clamav/clamav.spec

#
# spec file for package clamav (Version 0.91)
#
# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
# package are under the same license as the package itself.
#
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#

# norootforbuild

Name:           clamav
%if 0%{?suse_version} >= 1010 || 0%{!?suse_version:1}
BuildRequires:  bc gmp-devel pkgconfig tcpd-devel
%endif
%if 0%{?suse_version} > 1020
BuildRequires:  pwdutils
%endif
Summary:        Antivirus Toolkit
Version:        0.91
Release:        1
License:        GPL v2 or later
Group:          Productivity/Security
URL:            http://www.clamav.net
Requires:       latex2html-pngicons
Obsoletes:      clamav-db < 0.88.3
Prereq:         %_sbindir/groupadd %_sbindir/useradd /usr/bin/awk /bin/sed
Source0:        %{name}-%{version}.tar.bz2
Source1:        clamav-rcclamd
Source2:        clamav-rcfreshclam
Source3:        clamav-updateclamconf
Patch1:         %name-conf.patch
BuildRoot:      %{_tmppath}/%{name}-%{version}-build

%description
Clam AntiVirus is an antivirus toolkit for UNIX. The main purpose of
this software is the integration with mail servers (attachment
scanning). The package provides a flexible and scalable multithreaded
daemon, a command line scanner, and a tool for automatic updating via
the Internet. It can be used in conjunction with AMaViSD-new and
Postfix to provide a combined e-mail filter for spam and viruses.



Authors:
--------
    Tomasz Kojm
    Nigel Horne

%package db
Group:          Productivity/Security
Summary:        Virus Database for ClamAV
Prereq:         clamav sed

%description db
This package contains a snapshot of the virus description database for
ClamAV. It is not needed if you use freshclam to keep your virus
database up to date.



Authors:
--------
    Tomasz Kojm
    Nigel Horne

%prep
%setup -q
%patch1

%build
%if %suse_version >= 1010
SP="-fstack-protector"
%endif
export CFLAGS="%optflags -fno-strict-aliasing $SP"
./configure \
	--prefix=%_prefix \
	--libdir=%_libdir \
	--mandir=%_mandir \
	--sysconfdir=%_sysconfdir \
	--disable-clamav \
	--disable-static \
	--with-dbdir=/var/lib/clamav \
	--with-user=vscan \
	--with-group=vscan \
	--with-tcpwrappers \
	--with-libcurl \
	--disable-zlib-vcheck
make %{?jobs:-j%jobs}
make check

%install
rm -rf %buildroot
%makeinstall
mkdir -p %buildroot/etc/init.d
install -m755 %SOURCE1 %buildroot/etc/init.d/clamd
ln -s /etc/init.d/clamd %buildroot%_sbindir/rcclamd
install -m755 %SOURCE2 %buildroot/etc/init.d/freshclam
ln -s /etc/init.d/freshclam %buildroot%_sbindir/rcfreshclam
install -m755 %SOURCE3 %buildroot%_sbindir/updateclamconf
touch %buildroot/var/lib/clamav/{clamd,freshclam}.pid
for f in %buildroot/var/lib/clamav/*.cvd; do
	mv $f $f.dist
	touch $f
done
mkdir -p %buildroot/var/spool/amavis
%if 0%{?suse_version:%suse_version} > 1020
rm %buildroot/%_libdir/*.la
%endif

%clean
rm -rf %buildroot

%files
%defattr(-,root,root,-)
%config(noreplace) %_sysconfdir/*.conf
%config %attr(744,root,root)/etc/init.d/*
%doc AUTHORS BUGS ChangeLog COPYING FAQ INSTALL NEWS README UPGRADE
%doc docs/*.pdf docs/html
%doc %_mandir/*/*
%_bindir/*

%_sbindir/*
%_includedir/*
%_libdir/lib*
%_libdir/pkgconfig/libclamav.pc
%defattr(-,vscan,vscan)
%dir %attr(700,vscan,root) /var/spool/amavis
%dir /var/lib/clamav
%ghost /var/lib/clamav/*.pid
%ghost /var/lib/clamav/*.cvd

%files db
%defattr(-,vscan,vscan)
%dir /var/lib/clamav
/var/lib/clamav/*.cvd.dist

%pre

%_sbindir/groupadd -r vscan 2> /dev/null || :

%_sbindir/useradd -r -o -g vscan -u 65 -s /bin/false -c "Vscan account" -d /var/spool/amavis vscan 2> /dev/null || :

%_sbindir/usermod vscan -g vscan 2> /dev/null || :

%post
# merge config files on update
test "0$1" -lt 2 && exit 0
# The old default to run clamd in foreground mode was wrong
OVERRIDE="Foreground no"
for f in /etc/clamd.conf /etc/freshclam.conf; do
  if test -e $f.rpmnew; then
    %_sbindir/updateclamconf -v override="$OVERRIDE" $f $f.rpmnew > $f.tmp
    if test $? == 0; then
      mv $f $f.old
      mv $f.tmp $f
    else
      echo "Merging $f with $f.rpmnew failed"
    fi
  fi
done

%triggerpostun -- %name < 0.88.3
# Move clamav.conf to clamd.conf when updating from an old version
# and inform the admin about the rename.
cd /etc
if test -e clamav.conf.rpmsave -a ! -e clamd.conf.rpmnew; then
   mv clamd.conf clamd.conf.rpmnew
   mv clamav.conf.rpmsave clamd.conf
   cat > clamav.conf <<-EOF
	# clamd.conf has been renamed to clamav.conf.
	# This file can be removed.
	EOF
   %restart_on_update clamd
fi

%preun
%stop_on_removal clamd freshclam

%postun
%restart_on_update clamd freshclam
%insserv_cleanup

%post db
# determine the version number of a given database file
getversion() {
  if test -f "$1"; then
    /usr/bin/sigtool -i "$1" | sed -n '/^Version: /s///gp'
  else
    # a non-existing file is assumed to have version 0
    echo 0
  fi
}
cd /var/lib/clamav
for distfile in {main,daily}.cvd.dist; do
  datafile=${distfile%.dist}
  if test $(getversion $distfile) -gt $(getversion $datafile); then
    cp -a $distfile $datafile
  fi
done

%changelog
* Wed Jul 11 2007 - max@suse.de
- Update to version 0.91 (#289830)
- improved handling of .mdb files (fixes long startup times)
- Adds anti-phishing support
- unpacker for NSIS (Nullsoft Scriptable Install System)
  self-extracting archives
- unpacker for ASPack 2.12
- new implementation of the Aho-Corasick pattern matcher providing
  better detection for wildcard enabled signatures
- support for nibble matching and floating offsets
- extraction of PE files embedded into other executables
- better handling of PE & UPX
- removed dependency on libcurl (improves stability)
- many other improvements and bugfixes
* Thu May 31 2007 - max@suse.de
- Security update: 0.90.3 (#279536)
- libclamav/unsp.c: fix end of buffer calculation (bb#464)
- libclamav/others.c: use strict permissions (0600) for temporary files
  created in cli_gentempstream() (bb#517).
- libclamav/unrar/unrar.c: heap corruption causing DoS with corrupted
  rar archive, better handle truncated files
- libclamav/phishcheck.c: isURL() regex execution hangs on Solaris
- libclamav/ole2_extract.c: detect block list loop (bb#466)
* Fri Apr 13 2007 - max@suse.de
- Security update: 0.90.2 (#264189)
- CVE-2007-1997: CAB File Unstore Buffer Overflow Vulnerability
- CVE-2007-1745: file descriptor leak in CHM handler
- File descriptor leaks in libclamav/pdf.c and libclamav/lockdb.c
* Mon Mar 05 2007 - max@suse.de
- Extended the database presence check in rcclamd to accept the
  main.inc directory in addition to the main.cvd file, because
  freshclam can delete the file during a scripted update.
* Fri Mar 02 2007 - max@suse.de
- Update to version 0.90.1 (#250566)
- Some bug fixes and code improvements
- Bumps the version of libclamav's soname, which should have been
  done in 0.90 already.
* Tue Feb 20 2007 - max@suse.de
- Update to version 0.90 (#246214) to fix two Vulnerabilities:
  - CAB File Denial of Service (CVE-2007-0897)
  - MIME Parsing Directory Traversal (CVE-2007-0898)
- Other changes of 0.90 include:
  - Changed config file syntax (automatic conversion is done by the
  RPM on update)
  - New unpacker for RAR3, RAR2 and RAR1
  - Rewritten unpackers for Zip and CAB files
  - Support for RAR-SFX, Zip-SFX and CAB-SFX archives
  - New PE parsing model
  - Support for PE32+ (64-bit) executables
  - Support for MD5 signatures based on PE sections (.mdb)
  - ELF file parser
  - Support for Sensory Networks' NodalCore hardware acceleration
  technology
  - Algorithmic detection can be controlled with CL_SCAN_ALGORITHMIC
  - Support for new obfuscators: SUE, Y0da Cryptor, CryptFF
  - Support for new packers: NsPack, wwpack32, MEW, Upack
  - Support for SIS files (SymbianOS packages)
  - Support for PDF and RTF files
  - TCP and local sockets can be operated simultaneously
  - New command: MULTISCAN (scan directory with multiple threads)
- There where also some API/ABI changes which might affect packages
  that link against libclamav. Affected functions are: cl_loaddb,
  cl_loaddir and cl_scanbuff.
- Cleaned up daemonizing of clamd and freshclam.
* Tue Dec 12 2006 - max@suse.de
- Security update: 0.88.7 (#227827, CVE-2006-5874)
  - handle consecutive errors in base64 decoding
  - honour recursion limit when scanning email messages
  - clamscan: new option --mail-max-recursion
  - libclamav/untar.c: honour archive limits
* Tue Nov 07 2006 - max@suse.de
- Add homedir of user vscan to the package (FATE300731).
* Mon Nov 06 2006 - max@suse.de
- Bugfix release: 0.88.6 (#218313)
- freshclam: apply timeout patch from Everton da Silva Marques
  (new options: ConnectTimeout and ReceiveTimeout)
- clamd: change stack size at the right place (closes bug#103)
- libclamav/petite.c: sanity check the number of rebuilt sections
  (speeds up handling of malformed files)
* Tue Oct 17 2006 - max@suse.de
- Bugfix release 0.88.5 fixes two serious security issues.
  [#212898], CVE-2006-4182, CVE-2006-5295
* Tue Aug 08 2006 - lnussel@suse.de
- New version 0.88.4 fixes heap overflow in UPX decoder
* Thu Jul 06 2006 - max@suse.de
- Bugfix release 0.88.3:
  - fix possible false matches of alternatives
  - Large binhex files were not being handled gracefully.
  - fix zero allocation warning
- Added bc and pkgconfig to BuildRequires to fix curl version
  detection.
- Prevent a file conflict on the database files when main and db
  packages of different versions are installed.
- Renamed clamav.conf to clamd.conf for SLES9.
- Added the db subpackage to SLES9.
- Bugzilla: 190647
* Tue May 02 2006 - max@suse.de
- New version: 0.88.2
- Fixes a buffer overflow in freshclam's get_database function
  (CVE-2006-1989, Bug #171496).
* Mon Apr 10 2006 - meissner@suse.de
- Fixed several implicit warnings which lead to failures
  on 64bit platforms.
* Wed Apr 05 2006 - max@suse.de
- New version: 0.88.1, fixes several security issues:
  CVE-2006-1614, CVE-2006-1615, CVE-2006-1630, bug #164039.
* Thu Feb 09 2006 - max@suse.de
- Removed unneeded dependencies from the init script to break a
  dependency loop.
* Wed Jan 25 2006 - mls@suse.de
- converted neededforbuild to BuildRequires
* Sat Jan 14 2006 - kukuk@suse.de
- Add gmp-devel to nfb
* Thu Jan 12 2006 - max@suse.de
- Added gcc-4.1 stack protection (-fstack-protector).
* Mon Jan 09 2006 - max@suse.de
- New version: 0.88 (Bug #142298).
* Mon Nov 07 2005 - lnussel@suse.de
- Security update: version 0.87.1 (#132305, CVE-2005-3239,
  CVE-2005-3303)
* Mon Sep 19 2005 - max@suse.de
- New version: 0.87 (bug #117648).
* Mon Jul 25 2005 - max@suse.de
- New version: 0.86.2
* Thu Jul 14 2005 - max@suse.de
- New version: 0.86.1
* Tue Jun 21 2005 - max@suse.de
- New version: 0.86
* Tue May 17 2005 - max@suse.de
- New version: 0.85.1 (Bug #81264).
* Wed May 11 2005 - max@suse.de
- New version: 0.85 (Bug #81264).
* Tue May 03 2005 - max@suse.de
- New version: 0.84 (Bug #81264).
- Added and special-cased the patch that is needed for 9.1/SLES9.
* Fri Mar 11 2005 - max@suse.de
- Fixed %%doc file list (wildcards matched too much).
* Mon Feb 28 2005 - max@suse.de
- New version: 0.83
* Mon Feb 07 2005 - max@suse.de
- New version: 0.82
* Thu Jan 27 2005 - max@suse.de
- New version: 0.81
* Thu Nov 11 2004 - max@suse.de
- pkgconfig files go to libdir rather than /usr/lib.
* Thu Nov 11 2004 - coolo@suse.de
- fixing file list for debug packages
* Wed Nov 03 2004 - max@suse.de
- Fixed path to freshclam in init script, and rcfreshclam link.
* Mon Oct 18 2004 - max@suse.de
- Updated to the final 0.80 release.
- Added a runlevel script for freshclam.
* Mon Oct 11 2004 - max@suse.de
- Updated to 0.80rc4.
* Wed Sep 29 2004 - max@suse.de
- Updated to 0.80rc3. The README says:
  "This release candidate eliminates possible false positive alerts
  in UPX/FSG compressed files and clarifies behaviour of default
  actions in clamd and freshclam."
- This also eliminates the need to patch configure.in in order to
  recognize resolv.
* Thu Sep 23 2004 - max@suse.de
- Updated to 0.80rc2 which fixes a critical bug in the handling of
  empty lines in text/plain emails.
- Build with curl support.
- Fixed building of shared libraries instead of static.
- Removed unneeded %%run_ldconfig calls.
- Fixed file lists.
- Check for main.cvd instead of daily.cvd on daemon startup.
* Mon Sep 20 2004 - max@suse.de
- Updated to version 0.80rc which adds support for more file
  formats, and HTML parsing. See the README file for details.
- Added a warning to the init script if no virus database is
  installed.
* Thu Aug 05 2004 - max@suse.de
- New version: 0.75.1
- Moved the virus database files into a subpackage, as they are
  large and not needed if the database is kept up to date with
  freshclam.
* Fri Jul 23 2004 - max@suse.de
- New version: 0.75
* Thu Jul 08 2004 - max@suse.de
- Added -fno-strict-aliasing to CFLAGS.
* Mon Jul 05 2004 - max@suse.de
- New version: 0.74
* Tue Jun 15 2004 - max@suse.de
- New version: 0.73
* Mon Apr 26 2004 - max@suse.de
- New version: 0.70
- Changes the format of the virus definition file.
* Mon Feb 16 2004 - max@suse.de
- New version: 0.67
- Added support for tcpd (/etc/hosts.{allow,deny}).
- Obsoletes clamav-manager.patch.
* Fri Feb 13 2004 - max@suse.de
- New version: 0.66
- Fixes a remote DoS vulnerability (Bug #34412).
* Tue Jan 27 2004 - max@suse.de
- New package: ClamAV Anti-Virus Toolkit