diff --git a/clamav-default_confs.patch b/clamav-default_confs.patch index 97bbc10..5b06f9e 100644 --- a/clamav-default_confs.patch +++ b/clamav-default_confs.patch @@ -1,6 +1,6 @@ -diff -up clamav-0.103.0/clamconf/clamconf.c.default_confs clamav-0.103.0/clamconf/clamconf.c ---- clamav-0.103.0/clamconf/clamconf.c.default_confs 2020-09-12 18:27:09.000000000 -0600 -+++ clamav-0.103.0/clamconf/clamconf.c 2020-09-17 22:00:20.792879792 -0600 +diff -up clamav-0.104.3/clamconf/clamconf.c.default_confs clamav-0.104.3/clamconf/clamconf.c +--- clamav-0.104.3/clamconf/clamconf.c.default_confs 2022-05-02 00:24:50.000000000 -0600 ++++ clamav-0.104.3/clamconf/clamconf.c 2022-05-12 22:04:42.883348923 -0600 @@ -63,9 +63,9 @@ static struct _cfgfile { const char *name; int tool; @@ -13,66 +13,66 @@ diff -up clamav-0.103.0/clamconf/clamconf.c.default_confs clamav-0.103.0/clamcon {NULL, 0}}; static void printopts(struct optstruct *opts, int nondef) -diff -up clamav-0.103.0/docs/man/clamav-milter.8.in.default_confs clamav-0.103.0/docs/man/clamav-milter.8.in ---- clamav-0.103.0/docs/man/clamav-milter.8.in.default_confs 2020-09-12 18:27:09.000000000 -0600 -+++ clamav-0.103.0/docs/man/clamav-milter.8.in 2020-09-17 22:00:20.793879800 -0600 +diff -up clamav-0.104.3/docs/man/clamav-milter.8.in.default_confs clamav-0.104.3/docs/man/clamav-milter.8.in +--- clamav-0.104.3/docs/man/clamav-milter.8.in.default_confs 2022-05-12 22:04:42.885348940 -0600 ++++ clamav-0.104.3/docs/man/clamav-milter.8.in 2022-05-12 22:05:25.031719791 -0600 @@ -27,7 +27,7 @@ Print the version number and exit. Read configuration from FILE. .SH "FILES" - .LP --@CFGDIR@/clamav-milter.conf -+@CFGDIR@/mail/clamav-milter.conf + .LP +-@CONFDIR@/clamav-milter.conf ++@CONFDIR@/mail/clamav-milter.conf .SH "AUTHOR" - .LP + .LP aCaB -diff -up clamav-0.103.0/docs/man/clamav-milter.conf.5.in.default_confs clamav-0.103.0/docs/man/clamav-milter.conf.5.in ---- clamav-0.103.0/docs/man/clamav-milter.conf.5.in.default_confs 2020-09-12 18:27:09.000000000 -0600 -+++ clamav-0.103.0/docs/man/clamav-milter.conf.5.in 2020-09-17 22:00:20.794879808 -0600 +diff -up clamav-0.104.3/docs/man/clamav-milter.conf.5.in.default_confs clamav-0.104.3/docs/man/clamav-milter.conf.5.in +--- clamav-0.104.3/docs/man/clamav-milter.conf.5.in.default_confs 2022-05-12 22:04:42.887348958 -0600 ++++ clamav-0.104.3/docs/man/clamav-milter.conf.5.in 2022-05-12 22:05:48.834929418 -0600 @@ -239,7 +239,7 @@ Default: no All options expressing a size are limited to max 4GB. Values in excess will be reset to the maximum. .SH "FILES" - .LP --@CFGDIR@/clamav-milter.conf -+@CFGDIR@/mail/clamav-milter.conf + .LP +-@CONFDIR@/clamav-milter.conf ++@CONFDIR@/mail/clamav-milter.conf .SH "AUTHOR" - .LP + .LP aCaB -diff -up clamav-0.103.0/docs/man/clamd.8.in.default_confs clamav-0.103.0/docs/man/clamd.8.in ---- clamav-0.103.0/docs/man/clamd.8.in.default_confs 2020-09-12 18:27:09.000000000 -0600 -+++ clamav-0.103.0/docs/man/clamd.8.in 2020-09-17 22:00:20.794879808 -0600 +diff -up clamav-0.104.3/docs/man/clamd.8.in.default_confs clamav-0.104.3/docs/man/clamd.8.in +--- clamav-0.104.3/docs/man/clamd.8.in.default_confs 2022-05-12 22:04:42.888348967 -0600 ++++ clamav-0.104.3/docs/man/clamd.8.in 2022-05-12 22:07:01.657570942 -0600 @@ -7,7 +7,7 @@ clamd \- an anti\-virus daemon clamd [options] .SH "DESCRIPTION" - .LP --The daemon listens for incoming connections on Unix and/or TCP socket and scans files or directories on demand. It reads the configuration from @CFGDIR@/clamd.conf -+The daemon listens for incoming connections on Unix and/or TCP socket and scans files or directories on demand. It reads the configuration from @CFGDIR@/clamd.d/scan.conf + .LP +-The daemon listens for incoming connections on Unix and/or TCP socket and scans files or directories on demand. It reads the configuration from @CONFDIR@/clamd.conf ++The daemon listens for incoming connections on Unix and/or TCP socket and scans files or directories on demand. It reads the configuration from @CONFDIR@/clamd.d/scan.conf .SH "COMMANDS" - .LP + .LP It's recommended to prefix clamd commands with the letter \fBz\fR (eg. zSCAN) to indicate that the command will be delimited by a NULL character and that clamd should continue reading command data until a NULL character is read. The null delimiter assures that the complete command and its entire argument will be processed as a single command. Alternatively commands may be prefixed with the letter \fBn\fR (e.g. nSCAN) to use a newline character as the delimiter. Clamd replies will honour the requested terminator in turn. -@@ -125,7 +125,7 @@ Reload the signature databases. +@@ -133,7 +133,7 @@ Reload the signature databases. Perform a clean exit. .SH "FILES" - .LP --@CFGDIR@/clamd.conf -+@CFGDIR@/clamd.d/scan.conf + .LP +-@CONFDIR@/clamd.conf ++@CONFDIR@/clamd.d/scan.conf .SH "CREDITS" Please check the full documentation for credits. .SH "AUTHOR" -diff -up clamav-0.103.0/docs/man/clamd.conf.5.in.default_confs clamav-0.103.0/docs/man/clamd.conf.5.in ---- clamav-0.103.0/docs/man/clamd.conf.5.in.default_confs 2020-09-17 22:00:20.795879816 -0600 -+++ clamav-0.103.0/docs/man/clamd.conf.5.in 2020-09-17 22:01:21.414353121 -0600 -@@ -759,7 +759,7 @@ Default: no +diff -up clamav-0.104.3/docs/man/clamd.conf.5.in.default_confs clamav-0.104.3/docs/man/clamd.conf.5.in +--- clamav-0.104.3/docs/man/clamd.conf.5.in.default_confs 2022-05-12 22:04:42.889348976 -0600 ++++ clamav-0.104.3/docs/man/clamd.conf.5.in 2022-05-12 22:06:21.800219822 -0600 +@@ -765,7 +765,7 @@ Default: no All options expressing a size are limited to max 4GB. Values in excess will be reset to the maximum. .SH "FILES" .LP --@CFGDIR@/clamd.conf -+@CFGDIR@/clamd.d/scan.conf +-@CONFDIR@/clamd.conf ++@CONFDIR@/clamd.d/scan.conf .SH "AUTHORS" .LP Tomasz Kojm , Kevin Lin -diff -up clamav-0.103.0/platform.h.in.default_confs clamav-0.103.0/platform.h.in ---- clamav-0.103.0/platform.h.in.default_confs 2020-09-17 22:00:20.796879824 -0600 -+++ clamav-0.103.0/platform.h.in 2020-09-17 22:01:56.842629739 -0600 +diff -up clamav-0.104.3/platform.h.in.default_confs clamav-0.104.3/platform.h.in +--- clamav-0.104.3/platform.h.in.default_confs 2022-05-02 00:24:50.000000000 -0600 ++++ clamav-0.104.3/platform.h.in 2022-05-12 22:04:42.891348993 -0600 @@ -112,9 +112,9 @@ typedef unsigned int in_addr_t; #endif diff --git a/clamav-freshclam.service.patch b/clamav-freshclam.service.patch index 2c29f03..24295ce 100644 --- a/clamav-freshclam.service.patch +++ b/clamav-freshclam.service.patch @@ -1,17 +1,12 @@ ---- ./freshclam/clamav-freshclam.service.in.orig 2021-06-14 10:36:39.029730737 +0100 -+++ ./freshclam/clamav-freshclam.service.in 2021-06-14 10:37:53.621423748 +0100 -@@ -2,13 +2,12 @@ +diff -up clamav-0.104.3/freshclam/clamav-freshclam.service.in.freshclam-service clamav-0.104.3/freshclam/clamav-freshclam.service.in +--- clamav-0.104.3/freshclam/clamav-freshclam.service.in.freshclam-service 2022-05-12 22:07:25.472780737 -0600 ++++ clamav-0.104.3/freshclam/clamav-freshclam.service.in 2022-05-12 22:08:06.280140224 -0600 +@@ -2,7 +2,7 @@ Description=ClamAV virus database updater Documentation=man:freshclam(1) man:freshclam.conf(5) https://docs.clamav.net/ # If user wants it run from cron, don't start the daemon. -ConditionPathExists=!/etc/cron.d/clamav-freshclam -+# ConditionPathExists=!/etc/cron.d/clamav-update ++# ConditionPathExists=!/etc/cron.d/clamav-freshclam Wants=network-online.target After=network-online.target - [Service] - ExecStart=@prefix@/bin/freshclam -d --foreground=true --StandardOutput=syslog - - [Install] - WantedBy=multi-user.target diff --git a/clamav-rpath.patch b/clamav-rpath.patch new file mode 100644 index 0000000..b55cab9 --- /dev/null +++ b/clamav-rpath.patch @@ -0,0 +1,18 @@ +diff -up clamav-1.0.0/CMakeLists.txt.rpath clamav-1.0.0/CMakeLists.txt +--- clamav-1.0.0/CMakeLists.txt.rpath 2023-01-15 22:04:58.217120124 -0700 ++++ clamav-1.0.0/CMakeLists.txt 2023-01-15 22:05:57.121818812 -0700 +@@ -180,14 +180,6 @@ endif() + + include(GNUInstallDirs) + +-if (NOT DEFINED CMAKE_INSTALL_RPATH) +- if(CMAKE_INSTALL_FULL_LIBDIR) +- set(CMAKE_INSTALL_RPATH "${CMAKE_INSTALL_FULL_LIBDIR}") +- else() +- set(CMAKE_INSTALL_RPATH "${CMAKE_INSTALL_PREFIX}/lib") +- endif() +-endif() +- + if("${CMAKE_CXX_COMPILER_ID}" MATCHES "Clang") + set(USING_CLANG ON) + else() diff --git a/clamav-stats-deprecation.patch b/clamav-stats-deprecation.patch deleted file mode 100644 index a12f138..0000000 --- a/clamav-stats-deprecation.patch +++ /dev/null @@ -1,17 +0,0 @@ -diff -up clamav-0.102.0/shared/optparser.c.stats-deprecation clamav-0.102.0/shared/optparser.c ---- clamav-0.102.0/shared/optparser.c.stats-deprecation 2019-10-10 21:55:31.245995091 -0600 -+++ clamav-0.102.0/shared/optparser.c 2019-10-11 20:40:04.580067432 -0600 -@@ -524,6 +524,13 @@ const struct clam_option __clam_options[ - {"ArchiveLimitMemoryUsage", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, -1, NULL, 0, OPT_CLAMD | OPT_DEPRECATED, "", ""}, - {"MailFollowURLs", "mail-follow-urls", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, -1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN | OPT_DEPRECATED, "", ""}, - {"AllowSupplementaryGroups", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_MILTER | OPT_DEPRECATED, "Initialize a supplementary group access (the process must be started by root).", "no"}, -+ {"StatsHostID", "stats-host-id", 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_CLAMD | OPT_CLAMSCAN | OPT_DEPRECATED, "", "" }, -+ {"StatsEnabled", "enable-stats", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_CLAMSCAN | OPT_DEPRECATED, "", ""}, -+ {"StatsPEDisabled", "disable-pe-stats", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN | OPT_DEPRECATED, "", ""}, -+ {"StatsTimeout", "stats-timeout", 0, CLOPT_TYPE_NUMBER, MATCH_NUMBER, -1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN | OPT_FRESHCLAM | OPT_DEPRECATED, "", ""}, -+ {"SubmitDetectionStats", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_DEPRECATED, "", ""}, -+ {"DetectionStatsCountry", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_DEPRECATED, "", ""}, -+ {"DetectionStatsHostID", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_DEPRECATED, "", ""}, - {"ScanOnAccess", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, -1, NULL, 0, OPT_CLAMD | OPT_DEPRECATED, "", ""}, - - /* Milter specific options */ diff --git a/clamav.spec b/clamav.spec index 835e625..7b9f6b9 100644 --- a/clamav.spec +++ b/clamav.spec @@ -1,21 +1,12 @@ -#global prerelease rc1 +#global prerelease -rc2 %global _hardened_build 1 ## Fedora specific customization below... %bcond_without clamonacc %bcond_with unrar -%ifnarch ppc64 -%bcond_without llvm -%else -%bcond_with llvm -%endif - -%if 0%{?fedora} || 0%{?rhel} >= 8 -%bcond_with old_freshclam -%else -%bcond_without old_freshclam -%endif +# Failing with llvm 14 https://github.com/Cisco-Talos/clamav/issues/581 +%bcond_with llvm %ifnarch s390 s390x %global have_ocaml 1 @@ -33,8 +24,8 @@ Summary: End-user tools for the Clam Antivirus scanner Name: clamav -Version: 0.103.7 -Release: 5%{?dist} +Version: 1.0.0 +Release: 1%{?dist} License: %{?with_unrar:proprietary}%{!?with_unrar:GPLv2} URL: https://www.clamav.net/ %if %{with unrar} @@ -56,7 +47,7 @@ Source5: clamd-README #http://database.clamav.net/main.cvd Source10: main-62.cvd #http://database.clamav.net/daily.cvd -Source11: daily-26614.cvd +Source11: daily-26722.cvd #http://database.clamav.net/bytecode.cvd Source12: bytecode-333.cvd #for update @@ -71,39 +62,43 @@ Source330: clamav-milter.systemd #for scanner-systemd/server-systemd Source530: clamd@.service -# Restore some options removed in 0.100 as deprecated -# Could be dropped in F32 with a note -# https://bugzilla.redhat.com/show_bug.cgi?id=1565381#c1 -Patch0: clamav-stats-deprecation.patch # Change default config locations for Fedora Patch1: clamav-default_confs.patch # Fix pkg-config flags for static linking, multilib Patch2: clamav-0.99-private.patch +# Remove rpath +Patch3: clamav-rpath.patch # Modify clamav-clamonacc.service for Fedora compatibility Patch5: clamav-clamonacc-service.patch - +# Allow freshclam service to run if cron.d file is present Patch6: clamav-freshclam.service.patch +# Debian patch to fix big-endian +Patch7: https://salsa.debian.org/clamav-team/clamav/-/raw/unstable/debian/patches/libclamav-pe-Use-endian-wrapper-in-more-places.patch -BuildRequires: autoconf -BuildRequires: automake +BuildRequires: cmake BuildRequires: gettext-devel -BuildRequires: libtool -BuildRequires: libtool-ltdl-devel BuildRequires: make BuildRequires: gcc-c++ +BuildRequires: rust +BuildRequires: rust-packaging +BuildRequires: cargo BuildRequires: bzip2-devel +BuildRequires: check-devel BuildRequires: curl-devel +BuildRequires: git-core BuildRequires: gmp-devel BuildRequires: json-c-devel BuildRequires: libprelude-devel # libprelude-config --libs brings in gnutls, pcre # https://bugzilla.redhat.com/show_bug.cgi?id=1830473 BuildRequires: gnutls-devel -BuildRequires: pcre2-devel BuildRequires: libxml2-devel BuildRequires: ncurses-devel BuildRequires: openssl-devel BuildRequires: pcre2-devel +# Explicitly needed on EL8 +BuildRequires: python3 +BuildRequires: python3-pytest BuildRequires: zlib-devel #BuildRequires: %%{_includedir}/tcpd.h BuildRequires: bc @@ -119,6 +114,7 @@ BuildRequires: systemd-devel BuildRequires: systemd-rpm-macros #for milter BuildRequires: sendmail-devel +BuildRequires: valgrind Requires: clamav-filesystem = %{version}-%{release} Requires: clamav-lib = %{version}-%{release} @@ -197,11 +193,6 @@ This package contains the documentation for clamav. Summary: Auto-updater for the Clam Antivirus scanner data-files Requires: clamav-filesystem = %{version}-%{release} Requires: clamav-lib = %{version}-%{release} -%if %{with old_freshclam} -Requires: crontabs -Requires: /etc/cron.d -Requires(post): %{__chown} %{__chmod} -%endif Provides: data(clamav) = empty Provides: clamav-data-empty = %{version}-%{release} Obsoletes: clamav-data-empty < %{version}-%{release} @@ -252,15 +243,19 @@ This package contains files which are needed to run the clamav-milter. %prep %setup -q -n %{name}-%{version}%{?prerelease} +sed -i -e 's/cbindgen = "0.20"/cbindgen = "0.24"/' libclamav_rust/Cargo.toml +%cargo_prep +cd libclamav_rust +rm -r .cargo +%cargo_prep +cd .. -# No longer support deprecated options in F32+ and EL8+ -%if (0%{?fedora} && 0%{?fedora} < 32) || (0%{?rhel} && 0%{?rhel} < 8) -%patch0 -p1 -b .stats-deprecation -%endif %patch1 -p1 -b .default_confs %patch2 -p1 -b .private +%patch3 -p1 -b .rpath %patch5 -p1 -b .clamonacc-service %patch6 -p1 -b .freshclam-service +%patch7 -p1 -b .big-endian install -p -m0644 %{SOURCE300} clamav-milter/ @@ -268,47 +263,40 @@ mkdir -p libclamunrar{,_iface} %{!?with_unrar:touch libclamunrar/{Makefile.in,all,install}} +%generate_buildrequires +cd libclamav_rust +%cargo_generate_buildrequires + + %build # add -Wl,--as-needed if not exist export LDFLAGS=$(echo %{?__global_ldflags} | sed '/-Wl,--as-needed/!s/$/ -Wl,--as-needed/') # IPv6 check is buggy and does not work when there are no IPv6 interface on build machine export have_cv_ipv6=yes -rm -rf libltdl autom4te.cache Makefile.in -autoreconf -i -%configure \ - --enable-milter \ - --disable-clamav \ - --disable-static \ - --disable-zlib-vcheck \ - %{!?with_unrar:--disable-unrar} \ - --enable-id-check \ - --enable-dns \ - --with-dbdir=%{homedir} \ - --with-group=%{updateuser} \ - --with-user=%{updateuser} \ - --disable-rpath \ - --disable-silent-rules \ - --enable-clamdtop \ - --enable-prelude \ - %{!?with_clamonacc:--disable-clamonacc} \ - %{!?with_llvm:--disable-llvm} +%cmake \ + -DAPP_CONFIG_DIRECTORY=%{_sysconfdir} \ + -DCMAKE_INSTALL_DOCDIR=%{_pkgdocdir} \ + -DCLAMAV_USER=%{updateuser} -DCLAMAV_GROUP=%{updateuser} \ + -DDATABASE_DIRECTORY=%{homedir} \ + %{!?with_clamonacc:-DENABLE_CLAMONACC=OFF} \ + %{?with_llvm:-DBYTECODE_RUNTIME=llvm -D LLVM_FIND_VERSION="3.6.0"} \ + %{!?with_unrar:-DENABLE_UNRAR=OFF} # TODO: check periodically that CLAMAVUSER is used for freshclam only -%make_build +%cmake_build %install -%make_install +rm -rf _doc* +%cmake_install install -d -m 0755 \ %{buildroot}%{_tmpfilesdir} \ %{buildroot}%{homedir} \ %{buildroot}%{quarantinedir} -rm -f %{buildroot}%{_libdir}/*.la - ### data install -D -m 0644 -p %{SOURCE10} %{buildroot}%{homedir}/main.cvd install -D -m 0644 -p %{SOURCE11} %{buildroot}%{homedir}/daily.cvd @@ -324,15 +312,6 @@ mv %{buildroot}%{_sysconfdir}/freshclam.conf{.sample,} # Can contain HTTPProxyPassword (bugz#1733112) chmod 600 %{buildroot}%{_sysconfdir}/freshclam.conf -%if %{with old_freshclam} -install -d -m 0755 %{buildroot}%{_var}/log -install -d -m 0755 %{buildroot}%{_sysconfdir}/logrotate.d -install -D -p -m 0755 %{SOURCE200} %{buildroot}%{_datadir}/%{name}/freshclam-sleep -install -D -p -m 0644 %{SOURCE201} %{buildroot}%{_sysconfdir}/sysconfig/freshclam -install -D -p -m 0600 %{SOURCE202} %{buildroot}%{_sysconfdir}/cron.d/clamav-update -install -D -m 0644 -p %{SOURCE203} %{buildroot}%{_sysconfdir}/logrotate.d/clamav-update -%endif - ### The scanner stuff install -D -m 0644 -p %{SOURCE3} _doc_server/clamd.logrotate install -D -m 0644 -p %{SOURCE5} _doc_server/README @@ -388,7 +367,9 @@ rm %{buildroot}%{_unitdir}/clamav-daemon.* %check -make check +%ctest3 -- -E valgrind +# valgrind tests fail https://github.com/Cisco-Talos/clamav/issues/584 +%ctest3 -- -R valgrind || : %post @@ -424,12 +405,6 @@ exit 0 [ -L /etc/systemd/system/multi-user.target.wants/clamd@scan.service ] && ln -sf /usr/lib/systemd/system/clamd@.service /etc/systemd/system/multi-user.target.wants/clamd@scan.service || : %systemd_post clamd@scan.service -%if 0%{?rhel} -if [ $1 -eq 1 ] && [ -x /usr/bin/systemctl ]; then -# Initial installation -/bin/systemd-tmpfiles --create %{_tmpfilesdir}/clamd.scan.conf -fi -%endif %preun -n clamd %systemd_preun clamd@scan.service @@ -453,12 +428,6 @@ exit 0 %post milter %systemd_post clamav-milter.service -%if 0%{?rhel} -if [ $1 -eq 1 ] && [ -x /usr/bin/systemctl ]; then -# Initial installation -/bin/systemd-tmpfiles --create %{_tmpfilesdir}/clamav-milter.conf || : -fi -%endif %preun milter %systemd_preun clamav-milter.service @@ -467,21 +436,6 @@ fi %systemd_postun_with_restart clamav-milter.service %post update -%if %{with old_freshclam} -test -e %{freshclamlog} || { - touch %{freshclamlog} - %{__chmod} 0664 %{freshclamlog} - %{__chown} root:%{updateuser} %{freshclamlog} - ! test -x /sbin/restorecon || /sbin/restorecon %{freshclamlog} -} -#%%else -#if [ $1 -eq 2 ] ; then -# echo "Warning: clamav-update package changed" -# echo "Now we provide clamav-freshclam.service systemd unit instead old scripts and the cron.d entry." -# echo "Unfortunately this may break existing unattended installations." -# echo "Please run 'systemctl enable clamav-freshclam --now' to enable freshclam updates again." -#fi -%endif %systemd_post clamav-freshclam.service %preun update @@ -513,13 +467,14 @@ test -e %{freshclamlog} || { %{_unitdir}/clamonacc.service %{_unitdir}/clamav-clamonacc.service %attr(0750,root,root) %dir %{quarantinedir} +%{_pkgdocdir}/html/ %files lib -%{_libdir}/libclamav.so.9* +%{_libdir}/libclamav.so.11* %{_libdir}/libclammspack.so.0* %if %{with unrar} -%{_libdir}/libclamunrar*.so.9* +%{_libdir}/libclamunrar*.so.11* %endif @@ -556,14 +511,6 @@ test -e %{freshclamlog} || { %{_mandir}/*/freshclam* %{_unitdir}/clamav-freshclam.service %config(noreplace) %verify(not mtime) %{_sysconfdir}/freshclam.conf -%if %{with old_freshclam} -%{_datadir}/%{name}/freshclam-sleep -%config(noreplace) %{_sysconfdir}/cron.d/clamav-update -%config(noreplace) %{_sysconfdir}/sysconfig/freshclam -%config(noreplace) %verify(not mtime) %{_sysconfdir}/logrotate.d/* -# freshclamlog file is created in post -%ghost %attr(0664,root,%{updateuser}) %verify(not size md5 mtime) %{freshclamlog} -%endif %ghost %attr(0644,%{updateuser},%{updateuser}) %{homedir}/main.cvd %ghost %attr(0644,%{updateuser},%{updateuser}) %{homedir}/freshclam.dat %ghost %attr(0644,%{updateuser},%{updateuser}) %{homedir}/daily.cld @@ -590,6 +537,9 @@ test -e %{freshclamlog} || { %changelog +* Sun Jan 22 2023 Orion Poplawski - 1.0.0-1 +- Update to 1.0.0 + * Wed Jan 18 2023 Fedora Release Engineering - 0.103.7-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild diff --git a/libclamav-pe-Use-endian-wrapper-in-more-places.patch b/libclamav-pe-Use-endian-wrapper-in-more-places.patch new file mode 100644 index 0000000..3053713 --- /dev/null +++ b/libclamav-pe-Use-endian-wrapper-in-more-places.patch @@ -0,0 +1,91 @@ +From 5a7b1cdfadc980fb1c4fa32e6275e7c96a963110 Mon Sep 17 00:00:00 2001 +From: Sebastian Andrzej Siewior +Date: Fri, 6 Jan 2023 21:42:30 +0100 +Subject: libclamav/pe: Use endian wrapper in more places. + +A few user of VirtualAddress and Size in cli_exe_info::pe_image_data_dir +don't use the endian wrapper while other places do. This leads to +testsuite failures on big endian machines. + +Use the endian wrapper in all places across pe.c for the two members. + +Patch-Name: libclamav-pe-Use-endian-wrapper-in-more-places.patch +Signed-off-by: Sebastian Andrzej Siewior +--- + libclamav/pe.c | 18 +++++++++--------- + 1 file changed, 9 insertions(+), 9 deletions(-) + +diff --git a/libclamav/pe.c b/libclamav/pe.c +index f5dcea9..19cd2d4 100644 +--- a/libclamav/pe.c ++++ b/libclamav/pe.c +@@ -2422,22 +2422,22 @@ static cl_error_t hash_imptbl(cli_ctx *ctx, unsigned char **digest, uint32_t *im + + /* If the PE doesn't have an import table then skip it. This is an + * uncommon case but can happen. */ +- if (peinfo->dirs[1].VirtualAddress == 0 || peinfo->dirs[1].Size == 0) { ++ if (EC32(peinfo->dirs[1].VirtualAddress) == 0 || EC32(peinfo->dirs[1].Size) == 0) { + cli_dbgmsg("scan_pe: import table data dir does not exist (skipping .imp scanning)\n"); + status = CL_BREAK; + goto done; + } + + // TODO Add EC32 wrappers +- impoff = cli_rawaddr(peinfo->dirs[1].VirtualAddress, peinfo->sections, peinfo->nsections, &err, fsize, peinfo->hdr_size); +- if (err || impoff + peinfo->dirs[1].Size > fsize) { ++ impoff = cli_rawaddr(EC32(peinfo->dirs[1].VirtualAddress), peinfo->sections, peinfo->nsections, &err, fsize, peinfo->hdr_size); ++ if (err || impoff + EC32(peinfo->dirs[1].Size) > fsize) { + cli_dbgmsg("scan_pe: invalid rva for import table data\n"); + status = CL_BREAK; + goto done; + } + + // TODO Add EC32 wrapper +- impdes = (const struct pe_image_import_descriptor *)fmap_need_off(map, impoff, peinfo->dirs[1].Size); ++ impdes = (const struct pe_image_import_descriptor *)fmap_need_off(map, impoff, EC32(peinfo->dirs[1].Size)); + if (impdes == NULL) { + cli_dbgmsg("scan_pe: failed to acquire fmap buffer\n"); + status = CL_EREAD; +@@ -2447,7 +2447,7 @@ static cl_error_t hash_imptbl(cli_ctx *ctx, unsigned char **digest, uint32_t *im + + /* Safety: We can trust peinfo->dirs[1].Size only because `fmap_need_off()` (above) + * would have failed if the size exceeds the end of the fmap. */ +- left = peinfo->dirs[1].Size; ++ left = EC32(peinfo->dirs[1].Size); + + if (genhash[CLI_HASH_MD5]) { + hashctx[CLI_HASH_MD5] = cl_hash_init("md5"); +@@ -2546,7 +2546,7 @@ static cl_error_t hash_imptbl(cli_ctx *ctx, unsigned char **digest, uint32_t *im + + done: + if (needed_impoff) { +- fmap_unneed_off(map, impoff, peinfo->dirs[1].Size); ++ fmap_unneed_off(map, impoff, EC32(peinfo->dirs[1].Size)); + } + + for (type = CLI_HASH_MD5; type < CLI_HASH_AVAIL_TYPES; type++) { +@@ -3250,7 +3250,7 @@ int cli_scanpe(cli_ctx *ctx) + + /* Trojan.Swizzor.Gen */ + if (SCAN_HEURISTICS && (DCONF & PE_CONF_SWIZZOR) && peinfo->nsections > 1 && fsize > 64 * 1024 && fsize < 4 * 1024 * 1024) { +- if (peinfo->dirs[2].Size) { ++ if (EC32(peinfo->dirs[2].Size)) { + struct swizz_stats *stats = cli_calloc(1, sizeof(*stats)); + unsigned int m = 1000; + ret = CL_CLEAN; +@@ -5292,13 +5292,13 @@ cl_error_t cli_peheader(fmap_t *map, struct cli_exe_info *peinfo, uint32_t opts, + cli_dbgmsg("EntryPoint offset: 0x%x (%d)\n", peinfo->ep, peinfo->ep); + } + +- if (is_dll || peinfo->ndatadirs < 3 || !peinfo->dirs[2].Size) ++ if (is_dll || peinfo->ndatadirs < 3 || !EC32(peinfo->dirs[2].Size)) + peinfo->res_addr = 0; + else + peinfo->res_addr = EC32(peinfo->dirs[2].VirtualAddress); + + while (opts & CLI_PEHEADER_OPT_EXTRACT_VINFO && +- peinfo->ndatadirs >= 3 && peinfo->dirs[2].Size) { ++ peinfo->ndatadirs >= 3 && EC32(peinfo->dirs[2].Size)) { + struct vinfo_list vlist; + const uint8_t *vptr, *baseptr; + uint32_t rva, res_sz; diff --git a/sources b/sources index e3f709f..8a98297 100644 --- a/sources +++ b/sources @@ -1,4 +1,4 @@ -SHA512 (clamav-0.103.7-norar.tar.xz) = 496ba3b2a72ecb534c55bc11a9f050b201da8475b54cfdfb67e559f8e075b8f3d03c58f9bd3a27909985cc563b69f37ca879d9fe596d87ce35a704d48623c5db +SHA512 (clamav-1.0.0-norar.tar.xz) = 9acae4fb4041b3e482b2cca72e3d2993c90621bc11f3e7d2dc30aa10e2a0dcee4f30163632fa21887a5faa8cbc59a1e6e71f1457af49b542a844215dfeccaad4 SHA512 (main-62.cvd) = b52e5d9ecacbd9b11c3b0cc460388746fccb353a7520522ed15ee25f645a432bed5be7e6b38512f134f085eb9be76a1e26c19de8b09491d4ec46da8c5afc318e -SHA512 (daily-26614.cvd) = 918b4601bf62c9c4ac13e96f39b25121e3b3ade79482081dbf13f6e6d9f9f3ad38a22acdec7e9c44062ed84ef9bb5b40e4c8dc0af766afd0632bb0ba934a1dec +SHA512 (daily-26722.cvd) = 303307664fb9f245444e472f46acbb80d840a45998a892a9d04405fb15d4d85c96a4aa52b7107005626684ca6ca77a33044248af612ab50c1cfdda1a8d27fb25 SHA512 (bytecode-333.cvd) = 895c41266b9bc332f3a00c9267907251ad32abe3a5bff7584285e087430fe0dd7343e4ac0245308f3734d971d6ecb5656fd9ce6caf0fa24f9da7a41a96bc4d07 diff --git a/update_clamav.sh b/update_clamav.sh index b3e5b31..274d019 100755 --- a/update_clamav.sh +++ b/update_clamav.sh @@ -1,5 +1,5 @@ -VERSION=0.103.7 -REPOS="f36 f35 epel9 epel8 epel7" +VERSION=1.0.0 +REPOS="n" if [ -z "$1" ] then