From a7d93681e5ebae6e2b67254ba1bf89e20430665ce5acfea3e09c90da66e30104 Mon Sep 17 00:00:00 2001
From: Reinhard Max <max@suse.com>
Date: Mon, 14 Jan 2013 15:06:55 +0000
Subject: [PATCH] Accepting request 148449 from
 home:m_meister:branches:security

- pids and sockets of clamd and freshclam now reside in /var/run
  instead of /var/lib (bnc#770395)
- modified pid path in clamd's, freshclam's and clamav-milter's
  init scripts

OBS-URL: https://build.opensuse.org/request/show/148449
OBS-URL: https://build.opensuse.org/package/show/security/clamav?expand=0&rev=73
---
 clamav-conf.patch    | 12 ++++++------
 clamav-rcclamd       | 10 +++++++++-
 clamav-rcfreshclam   | 10 +++++++++-
 clamav-rcmilter      | 11 ++++++++++-
 clamav-tmpfiles.conf |  2 ++
 clamav.changes       |  8 ++++++++
 clamav.spec          | 10 +++++++---
 7 files changed, 51 insertions(+), 12 deletions(-)
 create mode 100644 clamav-tmpfiles.conf

diff --git a/clamav-conf.patch b/clamav-conf.patch
index 7900267..f77d55f 100644
--- a/clamav-conf.patch
+++ b/clamav-conf.patch
@@ -19,7 +19,7 @@ Index: etc/clamav-milter.conf
  # Default: no default
 -#MilterSocket /tmp/clamav-milter.socket
 -#MilterSocket inet:7357
-+MilterSocket /var/lib/clamav/clamav-milter-socket
++MilterSocket /var/run/clamav/clamav-milter-socket
  
  # Define the group ownership for the (unix) milter socket.
  # Default: disabled (the primary group of the user running clamd)
@@ -37,7 +37,7 @@ Index: etc/clamav-milter.conf
  #
  # Default: disabled
 -#PidFile /var/run/clamav-milter.pid
-+PidFile /var/lib/clamav/clamav-milter.pid
++PidFile /var/run/clamav/clamav-milter.pid
  
  # Optional path to the global temporary directory.
  # Default: system specific (usually /tmp or /var/tmp).
@@ -46,7 +46,7 @@ Index: etc/clamav-milter.conf
  #
  # Default: no default
 -#ClamdSocket tcp:scanner.mydomain:7357
-+ClamdSocket unix:/var/lib/clamav/clamd-socket
++ClamdSocket unix:/var/run/clamav/clamd-socket
  
  
  ##
@@ -104,7 +104,7 @@ Index: etc/clamd.conf
  # daemon (main thread).
  # Default: disabled
 -#PidFile /var/run/clamd.pid
-+PidFile /var/lib/clamav/clamd.pid
++PidFile /var/run/clamav/clamd.pid
  
  # Optional path to the global temporary directory.
  # Default: system specific (usually /tmp or /var/tmp).
@@ -113,7 +113,7 @@ Index: etc/clamd.conf
  # Path to a local socket file the daemon will listen on.
  # Default: disabled (must be specified by a user)
 -#LocalSocket /tmp/clamd.socket
-+LocalSocket /var/lib/clamav/clamd-socket
++LocalSocket /var/run/clamav/clamd-socket
  
  # Sets the group ownership on the unix socket.
  # Default: disabled (the primary group of the user running clamd)
@@ -188,7 +188,7 @@ Index: etc/freshclam.conf
  # This option allows you to save the process identifier of the daemon
  # Default: disabled
 -#PidFile /var/run/freshclam.pid
-+PidFile /var/lib/clamav/freshclam.pid
++PidFile /var/run/clamav/freshclam.pid
  
  # By default when started freshclam drops privileges and switches to the
  # "clamav" user. This directive allows you to change the database owner.
diff --git a/clamav-rcclamd b/clamav-rcclamd
index 401fec7..96e4434 100644
--- a/clamav-rcclamd
+++ b/clamav-rcclamd
@@ -103,7 +103,15 @@ test -x $CLAMD_BIN || { echo "$CLAMD_BIN not installed";
 	else exit 5; fi; }
 
 CLAMD_DBDIR=$(clamconf | sed -n '/DatabaseDirectory = /{s///;s/"//g;p;q}')
-CLAMD_PIDFILE=/var/lib/clamav/clamd.pid
+CLAMD_PIDFILE=$(clamconf | sed -n '
+	/Config file: clamd.conf/,/^$/ {
+		/PidFile = / {
+			s///
+			s/"//g
+			p
+			q
+		}
+	}')
 
 # Source LSB init functions
 # providing start_daemon, killproc, pidofproc, 
diff --git a/clamav-rcfreshclam b/clamav-rcfreshclam
index b247340..5bc177d 100644
--- a/clamav-rcfreshclam
+++ b/clamav-rcfreshclam
@@ -106,7 +106,15 @@ test -x $FRESHCLAM_BIN || {
     else exit 5; fi;
 }
 
-FRESHCLAM_PIDFILE=/var/lib/clamav/freshclam.pid
+FRESHCLAM_PIDFILE=$(clamconf | sed -n '
+    /Config file: freshclam.conf/,/^$/ {
+        /PidFile = / {
+            s///
+            s/"//g
+            p
+            q
+        }
+    }')
 
 # Source LSB init functions
 # providing start_daemon, killproc, pidofproc, 
diff --git a/clamav-rcmilter b/clamav-rcmilter
index 2363ed2..cca09e4 100644
--- a/clamav-rcmilter
+++ b/clamav-rcmilter
@@ -40,7 +40,16 @@
 # Note: Special treatment of stop for LSB conformance
 BIN=/usr/sbin/clamav-milter
 # Read the pidfile from the config
-PIDFILE=$(sed -n '/^PidFile /{s///p;q}' /etc/clamav-milter.conf)
+PIDFILE=$(clamconf | sed -n '
+    /Config file: clamav-milter.conf/,/^$/ {
+        /PidFile = / {
+            s///
+            s/"//g
+            p
+            q
+        }
+    }')
+
 test -x $BIN || { echo "$BIN not installed"; 
 	if [ "$1" = "stop" ]; then exit 0;
 	else exit 5; fi; }
diff --git a/clamav-tmpfiles.conf b/clamav-tmpfiles.conf
new file mode 100644
index 0000000..626e50e
--- /dev/null
+++ b/clamav-tmpfiles.conf
@@ -0,0 +1,2 @@
+# clamav needs a directory in /var/run:
+d /var/run/clamav 0755 vscan vscan -
diff --git a/clamav.changes b/clamav.changes
index 74023dc..aabbf26 100644
--- a/clamav.changes
+++ b/clamav.changes
@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Mon Jan 14 14:42:03 UTC 2013 - mmeister@suse.com
+
+- pids and sockets of clamd and freshclam now reside in /var/run
+  instead of /var/lib (bnc#770395)
+- modified pid path in clamd's, freshclam's and clamav-milter's
+  init scripts 
+
 -------------------------------------------------------------------
 Mon Jan  7 13:40:31 UTC 2013 - max@suse.com
 
diff --git a/clamav.spec b/clamav.spec
index c0e29b2..4e709d5 100644
--- a/clamav.spec
+++ b/clamav.spec
@@ -59,6 +59,7 @@ Source2:        clamav-rcfreshclam
 Source3:        clamav-updateclamconf
 Source4:        clamav-rpmlintrc
 Source5:        clamav-rcmilter
+Source6:        clamav-tmpfiles.conf
 Patch1:         clamav-conf.patch
 Patch2:         clamav-sles9.patch
 Patch3:         clamav-gcc47.patch
@@ -124,8 +125,9 @@ ln -s /etc/init.d/freshclam %buildroot%_sbindir/rcfreshclam
 install -m755 %SOURCE5 %buildroot/etc/init.d/clamav-milter
 ln -s /etc/init.d/clamav-milter %buildroot%_sbindir/rcclamav-milter
 install -m755 %SOURCE3 %buildroot%_sbindir/updateclamconf
-install -d -m755 %buildroot/var/lib/clamav
-touch %buildroot/var/lib/clamav/{clamd,freshclam}.pid
+install -d -m755 %buildroot/var/{lib,run}/clamav
+install -d -m755 %buildroot/usr/lib/tmpfiles.d
+install -m644 %SOURCE6 %buildroot/usr/lib/tmpfiles.d/clamav.conf
 mkdir -p %buildroot/var/spool/amavis
 %if 0%{?suse_version} > 1020
 rm %buildroot/%_libdir/*.la
@@ -144,6 +146,8 @@ VALGRIND_GENSUP=1 make check
 %defattr(-,root,root,-)
 %config(noreplace) %_sysconfdir/*.conf
 %config %attr(744,root,root)/etc/init.d/*
+%dir /usr/lib/tmpfiles.d
+/usr/lib/tmpfiles.d/clamav.conf
 %doc AUTHORS BUGS ChangeLog COPYING FAQ NEWS README UPGRADE
 %doc docs/*.pdf docs/html
 %doc %_mandir/*/*
@@ -155,7 +159,7 @@ VALGRIND_GENSUP=1 make check
 %defattr(-,vscan,vscan)
 %dir %attr(700,vscan,root) /var/spool/amavis
 %dir /var/lib/clamav
-%ghost /var/lib/clamav/*.pid
+%dir %attr(755,vscan,vscan) /var/run/clamav
 
 %pre
 %_sbindir/groupadd -r vscan 2> /dev/null || :