pool/clamav
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- bsc#1119353, clamav-fips.patch: Fix freshclam crash in FIPS mode.

Browse Source 
- Keep OBS from installing an existing clamav instance to scan the
  sources, because this makes "make check" use the old library
  instead of the just built one. This is only a workaround until
  we found a way to keep libtool from adding libdir to rpath and
  LD_LIBRARY_PATH of the binaries in the testsuite.

OBS-URL: https://build.opensuse.org/package/show/security/clamav?expand=0&rev=211
This commit is contained in:
Reinhard Max 2020-11-10 16:48:44 +00:00 committed by Git OBS Bridge
parent 7a7a40f392
commit 7632c657ae
3 changed files with 31 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
clamav-fips.patch Normal file
View File

@ -0,0 +1,12 @@
--- libclamav/crypto.c.orig
+++ libclamav/crypto.c
@@ -145,6 +145,9 @@ int cl_initialize_crypto(void)
ERR_load_crypto_strings();
#endif
+ /* avoid fips issues */
+ EVP_add_digest(EVP_md5());
+
return 0;
}

10
clamav.changes
View File

@ -1,3 +1,13 @@
-------------------------------------------------------------------
Tue Nov 10 16:44:57 UTC 2020 - Reinhard Max <max@suse.com>
- bsc#1119353, clamav-fips.patch: Fix freshclam crash in FIPS mode.
- Keep OBS from installing an existing clamav instance to scan the
sources, because this makes "make check" use the old library
instead of the just built one. This is only a workaround until
we found a way to keep libtool from adding libdir to rpath and
LD_LIBRARY_PATH of the binaries in the testsuite.
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Sep 14 17:39:16 UTC 2020 - Arjen de Korte <suse+build@de-korte.org> Mon Sep 14 17:39:16 UTC 2020 - Arjen de Korte <suse+build@de-korte.org>

9
clamav.spec
View File

@ -37,6 +37,7 @@ Patch1: clamav-conf.patch
Patch4: clamav-disable-timestamps.patch Patch4: clamav-disable-timestamps.patch
Patch5: clamav-obsolete-config.patch Patch5: clamav-obsolete-config.patch
Patch6: clamav-disable-yara.patch Patch6: clamav-disable-yara.patch
Patch12: clamav-fips.patch
BuildRequires: autoconf BuildRequires: autoconf
BuildRequires: automake BuildRequires: automake
BuildRequires: bc BuildRequires: bc
@ -58,6 +59,13 @@ BuildRequires: systemd-rpm-macros
#BuildRequires: valgrind #BuildRequires: valgrind
BuildRequires: zlib-devel BuildRequires: zlib-devel
BuildRequires: pkgconfig(libsystemd) BuildRequires: pkgconfig(libsystemd)
#
# Workaround to keep "make check" from using an existing libclamav
# instead of the just built one. This should rather be fixed
# by keeping libtool from adding libdir to rpath and LD_LIBRARY_PATH
# of the test binaries.
#
#!BuildIgnore: clamav
Requires(pre): %_bindir/awk Requires(pre): %_bindir/awk
Requires(pre): %_sbindir/groupadd Requires(pre): %_sbindir/groupadd
Requires(pre): %_sbindir/useradd Requires(pre): %_sbindir/useradd
@ -125,6 +133,7 @@ that want to make use of libclamav.
%patch4 %patch4
%patch5 %patch5
%patch6 %patch6
%patch12
%build %build
CFLAGS="-fstack-protector" CFLAGS="-fstack-protector"