From bf0ca320aa3e72b46f2daa988ae05a09b9da06a96301179049723db5686aa1c8 Mon Sep 17 00:00:00 2001 From: OBS User autobuild Date: Thu, 8 Apr 2010 20:11:51 +0000 Subject: [PATCH] Accepting request 37394 from security Copy from security/clamav based on submit request 37394 from user rmax OBS-URL: https://build.opensuse.org/request/show/37394 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/clamav?expand=0&rev=28 --- clamav-0.95.3.tar.bz2 | 3 --- clamav-0.96.tar.bz2 | 3 +++ clamav-conf.patch | 56 ++++++++++++++++++++++++------------------- clamav-sles9.patch | 6 +++-- clamav.changes | 44 ++++++++++++++++++++++++++++++++++ clamav.spec | 22 ++++++++++------- 6 files changed, 96 insertions(+), 38 deletions(-) delete mode 100644 clamav-0.95.3.tar.bz2 create mode 100644 clamav-0.96.tar.bz2 diff --git a/clamav-0.95.3.tar.bz2 b/clamav-0.95.3.tar.bz2 deleted file mode 100644 index 773ba01..0000000 --- a/clamav-0.95.3.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:2c089f2ea6debb74cc6eefca1e96c77ba23f94e5f3e7ad6b7940ede3fc17e489 -size 26756338 diff --git a/clamav-0.96.tar.bz2 b/clamav-0.96.tar.bz2 new file mode 100644 index 0000000..b07fb34 --- /dev/null +++ b/clamav-0.96.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:81129038a9a91db2032d871f795c3eccf49f5c61b8f2dcd02967cc52a3826713 +size 38070750 diff --git a/clamav-conf.patch b/clamav-conf.patch index 0297388..c65e104 100644 --- a/clamav-conf.patch +++ b/clamav-conf.patch @@ -1,4 +1,6 @@ ---- etc/clamav-milter.conf +Index: etc/clamav-milter.conf +=================================================================== +--- etc/clamav-milter.conf.orig +++ etc/clamav-milter.conf @@ -2,10 +2,6 @@ ## Example config file for clamav-milter @@ -11,7 +13,7 @@ ## ## Main options ## -@@ -17,8 +13,7 @@ +@@ -17,8 +13,7 @@ Example # inet6:port@[hostname|ip-address] - to specify an ipv6 socket # # Default: no default @@ -19,9 +21,9 @@ -#MilterSocket inet:7357 +MilterSocket /var/lib/clamav/clamav-milter-socket - # Remove stale socket after unclean shutdown. - # -@@ -28,7 +23,7 @@ + # Define the group ownership for the (unix) milter socket. + # Default: disabled (the primary group of the user running clamd) +@@ -36,7 +31,7 @@ Example # Run as another user (clamav-milter must be started by root for this option to work) # # Default: unset (don't drop privileges) @@ -30,7 +32,7 @@ # Initialize supplementary group access (clamav-milter must be started by root). # -@@ -56,7 +51,7 @@ +@@ -64,7 +59,7 @@ Example # daemon (main thread). # # Default: disabled @@ -39,7 +41,7 @@ # Optional path to the global temporary directory. # Default: system specific (usually /tmp or /var/tmp). -@@ -82,7 +77,7 @@ +@@ -90,7 +85,7 @@ Example # with the same socket: clamd servers will be selected in a round-robin fashion. # # Default: no default @@ -48,7 +50,7 @@ ## -@@ -193,13 +188,13 @@ +@@ -222,13 +217,13 @@ Example # Use system logger (can work together with LogFile). # # Default: no @@ -64,7 +66,9 @@ # Enable verbose logging. # ---- etc/clamd.conf +Index: etc/clamd.conf +=================================================================== +--- etc/clamd.conf.orig +++ etc/clamd.conf @@ -1,12 +1,8 @@ ## @@ -80,7 +84,7 @@ # Uncomment this option to enable logging. # LogFile must be writable for the user running daemon. # A full path is required. -@@ -40,12 +36,12 @@ +@@ -40,12 +36,12 @@ Example # Use system logger (can work together with LogFile). # Default: no @@ -95,7 +99,7 @@ # Enable verbose logging. # Default: no -@@ -54,7 +50,7 @@ +@@ -54,7 +50,7 @@ Example # This option allows you to save a process identifier of the listening # daemon (main thread). # Default: disabled @@ -104,16 +108,16 @@ # Optional path to the global temporary directory. # Default: system specific (usually /tmp or /var/tmp). -@@ -69,7 +65,7 @@ +@@ -73,7 +69,7 @@ Example # Path to a local socket file the daemon will listen on. # Default: disabled (must be specified by a user) --LocalSocket /tmp/clamd.socket +-#LocalSocket /tmp/clamd.socket +LocalSocket /var/lib/clamav/clamd-socket - # Remove stale socket after unclean shutdown. - # Default: yes -@@ -77,14 +73,14 @@ + # Sets the group ownership on the unix socket. + # Default: disabled (the primary group of the user running clamd) +@@ -89,14 +85,14 @@ Example # TCP port address. # Default: no @@ -130,7 +134,7 @@ # Maximum length the queue of pending connections may grow to. # Default: 15 -@@ -147,7 +143,7 @@ +@@ -183,7 +179,7 @@ Example # Run as another user (clamd must be started by root for this option to work) # Default: don't drop privileges @@ -139,10 +143,10 @@ # Initialize supplementary group access (clamd must be started by root). # Default: no -@@ -395,6 +391,10 @@ - ## - - # Enable Clamuko. Dazuko (/dev/dazuko) must be configured and running. +@@ -420,6 +416,10 @@ Example + # Enable Clamuko. Dazuko must be configured and running. Clamuko supports + # both Dazuko (/dev/dazuko) and DazukoFS (/dev/dazukofs.ctrl). DazukoFS + # is the preferred option. For more information please visit www.dazuko.org +# +# When enabling this, you most probably have to set "User root" above, +# so that clamav can access the files to be scanned. @@ -150,7 +154,9 @@ # Default: no #ClamukoScanOnAccess yes ---- etc/freshclam.conf +Index: etc/freshclam.conf +=================================================================== +--- etc/freshclam.conf.orig +++ etc/freshclam.conf @@ -1,12 +1,8 @@ ## @@ -166,7 +172,7 @@ # Path to the database directory. # WARNING: It must match clamd.conf's directive! # Default: hardcoded (depends on installation options) -@@ -34,21 +30,21 @@ +@@ -34,21 +30,21 @@ Example # Use system logger (can work together with UpdateLogFile). # Default: no @@ -192,7 +198,7 @@ # Initialize supplementary group access (freshclam must be started by root). # Default: no -@@ -111,7 +107,7 @@ +@@ -111,7 +107,7 @@ DatabaseMirror database.clamav.net # Send the RELOAD command to clamd. # Default: no @@ -201,7 +207,7 @@ # Run command after successful database update. # Default: disabled -@@ -148,7 +144,7 @@ +@@ -148,7 +144,7 @@ DatabaseMirror database.clamav.net # detected in the field and in what geographic area they are. # This feature requires LogTime and LogFile to be enabled in clamd.conf. # Default: no diff --git a/clamav-sles9.patch b/clamav-sles9.patch index a4d09d6..3923f00 100644 --- a/clamav-sles9.patch +++ b/clamav-sles9.patch @@ -1,6 +1,8 @@ ---- clamav-milter/clamfi.c +Index: clamav-milter/clamfi.c +=================================================================== +--- clamav-milter/clamfi.c.orig +++ clamav-milter/clamfi.c -@@ -89,16 +89,11 @@ +@@ -90,16 +90,11 @@ static void add_x_header(SMFICTX *ctx, c while(status) if(smfi_chgheader(ctx, (char *)"X-Virus-Status", status--, NULL) != MI_SUCCESS) logg("^Failed to remove existing X-Virus-Status header\n"); diff --git a/clamav.changes b/clamav.changes index 16a0a76..44b3512 100644 --- a/clamav.changes +++ b/clamav.changes @@ -1,3 +1,47 @@ +------------------------------------------------------------------- +Wed Apr 7 19:17:05 CEST 2010 - max@suse.de + +- ClamAV 0.96 introduces new malware detection mechanisms and + other significant improvements to the scan engine. + The key features are: + + * The Bytecode Interpreter: the interpreter built into LibClamAV + allows the signature writers to create and distribute very + complex detection routines and remotely enhance the scanner’s + functionality. + + * Heuristic improvements: improve the PE heuristics detection + engine by adding support of bogus icons and fake PE header + information. In a nutshell, ClamAV can now detect malware that + tries to disguise itself as a harmless application by using + the most common Windows program icons. + + * Signature Improvements: logical signature improvements to + allow more detailed matching and referencing groups of + signatures. Additionally, improvements to wildcard matching on + word boundaries and newlines. + + * Support for new archives: 7zip, InstallShield and CPIO. + LibClamAV can now transparently unpack and inspect their + contents. + + * Support for new executable file formats: 64-bit ELF files and + OS X Universal Binaries with Mach-O files. Additionally, the + PE module can now decompress and inspect executables packed + with UPX 3.0. + + * Support for DazukoFS in clamd + + * Performance improvements: overall performance improvements and + memory optimizations for a better overall resource utilization + experience. + +------------------------------------------------------------------- +Thu Mar 11 16:21:19 CET 2010 - max@suse.de + +- New version: 0.96rc1 +- Added gcc-c++ to BuildRequires to enable the JIT compiler. + ------------------------------------------------------------------- Tue Feb 9 14:29:29 CET 2010 - prusnak@suse.cz diff --git a/clamav.spec b/clamav.spec index 36cc4dd..7fbb73d 100644 --- a/clamav.spec +++ b/clamav.spec @@ -1,5 +1,5 @@ # -# spec file for package clamav (Version 0.95.3) +# spec file for package clamav (Version 0.96) # # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -15,7 +15,6 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # -# norootforbuild Name: clamav @@ -24,14 +23,16 @@ BuildRequires: ncurses-devel sed sendmail sendmail-devel BuildRequires: bc pkgconfig zlib-devel %endif %if 0%{?suse_version} >= 1030 -BuildRequires: check-devel pwdutils +BuildRequires: check-devel pwdutils python %define clamav_check --enable-check %else %define clamav_check --disable-check %endif +# Needed for the JIT bytecode compiler +BuildRequires: gcc-c++ Summary: Antivirus Toolkit -Version: 0.95.3 -Release: 2 +Version: 0.96 +Release: 1 License: GPLv2 Group: Productivity/Security Url: http://www.clamav.net @@ -100,7 +101,7 @@ License: BSD3c(or similar) ; GPLv2+ ; LGPLv2.1+ ; Public Domain, Freeware Group: Productivity/Security Summary: Virus Database for ClamAV PreReq: clamav sed /bin/cp /usr/bin/awk /bin/rm -%if 0%{?suse_version} >= 1120 +%if 0%{?suse_version} > 1120 BuildArch: noarch %endif @@ -127,8 +128,10 @@ Authors: %build %if 0%{?suse_version} >= 1010 CFLAGS="-fstack-protector" +CXXFLAGS="-fstack-protector" %endif -export CFLAGS="%optflags -fno-strict-aliasing $CFLAGS" +export CFLAGS="%optflags $CFLAGS" +export CXXFLAGS="%optflags $CXXFLAGS" %if 0%{?suse_version} == 0910 # SLES9 needs this macro to enable the quarantine feature in libmilter CFLAGS="$CFLAGS -D_FFR_QUARANTINE -D_FFR_SMFI_OPENSOCKET" @@ -145,7 +148,10 @@ CFLAGS="$CFLAGS -D_FFR_QUARANTINE -D_FFR_SMFI_OPENSOCKET" --with-group=vscan \ --enable-milter \ %clamav_check \ - --disable-zlib-vcheck + --disable-zlib-vcheck \ + --enable-llvm \ + --enable-clamdtop + make %{?jobs:-j%jobs} %check