From 7632c657aed4acde1531ece1dfcd84b8fd63fb4ea5139b6c6e4717ba52a38b67 Mon Sep 17 00:00:00 2001 From: Reinhard Max Date: Tue, 10 Nov 2020 16:48:44 +0000 Subject: [PATCH] - bsc#1119353, clamav-fips.patch: Fix freshclam crash in FIPS mode. - Keep OBS from installing an existing clamav instance to scan the sources, because this makes "make check" use the old library instead of the just built one. This is only a workaround until we found a way to keep libtool from adding libdir to rpath and LD_LIBRARY_PATH of the binaries in the testsuite. OBS-URL: https://build.opensuse.org/package/show/security/clamav?expand=0&rev=211 --- clamav-fips.patch | 12 ++++++++++++ clamav.changes | 10 ++++++++++ clamav.spec | 9 +++++++++ 3 files changed, 31 insertions(+) create mode 100644 clamav-fips.patch diff --git a/clamav-fips.patch b/clamav-fips.patch new file mode 100644 index 0000000..796abc4 --- /dev/null +++ b/clamav-fips.patch @@ -0,0 +1,12 @@ +--- libclamav/crypto.c.orig ++++ libclamav/crypto.c +@@ -145,6 +145,9 @@ int cl_initialize_crypto(void) + ERR_load_crypto_strings(); + #endif + ++ /* avoid fips issues */ ++ EVP_add_digest(EVP_md5()); ++ + return 0; + } + diff --git a/clamav.changes b/clamav.changes index a321da8..47ede65 100644 --- a/clamav.changes +++ b/clamav.changes @@ -1,3 +1,13 @@ +------------------------------------------------------------------- +Tue Nov 10 16:44:57 UTC 2020 - Reinhard Max + +- bsc#1119353, clamav-fips.patch: Fix freshclam crash in FIPS mode. +- Keep OBS from installing an existing clamav instance to scan the + sources, because this makes "make check" use the old library + instead of the just built one. This is only a workaround until + we found a way to keep libtool from adding libdir to rpath and + LD_LIBRARY_PATH of the binaries in the testsuite. + ------------------------------------------------------------------- Mon Sep 14 17:39:16 UTC 2020 - Arjen de Korte diff --git a/clamav.spec b/clamav.spec index b69ddb0..16ba62f 100644 --- a/clamav.spec +++ b/clamav.spec @@ -37,6 +37,7 @@ Patch1: clamav-conf.patch Patch4: clamav-disable-timestamps.patch Patch5: clamav-obsolete-config.patch Patch6: clamav-disable-yara.patch +Patch12: clamav-fips.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: bc @@ -58,6 +59,13 @@ BuildRequires: systemd-rpm-macros #BuildRequires: valgrind BuildRequires: zlib-devel BuildRequires: pkgconfig(libsystemd) +# +# Workaround to keep "make check" from using an existing libclamav +# instead of the just built one. This should rather be fixed +# by keeping libtool from adding libdir to rpath and LD_LIBRARY_PATH +# of the test binaries. +# +#!BuildIgnore: clamav Requires(pre): %_bindir/awk Requires(pre): %_sbindir/groupadd Requires(pre): %_sbindir/useradd @@ -125,6 +133,7 @@ that want to make use of libclamav. %patch4 %patch5 %patch6 +%patch12 %build CFLAGS="-fstack-protector"