commit d3fe1b720db9737a56c5c02296abf63cade7af516a3b9ed07e8b55b529db2a8a Author: OBS User unknown Date: Mon Jan 15 23:07:16 2007 +0000 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/clamav?expand=0&rev=1 diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/clamav-0.88.7.tar.bz2 b/clamav-0.88.7.tar.bz2 new file mode 100644 index 0000000..a56d6fc --- /dev/null +++ b/clamav-0.88.7.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:084bb99e7a22a2903a23b600879fa3d529363b4e41767cd4fe08ec477a7f21dc +size 9384613 diff --git a/clamav-conf.patch b/clamav-conf.patch new file mode 100644 index 0000000..11e6f11 --- /dev/null +++ b/clamav-conf.patch @@ -0,0 +1,135 @@ +--- etc/clamd.conf ++++ etc/clamd.conf +@@ -3,15 +3,11 @@ + ## Please read the clamd.conf(5) manual before editing this file. + ## + +- +-# Comment or remove the line below. +-Example +- + # Uncomment this option to enable logging. + # LogFile must be writable for the user running daemon. + # A full path is required. + # Default: disabled +-#LogFile /tmp/clamd.log ++#LogFile /var/log/clamd + + # By default the log file is locked for writing - the lock protects against + # running clamd multiple times (if want to run another clamd, please +@@ -40,12 +36,12 @@ + + # Use system logger (can work together with LogFile). + # Default: disabled +-#LogSyslog ++LogSyslog + + # Specify the type of syslog messages - please refer to 'man syslog' + # for facility names. + # Default: LOG_LOCAL6 +-#LogFacility LOG_MAIL ++LogFacility LOG_MAIL + + # Enable verbose logging. + # Default: disabled +@@ -54,7 +50,7 @@ + # This option allows you to save a process identifier of the listening + # daemon (main thread). + # Default: disabled +-#PidFile /var/run/clamd.pid ++PidFile /var/lib/clamav/clamd.pid + + # Optional path to the global temporary directory. + # Default: system specific (usually /tmp or /var/tmp). +@@ -69,7 +65,7 @@ + + # Path to a local socket file the daemon will listen on. + # Default: disabled +-LocalSocket /tmp/clamd ++#LocalSocket /var/lib/clamav/clamd-socket + + # Remove stale socket after unclean shutdown. + # Default: disabled +@@ -77,14 +73,14 @@ + + # TCP port address. + # Default: disabled +-#TCPSocket 3310 ++TCPSocket 3310 + + # TCP address. + # By default we bind to INADDR_ANY, probably not wise. + # Enable the following to provide some degree of protection + # from the outside world. + # Default: disabled +-#TCPAddr 127.0.0.1 ++TCPAddr 127.0.0.1 + + # Maximum length the queue of pending connections may grow to. + # Default: 15 +@@ -141,7 +137,7 @@ + + # Run as a selected user (clamd must be started by root). + # Default: disabled +-#User clamav ++User vscan + + # Initialize supplementary group access (clamd must be started by root). + # Default: disabled +@@ -152,7 +148,7 @@ + + # Don't fork into background. + # Default: disabled +-#Foreground ++Foreground + + # Enable debug messages in libclamav. + # Default: disabled +--- etc/freshclam.conf ++++ etc/freshclam.conf +@@ -4,10 +4,6 @@ + ## This file may be optionally merged with clamd.conf. + ## + +- +-# Comment or remove the line below. +-Example +- + # Path to the database directory. + # WARNING: It must match clamd.conf's directive! + # Default: hardcoded (depends on installation options) +@@ -23,21 +19,21 @@ + + # Use system logger (can work together with UpdateLogFile). + # Default: disabled +-#LogSyslog ++LogSyslog + + # Specify the type of syslog messages - please refer to 'man syslog' + # for facility names. + # Default: LOG_LOCAL6 +-#LogFacility LOG_MAIL ++LogFacility LOG_MAIL + + # This option allows you to save the process identifier of the daemon + # Default: disabled +-#PidFile /var/run/freshclam.pid ++PidFile /var/lib/clamav/freshclam.pid + + # By default when started freshclam drops privileges and switches to the + # "clamav" user. This directive allows you to change the database owner. + # Default: clamav (may depend on installation options) +-#DatabaseOwner clamav ++DatabaseOwner vscan + + # Initialize supplementary group access (freshclam must be started by root). + # Default: disabled +@@ -82,7 +78,7 @@ + + # Send the RELOAD command to clamd. + # Default: disabled +-#NotifyClamd ++NotifyClamd + # By default it uses the hardcoded configuration file but you can force an + # another one. + #NotifyClamd /config/file/path diff --git a/clamav-rcclamd b/clamav-rcclamd new file mode 100644 index 0000000..3f99b12 --- /dev/null +++ b/clamav-rcclamd @@ -0,0 +1,233 @@ +#! /bin/sh +# Copyright (c) 1995-2003 SuSE Linux AG, Nuernberg, Germany. +# All rights reserved. +# +# Author: Kurt Garloff +# Please send feedback to http://www.suse.de/feedback/ +# +# /etc/init.d/clamd +# and its symbolic link +# /(usr/)sbin/rcclamd +# +# +# LSB compatible service control script; see http://www.linuxbase.org/spec/ +# +# Note: This template uses functions rc_XXX defined in /etc/rc.status on +# UnitedLinux (UL) based Linux distributions. If you want to base your +# script on this template and ensure that it works on non UL based LSB +# compliant Linux distributions, you either have to provide the rc.status +# functions from UL or change the script to work without them. +# +### BEGIN INIT INFO +# Provides: clamd +# Required-Start: $syslog $remote_fs +# Required-Stop: $syslog $remote_fs +# Default-Start: 3 5 +# Default-Stop: 0 1 2 6 +# Short-Description: virus scanner daemon +# Description: Start the clamd virus scanner daemon +### END INIT INFO +# +# Any extensions to the keywords given above should be preceeded by +# X-VendorTag- (X-UnitedLinux- for us) according to LSB. +# +# Notes on Required-Start/X-UnitedLinux-Should-Start: +# * There are two different issues that are solved by Required-Start +# and X-UnitedLinux-Should-Start +# (a) Hard dependencies: This is used by the runlevel editor to determine +# which services absolutely need to be started to make the start of +# this service make sense. Example: nfsserver should have +# Required-Start: $portmap +# Also, required services are started before the dependent ones. +# The runlevel editor will warn about such missing hard dependencies +# and suggest enabling. During system startup, you may expect an error, +# if the dependency is not fulfilled. +# (b) Specifying the init script ordering, not real (hard) dependencies. +# This is needed by insserv to determine which service should be +# started first (and at a later stage what services can be started +# in parallel). The tag X-UnitedLinux-Should-Start: is used for this. +# It tells, that if a service is available, it should be started +# before. If not, never mind. +# * When specifying hard dependencies or ordering requirements, you can +# use names of services (contents of their Provides: section) +# or pseudo names starting with a $. The following ones are available +# according to LSB (1.1): +# $local_fs all local file systems are mounted +# (most services should need this!) +# $remote_fs all remote file systems are mounted +# (note that /usr may be remote, so +# many services should Require this!) +# $syslog system logging facility up +# $network low level networking (eth card, ...) +# $named hostname resolution available +# $netdaemons all network daemons are running +# The $netdaemons pseudo service has been removed in LSB 1.2. +# For now, we still offer it for backward compatibility. +# These are new (LSB 1.2): +# $time the system time has been set correctly +# $portmap SunRPC portmapping service available +# UnitedLinux extensions: +# $ALL indicates that a script should be inserted +# at the end +# * The services specified in the stop tags +# (Required-Stop/X-UnitedLinux-Should-Stop) +# specify which services need to be still running when this service +# is shut down. Often the entries there are just copies or a subset +# from the respective start tag. +# * X-UnitedLinux-Should-Start/Stop are not part of LSB (as of 1.3) +# but official Should-Start/Stop tags are in discussion (1.9). +# insserv does support these as well. +# * X-UnitedLinux-Default-Enabled: yes/no is used at installation time +# (%fillup_and_insserv macro in %post of many RPMs) to specify whether +# a startup script should default to be enabled after installation. +# It's not used by insserv. +# +# Note on runlevels: +# 0 - halt/poweroff 6 - reboot +# 1 - single user 2 - multiuser without network exported +# 3 - multiuser w/ network (text mode) 5 - multiuser w/ network and X11 (xdm) +# +# Note on script names: +# http://www.linuxbase.org/spec/refspecs/LSB_1.3.0/gLSB/gLSB/scrptnames.html +# A registry has been set up to manage the init script namespace. +# http://www.lanana.org/ +# Please use the names already registered or register one or use a +# vendor prefix. + + +# Check for missing binaries (stale symlinks should not happen) +# Note: Special treatment of stop for LSB conformance +CLAMD_BIN=/usr/sbin/clamd +test -x $CLAMD_BIN || { echo "$CLAMD_BIN not installed"; + if [ "$1" = "stop" ]; then exit 0; + else exit 5; fi; } + +CLAMD_DB=/var/lib/clamav/main.cvd +CLAMD_PIDFILE=/var/lib/clamav/clamd.pid + +# Source LSB init functions +# providing start_daemon, killproc, pidofproc, +# log_success_msg, log_failure_msg and log_warning_msg. +# This is currently not used by UnitedLinux based distributions and +# not needed for init scripts for UnitedLinux only. If it is used, +# the functions from rc.status should not be sourced or used. +#. /lib/lsb/init-functions + +# Shell functions sourced from /etc/rc.status: +# rc_check check and set local and overall rc status +# rc_status check and set local and overall rc status +# rc_status -v be verbose in local rc status and clear it afterwards +# rc_status -v -r ditto and clear both the local and overall rc status +# rc_status -s display "skipped" and exit with status 3 +# rc_status -u display "unused" and exit with status 3 +# rc_failed set local and overall rc status to failed +# rc_failed set local and overall rc status to +# rc_reset clear both the local and overall rc status +# rc_exit exit appropriate to overall rc status +# rc_active checks whether a service is activated by symlinks +# rc_splash arg sets the boot splash screen to arg (if active) +. /etc/rc.status + +# Reset status of this service +rc_reset + +# Return values acc. to LSB for all commands but status: +# 0 - success +# 1 - generic or unspecified error +# 2 - invalid or excess argument(s) +# 3 - unimplemented feature (e.g. "reload") +# 4 - user had insufficient privileges +# 5 - program is not installed +# 6 - program is not configured +# 7 - program is not running +# 8--199 - reserved (8--99 LSB, 100--149 distrib, 150--199 appl) +# +# Note that starting an already running service, stopping +# or restarting a not-running service as well as the restart +# with force-reload (in case signaling is not supported) are +# considered a success. + +case "$1" in + start) + echo -n "Starting Clam AntiVirus daemon " + # Check if there is a virus definition file + if ! test -f $CLAMD_DB ; then + echo "" + echo " Virus definition file $CLAMD_DB is missing." + echo " Either install the clamav-db package or run freshclam " + echo -n " to get the virus definitions." + rc_failed 6 + else + ## Start daemon with startproc(8). If this fails + ## the return value is set appropriately by startproc. + startproc -q -p $CLAMD_PIDFILE $CLAMD_BIN + fi + # Remember status and be verbose + rc_status -v + ;; + stop) + echo -n "Shutting down Clam AntiVirus daemon " + ## Stop daemon with killproc(8) and if this fails + ## killproc sets the return value according to LSB. + + killproc -p $CLAMD_PIDFILE -TERM $CLAMD_BIN + + # Remember status and be verbose + rc_status -v + ;; + try-restart | condrestart) + ## Do a restart only if the service was active before. + ## Note: try-restart is now part of LSB (as of 1.9). + ## RH has a similar command named condrestart. + if test "$1" = "condrestart"; then + echo "${attn} Use try-restart ${done}(LSB)${attn} rather than condrestart ${warn}(RH)${norm}" + fi + $0 status + if test $? = 0; then + $0 restart + else + rc_reset # Not running is not a failure. + fi + # Remember status and be quiet + rc_status + ;; + restart) + ## Stop the service and regardless of whether it was + ## running or not, start it again. + $0 stop + $0 start + + # Remember status and be quiet + rc_status + ;; + reload | force-reload) + ## Signal the daemon to reload its config. + echo -n "Reloading Clam AntiVirus daemon " + checkproc -p $CLAMD_PIDFILE $CLAMD_BIN && echo RELOAD > /dev/tcp/127.0.0.1/3310 + rc_status -v + ;; + status) + echo -n "Checking for Clam AntiVirus daemon " + ## Check status with checkproc(8), if process is running + ## checkproc will return with exit status 0. + + # Return value is slightly different for the status command: + # 0 - service up and running + # 1 - service dead, but /var/run/ pid file exists + # 2 - service dead, but /var/lock/ lock file exists + # 3 - service not running (unused) + # 4 - service status unknown :-( + # 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.) + + # NOTE: checkproc returns LSB compliant status values. + checkproc -p $CLAMD_PIDFILE $CLAMD_BIN + # NOTE: rc_status knows that we called this init script with + # "status" option and adapts its messages accordingly. + rc_status -v + ;; + *) + echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload}" + exit 1 + ;; +esac +rc_exit diff --git a/clamav-rcfreshclam b/clamav-rcfreshclam new file mode 100644 index 0000000..8b13e60 --- /dev/null +++ b/clamav-rcfreshclam @@ -0,0 +1,227 @@ +#! /bin/sh +# Copyright (c) 1995-2003 SuSE Linux AG, Nuernberg, Germany. +# All rights reserved. +# +# Author: Kurt Garloff +# Please send feedback to http://www.suse.de/feedback/ +# +# /etc/init.d/freshclam +# and its symbolic link +# /(usr/)sbin/rcfreshclam +# +# +# LSB compatible service control script; see http://www.linuxbase.org/spec/ +# +# Note: This template uses functions rc_XXX defined in /etc/rc.status on +# UnitedLinux (UL) based Linux distributions. If you want to base your +# script on this template and ensure that it works on non UL based LSB +# compliant Linux distributions, you either have to provide the rc.status +# functions from UL or change the script to work without them. +# +### BEGIN INIT INFO +# Provides: freshclam +# Required-Start: $syslog $remote_fs +# X-UnitedLinux-Should-Start: $time ypbind sendmail +# Required-Stop: $syslog $remote_fs +# X-UnitedLinux-Should-Stop: $time ypbind sendmail +# Default-Start: 3 5 +# Default-Stop: 0 1 2 6 +# Short-Description: virus scanner daemon +# Description: Start the freshclam virus database update daemon +### END INIT INFO +# +# Any extensions to the keywords given above should be preceeded by +# X-VendorTag- (X-UnitedLinux- for us) according to LSB. +# +# Notes on Required-Start/X-UnitedLinux-Should-Start: +# * There are two different issues that are solved by Required-Start +# and X-UnitedLinux-Should-Start +# (a) Hard dependencies: This is used by the runlevel editor to determine +# which services absolutely need to be started to make the start of +# this service make sense. Example: nfsserver should have +# Required-Start: $portmap +# Also, required services are started before the dependent ones. +# The runlevel editor will warn about such missing hard dependencies +# and suggest enabling. During system startup, you may expect an error, +# if the dependency is not fulfilled. +# (b) Specifying the init script ordering, not real (hard) dependencies. +# This is needed by insserv to determine which service should be +# started first (and at a later stage what services can be started +# in parallel). The tag X-UnitedLinux-Should-Start: is used for this. +# It tells, that if a service is available, it should be started +# before. If not, never mind. +# * When specifying hard dependencies or ordering requirements, you can +# use names of services (contents of their Provides: section) +# or pseudo names starting with a $. The following ones are available +# according to LSB (1.1): +# $local_fs all local file systems are mounted +# (most services should need this!) +# $remote_fs all remote file systems are mounted +# (note that /usr may be remote, so +# many services should Require this!) +# $syslog system logging facility up +# $network low level networking (eth card, ...) +# $named hostname resolution available +# $netdaemons all network daemons are running +# The $netdaemons pseudo service has been removed in LSB 1.2. +# For now, we still offer it for backward compatibility. +# These are new (LSB 1.2): +# $time the system time has been set correctly +# $portmap SunRPC portmapping service available +# UnitedLinux extensions: +# $ALL indicates that a script should be inserted +# at the end +# * The services specified in the stop tags +# (Required-Stop/X-UnitedLinux-Should-Stop) +# specify which services need to be still running when this service +# is shut down. Often the entries there are just copies or a subset +# from the respective start tag. +# * X-UnitedLinux-Should-Start/Stop are not part of LSB (as of 1.3) +# but official Should-Start/Stop tags are in discussion (1.9). +# insserv does support these as well. +# * X-UnitedLinux-Default-Enabled: yes/no is used at installation time +# (%fillup_and_insserv macro in %post of many RPMs) to specify whether +# a startup script should default to be enabled after installation. +# It's not used by insserv. +# +# Note on runlevels: +# 0 - halt/poweroff 6 - reboot +# 1 - single user 2 - multiuser without network exported +# 3 - multiuser w/ network (text mode) 5 - multiuser w/ network and X11 (xdm) +# +# Note on script names: +# http://www.linuxbase.org/spec/refspecs/LSB_1.3.0/gLSB/gLSB/scrptnames.html +# A registry has been set up to manage the init script namespace. +# http://www.lanana.org/ +# Please use the names already registered or register one or use a +# vendor prefix. + + +# Check for missing binaries (stale symlinks should not happen) +# Note: Special treatment of stop for LSB conformance +FRESHCLAM_BIN=/usr/bin/freshclam +test -x $FRESHCLAM_BIN || { + echo "$FRESHCLAM_BIN not installed"; + if [ "$1" = "stop" ]; then exit 0; + else exit 5; fi; +} + +FRESHCLAM_PIDFILE=/var/lib/clamav/freshclam.pid + +# Source LSB init functions +# providing start_daemon, killproc, pidofproc, +# log_success_msg, log_failure_msg and log_warning_msg. +# This is currently not used by UnitedLinux based distributions and +# not needed for init scripts for UnitedLinux only. If it is used, +# the functions from rc.status should not be sourced or used. +#. /lib/lsb/init-functions + +# Shell functions sourced from /etc/rc.status: +# rc_check check and set local and overall rc status +# rc_status check and set local and overall rc status +# rc_status -v be verbose in local rc status and clear it afterwards +# rc_status -v -r ditto and clear both the local and overall rc status +# rc_status -s display "skipped" and exit with status 3 +# rc_status -u display "unused" and exit with status 3 +# rc_failed set local and overall rc status to failed +# rc_failed set local and overall rc status to +# rc_reset clear both the local and overall rc status +# rc_exit exit appropriate to overall rc status +# rc_active checks whether a service is activated by symlinks +# rc_splash arg sets the boot splash screen to arg (if active) +. /etc/rc.status + +# Reset status of this service +rc_reset + +# Return values acc. to LSB for all commands but status: +# 0 - success +# 1 - generic or unspecified error +# 2 - invalid or excess argument(s) +# 3 - unimplemented feature (e.g. "reload") +# 4 - user had insufficient privileges +# 5 - program is not installed +# 6 - program is not configured +# 7 - program is not running +# 8--199 - reserved (8--99 LSB, 100--149 distrib, 150--199 appl) +# +# Note that starting an already running service, stopping +# or restarting a not-running service as well as the restart +# with force-reload (in case signaling is not supported) are +# considered a success. + +case "$1" in + start) + echo -n "Starting Clam AntiVirus database update daemon " + # Check if there is a virus definition file + startproc -p $FRESHCLAM_PIDFILE $FRESHCLAM_BIN -d + + # Remember status and be verbose + rc_status -v + ;; + stop) + echo -n "Shutting down Clam AntiVirus database update daemon " + ## Stop daemon with killproc(8) and if this fails + ## killproc sets the return value according to LSB. + killproc -p $FRESHCLAM_PIDFILE -TERM $FRESHCLAM_BIN + + # Remember status and be verbose + rc_status -v + ;; + try-restart | condrestart) + ## Do a restart only if the service was active before. + ## Note: try-restart is now part of LSB (as of 1.9). + ## RH has a similar command named condrestart. + if test "$1" = "condrestart"; then + echo "${attn} Use try-restart ${done}(LSB)${attn} rather than condrestart ${warn}(RH)${norm}" + fi + $0 status + if test $? = 0; then + $0 restart + else + rc_reset # Not running is not a failure. + fi + # Remember status and be quiet + rc_status + ;; + restart) + ## Stop the service and regardless of whether it was + ## running or not, start it again. + $0 stop + $0 start + + # Remember status and be quiet + rc_status + ;; + reload | force-reload) + ## Signal the daemon to reload its config. + echo -n "Reloading Clam AntiVirus database update daemon " + checkproc -p $FRESHCLAM_PIDFILE $FRESHCLAM_BIN && + killproc -p $FRESHCLAM_PIDFILE -HUP $FRESHCLAM_BIN + rc_status -v + ;; + status) + echo -n "Checking for Clam AntiVirus database update daemon " + ## Check status with checkproc(8), if process is running + ## checkproc will return with exit status 0. + + # Return value is slightly different for the status command: + # 0 - service up and running + # 1 - service dead, but /var/run/ pid file exists + # 2 - service dead, but /var/lock/ lock file exists + # 3 - service not running (unused) + # 4 - service status unknown :-( + # 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.) + + # NOTE: checkproc returns LSB compliant status values. + checkproc -p $FRESHCLAM_PIDFILE $FRESHCLAM_BIN + # NOTE: rc_status knows that we called this init script with + # "status" option and adapts its messages accordingly. + rc_status -v + ;; + *) + echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload}" + exit 1 + ;; +esac +rc_exit diff --git a/clamav.changes b/clamav.changes new file mode 100644 index 0000000..67507fb --- /dev/null +++ b/clamav.changes @@ -0,0 +1,272 @@ +------------------------------------------------------------------- +Tue Dec 12 12:20:34 CET 2006 - max@suse.de + +- Security update: 0.88.7 (#227827, CVE-2006-5874) + - handle consecutive errors in base64 decoding + - honour recursion limit when scanning email messages + - clamscan: new option --mail-max-recursion + - libclamav/untar.c: honour archive limits + +------------------------------------------------------------------- +Tue Nov 7 15:58:32 CET 2006 - max@suse.de + +- Add homedir of user vscan to the package (FATE300731). + +------------------------------------------------------------------- +Mon Nov 6 12:17:53 CET 2006 - max@suse.de + +- Bugfix release: 0.88.6 (#218313) +- freshclam: apply timeout patch from Everton da Silva Marques + (new options: ConnectTimeout and ReceiveTimeout) +- clamd: change stack size at the right place (closes bug#103) +- libclamav/petite.c: sanity check the number of rebuilt sections + (speeds up handling of malformed files) + +------------------------------------------------------------------- +Tue Oct 17 15:26:12 CEST 2006 - max@suse.de + +- Bugfix release 0.88.5 fixes two serious security issues. + #212898, CVE-2006-4182, CVE-2006-5295 + +------------------------------------------------------------------- +Tue Aug 8 11:02:28 CEST 2006 - lnussel@suse.de + +- New version 0.88.4 fixes heap overflow in UPX decoder + +------------------------------------------------------------------- +Thu Jul 6 16:02:15 CEST 2006 - max@suse.de + +- Bugfix release 0.88.3: + - fix possible false matches of alternatives + - Large binhex files were not being handled gracefully. + - fix zero allocation warning +- Added bc and pkgconfig to BuildRequires to fix curl version + detection. +- Prevent a file conflict on the database files when main and db + packages of different versions are installed. +- Renamed clamav.conf to clamd.conf for SLES9. +- Added the db subpackage to SLES9. +- Bugzilla: 190647 + +------------------------------------------------------------------- +Tue May 2 11:31:54 CEST 2006 - max@suse.de + +- New version: 0.88.2 +- Fixes a buffer overflow in freshclam's get_database function + (CVE-2006-1989, Bug #171496). + +------------------------------------------------------------------- +Mon Apr 10 10:26:49 CEST 2006 - meissner@suse.de + +- Fixed several implicit warnings which lead to failures + on 64bit platforms. + +------------------------------------------------------------------- +Tue Apr 5 14:50:00 CEST 2006 - max@suse.de + +- New version: 0.88.1, fixes several security issues: + CVE-2006-1614, CVE-2006-1615, CVE-2006-1630, bug #164039. + +------------------------------------------------------------------- +Thu Feb 9 15:30:43 CET 2006 - max@suse.de + +- Removed unneeded dependencies from the init script to break a + dependency loop. + +------------------------------------------------------------------- +Wed Jan 25 21:35:02 CET 2006 - mls@suse.de + +- converted neededforbuild to BuildRequires + +------------------------------------------------------------------- +Sat Jan 14 13:08:57 CET 2006 - kukuk@suse.de + +- Add gmp-devel to nfb + +------------------------------------------------------------------- +Thu Jan 12 16:53:26 CET 2006 - max@suse.de + +- Added gcc-4.1 stack protection (-fstack-protector). + +------------------------------------------------------------------- +Mon Jan 9 19:41:07 CET 2006 - max@suse.de + +- New version: 0.88 (Bug #142298). + +------------------------------------------------------------------- +Mon Nov 7 17:44:21 CET 2005 - lnussel@suse.de + +- Security update: version 0.87.1 (#132305, CVE-2005-3239, + CVE-2005-3303) + +------------------------------------------------------------------- +Mon Sep 19 12:18:45 CEST 2005 - max@suse.de + +- New version: 0.87 (bug #117648). + +------------------------------------------------------------------- +Mon Jul 25 12:22:09 CEST 2005 - max@suse.de + +- New version: 0.86.2 + +------------------------------------------------------------------- +Thu Jul 14 17:37:09 CEST 2005 - max@suse.de + +- New version: 0.86.1 + +------------------------------------------------------------------- +Tue Jun 21 15:33:53 CEST 2005 - max@suse.de + +- New version: 0.86 + +------------------------------------------------------------------- +Tue May 17 11:21:27 CEST 2005 - max@suse.de + +- New version: 0.85.1 (Bug #81264). + +------------------------------------------------------------------- +Wed May 11 18:28:03 CEST 2005 - max@suse.de + +- New version: 0.85 (Bug #81264). + +------------------------------------------------------------------- +Tue May 3 11:33:01 CEST 2005 - max@suse.de + +- New version: 0.84 (Bug #81264). +- Added and special-cased the patch that is needed for 9.1/SLES9. + +------------------------------------------------------------------- +Fri Mar 11 16:34:24 CET 2005 - max@suse.de + +- Fixed %doc file list (wildcards matched too much). + +------------------------------------------------------------------- +Mon Feb 28 14:31:56 CET 2005 - max@suse.de + +- New version: 0.83 + +------------------------------------------------------------------- +Mon Feb 7 16:45:47 CET 2005 - max@suse.de + +- New version: 0.82 + +------------------------------------------------------------------- +Thu Jan 27 12:22:11 CET 2005 - max@suse.de + +- New version: 0.81 + +------------------------------------------------------------------- +Thu Nov 11 14:56:06 CET 2004 - max@suse.de + +- pkgconfig files go to libdir rather than /usr/lib. + +------------------------------------------------------------------- +Thu Nov 11 11:02:01 CET 2004 - coolo@suse.de + +- fixing file list for debug packages + +------------------------------------------------------------------- +Wed Nov 3 15:38:26 CET 2004 - max@suse.de + +- Fixed path to freshclam in init script, and rcfreshclam link. + +------------------------------------------------------------------- +Mon Oct 18 17:36:31 CEST 2004 - max@suse.de + +- Updated to the final 0.80 release. + +- Added a runlevel script for freshclam. + +------------------------------------------------------------------- +Mon Oct 11 18:39:37 CEST 2004 - max@suse.de + +- Updated to 0.80rc4. + +------------------------------------------------------------------- +Wed Sep 29 15:04:36 CEST 2004 - max@suse.de + +- Updated to 0.80rc3. The README says: + "This release candidate eliminates possible false positive alerts + in UPX/FSG compressed files and clarifies behaviour of default + actions in clamd and freshclam." + +- This also eliminates the need to patch configure.in in order to + recognize resolv. + +------------------------------------------------------------------- +Thu Sep 23 15:54:11 CEST 2004 - max@suse.de + +- Updated to 0.80rc2 which fixes a critical bug in the handling of + empty lines in text/plain emails. + +- Build with curl support. + +- Fixed building of shared libraries instead of static. + +- Removed unneeded %run_ldconfig calls. + +- Fixed file lists. + +- Check for main.cvd instead of daily.cvd on daemon startup. + +------------------------------------------------------------------- +Mon Sep 20 17:44:02 CEST 2004 - max@suse.de + +- Updated to version 0.80rc which adds support for more file + formats, and HTML parsing. See the README file for details. + +- Added a warning to the init script if no virus database is + installed. + +------------------------------------------------------------------- +Thu Aug 5 10:38:15 CEST 2004 - max@suse.de + +- New version: 0.75.1 +- Moved the virus database files into a subpackage, as they are + large and not needed if the database is kept up to date with + freshclam. + +------------------------------------------------------------------- +Fri Jul 23 15:37:13 CEST 2004 - max@suse.de + +- New version: 0.75 + +------------------------------------------------------------------- +Thu Jul 8 19:31:41 CEST 2004 - max@suse.de + +- Added -fno-strict-aliasing to CFLAGS. + +------------------------------------------------------------------- +Mon Jul 5 17:12:50 CEST 2004 - max@suse.de + +- New version: 0.74 + +------------------------------------------------------------------- +Tue Jun 15 17:06:58 CEST 2004 - max@suse.de + +- New version: 0.73 + +------------------------------------------------------------------- +Mon Apr 26 18:17:35 CEST 2004 - max@suse.de + +- New version: 0.70 +- Changes the format of the virus definition file. + +------------------------------------------------------------------- +Mon Feb 16 16:01:01 CET 2004 - max@suse.de + +- New version: 0.67 +- Added support for tcpd (/etc/hosts.{allow,deny}). +- Obsoletes clamav-manager.patch. + +------------------------------------------------------------------- +Fri Feb 13 18:26:01 CET 2004 - max@suse.de + +- New version: 0.66 +- Fixes a remote DoS vulnerability (Bug #34412). + +------------------------------------------------------------------- +Tue Jan 27 12:19:51 CET 2004 - max@suse.de + +- New package: ClamAV Anti-Virus Toolkit + diff --git a/clamav.spec b/clamav.spec new file mode 100644 index 0000000..2dbd79e --- /dev/null +++ b/clamav.spec @@ -0,0 +1,310 @@ +# +# spec file for package clamav (Version 0.88.7) +# +# Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany. +# This file and all modifications and additions to the pristine +# package are under the same license as the package itself. +# +# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# + +# norootforbuild + +Name: clamav +%if 0%{?suse_version} >= 1010 || 0%{!?suse_version:1} +BuildRequires: bc curl-devel gmp-devel pkgconfig tcpd-devel +%endif +Summary: Antivirus Toolkit +Version: 0.88.7 +Release: 1 +License: GNU General Public License (GPL) +Group: Productivity/Security +URL: http://www.clamav.net +Requires: latex2html-pngicons +Obsoletes: clamav-db < 0.88.3 +Prereq: /usr/sbin/groupadd /usr/sbin/useradd +Source0: %{name}-%{version}.tar.bz2 +Source1: clamav-rcclamd +Source2: clamav-rcfreshclam +Patch1: %name-conf.patch +BuildRoot: %{_tmppath}/%{name}-%{version}-build + +%description +Clam AntiVirus is an antivirus toolkit for UNIX. The main purpose of +this software is the integration with mail servers (attachment +scanning). The package provides a flexible and scalable multithreaded +daemon, a command line scanner, and a tool for automatic updating via +the Internet. It can be used in conjunction with AMaViSD-new and +Postfix to provide a combined e-mail filter for spam and viruses. + + + +Authors: +-------- + Tomasz Kojm + Nigel Horne + +%package db +Group: Productivity/Security +Summary: Virus Database for ClamAV +Prereq: clamav sed + +%description db +This package contains a snapshot of the virus description database for +ClamAV. It is not needed if you use freshclam to keep your virus +database up to date. + + + +Authors: +-------- + Tomasz Kojm + Nigel Horne + +%prep +%setup -q +%patch1 + +%build +%if %suse_version >= 1010 +SP="-fstack-protector" +%endif +export CFLAGS="%optflags -fno-strict-aliasing $SP" +./configure \ + --prefix=%_prefix \ + --libdir=%_libdir \ + --mandir=%_mandir \ + --sysconfdir=%_sysconfdir \ + --disable-clamav \ + --disable-static \ + --with-dbdir=/var/lib/clamav \ + --with-user=vscan \ + --with-group=vscan \ + --with-tcpwrappers \ + --with-libcurl \ + --disable-zlib-vcheck +make %{?jobs:-j%jobs} +make check + +%install +rm -rf %buildroot +%makeinstall +mkdir -p %buildroot/etc/init.d +install -m755 %{SOURCE1} %buildroot/etc/init.d/clamd +ln -s /etc/init.d/clamd %buildroot/usr/sbin/rcclamd +install -m755 %{SOURCE2} %buildroot/etc/init.d/freshclam +ln -s /etc/init.d/freshclam %buildroot/usr/sbin/rcfreshclam +touch %buildroot/var/lib/clamav/{clamd,freshclam}.pid +for f in %buildroot/var/lib/clamav/*.cvd; do + mv $f $f.dist + touch $f +done +mkdir -p %buildroot/var/spool/amavis + +%clean +rm -rf %buildroot + +%files +%defattr(-,root,root,-) +%config(noreplace) %_sysconfdir/*.conf +%config %attr(744,root,root)/etc/init.d/* +%doc AUTHORS BUGS ChangeLog COPYING FAQ INSTALL NEWS README TODO UPGRADE +%doc docs/*.pdf docs/html +%doc %_mandir/*/* +%_bindir/* + +%_sbindir/* +%_includedir/* +%_libdir/lib* +%_libdir/pkgconfig/libclamav.pc +%defattr(-,vscan,vscan) +%dir %attr(700,vscan,root) /var/spool/amavis +%dir /var/lib/clamav +%ghost /var/lib/clamav/*.pid +%ghost /var/lib/clamav/*.cvd + +%files db +%defattr(-,vscan,vscan) +%dir /var/lib/clamav +/var/lib/clamav/*.cvd.dist + +%pre +/usr/sbin/groupadd -r vscan 2> /dev/null || : +/usr/sbin/useradd -r -o -g vscan -u 65 -s /bin/false -c "Vscan account" -d /var/spool/amavis vscan 2> /dev/null || : +/usr/sbin/usermod vscan -g vscan 2> /dev/null || : + +%triggerpostun -- %name < 0.88.3 +# Move clamav.conf to clamd.conf when updating from an old version +# and inform the admin about the rename. +cd /etc +if test -e clamav.conf.rpmsave -a ! -e clamd.conf.rpmnew; then + mv clamd.conf clamd.conf.rpmnew + mv clamav.conf.rpmsave clamd.conf + cat > clamav.conf <<-EOF + # clamd.conf has been renamed to clamav.conf. + # This file can be removed. + EOF + %restart_on_update clamd +fi + +%preun +%stop_on_removal clamd freshclam + +%postun +%restart_on_update clamd freshclam +%insserv_cleanup + +%post db +# determine the version number of a given database file +getversion() { + if test -f "$1"; then + /usr/bin/sigtool -i "$1" | sed -n '/^Version: /s///gp' + else + # a non-existing file is assumed to have version 0 + echo 0 + fi +} +cd /var/lib/clamav +for distfile in {main,daily}.cvd.dist; do + datafile=${distfile%.dist} + if test $(getversion $distfile) -gt $(getversion $datafile); then + cp -a $distfile $datafile + fi +done + +%changelog -n clamav +* Tue Dec 12 2006 - max@suse.de +- Security update: 0.88.7 (#227827, CVE-2006-5874) + - handle consecutive errors in base64 decoding + - honour recursion limit when scanning email messages + - clamscan: new option --mail-max-recursion + - libclamav/untar.c: honour archive limits +* Tue Nov 07 2006 - max@suse.de +- Add homedir of user vscan to the package (FATE300731). +* Mon Nov 06 2006 - max@suse.de +- Bugfix release: 0.88.6 (#218313) +- freshclam: apply timeout patch from Everton da Silva Marques + (new options: ConnectTimeout and ReceiveTimeout) +- clamd: change stack size at the right place (closes bug#103) +- libclamav/petite.c: sanity check the number of rebuilt sections + (speeds up handling of malformed files) +* Tue Oct 17 2006 - max@suse.de +- Bugfix release 0.88.5 fixes two serious security issues. + [#212898], CVE-2006-4182, CVE-2006-5295 +* Tue Aug 08 2006 - lnussel@suse.de +- New version 0.88.4 fixes heap overflow in UPX decoder +* Thu Jul 06 2006 - max@suse.de +- Bugfix release 0.88.3: + - fix possible false matches of alternatives + - Large binhex files were not being handled gracefully. + - fix zero allocation warning +- Added bc and pkgconfig to BuildRequires to fix curl version + detection. +- Prevent a file conflict on the database files when main and db + packages of different versions are installed. +- Renamed clamav.conf to clamd.conf for SLES9. +- Added the db subpackage to SLES9. +- Bugzilla: 190647 +* Tue May 02 2006 - max@suse.de +- New version: 0.88.2 +- Fixes a buffer overflow in freshclam's get_database function + (CVE-2006-1989, Bug #171496). +* Mon Apr 10 2006 - meissner@suse.de +- Fixed several implicit warnings which lead to failures + on 64bit platforms. +* Wed Apr 05 2006 - max@suse.de +- New version: 0.88.1, fixes several security issues: + CVE-2006-1614, CVE-2006-1615, CVE-2006-1630, bug #164039. +* Thu Feb 09 2006 - max@suse.de +- Removed unneeded dependencies from the init script to break a + dependency loop. +* Wed Jan 25 2006 - mls@suse.de +- converted neededforbuild to BuildRequires +* Sat Jan 14 2006 - kukuk@suse.de +- Add gmp-devel to nfb +* Thu Jan 12 2006 - max@suse.de +- Added gcc-4.1 stack protection (-fstack-protector). +* Mon Jan 09 2006 - max@suse.de +- New version: 0.88 (Bug #142298). +* Mon Nov 07 2005 - lnussel@suse.de +- Security update: version 0.87.1 (#132305, CVE-2005-3239, + CVE-2005-3303) +* Mon Sep 19 2005 - max@suse.de +- New version: 0.87 (bug #117648). +* Mon Jul 25 2005 - max@suse.de +- New version: 0.86.2 +* Thu Jul 14 2005 - max@suse.de +- New version: 0.86.1 +* Tue Jun 21 2005 - max@suse.de +- New version: 0.86 +* Tue May 17 2005 - max@suse.de +- New version: 0.85.1 (Bug #81264). +* Wed May 11 2005 - max@suse.de +- New version: 0.85 (Bug #81264). +* Tue May 03 2005 - max@suse.de +- New version: 0.84 (Bug #81264). +- Added and special-cased the patch that is needed for 9.1/SLES9. +* Fri Mar 11 2005 - max@suse.de +- Fixed %%doc file list (wildcards matched too much). +* Mon Feb 28 2005 - max@suse.de +- New version: 0.83 +* Mon Feb 07 2005 - max@suse.de +- New version: 0.82 +* Thu Jan 27 2005 - max@suse.de +- New version: 0.81 +* Thu Nov 11 2004 - max@suse.de +- pkgconfig files go to libdir rather than /usr/lib. +* Thu Nov 11 2004 - coolo@suse.de +- fixing file list for debug packages +* Wed Nov 03 2004 - max@suse.de +- Fixed path to freshclam in init script, and rcfreshclam link. +* Mon Oct 18 2004 - max@suse.de +- Updated to the final 0.80 release. +- Added a runlevel script for freshclam. +* Mon Oct 11 2004 - max@suse.de +- Updated to 0.80rc4. +* Wed Sep 29 2004 - max@suse.de +- Updated to 0.80rc3. The README says: + "This release candidate eliminates possible false positive alerts + in UPX/FSG compressed files and clarifies behaviour of default + actions in clamd and freshclam." +- This also eliminates the need to patch configure.in in order to + recognize resolv. +* Thu Sep 23 2004 - max@suse.de +- Updated to 0.80rc2 which fixes a critical bug in the handling of + empty lines in text/plain emails. +- Build with curl support. +- Fixed building of shared libraries instead of static. +- Removed unneeded %%run_ldconfig calls. +- Fixed file lists. +- Check for main.cvd instead of daily.cvd on daemon startup. +* Mon Sep 20 2004 - max@suse.de +- Updated to version 0.80rc which adds support for more file + formats, and HTML parsing. See the README file for details. +- Added a warning to the init script if no virus database is + installed. +* Thu Aug 05 2004 - max@suse.de +- New version: 0.75.1 +- Moved the virus database files into a subpackage, as they are + large and not needed if the database is kept up to date with + freshclam. +* Fri Jul 23 2004 - max@suse.de +- New version: 0.75 +* Thu Jul 08 2004 - max@suse.de +- Added -fno-strict-aliasing to CFLAGS. +* Mon Jul 05 2004 - max@suse.de +- New version: 0.74 +* Tue Jun 15 2004 - max@suse.de +- New version: 0.73 +* Mon Apr 26 2004 - max@suse.de +- New version: 0.70 +- Changes the format of the virus definition file. +* Mon Feb 16 2004 - max@suse.de +- New version: 0.67 +- Added support for tcpd (/etc/hosts.{allow,deny}). +- Obsoletes clamav-manager.patch. +* Fri Feb 13 2004 - max@suse.de +- New version: 0.66 +- Fixes a remote DoS vulnerability (Bug #34412). +* Tue Jan 27 2004 - max@suse.de +- New package: ClamAV Anti-Virus Toolkit diff --git a/ready b/ready new file mode 100644 index 0000000..473a0f4