From 1ca8804a221474f575c754cb08a17bcaa71435c5c7523603019fa60c25e0e8e2 Mon Sep 17 00:00:00 2001 From: Andreas Stieger Date: Tue, 17 Jul 2018 21:41:32 +0000 Subject: [PATCH 1/8] Accepting request 622505 from home:EGDFree:branches:security MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Update to version 0.100.1 * CVE-2017-16932: Vulnerability in libxml2 dependency (affects ClamAV on Windows only). * CVE-2018-0360: HWP integer overflow, infinite loop vulnerability. Reported by Secunia Research at Flexera. * CVE-2018-0361: ClamAV PDF object length check, unreasonably long time to parse relatively small file. Reported by aCaB. * Buffer over-read in unRAR code due to missing max value checks in table initialization. Reported by Rui Reis. * Libmspack heap buffer over-read in CHM parser. Reported by Hanno Böck. * Buffer length checks when reading integers from non-NULL terminated strings. * Buffer length tracking when reading strings from dictionary objects. * HTTPS support for clamsubmit. * Fix for DNS resolution for users on IPv4-only machines where IPv6 is not available or is link-local only. Patch provided by Guilherme Benkenstein. OBS-URL: https://build.opensuse.org/request/show/622505 OBS-URL: https://build.opensuse.org/package/show/security/clamav?expand=0&rev=168 --- clamav-0.100.0.tar.gz | 3 --- clamav-0.100.0.tar.gz.sig | 16 ---------------- clamav-0.100.1.tar.gz | 3 +++ clamav-0.100.1.tar.gz.sig | 16 ++++++++++++++++ clamav-disable-timestamps.patch | 2 +- clamav.changes | 23 +++++++++++++++++++++++ clamav.spec | 2 +- 7 files changed, 44 insertions(+), 21 deletions(-) delete mode 100644 clamav-0.100.0.tar.gz delete mode 100644 clamav-0.100.0.tar.gz.sig create mode 100644 clamav-0.100.1.tar.gz create mode 100644 clamav-0.100.1.tar.gz.sig diff --git a/clamav-0.100.0.tar.gz b/clamav-0.100.0.tar.gz deleted file mode 100644 index be974fe..0000000 --- a/clamav-0.100.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:c5c5edaf75a3c53ac0f271148fd6447310bce53f448ec7e6205124a25918f65c -size 16036757 diff --git a/clamav-0.100.0.tar.gz.sig b/clamav-0.100.0.tar.gz.sig deleted file mode 100644 index d1c309f..0000000 --- a/clamav-0.100.0.tar.gz.sig +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIcBAABAgAGBQJay4N+AAoJEPE/nha8pb+tUiEP/isw/OZ5t183XjjPVV3wtIH1 -xbPkCG5/842Ui8Dd2G14VUEW+abUDueBU1Fn4hPixGVOmXiEmltwlM2R6+qjutVO -al18jCkJXMq9sfqO0pMom8NDf3mNu9sy3oqARekrnLO1JZI0w5HKAAJg3VaCBBEZ -YD7XxtuO8R1R9BBSAwx4E1NG9skQ+WAJVlT7ckWCuqW6SafIsqnM2f9KV1lYitod -7mXl72nPQA3xkiqri1XLZrkiViZyzX5q3LRYdADlHk79MmDZuaaVIfza42SEYjQm -TYTh5vvi1yUz6qhALFfbqOdOTQLri0gZp00xlmH+5MhVcnHZVAfzA3R57VcleD+o -LpC9WUAEUL3D15KQlLhrV7Y0D82M79jJDXExRM2TozjUnA3WrQRZZqlJg5iEBHcu -VP/O7hLNslm8SFRd1SHQ7C4D7X9odW3D64QySEpx9TyUWSesQg/hSO3F9Xj6eBRy -JWYc90iu8DFedR+QrkwnMIbgbTeYxVjnPwKfI1E8vGrojYFKI3nFATQERRAcnrSz -FjaffXxkMPULKCi8JqcvomlZkj+W1LvZ9OEdtD92nz4mX/C6tHaPy6A2alByHElp -CMXYc8IIT3WWFV73O17xBdLhpyJRnmuHQ3IpJMKXh89lgX+t/ABAkWlmQsLy9PpH -SlfPF6qoRTu2fSlQmEJu -=KvcM ------END PGP SIGNATURE----- diff --git a/clamav-0.100.1.tar.gz b/clamav-0.100.1.tar.gz new file mode 100644 index 0000000..64ffae6 --- /dev/null +++ b/clamav-0.100.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:84e026655152247de7237184ee13003701c40be030dd68e0316111049f58a59f +size 16154415 diff --git a/clamav-0.100.1.tar.gz.sig b/clamav-0.100.1.tar.gz.sig new file mode 100644 index 0000000..c0a7516 --- /dev/null +++ b/clamav-0.100.1.tar.gz.sig @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIcBAABAgAGBQJbO66OAAoJEPE/nha8pb+t2SkP/0i9fOLm2FCBs/kRGiGgd4zn +RxLwsW0Wskf0C/5dLhNHP/aeHSqeWZQdasmIgUzxxGhksp/gxwmH66h5y6qjACU2 +LnDytMr5DuM0rPAfNtOmnCQcpKVXvRA5utboCP7BWBLsfdfi1tF/Sw/JknDzDu5a +AExBpiclix4EEHa4VkG+pMYpLLYUfxMZgKuq9b3ytWgNbCz0riSugr3hkoL72uRy +xfrN2S0YkHy1Kw/7zohcHJa1qfPXZ/V6S1iSBCSfk3OTeExJhQIDxlLNTkcBr8L0 +H9Fo6RnQ2ttYtdphKU1suN4spFxBJD94zkOB+0cLfk6sCeYb4BXrqX6t19N+9Z9+ +m2fx2zay12skW/eABFtG82ToWTojCfHhKrRRDZRE8iXh2KUKMUkx7kSjhDRNR9eE +WIpfAom4vdgDwDOgHwziUqr65l8Dr3NFC1LJl8F0uaFGshbjbtMufD88S0TQCvw6 +pJAZ8ZiTXqtmT9Uyw9aObffA2ekKWOY4k/6Z7ved76GkXC+e922Z+LpRE8wE05Cz +sqwkzIQMLwwBo3468vB0RFxS14AVyLFVogmYxkhLcZC39yFBZVJF4++efsrlt+vq ++OoJl7JF1NYp8KSGGAIuNY5dyJGtiu709n7ppU6JAY2uhAzEjHYeqM0caDjPDjT2 +/LK7EO0s7O30HEld5gDC +=xbrK +-----END PGP SIGNATURE----- diff --git a/clamav-disable-timestamps.patch b/clamav-disable-timestamps.patch index 677c0f8..d636fd8 100644 --- a/clamav-disable-timestamps.patch +++ b/clamav-disable-timestamps.patch @@ -78,4 +78,4 @@ +_ACEOF - VERSION="0.100.0" + VERSION="0.100.1" diff --git a/clamav.changes b/clamav.changes index eda9cd4..0679320 100644 --- a/clamav.changes +++ b/clamav.changes @@ -1,3 +1,26 @@ +------------------------------------------------------------------- +Tue Jul 10 08:06:33 UTC 2018 - egdfree@opensuse.org + +- Update to version 0.100.1 + * CVE-2017-16932: Vulnerability in libxml2 dependency (affects + ClamAV on Windows only). + * CVE-2018-0360: HWP integer overflow, infinite loop + vulnerability. Reported by Secunia Research at Flexera. + * CVE-2018-0361: ClamAV PDF object length check, unreasonably + long time to parse relatively small file. Reported by aCaB. + * Buffer over-read in unRAR code due to missing max value checks + in table initialization. Reported by Rui Reis. + * Libmspack heap buffer over-read in CHM parser. Reported by + Hanno Böck. + * Buffer length checks when reading integers from non-NULL + terminated strings. + * Buffer length tracking when reading strings from dictionary + objects. + * HTTPS support for clamsubmit. + * Fix for DNS resolution for users on IPv4-only machines where + IPv6 is not available or is link-local only. Patch provided by + Guilherme Benkenstein. + ------------------------------------------------------------------- Thu Apr 26 15:35:15 UTC 2018 - max@suse.com diff --git a/clamav.spec b/clamav.spec index 4609659..12bf9c4 100644 --- a/clamav.spec +++ b/clamav.spec @@ -38,7 +38,7 @@ BuildRequires: zlib-devel Summary: Antivirus Toolkit License: GPL-2.0-only Group: Productivity/Security -Version: 0.100.0 +Version: 0.100.1 Release: 0 Url: http://www.clamav.net Obsoletes: clamav-db < 0.88.3 From 6146a1ccb6c65769c612f241441a44feb73b55b90bf52faedad2df467f974470 Mon Sep 17 00:00:00 2001 From: Andreas Stieger Date: Tue, 17 Jul 2018 21:41:52 +0000 Subject: [PATCH 2/8] Accepting request 623475 from home:AndreasStieger:branches:security - fix library-without-ldconfig warnings on libclammspack OBS-URL: https://build.opensuse.org/request/show/623475 OBS-URL: https://build.opensuse.org/package/show/security/clamav?expand=0&rev=169 --- clamav.changes | 5 +++++ clamav.spec | 3 +++ 2 files changed, 8 insertions(+) diff --git a/clamav.changes b/clamav.changes index 0679320..41d1ddb 100644 --- a/clamav.changes +++ b/clamav.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Tue Jul 17 14:21:35 UTC 2018 - security@suse.com + +- fix library-without-ldconfig warnings on libclammspack + ------------------------------------------------------------------- Tue Jul 10 08:06:33 UTC 2018 - egdfree@opensuse.org diff --git a/clamav.spec b/clamav.spec index 12bf9c4..daa5f82 100644 --- a/clamav.spec +++ b/clamav.spec @@ -174,6 +174,9 @@ VALGRIND_GENSUP=1 make check %post -n libclamav7 -p /sbin/ldconfig %postun -n libclamav7 -p /sbin/ldconfig +%post -n libclammspack0 -p /sbin/ldconfig +%postun -n libclammspack0 -p /sbin/ldconfig + %files %config(noreplace) %_sysconfdir/*.conf #systemd... From 7af09fc2e8dfd5da3d59ae9f5a42f3e0bde78742b49138e9ea6582f4a57b141d Mon Sep 17 00:00:00 2001 From: Andreas Stieger Date: Tue, 17 Jul 2018 21:45:40 +0000 Subject: [PATCH 3/8] bugzilla refs OBS-URL: https://build.opensuse.org/package/show/security/clamav?expand=0&rev=170 --- clamav.changes | 23 ++++++++--------------- 1 file changed, 8 insertions(+), 15 deletions(-) diff --git a/clamav.changes b/clamav.changes index 41d1ddb..0ddcd99 100644 --- a/clamav.changes +++ b/clamav.changes @@ -7,24 +7,17 @@ Tue Jul 17 14:21:35 UTC 2018 - security@suse.com Tue Jul 10 08:06:33 UTC 2018 - egdfree@opensuse.org - Update to version 0.100.1 - * CVE-2017-16932: Vulnerability in libxml2 dependency (affects - ClamAV on Windows only). * CVE-2018-0360: HWP integer overflow, infinite loop - vulnerability. Reported by Secunia Research at Flexera. - * CVE-2018-0361: ClamAV PDF object length check, unreasonably - long time to parse relatively small file. Reported by aCaB. + vulnerability (bsc#1101410) + * CVE-2018-0361: PDF object length check, unreasonably long time + to parse relatively small file (bsc#1101412) * Buffer over-read in unRAR code due to missing max value checks - in table initialization. Reported by Rui Reis. - * Libmspack heap buffer over-read in CHM parser. Reported by - Hanno Böck. - * Buffer length checks when reading integers from non-NULL - terminated strings. - * Buffer length tracking when reading strings from dictionary - objects. - * HTTPS support for clamsubmit. + in table initialization + * Libmspack heap buffer over-read in CHM parser + * PDF parser bugs + * Add HTTPS support for clamsubmit * Fix for DNS resolution for users on IPv4-only machines where - IPv6 is not available or is link-local only. Patch provided by - Guilherme Benkenstein. + IPv6 is not available or is link-local only ------------------------------------------------------------------- Thu Apr 26 15:35:15 UTC 2018 - max@suse.com From fc65c3a5dea810b7ff6932260a3404d9c0065ae962c363444fa4435c4f03c10f Mon Sep 17 00:00:00 2001 From: Reinhard Max Date: Thu, 26 Jul 2018 09:55:19 +0000 Subject: [PATCH 4/8] Accepting request 625316 from home:pluskalm:branches:security - Update dendencies (pcre2, libjson-c and systemd) - Modernise spec file with spec-cleaner OBS-URL: https://build.opensuse.org/request/show/625316 OBS-URL: https://build.opensuse.org/package/show/security/clamav?expand=0&rev=171 --- clamav.changes | 6 +++ clamav.spec | 136 +++++++++++++++++++++++++------------------------ 2 files changed, 76 insertions(+), 66 deletions(-) diff --git a/clamav.changes b/clamav.changes index 0ddcd99..2b7bbc3 100644 --- a/clamav.changes +++ b/clamav.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Wed Jul 25 16:23:09 UTC 2018 - mpluskal@suse.com + +- Update dendencies (pcre2, libjson-c and systemd) +- Modernise spec file with spec-cleaner + ------------------------------------------------------------------- Tue Jul 17 14:21:35 UTC 2018 - security@suse.com diff --git a/clamav.spec b/clamav.spec index daa5f82..f1d1d78 100644 --- a/clamav.spec +++ b/clamav.spec @@ -16,49 +16,54 @@ # +%define clamav_check --enable-check Name: clamav +Version: 0.100.1 +Release: 0 +Summary: Antivirus Toolkit +License: GPL-2.0-only +Group: Productivity/Security +URL: http://www.clamav.net +Source0: http://www.clamav.net/downloads/production/%{name}-%{version}.tar.gz +Source1: http://www.clamav.net/downloads/production/%{name}-%{version}.tar.gz.sig +Source4: clamav-rpmlintrc +Source6: clamav-tmpfiles.conf +Source7: service.clamd +Source8: service.freshclam +Source9: service.clamav-milter +Source11: clamav.keyring +Patch1: clamav-conf.patch +Patch4: clamav-disable-timestamps.patch +Patch5: clamav-obsolete-config.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: bc BuildRequires: check-devel BuildRequires: libbz2-devel BuildRequires: libcurl-devel +BuildRequires: libjson-c-devel BuildRequires: libopenssl-devel BuildRequires: libtool BuildRequires: libxml2-devel BuildRequires: ncurses-devel -BuildRequires: pcre-devel +BuildRequires: pcre2-devel BuildRequires: pkgconfig BuildRequires: pwdutils BuildRequires: python-devel BuildRequires: sed BuildRequires: sendmail-devel +BuildRequires: systemd-devel +BuildRequires: systemd-rpm-macros BuildRequires: zlib-devel -%define clamav_check --enable-check -Summary: Antivirus Toolkit -License: GPL-2.0-only -Group: Productivity/Security -Version: 0.100.1 -Release: 0 -Url: http://www.clamav.net +Requires(pre): %{_bindir}/awk +Requires(pre): %{_sbindir}/groupadd +Requires(pre): %{_sbindir}/useradd +Requires(pre): %{_sbindir}/usermod +Requires(pre): /bin/sed +Requires(pre): /bin/tar Obsoletes: clamav-db < 0.88.3 Provides: clamav-nodb = %{version} Obsoletes: clamav-nodb <= 0.98.4 -Requires(pre): %_sbindir/groupadd %_sbindir/useradd %_sbindir/usermod -Requires(pre): /usr/bin/awk /bin/sed /bin/tar -Source0: http://www.clamav.net/downloads/production/%{name}-%{version}.tar.gz -Source1: http://www.clamav.net/downloads/production/%{name}-%{version}.tar.gz.sig -Source11: clamav.keyring -Source4: clamav-rpmlintrc -Source6: clamav-tmpfiles.conf -Source7: service.clamd -Source8: service.freshclam -Source9: service.clamav-milter -Patch1: clamav-conf.patch -Patch4: clamav-disable-timestamps.patch -Patch5: clamav-obsolete-config.patch -BuildRequires: systemd -BuildRequires: systemd-rpm-macros %systemd_requires %description @@ -90,7 +95,7 @@ viruses, malware and other malicious threats. %package devel Summary: Development files for libclamav, an antivirus engine Group: Development/Libraries/C and C++ -Requires: libclamav7 = %version +Requires: libclamav7 = %{version} %description devel ClamAV is an antivirus engine designed for detecting trojans, @@ -108,21 +113,21 @@ that want to make use of libclamav. %build CFLAGS="-fstack-protector" CXXFLAGS="-fstack-protector" -export CFLAGS="%optflags $CFLAGS -fPIE -fno-strict-aliasing" -export CXXFLAGS="%optflags $CXXFLAGS -fPIE -fno-strict-aliasing -std=gnu++98" +export CFLAGS="%{optflags} $CFLAGS -fPIE -fno-strict-aliasing" +export CXXFLAGS="%{optflags} $CXXFLAGS -fPIE -fno-strict-aliasing -std=gnu++98" export LDFLAGS="-pie" -%if "%_lib" == "lib64" +%if "%{_lib}" == "lib64" # tomsfastmath needs this for correct operation on 64-bit platforms CFLAGS="$CFLAGS -DFP_64BIT" %endif %configure \ --disable-clamav \ --disable-static \ - --with-dbdir=/var/lib/clamav \ + --with-dbdir=%{_localstatedir}/lib/clamav \ --with-user=vscan \ --with-group=vscan \ --enable-milter \ - %clamav_check \ + %{clamav_check} \ --enable-clamdtop \ --disable-zlib-vcheck \ --disable-timestamps @@ -131,37 +136,37 @@ make V=1 %{?_smp_mflags} %install %make_install -install -d -m755 %buildroot/var/lib/clamav -install -d -m755 %buildroot/%_tmpfilesdir -install -m644 %{S:6} %buildroot%_tmpfilesdir/clamav.conf -mkdir -p %buildroot/var/spool/amavis -mkdir -p -m 0755 %buildroot/run/clamav -rm %buildroot/%_libdir/*.la +install -d -m755 %{buildroot}%{_localstatedir}/lib/clamav +install -d -m755 %{buildroot}/%{_tmpfilesdir} +install -m644 %{SOURCE6} %{buildroot}%{_tmpfilesdir}/clamav.conf +mkdir -p %{buildroot}%{_localstatedir}/spool/amavis +mkdir -p -m 0755 %{buildroot}/run/clamav +find %{buildroot} -type f -name "*.la" -delete -print # libclammspack is not meant to be linked against by anything but # libclamav -rm %buildroot%_libdir/pkgconfig/libclammspack.pc -rm %buildroot%_libdir/libclammspack.so +rm %{buildroot}%{_libdir}/pkgconfig/libclammspack.pc +rm %{buildroot}%{_libdir}/libclammspack.so # fix the new config file names -pushd %buildroot/etc +pushd %{buildroot}%{_sysconfdir} mv clamd.conf.sample clamd.conf mv clamav-milter.conf.sample clamav-milter.conf mv freshclam.conf.sample freshclam.conf popd # Systemd... -install -d -m 0755 %buildroot/%{_unitdir} -install -m 0644 %{S:7} %buildroot/%{_unitdir}/clamd.service -install -m 0644 %{S:8} %buildroot/%{_unitdir}/freshclam.service -install -m 0644 %{S:9} %buildroot/%{_unitdir}/clamav-milter.service -rm -f %buildroot/%{_unitdir}/clamav-daemon.service -rm -f %buildroot/%{_unitdir}/clamav-daemon.socket -rm -f %buildroot/%{_unitdir}/clamav-freshclam.service -# this is broken if system does not have systemd so don't +install -d -m 0755 %{buildroot}/%{_unitdir} +install -m 0644 %{SOURCE7} %{buildroot}/%{_unitdir}/clamd.service +install -m 0644 %{SOURCE8} %{buildroot}/%{_unitdir}/freshclam.service +install -m 0644 %{SOURCE9} %{buildroot}/%{_unitdir}/clamav-milter.service +rm -f %{buildroot}/%{_unitdir}/clamav-daemon.service +rm -f %{buildroot}/%{_unitdir}/clamav-daemon.socket +rm -f %{buildroot}/%{_unitdir}/clamav-freshclam.service +# this is broken if system does not have systemd so don't # use it at all on systems without mandatory systemd for srvname in clamd freshclam clamav-milter;do - (export PATH=/usr/sbin:/sbin:$PATH ;ln -sf $(which service) %{buildroot}/%{_sbindir}/rc${srvname}) + (export PATH=%{_prefix}/sbin:/sbin:$PATH ;ln -sf $(which service) %{buildroot}/%{_sbindir}/rc${srvname}) done %check @@ -173,48 +178,47 @@ VALGRIND_GENSUP=1 make check %post -n libclamav7 -p /sbin/ldconfig %postun -n libclamav7 -p /sbin/ldconfig - %post -n libclammspack0 -p /sbin/ldconfig %postun -n libclammspack0 -p /sbin/ldconfig %files -%config(noreplace) %_sysconfdir/*.conf +%config(noreplace) %{_sysconfdir}/*.conf #systemd... %{_unitdir}/clamd.service %{_unitdir}/freshclam.service %{_unitdir}/clamav-milter.service -%_tmpfilesdir -%doc COPYING* +%{_tmpfilesdir} +%license COPYING* %doc docs/*.pdf docs/html -%doc %_mandir/*/* -%_bindir/* -%_sbindir/* +%{_mandir}/*/* +%{_bindir}/* +%{_sbindir}/* %defattr(-,vscan,vscan) -%dir %attr(750,vscan,vscan) /var/spool/amavis -%dir /var/lib/clamav +%dir %attr(750,vscan,vscan) %{_localstatedir}/spool/amavis +%dir %{_localstatedir}/lib/clamav %ghost %attr(755,vscan,vscan) /run/clamav %files -n libclamav7 -%_libdir/libclam*.so.7* +%{_libdir}/libclam*.so.7* %files -n libclammspack0 -%_libdir/libclammspack.so.0* +%{_libdir}/libclammspack.so.0* %files devel -%_libdir/pkgconfig/* -%_libdir/libclam*.so -%_includedir/* +%{_libdir}/pkgconfig/* +%{_libdir}/libclam*.so +%{_includedir}/* %pre -getent group vscan >/dev/null || %_sbindir/groupadd -r vscan || : +getent group vscan >/dev/null || %{_sbindir}/groupadd -r vscan || : getent passwd vscan >/dev/null || \ - %_sbindir/useradd -r -o -g vscan -u 65 -s /bin/false \ - -c "Vscan account" -d /var/spool/amavis vscan || : -%_sbindir/usermod vscan -g vscan 2> /dev/null || : + %{_sbindir}/useradd -r -o -g vscan -u 65 -s /bin/false \ + -c "Vscan account" -d %{_localstatedir}/spool/amavis vscan || : +%{_sbindir}/usermod vscan -g vscan 2> /dev/null || : %service_add_pre clamd.service freshclam.service clamav-milter.service %post -systemd-tmpfiles --create %_tmpfilesdir/clamav.conf +systemd-tmpfiles --create %{_tmpfilesdir}/clamav.conf %service_add_post clamd.service freshclam.service clamav-milter.service %preun From 047b23765b1199646115655f2d80db88e55cc9f32cd788ffd4d8c71f3d4b65a7 Mon Sep 17 00:00:00 2001 From: Reinhard Max Date: Mon, 30 Jul 2018 11:28:31 +0000 Subject: [PATCH 5/8] - Disable YARA support for licensing reasons (bsc#1101654). OBS-URL: https://build.opensuse.org/package/show/security/clamav?expand=0&rev=172 --- clamav.changes | 5 +++++ clamav.spec | 3 ++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/clamav.changes b/clamav.changes index 2b7bbc3..bc85353 100644 --- a/clamav.changes +++ b/clamav.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Mon Jul 30 11:27:30 UTC 2018 - max@suse.com + +- Disable YARA support for licensing reasons (bsc#1101654). + ------------------------------------------------------------------- Wed Jul 25 16:23:09 UTC 2018 - mpluskal@suse.com diff --git a/clamav.spec b/clamav.spec index f1d1d78..dbbc24f 100644 --- a/clamav.spec +++ b/clamav.spec @@ -130,7 +130,8 @@ CFLAGS="$CFLAGS -DFP_64BIT" %{clamav_check} \ --enable-clamdtop \ --disable-zlib-vcheck \ - --disable-timestamps + --disable-timestamps \ + --disable-yara make V=1 %{?_smp_mflags} From 57aad7711cb58c9de2686056d769aecf849a7ffb4cad79e49bf9f5d52fe29b29 Mon Sep 17 00:00:00 2001 From: Reinhard Max Date: Tue, 31 Jul 2018 08:58:20 +0000 Subject: [PATCH 6/8] - bsc#1101654: Disable YARA support for licensing reasons (clamav-disable-yara.patch). - Do not ignore errors from useradd et al. OBS-URL: https://build.opensuse.org/package/show/security/clamav?expand=0&rev=173 --- clamav-disable-yara.patch | 39 +++++++++++++++++++++++++++++++++++++++ clamav.changes | 6 ++++-- clamav.spec | 8 +++++--- 3 files changed, 48 insertions(+), 5 deletions(-) create mode 100644 clamav-disable-yara.patch diff --git a/clamav-disable-yara.patch b/clamav-disable-yara.patch new file mode 100644 index 0000000..dba452a --- /dev/null +++ b/clamav-disable-yara.patch @@ -0,0 +1,39 @@ +--- m4/reorganization/yara.m4.orig ++++ m4/reorganization/yara.m4 +@@ -6,7 +6,7 @@ enable_yara=$enableval, enable_yara="yes + + if test "$enable_yara" = "yes"; then + AC_DEFINE([HAVE_YARA],1,[yara sources are compiled in]) +- AC_SUBST([HAVE_YARA]) ++ AC_SUBST([HAVE_YARA], 1) + fi + + +--- unit_tests/check_common.sh.orig ++++ unit_tests/check_common.sh +@@ -222,6 +222,7 @@ EOF + scan_failed clamscan4.log "clamscan has detected spurious VI's" + fi + ++if test "x$HAVE_YARA" = "x1"; then + cat <test-db/test.yara + rule yara_at_offset {strings: \$tar_magic = { 75 73 74 61 72 } condition: \$tar_magic at 257} + EOF +@@ -249,6 +250,7 @@ EOF + fi + + test_end $1 ++fi + } + + # ----------- clamd tests -------------------------------------------------------- +--- configure.orig ++++ configure +@@ -24324,6 +24324,7 @@ if test "$enable_yara" = "yes"; then + + $as_echo "#define HAVE_YARA 1" >>confdefs.h + ++ HAVE_YARA=1 + + fi + diff --git a/clamav.changes b/clamav.changes index bc85353..2025746 100644 --- a/clamav.changes +++ b/clamav.changes @@ -1,7 +1,9 @@ ------------------------------------------------------------------- -Mon Jul 30 11:27:30 UTC 2018 - max@suse.com +Tue Jul 31 08:43:39 UTC 2018 - max@suse.com -- Disable YARA support for licensing reasons (bsc#1101654). +- bsc#1101654: Disable YARA support for licensing reasons + (clamav-disable-yara.patch). +- Do not ignore errors from useradd et al. ------------------------------------------------------------------- Wed Jul 25 16:23:09 UTC 2018 - mpluskal@suse.com diff --git a/clamav.spec b/clamav.spec index dbbc24f..373232c 100644 --- a/clamav.spec +++ b/clamav.spec @@ -35,6 +35,7 @@ Source11: clamav.keyring Patch1: clamav-conf.patch Patch4: clamav-disable-timestamps.patch Patch5: clamav-obsolete-config.patch +Patch6: clamav-disable-yara.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: bc @@ -109,6 +110,7 @@ that want to make use of libclamav. %patch1 %patch4 %patch5 +%patch6 %build CFLAGS="-fstack-protector" @@ -211,11 +213,11 @@ VALGRIND_GENSUP=1 make check %{_includedir}/* %pre -getent group vscan >/dev/null || %{_sbindir}/groupadd -r vscan || : +getent group vscan >/dev/null || %{_sbindir}/groupadd -r vscan getent passwd vscan >/dev/null || \ %{_sbindir}/useradd -r -o -g vscan -u 65 -s /bin/false \ - -c "Vscan account" -d %{_localstatedir}/spool/amavis vscan || : -%{_sbindir}/usermod vscan -g vscan 2> /dev/null || : + -c "Vscan account" -d %{_localstatedir}/spool/amavis vscan +%{_sbindir}/usermod vscan -g vscan %service_add_pre clamd.service freshclam.service clamav-milter.service %post From c8e2e69a0c1e9cb24dbaa5c24a721a748de881f2ba941c4b45194e9bbf87151b Mon Sep 17 00:00:00 2001 From: Reinhard Max Date: Tue, 31 Jul 2018 09:13:16 +0000 Subject: [PATCH 7/8] Remove clutter OBS-URL: https://build.opensuse.org/package/show/security/clamav?expand=0&rev=174 --- clamav.spec | 102 ++++++++++++++++++++++++++-------------------------- 1 file changed, 51 insertions(+), 51 deletions(-) diff --git a/clamav.spec b/clamav.spec index 373232c..b7341ee 100644 --- a/clamav.spec +++ b/clamav.spec @@ -24,8 +24,8 @@ Summary: Antivirus Toolkit License: GPL-2.0-only Group: Productivity/Security URL: http://www.clamav.net -Source0: http://www.clamav.net/downloads/production/%{name}-%{version}.tar.gz -Source1: http://www.clamav.net/downloads/production/%{name}-%{version}.tar.gz.sig +Source0: http://www.clamav.net/downloads/production/%name-%version.tar.gz +Source1: http://www.clamav.net/downloads/production/%name-%version.tar.gz.sig Source4: clamav-rpmlintrc Source6: clamav-tmpfiles.conf Source7: service.clamd @@ -56,14 +56,14 @@ BuildRequires: sendmail-devel BuildRequires: systemd-devel BuildRequires: systemd-rpm-macros BuildRequires: zlib-devel -Requires(pre): %{_bindir}/awk -Requires(pre): %{_sbindir}/groupadd -Requires(pre): %{_sbindir}/useradd -Requires(pre): %{_sbindir}/usermod +Requires(pre): %_bindir/awk +Requires(pre): %_sbindir/groupadd +Requires(pre): %_sbindir/useradd +Requires(pre): %_sbindir/usermod Requires(pre): /bin/sed Requires(pre): /bin/tar Obsoletes: clamav-db < 0.88.3 -Provides: clamav-nodb = %{version} +Provides: clamav-nodb = %version Obsoletes: clamav-nodb <= 0.98.4 %systemd_requires @@ -96,7 +96,7 @@ viruses, malware and other malicious threats. %package devel Summary: Development files for libclamav, an antivirus engine Group: Development/Libraries/C and C++ -Requires: libclamav7 = %{version} +Requires: libclamav7 = %version %description devel ClamAV is an antivirus engine designed for detecting trojans, @@ -115,61 +115,61 @@ that want to make use of libclamav. %build CFLAGS="-fstack-protector" CXXFLAGS="-fstack-protector" -export CFLAGS="%{optflags} $CFLAGS -fPIE -fno-strict-aliasing" -export CXXFLAGS="%{optflags} $CXXFLAGS -fPIE -fno-strict-aliasing -std=gnu++98" +export CFLAGS="%optflags $CFLAGS -fPIE -fno-strict-aliasing" +export CXXFLAGS="%optflags $CXXFLAGS -fPIE -fno-strict-aliasing -std=gnu++98" export LDFLAGS="-pie" -%if "%{_lib}" == "lib64" +%if "%_lib" == "lib64" # tomsfastmath needs this for correct operation on 64-bit platforms CFLAGS="$CFLAGS -DFP_64BIT" %endif %configure \ --disable-clamav \ --disable-static \ - --with-dbdir=%{_localstatedir}/lib/clamav \ + --with-dbdir=%_localstatedir/lib/clamav \ --with-user=vscan \ --with-group=vscan \ --enable-milter \ - %{clamav_check} \ + %clamav_check \ --enable-clamdtop \ --disable-zlib-vcheck \ --disable-timestamps \ --disable-yara -make V=1 %{?_smp_mflags} +make V=1 %?_smp_mflags %install %make_install -install -d -m755 %{buildroot}%{_localstatedir}/lib/clamav -install -d -m755 %{buildroot}/%{_tmpfilesdir} -install -m644 %{SOURCE6} %{buildroot}%{_tmpfilesdir}/clamav.conf -mkdir -p %{buildroot}%{_localstatedir}/spool/amavis -mkdir -p -m 0755 %{buildroot}/run/clamav -find %{buildroot} -type f -name "*.la" -delete -print +install -d -m755 %buildroot%_localstatedir/lib/clamav +install -d -m755 %buildroot/%_tmpfilesdir +install -m644 %SOURCE6 %buildroot%_tmpfilesdir/clamav.conf +mkdir -p %buildroot%_localstatedir/spool/amavis +mkdir -p -m 0755 %buildroot/run/clamav +find %buildroot -type f -name "*.la" -delete -print # libclammspack is not meant to be linked against by anything but # libclamav -rm %{buildroot}%{_libdir}/pkgconfig/libclammspack.pc -rm %{buildroot}%{_libdir}/libclammspack.so +rm %buildroot%_libdir/pkgconfig/libclammspack.pc +rm %buildroot%_libdir/libclammspack.so # fix the new config file names -pushd %{buildroot}%{_sysconfdir} +pushd %buildroot%_sysconfdir mv clamd.conf.sample clamd.conf mv clamav-milter.conf.sample clamav-milter.conf mv freshclam.conf.sample freshclam.conf popd # Systemd... -install -d -m 0755 %{buildroot}/%{_unitdir} -install -m 0644 %{SOURCE7} %{buildroot}/%{_unitdir}/clamd.service -install -m 0644 %{SOURCE8} %{buildroot}/%{_unitdir}/freshclam.service -install -m 0644 %{SOURCE9} %{buildroot}/%{_unitdir}/clamav-milter.service -rm -f %{buildroot}/%{_unitdir}/clamav-daemon.service -rm -f %{buildroot}/%{_unitdir}/clamav-daemon.socket -rm -f %{buildroot}/%{_unitdir}/clamav-freshclam.service +install -d -m 0755 %buildroot/%_unitdir +install -m 0644 %SOURCE7 %buildroot/%_unitdir/clamd.service +install -m 0644 %SOURCE8 %buildroot/%_unitdir/freshclam.service +install -m 0644 %SOURCE9 %buildroot/%_unitdir/clamav-milter.service +rm -f %buildroot/%_unitdir/clamav-daemon.service +rm -f %buildroot/%_unitdir/clamav-daemon.socket +rm -f %buildroot/%_unitdir/clamav-freshclam.service # this is broken if system does not have systemd so don't # use it at all on systems without mandatory systemd for srvname in clamd freshclam clamav-milter;do - (export PATH=%{_prefix}/sbin:/sbin:$PATH ;ln -sf $(which service) %{buildroot}/%{_sbindir}/rc${srvname}) + (export PATH=%_prefix/sbin:/sbin:$PATH ;ln -sf $(which service) %buildroot/%_sbindir/rc${srvname}) done %check @@ -185,43 +185,43 @@ VALGRIND_GENSUP=1 make check %postun -n libclammspack0 -p /sbin/ldconfig %files -%config(noreplace) %{_sysconfdir}/*.conf +%config(noreplace) %_sysconfdir/*.conf #systemd... -%{_unitdir}/clamd.service -%{_unitdir}/freshclam.service -%{_unitdir}/clamav-milter.service -%{_tmpfilesdir} +%_unitdir/clamd.service +%_unitdir/freshclam.service +%_unitdir/clamav-milter.service +%_tmpfilesdir %license COPYING* %doc docs/*.pdf docs/html -%{_mandir}/*/* -%{_bindir}/* -%{_sbindir}/* +%_mandir/*/* +%_bindir/* +%_sbindir/* %defattr(-,vscan,vscan) -%dir %attr(750,vscan,vscan) %{_localstatedir}/spool/amavis -%dir %{_localstatedir}/lib/clamav +%dir %attr(750,vscan,vscan) %_localstatedir/spool/amavis +%dir %_localstatedir/lib/clamav %ghost %attr(755,vscan,vscan) /run/clamav %files -n libclamav7 -%{_libdir}/libclam*.so.7* +%_libdir/libclam*.so.7* %files -n libclammspack0 -%{_libdir}/libclammspack.so.0* +%_libdir/libclammspack.so.0* %files devel -%{_libdir}/pkgconfig/* -%{_libdir}/libclam*.so -%{_includedir}/* +%_libdir/pkgconfig/* +%_libdir/libclam*.so +%_includedir/* %pre -getent group vscan >/dev/null || %{_sbindir}/groupadd -r vscan +getent group vscan >/dev/null || %_sbindir/groupadd -r vscan getent passwd vscan >/dev/null || \ - %{_sbindir}/useradd -r -o -g vscan -u 65 -s /bin/false \ - -c "Vscan account" -d %{_localstatedir}/spool/amavis vscan -%{_sbindir}/usermod vscan -g vscan + %_sbindir/useradd -r -o -g vscan -u 65 -s /bin/false \ + -c "Vscan account" -d %_localstatedir/spool/amavis vscan +%_sbindir/usermod vscan -g vscan %service_add_pre clamd.service freshclam.service clamav-milter.service %post -systemd-tmpfiles --create %{_tmpfilesdir}/clamav.conf +systemd-tmpfiles --create %_tmpfilesdir/clamav.conf %service_add_post clamd.service freshclam.service clamav-milter.service %preun From c59655e8e207aa8c6508bb837cf3175adb340dbac109a68362003695c467fb38 Mon Sep 17 00:00:00 2001 From: Reinhard Max Date: Tue, 31 Jul 2018 12:08:01 +0000 Subject: [PATCH 8/8] - Unclutter the spec file. OBS-URL: https://build.opensuse.org/package/show/security/clamav?expand=0&rev=175 --- clamav.changes | 1 + clamav.spec | 12 ++++++------ 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/clamav.changes b/clamav.changes index 2025746..5b964b4 100644 --- a/clamav.changes +++ b/clamav.changes @@ -4,6 +4,7 @@ Tue Jul 31 08:43:39 UTC 2018 - max@suse.com - bsc#1101654: Disable YARA support for licensing reasons (clamav-disable-yara.patch). - Do not ignore errors from useradd et al. +- Unclutter the spec file. ------------------------------------------------------------------- Wed Jul 25 16:23:09 UTC 2018 - mpluskal@suse.com diff --git a/clamav.spec b/clamav.spec index b7341ee..771914b 100644 --- a/clamav.spec +++ b/clamav.spec @@ -125,7 +125,7 @@ CFLAGS="$CFLAGS -DFP_64BIT" %configure \ --disable-clamav \ --disable-static \ - --with-dbdir=%_localstatedir/lib/clamav \ + --with-dbdir=/var/lib/clamav \ --with-user=vscan \ --with-group=vscan \ --enable-milter \ @@ -139,10 +139,10 @@ make V=1 %?_smp_mflags %install %make_install -install -d -m755 %buildroot%_localstatedir/lib/clamav +install -d -m755 %buildroot/var/lib/clamav install -d -m755 %buildroot/%_tmpfilesdir install -m644 %SOURCE6 %buildroot%_tmpfilesdir/clamav.conf -mkdir -p %buildroot%_localstatedir/spool/amavis +mkdir -p %buildroot/var/spool/amavis mkdir -p -m 0755 %buildroot/run/clamav find %buildroot -type f -name "*.la" -delete -print @@ -197,8 +197,8 @@ VALGRIND_GENSUP=1 make check %_bindir/* %_sbindir/* %defattr(-,vscan,vscan) -%dir %attr(750,vscan,vscan) %_localstatedir/spool/amavis -%dir %_localstatedir/lib/clamav +%dir %attr(750,vscan,vscan) /var/spool/amavis +%dir /var/lib/clamav %ghost %attr(755,vscan,vscan) /run/clamav %files -n libclamav7 @@ -216,7 +216,7 @@ VALGRIND_GENSUP=1 make check getent group vscan >/dev/null || %_sbindir/groupadd -r vscan getent passwd vscan >/dev/null || \ %_sbindir/useradd -r -o -g vscan -u 65 -s /bin/false \ - -c "Vscan account" -d %_localstatedir/spool/amavis vscan + -c "Vscan account" -d /var/spool/amavis vscan %_sbindir/usermod vscan -g vscan %service_add_pre clamd.service freshclam.service clamav-milter.service