
| |
#http://database.clamav.net/daily.cvd
|
| |
- Source11: daily-27075.cvd
|
| |
+ Source11: daily-27256.cvd
|
| |
#http://database.clamav.net/bytecode.cvd
|
| |
- Source12: bytecode-334.cvd
|
| |
+ Source12: bytecode-335.cvd
|
| |
#for update
|
| |
Source200: freshclam-sleep
|
| |
Source201: freshclam.sysconfig
|
| |
Source202: clamav-update.crond
|
| |
Source203: clamav-update.logrotate
|
| |
#for milter
|
| |
- Source300: README.fedora
|
| |
+ Source300: README.fedora.md
|
| |
#for clamav-milter.systemd
|
| |
Source330: clamav-milter.systemd
|
| |
#for scanner-systemd/server-systemd
|
| |
Source530: clamd@.service
|
| |
|
| |
- # Restore some options removed in 0.100 as deprecated
|
| |
- # Could be dropped in F32 with a note
|
| |
- # https://bugzilla.redhat.com/show_bug.cgi?id=1565381#c1
|
| |
- Patch0: clamav-stats-deprecation.patch
|
| |
+ # Accept RUSTFLAGS
|
| |
+ # https://github.com/Cisco-Talos/clamav/pull/835
|
| |
+ Patch0: clamav-rustflags.patch
|
| |
# Change default config locations for Fedora
|
| |
Patch1: clamav-default_confs.patch
|
| |
# Fix pkg-config flags for static linking, multilib
|
| |
- Patch2: clamav-0.99-private.patch
|
| |
+ Patch2: clamav-private.patch
|
| |
+ # Remove rpath
|
| |
+ Patch3: clamav-rpath.patch
|
| |
# Modify clamav-clamonacc.service for Fedora compatibility
|
| |
Patch5: clamav-clamonacc-service.patch
|
| |
-
|
| |
+ # Allow freshclam service to run if cron.d file is present
|
| |
Patch6: clamav-freshclam.service.patch
|
| |
+ # Debian patch to fix big-endian
|
| |
+ Patch7: https://salsa.debian.org/clamav-team/clamav/-/raw/unstable/debian/patches/libclamav-pe-Use-endian-wrapper-in-more-places.patch
|
| |
|
| |
- BuildRequires: autoconf
|
| |
- BuildRequires: automake
|
| |
+ BuildRequires: cmake3
|
| |
BuildRequires: gettext-devel
|
| |
- BuildRequires: libtool
|
| |
- BuildRequires: libtool-ltdl-devel
|
| |
BuildRequires: make
|
| |
BuildRequires: gcc-c++
|
| |
+ BuildRequires: rust
|
| |
+ %if 0%{?fedora} || 0%{?rhel} >= 9
|
| |
+ BuildRequires: rust-packaging
|
| |
+ %else
|
| |
+ # Undefining the appropriate __cmake*_in_source_build macro causes the
|
| |
+ # build to use a separate build path, so the build does not output to
|
| |
+ # the source path. This separate build path is the default behavior
|
| |
+ # for >=EL9 and fedora.
|
| |
+ %if 0%{?rhel} == 8
|
| |
+ # EL8 defines cmake_in_source_build
|
| |
+ %undefine __cmake_in_source_build
|
| |
+ %else
|
| |
+ # EL7 defines cmake3_in_source_build
|
| |
+ %undefine __cmake3_in_source_build
|
| |
+ %endif
|
| |
+ BuildRequires: rust-toolset
|
| |
+ %endif
|
| |
+ BuildRequires: cargo
|
| |
BuildRequires: bzip2-devel
|
| |
+ BuildRequires: check-devel
|
| |
BuildRequires: curl-devel
|
| |
+ BuildRequires: git-core
|
| |
BuildRequires: gmp-devel
|
| |
BuildRequires: json-c-devel
|
| |
BuildRequires: libprelude-devel
|
| |
# libprelude-config --libs brings in gnutls, pcre
|
| |
# https://bugzilla.redhat.com/show_bug.cgi?id=1830473
|
| |
BuildRequires: gnutls-devel
|
| |
- BuildRequires: pcre2-devel
|
| |
BuildRequires: libxml2-devel
|
| |
BuildRequires: ncurses-devel
|
| |
BuildRequires: openssl-devel
|
| |
BuildRequires: pcre2-devel
|
| |
+ # Explicitly needed on EL8
|
| |
+ BuildRequires: python3
|
| |
+ BuildRequires: python3-pytest
|
| |
BuildRequires: zlib-devel
|
| |
#BuildRequires: %%{_includedir}/tcpd.h
|
| |
BuildRequires: bc
|
| |
BuildRequires: tcl
|
| |
BuildRequires: groff
|
| |
BuildRequires: graphviz
|
| |
- %{?have_ocaml:BuildRequires: ocaml}
|
| |
+ %{?with_ocaml:BuildRequires: ocaml}
|
| |
# nc required for tests
|
| |
BuildRequires: nc
|
| |
%{?systemd_requires}
|
| |
@@ -117,6 +135,9 @@
|
| |
BuildRequires: systemd-rpm-macros
|
| |
#for milter
|
| |
BuildRequires: sendmail-devel
|
| |
+ %ifarch %{valgrind_arches}
|
| |
+ BuildRequires: valgrind
|
| |
+ %endif
|
| |
|
| |
Requires: clamav-filesystem = %{version}-%{release}
|
| |
Requires: clamav-lib = %{version}-%{release}
|
| |
@@ -191,26 +212,24 @@
|
| |
This package contains the documentation for clamav.
|
| |
|
| |
|
| |
- %package update
|
| |
+ %package freshclam
|
| |
Summary: Auto-updater for the Clam Antivirus scanner data-files
|
| |
Requires: clamav-filesystem = %{version}-%{release}
|
| |
Requires: clamav-lib = %{version}-%{release}
|
| |
- %if %{with old_freshclam}
|
| |
- Requires: crontabs
|
| |
- Requires: /etc/cron.d
|
| |
- Requires(post): %{__chown} %{__chmod}
|
| |
+ %if 0%{?fedora} || 0%{?rhel} >= 8
|
| |
+ Supplements:clamd
|
| |
%endif
|
| |
Provides: data(clamav) = empty
|
| |
Provides: clamav-data-empty = %{version}-%{release}
|
| |
Obsoletes: clamav-data-empty < %{version}-%{release}
|
| |
+ Provides: clamav-update = %{version}-%{release}
|
| |
+ Obsoletes: clamav-update < %{version}-%{release}
|
| |
|
| |
- %description update
|
| |
- This package contains programs which can be used to update the clamav
|
| |
- anti-virus database automatically. It uses the freshclam(1) utility for
|
| |
- this task. To activate it use, uncomment the entry in /etc/cron.d/clamav-update.
|
| |
- Use this package when you go updating the virus database regulary and
|
| |
- do not want to download a >160MB sized rpm-package with outdated virus
|
| |
- definitions.
|
| |
+ %description freshclam
|
| |
+ This package contains the freshclam(1) program and clamav-freshclam
|
| |
+ service which can be used to update the clamav anti-virus database
|
| |
+ automatically. Most users should install this package in order to
|
| |
+ keep their definitions up to date.
|
| |
|
| |
|
| |
%package -n clamd
|
| |
@@ -250,15 +269,25 @@
|
| |
|
| |
%prep
|
| |
%setup -q -n %{name}-%{version}%{?prerelease}
|
| |
-
|
| |
- # No longer support deprecated options in F32+ and EL8+
|
| |
- %if (0%{?fedora} && 0%{?fedora} < 32) || (0%{?rhel} && 0%{?rhel} < 8)
|
| |
- %patch -P0 -p1 -b .stats-deprecation
|
| |
+ %if 0%{?fedora} || 0%{?rhel} >= 9
|
| |
+ # EL8 and earlier do not have the Rust cargo dependencies that are
|
| |
+ # defined by the generate_buildrequires stage in EL9 and later, so the
|
| |
+ # vendored packages included in the ClamAV sources suffice.
|
| |
+ sed -i -e '/cbindgen/s/version = *"0.20"/version = "0.24"/' -e '/^bindgen *=/s/= .*/= "0.63"/' libclamav_rust/Cargo.toml
|
| |
+ %cargo_prep
|
| |
+ cd libclamav_rust
|
| |
+ rm -r .cargo
|
| |
+ %cargo_prep
|
| |
+ cd ..
|
| |
%endif
|
| |
+
|
| |
+ %patch -P0 -p1 -b .rustflags
|
| |
%patch -P1 -p1 -b .default_confs
|
| |
%patch -P2 -p1 -b .private
|
| |
+ %patch -P3 -p1 -b .rpath
|
| |
%patch -P5 -p1 -b .clamonacc-service
|
| |
%patch -P6 -p1 -b .freshclam-service
|
| |
+ %patch -P7 -p1 -b .big-endian
|
| |
|
| |
install -p -m0644 %{SOURCE300} clamav-milter/
|
| |
|
| |
@@ -266,47 +295,49 @@
|
| |
%{!?with_unrar:touch libclamunrar/{Makefile.in,all,install}}
|
| |
|
| |
|
| |
+ %if 0%{?fedora} || 0%{?rhel} >= 9
|
| |
+ %generate_buildrequires
|
| |
+ # The generate_buildrequires stage doesn't exist prior to EL9, so this
|
| |
+ # section is conditionally removed in these build environments.
|
| |
+ cd libclamav_rust
|
| |
+ %cargo_generate_buildrequires
|
| |
+ %endif
|
| |
+
|
| |
+
|
| |
%build
|
| |
# add -Wl,--as-needed if not exist
|
| |
export LDFLAGS=$(echo %{?__global_ldflags} | sed '/-Wl,--as-needed/!s/$/ -Wl,--as-needed/')
|
| |
# IPv6 check is buggy and does not work when there are no IPv6 interface on build machine
|
| |
export have_cv_ipv6=yes
|
| |
|
| |
- rm -rf libltdl autom4te.cache Makefile.in
|
| |
- autoreconf -i
|
| |
- %configure \
|
| |
- --enable-milter \
|
| |
- --disable-clamav \
|
| |
- --disable-static \
|
| |
- --disable-zlib-vcheck \
|
| |
- %{!?with_unrar:--disable-unrar} \
|
| |
- --enable-id-check \
|
| |
- --enable-dns \
|
| |
- --with-dbdir=%{homedir} \
|
| |
- --with-group=%{updateuser} \
|
| |
- --with-user=%{updateuser} \
|
| |
- --disable-rpath \
|
| |
- --disable-silent-rules \
|
| |
- --enable-clamdtop \
|
| |
- --enable-prelude \
|
| |
- %{!?with_clamonacc:--disable-clamonacc} \
|
| |
- %{!?with_llvm:--disable-llvm}
|
| |
+ %cmake3 \
|
| |
+ %if 0%{?fedora} || 0%{?rhel} >= 9
|
| |
+ -DRUSTFLAGS="%build_rustflags" \
|
| |
+ %else
|
| |
+ -DRUSTFLAGS="%__global_rustflags" \
|
| |
+ %endif
|
| |
+ -DAPP_CONFIG_DIRECTORY=%{_sysconfdir} \
|
| |
+ -DCMAKE_INSTALL_DOCDIR=%{_pkgdocdir} \
|
| |
+ -DCLAMAV_USER=%{updateuser} -DCLAMAV_GROUP=%{updateuser} \
|
| |
+ -DDATABASE_DIRECTORY=%{homedir} \
|
| |
+ %{!?with_clamonacc:-DENABLE_CLAMONACC=OFF} \
|
| |
+ %{?with_llvm:-DBYTECODE_RUNTIME=llvm -D LLVM_FIND_VERSION="3.6.0"} \
|
| |
+ %{!?with_unrar:-DENABLE_UNRAR=OFF}
|
| |
|
| |
# TODO: check periodically that CLAMAVUSER is used for freshclam only
|
| |
|
| |
- %make_build
|
| |
+ %cmake3_build
|
| |
|
| |
|
| |
%install
|
| |
- %make_install
|
| |
+ rm -rf _doc*
|
| |
+ %cmake3_install
|
| |
|
| |
install -d -m 0755 \
|
| |
%{buildroot}%{_tmpfilesdir} \
|
| |
%{buildroot}%{homedir} \
|
| |
%{buildroot}%{quarantinedir}
|
| |
|
| |
- rm -f %{buildroot}%{_libdir}/*.la
|
| |
-
|
| |
### data
|
| |
install -D -m 0644 -p %{SOURCE10} %{buildroot}%{homedir}/main.cvd
|
| |
install -D -m 0644 -p %{SOURCE11} %{buildroot}%{homedir}/daily.cvd
|
| |
@@ -322,15 +353,6 @@
|
| |
# Can contain HTTPProxyPassword (bugz#1733112)
|
| |
chmod 600 %{buildroot}%{_sysconfdir}/freshclam.conf
|
| |
|
| |
- %if %{with old_freshclam}
|
| |
- install -d -m 0755 %{buildroot}%{_var}/log
|
| |
- install -d -m 0755 %{buildroot}%{_sysconfdir}/logrotate.d
|
| |
- install -D -p -m 0755 %{SOURCE200} %{buildroot}%{_datadir}/%{name}/freshclam-sleep
|
| |
- install -D -p -m 0644 %{SOURCE201} %{buildroot}%{_sysconfdir}/sysconfig/freshclam
|
| |
- install -D -p -m 0600 %{SOURCE202} %{buildroot}%{_sysconfdir}/cron.d/clamav-update
|
| |
- install -D -m 0644 -p %{SOURCE203} %{buildroot}%{_sysconfdir}/logrotate.d/clamav-update
|
| |
- %endif
|
| |
-
|
| |
### The scanner stuff
|
| |
install -D -m 0644 -p %{SOURCE3} _doc_server/clamd.logrotate
|
| |
install -D -m 0644 -p %{SOURCE5} _doc_server/README
|
| |
@@ -381,12 +403,24 @@
|
| |
d %{_rundir}/clamav-milter 0710 %{milteruser} %{milteruser}
|
| |
EOF
|
| |
|
| |
+ #Fixup headers and scripts for multilib
|
| |
+ %if 0%{?__isa_bits} == 64
|
| |
+ mv %{buildroot}%{_includedir}/clamav-types.h \
|
| |
+ %{buildroot}%{_includedir}/clamav-types-64.h
|
| |
+ %else
|
| |
+ mv %{buildroot}%{_includedir}/clamav-types.h \
|
| |
+ %{buildroot}%{_includedir}/clamav-types-32.h
|
| |
+ %endif
|
| |
+ install -m 0644 %SOURCE1 %{buildroot}%{_includedir}/clamav-types.h
|
| |
+
|
| |
# TODO: Evaluate using upstream's unit with clamav-daemon.socket
|
| |
rm %{buildroot}%{_unitdir}/clamav-daemon.*
|
| |
|
| |
|
| |
%check
|
| |
- make check
|
| |
+ %ctest3 -- -E valgrind
|
| |
+ # valgrind tests fail https://github.com/Cisco-Talos/clamav/issues/584
|
| |
+ %ctest3 -- -R valgrind || :
|
| |
|
| |
|
| |
%post
|
| |
@@ -399,6 +433,17 @@
|
| |
%systemd_postun_with_restart clamav-clamonacc.service
|
| |
|
| |
|
| |
+ %post data
|
| |
+ # nullglob. If set, Bash allows filename patterns which match no files to expand to a null string, rather than themselves
|
| |
+ shopt -s nullglob
|
| |
+ # Let newer .cld files take precedence over the shipped .cvd files
|
| |
+ for f in %{homedir}/*.cld
|
| |
+ do
|
| |
+ cvd=${f/.cld/.cvd}
|
| |
+ [ -f $f -a $f -nt $cvd ] && rm -f $cvd || :
|
| |
+ done
|
| |
+
|
| |
+
|
| |
%pre filesystem
|
| |
getent group %{updateuser} >/dev/null || groupadd -r %{updateuser}
|
| |
getent passwd %{updateuser} >/dev/null || \
|
| |
@@ -422,12 +467,6 @@
|
| |
[ -L /etc/systemd/system/multi-user.target.wants/clamd@scan.service ] &&
|
| |
ln -sf /usr/lib/systemd/system/clamd@.service /etc/systemd/system/multi-user.target.wants/clamd@scan.service || :
|
| |
%systemd_post clamd@scan.service
|
| |
- %if 0%{?rhel}
|
| |
- if [ $1 -eq 1 ] && [ -x /usr/bin/systemctl ]; then
|
| |
- # Initial installation
|
| |
- /bin/systemd-tmpfiles --create %{_tmpfilesdir}/clamd.scan.conf
|
| |
- fi
|
| |
- %endif
|
| |
|
| |
%preun -n clamd
|
| |
%systemd_preun clamd@scan.service
|
| |
@@ -451,12 +490,6 @@
|
| |
|
| |
%post milter
|
| |
%systemd_post clamav-milter.service
|
| |
- %if 0%{?rhel}
|
| |
- if [ $1 -eq 1 ] && [ -x /usr/bin/systemctl ]; then
|
| |
- # Initial installation
|
| |
- /bin/systemd-tmpfiles --create %{_tmpfilesdir}/clamav-milter.conf || :
|
| |
- fi
|
| |
- %endif
|
| |
|
| |
%preun milter
|
| |
%systemd_preun clamav-milter.service
|
| |
@@ -464,28 +497,13 @@
|
| |
%postun milter
|
| |
%systemd_postun_with_restart clamav-milter.service
|
| |
|
| |
- %post update
|
| |
- %if %{with old_freshclam}
|
| |
- test -e %{freshclamlog} || {
|
| |
- touch %{freshclamlog}
|
| |
- %{__chmod} 0664 %{freshclamlog}
|
| |
- %{__chown} root:%{updateuser} %{freshclamlog}
|
| |
- ! test -x /sbin/restorecon || /sbin/restorecon %{freshclamlog}
|
| |
- }
|
| |
- #%%else
|
| |
- #if [ $1 -eq 2 ] ; then
|
| |
- # echo "Warning: clamav-update package changed"
|
| |
- # echo "Now we provide clamav-freshclam.service systemd unit instead old scripts and the cron.d entry."
|
| |
- # echo "Unfortunately this may break existing unattended installations."
|
| |
- # echo "Please run 'systemctl enable clamav-freshclam --now' to enable freshclam updates again."
|
| |
- #fi
|
| |
- %endif
|
| |
+ %post freshclam
|
| |
%systemd_post clamav-freshclam.service
|
| |
|
| |
- %preun update
|
| |
+ %preun freshclam
|
| |
%systemd_preun clamav-freshclam.service
|
| |
|
| |
- %postun update
|
| |
+ %postun freshclam
|
| |
%systemd_postun_with_restart clamav-freshclam.service
|
| |
|
| |
%ldconfig_scriptlets lib
|
| |
@@ -514,10 +532,10 @@
|
| |
|
| |
|
| |
%files lib
|
| |
- %{_libdir}/libclamav.so.9*
|
| |
+ %{_libdir}/libclamav.so.11*
|
| |
%{_libdir}/libclammspack.so.0*
|
| |
%if %{with unrar}
|
| |
- %{_libdir}/libclamunrar*.so.9*
|
| |
+ %{_libdir}/libclamunrar*.so.11*
|
| |
%endif
|
| |
|
| |
|
| |
@@ -545,27 +563,22 @@
|
| |
|
| |
%files doc
|
| |
%license COPYING
|
| |
- %doc docs/html
|
| |
+ %{_pkgdocdir}/html/
|
| |
|
| |
|
| |
- %files update
|
| |
+ %files freshclam
|
| |
%{_bindir}/freshclam
|
| |
%{_libdir}/libfreshclam.so.2*
|
| |
%{_mandir}/*/freshclam*
|
| |
%{_unitdir}/clamav-freshclam.service
|
| |
%config(noreplace) %verify(not mtime) %{_sysconfdir}/freshclam.conf
|
| |
- %if %{with old_freshclam}
|
| |
- %{_datadir}/%{name}/freshclam-sleep
|
| |
- %config(noreplace) %{_sysconfdir}/cron.d/clamav-update
|
| |
- %config(noreplace) %{_sysconfdir}/sysconfig/freshclam
|
| |
- %config(noreplace) %verify(not mtime) %{_sysconfdir}/logrotate.d/*
|
| |
- # freshclamlog file is created in post
|
| |
- %ghost %attr(0664,root,%{updateuser}) %verify(not size md5 mtime) %{freshclamlog}
|
| |
- %endif
|
| |
- %ghost %attr(0644,%{updateuser},%{updateuser}) %{homedir}/main.cvd
|
| |
+ %ghost %attr(0644,%{updateuser},%{updateuser}) %{homedir}/bytecode.cld
|
| |
+ %ghost %attr(0644,%{updateuser},%{updateuser}) %{homedir}/bytecode.cvd
|
| |
%ghost %attr(0644,%{updateuser},%{updateuser}) %{homedir}/freshclam.dat
|
| |
%ghost %attr(0644,%{updateuser},%{updateuser}) %{homedir}/daily.cld
|
| |
- %ghost %attr(0644,%{updateuser},%{updateuser}) %{homedir}/bytecode.cld
|
| |
+ %ghost %attr(0644,%{updateuser},%{updateuser}) %{homedir}/daily.cvd
|
| |
+ %ghost %attr(0644,%{updateuser},%{updateuser}) %{homedir}/main.cld
|
| |
+ %ghost %attr(0644,%{updateuser},%{updateuser}) %{homedir}/main.cvd
|
| |
|
| |
|
| |
%files -n clamd
|
| |
@@ -578,7 +591,7 @@
|
| |
|
| |
|
| |
%files milter
|
| |
- %doc clamav-milter/README.fedora
|
| |
+ %doc clamav-milter/README.fedora.md
|
| |
%{_sbindir}/*milter*
|
| |
%{_unitdir}/clamav-milter.service
|
| |
%{_mandir}/man8/clamav-milter*
|
| |