diff --git a/clamav-0.103.12.tar.gz b/clamav-1.0.7.tar.gz similarity index 31% rename from clamav-0.103.12.tar.gz rename to clamav-1.0.7.tar.gz index e14829821a150cca0b6a6cbffa93811a0718ac7f..295b78f33bece963906abc34728cd9a75e7c8823 100644 Binary files a/clamav-0.103.12.tar.gz and b/clamav-1.0.7.tar.gz differ diff --git a/clamav-clamonacc-version-return.patch b/clamav-clamonacc-version-return.patch deleted file mode 100644 index 38fa29e8044e127e7d6a2a6c450b1800c41fb448..0000000000000000000000000000000000000000 --- a/clamav-clamonacc-version-return.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 3a8b69890960aae06a51da2ac6833fbf8cfeeb72 Mon Sep 17 00:00:00 2001 -From: caodongxia <315816521@qq.com> -Date: Mon, 9 Aug 2021 15:18:51 +0800 -Subject: [PATCH] clamav-clamonacc-version-return - ---- - clamonacc/clamonacc.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/clamonacc/clamonacc.c b/clamonacc/clamonacc.c -index ec689f5..9ea95ad 100644 ---- a/clamonacc/clamonacc.c -+++ b/clamonacc/clamonacc.c -@@ -358,7 +358,7 @@ static int startup_checks(struct onas_context *ctx) - - if (optget(ctx->opts, "version")->enabled) { - onas_print_server_version(&ctx); -- ret = 2; -+ ret = 0; - goto done; - } - --- -2.27.0 - diff --git a/clamav-default_confs.patch b/clamav-default_confs.patch index 97bbc1028d465bec76d40766f8f6b63828c58d1b..5b06f9efa4254f3318ef3f7528eb746dcb8a15b8 100644 --- a/clamav-default_confs.patch +++ b/clamav-default_confs.patch @@ -1,6 +1,6 @@ -diff -up clamav-0.103.0/clamconf/clamconf.c.default_confs clamav-0.103.0/clamconf/clamconf.c ---- clamav-0.103.0/clamconf/clamconf.c.default_confs 2020-09-12 18:27:09.000000000 -0600 -+++ clamav-0.103.0/clamconf/clamconf.c 2020-09-17 22:00:20.792879792 -0600 +diff -up clamav-0.104.3/clamconf/clamconf.c.default_confs clamav-0.104.3/clamconf/clamconf.c +--- clamav-0.104.3/clamconf/clamconf.c.default_confs 2022-05-02 00:24:50.000000000 -0600 ++++ clamav-0.104.3/clamconf/clamconf.c 2022-05-12 22:04:42.883348923 -0600 @@ -63,9 +63,9 @@ static struct _cfgfile { const char *name; int tool; @@ -13,66 +13,66 @@ diff -up clamav-0.103.0/clamconf/clamconf.c.default_confs clamav-0.103.0/clamcon {NULL, 0}}; static void printopts(struct optstruct *opts, int nondef) -diff -up clamav-0.103.0/docs/man/clamav-milter.8.in.default_confs clamav-0.103.0/docs/man/clamav-milter.8.in ---- clamav-0.103.0/docs/man/clamav-milter.8.in.default_confs 2020-09-12 18:27:09.000000000 -0600 -+++ clamav-0.103.0/docs/man/clamav-milter.8.in 2020-09-17 22:00:20.793879800 -0600 +diff -up clamav-0.104.3/docs/man/clamav-milter.8.in.default_confs clamav-0.104.3/docs/man/clamav-milter.8.in +--- clamav-0.104.3/docs/man/clamav-milter.8.in.default_confs 2022-05-12 22:04:42.885348940 -0600 ++++ clamav-0.104.3/docs/man/clamav-milter.8.in 2022-05-12 22:05:25.031719791 -0600 @@ -27,7 +27,7 @@ Print the version number and exit. Read configuration from FILE. .SH "FILES" - .LP --@CFGDIR@/clamav-milter.conf -+@CFGDIR@/mail/clamav-milter.conf + .LP +-@CONFDIR@/clamav-milter.conf ++@CONFDIR@/mail/clamav-milter.conf .SH "AUTHOR" - .LP + .LP aCaB -diff -up clamav-0.103.0/docs/man/clamav-milter.conf.5.in.default_confs clamav-0.103.0/docs/man/clamav-milter.conf.5.in ---- clamav-0.103.0/docs/man/clamav-milter.conf.5.in.default_confs 2020-09-12 18:27:09.000000000 -0600 -+++ clamav-0.103.0/docs/man/clamav-milter.conf.5.in 2020-09-17 22:00:20.794879808 -0600 +diff -up clamav-0.104.3/docs/man/clamav-milter.conf.5.in.default_confs clamav-0.104.3/docs/man/clamav-milter.conf.5.in +--- clamav-0.104.3/docs/man/clamav-milter.conf.5.in.default_confs 2022-05-12 22:04:42.887348958 -0600 ++++ clamav-0.104.3/docs/man/clamav-milter.conf.5.in 2022-05-12 22:05:48.834929418 -0600 @@ -239,7 +239,7 @@ Default: no All options expressing a size are limited to max 4GB. Values in excess will be reset to the maximum. .SH "FILES" - .LP --@CFGDIR@/clamav-milter.conf -+@CFGDIR@/mail/clamav-milter.conf + .LP +-@CONFDIR@/clamav-milter.conf ++@CONFDIR@/mail/clamav-milter.conf .SH "AUTHOR" - .LP + .LP aCaB -diff -up clamav-0.103.0/docs/man/clamd.8.in.default_confs clamav-0.103.0/docs/man/clamd.8.in ---- clamav-0.103.0/docs/man/clamd.8.in.default_confs 2020-09-12 18:27:09.000000000 -0600 -+++ clamav-0.103.0/docs/man/clamd.8.in 2020-09-17 22:00:20.794879808 -0600 +diff -up clamav-0.104.3/docs/man/clamd.8.in.default_confs clamav-0.104.3/docs/man/clamd.8.in +--- clamav-0.104.3/docs/man/clamd.8.in.default_confs 2022-05-12 22:04:42.888348967 -0600 ++++ clamav-0.104.3/docs/man/clamd.8.in 2022-05-12 22:07:01.657570942 -0600 @@ -7,7 +7,7 @@ clamd \- an anti\-virus daemon clamd [options] .SH "DESCRIPTION" - .LP --The daemon listens for incoming connections on Unix and/or TCP socket and scans files or directories on demand. It reads the configuration from @CFGDIR@/clamd.conf -+The daemon listens for incoming connections on Unix and/or TCP socket and scans files or directories on demand. It reads the configuration from @CFGDIR@/clamd.d/scan.conf + .LP +-The daemon listens for incoming connections on Unix and/or TCP socket and scans files or directories on demand. It reads the configuration from @CONFDIR@/clamd.conf ++The daemon listens for incoming connections on Unix and/or TCP socket and scans files or directories on demand. It reads the configuration from @CONFDIR@/clamd.d/scan.conf .SH "COMMANDS" - .LP + .LP It's recommended to prefix clamd commands with the letter \fBz\fR (eg. zSCAN) to indicate that the command will be delimited by a NULL character and that clamd should continue reading command data until a NULL character is read. The null delimiter assures that the complete command and its entire argument will be processed as a single command. Alternatively commands may be prefixed with the letter \fBn\fR (e.g. nSCAN) to use a newline character as the delimiter. Clamd replies will honour the requested terminator in turn. -@@ -125,7 +125,7 @@ Reload the signature databases. +@@ -133,7 +133,7 @@ Reload the signature databases. Perform a clean exit. .SH "FILES" - .LP --@CFGDIR@/clamd.conf -+@CFGDIR@/clamd.d/scan.conf + .LP +-@CONFDIR@/clamd.conf ++@CONFDIR@/clamd.d/scan.conf .SH "CREDITS" Please check the full documentation for credits. .SH "AUTHOR" -diff -up clamav-0.103.0/docs/man/clamd.conf.5.in.default_confs clamav-0.103.0/docs/man/clamd.conf.5.in ---- clamav-0.103.0/docs/man/clamd.conf.5.in.default_confs 2020-09-17 22:00:20.795879816 -0600 -+++ clamav-0.103.0/docs/man/clamd.conf.5.in 2020-09-17 22:01:21.414353121 -0600 -@@ -759,7 +759,7 @@ Default: no +diff -up clamav-0.104.3/docs/man/clamd.conf.5.in.default_confs clamav-0.104.3/docs/man/clamd.conf.5.in +--- clamav-0.104.3/docs/man/clamd.conf.5.in.default_confs 2022-05-12 22:04:42.889348976 -0600 ++++ clamav-0.104.3/docs/man/clamd.conf.5.in 2022-05-12 22:06:21.800219822 -0600 +@@ -765,7 +765,7 @@ Default: no All options expressing a size are limited to max 4GB. Values in excess will be reset to the maximum. .SH "FILES" .LP --@CFGDIR@/clamd.conf -+@CFGDIR@/clamd.d/scan.conf +-@CONFDIR@/clamd.conf ++@CONFDIR@/clamd.d/scan.conf .SH "AUTHORS" .LP Tomasz Kojm , Kevin Lin -diff -up clamav-0.103.0/platform.h.in.default_confs clamav-0.103.0/platform.h.in ---- clamav-0.103.0/platform.h.in.default_confs 2020-09-17 22:00:20.796879824 -0600 -+++ clamav-0.103.0/platform.h.in 2020-09-17 22:01:56.842629739 -0600 +diff -up clamav-0.104.3/platform.h.in.default_confs clamav-0.104.3/platform.h.in +--- clamav-0.104.3/platform.h.in.default_confs 2022-05-02 00:24:50.000000000 -0600 ++++ clamav-0.104.3/platform.h.in 2022-05-12 22:04:42.891348993 -0600 @@ -112,9 +112,9 @@ typedef unsigned int in_addr_t; #endif diff --git a/clamav-freshclam.service.patch b/clamav-freshclam.service.patch index 2c29f03305d7e8f2add4e02ea0a86182a5d4181d..24295cefbc1a94e4e71408666b1947206ea855eb 100644 --- a/clamav-freshclam.service.patch +++ b/clamav-freshclam.service.patch @@ -1,17 +1,12 @@ ---- ./freshclam/clamav-freshclam.service.in.orig 2021-06-14 10:36:39.029730737 +0100 -+++ ./freshclam/clamav-freshclam.service.in 2021-06-14 10:37:53.621423748 +0100 -@@ -2,13 +2,12 @@ +diff -up clamav-0.104.3/freshclam/clamav-freshclam.service.in.freshclam-service clamav-0.104.3/freshclam/clamav-freshclam.service.in +--- clamav-0.104.3/freshclam/clamav-freshclam.service.in.freshclam-service 2022-05-12 22:07:25.472780737 -0600 ++++ clamav-0.104.3/freshclam/clamav-freshclam.service.in 2022-05-12 22:08:06.280140224 -0600 +@@ -2,7 +2,7 @@ Description=ClamAV virus database updater Documentation=man:freshclam(1) man:freshclam.conf(5) https://docs.clamav.net/ # If user wants it run from cron, don't start the daemon. -ConditionPathExists=!/etc/cron.d/clamav-freshclam -+# ConditionPathExists=!/etc/cron.d/clamav-update ++# ConditionPathExists=!/etc/cron.d/clamav-freshclam Wants=network-online.target After=network-online.target - [Service] - ExecStart=@prefix@/bin/freshclam -d --foreground=true --StandardOutput=syslog - - [Install] - WantedBy=multi-user.target diff --git a/clamav-milter.sysv b/clamav-milter.sysv deleted file mode 100644 index 3e37ae0e20059ef8cc86609374572284e8e572f4..0000000000000000000000000000000000000000 --- a/clamav-milter.sysv +++ /dev/null @@ -1,93 +0,0 @@ -#!/bin/bash -# -# clamav-milter Starts/stop the "clamav-milter" daemon -# -# chkconfig: - 79 31 -# description: A virus scanning milter - -# Source function library. -. /etc/rc.d/init.d/functions - -exec=/usr/sbin/clamav-milter -prog="clamav-milter" - -OPTS='-c /etc/mail/clamav-milter.conf' -[ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog - -pidfile=/var/run/clamav-milter/milter.pid -lockfile=/var/lock/subsys/$prog - -start() { - [ -x $exec ] || exit 5 - [ -f $config ] || exit 6 - echo -n $"Starting $prog: " - daemon --pidfile=${pidfile} $exec $OPTS --foreground=no --pid=${pidfile} - retval=$? - echo - [ $retval -eq 0 ] && touch $lockfile - return $retval -} - -stop() { - echo -n $"Stopping $prog: " - killproc -p "${pidfile}" $exec - retval=$? - echo - [ $retval -eq 0 ] && rm -f $lockfile - return $retval -} - -restart() { - stop - start -} - -reload() { - restart -} - -force_reload() { - restart -} - -rh_status() { - # run checks to determine if the service is running or use generic status - status -p "${pidfile}" $prog -} - -rh_status_q() { - rh_status >/dev/null 2>&1 -} - - -case "$1" in - start) - rh_status_q && exit 0 - $1 - ;; - stop) - rh_status_q || exit 0 - $1 - ;; - restart) - $1 - ;; - reload) - rh_status_q || exit 7 - $1 - ;; - force-reload) - force_reload - ;; - status) - rh_status - ;; - condrestart|try-restart) - rh_status_q || exit 0 - restart - ;; - *) - echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}" - exit 2 -esac -exit $? diff --git a/clamav-milter.upstart b/clamav-milter.upstart deleted file mode 100644 index 1a10b8ea0fcc591a0666ee3a11052abe80613099..0000000000000000000000000000000000000000 --- a/clamav-milter.upstart +++ /dev/null @@ -1,14 +0,0 @@ -### !!! Uncomment only *one* of the 'start on' statements !!! - -### Uncomment these lines when you want clamav-milter to be a milter -### for a locally running MTA -#start on (starting sendmail or starting postfix) - -### Uncomment these lines when you want clamav-milter to be a milter -### for a remotely running MTA -#start on runlevel [345] and starting local - -stop on runlevel [!345] - -respawn -exec /usr/sbin/clamav-milter -c /etc/mail/clamav-milter.conf --foreground=yes diff --git a/clamav-0.99-private.patch b/clamav-private.patch similarity index 64% rename from clamav-0.99-private.patch rename to clamav-private.patch index 7f9f563eaa99f3d8f2e3ea6d537b62ea87a45261..41dd4c55cfc93de432ab396425a3b4cc124f9207 100644 --- a/clamav-0.99-private.patch +++ b/clamav-private.patch @@ -8,8 +8,17 @@ +Libs.private: -L${libdir} -lclamav @LIBCLAMAV_LIBS@ Cflags: -I${includedir} ---- clamav-0.99/clamav-config.in 2015-05-28 23:56:25.000000000 +0200 -+++ clamav-0.99/clamav-config.in.private 2015-12-02 01:31:34.933705763 +0100 +diff -up clamav-1.0.0/clamav-config.in.private clamav-1.0.0/clamav-config.in +--- clamav-1.0.0/clamav-config.in.private 2023-01-22 17:40:01.711757908 -0700 ++++ clamav-1.0.0/clamav-config.in 2023-01-22 18:01:06.188743168 -0700 +@@ -4,7 +4,6 @@ + prefix=@prefix@ + exec_prefix=@exec_prefix@ + includedir=@includedir@ +-libdir=@libdir@ + + usage() + { @@ -54,12 +54,8 @@ usage 0 ;; diff --git a/clamav-rpath.patch b/clamav-rpath.patch new file mode 100644 index 0000000000000000000000000000000000000000..b55cab9920e56b38f0070d6fcd268ee7656a8049 --- /dev/null +++ b/clamav-rpath.patch @@ -0,0 +1,18 @@ +diff -up clamav-1.0.0/CMakeLists.txt.rpath clamav-1.0.0/CMakeLists.txt +--- clamav-1.0.0/CMakeLists.txt.rpath 2023-01-15 22:04:58.217120124 -0700 ++++ clamav-1.0.0/CMakeLists.txt 2023-01-15 22:05:57.121818812 -0700 +@@ -180,14 +180,6 @@ endif() + + include(GNUInstallDirs) + +-if (NOT DEFINED CMAKE_INSTALL_RPATH) +- if(CMAKE_INSTALL_FULL_LIBDIR) +- set(CMAKE_INSTALL_RPATH "${CMAKE_INSTALL_FULL_LIBDIR}") +- else() +- set(CMAKE_INSTALL_RPATH "${CMAKE_INSTALL_PREFIX}/lib") +- endif() +-endif() +- + if("${CMAKE_CXX_COMPILER_ID}" MATCHES "Clang") + set(USING_CLANG ON) + else() diff --git a/clamav-rustflags.patch b/clamav-rustflags.patch new file mode 100644 index 0000000000000000000000000000000000000000..1f7281ef7d428fb970244224a4e3b0cf6a31a3e0 --- /dev/null +++ b/clamav-rustflags.patch @@ -0,0 +1,54 @@ +diff -up clamav-1.0.2/cmake/FindRust.cmake.rustflags clamav-1.0.2/cmake/FindRust.cmake +--- clamav-1.0.2/cmake/FindRust.cmake.rustflags 2023-08-15 16:24:07.000000000 -0600 ++++ clamav-1.0.2/cmake/FindRust.cmake 2023-08-17 21:17:03.957070383 -0600 +@@ -236,7 +236,7 @@ function(add_rust_executable) + # Build the executable. + add_custom_command( + OUTPUT "${OUTPUT}" +- COMMAND ${CMAKE_COMMAND} -E env "CARGO_TARGET_DIR=${ARGS_BINARY_DIRECTORY}" ${cargo_EXECUTABLE} ARGS ${MY_CARGO_ARGS} ++ COMMAND ${CMAKE_COMMAND} -E env "CARGO_TARGET_DIR=${ARGS_BINARY_DIRECTORY}" ${cargo_EXECUTABLE} ${MY_CARGO_ARGS} + WORKING_DIRECTORY "${ARGS_SOURCE_DIRECTORY}" + DEPENDS ${EXE_SOURCES} + COMMENT "Building ${ARGS_TARGET} in ${ARGS_BINARY_DIRECTORY} with:\n\t ${cargo_EXECUTABLE} ${MY_CARGO_ARGS_STRING}") +@@ -287,8 +287,8 @@ function(add_rust_library) + if("${CMAKE_OSX_ARCHITECTURES}" MATCHES "^(arm64;x86_64|x86_64;arm64)$") + add_custom_command( + OUTPUT "${OUTPUT}" +- COMMAND ${CMAKE_COMMAND} -E env "CARGO_CMD=build" "CARGO_TARGET_DIR=${ARGS_BINARY_DIRECTORY}" "MAINTAINER_MODE=${MAINTAINER_MODE}" "RUSTFLAGS=\"${RUSTFLAGS}\"" ${cargo_EXECUTABLE} ARGS ${MY_CARGO_ARGS} --target=x86_64-apple-darwin +- COMMAND ${CMAKE_COMMAND} -E env "CARGO_CMD=build" "CARGO_TARGET_DIR=${ARGS_BINARY_DIRECTORY}" "MAINTAINER_MODE=${MAINTAINER_MODE}" "RUSTFLAGS=\"${RUSTFLAGS}\"" ${cargo_EXECUTABLE} ARGS ${MY_CARGO_ARGS} --target=aarch64-apple-darwin ++ COMMAND ${CMAKE_COMMAND} -E env "CARGO_CMD=build" "CARGO_TARGET_DIR=${ARGS_BINARY_DIRECTORY}" "MAINTAINER_MODE=${MAINTAINER_MODE}" "RUSTFLAGS=${RUSTFLAGS}" ${cargo_EXECUTABLE} ARGS ${MY_CARGO_ARGS} --target=x86_64-apple-darwin ++ COMMAND ${CMAKE_COMMAND} -E env "CARGO_CMD=build" "CARGO_TARGET_DIR=${ARGS_BINARY_DIRECTORY}" "MAINTAINER_MODE=${MAINTAINER_MODE}" "RUSTFLAGS=${RUSTFLAGS}" ${cargo_EXECUTABLE} ARGS ${MY_CARGO_ARGS} --target=aarch64-apple-darwin + COMMAND ${CMAKE_COMMAND} -E make_directory "${ARGS_BINARY_DIRECTORY}/${RUST_COMPILER_TARGET}/${CARGO_BUILD_TYPE}" + COMMAND lipo ARGS -create ${ARGS_BINARY_DIRECTORY}/x86_64-apple-darwin/${CARGO_BUILD_TYPE}/lib${ARGS_TARGET}.a ${ARGS_BINARY_DIRECTORY}/aarch64-apple-darwin/${CARGO_BUILD_TYPE}/lib${ARGS_TARGET}.a -output "${OUTPUT}" + WORKING_DIRECTORY "${ARGS_SOURCE_DIRECTORY}" +@@ -312,7 +312,7 @@ function(add_rust_library) + else() + add_custom_command( + OUTPUT "${OUTPUT}" +- COMMAND ${CMAKE_COMMAND} -E env "CARGO_CMD=build" "CARGO_TARGET_DIR=${ARGS_BINARY_DIRECTORY}" "MAINTAINER_MODE=${MAINTAINER_MODE}" "RUSTFLAGS=\"${RUSTFLAGS}\"" ${cargo_EXECUTABLE} ARGS ${MY_CARGO_ARGS} ++ COMMAND ${CMAKE_COMMAND} -E env "CARGO_CMD=build" "CARGO_TARGET_DIR=${ARGS_BINARY_DIRECTORY}" "MAINTAINER_MODE=${MAINTAINER_MODE}" "RUSTFLAGS=${RUSTFLAGS}" ${cargo_EXECUTABLE} ${MY_CARGO_ARGS} + WORKING_DIRECTORY "${ARGS_SOURCE_DIRECTORY}" + DEPENDS ${LIB_SOURCES} + COMMENT "Building ${ARGS_TARGET} in ${ARGS_BINARY_DIRECTORY} with: ${cargo_EXECUTABLE} ${MY_CARGO_ARGS_STRING}") +@@ -465,8 +465,6 @@ if(NOT "${RUST_COMPILER_TARGET}" MATCHES + list(APPEND CARGO_ARGS "--target" ${RUST_COMPILER_TARGET}) + endif() + +-set(RUSTFLAGS "") +- + if(NOT CMAKE_BUILD_TYPE) + set(CARGO_BUILD_TYPE "debug") + elseif(${CMAKE_BUILD_TYPE} STREQUAL "Release" OR ${CMAKE_BUILD_TYPE} STREQUAL "MinSizeRel") +@@ -475,10 +473,11 @@ elseif(${CMAKE_BUILD_TYPE} STREQUAL "Rel + elseif(${CMAKE_BUILD_TYPE} STREQUAL "RelWithDebInfo") + set(CARGO_BUILD_TYPE "release") + list(APPEND CARGO_ARGS "--release") +- set(RUSTFLAGS "-g") ++ string(APPEND RUSTFLAGS " -g") + else() + set(CARGO_BUILD_TYPE "debug") + endif() ++string(STRIP "${RUSTFLAGS}" RUSTFLAGS) + + find_package_handle_standard_args(Rust + REQUIRED_VARS cargo_EXECUTABLE diff --git a/clamav-stats-deprecation.patch b/clamav-stats-deprecation.patch deleted file mode 100644 index a12f138e00ca19f43ef95dffbdbde374b1929e3a..0000000000000000000000000000000000000000 --- a/clamav-stats-deprecation.patch +++ /dev/null @@ -1,17 +0,0 @@ -diff -up clamav-0.102.0/shared/optparser.c.stats-deprecation clamav-0.102.0/shared/optparser.c ---- clamav-0.102.0/shared/optparser.c.stats-deprecation 2019-10-10 21:55:31.245995091 -0600 -+++ clamav-0.102.0/shared/optparser.c 2019-10-11 20:40:04.580067432 -0600 -@@ -524,6 +524,13 @@ const struct clam_option __clam_options[ - {"ArchiveLimitMemoryUsage", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, -1, NULL, 0, OPT_CLAMD | OPT_DEPRECATED, "", ""}, - {"MailFollowURLs", "mail-follow-urls", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, -1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN | OPT_DEPRECATED, "", ""}, - {"AllowSupplementaryGroups", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_MILTER | OPT_DEPRECATED, "Initialize a supplementary group access (the process must be started by root).", "no"}, -+ {"StatsHostID", "stats-host-id", 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_CLAMD | OPT_CLAMSCAN | OPT_DEPRECATED, "", "" }, -+ {"StatsEnabled", "enable-stats", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_CLAMSCAN | OPT_DEPRECATED, "", ""}, -+ {"StatsPEDisabled", "disable-pe-stats", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN | OPT_DEPRECATED, "", ""}, -+ {"StatsTimeout", "stats-timeout", 0, CLOPT_TYPE_NUMBER, MATCH_NUMBER, -1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN | OPT_FRESHCLAM | OPT_DEPRECATED, "", ""}, -+ {"SubmitDetectionStats", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_DEPRECATED, "", ""}, -+ {"DetectionStatsCountry", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_DEPRECATED, "", ""}, -+ {"DetectionStatsHostID", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_DEPRECATED, "", ""}, - {"ScanOnAccess", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, -1, NULL, 0, OPT_CLAMD | OPT_DEPRECATED, "", ""}, - - /* Milter specific options */ diff --git a/clamav-types.h b/clamav-types.h new file mode 100644 index 0000000000000000000000000000000000000000..ffa83b777e2b5fb9518e0b5f9bef2a7ffa980b21 --- /dev/null +++ b/clamav-types.h @@ -0,0 +1,14 @@ +#ifndef CLAMAV_TYPES_H_MULTILIB +#define CLAMAV_TYPES_H_MULTILIB + +#include + +#if __WORDSIZE == 32 +# include "clamav-types-32.h" +#elif __WORDSIZE == 64 +# include "clamav-types-64.h" +#else +# error "unexpected value for __WORDSIZE macro" +#endif + +#endif diff --git a/clamav.spec b/clamav.spec index 2c311168b6e08204c3caec5b769fe361059fe40f..5b2d2a4301a457e19e751b46e6b4d157397cad7d 100644 --- a/clamav.spec +++ b/clamav.spec @@ -1,292 +1,364 @@ -Name: clamav -Summary: End-user tools for the Clam Antivirus scanner -Version: 0.103.12 -Release: 1 - -License: GPLv2 and Public Domain and bzip2-1.0.6 and Zlib and Apache-2.0 -URL: https://www.clamav.net/ -Source0: https://www.clamav.net/downloads/production/clamav-%{version}.tar.gz -Source1: clamd.sysconfig -Source2: clamd.logrotate -Source3: main-62.cvd -Source4: daily-27388.cvd -Source5: bytecode-335.cvd -Source7: freshclam-sleep -Source8: freshclam.sysconfig -Source9: clamav-update.crond -Source10: clamav-update.logrotate -Source11: clamav-milter.upstart -Source12: clamav-milter.systemd -Source13: clamd.scan.upstart -Source14: clamd@scan.service -Source15: clamd@.service - -Patch0001: clamav-stats-deprecation.patch -Patch0002: clamav-default_confs.patch -Patch0003: clamav-0.99-private.patch -Patch0005: clamav-clamonacc-service.patch -Patch0006: clamav-freshclam.service.patch -Patch0007: clamav-clamonacc-version-return.patch -Patch0008: fix-clamonacc-w-error.patch -Patch0019: fix-the-failure-to-execute-the-clambc-command-under-the-clamav-package.patch - -BuildRequires: autoconf automake gettext-devel libtool libtool-ltdl-devel -BuildRequires: gcc-c++ zlib-devel bzip2-devel gmp-devel curl-devel json-c-devel -BuildRequires: ncurses-devel openssl-devel libxml2-devel pcre2-devel libmilter-devel -BuildRequires: bc tcl groff graphviz ocaml nc systemd-devel sendmail-devel -Requires: data(clamav) -Provides: bundled(libmspack) = 0.5-0.1.alpha.modified_by_clamav +%global _hardened_build 1 + +%global scanuser clamscan +%global updateuser clamupdate +%global milteruser clamilt + +%global homedir %{_var}/lib/clamav +%global quarantinedir %{_var}/spool/quarantine +%global freshclamlog %{_var}/log/freshclam.log + +Summary: End-user tools for the Clam Antivirus scanner +Name: clamav +Version: 1.0.7 +Release: 1 +License: GPLv2 and Public Domain and bzip2-1.0.6 and Zlib and Apache-2.0 +URL: https://www.clamav.net/ +Source0: https://www.clamav.net/downloads/production/%{name}-%{version}.tar.gz +# Multilib headers +Source1: clamav-types.h +#for server +Source3: clamd.logrotate +# To download the *.cvd, go to https://www.clamav.net and use the links +# there (I renamed the files to add the -version suffix for verifying). +# Check the first line of the file for version or run file *cvd +# Attention file < 5.33-7 have bugs see https://bugzilla.redhat.com/show_bug.cgi?id=1539107 +#http://database.clamav.net/main.cvd +Source10: main-62.cvd +#http://database.clamav.net/daily.cvd +Source11: daily-27388.cvd +#http://database.clamav.net/bytecode.cvd +Source12: bytecode-335.cvd +#for update +Source200: freshclam-sleep +Source201: freshclam.sysconfig +Source202: clamav-update.crond +Source203: clamav-update.logrotate +#for clamav-milter.systemd +Source330: clamav-milter.systemd +#for scanner-systemd/server-systemd +Source530: clamd@.service + +# Accept RUSTFLAGS +# https://github.com/Cisco-Talos/clamav/pull/835 +Patch0: clamav-rustflags.patch +# Change default config locations for Fedora +Patch1: clamav-default_confs.patch +# Fix pkg-config flags for static linking, multilib +Patch2: clamav-private.patch +# Remove rpath +Patch3: clamav-rpath.patch +# Modify clamav-clamonacc.service for Fedora compatibility +Patch5: clamav-clamonacc-service.patch +# Allow freshclam service to run if cron.d file is present +Patch6: clamav-freshclam.service.patch +# Debian patch to fix big-endian +Patch7: libclamav-pe-Use-endian-wrapper-in-more-places.patch + +BuildRequires: cmake +BuildRequires: gettext-devel +BuildRequires: make +BuildRequires: gcc-c++ +BuildRequires: rust +BuildRequires: cargo +BuildRequires: bzip2-devel +BuildRequires: check-devel +BuildRequires: curl-devel +BuildRequires: git-core +BuildRequires: gmp-devel +BuildRequires: json-c-devel >= 0.15 +BuildRequires: libxml2-devel +BuildRequires: ncurses-devel +BuildRequires: openssl-devel +BuildRequires: pcre2-devel +# Explicitly needed on EL8 +BuildRequires: python3 +BuildRequires: python3-pytest +BuildRequires: zlib-devel +#BuildRequires: %%{_includedir}/tcpd.h +BuildRequires: bc +BuildRequires: tcl +BuildRequires: groff +BuildRequires: graphviz +# nc required for tests +BuildRequires: nc +%{?systemd_requires} +BuildRequires: systemd +BuildRequires: systemd-devel +#for milter +BuildRequires: libmilter-devel +%ifarch %{valgrind_arches} +BuildRequires: valgrind +%endif + +Requires: clamav-filesystem = %{version}-%{release} +Requires: data(clamav) Provides: %{name}-lib = %{version}-%{release} Obsoletes: %{name}-lib < %{version}-%{release} %description +Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this +software is the integration with mail servers (attachment scanning). The +package provides a flexible and scalable multi-threaded daemon, a command +line scanner, and a tool for automatic updating via Internet. The programs +are based on a shared library distributed with the Clam AntiVirus package, +which you can use with your own software. The virus database is based on +the virus database from OpenAntiVirus, but contains additional signatures +(including signatures for popular polymorphic viruses, too) and is KEPT UP +TO DATE. + +%package filesystem +Summary: Filesystem structure for clamav +# Prevent version mix +Conflicts: %{name} < %{version}-%{release} +Conflicts: %{name} > %{version}-%{release} +Requires(pre): shadow-utils +BuildArch: noarch -Clam AntiVirus (clamav) is an open source antivirus engine for detecting trojans, -viruses, malware & other malicious threats. The main purpose of this software is -the integration with mail servers (attachment scanning). The package provides a -flexible and scalable multi-threaded daemon, a command line scanner, and a tool -for automatic updating via Internet. The programs are based on a shared library -distributed with the Clam AntiVirus package, which you can use with your own software. -he virus database is based on the virus database from OpenAntiVirus, but contains -additional signatures and is KEPT UP TO DATE. - +%description filesystem +This package provides the filesystem structure and contains the +user-creation scripts required by clamav. -%package devel -Summary: Header files and libraries for the Clam Antivirus scanner -Requires: %{name} = %{version}-%{release} %{name}-filesystem = %{version}-%{release} openssl-devel +%package devel +Summary: Header files and libraries for the Clam Antivirus scanner +Requires: %{name} = %{version}-%{release} +Requires: clamav-filesystem = %{version}-%{release} +Requires: openssl-devel %description devel -The clamav-devel package contains headerfiles and libraries -which are needed to build applications using clamav. +This package contains headerfiles and libraries which are needed to +build applications using clamav. -%package_help +%package data +Summary: Virus signature data for the Clam Antivirus scanner +Requires: clamav-filesystem = %{version}-%{release} +Provides: data(clamav) = full +Provides: clamav-db = %{version}-%{release} +Obsoletes: clamav-db < %{version}-%{release} +BuildArch: noarch -%package filesystem -Summary: Filesystem structure for clamav -Conflicts: %{name} < %{version}-%{release} %{name} > %{version}-%{release} +%description data +This package contains the virus-database needed by clamav. This +database should be updated regularly; the 'clamav-update' package +ships a corresponding cron-job. Use this package when you want a +working (but perhaps outdated) virus scanner immediately after package +installation. + + +%package doc +Summary: Documentation for the Clam Antivirus scanner +Requires: clamav-filesystem = %{version}-%{release} +BuildArch: noarch + +%description doc +This package contains the documentation for clamav. + + +%package freshclam +Summary: Auto-updater for the Clam Antivirus scanner data-files +Requires: clamav-filesystem = %{version}-%{release} +Requires: %{name} = %{version}-%{release} +Supplements:clamd +Provides: data(clamav) = empty +Provides: clamav-data-empty = %{version}-%{release} +Obsoletes: clamav-data-empty < %{version}-%{release} +Provides: clamav-update = %{version}-%{release} +Obsoletes: clamav-update < %{version}-%{release} +%{?systemd_requires} + +%description freshclam +This package contains the freshclam(1) program and clamav-freshclam +service which can be used to update the clamav anti-virus database +automatically. Most users should install this package in order to +keep their definitions up to date. + + +%package -n clamd +Summary: The Clam AntiVirus Daemon +Requires: data(clamav) +Requires: clamav-filesystem = %{version}-%{release} +Requires: %{name} = %{version}-%{release} +Requires: coreutils Requires(pre): shadow-utils -BuildArch: noarch - -%description filesystem -The clamav-filesystem package provides the filesystem structure and -contains the user-creation scripts required by clamav. +# This is still used by clamsmtp and exim-clamav +Provides: clamav-server = %{version}-%{release} +Provides: clamav-scanner-systemd = %{version}-%{release} +Provides: clamav-server-systemd = %{version}-%{release} +Obsoletes: clamav-scanner-systemd < %{version}-%{release} +Obsoletes: clamav-server-systemd < %{version}-%{release} +%{?systemd_requires} +%description -n clamd +The Clam AntiVirus Daemon +This package contains a generic system wide clamd service which is +e.g. used by the clamav-milter package. -%package data -Summary: Virus signature data for the Clam Antivirus scanner -Requires: %{name}-filesystem = %{version}-%{release} -Provides: data(clamav) = full %{name}-db = %{version}-%{release} -Obsoletes: %{name}-db < %{version}-%{release} -BuildArch: noarch -%description data -The clamav-data package contains the virus-database needed by clamav. -This database should be updated regularly; Use this package when you -want a working (but perhaps outdated) virus scanner immediately after -package installation. - - -%package update -Summary: Auto-updater for the Clam Antivirus scanner data-files -Requires: %{name}-filesystem = %{version}-%{release} crontabs cronie -Provides: data(clamav) = empty %{name}-data-empty = %{version}-%{release} -Obsoletes: %{name}-data-empty < %{version}-%{release} -Requires(post): %__chown %__chmod - -%description update -The clamav-update package contains programs which can be used to update -the clamav anti-virus database automatically. It uses the freshclam(1) -utility for this task. Use this package when you go updating the virus -database regulary and do not want to download a >120MB sized rpm-package -with outdated virus definitions. - - -%package -n clamd -Summary: The Clam AntiVirus Daemon -Requires: data(clamav) coreutils %{name}-filesystem = %{version}-%{release} -Requires: %{name} = %{version}-%{release} +%package milter +Summary: Milter module for the Clam Antivirus scanner +# clamav-milter could work without clamd and without sendmail +#Requires: clamd = %%{version}-%%{release} +#Requires: /usr/sbin/sendmail +Requires: clamav-filesystem = %{version}-%{release} Requires(pre): shadow-utils -Obsoletes: %{name}-server-sysvinit < %{version}-%{release} -Obsoletes: %{name}-scanner-sysvinit < %{version}-%{release} -Obsoletes: %{name}-scanner-upstart < %{version}-%{release} -Provides: %{name}-scanner-systemd = %{version}-%{release} -Obsoletes: %{name}-scanner-systemd < %{version}-%{release} -Provides: %{name}-server-systemd = %{version}-%{release} -Obsoletes: %{name}-server-systemd < %{version}-%{release} - -Provides: %{name}-server = %{version}-%{release} %{name}-server-sysv = %{version}-%{release} -Obsoletes: %{name}-server < %{version}-%{release} %{name}-server-sysv < %{version}-%{release} -Provides: %{name}-scanner = %{version}-%{release} %{name}-scanner-upstart = %{version}-%{release} -Obsoletes: %{name}-scanner < %{version}-%{release} %{name}-scanner-upstart < %{version}-%{release} -Provides: %{name}-server-sysvinit = %{version}-%{release} -Obsoletes: %{name}-server-sysvinit < %{version}-%{release} +Provides: clamav-milter-systemd = %{version}-%{release} +Obsoletes: clamav-milter-systemd < %{version}-%{release} +%{?systemd_requires} +%description milter +This package contains files which are needed to run the clamav-milter. -%description -n clamd -The Clam AntiVirus Daemon. The clamd package contains a generic system -wide clamd service which is e.g. used by the clamav-milter package. +%prep +%autosetup -p1 -n %{name}-%{version} -%package milter -Summary: Milter module for the clamav scanner -Requires: %{name}-filesystem = %{version}-%{release} -Requires(post): coreutils -Requires(pre): shadow-utils +%build +# IPv6 check is buggy and does not work when there are no IPv6 interface on build machine +export have_cv_ipv6=yes -Obsoletes: %{name}-milter-sysvinit < %{version}-%{release} -Obsoletes: %{name}-milter-upstart < %{version}-%{release} -Provides: %{name}-milter-systemd = %{version}-%{release} -Obsoletes: %{name}-milter-systemd < %{version}-%{release} +%cmake \ + -DAPP_CONFIG_DIRECTORY=%{_sysconfdir} \ + -DCMAKE_INSTALL_DOCDIR=%{_pkgdocdir} \ + -DCLAMAV_USER=%{updateuser} -DCLAMAV_GROUP=%{updateuser} \ + -DDATABASE_DIRECTORY=%{homedir} \ + -DENABLE_UNRAR=OFF -%description milter -The clamav-milter package contains files which are needed to run the clamav-milter. +# TODO: check periodically that CLAMAVUSER is used for freshclam only +%cmake_build -%prep -%autosetup -n %{name}-%{version}%{?prerelease} -p1 -install -d libclamunrar{,_iface} -touch libclamunrar/{Makefile.in,all,install} +%install +rm -rf _doc* +%cmake_install + +install -d -m 0755 \ + %{buildroot}%{_tmpfilesdir} \ + %{buildroot}%{homedir} \ + %{buildroot}%{quarantinedir} + +### data +install -D -m 0644 -p %{S:10} %{buildroot}%{homedir}/main.cvd +install -D -m 0644 -p %{S:11} %{buildroot}%{homedir}/daily.cvd +install -D -m 0644 -p %{S:12} %{buildroot}%{homedir}/bytecode.cvd + +### The freshclam stuff +sed -ri \ + -e 's!^Example!#Example!' \ + -e 's!^#?(UpdateLogFile )!#\1!g;' \ + -e 's!(DatabaseOwner *)clamav$!\1%{updateuser}!g' %{buildroot}%{_sysconfdir}/freshclam.conf.sample + +mv %{buildroot}%{_sysconfdir}/freshclam.conf{.sample,} +# Can contain HTTPProxyPassword (bugz#1733112) +chmod 600 %{buildroot}%{_sysconfdir}/freshclam.conf -sed -ri -e 's!^#?(LogFile ).*!#\1/var/log/clamd.!g' \ +### The scanner stuff +install -D -m 0644 -p %{S:3} _doc_server/clamd.logrotate + +## For compatibility with 0.102.2-7 +ln -s clamav-clamonacc.service %{buildroot}%{_unitdir}/clamonacc.service + +install -D -p -m 0644 %{S:530} %{buildroot}%{_unitdir}/clamd@.service + +sed -ri \ + -e 's!^Example!#Example!' \ + -e 's!^#?(LogFile ).*!#\1/var/log/clamd.!g' \ -e 's!^#?(LocalSocket ).*!#\1%{_rundir}/clamd./clamd.sock!g' \ -e 's!^(#?PidFile ).*!\1%{_rundir}/clamd./clamd.pid!g' \ -e 's!^#?(User ).*!\1!g' \ -e 's!^#?(AllowSupplementaryGroups|LogSyslog).*!\1 yes!g' \ - -e 's! /usr/local/share/clamav,! %_var/lib/clamav,!g' etc/clamd.conf.sample + -e 's! /usr/local/share/clamav,! %{homedir},!g' \ + %{buildroot}%{_sysconfdir}/clamd.conf.sample -sed -ri -e 's!^Example!#Example!' -e 's!^#?(UpdateLogFile )!#\1!g;' \ - -e 's!^#?(LogSyslog).*!\1 yes!g' -e 's!(DatabaseOwner *)clamav$!\1clamav!g' \ - etc/freshclam.conf.sample +install -d -m 0755 %{buildroot}%{_sysconfdir}/clamd.d +sed -e 's!!scan!g;s!!%{scanuser}!g' \ + %{buildroot}%{_sysconfdir}/clamd.conf.sample > %{buildroot}%{_sysconfdir}/clamd.d/scan.conf +mv %{buildroot}%{_sysconfdir}/clamd.conf.sample _doc_server/clamd.conf -%build -export LDFLAGS='%{?__global_ldflags} -Wl,--as-needed' -export have_cv_ipv6=yes - -rm -rf libltdl autom4te.cache Makefile.in -autoreconf -i -%configure --enable-milter --disable-clamav --disable-static --disable-zlib-vcheck \ - --disable-unrar --enable-id-check --enable-dns --with-dbdir=%_var/lib/clamav \ - --with-group=clamav --with-user=clamav --disable-rpath \ - --disable-silent-rules --enable-clamdtop +cat << EOF > %{buildroot}%{_tmpfilesdir}/clamd.scan.conf +d %{_rundir}/clamd.scan 0710 %{scanuser} virusgroup +EOF -sed -i -e 's! -shared ! -Wl,--as-needed\0!g' \ - -e '/sys_lib_dlsearch_path_spec=\"\/lib \/usr\/lib /s!\"\/lib \/usr\/lib !/\"/%_lib /usr/%_lib !g' \ - libtool +### The milter stuff +sed -ri \ + -e 's!^#?(User).*!\1 %{milteruser}!g' \ + -e 's!^#?(AllowSupplementaryGroups|LogSyslog) .*!\1 yes!g' \ + -e 's! /tmp/clamav-milter.socket! %{_rundir}/clamav-milter/clamav-milter.socket!g' \ + -e 's! /var/run/clamav-milter.pid! %{_rundir}/clamav-milter/clamav-milter.pid!g' \ + -e 's!:/var/run/clamd/clamd.socket!:%{_rundir}/clamd.scan/clamd.sock!g' \ + -e 's! /tmp/clamav-milter.log! %{_var}/log/clamav-milter.log!g' \ + %{buildroot}%{_sysconfdir}/clamav-milter.conf.sample -%make_build +install -d -m 0755 %{buildroot}%{_sysconfdir}/mail +mv %{buildroot}%{_sysconfdir}/clamav-milter.conf.sample %{buildroot}%{_sysconfdir}/mail/clamav-milter.conf +install -D -p -m 0644 %{S:330} %{buildroot}%{_unitdir}/clamav-milter.service -%install -rm -rf _doc* -%make_install - -function smartsubst() { - local tmp - local regexp=$1 - shift - - tmp=$(mktemp /tmp/%name-subst.XXXXXX) - for i; do - sed -e "$regexp" "$i" >$tmp - cmp -s $tmp "$i" || cat $tmp >"$i" - rm -f $tmp - done -} - -install -d -m 0755 $RPM_BUILD_ROOT%_sysconfdir/{mail,clamd.d,logrotate.d} \ - $RPM_BUILD_ROOT%_tmpfilesdir $RPM_BUILD_ROOT%_rundir $RPM_BUILD_ROOT%_var/log \ - $RPM_BUILD_ROOT%_rundir/clamav-milter $RPM_BUILD_ROOT%_datadir/%name/template \ - $RPM_BUILD_ROOT%_initrddir $RPM_BUILD_ROOT%_var/lib/clamav $RPM_BUILD_ROOT%_rundir/clamd.scan - -%delete_la - -touch $RPM_BUILD_ROOT%_var/lib/clamav/{daily,main,bytecode}.cld -touch $RPM_BUILD_ROOT%_var/lib/clamav/mirrors.dat - -install -D -m 0644 -p %SOURCE3 $RPM_BUILD_ROOT%_var/lib/clamav/main.cvd -install -D -m 0644 -p %SOURCE4 $RPM_BUILD_ROOT%_var/lib/clamav/daily.cvd -install -D -m 0644 -p %SOURCE5 $RPM_BUILD_ROOT%_var/lib/clamav/bytecode.cvd -install -D -m 0644 -p %SOURCE1 _doc_server/clamd.sysconfig -install -D -m 0644 -p %SOURCE2 _doc_server/clamd.logrotate -install -D -m 0644 -p etc/clamd.conf.sample _doc_server/clamd.conf -install -D -p _doc_server/* $RPM_BUILD_ROOT%_datadir/%name/template -install -D -p -m 0644 %SOURCE15 $RPM_BUILD_ROOT%_unitdir/clamd@.service -install -D -m 0644 -p %SOURCE10 $RPM_BUILD_ROOT%_sysconfdir/logrotate.d/clamav-update -touch $RPM_BUILD_ROOT%_var/log/freshclam.log -install -D -p -m 0755 %SOURCE7 $RPM_BUILD_ROOT%_datadir/%name/freshclam-sleep -install -D -p -m 0644 %SOURCE8 $RPM_BUILD_ROOT%_sysconfdir/sysconfig/freshclam -install -D -p -m 0600 %SOURCE9 $RPM_BUILD_ROOT%_sysconfdir/cron.d/clamav-update -mv -f $RPM_BUILD_ROOT%_sysconfdir/freshclam.conf{.sample,} -chmod 600 $RPM_BUILD_ROOT%_sysconfdir/freshclam.conf - -smartsubst 's!webmaster,clamav!webmaster,clamav!g; - s!/usr/share/clamav!%_datadir/%name!g; - s!/usr/bin!%_bindir!g; - s!/usr/sbin!%_sbindir!g;' \ - $RPM_BUILD_ROOT%_sysconfdir/cron.d/clamav-update \ - $RPM_BUILD_ROOT%_datadir/%name/freshclam-sleep - -sed -e 's!!scan!g;s!!clamscan!g' \ - etc/clamd.conf.sample > $RPM_BUILD_ROOT%_sysconfdir/clamd.d/scan.conf - -install -D -p -m 0644 %SOURCE13 $RPM_BUILD_ROOT%_sysconfdir/init/clamd.scan.conf - -cat << EOF > $RPM_BUILD_ROOT%_tmpfilesdir/clamd.scan.conf -d %_rundir/clamd.scan 0710 clamscan virusgroup +cat << EOF > %{buildroot}%{_tmpfilesdir}/clamav-milter.conf +d %{_rundir}/clamav-milter 0710 %{milteruser} %{milteruser} EOF -touch $RPM_BUILD_ROOT%_rundir/clamd.scan/clamd.{sock,pid} +#Fixup headers and scripts for multilib +%if 0%{?__isa_bits} == 64 +mv %{buildroot}%{_includedir}/clamav-types.h \ + %{buildroot}%{_includedir}/clamav-types-64.h +%else +mv %{buildroot}%{_includedir}/clamav-types.h \ + %{buildroot}%{_includedir}/clamav-types-32.h +%endif +install -m 0644 %{S:1} %{buildroot}%{_includedir}/clamav-types.h +# TODO: Evaluate using upstream's unit with clamav-daemon.socket +rm %{buildroot}%{_unitdir}/clamav-daemon.* -sed -r -e 's!^#?(User).*!\1 clamilt!g' \ - -e 's!^#?(AllowSupplementaryGroups|LogSyslog) .*!\1 yes!g' \ - -e 's! /tmp/clamav-milter.socket! %_rundir/clamav-milter/clamav-milter.socket!g' \ - -e 's! /var/run/clamav-milter.pid! %_rundir/clamav-milter/clamav-milter.pid!g' \ - -e 's! /var/run/clamd/clamd.socket! %_rundir/clamd.scan/clamd.sock!g' \ - -e 's! /tmp/clamav-milter.log! %_var/log/clamav-milter.log!g' \ - etc/clamav-milter.conf.sample > $RPM_BUILD_ROOT%_sysconfdir/mail/clamav-milter.conf -install -D -p -m 0644 %SOURCE11 $RPM_BUILD_ROOT%_sysconfdir/init/clamav-milter.conf -install -D -p -m 0644 %SOURCE12 $RPM_BUILD_ROOT%_unitdir/clamav-milter.service +%post +%systemd_post clamav-clamonacc.service -cat << EOF > $RPM_BUILD_ROOT%_tmpfilesdir/clamav-milter.conf -d %_rundir/clamav-milter 0710 clamilt clamilt -EOF +%preun +%systemd_preun clamav-clamonacc.service -touch $RPM_BUILD_ROOT{%_rundir/clamav-milter/clamav-milter.{socket,pid},%_var/log/clamav-milter.log} +%postun +%systemd_postun_with_restart clamav-clamonacc.service -%check -%make_build check +%post data +# nullglob. If set, Bash allows filename patterns which match no files to expand to a null string, rather than themselves +shopt -s nullglob +# Let newer .cld files take precedence over the shipped .cvd files +for f in %{homedir}/*.cld +do + cvd=${f/.cld/.cvd} + [ -f $f -a $f -nt $cvd ] && rm -f $cvd || : +done %pre filesystem -getent group clamav >/dev/null || groupadd -r clamav -getent passwd clamav >/dev/null || \ - useradd -r -g clamav -d %_var/lib/clamav -s /sbin/nologin \ - -c "Clamav database update user" clamav +getent group %{updateuser} >/dev/null || groupadd -r %{updateuser} +getent passwd %{updateuser} >/dev/null || \ + useradd -r -g %{updateuser} -d %{homedir} -s /sbin/nologin \ + -c "Clamav database update user" %{updateuser} getent group virusgroup >/dev/null || groupadd -r virusgroup -usermod clamav -a -G virusgroup +usermod %{updateuser} -a -G virusgroup exit 0 %pre -n clamd -getent group clamscan >/dev/null || groupadd -r clamscan -getent passwd clamscan >/dev/null || \ - useradd -r -g clamscan -d / -s /sbin/nologin \ - -c "Clamav scanner user" clamscan -usermod clamscan -a -G virusgroup +getent group %{scanuser} >/dev/null || groupadd -r %{scanuser} +getent passwd %{scanuser} >/dev/null || \ + useradd -r -g %{scanuser} -d / -s /sbin/nologin \ + -c "Clamav scanner user" %{scanuser} +usermod %{scanuser} -a -G virusgroup exit 0 %post -n clamd +# Point to the new service unit [ -L /etc/systemd/system/multi-user.target.wants/clamd@scan.service ] && - ln -sf /usr/lib/systemd/system/clamd@.service /etc/systemd/system/multi-user.target.wants/clamd@scan.service || : + ln -sf /usr/lib/systemd/system/clamd@.service /etc/systemd/system/multi-user.target.wants/clamd@scan.service || : %systemd_post clamd@scan.service -/bin/systemd-tmpfiles --create %_tmpfilesdir/clamd.scan.conf || : %preun -n clamd %systemd_preun clamd@scan.service @@ -294,34 +366,22 @@ exit 0 %postun -n clamd %systemd_postun_with_restart clamd@scan.service -%post update -test -e %_var/log/freshclam.log || { - touch %_var/log/freshclam.log - %__chmod 0664 %_var/log/freshclam.log - %__chown root:clamav %_var/log/freshclam.log - ! test -x /sbin/restorecon || /sbin/restorecon %_var/log/freshclam.log -} %triggerin milter -- clamav-scanner -/usr/sbin/groupmems -g clamscan -a clamilt &>/dev/null || : +# Add the milteruser to the scanuser group; this is required when +# milter and clamd communicate through local sockets +/usr/sbin/groupmems -g %{scanuser} -a %{milteruser} &>/dev/null || : %pre milter -getent group clamilt >/dev/null || groupadd -r clamilt -getent passwd clamilt >/dev/null || \ - useradd -r -g clamilt -d %_rundir/clamav-milter -s /sbin/nologin \ - -c "Clamav Milter user" clamilt -usermod clamilt -a -G virusgroup +getent group %{milteruser} >/dev/null || groupadd -r %{milteruser} +getent passwd %{milteruser} >/dev/null || \ + useradd -r -g %{milteruser} -d %{_rundir}/clamav-milter -s /sbin/nologin \ + -c "Clamav Milter user" %{milteruser} +usermod %{milteruser} -a -G virusgroup exit 0 %post milter -test -e %_var/log/clamav-milter.log || { - touch %_var/log/clamav-milter.log - chmod 0620 %_var/log/clamav-milter.log - chown root:clamilt %_var/log/clamav-milter.log - ! test -x /sbin/restorecon || /sbin/restorecon %_var/log/clamav-milter.log -} %systemd_post clamav-milter.service -/bin/systemd-tmpfiles --create %_tmpfilesdir/clamav-milter.conf || : %preun milter %systemd_preun clamav-milter.service @@ -329,80 +389,100 @@ test -e %_var/log/clamav-milter.log || { %postun milter %systemd_postun_with_restart clamav-milter.service +%post freshclam +%systemd_post clamav-freshclam.service + +%preun freshclam +%systemd_preun clamav-freshclam.service + +%postun freshclam +%systemd_postun_with_restart clamav-freshclam.service + %files -%exclude %_unitdir/clamav-{daemon,freshclam}.* -%exclude %_rundir/*/*.pid %license COPYING -%doc NEWS.md README.md docs/html -%_bindir/{clambc,clamconf,clamdscan,clamdtop,clamscan,clamsubmit,sigtool} -%_libdir/libclamav.so.9* -%_libdir/libclammspack.so.0* -%_sbindir/clamonacc -%_unitdir/clamav-clamonacc.service - +%doc NEWS.md README.md +%{_bindir}/clambc +%{_bindir}/clamconf +%{_bindir}/clamdscan +%{_bindir}/clamdtop +%{_bindir}/clamscan +%{_bindir}/clamsubmit +%{_bindir}/sigtool +%{_sbindir}/clamonacc +%{_mandir}/man[15]/* +%{_mandir}/man8/clamonacc.8* +%exclude %{_mandir}/*/freshclam* +%exclude %{_mandir}/man5/clamd.conf.5* +%{_unitdir}/clamonacc.service +%{_unitdir}/clamav-clamonacc.service +%attr(0750,root,root) %dir %{quarantinedir} +%{_libdir}/libclamav.so.11* +%{_libdir}/libclammspack.so.0* %files devel -%_includedir/* -%_libdir/*.so -%_datadir/%name/template -%_libdir/pkgconfig/* -%_bindir/clamav-config +%{_includedir}/* +%{_libdir}/*.so +%{_libdir}/pkgconfig/* +%{_bindir}/clamav-config -%files help -%_mandir/man?/* %files filesystem -%attr(-,clamav,clamav) %dir %_var/lib/clamav -%attr(-,root,root) %dir %_datadir/%name -%exclude %_sysconfdir/clamd.conf.sample -%exclude %_sysconfdir/clamav-milter.conf.sample -%exclude %_sysconfdir/init -%dir %_sysconfdir/clamd.d +%attr(-,%{updateuser},%{updateuser}) %dir %{homedir} +%dir %{_sysconfdir}/clamd.d +# Used by both clamd, clamdscan, and clamonacc +%config(noreplace) %{_sysconfdir}/clamd.d/scan.conf + %files data -%defattr(-,clamav,clamav,-) -%config %verify(not size md5 mtime) %_var/lib/clamav/*.cvd - -%files update -%_bindir/freshclam -%_libdir/libfreshclam.so.2* -%_datadir/%name/freshclam-sleep -%config(noreplace) %verify(not mtime) %_sysconfdir/freshclam.conf -%config(noreplace) %verify(not mtime) %_sysconfdir/logrotate.d/* -%config(noreplace) %_sysconfdir/cron.d/clamav-update -%config(noreplace) %_sysconfdir/sysconfig/freshclam -%ghost %attr(0664,root,clamav) %verify(not size md5 mtime) %_var/log/freshclam.log -%ghost %attr(0664,clamav,clamav) %_var/lib/clamav/*.cld -%ghost %attr(0664,clamav,clamav) %_var/lib/clamav/mirrors.dat +%defattr(-,%{updateuser},%{updateuser},-) +# use %%config to keep files which were updated by 'freshclam' +# already. Without this tag, they would be overridden with older +# versions whenever a new -data package is installed. +%config %verify(not size md5 mtime) %{homedir}/*.cvd -%files -n clamd -%doc _doc_server/* -%_sbindir/clamd -%_unitdir/clamd@.service -%config(noreplace) %_sysconfdir/clamd.d/scan.conf -%ghost %_rundir/clamd.scan/clamd.sock -%_tmpfilesdir/clamd.scan.conf -%ghost %dir %attr(0710,clamscan,virusgroup) %_rundir/clamd.scan +%files doc +%license COPYING +%{_pkgdocdir}/html/ -%files milter -%_sbindir/*milter* -%dir %_sysconfdir/mail -%config(noreplace) %_sysconfdir/mail/clamav-milter.conf -%ghost %attr(0620,root,clamilt) %verify(not size md5 mtime) %_var/log/clamav-milter.log -%ghost %_rundir/clamav-milter/clamav-milter.socket -%_tmpfilesdir/clamav-milter.conf -%ghost %dir %attr(0710,clamilt,clamilt) %_rundir/clamav-milter -%_unitdir/clamav-milter.service +%files freshclam +%{_bindir}/freshclam +%{_libdir}/libfreshclam.so.2* +%{_mandir}/*/freshclam* +%{_unitdir}/clamav-freshclam.service +%config(noreplace) %verify(not mtime) %{_sysconfdir}/freshclam.conf +%ghost %attr(0644,%{updateuser},%{updateuser}) %{homedir}/bytecode.cld +%ghost %attr(0644,%{updateuser},%{updateuser}) %{homedir}/bytecode.cvd +%ghost %attr(0644,%{updateuser},%{updateuser}) %{homedir}/freshclam.dat +%ghost %attr(0644,%{updateuser},%{updateuser}) %{homedir}/daily.cld +%ghost %attr(0644,%{updateuser},%{updateuser}) %{homedir}/daily.cvd +%ghost %attr(0644,%{updateuser},%{updateuser}) %{homedir}/main.cld +%ghost %attr(0644,%{updateuser},%{updateuser}) %{homedir}/main.cvd + + +%files -n clamd +%doc _doc_server/* +%{_mandir}/man5/clamd.conf.5* +%{_mandir}/man8/clamd.8* +%{_sbindir}/clamd +%{_unitdir}/clamd@.service +%{_tmpfilesdir}/clamd.scan.conf +%files milter +%{_sbindir}/*milter* +%{_unitdir}/clamav-milter.service +%{_mandir}/man8/clamav-milter* +%dir %{_sysconfdir}/mail +%config(noreplace) %{_sysconfdir}/mail/clamav-milter.conf +%{_tmpfilesdir}/clamav-milter.conf %changelog -* Fri Sep 06 2024 Funda Wang - 0.103.12-1 -- Upgrade to 0.103.12 +* Mon Sep 09 2024 Funda Wang - 1.0.7-1 +- Upgrade to 1.0.7 -* Wed Mar 20 2024 yaoxin - 0.103.11-1 -- Upgrade to 0.103.11 +* Mon Sep 09 2024 Funda Wang - 0.103.12-1 +- Upgrade to 0.103.12 * Tue Aug 22 2023 wangkai - 0.103.9-1 - Update to 0.103.9 to fix CVE-2023-20197 @@ -412,18 +492,20 @@ test -e %_var/log/clamav-milter.log || { * Thu May 26 2022 liyanan - 0.103.6-3 - Fix the failure to execute the clambc command under the clamav package -- Fix clamonacc -w error * Wed May 25 2022 houyingchao - 0.103.6-2 - Fix start clamav-clamonacc-service -* Fri May 13 2022 houyingchao - 0.103.6-1 +* Mon May 16 2022 houyingchao - 0.103.6-1 - Upgrade to 0.103.6 - Fix CVE-2022-20785 CVE-2022-20771 CVE-2022-20770 CVE-2022-20792 -* Mon Jan 24 2022 wangkai - 0.103.2-4 +* Mon Jan 24 2022 wangkai - 0.103.2-5 - Fix CVE-2022-20698 +* Tue Dec 07 2021 chenchen - 0.103.2-4 +- fix clamonacc -w error + * Mon Aug 9 2021 caodongxia - 0.103.2-3 - fix clamonacc --version and --writer return value @@ -433,14 +515,17 @@ test -e %_var/log/clamav-milter.log || { * Fri Apr 16 2021 wangyue - 0.103.2-1 - Upgrade to 0.103.2-1 -* Thu Feb 18 2021 zhanghua - 0.101.4-8 +* Thu Feb 18 2021 zhanghua - 0.101.4-9 - fix CVE-2019-15961 -* Fri Oct 09 2020 lingsheng - 0.101.4-7 +* Thu Nov 26 2020 wutao - 0.101.4-8 +- drop clamd@scan.service file, change /var/run to /run + +* Sat Oct 10 2020 lingsheng - 0.101.4-7 - Fix int64 overflow check -* Mon Sep 21 2020 chengzihan - 0.101.4-6 -- Drop clamd@scann.service file, change /var/run to /run +* Wed Sep 16 2020 Ge Wang - 0.101.4-6 +- Modify Source0 Url * Thu Mar 12 2020 wutao - 0.101.4-5 - Type:N/A diff --git a/clamd-wrapper b/clamd-wrapper deleted file mode 100644 index 0a3062839839faf5f718cba55d64163603676611..0000000000000000000000000000000000000000 --- a/clamd-wrapper +++ /dev/null @@ -1,90 +0,0 @@ -#!/bin/bash -# -# Xchkconfig: - 75 35 -# Xdescription: The clamd daemon listens for incoming connections on \ -# Unix or TCP socket and scans files or directories on demand. - -test "$CLAMD_SERVICE" || { - echo $"*** $0 can not be called in this way" - echo $"*** Please see /usr/share/doc/clamav-server-*/README how" - echo $"*** the clamav-server can be configured" - exit 6 -} - -# Source function library. -. /etc/init.d/functions - -# Get config. -test -r /etc/sysconfig/network && . /etc/sysconfig/network - -# Check that networking is up. -test "$NETWORKING" != "no" || exit 6 - -lockfile=/var/lock/subsys/clamd.${CLAMD_SERVICE} -sysconffile=/etc/sysconfig/clamd.${CLAMD_SERVICE} -procname=clamd.${CLAMD_SERVICE} - -CLAMD_CONFIGFILE=/etc/clamd.d/${CLAMD_SERVICE}.conf -CLAMD_OPTIONS= -CLAMD_PIDFILE=/var/run/clamd.${CLAMD_SERVICE}/clamd.pid -## backward-compatibility check... -for i in /var/run/clamd.${CLAMD_SERVICE}/clamd.sock \ - /var/run/clamav.${CLAMD_SERVICE}/clamd.sock; do - CLAMD_SOCKET=$i - test ! -e "$i" || break -done -test -f "$sysconffile" && . "$sysconffile" - - -RETVAL=0 -prog="clamd.${CLAMD_SERVICE}" - -start () { - echo -n $"Starting $prog: " - daemon --pidfile=${CLAMD_PIDFILE} \ - exec -a $procname /usr/sbin/clamd \ - ${CLAMD_CONFIGFILE:+-c $CLAMD_CONFIGFILE} ${CLAMD_OPTIONS} --pid ${CLAMD_PIDFILE} - RETVAL=$? - echo - [ $RETVAL -eq 0 ] && touch $lockfile - return $RETVAL -} - -stop () { - echo -n $"Stopping $prog: " - killproc -p ${CLAMD_PIDFILE} $procname - RETVAL=$? - echo - [ $RETVAL -eq 0 ] && rm -f $lockfile - return $RETVAL -} - -reload() { - rc=0 - echo -n $"Reloading $prog: " - killproc -p ${CLAMD_PIDFILE} $procname -HUP || rc=$? - echo - echo -n $"Loading new virus-database: " - killproc -p ${CLAMD_PIDFILE} $procname -USR2 || rc=$? - echo - return $rc -} - -restart () { - stop - start -} - -# See how we were called. -case "$1" in - start|stop|restart|reload) - $1 ;; - status) - status -p ${CLAMD_PIDFILE} $procname ;; - condrestart) - test ! -f $lockfile || restart - ;; - *) - echo $"Usage: $0 {start|stop|status|restart|reload|condrestart}" - exit 2 -esac diff --git a/clamd.SERVICE.init b/clamd.SERVICE.init deleted file mode 100644 index f2f91918fb2b489a772882b098025969793b4a08..0000000000000000000000000000000000000000 --- a/clamd.SERVICE.init +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/bash -# -# chkconfig: - 75 35 -# description: The clamd server running for - -CLAMD_SERVICE= -. /usr/share/clamav/clamd-wrapper diff --git a/clamd.logrotate b/clamd.logrotate index 45dc48d3b1ab6ebb5e7176ff7b5066ec6e20f441..dde4e445b467064109c6138600070394961beead 100644 --- a/clamd.logrotate +++ b/clamd.logrotate @@ -4,6 +4,6 @@ missingok postrotate - pkill -u -HUP -f '/usr/sbin/clamd -c /etc/clamd.d/.conf >/dev/null 2>&1 || : + pkill -u -HUP -f "/usr/sbin/clamd -c /etc/clamd.d/.conf" >/dev/null 2>&1 || : endscript } diff --git a/clamd.scan.upstart b/clamd.scan.upstart deleted file mode 100644 index 54482e695df62b980bb5da801e99a4953316221b..0000000000000000000000000000000000000000 --- a/clamd.scan.upstart +++ /dev/null @@ -1,14 +0,0 @@ -### !!! Uncomment only *one* of the 'start on' statements !!! - -### Uncomment this line when you want clamd.scan to be a scanner for a -### locally running clamav-milter -#start on starting clamav-milter - -### Uncomment this line when you want clamd.scan to be a generic -### scanner service -#start on runlevel [345] and starting local - -stop on runlevel [!345] - -respawn -exec /usr/sbin/clamd -c /etc/clamd.d/scan.conf --foreground=yes diff --git a/clamd.sysconfig b/clamd.sysconfig deleted file mode 100644 index 4933e7e760c4a74335196e71f20192a8b79e32e9..0000000000000000000000000000000000000000 --- a/clamd.sysconfig +++ /dev/null @@ -1,3 +0,0 @@ -#CLAMD_CONFIGFILE=/etc/clamd.d/.conf -#CLAMD_SOCKET=/var/run/clamd./clamd.sock -#CLAMD_OPTIONS= diff --git a/clamd@scan.service b/clamd@scan.service deleted file mode 100644 index c3296127d1eddd790fa12fcf89c0c1aae870192f..0000000000000000000000000000000000000000 --- a/clamd@scan.service +++ /dev/null @@ -1,7 +0,0 @@ -.include /lib/systemd/system/clamd@.service - -[Unit] -Description = Generic clamav scanner daemon - -[Install] -WantedBy = multi-user.target diff --git a/fix-clamonacc-w-error.patch b/fix-clamonacc-w-error.patch deleted file mode 100644 index b4245d5d22c5b5561ff38962de8beed41e64cf57..0000000000000000000000000000000000000000 --- a/fix-clamonacc-w-error.patch +++ /dev/null @@ -1,25 +0,0 @@ -From e5de0bd90f856ed8c9b4e05e6e9c4f46920112a6 Mon Sep 17 00:00:00 2001 -From: chen-jan -Date: Tue, 7 Dec 2021 08:18:21 +0000 -Subject: [PATCH] fix clamonacc -w error - ---- - clamonacc/client/client.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/clamonacc/client/client.c b/clamonacc/client/client.c -index 347070f..f507eee 100644 ---- a/clamonacc/client/client.c -+++ b/clamonacc/client/client.c -@@ -205,7 +205,7 @@ int16_t onas_ping_clamd(struct onas_context **ctx) - /* ping command takes the form --ping [attempts[:interval]] */ - opt = optget((*ctx)->opts, "ping"); - -- if (opt) { -+ if (opt && opt->strarg) { - attempt_str = cli_strdup(opt->strarg); - if (attempt_str) { - if (NULL == attempt_str) { --- -2.30.0 - diff --git a/fix-the-failure-to-execute-the-clambc-command-under-the-clamav-package.patch b/fix-the-failure-to-execute-the-clambc-command-under-the-clamav-package.patch deleted file mode 100644 index 572855bf5f1da03af22bf553fc3bb55027c113a5..0000000000000000000000000000000000000000 --- a/fix-the-failure-to-execute-the-clambc-command-under-the-clamav-package.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -Nur clamav-0.103.6/clambc/bcrun.c clamav-0.103.6_bak/clambc/bcrun.c ---- clamav-0.103.6/clambc/bcrun.c 2022-05-02 12:46:41.000000000 +0800 -+++ clamav-0.103.6_bak/clambc/bcrun.c 2022-05-26 10:02:06.307956926 +0800 -@@ -406,7 +406,7 @@ - // ctx was memset, so recursion_level starts at 0. - cctx.recursion_stack[cctx.recursion_level].fmap = map; - cctx.recursion_stack[cctx.recursion_level].type = CL_TYPE_ANY; /* ANY for the top level, because we don't yet know the type. */ -- cctx.recursion_stack[cctx.recursion_level].size = map->len; -+ //cctx.recursion_stack[cctx.recursion_level].size = map->len; - - cctx.fmap = cctx.recursion_stack[cctx.recursion_level].fmap; - diff --git a/freshclam-sleep b/freshclam-sleep old mode 100644 new mode 100755 diff --git a/libclamav-pe-Use-endian-wrapper-in-more-places.patch b/libclamav-pe-Use-endian-wrapper-in-more-places.patch new file mode 100644 index 0000000000000000000000000000000000000000..3053713849039cdeb7bb41b97043e25135a51e42 --- /dev/null +++ b/libclamav-pe-Use-endian-wrapper-in-more-places.patch @@ -0,0 +1,91 @@ +From 5a7b1cdfadc980fb1c4fa32e6275e7c96a963110 Mon Sep 17 00:00:00 2001 +From: Sebastian Andrzej Siewior +Date: Fri, 6 Jan 2023 21:42:30 +0100 +Subject: libclamav/pe: Use endian wrapper in more places. + +A few user of VirtualAddress and Size in cli_exe_info::pe_image_data_dir +don't use the endian wrapper while other places do. This leads to +testsuite failures on big endian machines. + +Use the endian wrapper in all places across pe.c for the two members. + +Patch-Name: libclamav-pe-Use-endian-wrapper-in-more-places.patch +Signed-off-by: Sebastian Andrzej Siewior +--- + libclamav/pe.c | 18 +++++++++--------- + 1 file changed, 9 insertions(+), 9 deletions(-) + +diff --git a/libclamav/pe.c b/libclamav/pe.c +index f5dcea9..19cd2d4 100644 +--- a/libclamav/pe.c ++++ b/libclamav/pe.c +@@ -2422,22 +2422,22 @@ static cl_error_t hash_imptbl(cli_ctx *ctx, unsigned char **digest, uint32_t *im + + /* If the PE doesn't have an import table then skip it. This is an + * uncommon case but can happen. */ +- if (peinfo->dirs[1].VirtualAddress == 0 || peinfo->dirs[1].Size == 0) { ++ if (EC32(peinfo->dirs[1].VirtualAddress) == 0 || EC32(peinfo->dirs[1].Size) == 0) { + cli_dbgmsg("scan_pe: import table data dir does not exist (skipping .imp scanning)\n"); + status = CL_BREAK; + goto done; + } + + // TODO Add EC32 wrappers +- impoff = cli_rawaddr(peinfo->dirs[1].VirtualAddress, peinfo->sections, peinfo->nsections, &err, fsize, peinfo->hdr_size); +- if (err || impoff + peinfo->dirs[1].Size > fsize) { ++ impoff = cli_rawaddr(EC32(peinfo->dirs[1].VirtualAddress), peinfo->sections, peinfo->nsections, &err, fsize, peinfo->hdr_size); ++ if (err || impoff + EC32(peinfo->dirs[1].Size) > fsize) { + cli_dbgmsg("scan_pe: invalid rva for import table data\n"); + status = CL_BREAK; + goto done; + } + + // TODO Add EC32 wrapper +- impdes = (const struct pe_image_import_descriptor *)fmap_need_off(map, impoff, peinfo->dirs[1].Size); ++ impdes = (const struct pe_image_import_descriptor *)fmap_need_off(map, impoff, EC32(peinfo->dirs[1].Size)); + if (impdes == NULL) { + cli_dbgmsg("scan_pe: failed to acquire fmap buffer\n"); + status = CL_EREAD; +@@ -2447,7 +2447,7 @@ static cl_error_t hash_imptbl(cli_ctx *ctx, unsigned char **digest, uint32_t *im + + /* Safety: We can trust peinfo->dirs[1].Size only because `fmap_need_off()` (above) + * would have failed if the size exceeds the end of the fmap. */ +- left = peinfo->dirs[1].Size; ++ left = EC32(peinfo->dirs[1].Size); + + if (genhash[CLI_HASH_MD5]) { + hashctx[CLI_HASH_MD5] = cl_hash_init("md5"); +@@ -2546,7 +2546,7 @@ static cl_error_t hash_imptbl(cli_ctx *ctx, unsigned char **digest, uint32_t *im + + done: + if (needed_impoff) { +- fmap_unneed_off(map, impoff, peinfo->dirs[1].Size); ++ fmap_unneed_off(map, impoff, EC32(peinfo->dirs[1].Size)); + } + + for (type = CLI_HASH_MD5; type < CLI_HASH_AVAIL_TYPES; type++) { +@@ -3250,7 +3250,7 @@ int cli_scanpe(cli_ctx *ctx) + + /* Trojan.Swizzor.Gen */ + if (SCAN_HEURISTICS && (DCONF & PE_CONF_SWIZZOR) && peinfo->nsections > 1 && fsize > 64 * 1024 && fsize < 4 * 1024 * 1024) { +- if (peinfo->dirs[2].Size) { ++ if (EC32(peinfo->dirs[2].Size)) { + struct swizz_stats *stats = cli_calloc(1, sizeof(*stats)); + unsigned int m = 1000; + ret = CL_CLEAN; +@@ -5292,13 +5292,13 @@ cl_error_t cli_peheader(fmap_t *map, struct cli_exe_info *peinfo, uint32_t opts, + cli_dbgmsg("EntryPoint offset: 0x%x (%d)\n", peinfo->ep, peinfo->ep); + } + +- if (is_dll || peinfo->ndatadirs < 3 || !peinfo->dirs[2].Size) ++ if (is_dll || peinfo->ndatadirs < 3 || !EC32(peinfo->dirs[2].Size)) + peinfo->res_addr = 0; + else + peinfo->res_addr = EC32(peinfo->dirs[2].VirtualAddress); + + while (opts & CLI_PEHEADER_OPT_EXTRACT_VINFO && +- peinfo->ndatadirs >= 3 && peinfo->dirs[2].Size) { ++ peinfo->ndatadirs >= 3 && EC32(peinfo->dirs[2].Size)) { + struct vinfo_list vlist; + const uint8_t *vptr, *baseptr; + uint32_t rva, res_sz;