diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000000000000000000000000000000000000..65bfd05184950a449d50187b4bee34e451b13f34 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,2 @@ +*.cvd filter=lfs diff=lfs merge=lfs -text +*.tar.gz filter=lfs diff=lfs merge=lfs -text diff --git a/.lfsconfig b/.lfsconfig new file mode 100644 index 0000000000000000000000000000000000000000..2bcbdc763b77b6020221d3c60d96898510e2fbf8 --- /dev/null +++ b/.lfsconfig @@ -0,0 +1,2 @@ +[lfs] + url = https://artlfs.openeuler.openatom.cn/src-openEuler/clamav diff --git a/ClamBC-fix-crashes-on-startup.patch b/ClamBC-fix-crashes-on-startup.patch new file mode 100644 index 0000000000000000000000000000000000000000..00a7de7a72f9462a7f87af2419e91a96e53274e8 --- /dev/null +++ b/ClamBC-fix-crashes-on-startup.patch @@ -0,0 +1,81 @@ +From 99289d0b6c1dc49e9a8c68d782fd7db9a6713674 Mon Sep 17 00:00:00 2001 +From: starlet-dx <15929766099@163.com> +Date: Tue, 24 Jun 2025 17:47:36 +0800 +Subject: [PATCH 1/1] new + +--- + clambc/bcrun.c | 24 +++++++++++++++--------- + 1 file changed, 15 insertions(+), 9 deletions(-) + +diff --git a/clambc/bcrun.c b/clambc/bcrun.c +index 4d7d55a..98eb834 100644 +--- a/clambc/bcrun.c ++++ b/clambc/bcrun.c +@@ -405,13 +405,6 @@ int main(int argc, char *argv[]) + exit(3); + } + +- // ctx was memset, so recursion_level starts at 0. +- cctx.recursion_stack[cctx.recursion_level].fmap = map; +- cctx.recursion_stack[cctx.recursion_level].type = CL_TYPE_ANY; /* ANY for the top level, because we don't yet know the type. */ +- cctx.recursion_stack[cctx.recursion_level].size = map->len; +- +- cctx.fmap = cctx.recursion_stack[cctx.recursion_level].fmap; +- + memset(&dbg_state, 0, sizeof(dbg_state)); + dbg_state.file = ""; + dbg_state.line = 0; +@@ -449,11 +442,18 @@ int main(int argc, char *argv[]) + optfree(opts); + exit(5); + } ++ + map = fmap(fd, 0, 0, opt->strarg); + if (!map) { + fprintf(stderr, "Unable to map input file %s\n", opt->strarg); + exit(5); + } ++ ++ // ctx was memset, so recursion_level starts at 0. ++ cctx.recursion_stack[cctx.recursion_level].fmap = map; ++ cctx.recursion_stack[cctx.recursion_level].type = CL_TYPE_ANY; /* ANY for the top level, because we don't yet know the type. */ ++ cctx.recursion_stack[cctx.recursion_level].size = map->len; ++ + rc = cli_bytecode_context_setfile(ctx, map); + if (rc != CL_SUCCESS) { + fprintf(stderr, "Unable to set file %s: %s\n", opt->strarg, cl_strerror(rc)); +@@ -461,10 +461,15 @@ int main(int argc, char *argv[]) + exit(5); + } + } ++ + /* for testing */ + ctx->hooks.match_counts = deadbeefcounts; + ctx->hooks.match_offsets = deadbeefcounts; +- rc = cli_bytecode_run(&bcs, bc, ctx); ++ ++ /* ++ * Run the bytecode. ++ */ ++ rc = cli_bytecode_run(&bcs, bc, ctx); + if (rc != CL_SUCCESS) { + fprintf(stderr, "Unable to run bytecode: %s\n", cl_strerror(rc)); + } else { +@@ -475,12 +480,13 @@ int main(int argc, char *argv[]) + if (debug_flag) + printf("[clambc] Bytecode returned: 0x%llx\n", (long long)v); + } ++ + cli_bytecode_context_destroy(ctx); + if (map) + funmap(map); +- cl_engine_free(engine); + free(cctx.recursion_stack); + evidence_free(cctx.evidence); ++ cl_engine_free(engine); + } + cli_bytecode_destroy(bc); + cli_bytecode_done(&bcs); +-- +2.43.0 + diff --git a/bytecode-335.cvd b/bytecode-335.cvd deleted file mode 100644 index 61c2c4e1887fde1888620c174080885a0efef16a..0000000000000000000000000000000000000000 Binary files a/bytecode-335.cvd and /dev/null differ diff --git a/bytecode-336.cvd b/bytecode-336.cvd new file mode 100644 index 0000000000000000000000000000000000000000..e5bf6185b0915349119de786433da7cd602fbc3f --- /dev/null +++ b/bytecode-336.cvd @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:7012acf08e4a7f386a7b1df3692921d54e4bbb62936f6311c53975c263091869 +size 284179 diff --git a/clamav-0.103.12.tar.gz b/clamav-0.103.12.tar.gz deleted file mode 100644 index e14829821a150cca0b6a6cbffa93811a0718ac7f..0000000000000000000000000000000000000000 Binary files a/clamav-0.103.12.tar.gz and /dev/null differ diff --git a/clamav-1.0.9.tar.gz b/clamav-1.0.9.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..d00ee367b5c01ef7962058681bbd7b6353e0533c --- /dev/null +++ b/clamav-1.0.9.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:5d3a20633bd589f612a71905a4fb50c1ee857cfbe6c72644368cac0030a1eeb4 +size 50881023 diff --git a/clamav-clamonacc-version-return.patch b/clamav-clamonacc-version-return.patch deleted file mode 100644 index 38fa29e8044e127e7d6a2a6c450b1800c41fb448..0000000000000000000000000000000000000000 --- a/clamav-clamonacc-version-return.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 3a8b69890960aae06a51da2ac6833fbf8cfeeb72 Mon Sep 17 00:00:00 2001 -From: caodongxia <315816521@qq.com> -Date: Mon, 9 Aug 2021 15:18:51 +0800 -Subject: [PATCH] clamav-clamonacc-version-return - ---- - clamonacc/clamonacc.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/clamonacc/clamonacc.c b/clamonacc/clamonacc.c -index ec689f5..9ea95ad 100644 ---- a/clamonacc/clamonacc.c -+++ b/clamonacc/clamonacc.c -@@ -358,7 +358,7 @@ static int startup_checks(struct onas_context *ctx) - - if (optget(ctx->opts, "version")->enabled) { - onas_print_server_version(&ctx); -- ret = 2; -+ ret = 0; - goto done; - } - --- -2.27.0 - diff --git a/clamav-default_confs.patch b/clamav-default_confs.patch index 97bbc1028d465bec76d40766f8f6b63828c58d1b..5b06f9efa4254f3318ef3f7528eb746dcb8a15b8 100644 --- a/clamav-default_confs.patch +++ b/clamav-default_confs.patch @@ -1,6 +1,6 @@ -diff -up clamav-0.103.0/clamconf/clamconf.c.default_confs clamav-0.103.0/clamconf/clamconf.c ---- clamav-0.103.0/clamconf/clamconf.c.default_confs 2020-09-12 18:27:09.000000000 -0600 -+++ clamav-0.103.0/clamconf/clamconf.c 2020-09-17 22:00:20.792879792 -0600 +diff -up clamav-0.104.3/clamconf/clamconf.c.default_confs clamav-0.104.3/clamconf/clamconf.c +--- clamav-0.104.3/clamconf/clamconf.c.default_confs 2022-05-02 00:24:50.000000000 -0600 ++++ clamav-0.104.3/clamconf/clamconf.c 2022-05-12 22:04:42.883348923 -0600 @@ -63,9 +63,9 @@ static struct _cfgfile { const char *name; int tool; @@ -13,66 +13,66 @@ diff -up clamav-0.103.0/clamconf/clamconf.c.default_confs clamav-0.103.0/clamcon {NULL, 0}}; static void printopts(struct optstruct *opts, int nondef) -diff -up clamav-0.103.0/docs/man/clamav-milter.8.in.default_confs clamav-0.103.0/docs/man/clamav-milter.8.in ---- clamav-0.103.0/docs/man/clamav-milter.8.in.default_confs 2020-09-12 18:27:09.000000000 -0600 -+++ clamav-0.103.0/docs/man/clamav-milter.8.in 2020-09-17 22:00:20.793879800 -0600 +diff -up clamav-0.104.3/docs/man/clamav-milter.8.in.default_confs clamav-0.104.3/docs/man/clamav-milter.8.in +--- clamav-0.104.3/docs/man/clamav-milter.8.in.default_confs 2022-05-12 22:04:42.885348940 -0600 ++++ clamav-0.104.3/docs/man/clamav-milter.8.in 2022-05-12 22:05:25.031719791 -0600 @@ -27,7 +27,7 @@ Print the version number and exit. Read configuration from FILE. .SH "FILES" - .LP --@CFGDIR@/clamav-milter.conf -+@CFGDIR@/mail/clamav-milter.conf + .LP +-@CONFDIR@/clamav-milter.conf ++@CONFDIR@/mail/clamav-milter.conf .SH "AUTHOR" - .LP + .LP aCaB -diff -up clamav-0.103.0/docs/man/clamav-milter.conf.5.in.default_confs clamav-0.103.0/docs/man/clamav-milter.conf.5.in ---- clamav-0.103.0/docs/man/clamav-milter.conf.5.in.default_confs 2020-09-12 18:27:09.000000000 -0600 -+++ clamav-0.103.0/docs/man/clamav-milter.conf.5.in 2020-09-17 22:00:20.794879808 -0600 +diff -up clamav-0.104.3/docs/man/clamav-milter.conf.5.in.default_confs clamav-0.104.3/docs/man/clamav-milter.conf.5.in +--- clamav-0.104.3/docs/man/clamav-milter.conf.5.in.default_confs 2022-05-12 22:04:42.887348958 -0600 ++++ clamav-0.104.3/docs/man/clamav-milter.conf.5.in 2022-05-12 22:05:48.834929418 -0600 @@ -239,7 +239,7 @@ Default: no All options expressing a size are limited to max 4GB. Values in excess will be reset to the maximum. .SH "FILES" - .LP --@CFGDIR@/clamav-milter.conf -+@CFGDIR@/mail/clamav-milter.conf + .LP +-@CONFDIR@/clamav-milter.conf ++@CONFDIR@/mail/clamav-milter.conf .SH "AUTHOR" - .LP + .LP aCaB -diff -up clamav-0.103.0/docs/man/clamd.8.in.default_confs clamav-0.103.0/docs/man/clamd.8.in ---- clamav-0.103.0/docs/man/clamd.8.in.default_confs 2020-09-12 18:27:09.000000000 -0600 -+++ clamav-0.103.0/docs/man/clamd.8.in 2020-09-17 22:00:20.794879808 -0600 +diff -up clamav-0.104.3/docs/man/clamd.8.in.default_confs clamav-0.104.3/docs/man/clamd.8.in +--- clamav-0.104.3/docs/man/clamd.8.in.default_confs 2022-05-12 22:04:42.888348967 -0600 ++++ clamav-0.104.3/docs/man/clamd.8.in 2022-05-12 22:07:01.657570942 -0600 @@ -7,7 +7,7 @@ clamd \- an anti\-virus daemon clamd [options] .SH "DESCRIPTION" - .LP --The daemon listens for incoming connections on Unix and/or TCP socket and scans files or directories on demand. It reads the configuration from @CFGDIR@/clamd.conf -+The daemon listens for incoming connections on Unix and/or TCP socket and scans files or directories on demand. It reads the configuration from @CFGDIR@/clamd.d/scan.conf + .LP +-The daemon listens for incoming connections on Unix and/or TCP socket and scans files or directories on demand. It reads the configuration from @CONFDIR@/clamd.conf ++The daemon listens for incoming connections on Unix and/or TCP socket and scans files or directories on demand. It reads the configuration from @CONFDIR@/clamd.d/scan.conf .SH "COMMANDS" - .LP + .LP It's recommended to prefix clamd commands with the letter \fBz\fR (eg. zSCAN) to indicate that the command will be delimited by a NULL character and that clamd should continue reading command data until a NULL character is read. The null delimiter assures that the complete command and its entire argument will be processed as a single command. Alternatively commands may be prefixed with the letter \fBn\fR (e.g. nSCAN) to use a newline character as the delimiter. Clamd replies will honour the requested terminator in turn. -@@ -125,7 +125,7 @@ Reload the signature databases. +@@ -133,7 +133,7 @@ Reload the signature databases. Perform a clean exit. .SH "FILES" - .LP --@CFGDIR@/clamd.conf -+@CFGDIR@/clamd.d/scan.conf + .LP +-@CONFDIR@/clamd.conf ++@CONFDIR@/clamd.d/scan.conf .SH "CREDITS" Please check the full documentation for credits. .SH "AUTHOR" -diff -up clamav-0.103.0/docs/man/clamd.conf.5.in.default_confs clamav-0.103.0/docs/man/clamd.conf.5.in ---- clamav-0.103.0/docs/man/clamd.conf.5.in.default_confs 2020-09-17 22:00:20.795879816 -0600 -+++ clamav-0.103.0/docs/man/clamd.conf.5.in 2020-09-17 22:01:21.414353121 -0600 -@@ -759,7 +759,7 @@ Default: no +diff -up clamav-0.104.3/docs/man/clamd.conf.5.in.default_confs clamav-0.104.3/docs/man/clamd.conf.5.in +--- clamav-0.104.3/docs/man/clamd.conf.5.in.default_confs 2022-05-12 22:04:42.889348976 -0600 ++++ clamav-0.104.3/docs/man/clamd.conf.5.in 2022-05-12 22:06:21.800219822 -0600 +@@ -765,7 +765,7 @@ Default: no All options expressing a size are limited to max 4GB. Values in excess will be reset to the maximum. .SH "FILES" .LP --@CFGDIR@/clamd.conf -+@CFGDIR@/clamd.d/scan.conf +-@CONFDIR@/clamd.conf ++@CONFDIR@/clamd.d/scan.conf .SH "AUTHORS" .LP Tomasz Kojm , Kevin Lin -diff -up clamav-0.103.0/platform.h.in.default_confs clamav-0.103.0/platform.h.in ---- clamav-0.103.0/platform.h.in.default_confs 2020-09-17 22:00:20.796879824 -0600 -+++ clamav-0.103.0/platform.h.in 2020-09-17 22:01:56.842629739 -0600 +diff -up clamav-0.104.3/platform.h.in.default_confs clamav-0.104.3/platform.h.in +--- clamav-0.104.3/platform.h.in.default_confs 2022-05-02 00:24:50.000000000 -0600 ++++ clamav-0.104.3/platform.h.in 2022-05-12 22:04:42.891348993 -0600 @@ -112,9 +112,9 @@ typedef unsigned int in_addr_t; #endif diff --git a/clamav-freshclam.service.patch b/clamav-freshclam.service.patch index 2c29f03305d7e8f2add4e02ea0a86182a5d4181d..24295cefbc1a94e4e71408666b1947206ea855eb 100644 --- a/clamav-freshclam.service.patch +++ b/clamav-freshclam.service.patch @@ -1,17 +1,12 @@ ---- ./freshclam/clamav-freshclam.service.in.orig 2021-06-14 10:36:39.029730737 +0100 -+++ ./freshclam/clamav-freshclam.service.in 2021-06-14 10:37:53.621423748 +0100 -@@ -2,13 +2,12 @@ +diff -up clamav-0.104.3/freshclam/clamav-freshclam.service.in.freshclam-service clamav-0.104.3/freshclam/clamav-freshclam.service.in +--- clamav-0.104.3/freshclam/clamav-freshclam.service.in.freshclam-service 2022-05-12 22:07:25.472780737 -0600 ++++ clamav-0.104.3/freshclam/clamav-freshclam.service.in 2022-05-12 22:08:06.280140224 -0600 +@@ -2,7 +2,7 @@ Description=ClamAV virus database updater Documentation=man:freshclam(1) man:freshclam.conf(5) https://docs.clamav.net/ # If user wants it run from cron, don't start the daemon. -ConditionPathExists=!/etc/cron.d/clamav-freshclam -+# ConditionPathExists=!/etc/cron.d/clamav-update ++# ConditionPathExists=!/etc/cron.d/clamav-freshclam Wants=network-online.target After=network-online.target - [Service] - ExecStart=@prefix@/bin/freshclam -d --foreground=true --StandardOutput=syslog - - [Install] - WantedBy=multi-user.target diff --git a/clamav-0.99-private.patch b/clamav-private.patch similarity index 64% rename from clamav-0.99-private.patch rename to clamav-private.patch index 7f9f563eaa99f3d8f2e3ea6d537b62ea87a45261..41dd4c55cfc93de432ab396425a3b4cc124f9207 100644 --- a/clamav-0.99-private.patch +++ b/clamav-private.patch @@ -8,8 +8,17 @@ +Libs.private: -L${libdir} -lclamav @LIBCLAMAV_LIBS@ Cflags: -I${includedir} ---- clamav-0.99/clamav-config.in 2015-05-28 23:56:25.000000000 +0200 -+++ clamav-0.99/clamav-config.in.private 2015-12-02 01:31:34.933705763 +0100 +diff -up clamav-1.0.0/clamav-config.in.private clamav-1.0.0/clamav-config.in +--- clamav-1.0.0/clamav-config.in.private 2023-01-22 17:40:01.711757908 -0700 ++++ clamav-1.0.0/clamav-config.in 2023-01-22 18:01:06.188743168 -0700 +@@ -4,7 +4,6 @@ + prefix=@prefix@ + exec_prefix=@exec_prefix@ + includedir=@includedir@ +-libdir=@libdir@ + + usage() + { @@ -54,12 +54,8 @@ usage 0 ;; diff --git a/clamav-rpath.patch b/clamav-rpath.patch new file mode 100644 index 0000000000000000000000000000000000000000..b55cab9920e56b38f0070d6fcd268ee7656a8049 --- /dev/null +++ b/clamav-rpath.patch @@ -0,0 +1,18 @@ +diff -up clamav-1.0.0/CMakeLists.txt.rpath clamav-1.0.0/CMakeLists.txt +--- clamav-1.0.0/CMakeLists.txt.rpath 2023-01-15 22:04:58.217120124 -0700 ++++ clamav-1.0.0/CMakeLists.txt 2023-01-15 22:05:57.121818812 -0700 +@@ -180,14 +180,6 @@ endif() + + include(GNUInstallDirs) + +-if (NOT DEFINED CMAKE_INSTALL_RPATH) +- if(CMAKE_INSTALL_FULL_LIBDIR) +- set(CMAKE_INSTALL_RPATH "${CMAKE_INSTALL_FULL_LIBDIR}") +- else() +- set(CMAKE_INSTALL_RPATH "${CMAKE_INSTALL_PREFIX}/lib") +- endif() +-endif() +- + if("${CMAKE_CXX_COMPILER_ID}" MATCHES "Clang") + set(USING_CLANG ON) + else() diff --git a/clamav-rustflags.patch b/clamav-rustflags.patch new file mode 100644 index 0000000000000000000000000000000000000000..1f7281ef7d428fb970244224a4e3b0cf6a31a3e0 --- /dev/null +++ b/clamav-rustflags.patch @@ -0,0 +1,54 @@ +diff -up clamav-1.0.2/cmake/FindRust.cmake.rustflags clamav-1.0.2/cmake/FindRust.cmake +--- clamav-1.0.2/cmake/FindRust.cmake.rustflags 2023-08-15 16:24:07.000000000 -0600 ++++ clamav-1.0.2/cmake/FindRust.cmake 2023-08-17 21:17:03.957070383 -0600 +@@ -236,7 +236,7 @@ function(add_rust_executable) + # Build the executable. + add_custom_command( + OUTPUT "${OUTPUT}" +- COMMAND ${CMAKE_COMMAND} -E env "CARGO_TARGET_DIR=${ARGS_BINARY_DIRECTORY}" ${cargo_EXECUTABLE} ARGS ${MY_CARGO_ARGS} ++ COMMAND ${CMAKE_COMMAND} -E env "CARGO_TARGET_DIR=${ARGS_BINARY_DIRECTORY}" ${cargo_EXECUTABLE} ${MY_CARGO_ARGS} + WORKING_DIRECTORY "${ARGS_SOURCE_DIRECTORY}" + DEPENDS ${EXE_SOURCES} + COMMENT "Building ${ARGS_TARGET} in ${ARGS_BINARY_DIRECTORY} with:\n\t ${cargo_EXECUTABLE} ${MY_CARGO_ARGS_STRING}") +@@ -287,8 +287,8 @@ function(add_rust_library) + if("${CMAKE_OSX_ARCHITECTURES}" MATCHES "^(arm64;x86_64|x86_64;arm64)$") + add_custom_command( + OUTPUT "${OUTPUT}" +- COMMAND ${CMAKE_COMMAND} -E env "CARGO_CMD=build" "CARGO_TARGET_DIR=${ARGS_BINARY_DIRECTORY}" "MAINTAINER_MODE=${MAINTAINER_MODE}" "RUSTFLAGS=\"${RUSTFLAGS}\"" ${cargo_EXECUTABLE} ARGS ${MY_CARGO_ARGS} --target=x86_64-apple-darwin +- COMMAND ${CMAKE_COMMAND} -E env "CARGO_CMD=build" "CARGO_TARGET_DIR=${ARGS_BINARY_DIRECTORY}" "MAINTAINER_MODE=${MAINTAINER_MODE}" "RUSTFLAGS=\"${RUSTFLAGS}\"" ${cargo_EXECUTABLE} ARGS ${MY_CARGO_ARGS} --target=aarch64-apple-darwin ++ COMMAND ${CMAKE_COMMAND} -E env "CARGO_CMD=build" "CARGO_TARGET_DIR=${ARGS_BINARY_DIRECTORY}" "MAINTAINER_MODE=${MAINTAINER_MODE}" "RUSTFLAGS=${RUSTFLAGS}" ${cargo_EXECUTABLE} ARGS ${MY_CARGO_ARGS} --target=x86_64-apple-darwin ++ COMMAND ${CMAKE_COMMAND} -E env "CARGO_CMD=build" "CARGO_TARGET_DIR=${ARGS_BINARY_DIRECTORY}" "MAINTAINER_MODE=${MAINTAINER_MODE}" "RUSTFLAGS=${RUSTFLAGS}" ${cargo_EXECUTABLE} ARGS ${MY_CARGO_ARGS} --target=aarch64-apple-darwin + COMMAND ${CMAKE_COMMAND} -E make_directory "${ARGS_BINARY_DIRECTORY}/${RUST_COMPILER_TARGET}/${CARGO_BUILD_TYPE}" + COMMAND lipo ARGS -create ${ARGS_BINARY_DIRECTORY}/x86_64-apple-darwin/${CARGO_BUILD_TYPE}/lib${ARGS_TARGET}.a ${ARGS_BINARY_DIRECTORY}/aarch64-apple-darwin/${CARGO_BUILD_TYPE}/lib${ARGS_TARGET}.a -output "${OUTPUT}" + WORKING_DIRECTORY "${ARGS_SOURCE_DIRECTORY}" +@@ -312,7 +312,7 @@ function(add_rust_library) + else() + add_custom_command( + OUTPUT "${OUTPUT}" +- COMMAND ${CMAKE_COMMAND} -E env "CARGO_CMD=build" "CARGO_TARGET_DIR=${ARGS_BINARY_DIRECTORY}" "MAINTAINER_MODE=${MAINTAINER_MODE}" "RUSTFLAGS=\"${RUSTFLAGS}\"" ${cargo_EXECUTABLE} ARGS ${MY_CARGO_ARGS} ++ COMMAND ${CMAKE_COMMAND} -E env "CARGO_CMD=build" "CARGO_TARGET_DIR=${ARGS_BINARY_DIRECTORY}" "MAINTAINER_MODE=${MAINTAINER_MODE}" "RUSTFLAGS=${RUSTFLAGS}" ${cargo_EXECUTABLE} ${MY_CARGO_ARGS} + WORKING_DIRECTORY "${ARGS_SOURCE_DIRECTORY}" + DEPENDS ${LIB_SOURCES} + COMMENT "Building ${ARGS_TARGET} in ${ARGS_BINARY_DIRECTORY} with: ${cargo_EXECUTABLE} ${MY_CARGO_ARGS_STRING}") +@@ -465,8 +465,6 @@ if(NOT "${RUST_COMPILER_TARGET}" MATCHES + list(APPEND CARGO_ARGS "--target" ${RUST_COMPILER_TARGET}) + endif() + +-set(RUSTFLAGS "") +- + if(NOT CMAKE_BUILD_TYPE) + set(CARGO_BUILD_TYPE "debug") + elseif(${CMAKE_BUILD_TYPE} STREQUAL "Release" OR ${CMAKE_BUILD_TYPE} STREQUAL "MinSizeRel") +@@ -475,10 +473,11 @@ elseif(${CMAKE_BUILD_TYPE} STREQUAL "Rel + elseif(${CMAKE_BUILD_TYPE} STREQUAL "RelWithDebInfo") + set(CARGO_BUILD_TYPE "release") + list(APPEND CARGO_ARGS "--release") +- set(RUSTFLAGS "-g") ++ string(APPEND RUSTFLAGS " -g") + else() + set(CARGO_BUILD_TYPE "debug") + endif() ++string(STRIP "${RUSTFLAGS}" RUSTFLAGS) + + find_package_handle_standard_args(Rust + REQUIRED_VARS cargo_EXECUTABLE diff --git a/clamav-stats-deprecation.patch b/clamav-stats-deprecation.patch deleted file mode 100644 index a12f138e00ca19f43ef95dffbdbde374b1929e3a..0000000000000000000000000000000000000000 --- a/clamav-stats-deprecation.patch +++ /dev/null @@ -1,17 +0,0 @@ -diff -up clamav-0.102.0/shared/optparser.c.stats-deprecation clamav-0.102.0/shared/optparser.c ---- clamav-0.102.0/shared/optparser.c.stats-deprecation 2019-10-10 21:55:31.245995091 -0600 -+++ clamav-0.102.0/shared/optparser.c 2019-10-11 20:40:04.580067432 -0600 -@@ -524,6 +524,13 @@ const struct clam_option __clam_options[ - {"ArchiveLimitMemoryUsage", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, -1, NULL, 0, OPT_CLAMD | OPT_DEPRECATED, "", ""}, - {"MailFollowURLs", "mail-follow-urls", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, -1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN | OPT_DEPRECATED, "", ""}, - {"AllowSupplementaryGroups", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_MILTER | OPT_DEPRECATED, "Initialize a supplementary group access (the process must be started by root).", "no"}, -+ {"StatsHostID", "stats-host-id", 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_CLAMD | OPT_CLAMSCAN | OPT_DEPRECATED, "", "" }, -+ {"StatsEnabled", "enable-stats", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_CLAMSCAN | OPT_DEPRECATED, "", ""}, -+ {"StatsPEDisabled", "disable-pe-stats", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN | OPT_DEPRECATED, "", ""}, -+ {"StatsTimeout", "stats-timeout", 0, CLOPT_TYPE_NUMBER, MATCH_NUMBER, -1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN | OPT_FRESHCLAM | OPT_DEPRECATED, "", ""}, -+ {"SubmitDetectionStats", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_DEPRECATED, "", ""}, -+ {"DetectionStatsCountry", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_DEPRECATED, "", ""}, -+ {"DetectionStatsHostID", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_DEPRECATED, "", ""}, - {"ScanOnAccess", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, -1, NULL, 0, OPT_CLAMD | OPT_DEPRECATED, "", ""}, - - /* Milter specific options */ diff --git a/clamav-types.h b/clamav-types.h new file mode 100644 index 0000000000000000000000000000000000000000..ffa83b777e2b5fb9518e0b5f9bef2a7ffa980b21 --- /dev/null +++ b/clamav-types.h @@ -0,0 +1,14 @@ +#ifndef CLAMAV_TYPES_H_MULTILIB +#define CLAMAV_TYPES_H_MULTILIB + +#include + +#if __WORDSIZE == 32 +# include "clamav-types-32.h" +#elif __WORDSIZE == 64 +# include "clamav-types-64.h" +#else +# error "unexpected value for __WORDSIZE macro" +#endif + +#endif diff --git a/clamav.spec b/clamav.spec index 2c311168b6e08204c3caec5b769fe361059fe40f..7e56cc2fdf054262d6882fdcd364dfc0dfc951ae 100644 --- a/clamav.spec +++ b/clamav.spec @@ -1,16 +1,18 @@ +%global updateuser clamupdate +%global homedir %{_var}/lib/clamav Name: clamav Summary: End-user tools for the Clam Antivirus scanner -Version: 0.103.12 +Version: 1.0.9 Release: 1 -License: GPLv2 and Public Domain and bzip2-1.0.6 and Zlib and Apache-2.0 +License: GPL-2.0-only URL: https://www.clamav.net/ Source0: https://www.clamav.net/downloads/production/clamav-%{version}.tar.gz Source1: clamd.sysconfig Source2: clamd.logrotate Source3: main-62.cvd -Source4: daily-27388.cvd -Source5: bytecode-335.cvd +Source4: daily-27673.cvd +Source5: bytecode-336.cvd Source7: freshclam-sleep Source8: freshclam.sysconfig Source9: clamav-update.crond @@ -20,20 +22,53 @@ Source12: clamav-milter.systemd Source13: clamd.scan.upstart Source14: clamd@scan.service Source15: clamd@.service +Source16: clamav-types.h -Patch0001: clamav-stats-deprecation.patch +Patch0001: clamav-rustflags.patch Patch0002: clamav-default_confs.patch -Patch0003: clamav-0.99-private.patch -Patch0005: clamav-clamonacc-service.patch +Patch0003: clamav-private.patch +# Remove rpath +Patch0004: clamav-rpath.patch +Patch0005: clamav-clamonacc-service.patch Patch0006: clamav-freshclam.service.patch -Patch0007: clamav-clamonacc-version-return.patch -Patch0008: fix-clamonacc-w-error.patch -Patch0019: fix-the-failure-to-execute-the-clambc-command-under-the-clamav-package.patch - -BuildRequires: autoconf automake gettext-devel libtool libtool-ltdl-devel -BuildRequires: gcc-c++ zlib-devel bzip2-devel gmp-devel curl-devel json-c-devel -BuildRequires: ncurses-devel openssl-devel libxml2-devel pcre2-devel libmilter-devel -BuildRequires: bc tcl groff graphviz ocaml nc systemd-devel sendmail-devel +# https://salsa.debian.org/clamav-team/clamav/-/raw/unstable/debian/patches/ +Patch0007: libclamav-pe-Use-endian-wrapper-in-more-places.patch +# https://github.com/Cisco-Talos/clamav/issues/1484 +Patch0008: ClamBC-fix-crashes-on-startup.patch + +BuildRequires: cmake +BuildRequires: gettext-devel +BuildRequires: make +BuildRequires: gcc-c++ +BuildRequires: rust +BuildRequires: cargo +BuildRequires: bzip2-devel +BuildRequires: check-devel +BuildRequires: curl-devel +BuildRequires: git-core +BuildRequires: gmp-devel +BuildRequires: json-c-devel >= 0.15 +BuildRequires: libxml2-devel +BuildRequires: ncurses-devel +BuildRequires: openssl-devel +BuildRequires: pcre2-devel +BuildRequires: python3 +BuildRequires: python3-pytest +BuildRequires: zlib-devel +BuildRequires: bc +BuildRequires: tcl +BuildRequires: groff +BuildRequires: graphviz +BuildRequires: nc +%{?systemd_requires} +BuildRequires: systemd +BuildRequires: systemd-devel +BuildRequires: libmilter-devel +%ifarch %{valgrind_arches} +BuildRequires: valgrind +%endif + +Requires: clamav-filesystem = %{version}-%{release} Requires: data(clamav) Provides: bundled(libmspack) = 0.5-0.1.alpha.modified_by_clamav @@ -145,102 +180,69 @@ The clamav-milter package contains files which are needed to run the clamav-milt %prep -%autosetup -n %{name}-%{version}%{?prerelease} -p1 +%autosetup -n %{name}-%{version} -p1 install -d libclamunrar{,_iface} touch libclamunrar/{Makefile.in,all,install} -sed -ri -e 's!^#?(LogFile ).*!#\1/var/log/clamd.!g' \ - -e 's!^#?(LocalSocket ).*!#\1%{_rundir}/clamd./clamd.sock!g' \ - -e 's!^(#?PidFile ).*!\1%{_rundir}/clamd./clamd.pid!g' \ - -e 's!^#?(User ).*!\1!g' \ - -e 's!^#?(AllowSupplementaryGroups|LogSyslog).*!\1 yes!g' \ - -e 's! /usr/local/share/clamav,! %_var/lib/clamav,!g' etc/clamd.conf.sample - -sed -ri -e 's!^Example!#Example!' -e 's!^#?(UpdateLogFile )!#\1!g;' \ - -e 's!^#?(LogSyslog).*!\1 yes!g' -e 's!(DatabaseOwner *)clamav$!\1clamav!g' \ - etc/freshclam.conf.sample - - %build -export LDFLAGS='%{?__global_ldflags} -Wl,--as-needed' +export LDFLAGS=$(echo %{?__global_ldflags} | sed '/-Wl,--as-needed/!s/$/ -Wl,--as-needed/') export have_cv_ipv6=yes -rm -rf libltdl autom4te.cache Makefile.in -autoreconf -i -%configure --enable-milter --disable-clamav --disable-static --disable-zlib-vcheck \ - --disable-unrar --enable-id-check --enable-dns --with-dbdir=%_var/lib/clamav \ - --with-group=clamav --with-user=clamav --disable-rpath \ - --disable-silent-rules --enable-clamdtop - -sed -i -e 's! -shared ! -Wl,--as-needed\0!g' \ - -e '/sys_lib_dlsearch_path_spec=\"\/lib \/usr\/lib /s!\"\/lib \/usr\/lib !/\"/%_lib /usr/%_lib !g' \ - libtool - -%make_build - +%cmake \ + -S %{_vpath_srcdir} \ + -B %{_vpath_builddir} \ + -DAPP_CONFIG_DIRECTORY=%{_sysconfdir} \ + -DCMAKE_INSTALL_DOCDIR=%{_pkgdocdir} \ + -DCLAMAV_USER=%{updateuser} -DCLAMAV_GROUP=%{updateuser} \ + -DDATABASE_DIRECTORY=%{homedir} \ + -DENABLE_UNRAR=OFF +cmake --build %{_vpath_builddir} %{?_smp_mflags} --verbose %install rm -rf _doc* -%make_install - -function smartsubst() { - local tmp - local regexp=$1 - shift - - tmp=$(mktemp /tmp/%name-subst.XXXXXX) - for i; do - sed -e "$regexp" "$i" >$tmp - cmp -s $tmp "$i" || cat $tmp >"$i" - rm -f $tmp - done -} +DESTDIR="%{buildroot}" cmake --install %{_vpath_builddir} +install -d -m 0755 \ + %{buildroot}%{_tmpfilesdir} \ + %{buildroot}%{homedir} \ + %{buildroot}%{quarantinedir} -install -d -m 0755 $RPM_BUILD_ROOT%_sysconfdir/{mail,clamd.d,logrotate.d} \ - $RPM_BUILD_ROOT%_tmpfilesdir $RPM_BUILD_ROOT%_rundir $RPM_BUILD_ROOT%_var/log \ - $RPM_BUILD_ROOT%_rundir/clamav-milter $RPM_BUILD_ROOT%_datadir/%name/template \ - $RPM_BUILD_ROOT%_initrddir $RPM_BUILD_ROOT%_var/lib/clamav $RPM_BUILD_ROOT%_rundir/clamd.scan - -%delete_la - -touch $RPM_BUILD_ROOT%_var/lib/clamav/{daily,main,bytecode}.cld -touch $RPM_BUILD_ROOT%_var/lib/clamav/mirrors.dat - -install -D -m 0644 -p %SOURCE3 $RPM_BUILD_ROOT%_var/lib/clamav/main.cvd -install -D -m 0644 -p %SOURCE4 $RPM_BUILD_ROOT%_var/lib/clamav/daily.cvd -install -D -m 0644 -p %SOURCE5 $RPM_BUILD_ROOT%_var/lib/clamav/bytecode.cvd -install -D -m 0644 -p %SOURCE1 _doc_server/clamd.sysconfig -install -D -m 0644 -p %SOURCE2 _doc_server/clamd.logrotate -install -D -m 0644 -p etc/clamd.conf.sample _doc_server/clamd.conf -install -D -p _doc_server/* $RPM_BUILD_ROOT%_datadir/%name/template -install -D -p -m 0644 %SOURCE15 $RPM_BUILD_ROOT%_unitdir/clamd@.service -install -D -m 0644 -p %SOURCE10 $RPM_BUILD_ROOT%_sysconfdir/logrotate.d/clamav-update -touch $RPM_BUILD_ROOT%_var/log/freshclam.log -install -D -p -m 0755 %SOURCE7 $RPM_BUILD_ROOT%_datadir/%name/freshclam-sleep -install -D -p -m 0644 %SOURCE8 $RPM_BUILD_ROOT%_sysconfdir/sysconfig/freshclam -install -D -p -m 0600 %SOURCE9 $RPM_BUILD_ROOT%_sysconfdir/cron.d/clamav-update -mv -f $RPM_BUILD_ROOT%_sysconfdir/freshclam.conf{.sample,} -chmod 600 $RPM_BUILD_ROOT%_sysconfdir/freshclam.conf - -smartsubst 's!webmaster,clamav!webmaster,clamav!g; - s!/usr/share/clamav!%_datadir/%name!g; - s!/usr/bin!%_bindir!g; - s!/usr/sbin!%_sbindir!g;' \ - $RPM_BUILD_ROOT%_sysconfdir/cron.d/clamav-update \ - $RPM_BUILD_ROOT%_datadir/%name/freshclam-sleep +install -D -m 0644 -p %{SOURCE3} %{buildroot}%{homedir}/main.cvd +install -D -m 0644 -p %{SOURCE4} %{buildroot}%{homedir}/daily.cvd +install -D -m 0644 -p %{SOURCE5} %{buildroot}%{homedir}/bytecode.cvd -sed -e 's!!scan!g;s!!clamscan!g' \ - etc/clamd.conf.sample > $RPM_BUILD_ROOT%_sysconfdir/clamd.d/scan.conf +sed -ri \ + -e 's!^Example!#Example!' \ + -e 's!^#?(UpdateLogFile )!#\1!g;' \ + -e 's!(DatabaseOwner *)clamav$!\1%{updateuser}!g' %{buildroot}%{_sysconfdir}/freshclam.conf.sample -install -D -p -m 0644 %SOURCE13 $RPM_BUILD_ROOT%_sysconfdir/init/clamd.scan.conf +mv %{buildroot}%{_sysconfdir}/freshclam.conf{.sample,} +chmod 600 %{buildroot}%{_sysconfdir}/freshclam.conf -cat << EOF > $RPM_BUILD_ROOT%_tmpfilesdir/clamd.scan.conf -d %_rundir/clamd.scan 0710 clamscan virusgroup -EOF +install -D -m 0644 -p %{SOURCE3} _doc_server/clamd.logrotate -touch $RPM_BUILD_ROOT%_rundir/clamd.scan/clamd.{sock,pid} +ln -s clamav-clamonacc.service %{buildroot}%{_unitdir}/clamonacc.service +install -D -p -m 0644 %{SOURCE15} %{buildroot}%{_unitdir}/clamd@.service +sed -ri \ + -e 's!^Example!#Example!' \ + -e 's!^#?(LogFile ).*!#\1/var/log/clamd.!g' \ + -e 's!^#?(LocalSocket ).*!#\1%{_rundir}/clamd./clamd.sock!g' \ + -e 's!^(#?PidFile ).*!\1%{_rundir}/clamd./clamd.pid!g' \ + -e 's!^#?(User ).*!\1!g' \ + -e 's!^#?(AllowSupplementaryGroups|LogSyslog).*!\1 yes!g' \ + -e 's! /usr/local/share/clamav,! %{homedir},!g' \ + %{buildroot}%{_sysconfdir}/clamd.conf.sample + +install -d -m 0755 %{buildroot}%{_sysconfdir}/clamd.d +sed -e 's!!scan!g;s!!clamscan!g' \ + %{buildroot}%{_sysconfdir}/clamd.conf.sample > %{buildroot}%{_sysconfdir}/clamd.d/scan.conf + +mv %{buildroot}%{_sysconfdir}/clamd.conf.sample _doc_server/clamd.conf + +cat << EOF > %{buildroot}%{_tmpfilesdir}/clamd.scan.conf +d %{_rundir}/clamd.scan 0710 clamscan virusgroup +EOF sed -r -e 's!^#?(User).*!\1 clamilt!g' \ -e 's!^#?(AllowSupplementaryGroups|LogSyslog) .*!\1 yes!g' \ @@ -248,29 +250,40 @@ sed -r -e 's!^#?(User).*!\1 clamilt!g' \ -e 's! /var/run/clamav-milter.pid! %_rundir/clamav-milter/clamav-milter.pid!g' \ -e 's! /var/run/clamd/clamd.socket! %_rundir/clamd.scan/clamd.sock!g' \ -e 's! /tmp/clamav-milter.log! %_var/log/clamav-milter.log!g' \ - etc/clamav-milter.conf.sample > $RPM_BUILD_ROOT%_sysconfdir/mail/clamav-milter.conf + %{buildroot}%{_sysconfdir}/clamav-milter.conf.sample -install -D -p -m 0644 %SOURCE11 $RPM_BUILD_ROOT%_sysconfdir/init/clamav-milter.conf -install -D -p -m 0644 %SOURCE12 $RPM_BUILD_ROOT%_unitdir/clamav-milter.service +install -d -m 0755 %{buildroot}%{_sysconfdir}/mail +mv %{buildroot}%{_sysconfdir}/clamav-milter.conf.sample %{buildroot}%{_sysconfdir}/mail/clamav-milter.conf -cat << EOF > $RPM_BUILD_ROOT%_tmpfilesdir/clamav-milter.conf -d %_rundir/clamav-milter 0710 clamilt clamilt -EOF +install -D -p -m 0644 %{SOURCE12} %{buildroot}%{_unitdir}/clamav-milter.service -touch $RPM_BUILD_ROOT{%_rundir/clamav-milter/clamav-milter.{socket,pid},%_var/log/clamav-milter.log} +cat << EOF > %{buildroot}%{_tmpfilesdir}/clamav-milter.conf +d %{_rundir}/clamav-milter 0710 clamilt clamilt +EOF +install -m 0644 %SOURCE16 %{buildroot}%{_includedir}/clamav-types.h +rm %{buildroot}%{_unitdir}/clamav-daemon.* %check -%make_build check - +%ctest -- -R valgrind || : + +%post data +# nullglob. If set, Bash allows filename patterns which match no files to expand to a null string, rather than themselves +shopt -s nullglob +# Let newer .cld files take precedence over the shipped .cvd files +for f in %{homedir}/*.cld +do + cvd=${f/.cld/.cvd} + [ -f $f -a $f -nt $cvd ] && rm -f $cvd || : +done %pre filesystem -getent group clamav >/dev/null || groupadd -r clamav -getent passwd clamav >/dev/null || \ - useradd -r -g clamav -d %_var/lib/clamav -s /sbin/nologin \ - -c "Clamav database update user" clamav +getent group %{updateuser} >/dev/null || groupadd -r %{updateuser} +getent passwd %{updateuser} >/dev/null || \ + useradd -r -g %{updateuser} -d %{homedir} -s /sbin/nologin \ + -c "Clamav database update user" %{updateuser} getent group virusgroup >/dev/null || groupadd -r virusgroup -usermod clamav -a -G virusgroup +usermod %{updateuser} -a -G virusgroup exit 0 @@ -286,7 +299,6 @@ exit 0 [ -L /etc/systemd/system/multi-user.target.wants/clamd@scan.service ] && ln -sf /usr/lib/systemd/system/clamd@.service /etc/systemd/system/multi-user.target.wants/clamd@scan.service || : %systemd_post clamd@scan.service -/bin/systemd-tmpfiles --create %_tmpfilesdir/clamd.scan.conf || : %preun -n clamd %systemd_preun clamd@scan.service @@ -314,14 +326,7 @@ usermod clamilt -a -G virusgroup exit 0 %post milter -test -e %_var/log/clamav-milter.log || { - touch %_var/log/clamav-milter.log - chmod 0620 %_var/log/clamav-milter.log - chown root:clamilt %_var/log/clamav-milter.log - ! test -x /sbin/restorecon || /sbin/restorecon %_var/log/clamav-milter.log -} %systemd_post clamav-milter.service -/bin/systemd-tmpfiles --create %_tmpfilesdir/clamav-milter.conf || : %preun milter %systemd_preun clamav-milter.service @@ -331,20 +336,19 @@ test -e %_var/log/clamav-milter.log || { %files %exclude %_unitdir/clamav-{daemon,freshclam}.* -%exclude %_rundir/*/*.pid %license COPYING %doc NEWS.md README.md docs/html %_bindir/{clambc,clamconf,clamdscan,clamdtop,clamscan,clamsubmit,sigtool} -%_libdir/libclamav.so.9* +%_libdir/libclamav.so.11* %_libdir/libclammspack.so.0* %_sbindir/clamonacc +%_unitdir/clamonacc.service %_unitdir/clamav-clamonacc.service %files devel %_includedir/* %_libdir/*.so -%_datadir/%name/template %_libdir/pkgconfig/* %_bindir/clamav-config @@ -352,52 +356,46 @@ test -e %_var/log/clamav-milter.log || { %_mandir/man?/* %files filesystem -%attr(-,clamav,clamav) %dir %_var/lib/clamav -%attr(-,root,root) %dir %_datadir/%name -%exclude %_sysconfdir/clamd.conf.sample -%exclude %_sysconfdir/clamav-milter.conf.sample -%exclude %_sysconfdir/init +%attr(-,%{updateuser},%{updateuser}) %dir %{homedir} %dir %_sysconfdir/clamd.d +%config(noreplace) %{_sysconfdir}/clamd.d/scan.conf %files data -%defattr(-,clamav,clamav,-) -%config %verify(not size md5 mtime) %_var/lib/clamav/*.cvd +%defattr(-,%{updateuser},%{updateuser},-) +%config %verify(not size md5 mtime) %{homedir}/*.cvd %files update %_bindir/freshclam %_libdir/libfreshclam.so.2* -%_datadir/%name/freshclam-sleep +%_mandir/*/freshclam* +%_unitdir/clamav-freshclam.service %config(noreplace) %verify(not mtime) %_sysconfdir/freshclam.conf -%config(noreplace) %verify(not mtime) %_sysconfdir/logrotate.d/* -%config(noreplace) %_sysconfdir/cron.d/clamav-update -%config(noreplace) %_sysconfdir/sysconfig/freshclam -%ghost %attr(0664,root,clamav) %verify(not size md5 mtime) %_var/log/freshclam.log -%ghost %attr(0664,clamav,clamav) %_var/lib/clamav/*.cld -%ghost %attr(0664,clamav,clamav) %_var/lib/clamav/mirrors.dat +%ghost %attr(0644,%{updateuser},%{updateuser}) %{homedir}/bytecode.cld +%ghost %attr(0644,%{updateuser},%{updateuser}) %{homedir}/bytecode.cvd +%ghost %attr(0644,%{updateuser},%{updateuser}) %{homedir}/freshclam.dat +%ghost %attr(0644,%{updateuser},%{updateuser}) %{homedir}/daily.cld +%ghost %attr(0644,%{updateuser},%{updateuser}) %{homedir}/daily.cvd +%ghost %attr(0644,%{updateuser},%{updateuser}) %{homedir}/main.cld +%ghost %attr(0644,%{updateuser},%{updateuser}) %{homedir}/main.cvd %files -n clamd %doc _doc_server/* %_sbindir/clamd %_unitdir/clamd@.service - -%config(noreplace) %_sysconfdir/clamd.d/scan.conf -%ghost %_rundir/clamd.scan/clamd.sock %_tmpfilesdir/clamd.scan.conf -%ghost %dir %attr(0710,clamscan,virusgroup) %_rundir/clamd.scan - %files milter %_sbindir/*milter* +%_unitdir/clamav-milter.service %dir %_sysconfdir/mail %config(noreplace) %_sysconfdir/mail/clamav-milter.conf -%ghost %attr(0620,root,clamilt) %verify(not size md5 mtime) %_var/log/clamav-milter.log -%ghost %_rundir/clamav-milter/clamav-milter.socket %_tmpfilesdir/clamav-milter.conf -%ghost %dir %attr(0710,clamilt,clamilt) %_rundir/clamav-milter -%_unitdir/clamav-milter.service %changelog +* Tue Jun 24 2025 yaoxin <1024769339@qq.com> - 1.0.9-1 +- Update to 1.0.9 for fix CVE-2025-20260 + * Fri Sep 06 2024 Funda Wang - 0.103.12-1 - Upgrade to 0.103.12 diff --git a/clamd.logrotate b/clamd.logrotate index 45dc48d3b1ab6ebb5e7176ff7b5066ec6e20f441..dde4e445b467064109c6138600070394961beead 100644 --- a/clamd.logrotate +++ b/clamd.logrotate @@ -4,6 +4,6 @@ missingok postrotate - pkill -u -HUP -f '/usr/sbin/clamd -c /etc/clamd.d/.conf >/dev/null 2>&1 || : + pkill -u -HUP -f "/usr/sbin/clamd -c /etc/clamd.d/.conf" >/dev/null 2>&1 || : endscript } diff --git a/daily-27388.cvd b/daily-27388.cvd deleted file mode 100644 index a93d3793c3cbe828f4de54878345da5ad64289be..0000000000000000000000000000000000000000 Binary files a/daily-27388.cvd and /dev/null differ diff --git a/daily-27673.cvd b/daily-27673.cvd new file mode 100644 index 0000000000000000000000000000000000000000..72d42a2f7124585b273b584981e5c422c200963f --- /dev/null +++ b/daily-27673.cvd @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:7dccc9d0bde63fddaec76ea930243c493ae8ba04f46a305859d278672d581d45 +size 64673875 diff --git a/fix-clamonacc-w-error.patch b/fix-clamonacc-w-error.patch deleted file mode 100644 index b4245d5d22c5b5561ff38962de8beed41e64cf57..0000000000000000000000000000000000000000 --- a/fix-clamonacc-w-error.patch +++ /dev/null @@ -1,25 +0,0 @@ -From e5de0bd90f856ed8c9b4e05e6e9c4f46920112a6 Mon Sep 17 00:00:00 2001 -From: chen-jan -Date: Tue, 7 Dec 2021 08:18:21 +0000 -Subject: [PATCH] fix clamonacc -w error - ---- - clamonacc/client/client.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/clamonacc/client/client.c b/clamonacc/client/client.c -index 347070f..f507eee 100644 ---- a/clamonacc/client/client.c -+++ b/clamonacc/client/client.c -@@ -205,7 +205,7 @@ int16_t onas_ping_clamd(struct onas_context **ctx) - /* ping command takes the form --ping [attempts[:interval]] */ - opt = optget((*ctx)->opts, "ping"); - -- if (opt) { -+ if (opt && opt->strarg) { - attempt_str = cli_strdup(opt->strarg); - if (attempt_str) { - if (NULL == attempt_str) { --- -2.30.0 - diff --git a/fix-the-failure-to-execute-the-clambc-command-under-the-clamav-package.patch b/fix-the-failure-to-execute-the-clambc-command-under-the-clamav-package.patch deleted file mode 100644 index 572855bf5f1da03af22bf553fc3bb55027c113a5..0000000000000000000000000000000000000000 --- a/fix-the-failure-to-execute-the-clambc-command-under-the-clamav-package.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -Nur clamav-0.103.6/clambc/bcrun.c clamav-0.103.6_bak/clambc/bcrun.c ---- clamav-0.103.6/clambc/bcrun.c 2022-05-02 12:46:41.000000000 +0800 -+++ clamav-0.103.6_bak/clambc/bcrun.c 2022-05-26 10:02:06.307956926 +0800 -@@ -406,7 +406,7 @@ - // ctx was memset, so recursion_level starts at 0. - cctx.recursion_stack[cctx.recursion_level].fmap = map; - cctx.recursion_stack[cctx.recursion_level].type = CL_TYPE_ANY; /* ANY for the top level, because we don't yet know the type. */ -- cctx.recursion_stack[cctx.recursion_level].size = map->len; -+ //cctx.recursion_stack[cctx.recursion_level].size = map->len; - - cctx.fmap = cctx.recursion_stack[cctx.recursion_level].fmap; - diff --git a/libclamav-pe-Use-endian-wrapper-in-more-places.patch b/libclamav-pe-Use-endian-wrapper-in-more-places.patch new file mode 100644 index 0000000000000000000000000000000000000000..3053713849039cdeb7bb41b97043e25135a51e42 --- /dev/null +++ b/libclamav-pe-Use-endian-wrapper-in-more-places.patch @@ -0,0 +1,91 @@ +From 5a7b1cdfadc980fb1c4fa32e6275e7c96a963110 Mon Sep 17 00:00:00 2001 +From: Sebastian Andrzej Siewior +Date: Fri, 6 Jan 2023 21:42:30 +0100 +Subject: libclamav/pe: Use endian wrapper in more places. + +A few user of VirtualAddress and Size in cli_exe_info::pe_image_data_dir +don't use the endian wrapper while other places do. This leads to +testsuite failures on big endian machines. + +Use the endian wrapper in all places across pe.c for the two members. + +Patch-Name: libclamav-pe-Use-endian-wrapper-in-more-places.patch +Signed-off-by: Sebastian Andrzej Siewior +--- + libclamav/pe.c | 18 +++++++++--------- + 1 file changed, 9 insertions(+), 9 deletions(-) + +diff --git a/libclamav/pe.c b/libclamav/pe.c +index f5dcea9..19cd2d4 100644 +--- a/libclamav/pe.c ++++ b/libclamav/pe.c +@@ -2422,22 +2422,22 @@ static cl_error_t hash_imptbl(cli_ctx *ctx, unsigned char **digest, uint32_t *im + + /* If the PE doesn't have an import table then skip it. This is an + * uncommon case but can happen. */ +- if (peinfo->dirs[1].VirtualAddress == 0 || peinfo->dirs[1].Size == 0) { ++ if (EC32(peinfo->dirs[1].VirtualAddress) == 0 || EC32(peinfo->dirs[1].Size) == 0) { + cli_dbgmsg("scan_pe: import table data dir does not exist (skipping .imp scanning)\n"); + status = CL_BREAK; + goto done; + } + + // TODO Add EC32 wrappers +- impoff = cli_rawaddr(peinfo->dirs[1].VirtualAddress, peinfo->sections, peinfo->nsections, &err, fsize, peinfo->hdr_size); +- if (err || impoff + peinfo->dirs[1].Size > fsize) { ++ impoff = cli_rawaddr(EC32(peinfo->dirs[1].VirtualAddress), peinfo->sections, peinfo->nsections, &err, fsize, peinfo->hdr_size); ++ if (err || impoff + EC32(peinfo->dirs[1].Size) > fsize) { + cli_dbgmsg("scan_pe: invalid rva for import table data\n"); + status = CL_BREAK; + goto done; + } + + // TODO Add EC32 wrapper +- impdes = (const struct pe_image_import_descriptor *)fmap_need_off(map, impoff, peinfo->dirs[1].Size); ++ impdes = (const struct pe_image_import_descriptor *)fmap_need_off(map, impoff, EC32(peinfo->dirs[1].Size)); + if (impdes == NULL) { + cli_dbgmsg("scan_pe: failed to acquire fmap buffer\n"); + status = CL_EREAD; +@@ -2447,7 +2447,7 @@ static cl_error_t hash_imptbl(cli_ctx *ctx, unsigned char **digest, uint32_t *im + + /* Safety: We can trust peinfo->dirs[1].Size only because `fmap_need_off()` (above) + * would have failed if the size exceeds the end of the fmap. */ +- left = peinfo->dirs[1].Size; ++ left = EC32(peinfo->dirs[1].Size); + + if (genhash[CLI_HASH_MD5]) { + hashctx[CLI_HASH_MD5] = cl_hash_init("md5"); +@@ -2546,7 +2546,7 @@ static cl_error_t hash_imptbl(cli_ctx *ctx, unsigned char **digest, uint32_t *im + + done: + if (needed_impoff) { +- fmap_unneed_off(map, impoff, peinfo->dirs[1].Size); ++ fmap_unneed_off(map, impoff, EC32(peinfo->dirs[1].Size)); + } + + for (type = CLI_HASH_MD5; type < CLI_HASH_AVAIL_TYPES; type++) { +@@ -3250,7 +3250,7 @@ int cli_scanpe(cli_ctx *ctx) + + /* Trojan.Swizzor.Gen */ + if (SCAN_HEURISTICS && (DCONF & PE_CONF_SWIZZOR) && peinfo->nsections > 1 && fsize > 64 * 1024 && fsize < 4 * 1024 * 1024) { +- if (peinfo->dirs[2].Size) { ++ if (EC32(peinfo->dirs[2].Size)) { + struct swizz_stats *stats = cli_calloc(1, sizeof(*stats)); + unsigned int m = 1000; + ret = CL_CLEAN; +@@ -5292,13 +5292,13 @@ cl_error_t cli_peheader(fmap_t *map, struct cli_exe_info *peinfo, uint32_t opts, + cli_dbgmsg("EntryPoint offset: 0x%x (%d)\n", peinfo->ep, peinfo->ep); + } + +- if (is_dll || peinfo->ndatadirs < 3 || !peinfo->dirs[2].Size) ++ if (is_dll || peinfo->ndatadirs < 3 || !EC32(peinfo->dirs[2].Size)) + peinfo->res_addr = 0; + else + peinfo->res_addr = EC32(peinfo->dirs[2].VirtualAddress); + + while (opts & CLI_PEHEADER_OPT_EXTRACT_VINFO && +- peinfo->ndatadirs >= 3 && peinfo->dirs[2].Size) { ++ peinfo->ndatadirs >= 3 && EC32(peinfo->dirs[2].Size)) { + struct vinfo_list vlist; + const uint8_t *vptr, *baseptr; + uint32_t rva, res_sz; diff --git a/main-62.cvd b/main-62.cvd index 9a117207e20b7ca7d2f09d58ab2b7d6ecbac405f..6d54b1f797305fa8b359e69d4b4c810ed875a999 100644 Binary files a/main-62.cvd and b/main-62.cvd differ