Accepting request 148449 from home:m_meister:branches:security

- pids and sockets of clamd and freshclam now reside in /var/run instead of /var/lib (bnc#770395) - modified pid path in clamd's, freshclam's and clamav-milter's init scripts OBS-URL: https://build.opensuse.org/request/show/148449 OBS-URL: https://build.opensuse.org/package/show/security/clamav?expand=0&rev=73
2013-01-14 15:06:55 +00:00 · 2013-01-14 15:06:55 +00:00 · a7d93681e5
commit a7d93681e5
parent d8cb99a265
7 changed files with 51 additions and 12 deletions
--- a/clamav-conf.patch
+++ b/clamav-conf.patch
@ -19,7 +19,7 @@ Index: etc/clamav-milter.conf
 # Default: no default
 -#MilterSocket /tmp/clamav-milter.socket
 -#MilterSocket inet:7357
-+MilterSocket /var/lib/clamav/clamav-milter-socket
+MilterSocket /var/run/clamav/clamav-milter-socket
 
 # Define the group ownership for the (unix) milter socket.
 # Default: disabled (the primary group of the user running clamd)
@ -37,7 +37,7 @@ Index: etc/clamav-milter.conf
 #
 # Default: disabled
 -#PidFile /var/run/clamav-milter.pid
-+PidFile /var/lib/clamav/clamav-milter.pid
+PidFile /var/run/clamav/clamav-milter.pid
 
 # Optional path to the global temporary directory.
 # Default: system specific (usually /tmp or /var/tmp).
@ -46,7 +46,7 @@ Index: etc/clamav-milter.conf
 #
 # Default: no default
 -#ClamdSocket tcp:scanner.mydomain:7357
-+ClamdSocket unix:/var/lib/clamav/clamd-socket
+ClamdSocket unix:/var/run/clamav/clamd-socket
 
 
 ##
@ -104,7 +104,7 @@ Index: etc/clamd.conf
 # daemon (main thread).
 # Default: disabled
 -#PidFile /var/run/clamd.pid
-+PidFile /var/lib/clamav/clamd.pid
+PidFile /var/run/clamav/clamd.pid
 
 # Optional path to the global temporary directory.
 # Default: system specific (usually /tmp or /var/tmp).
@ -113,7 +113,7 @@ Index: etc/clamd.conf
 # Path to a local socket file the daemon will listen on.
 # Default: disabled (must be specified by a user)
 -#LocalSocket /tmp/clamd.socket
-+LocalSocket /var/lib/clamav/clamd-socket
+LocalSocket /var/run/clamav/clamd-socket
 
 # Sets the group ownership on the unix socket.
 # Default: disabled (the primary group of the user running clamd)
@ -188,7 +188,7 @@ Index: etc/freshclam.conf
 # This option allows you to save the process identifier of the daemon
 # Default: disabled
 -#PidFile /var/run/freshclam.pid
-+PidFile /var/lib/clamav/freshclam.pid
+PidFile /var/run/clamav/freshclam.pid
 
 # By default when started freshclam drops privileges and switches to the
 # "clamav" user. This directive allows you to change the database owner.
--- a/10
+++ b/10
@ -103,7 +103,15 @@ test -x $CLAMD_BIN || { echo "$CLAMD_BIN not installed";
 	else exit 5; fi; }

 CLAMD_DBDIR=$(clamconf | sed -n '/DatabaseDirectory = /{s///;s/"//g;p;q}')
-CLAMD_PIDFILE=/var/lib/clamav/clamd.pid
+CLAMD_PIDFILE=$(clamconf | sed -n '
+	/Config file: clamd.conf/,/^$/ {
+		/PidFile = / {
+			s///
+			s/"//g
+			p
+			q
+		}
+	}')

 # Source LSB init functions
 # providing start_daemon, killproc, pidofproc, 
--- a/10
+++ b/10
@ -106,7 +106,15 @@ test -x $FRESHCLAM_BIN || {
    else exit 5; fi;
 }

-FRESHCLAM_PIDFILE=/var/lib/clamav/freshclam.pid
+FRESHCLAM_PIDFILE=$(clamconf | sed -n '
+    /Config file: freshclam.conf/,/^$/ {
+        /PidFile = / {
+            s///
+            s/"//g
+            p
+            q
+        }
+    }')

 # Source LSB init functions
 # providing start_daemon, killproc, pidofproc, 
--- a/11
+++ b/11
@ -40,7 +40,16 @@
 # Note: Special treatment of stop for LSB conformance
 BIN=/usr/sbin/clamav-milter
 # Read the pidfile from the config
-PIDFILE=$(sed -n '/^PidFile /{s///p;q}' /etc/clamav-milter.conf)
+PIDFILE=$(clamconf | sed -n '
+    /Config file: clamav-milter.conf/,/^$/ {
+        /PidFile = / {
+            s///
+            s/"//g
+            p
+            q
+        }
+    }')
+
 test -x $BIN || { echo "$BIN not installed"; 
 	if [ "$1" = "stop" ]; then exit 0;
 	else exit 5; fi; }
--- a/clamav-tmpfiles.conf
+++ b/clamav-tmpfiles.conf
@ -0,0 +1,2 @@
+# clamav needs a directory in /var/run:
+d /var/run/clamav 0755 vscan vscan -
--- a/clamav.changes
+++ b/clamav.changes
@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Mon Jan 14 14:42:03 UTC 2013 - mmeister@suse.com
+
+- pids and sockets of clamd and freshclam now reside in /var/run
+  instead of /var/lib (bnc#770395)
+- modified pid path in clamd's, freshclam's and clamav-milter's
+  init scripts 
+
 -------------------------------------------------------------------
 Mon Jan  7 13:40:31 UTC 2013 - max@suse.com

--- a/clamav.spec
+++ b/clamav.spec
@ -59,6 +59,7 @@ Source2:        clamav-rcfreshclam
 Source3:        clamav-updateclamconf
 Source4:        clamav-rpmlintrc
 Source5:        clamav-rcmilter
+Source6:        clamav-tmpfiles.conf
 Patch1:         clamav-conf.patch
 Patch2:         clamav-sles9.patch
 Patch3:         clamav-gcc47.patch
@ -124,8 +125,9 @@ ln -s /etc/init.d/freshclam %buildroot%_sbindir/rcfreshclam
 install -m755 %SOURCE5 %buildroot/etc/init.d/clamav-milter
 ln -s /etc/init.d/clamav-milter %buildroot%_sbindir/rcclamav-milter
 install -m755 %SOURCE3 %buildroot%_sbindir/updateclamconf
-install -d -m755 %buildroot/var/lib/clamav
-touch %buildroot/var/lib/clamav/{clamd,freshclam}.pid
+install -d -m755 %buildroot/var/{lib,run}/clamav
+install -d -m755 %buildroot/usr/lib/tmpfiles.d
+install -m644 %SOURCE6 %buildroot/usr/lib/tmpfiles.d/clamav.conf
 mkdir -p %buildroot/var/spool/amavis
 %if 0%{?suse_version} > 1020
 rm %buildroot/%_libdir/*.la
@ -144,6 +146,8 @@ VALGRIND_GENSUP=1 make check
 %defattr(-,root,root,-)
 %config(noreplace) %_sysconfdir/*.conf
 %config %attr(744,root,root)/etc/init.d/*
+%dir /usr/lib/tmpfiles.d
+/usr/lib/tmpfiles.d/clamav.conf
 %doc AUTHORS BUGS ChangeLog COPYING FAQ NEWS README UPGRADE
 %doc docs/*.pdf docs/html
 %doc %_mandir/*/*
@ -155,7 +159,7 @@ VALGRIND_GENSUP=1 make check
 %defattr(-,vscan,vscan)
 %dir %attr(700,vscan,root) /var/spool/amavis
 %dir /var/lib/clamav
-%ghost /var/lib/clamav/*.pid
+%dir %attr(755,vscan,vscan) /var/run/clamav

 %pre
 %_sbindir/groupadd -r vscan 2> /dev/null || :