Accepting request 148454 from security

- pids and sockets of clamd and freshclam now reside in /var/run
  instead of /var/lib (bnc#770395)
- modified pid path in clamd's, freshclam's and clamav-milter's
  init scripts (forwarded request 148449 from m_meister)

OBS-URL: https://build.opensuse.org/request/show/148454
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/clamav?expand=0&rev=55

.gitattributes

@@ -21,6 +21,3 @@
 *.xz filter=lfs diff=lfs merge=lfs -text
 *.zip filter=lfs diff=lfs merge=lfs -text
 *.zst filter=lfs diff=lfs merge=lfs -text
-## Specific LFS patterns
-daily-16364.cvd filter=lfs diff=lfs merge=lfs -text
-main-54.cvd filter=lfs diff=lfs merge=lfs -text

clamav-conf.patch

@@ -19,7 +19,7 @@ Index: etc/clamav-milter.conf
  # Default: no default
 -#MilterSocket /tmp/clamav-milter.socket
 -#MilterSocket inet:7357
-+MilterSocket /var/lib/clamav/clamav-milter-socket
++MilterSocket /var/run/clamav/clamav-milter-socket
  
  # Define the group ownership for the (unix) milter socket.
  # Default: disabled (the primary group of the user running clamd)
@@ -37,7 +37,7 @@ Index: etc/clamav-milter.conf
  #
  # Default: disabled
 -#PidFile /var/run/clamav-milter.pid
-+PidFile /var/lib/clamav/clamav-milter.pid
++PidFile /var/run/clamav/clamav-milter.pid
  
  # Optional path to the global temporary directory.
  # Default: system specific (usually /tmp or /var/tmp).
@@ -46,7 +46,7 @@ Index: etc/clamav-milter.conf
  #
  # Default: no default
 -#ClamdSocket tcp:scanner.mydomain:7357
-+ClamdSocket unix:/var/lib/clamav/clamd-socket
++ClamdSocket unix:/var/run/clamav/clamd-socket
  
  
  ##
@@ -104,7 +104,7 @@ Index: etc/clamd.conf
  # daemon (main thread).
  # Default: disabled
 -#PidFile /var/run/clamd.pid
-+PidFile /var/lib/clamav/clamd.pid
++PidFile /var/run/clamav/clamd.pid
  
  # Optional path to the global temporary directory.
  # Default: system specific (usually /tmp or /var/tmp).
@@ -113,7 +113,7 @@ Index: etc/clamd.conf
  # Path to a local socket file the daemon will listen on.
  # Default: disabled (must be specified by a user)
 -#LocalSocket /tmp/clamd.socket
-+LocalSocket /var/lib/clamav/clamd-socket
++LocalSocket /var/run/clamav/clamd-socket
  
  # Sets the group ownership on the unix socket.
  # Default: disabled (the primary group of the user running clamd)
@@ -188,7 +188,7 @@ Index: etc/freshclam.conf
  # This option allows you to save the process identifier of the daemon
  # Default: disabled
 -#PidFile /var/run/freshclam.pid
-+PidFile /var/lib/clamav/freshclam.pid
++PidFile /var/run/clamav/freshclam.pid
  
  # By default when started freshclam drops privileges and switches to the
  # "clamav" user. This directive allows you to change the database owner.

clamav-rcclamd

@@ -103,7 +103,15 @@ test -x $CLAMD_BIN || { echo "$CLAMD_BIN not installed";
 	else exit 5; fi; }
 
 CLAMD_DBDIR=$(clamconf | sed -n '/DatabaseDirectory = /{s///;s/"//g;p;q}')
-CLAMD_PIDFILE=/var/lib/clamav/clamd.pid
+CLAMD_PIDFILE=$(clamconf | sed -n '
+	/Config file: clamd.conf/,/^$/ {
+		/PidFile = / {
+			s///
+			s/"//g
+			p
+			q
+		}
+	}')
 
 # Source LSB init functions
 # providing start_daemon, killproc, pidofproc, 

clamav-rcfreshclam

@@ -106,7 +106,15 @@ test -x $FRESHCLAM_BIN || {
     else exit 5; fi;
 }
 
-FRESHCLAM_PIDFILE=/var/lib/clamav/freshclam.pid
+FRESHCLAM_PIDFILE=$(clamconf | sed -n '
+    /Config file: freshclam.conf/,/^$/ {
+        /PidFile = / {
+            s///
+            s/"//g
+            p
+            q
+        }
+    }')
 
 # Source LSB init functions
 # providing start_daemon, killproc, pidofproc, 

clamav-rcmilter

@@ -40,7 +40,16 @@
 # Note: Special treatment of stop for LSB conformance
 BIN=/usr/sbin/clamav-milter
 # Read the pidfile from the config
-PIDFILE=$(sed -n '/^PidFile /{s///p;q}' /etc/clamav-milter.conf)
+PIDFILE=$(clamconf | sed -n '
+    /Config file: clamav-milter.conf/,/^$/ {
+        /PidFile = / {
+            s///
+            s/"//g
+            p
+            q
+        }
+    }')
+
 test -x $BIN || { echo "$BIN not installed"; 
 	if [ "$1" = "stop" ]; then exit 0;
 	else exit 5; fi; }

clamav-tmpfiles.conf

@@ -0,0 +1,2 @@
+# clamav needs a directory in /var/run:
+d /var/run/clamav 0755 vscan vscan -

clamav.changes

@@ -1,3 +1,21 @@
+-------------------------------------------------------------------
+Mon Jan 14 14:42:03 UTC 2013 - mmeister@suse.com
+
+- pids and sockets of clamd and freshclam now reside in /var/run
+  instead of /var/lib (bnc#770395)
+- modified pid path in clamd's, freshclam's and clamav-milter's
+  init scripts 
+
+-------------------------------------------------------------------
+Mon Jan  7 13:40:31 UTC 2013 - max@suse.com
+
+- Remove the clamav-db subpackage. ClamAV installations should
+  fetch current versions of the virus database directly from
+  upstream. If there really is need for a packaged database, it
+  should be in a separate package.
+- Remove scripts do deal with very old (before 2008) config and
+  database file formats.
+
 -------------------------------------------------------------------
 Sat Jan  5 01:53:56 UTC 2013 - andreas.stieger@gmx.de
 

clamav.spec

@@ -45,7 +45,6 @@ BuildRequires:  bzip2
 Summary:        Antivirus Toolkit
 License:        GPL-2.0
 Group:          Productivity/Security
-# version updates should also fetch the current cvd files for the db subpackage
 Version:        0.97.6
 Release:        0
 Url:            http://www.clamav.net
@@ -60,12 +59,7 @@ Source2:        clamav-rcfreshclam
 Source3:        clamav-updateclamconf
 Source4:        clamav-rpmlintrc
 Source5:        clamav-rcmilter
-# http://db.local.clamav.net/main.cvd
-%define main_cvd_version 54
-Source6:        main-%{main_cvd_version}.cvd
-# http://db.local.clamav.net/daily.cvd
-%define daily_cvd_version 16364
-Source7:        daily-%{daily_cvd_version}.cvd
+Source6:        clamav-tmpfiles.conf
 Patch1:         clamav-conf.patch
 Patch2:         clamav-sles9.patch
 Patch3:         clamav-gcc47.patch
@@ -81,29 +75,6 @@ signature updates. The core ClamAV library provides numerous file
 format detection mechanisms, file unpacking support, archive support,
 and multiple signature languages for detecting threats.
 
-%package db
-Summary:        Virus Database for ClamAV
-License:        BSD-3-Clause and GPL-2.0+ and LGPL-2.1+ and SUSE-Public-Domain and MIT
-Group:          Productivity/Security
-PreReq:         clamav sed /bin/cp /usr/bin/awk /bin/rm
-%if 0%{?suse_version} > 1120
-BuildArch:      noarch
-%endif
-Version:        %{version}
-Release:        %{main_cvd_version}.%{daily_cvd_version}.<CI_CNT>.<B_CNT>
-
-%description db
-This package contains a snapshot of the virus description database for
-ClamAV. It is not needed if you use freshclam to keep your virus
-database up to date.
-
-
-
-Authors:
---------
-    Tomasz Kojm
-    Nigel Horne
-
 %prep
 %setup -q
 %patch1
@@ -154,15 +125,9 @@ ln -s /etc/init.d/freshclam %buildroot%_sbindir/rcfreshclam
 install -m755 %SOURCE5 %buildroot/etc/init.d/clamav-milter
 ln -s /etc/init.d/clamav-milter %buildroot%_sbindir/rcclamav-milter
 install -m755 %SOURCE3 %buildroot%_sbindir/updateclamconf
-install -d -m755 %buildroot/var/lib/clamav
-touch %buildroot/var/lib/clamav/{clamd,freshclam}.pid
-install -m755 %SOURCE6 %buildroot/var/lib/clamav/main.cvd
-install -m755 %SOURCE7 %buildroot/var/lib/clamav/daily.cvd
-for f in %buildroot/var/lib/clamav/*.cvd; do
-	mv $f $f.dist
-	touch $f
-done
-touch %buildroot/var/lib/clamav/{main,daily}.cld
+install -d -m755 %buildroot/var/{lib,run}/clamav
+install -d -m755 %buildroot/usr/lib/tmpfiles.d
+install -m644 %SOURCE6 %buildroot/usr/lib/tmpfiles.d/clamav.conf
 mkdir -p %buildroot/var/spool/amavis
 %if 0%{?suse_version} > 1020
 rm %buildroot/%_libdir/*.la
@@ -172,14 +137,6 @@ sed -i 's/^Libs: .*/Libs: -lclamav/' %buildroot%_libdir/pkgconfig/libclamav.pc
 
 %check
 
-# signature check using installed clamav sigtool
-LD_LIBRARY_PATH="%buildroot%{_libdir}" "%buildroot%{_bindir}/sigtool" --info %buildroot/var/lib/clamav/main.cvd.dist
-LD_LIBRARY_PATH="%buildroot%{_libdir}" "%buildroot%{_bindir}/sigtool" --info %buildroot/var/lib/clamav/daily.cvd.dist
-
-# Check that cvd version matches versions declared in package
-test "$(head -c512 %SOURCE6 | cut -d: -f3)" = "%{main_cvd_version}"
-test "$(head -c512 %SOURCE7 | cut -d: -f3)" = "%{daily_cvd_version}"
-
 # regressoin tests
 %if !0%{?qemu_user_space_build:1}
 VALGRIND_GENSUP=1 make check
@@ -189,6 +146,8 @@ VALGRIND_GENSUP=1 make check
 %defattr(-,root,root,-)
 %config(noreplace) %_sysconfdir/*.conf
 %config %attr(744,root,root)/etc/init.d/*
+%dir /usr/lib/tmpfiles.d
+/usr/lib/tmpfiles.d/clamav.conf
 %doc AUTHORS BUGS ChangeLog COPYING FAQ NEWS README UPGRADE
 %doc docs/*.pdf docs/html
 %doc %_mandir/*/*
@@ -200,14 +159,7 @@ VALGRIND_GENSUP=1 make check
 %defattr(-,vscan,vscan)
 %dir %attr(700,vscan,root) /var/spool/amavis
 %dir /var/lib/clamav
-%ghost /var/lib/clamav/*.pid
-%ghost /var/lib/clamav/*.cld
-%ghost /var/lib/clamav/*.cvd
-
-%files db
-%defattr(-,vscan,vscan)
-%dir /var/lib/clamav
-/var/lib/clamav/*.cvd.dist
+%dir %attr(755,vscan,vscan) /var/run/clamav
 
 %pre
 %_sbindir/groupadd -r vscan 2> /dev/null || :
@@ -231,44 +183,6 @@ for f in /etc/clamd.conf /etc/freshclam.conf /etc/clamav-milter.conf; do
     fi
   fi
 done
-# convert virus database file format when updating from < 0.93
-DBDIR=$(awk '/^[[:space:]]*DatabaseDirectory/{print $NF}' /etc/clamd.conf)
-cd ${DBDIR:=/var/lib/clamav}
-umask 022
-TMPFILE=$PWD/tmp.$$
-for type in main daily; do
-    rm -f $TMPFILE
-    if test ! -f $type.cvd -a ! -f $type.cld -a -d $type.inc; then
-	cd $type.inc
-	test -f COPYING -a -f $type.info -a -f $type.db \
-	    -a -f $type.hdb -a -f $type.mdb -a -f $type.ndb \
-	    -a -f $type.zmd -a -f $type.fp || continue
-	awk 'NR==1{printf $0; for (i=length($0); i<512; i++) printf " "}' \
-	    $type.info > $TMPFILE || continue
-	tar -c -f- COPYING $type.info $type.db $type.hdb $type.mdb \
-	    $type.ndb $type.zmd $type.fp >> $TMPFILE || continue
-	cd ..
-	if test -f $TMPFILE; then
-	    chown --reference $type.inc $TMPFILE 2>/dev/null
-	    mv $TMPFILE $type.cld
-	fi
-    fi
-done
-rm -f $TMPFILE
-
-%triggerpostun -- %name < 0.88.3
-# Move clamav.conf to clamd.conf when updating from an old version
-# and inform the admin about the rename.
-cd /etc
-if test -e clamav.conf.rpmsave -a ! -e clamd.conf.rpmnew; then
-   mv clamd.conf clamd.conf.rpmnew
-   mv clamav.conf.rpmsave clamd.conf
-   cat > clamav.conf <<-EOF
-	# clamd.conf has been renamed to clamav.conf.
-	# This file can be removed.
-	EOF
-   %restart_on_update clamd
-fi
 
 %preun
 %stop_on_removal clamd freshclam
@@ -278,27 +192,4 @@ fi
 %restart_on_update clamd freshclam
 %insserv_cleanup
 
-%post db
-# determine the version number of a given database file
-getversion() {
-  if test -f "$1"; then
-    /usr/bin/sigtool -i "$1" | sed -n '/^Version: /s///gp'
-  else
-    # a non-existing file is assumed to have version 0
-    echo 0
-  fi
-}
-DBDIR=$(awk '/^[[:space:]]*DatabaseDirectory/{print $NF}' /etc/clamd.conf)
-cd ${DBDIR:=/var/lib/clamav}
-for f in main daily; do
-  vdist=$(getversion $f.cvd.dist)
-  vcvd=$(getversion $f.cvd)
-  vcld=$(getversion $f.cld)
-  v=$((vcld > vcvd ? vcld : vcvd))
-  if test $vdist -gt $v; then
-    cp -a $f.cvd.dist $f.cvd
-    rm -f $f.cld
-  fi
-done
-
 %changelog

daily-16364.cvd

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:0e3034771c13110364b0c3b80159d3d86f539aef0583a7894586fa1770e0652b
-size 11969872

main-54.cvd

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:1cf30db1c9a0755daff25e63f6ad9af191157275ebd843ca0f5e1b4f955fb737
-size 30750647