pool/clamav
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
201de5a035
clamav/clamav.spec
Reinhard Max 201de5a035 Accepting request 770381 from home:adkorte:branches:security 
- update to 0.102.2
  * CVE-2020-3123: A denial-of-service (DoS) condition may occur when
    using the optional credit card data-loss-prevention (DLP) feature.
    Improper bounds checking of an unsigned variable resulted in an
    out-of-bounds read, which causes a crash.
  * Significantly improved the scan speed of PDF files on Windows.
  * Re-applied a fix to alleviate file access issues when scanning RAR
    files in downstream projects that use libclamav where the scanning
    engine is operating in a low-privilege process. This bug was originally
    fixed in 0.101.2 and the fix was mistakenly omitted from 0.102.0.
  * Fixed an issue where freshclam failed to update if the database version
    downloaded is one version older than advertised. This situation may
    occur after a new database version is published. The issue affected
    users downloading the whole CVD database file.
  * Changed the default freshclam ReceiveTimeout setting to 0 (infinite).
    The ReceiveTimeout had caused needless database update failures for
    users with slower internet connections.
  * Correctly display the number of kilobytes (KiB) in progress bar and
    reduced the size of the progress bar to accommodate 80-character width
    terminals.
  * Fixed an issue where running freshclam manually causes a daemonized
    freshclam process to fail when it updates because the manual instance
    deletes the temporary download directory. The freshclam temporary files
    will now download to a unique directory created at the time of an update
    instead of using a hardcoded directory created/destroyed at the program
    start/exit.
  * Fix for freshclam's OnOutdatedExecute config option.
  * Fixes a memory leak in the error condition handling for the email
    parser.
  * Improved bound checking and error handling in ARJ archive parser.
  * Improved error handling in PDF parser.
  * Fix for memory leak in byte-compare signature handler.

OBS-URL: https://build.opensuse.org/request/show/770381
OBS-URL: https://build.opensuse.org/package/show/security/clamav?expand=0&rev=201
2020-02-06 15:31:51 +00:00

262 lines
7.7 KiB
RPMSpec
Raw Blame History

#
# spec file for package clamav
#
# Copyright (c) 2020 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%bcond_with clammspack
%define clamav_check --enable-check
Name: clamav
Version: 0.102.2
Release: 0
Summary: Antivirus Toolkit
License: GPL-2.0-only
Group: Productivity/Security
URL: http://www.clamav.net
Source0: http://www.clamav.net/downloads/production/%name-%version.tar.gz
Source1: http://www.clamav.net/downloads/production/%name-%version.tar.gz.sig
Source4: clamav-rpmlintrc
Source6: clamav-tmpfiles.conf
Source7: service.clamd
Source8: service.freshclam
Source9: service.clamav-milter
Source11: clamav.keyring
Patch1: clamav-conf.patch
Patch4: clamav-disable-timestamps.patch
Patch5: clamav-obsolete-config.patch
Patch6: clamav-disable-yara.patch
Patch7: clamav-str-h.patch
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: bc
BuildRequires: check-devel
BuildRequires: gcc-c++
BuildRequires: libbz2-devel
BuildRequires: libcurl-devel
BuildRequires: libjson-c-devel
%if %{without clammspack}
BuildRequires: libmspack-devel
%endif
BuildRequires: libopenssl-devel
BuildRequires: libtool
BuildRequires: libxml2-devel
BuildRequires: ncurses-devel
BuildRequires: pcre2-devel
BuildRequires: pkgconfig
BuildRequires: pwdutils
BuildRequires: python-devel
BuildRequires: sed
BuildRequires: sendmail-devel
BuildRequires: systemd-rpm-macros
BuildRequires: zlib-devel
BuildRequires: pkgconfig(libsystemd)
Requires(pre): %_bindir/awk
Requires(pre): %_sbindir/groupadd
Requires(pre): %_sbindir/useradd
Requires(pre): %_sbindir/usermod
Requires(pre): /bin/sed
Requires(pre): /bin/tar
Obsoletes: clamav-db < 0.88.3
Provides: clamav-nodb = %version
Obsoletes: clamav-nodb <= 0.98.4
%systemd_requires
%description
ClamAV is an antivirus engine designed for detecting trojans,
viruses, malware and other malicious threats. It is the de-facto
standard for mail gateway scanning. It provides a multi-threaded
scanning daemon, command line utilities for on-demand file scanning,
and a tool for automatic signature updates. The core ClamAV library
provides numerous file format detection mechanisms, file unpacking
support, archive support, and multiple signature languages for
detecting threats.
%package -n libclamav9
Summary: ClamAV antivirus engine runtime
Group: System/Libraries
%description -n libclamav9
ClamAV is an antivirus engine designed for detecting trojans,
viruses, malware and other malicious threats.
%package -n libfreshclam2
Summary: ClamAV updater library
Group: System/Libraries
%description -n libfreshclam2
ClamAV is an antivirus engine designed for detecting trojans,
viruses, malware and other malicious threats.
%package -n libclammspack0
Summary: ClamAV antivirus engine runtime
Group: System/Libraries
%description -n libclammspack0
ClamAV is an antivirus engine designed for detecting trojans,
viruses, malware and other malicious threats.
%package devel
Summary: Development files for libclamav, an antivirus engine
Group: Development/Libraries/C and C++
Requires: libclamav9 = %version
Requires: libfreshclam2 = %version
%description devel
ClamAV is an antivirus engine designed for detecting trojans,
viruses, malware and other malicious threats.
This subpackage contains header files for developing applications
that want to make use of libclamav.
%prep
%setup -q
%patch1
%patch4
%patch5
%patch6
%patch7
%build
CFLAGS="-fstack-protector"
CXXFLAGS="-fstack-protector"
export CFLAGS="%optflags $CFLAGS -fPIE -fno-strict-aliasing"
export CXXFLAGS="%optflags $CXXFLAGS -fPIE -fno-strict-aliasing -std=gnu++98"
export LDFLAGS="-pie"
%if "%_lib" == "lib64"
# tomsfastmath needs this for correct operation on 64-bit platforms
CFLAGS="$CFLAGS -DFP_64BIT"
%endif
%configure \
--disable-clamav \
--disable-static \
--with-dbdir=/var/lib/clamav \
--with-user=vscan \
--with-group=vscan \
--enable-milter \
%clamav_check \
--enable-clamdtop \
--disable-zlib-vcheck \
--disable-timestamps \
--disable-yara \
%if %{without clammspack}
--with-system-libmspack
%endif
make V=1 %?_smp_mflags
%install
%make_install
install -d -m755 %buildroot/var/lib/clamav
install -d -m755 %buildroot/%_tmpfilesdir
install -m644 %SOURCE6 %buildroot%_tmpfilesdir/clamav.conf
mkdir -p %buildroot/var/spool/amavis
mkdir -p -m 0755 %buildroot/run/clamav
find %buildroot -type f -name "*.la" -delete -print
# libclammspack is not meant to be linked against by anything but
# libclamav
rm -f %buildroot%_libdir/pkgconfig/libclammspack.pc
rm -f %buildroot%_libdir/libclammspack.so
# fix the new config file names
pushd %buildroot%_sysconfdir
mv clamd.conf.sample clamd.conf
mv clamav-milter.conf.sample clamav-milter.conf
mv freshclam.conf.sample freshclam.conf
popd
# Systemd...
install -d -m 0755 %buildroot/%_unitdir
install -m 0644 %SOURCE7 %buildroot/%_unitdir/clamd.service
install -m 0644 %SOURCE8 %buildroot/%_unitdir/freshclam.service
install -m 0644 %SOURCE9 %buildroot/%_unitdir/clamav-milter.service
rm -f %buildroot/%_unitdir/clamav-daemon.service
rm -f %buildroot/%_unitdir/clamav-daemon.socket
rm -f %buildroot/%_unitdir/clamav-freshclam.service
# this is broken if system does not have systemd so don't
# use it at all on systems without mandatory systemd
for srvname in clamd freshclam clamav-milter;do
(export PATH=%_prefix/sbin:/sbin:$PATH ;ln -sf $(which service) %buildroot/%_sbindir/rc${srvname})
done
%check
# regression tests
%if !0%{?qemu_user_space_build:1}
VALGRIND_GENSUP=1 make check
%endif
%post -n libclamav9 -p /sbin/ldconfig
%postun -n libclamav9 -p /sbin/ldconfig
%post -n libfreshclam2 -p /sbin/ldconfig
%postun -n libfreshclam2 -p /sbin/ldconfig
%post -n libclammspack0 -p /sbin/ldconfig
%postun -n libclammspack0 -p /sbin/ldconfig
%files
%config(noreplace) %_sysconfdir/*.conf
#systemd...
%_unitdir/clamd.service
%_unitdir/freshclam.service
%_unitdir/clamav-milter.service
%_tmpfilesdir
%license COPYING*
%doc docs/html/*
%_mandir/*/*
%_bindir/*
%_sbindir/*
%defattr(-,vscan,vscan)
%dir %attr(750,vscan,vscan) /var/spool/amavis
%dir /var/lib/clamav
%ghost %attr(755,vscan,vscan) /run/clamav
%files -n libclamav9
%_libdir/libclam*.so.9*
%files -n libfreshclam2
%_libdir/libfreshclam.so.2*
%if %{with clammspack}
%files -n libclammspack0
%_libdir/libclammspack.so.0*
%endif
%files devel
%_libdir/pkgconfig/*
%_libdir/libclam*.so
%_libdir/libfreshclam*.so
%_includedir/*
%pre
getent group vscan >/dev/null || %_sbindir/groupadd -r vscan
getent passwd vscan >/dev/null || \
%_sbindir/useradd -r -o -g vscan -u 65 -s /bin/false \
-c "Vscan account" -d /var/spool/amavis vscan
%_sbindir/usermod vscan -g vscan
%service_add_pre clamd.service freshclam.service clamav-milter.service
%post
systemd-tmpfiles --create %_tmpfilesdir/clamav.conf
%service_add_post clamd.service freshclam.service clamav-milter.service
%preun
%service_del_preun clamd.service freshclam.service clamav-milter.service
%postun
%service_del_postun clamd.service freshclam.service clamav-milter.service
%changelog
Reference in New Issue View Git Blame Copy Permalink