* [gentoo-commits] repo/gentoo:master commit in: app-antivirus/clamav/, app-antivirus/clamav/files/
@ 2017-01-27 19:44 Austin English
0 siblings, 0 replies; 16+ messages in thread
From: Austin English @ 2017-01-27 19:44 UTC (permalink / raw
To: gentoo-commits
commit: bcbbdee31e7cc94d9262a9df057db8fdd31d2f47
Author: Austin English <wizardedit <AT> gentoo <DOT> org>
AuthorDate: Fri Jan 27 19:36:06 2017 +0000
Commit: Austin English <wizardedit <AT> gentoo <DOT> org>
CommitDate: Fri Jan 27 19:44:13 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bcbbdee3
app-antivirus/clamav: use upstream fix for broken zlib check instead of disabling it completely
Ack'ed by radhermit
Gentoo-Bug: https://bugs.gentoo.org/604650
Package-Manager: Portage-2.3.2, Repoman-2.3.1
app-antivirus/clamav/clamav-0.99.1.ebuild | 7 +++++--
app-antivirus/clamav/clamav-0.99.2.ebuild | 5 +++--
app-antivirus/clamav/clamav-0.99.ebuild | 5 ++++-
.../clamav/files/clamav-configure-zlib.patch | 22 ++++++++++++++++++++++
4 files changed, 34 insertions(+), 5 deletions(-)
diff --git a/app-antivirus/clamav/clamav-0.99.1.ebuild b/app-antivirus/clamav/clamav-0.99.1.ebuild
index 4f16064..be2a73a 100644
--- a/app-antivirus/clamav/clamav-0.99.1.ebuild
+++ b/app-antivirus/clamav/clamav-0.99.1.ebuild
@@ -1,10 +1,10 @@
-# Copyright 1999-2016 Gentoo Foundation
+# Copyright 1999-2017 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$
EAPI=5
-inherit eutils flag-o-matic user systemd
+inherit autotools eutils flag-o-matic user systemd
DESCRIPTION="Clam Anti-Virus Scanner"
HOMEPAGE="http://www.clamav.net/"
@@ -45,6 +45,9 @@ pkg_setup() {
src_prepare() {
use ppc64 && append-flags -mminimal-toc
use uclibc && export ac_cv_type_error_t=yes
+
+ epatch "${FILESDIR}"/${PN}-configure-zlib.patch # 604650, fixed in upstream HEAD
+ eautoconf
}
src_configure() {
diff --git a/app-antivirus/clamav/clamav-0.99.2.ebuild b/app-antivirus/clamav/clamav-0.99.2.ebuild
index 5ab484b..1ce8399 100644
--- a/app-antivirus/clamav/clamav-0.99.2.ebuild
+++ b/app-antivirus/clamav/clamav-0.99.2.ebuild
@@ -4,7 +4,7 @@
EAPI=5
-inherit eutils flag-o-matic user systemd
+inherit autotools eutils flag-o-matic user systemd
DESCRIPTION="Clam Anti-Virus Scanner"
HOMEPAGE="http://www.clamav.net/"
@@ -48,13 +48,14 @@ src_prepare() {
use uclibc && export ac_cv_type_error_t=yes
epatch "${FILESDIR}"/${P}-gcc-6.patch #592432
+ epatch "${FILESDIR}"/${PN}-configure-zlib.patch # 604650, fixed in upstream HEAD
+ eautoconf
}
src_configure() {
econf \
--disable-experimental \
--disable-fanotify \
- --disable-zlib-vcheck \
--enable-id-check \
--with-dbdir="${EPREFIX}"/var/lib/clamav \
--with-system-tommath \
diff --git a/app-antivirus/clamav/clamav-0.99.ebuild b/app-antivirus/clamav/clamav-0.99.ebuild
index 144082f..b77f3e7 100644
--- a/app-antivirus/clamav/clamav-0.99.ebuild
+++ b/app-antivirus/clamav/clamav-0.99.ebuild
@@ -4,7 +4,7 @@
EAPI=5
-inherit eutils flag-o-matic user systemd
+inherit autotools eutils flag-o-matic user systemd
DESCRIPTION="Clam Anti-Virus Scanner"
HOMEPAGE="http://www.clamav.net/"
@@ -45,6 +45,9 @@ pkg_setup() {
src_prepare() {
use ppc64 && append-flags -mminimal-toc
use uclibc && export ac_cv_type_error_t=yes
+
+ epatch "${FILESDIR}"/${PN}-configure-zlib.patch # 604650, fixed in upstream HEAD
+ eautoconf
}
src_configure() {
diff --git a/app-antivirus/clamav/files/clamav-configure-zlib.patch b/app-antivirus/clamav/files/clamav-configure-zlib.patch
new file mode 100644
index 00000000..8d1f4e6
--- /dev/null
+++ b/app-antivirus/clamav/files/clamav-configure-zlib.patch
@@ -0,0 +1,22 @@
+commit f0bcd186190fe6e67b3f0eaaceb7a99aa6a98865
+Author: Steven Morgan <stevmorg@cisco.com>
+Date: Thu Jan 5 12:30:35 2017 -0500
+
+ bb111711 - fix zlib version check - patch by Daniel J. Luke.
+
+diff --git a/m4/reorganization/libs/libz.m4 b/m4/reorganization/libs/libz.m4
+index b5c7414..f7b67ca 100644
+--- a/m4/reorganization/libs/libz.m4
++++ b/m4/reorganization/libs/libz.m4
+@@ -29,9 +29,9 @@ then
+ AC_MSG_ERROR([Please install zlib and zlib-devel packages])
+ else
+
+- vuln=`grep "ZLIB_VERSION \"1.2.0" $ZLIB_HOME/include/zlib.h`
++ vuln=`grep "ZLIB_VERSION \"1.2.0\"" $ZLIB_HOME/include/zlib.h`
+ if test -z "$vuln"; then
+- vuln=`grep "ZLIB_VERSION \"1.2.1" $ZLIB_HOME/include/zlib.h`
++ vuln=`grep "ZLIB_VERSION \"1.2.1\"" $ZLIB_HOME/include/zlib.h`
+ fi
+
+ if test -n "$vuln"; then
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-antivirus/clamav/, app-antivirus/clamav/files/
@ 2017-11-23 22:30 Robin H. Johnson
0 siblings, 0 replies; 16+ messages in thread
From: Robin H. Johnson @ 2017-11-23 22:30 UTC (permalink / raw
To: gentoo-commits
commit: e33445233f097eadbbb1acf0861e9a41593bc593
Author: coyote <coyote <AT> bks <DOT> tv>
AuthorDate: Thu Nov 23 01:52:52 2017 +0000
Commit: Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
CommitDate: Thu Nov 23 22:30:48 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e3344523
app-antivirus/clamav: fix compatibility with >=zlib-1.2.9
Include patch from Marc Deslauriers <marc.deslauriers <AT> canonical.com> to
fix compatibility with zlib newer 1.2.9 and enable test in ebuild (now
it work correctly).
(commit message cleaned up by Robin H. Johnson <robbat2 <AT> gentoo.org>)
Bug: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1692073
Closes: https://bugs.gentoo.org/638544
(cherry picked from commit 535d9b43c3472916bfb977921f0a10f2cc02dc4b)
Signed-off-by: Robin H. Johnson <robbat2 <AT> gentoo.org>
app-antivirus/clamav/Manifest | 2 +-
app-antivirus/clamav/clamav-0.99.2-r1.ebuild | 6 ++-
.../clamav/files/clamav-0.99.2-bytecode_api.patch | 50 ++++++++++++++++++++++
3 files changed, 56 insertions(+), 2 deletions(-)
diff --git a/app-antivirus/clamav/Manifest b/app-antivirus/clamav/Manifest
index 18a55f717c3..7c1733ae48b 100644
--- a/app-antivirus/clamav/Manifest
+++ b/app-antivirus/clamav/Manifest
@@ -1,4 +1,4 @@
DIST clamav-0.98.7.tar.gz 15118851 SHA256 282417b707740de13cd8f18d4cbca9ddd181cf96b444db2cad98913a5153e272 SHA512 acf01961472c13ccb219420cc3fa3c3e6f8a733edef371dbc04ce5867900aa1535e956ec8ad50d31c8f872a0a1d79fcccac944cd86e29ecdfa4af18f7fd5afb9 WHIRLPOOL c9f2e6f52f07f68bdcccf55ca1aab0bf3deaa6963279459d64ecca076a9ed0ef53c25996b2b673e9746833822df24689a9fab0654064c5ee6ed372a86966fbb6
DIST clamav-0.99.1.tar.gz 15990867 SHA256 e144689122d3f91293808c82cbb06b7d3ac9eca7ae29564c5d148ffe7b25d58a SHA512 9beb5c0ebff2aef741bb27811c1f10a7cd5da354ff67272ee8994d87c95e272a5983105af0fe1a734e1fa99f112dc4dddd9d82074a0df6715814817f85a45f4f WHIRLPOOL e2afd7b7d377c1a1af802e780839bb21bcd318035ac858b6cb11545db3673d3f74ba3159b837238982248720379f98ab51e279a8636bbea89331136891e88e5d
-DIST clamav-0.99.2.tar.gz 16067497 SHA256 167bd6a13e05ece326b968fdb539b05c2ffcfef6018a274a10aeda85c2c0027a SHA512 7744ba8a344b163cf98e9737cddfd25d2120b34ee9c4518380e028c9ec3cd50127b198b0dfa9fde30f5ce9aab0c0e6384712fbc11287e77d16ce052fd7b6ac44 WHIRLPOOL 371dc56c3ffa0ff40381d451687a9331a0587943a048604c6667e1018fbfe5559b023654d29f47505bd69a1a44f88adfb5b93b7c55c8cbc6f0bbfcbf836bf631
+DIST clamav-0.99.2.tar.gz 16067497 BLAKE2B 4155e3125ccc45cc6828033f207b6b8d3514253dfb8156428ad4096c0901d5a8500f9dd253b8f40afdc49a6039b647627868f75d51829ab7bd247ada5f3b8383 SHA512 7744ba8a344b163cf98e9737cddfd25d2120b34ee9c4518380e028c9ec3cd50127b198b0dfa9fde30f5ce9aab0c0e6384712fbc11287e77d16ce052fd7b6ac44
DIST clamav-0.99.tar.gz 15968038 SHA256 d2792c8cfadd685fffc40b2199679628815df031fd3149ccf961649fc8787ea9 SHA512 328e66fa412ba61f5e44c839b254c7a84d2ce7821fda6cf29e4ee9532c06e45bdec62f202ca561223e984fff170bfd8280e5cc8e306c09a3017b17e7db3bbf56 WHIRLPOOL 696b425c0d3a6639d627e6dba000a57c4e532232f9f42a564a992c0b459d8041a1947b09548d99b621a5685c78d91045adf4b61731242f55eda2b8d5150fc8b8
diff --git a/app-antivirus/clamav/clamav-0.99.2-r1.ebuild b/app-antivirus/clamav/clamav-0.99.2-r1.ebuild
index 579249e1388..a44017407cf 100644
--- a/app-antivirus/clamav/clamav-0.99.2-r1.ebuild
+++ b/app-antivirus/clamav/clamav-0.99.2-r1.ebuild
@@ -7,7 +7,6 @@ inherit autotools eutils flag-o-matic user systemd
DESCRIPTION="Clam Anti-Virus Scanner"
HOMEPAGE="http://www.clamav.net/"
-# no longer on sf.net from 0.99.2 onwards
SRC_URI="https://www.clamav.net/downloads/production/${P}.tar.gz"
LICENSE="GPL-2"
@@ -40,6 +39,7 @@ PATCHES=(
"${FILESDIR}"/${P}-gcc-6.patch
"${FILESDIR}"/${P}-tinfo.patch
"${FILESDIR}"/${PN}-0.99-zlib.patch
+ "${FILESDIR}"/${P}-bytecode_api.patch
)
pkg_setup() {
@@ -142,6 +142,10 @@ src_install() {
prune_libtool_files --all
}
+src_test() {
+ emake quick-check
+}
+
pkg_postinst() {
if use milter ; then
elog "For simple instructions how to setup the clamav-milter read the"
diff --git a/app-antivirus/clamav/files/clamav-0.99.2-bytecode_api.patch b/app-antivirus/clamav/files/clamav-0.99.2-bytecode_api.patch
new file mode 100644
index 00000000000..d6cd5264ed7
--- /dev/null
+++ b/app-antivirus/clamav/files/clamav-0.99.2-bytecode_api.patch
@@ -0,0 +1,50 @@
+Description: fix compatibility with zlib 1.2.9 and newer
+Author: Marc Deslauriers <marc.deslauriers@canonical.com>
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1692073
+
+--- a/libclamav/bytecode_api.c 2017-08-08 15:20:06.651685637 -0400
++++ b/libclamav/bytecode_api.c 2017-08-15 15:45:14.645714766 -0400
+@@ -811,8 +811,20 @@ int32_t cli_bcapi_inflate_init(struct cl
+ cli_dbgmsg("bytecode api: inflate_init: invalid buffers!\n");
+ return -1;
+ }
+- memset(&stream, 0, sizeof(stream));
+- ret = inflateInit2(&stream, windowBits);
++
++ b = cli_realloc(ctx->inflates, sizeof(*ctx->inflates)*n);
++ if (!b) {
++ return -1;
++ }
++ ctx->inflates = b;
++ ctx->ninflates = n;
++ b = &b[n-1];
++
++ b->from = from;
++ b->to = to;
++ b->needSync = 0;
++ memset(&b->stream, 0, sizeof(stream));
++ ret = inflateInit2(&b->stream, windowBits);
+ switch (ret) {
+ case Z_MEM_ERROR:
+ cli_dbgmsg("bytecode api: inflateInit2: out of memory!\n");
+@@ -829,20 +841,6 @@ int32_t cli_bcapi_inflate_init(struct cl
+ cli_dbgmsg("bytecode api: inflateInit2: unknown error %d\n", ret);
+ return -1;
+ }
+-
+- b = cli_realloc(ctx->inflates, sizeof(*ctx->inflates)*n);
+- if (!b) {
+- inflateEnd(&stream);
+- return -1;
+- }
+- ctx->inflates = b;
+- ctx->ninflates = n;
+- b = &b[n-1];
+-
+- b->from = from;
+- b->to = to;
+- b->needSync = 0;
+- memcpy(&b->stream, &stream, sizeof(stream));
+ return n-1;
+ }
+
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-antivirus/clamav/, app-antivirus/clamav/files/
@ 2017-12-07 15:29 Craig Andrews
0 siblings, 0 replies; 16+ messages in thread
From: Craig Andrews @ 2017-12-07 15:29 UTC (permalink / raw
To: gentoo-commits
commit: ed2ec9f4ebd6b7cf6c8bcbf06fcbb46d826d6d01
Author: Craig Andrews <candrews <AT> gentoo <DOT> org>
AuthorDate: Thu Nov 30 16:19:34 2017 +0000
Commit: Craig Andrews <candrews <AT> gentoo <DOT> org>
CommitDate: Thu Dec 7 15:28:48 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ed2ec9f4
app-antivirus/clamav: Fix SIGSEGV on 64bit archs
Suggested-by: Jiří Moravec <qjim <AT> volny.cz>
Bug: https://bugzilla.clamav.net/show_bug.cgi?id=11965
Closes: https://bugs.gentoo.org/638932
Closes: https://bugs.gentoo.org/616564
Closes: https://github.com/gentoo/gentoo/pull/6358
Package-Manager: Portage-2.3.16, Repoman-2.3.6
app-antivirus/clamav/Manifest | 2 +-
app-antivirus/clamav/clamav-0.99.2-r2.ebuild | 159 +++++++++++++++++++++
.../clamav-0.99.2-pcre2-compile-erroffset.patch | 12 ++
3 files changed, 172 insertions(+), 1 deletion(-)
diff --git a/app-antivirus/clamav/Manifest b/app-antivirus/clamav/Manifest
index b2d1c7d6d75..2f052faf2fc 100644
--- a/app-antivirus/clamav/Manifest
+++ b/app-antivirus/clamav/Manifest
@@ -1,4 +1,4 @@
DIST clamav-0.98.7.tar.gz 15118851 BLAKE2B 5fffd1896645b5e77f26819eb16e1d9e9cbb8a71d5627aa31ce009b37172fe5c9fff77d6646940c8065c856cf1a74737ffafc79d4e288b8d1202620fe568d1bc SHA512 acf01961472c13ccb219420cc3fa3c3e6f8a733edef371dbc04ce5867900aa1535e956ec8ad50d31c8f872a0a1d79fcccac944cd86e29ecdfa4af18f7fd5afb9
-DIST clamav-0.99.1.tar.gz 15990867 SHA256 e144689122d3f91293808c82cbb06b7d3ac9eca7ae29564c5d148ffe7b25d58a SHA512 9beb5c0ebff2aef741bb27811c1f10a7cd5da354ff67272ee8994d87c95e272a5983105af0fe1a734e1fa99f112dc4dddd9d82074a0df6715814817f85a45f4f WHIRLPOOL e2afd7b7d377c1a1af802e780839bb21bcd318035ac858b6cb11545db3673d3f74ba3159b837238982248720379f98ab51e279a8636bbea89331136891e88e5d
+DIST clamav-0.99.1.tar.gz 15990867 BLAKE2B 3b5d046c0b4e965ff26bea3b6b416e261ce86c449d092fd1debf52e4df5e5448039f7769f94d5817c9754100d296a0eb37ca5289f3cb5af8e58be9e93ef59a18 SHA512 9beb5c0ebff2aef741bb27811c1f10a7cd5da354ff67272ee8994d87c95e272a5983105af0fe1a734e1fa99f112dc4dddd9d82074a0df6715814817f85a45f4f
DIST clamav-0.99.2.tar.gz 16067497 BLAKE2B 4155e3125ccc45cc6828033f207b6b8d3514253dfb8156428ad4096c0901d5a8500f9dd253b8f40afdc49a6039b647627868f75d51829ab7bd247ada5f3b8383 SHA512 7744ba8a344b163cf98e9737cddfd25d2120b34ee9c4518380e028c9ec3cd50127b198b0dfa9fde30f5ce9aab0c0e6384712fbc11287e77d16ce052fd7b6ac44
DIST clamav-0.99.tar.gz 15968038 BLAKE2B d3690f08215b8d870e8fb11b11eea6bb92a2eb4b7edddb037ed2f0e8c823a6c5856a3824716cd04f02ec985188ccd36ae41c5077df09ed1948281012dd28ef8c SHA512 328e66fa412ba61f5e44c839b254c7a84d2ce7821fda6cf29e4ee9532c06e45bdec62f202ca561223e984fff170bfd8280e5cc8e306c09a3017b17e7db3bbf56
diff --git a/app-antivirus/clamav/clamav-0.99.2-r2.ebuild b/app-antivirus/clamav/clamav-0.99.2-r2.ebuild
new file mode 100644
index 00000000000..136dd3847d5
--- /dev/null
+++ b/app-antivirus/clamav/clamav-0.99.2-r2.ebuild
@@ -0,0 +1,159 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit autotools eutils flag-o-matic user systemd
+
+DESCRIPTION="Clam Anti-Virus Scanner"
+HOMEPAGE="http://www.clamav.net/"
+SRC_URI="https://www.clamav.net/downloads/production/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~sparc-solaris ~x86-solaris"
+IUSE="bzip2 clamdtop iconv ipv6 libressl milter metadata-analysis-api selinux static-libs uclibc"
+
+CDEPEND="bzip2? ( app-arch/bzip2 )
+ clamdtop? ( sys-libs/ncurses:0 )
+ iconv? ( virtual/libiconv )
+ metadata-analysis-api? ( dev-libs/json-c )
+ milter? ( || ( mail-filter/libmilter mail-mta/sendmail ) )
+ dev-libs/libtommath
+ >=sys-libs/zlib-1.2.2
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:0= )
+ sys-devel/libtool
+ || ( dev-libs/libpcre2 >dev-libs/libpcre-6 )
+ !!<app-antivirus/clamav-0.99"
+# hard block clamav < 0.99 due to linking problems Bug #567680
+# openssl is now *required* see this link as to why
+# http://blog.clamav.net/2014/02/introducing-openssl-as-dependency-to.html
+DEPEND="${CDEPEND}
+ virtual/pkgconfig"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-clamav )"
+
+DOCS=( AUTHORS BUGS ChangeLog FAQ INSTALL NEWS README UPGRADE )
+PATCHES=(
+ "${FILESDIR}"/${P}-gcc-6.patch
+ "${FILESDIR}"/${P}-tinfo.patch
+ "${FILESDIR}"/${PN}-0.99-zlib.patch
+ "${FILESDIR}"/${P}-bytecode_api.patch
+ "${FILESDIR}"/${P}-pcre2-compile-erroffset.patch
+)
+
+pkg_setup() {
+ enewgroup clamav
+ enewuser clamav -1 -1 /dev/null clamav
+}
+
+src_prepare() {
+ default
+
+ eautoconf
+}
+
+src_configure() {
+ use ppc64 && append-flags -mminimal-toc
+ use uclibc && export ac_cv_type_error_t=yes
+
+ econf \
+ $(use_enable bzip2) \
+ $(use_enable clamdtop) \
+ $(use_enable ipv6) \
+ $(use_enable milter) \
+ $(use_enable static-libs static) \
+ $(use_with iconv) \
+ $(use_with metadata-analysis-api libjson /usr) \
+ --cache-file="${S}"/config.cache \
+ --disable-experimental \
+ --disable-gcc-vcheck \
+ --disable-zlib-vcheck \
+ --enable-id-check \
+ --with-dbdir="${EPREFIX}"/var/lib/clamav \
+ --with-system-tommath \
+ --with-zlib="${EPREFIX}"/usr
+}
+
+src_install() {
+ default
+
+ rm -rf "${ED}"/var/lib/clamav
+ newinitd "${FILESDIR}"/clamd.initd-r6 clamd
+ newconfd "${FILESDIR}"/clamd.conf-r1 clamd
+
+ systemd_dotmpfilesd "${FILESDIR}/tmpfiles.d/clamav.conf"
+ systemd_newunit "${FILESDIR}/clamd_at.service" "clamd@.service"
+ systemd_dounit "${FILESDIR}/clamd.service"
+ systemd_dounit "${FILESDIR}/freshclamd.service"
+
+ keepdir /var/lib/clamav
+ fowners clamav:clamav /var/lib/clamav
+ keepdir /var/log/clamav
+ fowners clamav:clamav /var/log/clamav
+
+ dodir /etc/logrotate.d
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/clamav.logrotate clamav
+
+ # Modify /etc/{clamd,freshclam}.conf to be usable out of the box
+ sed -i -e "s:^\(Example\):\# \1:" \
+ -e "s:.*\(PidFile\) .*:\1 ${EPREFIX}/var/run/clamav/clamd.pid:" \
+ -e "s:.*\(LocalSocket\) .*:\1 ${EPREFIX}/var/run/clamav/clamd.sock:" \
+ -e "s:.*\(User\) .*:\1 clamav:" \
+ -e "s:^\#\(LogFile\) .*:\1 ${EPREFIX}/var/log/clamav/clamd.log:" \
+ -e "s:^\#\(LogTime\).*:\1 yes:" \
+ -e "s:^\#\(AllowSupplementaryGroups\).*:\1 yes:" \
+ "${ED}"/etc/clamd.conf.sample || die
+ sed -i -e "s:^\(Example\):\# \1:" \
+ -e "s:.*\(PidFile\) .*:\1 ${EPREFIX}/var/run/clamav/freshclam.pid:" \
+ -e "s:.*\(DatabaseOwner\) .*:\1 clamav:" \
+ -e "s:^\#\(UpdateLogFile\) .*:\1 ${EPREFIX}/var/log/clamav/freshclam.log:" \
+ -e "s:^\#\(NotifyClamd\).*:\1 ${EPREFIX}/etc/clamd.conf:" \
+ -e "s:^\#\(ScriptedUpdates\).*:\1 yes:" \
+ -e "s:^\#\(AllowSupplementaryGroups\).*:\1 yes:" \
+ "${ED}"/etc/freshclam.conf.sample || die
+
+ if use milter ; then
+ # MilterSocket one to include ' /' because there is a 2nd line for
+ # inet: which we want to leave
+ dodoc "${FILESDIR}"/clamav-milter.README.gentoo
+ sed -i -e "s:^\(Example\):\# \1:" \
+ -e "s:.*\(PidFile\) .*:\1 ${EPREFIX}/var/run/clamav/clamav-milter.pid:" \
+ -e "s+^\#\(ClamdSocket\) .*+\1 unix:${EPREFIX}/var/run/clamav/clamd.sock+" \
+ -e "s:.*\(User\) .*:\1 clamav:" \
+ -e "s+^\#\(MilterSocket\) /.*+\1 unix:${EPREFIX}/var/run/clamav/clamav-milter.sock+" \
+ -e "s:^\#\(AllowSupplementaryGroups\).*:\1 yes:" \
+ -e "s:^\#\(LogFile\) .*:\1 ${EPREFIX}/var/log/clamav/clamav-milter.log:" \
+ "${ED}"/etc/clamav-milter.conf.sample || die
+ cat >> "${ED}"/etc/conf.d/clamd <<-EOF
+ MILTER_NICELEVEL=19
+ START_MILTER=no
+ EOF
+
+ systemd_newunit "${FILESDIR}/clamav-milter.service-r1" clamav-milter.service
+ fi
+
+ for i in clamd freshclam clamav-milter
+ do
+ [[ -f "${D}"/etc/"${i}".conf.sample ]] && mv "${D}"/etc/"${i}".conf{.sample,}
+ done
+
+ prune_libtool_files --all
+}
+
+src_test() {
+ emake quick-check
+}
+
+pkg_postinst() {
+ if use milter ; then
+ elog "For simple instructions how to setup the clamav-milter read the"
+ elog "clamav-milter.README.gentoo in /usr/share/doc/${PF}"
+ fi
+ if test -z $(find "${ROOT}"var/lib/clamav -maxdepth 1 -name 'main.c*' -print -quit) ; then
+ ewarn "You must run freshclam manually to populate the virus database files"
+ ewarn "before starting clamav for the first time.\n"
+ fi
+}
diff --git a/app-antivirus/clamav/files/clamav-0.99.2-pcre2-compile-erroffset.patch b/app-antivirus/clamav/files/clamav-0.99.2-pcre2-compile-erroffset.patch
new file mode 100644
index 00000000000..1ee55171afb
--- /dev/null
+++ b/app-antivirus/clamav/files/clamav-0.99.2-pcre2-compile-erroffset.patch
@@ -0,0 +1,12 @@
+--- clamav-0.99.2/libclamav/regex_pcre.c~ 2017-11-28 14:40:56.484208243 +0100
++++ clamav-0.99.2/libclamav/regex_pcre.c 2017-11-28 14:41:07.301207800 +0100
+@@ -112,7 +112,8 @@ int cli_pcre_addoptions(struct cli_pcre_
+ #if USING_PCRE2
+ int cli_pcre_compile(struct cli_pcre_data *pd, long long unsigned match_limit, long long unsigned match_limit_recursion, unsigned int options, int opt_override)
+ {
+- int errornum, erroffset;
++ int errornum;
++ size_t erroffset;
+ pcre2_general_context *gctx;
+ pcre2_compile_context *cctx;
+
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-antivirus/clamav/, app-antivirus/clamav/files/
@ 2018-01-26 15:23 Thomas Deutschmann
0 siblings, 0 replies; 16+ messages in thread
From: Thomas Deutschmann @ 2018-01-26 15:23 UTC (permalink / raw
To: gentoo-commits
commit: 194c79e18139961a9411a22566eb29d764081ef2
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Fri Jan 26 15:23:29 2018 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Fri Jan 26 15:23:43 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=194c79e1
app-antivirus/clamav: rev bump to fix fd leak in cli_scanscript
Package-Manager: Portage-2.3.20, Repoman-2.3.6
...lamav-0.99.3.ebuild => clamav-0.99.3-r1.ebuild} | 1 +
...mav-0.99.3-fix-fd-leaks-in-cli_scanscript.patch | 132 +++++++++++++++++++++
2 files changed, 133 insertions(+)
diff --git a/app-antivirus/clamav/clamav-0.99.3.ebuild b/app-antivirus/clamav/clamav-0.99.3-r1.ebuild
similarity index 98%
rename from app-antivirus/clamav/clamav-0.99.3.ebuild
rename to app-antivirus/clamav/clamav-0.99.3-r1.ebuild
index 3a577d05ac2..adb446d1472 100644
--- a/app-antivirus/clamav/clamav-0.99.3.ebuild
+++ b/app-antivirus/clamav/clamav-0.99.3-r1.ebuild
@@ -40,6 +40,7 @@ PATCHES=(
"${FILESDIR}"/${PN}-0.99.2-tinfo.patch
"${FILESDIR}"/${PN}-0.99.2-bytecode_api.patch
"${FILESDIR}"/${PN}-0.99.2-pcre2-compile-erroffset.patch
+ "${FILESDIR}"/${PN}-0.99.3-fix-fd-leaks-in-cli_scanscript.patch
)
pkg_setup() {
diff --git a/app-antivirus/clamav/files/clamav-0.99.3-fix-fd-leaks-in-cli_scanscript.patch b/app-antivirus/clamav/files/clamav-0.99.3-fix-fd-leaks-in-cli_scanscript.patch
new file mode 100644
index 00000000000..a457a71758c
--- /dev/null
+++ b/app-antivirus/clamav/files/clamav-0.99.3-fix-fd-leaks-in-cli_scanscript.patch
@@ -0,0 +1,132 @@
+Author: Manuel Mausz <manuel-clamav@mausz.at>
+
+http://lists.clamav.net/pipermail/clamav-users/2018-January/005687.html
+
+--- clamav-0.99.3/libclamav/scanners.c.orig 2018-01-26 14:35:23.299386703 +0100
++++ clamav-0.99.3/libclamav/scanners.c 2018-01-26 14:47:44.422451335 +0100
+@@ -1342,39 +1342,35 @@
+ return CL_CLEAN;
+ }
+
+- /* dump to disk only if explicitly asked to
+- * or if necessary to check relative offsets,
+- * otherwise we can process just in-memory */
+- if(ctx->engine->keeptmp || (troot && troot->ac_reloff_num > 0)) {
+- if((ret = cli_gentempfd(ctx->engine->tmpdir, &tmpname, &ofd))) {
+- cli_dbgmsg("cli_scanscript: Can't generate temporary file/descriptor\n");
+- return ret;
+- }
+- if (ctx->engine->keeptmp)
+- cli_dbgmsg("cli_scanscript: saving normalized file to %s\n", tmpname);
+- }
+-
+ if(!(normalized = cli_malloc(SCANBUFF + maxpatlen))) {
+ cli_dbgmsg("cli_scanscript: Unable to malloc %u bytes\n", SCANBUFF);
+- free(tmpname);
+ return CL_EMEM;
+ }
+-
+ text_normalize_init(&state, normalized, SCANBUFF + maxpatlen);
+- ret = CL_CLEAN;
+-
+
+ if ((ret = cli_ac_initdata(&tmdata, troot?troot->ac_partsigs:0, troot?troot->ac_lsigs:0, troot?troot->ac_reloff_num:0, CLI_DEFAULT_AC_TRACKLEN))) {
+- free(tmpname);
++ free(normalized);
+ return ret;
+ }
+
+ if ((ret = cli_ac_initdata(&gmdata, groot->ac_partsigs, groot->ac_lsigs, groot->ac_reloff_num, CLI_DEFAULT_AC_TRACKLEN))) {
+ cli_ac_freedata(&tmdata);
+- free(tmpname);
++ free(normalized);
+ return ret;
+ }
+
++ /* dump to disk only if explicitly asked to
++ * or if necessary to check relative offsets,
++ * otherwise we can process just in-memory */
++ if(ctx->engine->keeptmp || (troot && troot->ac_reloff_num > 0)) {
++ if((ret = cli_gentempfd(ctx->engine->tmpdir, &tmpname, &ofd))) {
++ cli_dbgmsg("cli_scanscript: Can't generate temporary file/descriptor\n");
++ goto done;
++ }
++ if (ctx->engine->keeptmp)
++ cli_dbgmsg("cli_scanscript: saving normalized file to %s\n", tmpname);
++ }
++
+ mdata[0] = &tmdata;
+ mdata[1] = &gmdata;
+
+@@ -1388,9 +1384,8 @@
+
+ if (write(ofd, state.out, state.out_pos) == -1) {
+ cli_errmsg("cli_scanscript: can't write to file %s\n",tmpname);
+- close(ofd);
+- free(tmpname);
+- return CL_EWRITE;
++ ret = CL_EWRITE;
++ goto done;
+ }
+ text_normalize_reset(&state);
+ }
+@@ -1409,11 +1404,6 @@
+ funmap(*ctx->fmap);
+ }
+ *ctx->fmap = map;
+-
+- /* If we aren't keeping temps, delete the normalized file after scan. */
+- if(!(ctx->engine->keeptmp))
+- if (cli_unlink(tmpname)) ret = CL_EUNLINK;
+-
+ } else {
+ /* Since the above is moderately costly all in all,
+ * do the old stuff if there's no relative offsets. */
+@@ -1421,11 +1411,8 @@
+ if (troot) {
+ cli_targetinfo(&info, 7, map);
+ ret = cli_ac_caloff(troot, &tmdata, &info);
+- if (ret) {
+- cli_ac_freedata(&tmdata);
+- free(tmpname);
+- return ret;
+- }
++ if (ret)
++ goto done;
+ }
+
+ while(1) {
+@@ -1466,13 +1453,6 @@
+
+ }
+
+- if(ctx->engine->keeptmp) {
+- free(tmpname);
+- if (ofd >= 0)
+- close(ofd);
+- }
+- free(normalized);
+-
+ if(ret != CL_VIRUS || SCAN_ALL) {
+ if ((ret = cli_exp_eval(ctx, troot, &tmdata, NULL, NULL)) == CL_VIRUS)
+ viruses_found++;
+@@ -1481,9 +1461,19 @@
+ viruses_found++;
+ }
+
++done:
++ free(normalized);
+ cli_ac_freedata(&tmdata);
+ cli_ac_freedata(&gmdata);
+
++ if (ofd != -1)
++ close(ofd);
++ if (tmpname != NULL) {
++ if (!ctx->engine->keeptmp)
++ if (cli_unlink(tmpname)) ret = CL_EUNLINK;
++ free(tmpname);
++ }
++
+ if (SCAN_ALL && viruses_found)
+ return CL_VIRUS;
+
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-antivirus/clamav/, app-antivirus/clamav/files/
@ 2018-03-29 22:42 Thomas Deutschmann
0 siblings, 0 replies; 16+ messages in thread
From: Thomas Deutschmann @ 2018-03-29 22:42 UTC (permalink / raw
To: gentoo-commits
commit: 6c8c54a1663246d42c8fda0de366a3078a02be13
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Thu Mar 29 22:41:57 2018 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Thu Mar 29 22:42:18 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6c8c54a1
app-antivirus/clamav: Make clamav work with >=zlib-1.2.9
..in addition, an automagic on dev-libs/check was fixed.
Closes: https://bugs.gentoo.org/649516
Package-Manager: Portage-2.3.26, Repoman-2.3.7
app-antivirus/clamav/clamav-0.99.4-r1.ebuild | 159 +++++++++++++++++++++
.../files/clamav-0.99.4-fix-newer-zlib.patch | 54 +++++++
2 files changed, 213 insertions(+)
diff --git a/app-antivirus/clamav/clamav-0.99.4-r1.ebuild b/app-antivirus/clamav/clamav-0.99.4-r1.ebuild
new file mode 100644
index 00000000000..cee37d96b48
--- /dev/null
+++ b/app-antivirus/clamav/clamav-0.99.4-r1.ebuild
@@ -0,0 +1,159 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit autotools eutils flag-o-matic user systemd
+
+DESCRIPTION="Clam Anti-Virus Scanner"
+HOMEPAGE="http://www.clamav.net/"
+SRC_URI="https://www.clamav.net/downloads/production/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~sparc-solaris ~x86-solaris"
+IUSE="bzip2 clamdtop iconv ipv6 libressl milter metadata-analysis-api selinux static-libs test uclibc"
+
+CDEPEND="bzip2? ( app-arch/bzip2 )
+ clamdtop? ( sys-libs/ncurses:0 )
+ iconv? ( virtual/libiconv )
+ metadata-analysis-api? ( dev-libs/json-c:= )
+ milter? ( || ( mail-filter/libmilter mail-mta/sendmail ) )
+ dev-libs/libtommath
+ >=sys-libs/zlib-1.2.2:=
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:0= )
+ sys-devel/libtool
+ || ( dev-libs/libpcre2 >dev-libs/libpcre-6 )
+ !!<app-antivirus/clamav-0.99"
+# hard block clamav < 0.99 due to linking problems Bug #567680
+# openssl is now *required* see this link as to why
+# http://blog.clamav.net/2014/02/introducing-openssl-as-dependency-to.html
+DEPEND="${CDEPEND}
+ virtual/pkgconfig
+ test? ( dev-libs/check )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-clamav )"
+
+DOCS=( AUTHORS BUGS ChangeLog FAQ INSTALL NEWS README UPGRADE )
+PATCHES=(
+ "${FILESDIR}"/${PN}-0.99.4-fix-newer-zlib.patch
+ "${FILESDIR}/${P}-pcre2-compile-erroffset.patch"
+)
+
+pkg_setup() {
+ enewgroup clamav
+ enewuser clamav -1 -1 /dev/null clamav
+}
+
+src_prepare() {
+ default
+
+ eautoconf
+}
+
+src_configure() {
+ use ppc64 && append-flags -mminimal-toc
+ use uclibc && export ac_cv_type_error_t=yes
+
+ econf \
+ $(use_enable bzip2) \
+ $(use_enable clamdtop) \
+ $(use_enable ipv6) \
+ $(use_enable milter) \
+ $(use_enable static-libs static) \
+ $(use_enable test check) \
+ $(use_with iconv) \
+ $(use_with metadata-analysis-api libjson /usr) \
+ --cache-file="${S}"/config.cache \
+ --disable-experimental \
+ --disable-gcc-vcheck \
+ --disable-zlib-vcheck \
+ --enable-id-check \
+ --with-dbdir="${EPREFIX}"/var/lib/clamav \
+ --with-system-tommath \
+ --with-zlib="${EPREFIX}"/usr \
+ --disable-llvm
+}
+
+src_install() {
+ default
+
+ rm -rf "${ED}"/var/lib/clamav
+ newinitd "${FILESDIR}"/clamd.initd-r6 clamd
+ newconfd "${FILESDIR}"/clamd.conf-r1 clamd
+
+ systemd_dotmpfilesd "${FILESDIR}/tmpfiles.d/clamav.conf"
+ systemd_newunit "${FILESDIR}/clamd_at.service" "clamd@.service"
+ systemd_dounit "${FILESDIR}/clamd.service"
+ systemd_dounit "${FILESDIR}/freshclamd.service"
+
+ keepdir /var/lib/clamav
+ fowners clamav:clamav /var/lib/clamav
+ keepdir /var/log/clamav
+ fowners clamav:clamav /var/log/clamav
+
+ dodir /etc/logrotate.d
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/clamav.logrotate clamav
+
+ # Modify /etc/{clamd,freshclam}.conf to be usable out of the box
+ sed -i -e "s:^\(Example\):\# \1:" \
+ -e "s:.*\(PidFile\) .*:\1 ${EPREFIX}/var/run/clamav/clamd.pid:" \
+ -e "s:.*\(LocalSocket\) .*:\1 ${EPREFIX}/var/run/clamav/clamd.sock:" \
+ -e "s:.*\(User\) .*:\1 clamav:" \
+ -e "s:^\#\(LogFile\) .*:\1 ${EPREFIX}/var/log/clamav/clamd.log:" \
+ -e "s:^\#\(LogTime\).*:\1 yes:" \
+ -e "s:^\#\(AllowSupplementaryGroups\).*:\1 yes:" \
+ "${ED}"/etc/clamd.conf.sample || die
+ sed -i -e "s:^\(Example\):\# \1:" \
+ -e "s:.*\(PidFile\) .*:\1 ${EPREFIX}/var/run/clamav/freshclam.pid:" \
+ -e "s:.*\(DatabaseOwner\) .*:\1 clamav:" \
+ -e "s:^\#\(UpdateLogFile\) .*:\1 ${EPREFIX}/var/log/clamav/freshclam.log:" \
+ -e "s:^\#\(NotifyClamd\).*:\1 ${EPREFIX}/etc/clamd.conf:" \
+ -e "s:^\#\(ScriptedUpdates\).*:\1 yes:" \
+ -e "s:^\#\(AllowSupplementaryGroups\).*:\1 yes:" \
+ "${ED}"/etc/freshclam.conf.sample || die
+
+ if use milter ; then
+ # MilterSocket one to include ' /' because there is a 2nd line for
+ # inet: which we want to leave
+ dodoc "${FILESDIR}"/clamav-milter.README.gentoo
+ sed -i -e "s:^\(Example\):\# \1:" \
+ -e "s:.*\(PidFile\) .*:\1 ${EPREFIX}/var/run/clamav/clamav-milter.pid:" \
+ -e "s+^\#\(ClamdSocket\) .*+\1 unix:${EPREFIX}/var/run/clamav/clamd.sock+" \
+ -e "s:.*\(User\) .*:\1 clamav:" \
+ -e "s+^\#\(MilterSocket\) /.*+\1 unix:${EPREFIX}/var/run/clamav/clamav-milter.sock+" \
+ -e "s:^\#\(AllowSupplementaryGroups\).*:\1 yes:" \
+ -e "s:^\#\(LogFile\) .*:\1 ${EPREFIX}/var/log/clamav/clamav-milter.log:" \
+ "${ED}"/etc/clamav-milter.conf.sample || die
+ cat >> "${ED}"/etc/conf.d/clamd <<-EOF
+ MILTER_NICELEVEL=19
+ START_MILTER=no
+ EOF
+
+ systemd_newunit "${FILESDIR}/clamav-milter.service-r1" clamav-milter.service
+ fi
+
+ for i in clamd freshclam clamav-milter
+ do
+ [[ -f "${D}"/etc/"${i}".conf.sample ]] && mv "${D}"/etc/"${i}".conf{.sample,}
+ done
+
+ prune_libtool_files --all
+}
+
+src_test() {
+ emake quick-check
+}
+
+pkg_postinst() {
+ if use milter ; then
+ elog "For simple instructions how to setup the clamav-milter read the"
+ elog "clamav-milter.README.gentoo in /usr/share/doc/${PF}"
+ fi
+ if test -z $(find "${ROOT}"var/lib/clamav -maxdepth 1 -name 'main.c*' -print -quit) ; then
+ ewarn "You must run freshclam manually to populate the virus database files"
+ ewarn "before starting clamav for the first time.\n"
+ fi
+}
diff --git a/app-antivirus/clamav/files/clamav-0.99.4-fix-newer-zlib.patch b/app-antivirus/clamav/files/clamav-0.99.4-fix-newer-zlib.patch
new file mode 100644
index 00000000000..18673419a58
--- /dev/null
+++ b/app-antivirus/clamav/files/clamav-0.99.4-fix-newer-zlib.patch
@@ -0,0 +1,54 @@
+https://bugs.gentoo.org/649516
+
+Description: fix compatibility with zlib 1.2.9 and newer
+Author: Marc Deslauriers <marc.deslauriers@canonical.com>
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1692073
+
+Index: clamav-0.99.2+dfsg/libclamav/bytecode_api.c
+===================================================================
+--- clamav-0.99.2+dfsg.orig/libclamav/bytecode_api.c 2017-08-08 15:20:06.651685637 -0400
++++ clamav-0.99.2+dfsg/libclamav/bytecode_api.c 2017-08-15 15:45:14.645714766 -0400
+@@ -811,8 +811,20 @@ int32_t cli_bcapi_inflate_init(struct cl
+ cli_dbgmsg("bytecode api: inflate_init: invalid buffers!\n");
+ return -1;
+ }
+- memset(&stream, 0, sizeof(stream));
+- ret = inflateInit2(&stream, windowBits);
++
++ b = cli_realloc(ctx->inflates, sizeof(*ctx->inflates)*n);
++ if (!b) {
++ return -1;
++ }
++ ctx->inflates = b;
++ ctx->ninflates = n;
++ b = &b[n-1];
++
++ b->from = from;
++ b->to = to;
++ b->needSync = 0;
++ memset(&b->stream, 0, sizeof(stream));
++ ret = inflateInit2(&b->stream, windowBits);
+ switch (ret) {
+ case Z_MEM_ERROR:
+ cli_dbgmsg("bytecode api: inflateInit2: out of memory!\n");
+@@ -829,20 +841,6 @@ int32_t cli_bcapi_inflate_init(struct cl
+ cli_dbgmsg("bytecode api: inflateInit2: unknown error %d\n", ret);
+ return -1;
+ }
+-
+- b = cli_realloc(ctx->inflates, sizeof(*ctx->inflates)*n);
+- if (!b) {
+- inflateEnd(&stream);
+- return -1;
+- }
+- ctx->inflates = b;
+- ctx->ninflates = n;
+- b = &b[n-1];
+-
+- b->from = from;
+- b->to = to;
+- b->needSync = 0;
+- memcpy(&b->stream, &stream, sizeof(stream));
+ return n-1;
+ }
+
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-antivirus/clamav/, app-antivirus/clamav/files/
@ 2018-04-12 12:13 Thomas Raschbacher
0 siblings, 0 replies; 16+ messages in thread
From: Thomas Raschbacher @ 2018-04-12 12:13 UTC (permalink / raw
To: gentoo-commits
commit: 74eede5d3485d1ac7022221ce0e34c4b01c4ea17
Author: Thomas Raschbacher <lordvan <AT> gentoo <DOT> org>
AuthorDate: Thu Apr 12 12:12:04 2018 +0000
Commit: Thomas Raschbacher <lordvan <AT> gentoo <DOT> org>
CommitDate: Thu Apr 12 12:13:09 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=74eede5d
new version + autotools patch
app-antivirus/clamav/Manifest | 1 +
app-antivirus/clamav/clamav-0.100.0.ebuild | 160 +++++++++++++++++++++
.../clamav/files/clamav-0.100.0_autotools.patch | 10 ++
app-antivirus/clamav/metadata.xml | 1 +
4 files changed, 172 insertions(+)
diff --git a/app-antivirus/clamav/Manifest b/app-antivirus/clamav/Manifest
index 1296e9f756b..a0ce2687d0b 100644
--- a/app-antivirus/clamav/Manifest
+++ b/app-antivirus/clamav/Manifest
@@ -1,3 +1,4 @@
+DIST clamav-0.100.0.tar.gz 16036757 BLAKE2B c51edfb05726e16e2ff1ef1fee9f174af5a0d65396f847a4f6e1246d5844b92eb70896fc598d2c73719b1315ff3c41aca503823431e0918d52f56d29399dd796 SHA512 57e1da86a32fdfb66887c4aeed03008bc070ce3cb6b881db411332f2f2e640b73dca84d990f5886526b3d6bd0c2770c7dcce5b4e7cf48323824c362452593549
DIST clamav-0.99.2.tar.gz 16067497 BLAKE2B 4155e3125ccc45cc6828033f207b6b8d3514253dfb8156428ad4096c0901d5a8500f9dd253b8f40afdc49a6039b647627868f75d51829ab7bd247ada5f3b8383 SHA512 7744ba8a344b163cf98e9737cddfd25d2120b34ee9c4518380e028c9ec3cd50127b198b0dfa9fde30f5ce9aab0c0e6384712fbc11287e77d16ce052fd7b6ac44
DIST clamav-0.99.3.tar.gz 16082645 BLAKE2B 3be06e563f17a07e4c7e95eb3efbb61e80858bcb3dffc584f13ec30dc2ef9c5257aec78605f1c03e183b4b7ed5b08343a25b579b2b12e54458694eff624aa01e SHA512 0d3c75d571ed4aa4937ef2b743a39a9a144f5adfd6f56f71046e5a8387b8ed7c3c4d9a4196aa85750f9ec4dc545720fdd659289d0cce086ab13a7cc505a0ab3e
DIST clamav-0.99.4.tar.gz 16083015 BLAKE2B 3c2e7d11ee05fe846f75c3fb6501b5fd809a2e58f8e69c82e493e32fcbc87ca0e5b5f7ab83a0d7e251a5dc8e84aed1475c87c1248b393fa04b6924a2ab32b9bf SHA512 778d5ef510d8d4bdfac5dc33d92469ed4283c414b3d42da6e1a0b13ed70e37755d5c837622dc336bc728ba1f8bf5485fc8a8d3a67a90e9aaa9e4dc71ece0691d
diff --git a/app-antivirus/clamav/clamav-0.100.0.ebuild b/app-antivirus/clamav/clamav-0.100.0.ebuild
new file mode 100644
index 00000000000..1abf0370982
--- /dev/null
+++ b/app-antivirus/clamav/clamav-0.100.0.ebuild
@@ -0,0 +1,160 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit autotools eutils flag-o-matic user systemd
+
+DESCRIPTION="Clam Anti-Virus Scanner"
+HOMEPAGE="http://www.clamav.net/"
+SRC_URI="https://www.clamav.net/downloads/production/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~sparc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~sparc-solaris ~x86-solaris"
+IUSE="bzip2 clamdtop iconv ipv6 libressl milter metadata-analysis-api selinux static-libs system-libmspack test uclibc"
+
+CDEPEND="bzip2? ( app-arch/bzip2 )
+ clamdtop? ( sys-libs/ncurses:0 )
+ iconv? ( virtual/libiconv )
+ metadata-analysis-api? ( dev-libs/json-c:= )
+ milter? ( || ( mail-filter/libmilter mail-mta/sendmail ) )
+ dev-libs/libtommath
+ >=sys-libs/zlib-1.2.2:=
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:0= )
+ sys-devel/libtool
+ || ( dev-libs/libpcre2 >dev-libs/libpcre-6 )
+ system-libmspack? ( dev-libs/libmspack )
+ !!<app-antivirus/clamav-0.99"
+# hard block clamav < 0.99 due to linking problems Bug #567680
+# openssl is now *required* see this link as to why
+# http://blog.clamav.net/2014/02/introducing-openssl-as-dependency-to.html
+DEPEND="${CDEPEND}
+ virtual/pkgconfig
+ test? ( dev-libs/check )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-clamav )"
+
+DOCS=( AUTHORS BUGS ChangeLog FAQ INSTALL NEWS README UPGRADE )
+PATCHES=(
+ "${FILESDIR}/${P}_autotools.patch"
+)
+
+pkg_setup() {
+ enewgroup clamav
+ enewuser clamav -1 -1 /dev/null clamav
+}
+
+src_prepare() {
+ default
+
+ eautoconf
+}
+
+src_configure() {
+ use ppc64 && append-flags -mminimal-toc
+ use uclibc && export ac_cv_type_error_t=yes
+
+ econf \
+ $(use_enable bzip2) \
+ $(use_enable clamdtop) \
+ $(use_enable ipv6) \
+ $(use_enable milter) \
+ $(use_enable static-libs static) \
+ $(use_enable test check) \
+ $(use_with iconv) \
+ $(use_with metadata-analysis-api libjson /usr) \
+ $(use_with system-libmspack) \
+ --cache-file="${S}"/config.cache \
+ --disable-experimental \
+ --disable-gcc-vcheck \
+ --disable-zlib-vcheck \
+ --enable-id-check \
+ --with-dbdir="${EPREFIX}"/var/lib/clamav \
+ --with-system-tommath \
+ --with-zlib="${EPREFIX}"/usr \
+ --disable-llvm
+}
+
+src_install() {
+ default
+
+ rm -rf "${ED}"/var/lib/clamav
+ newinitd "${FILESDIR}"/clamd.initd-r6 clamd
+ newconfd "${FILESDIR}"/clamd.conf-r1 clamd
+
+ systemd_dotmpfilesd "${FILESDIR}/tmpfiles.d/clamav.conf"
+ systemd_newunit "${FILESDIR}/clamd_at.service" "clamd@.service"
+ systemd_dounit "${FILESDIR}/clamd.service"
+ systemd_dounit "${FILESDIR}/freshclamd.service"
+
+ keepdir /var/lib/clamav
+ fowners clamav:clamav /var/lib/clamav
+ keepdir /var/log/clamav
+ fowners clamav:clamav /var/log/clamav
+
+ dodir /etc/logrotate.d
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/clamav.logrotate clamav
+
+ # Modify /etc/{clamd,freshclam}.conf to be usable out of the box
+ sed -i -e "s:^\(Example\):\# \1:" \
+ -e "s:.*\(PidFile\) .*:\1 ${EPREFIX}/var/run/clamav/clamd.pid:" \
+ -e "s:.*\(LocalSocket\) .*:\1 ${EPREFIX}/var/run/clamav/clamd.sock:" \
+ -e "s:.*\(User\) .*:\1 clamav:" \
+ -e "s:^\#\(LogFile\) .*:\1 ${EPREFIX}/var/log/clamav/clamd.log:" \
+ -e "s:^\#\(LogTime\).*:\1 yes:" \
+ -e "s:^\#\(AllowSupplementaryGroups\).*:\1 yes:" \
+ "${ED}"/etc/clamd.conf.sample || die
+ sed -i -e "s:^\(Example\):\# \1:" \
+ -e "s:.*\(PidFile\) .*:\1 ${EPREFIX}/var/run/clamav/freshclam.pid:" \
+ -e "s:.*\(DatabaseOwner\) .*:\1 clamav:" \
+ -e "s:^\#\(UpdateLogFile\) .*:\1 ${EPREFIX}/var/log/clamav/freshclam.log:" \
+ -e "s:^\#\(NotifyClamd\).*:\1 ${EPREFIX}/etc/clamd.conf:" \
+ -e "s:^\#\(ScriptedUpdates\).*:\1 yes:" \
+ -e "s:^\#\(AllowSupplementaryGroups\).*:\1 yes:" \
+ "${ED}"/etc/freshclam.conf.sample || die
+
+ if use milter ; then
+ # MilterSocket one to include ' /' because there is a 2nd line for
+ # inet: which we want to leave
+ dodoc "${FILESDIR}"/clamav-milter.README.gentoo
+ sed -i -e "s:^\(Example\):\# \1:" \
+ -e "s:.*\(PidFile\) .*:\1 ${EPREFIX}/var/run/clamav/clamav-milter.pid:" \
+ -e "s+^\#\(ClamdSocket\) .*+\1 unix:${EPREFIX}/var/run/clamav/clamd.sock+" \
+ -e "s:.*\(User\) .*:\1 clamav:" \
+ -e "s+^\#\(MilterSocket\) /.*+\1 unix:${EPREFIX}/var/run/clamav/clamav-milter.sock+" \
+ -e "s:^\#\(AllowSupplementaryGroups\).*:\1 yes:" \
+ -e "s:^\#\(LogFile\) .*:\1 ${EPREFIX}/var/log/clamav/clamav-milter.log:" \
+ "${ED}"/etc/clamav-milter.conf.sample || die
+ cat >> "${ED}"/etc/conf.d/clamd <<-EOF
+ MILTER_NICELEVEL=19
+ START_MILTER=no
+ EOF
+
+ systemd_newunit "${FILESDIR}/clamav-milter.service-r1" clamav-milter.service
+ fi
+
+ for i in clamd freshclam clamav-milter
+ do
+ [[ -f "${D}"/etc/"${i}".conf.sample ]] && mv "${D}"/etc/"${i}".conf{.sample,}
+ done
+
+ prune_libtool_files --all
+}
+
+src_test() {
+ emake quick-check
+}
+
+pkg_postinst() {
+ if use milter ; then
+ elog "For simple instructions how to setup the clamav-milter read the"
+ elog "clamav-milter.README.gentoo in /usr/share/doc/${PF}"
+ fi
+ if test -z $(find "${ROOT}"var/lib/clamav -maxdepth 1 -name 'main.c*' -print -quit) ; then
+ ewarn "You must run freshclam manually to populate the virus database files"
+ ewarn "before starting clamav for the first time.\n"
+ fi
+}
diff --git a/app-antivirus/clamav/files/clamav-0.100.0_autotools.patch b/app-antivirus/clamav/files/clamav-0.100.0_autotools.patch
new file mode 100644
index 00000000000..58c3b4e324f
--- /dev/null
+++ b/app-antivirus/clamav/files/clamav-0.100.0_autotools.patch
@@ -0,0 +1,10 @@
+--- clamav-0.100.0/configure.ac_orig 2018-04-12 13:12:58.201729248 +0200
++++ clamav-0.100.0/configure.ac 2018-04-12 13:23:44.982679360 +0200
+@@ -47,6 +47,7 @@
+ LT_CONFIG_LTDL_DIR([libltdl])
+ LT_INIT([dlopen disable-static])
+ LTDL_INIT([recursive])
++PKG_PROG_PKG_CONFIG(0.16)
+
+ m4_include([m4/reorganization/build_tools.m4])
+ m4_include([m4/reorganization/headers.m4])
diff --git a/app-antivirus/clamav/metadata.xml b/app-antivirus/clamav/metadata.xml
index 7d510408a04..5ddb818cae4 100644
--- a/app-antivirus/clamav/metadata.xml
+++ b/app-antivirus/clamav/metadata.xml
@@ -12,6 +12,7 @@
<use>
<flag name="clamdtop">A Top like tool which shows what clamd is currently scanning amongst other things</flag>
<flag name="metadata-analysis-api">Enables collection of file property metadata using ClamAV API for analysis by ClamAV bytecode programs.</flag>
+ <flag name="system-libmspack">Use system libmspack instead of built in</flag>
</use>
<upstream>
<remote-id type="sourceforge">clamav</remote-id>
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-antivirus/clamav/, app-antivirus/clamav/files/
@ 2018-04-20 12:03 Thomas Raschbacher
0 siblings, 0 replies; 16+ messages in thread
From: Thomas Raschbacher @ 2018-04-20 12:03 UTC (permalink / raw
To: gentoo-commits
commit: 8a1683cff89eed7ef6c64df2d1636bf341887baa
Author: Thomas Raschbacher <lordvan <AT> gentoo <DOT> org>
AuthorDate: Fri Apr 20 12:01:30 2018 +0000
Commit: Thomas Raschbacher <lordvan <AT> gentoo <DOT> org>
CommitDate: Fri Apr 20 12:03:08 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8a1683cf
app-antivirus/clamav: updated clamav-milter README
Package-Manager: Portage-2.3.27, Repoman-2.3.9
app-antivirus/clamav/clamav-0.99.2-r1.ebuild | 2 +-
app-antivirus/clamav/clamav-0.99.2-r3.ebuild | 2 +-
.../clamav/files/clamav-milter.README.gentoo | 49 ++++++++++++++++++++--
app-antivirus/clamav/files/clamd.initd-r6 | 2 +-
4 files changed, 48 insertions(+), 7 deletions(-)
diff --git a/app-antivirus/clamav/clamav-0.99.2-r1.ebuild b/app-antivirus/clamav/clamav-0.99.2-r1.ebuild
index c0eb37e298b..d4a161880c9 100644
--- a/app-antivirus/clamav/clamav-0.99.2-r1.ebuild
+++ b/app-antivirus/clamav/clamav-0.99.2-r1.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2017 Gentoo Foundation
+# Copyright 1999-2018 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
EAPI=6
diff --git a/app-antivirus/clamav/clamav-0.99.2-r3.ebuild b/app-antivirus/clamav/clamav-0.99.2-r3.ebuild
index a4419b7542f..44c387e2dcf 100644
--- a/app-antivirus/clamav/clamav-0.99.2-r3.ebuild
+++ b/app-antivirus/clamav/clamav-0.99.2-r3.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2017 Gentoo Foundation
+# Copyright 1999-2018 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
EAPI=6
diff --git a/app-antivirus/clamav/files/clamav-milter.README.gentoo b/app-antivirus/clamav/files/clamav-milter.README.gentoo
index 17e9ba628ea..f526bd35a92 100644
--- a/app-antivirus/clamav/files/clamav-milter.README.gentoo
+++ b/app-antivirus/clamav/files/clamav-milter.README.gentoo
@@ -19,7 +19,10 @@ Step 2 - Tell the init script to start clamd as well as freshclam and the
START_FRESHCLAM=yes
START_MILTER=yes
-Step 3 - Edit sendmail.mc
+Step 3 - Inform your MTA about the new milter.
+
+ SENDMAIL
+ Step 3.a.1 - Edit sendmail.mc
Add these lines to sendmail.mc before any any other
INPUT_MAIL_FILTER lines and before MAILER(local)
@@ -30,15 +33,53 @@ Step 3 - Edit sendmail.mc
INPUT_MAIL_FILTER(`clmilter',`S=local:/var/run/clamav/clmilter.sock, F=, T=S:4m;R:4m')dnl
define(`confINPUT_MAIL_FILTERS', `clmilter')dnl
-Step 4 - Rebuild sendmail.cf
+ Step 3.a.2 - Rebuild sendmail.cf
cd /etc/mail
m4 sendmail.mc > sendmail.cf
-Step 5 - Start clamad
+
+
+ POSTFIX
+ Step 3.b - Edit main.cf.
+
+ Add unix:/var/run/clamav/clamav-milter.sock to your
+ smtpd_milters line. If the line doesn't exist, just
+ stick it at the bottom of main.cf on a new line.
+
+ If you're appending, this is a space separated list.
+ If virus scanning is your most intensive test, you
+ may wish to put it on the end of the list so earlier,
+ easiser tests may punt the message before you go through the
+ trouble of virus scanning it.
+
+ Only one milter example:
+
+ # milters to run on network received mail.
+ smtpd_milters=unix:/var/run/clamav/clamav-milter.suck
+
+ Multiple milters example:
+
+ # milters to run on network received mail.
+ smtpd_milters=unix:/var/run/dkim-filter/dkim-filter.sock unix:/var/run/clamav/clamav-milter.sock
+
+
+Step 5 - Adjust permissions for clamav-milter socket
+
+ Edit /etc/clamav-milter.conf and check/change MilterSocketGroup and MilterSocketMode
+ e.g. for postfix it would be this (sendmail,.. should be similar):
+ MiltersocketGroup postfix
+ MilterSocketMode 660
+
+Step 6 - Start clamad
/etc/init.d/clamd start
-Step 6 - Restart sendmail
+Step 7 - Restart your MTA
+ SENDMAIL
/etc/init.d/sendmail restart
+
+ POSTFIX
+ /etc/init.d/postfix restart
+
diff --git a/app-antivirus/clamav/files/clamd.initd-r6 b/app-antivirus/clamav/files/clamd.initd-r6
index 7b50af64072..8cf8dd0a4ba 100644
--- a/app-antivirus/clamav/files/clamd.initd-r6
+++ b/app-antivirus/clamav/files/clamd.initd-r6
@@ -1,5 +1,5 @@
#!/sbin/openrc-run
-# Copyright 1999-2013 Gentoo Foundation
+# Copyright 1999-2018 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
daemon_clamd="/usr/sbin/clamd"
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-antivirus/clamav/, app-antivirus/clamav/files/
@ 2019-10-14 7:11 Lars Wendler
0 siblings, 0 replies; 16+ messages in thread
From: Lars Wendler @ 2019-10-14 7:11 UTC (permalink / raw
To: gentoo-commits
commit: f593e3ceffb4852d91cd62263c52bb33d38c3444
Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Mon Oct 14 07:10:09 2019 +0000
Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Mon Oct 14 07:11:46 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f593e3ce
app-antivirus/clamav: Remove automagic dep on dev-libs/icu (again)
Bug: https://bugs.gentoo.org/661328
Package-Manager: Portage-2.3.76, Repoman-2.3.17
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>
app-antivirus/clamav/clamav-0.102.0.ebuild | 1 +
.../files/clamav-0.102.0-libxml2_pkgconfig.patch | 101 +++++++++++++++++++++
2 files changed, 102 insertions(+)
diff --git a/app-antivirus/clamav/clamav-0.102.0.ebuild b/app-antivirus/clamav/clamav-0.102.0.ebuild
index c2735a25d7d..85d704dacfe 100644
--- a/app-antivirus/clamav/clamav-0.102.0.ebuild
+++ b/app-antivirus/clamav/clamav-0.102.0.ebuild
@@ -47,6 +47,7 @@ RDEPEND="${CDEPEND}
HTML_DOCS=( docs/html )
PATCHES=(
+ "${FILESDIR}/${PN}-0.102.0-libxml2_pkgconfig.patch" #661328
"${FILESDIR}/${PN}-0.101.2-tinfo.patch" #670729
)
diff --git a/app-antivirus/clamav/files/clamav-0.102.0-libxml2_pkgconfig.patch b/app-antivirus/clamav/files/clamav-0.102.0-libxml2_pkgconfig.patch
new file mode 100644
index 00000000000..1a6303b5c8c
--- /dev/null
+++ b/app-antivirus/clamav/files/clamav-0.102.0-libxml2_pkgconfig.patch
@@ -0,0 +1,101 @@
+https://bugs.gentoo.org/661328
+
+--- clamav-0.102.0/m4/reorganization/libs/xml.m4
++++ clamav-0.102.0/m4/reorganization/libs/xml.m4
+@@ -4,85 +4,29 @@
+ [AS_HELP_STRING([--disable-xml], [do not include DMG and XAR support])],
+ want_xml=$enableval, want_xml="auto")
+
+-XML_HOME=""
+-xmlconfig=""
+ if test "X$want_xml" != "Xno"; then
+- AC_MSG_CHECKING([for libxml2 installation])
+- AC_ARG_WITH([xml],
+- AS_HELP_STRING([--with-xml@<:@=DIR@:>@], [path to directory containing libxml2 library
+- @<:@default=/usr/local or /usr if not found in /usr/local@:>@]),
+- [with_xml_val=$withval]
++ PKG_CHECK_MODULES([XML], [libxml-2.0],
++ [found_xml=yes],
++ [
++ found_xml=no
++ AS_IF([test "x$want_xml" = xyes],
++ [AC_MSG_ERROR([--enable-xml set but cannot find libxml2])]
++ )
++ ]
+ )
+
+- AS_IF([test "x$with_xml_val" = "xno"], [XML_HOME=""],
+- [test "x$with_xml_val" = "xyes"], [XML_HOME="/usr/local"],
+- [XML_HOME="$with_xml_val"])
+-
+- AS_IF([test "x$XML_HOME" != "x"], [
+- AS_IF([test ! -x "$XML_HOME/bin/xml2-config"], [XML_HOME=""])
+- ])
+-
+- AS_IF([test "x$XML_HOME" = "x" -a "x$with_xml_val" = "xyes"], [
+- AS_IF([test -x "/usr/bin/xml2-config"], [XML_HOME="/usr"])
+- ])
+-
+- if test "x$XML_HOME" != "x"; then
+- AC_MSG_RESULT([$XML_HOME])
+- with_xml="yes"
+- else
+- AC_MSG_RESULT([not found])
+- fi
+-
+- found_xml="no"
+- XMLCONF_VERSION=""
+- XML_CPPFLAGS=""
+- XML_LIBS=""
+- case "$with_xml" in
+- yes) AC_PATH_PROG([xmlconfig], [xml2-config])
+- if test "x$xmlconfig" = x ; then
+- AC_MSG_NOTICE([can not locate xml2-config in PATH, will search default XML_HOME variants])
+-
+- if test "x$XML_HOME" != "x"; then
+- AC_MSG_CHECKING([xml2-config version])
+- XMLCONF_VERSION="`$XML_HOME/bin/xml2-config --version`"
+-
+- if test "x%XMLCONF_VERSION" != "x"; then
+- AC_MSG_RESULT([$XMLCONF_VERSION])
+- found_xml="yes"
+- XML_CPPFLAGS="`$XML_HOME/bin/xml2-config --cflags`"
+- XML_LIBS="`$XML_HOME/bin/xml2-config --libs`"
+- AS_ECHO("$XML_CPPFLAGS")
+- AS_ECHO("$XML_LIBS")
+- else
+- AC_MSG_ERROR([xml2-config failed])
+- fi
+- fi
+- else
+- found_xml="yes"
+- XMLCONF_VERSION="`$xmlconfig --version`"
+- XML_CPPFLAGS="`$xmlconfig --cflags`"
+- XML_LIBS="`$xmlconfig --libs`"
+- fi
+- esac
+-
+ working_xml="no"
+ if test "X$found_xml" != "Xno"; then
+-
+- readerresult=""
+- if test "x$xmlconfig" = x ; then
+- readerresult="$XML_HOME/include/libxml2/libxml/xmlreader.h"
+- else
+- readerresult="`$xmlconfig --prefix`/include/libxml2/libxml/xmlreader.h"
+- fi
+-
++ XML_HOME=$(${PKG_CONFIG} --variable prefix libxml-2.0)
+ AC_MSG_CHECKING([for xmlreader.h in $readerresult])
+
+- if test ! -f "$readerresult"; then
++ if test ! -f "$XML_HOME/include/libxml2/libxml/xmlreader.h"; then
+ AC_MSG_RESULT([not found])
+ else
+ AC_MSG_RESULT([found])
+ save_LIBS="$LIBS"
+ save_CPPFLAGS="$CPPFLAGS"
++ XML_CPPFLAGS="$XML_CFLAGS"
+ CPPFLAGS="$CPPFLAGS $XML_CPPFLAGS"
+ save_LDFLAGS="$LDFLAGS"
+ LDFLAGS="$LDFLAGS $XML_LIBS"
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-antivirus/clamav/, app-antivirus/clamav/files/
@ 2020-03-20 23:50 Thomas Deutschmann
0 siblings, 0 replies; 16+ messages in thread
From: Thomas Deutschmann @ 2020-03-20 23:50 UTC (permalink / raw
To: gentoo-commits
commit: 822c01a576d1b9c063b45be5b1eba77130f4b073
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Fri Mar 20 23:14:09 2020 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Fri Mar 20 23:48:58 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=822c01a5
app-antivirus/clamav: rev bump
- Migrate to EAPI 7.
- Fix USE=libclamav-only.
- Set proper REQUIRED_USE to indicate that USE=libclamav-only
will really only install libs.
- Install HTML docs only when USE=doc is set.
Closes: https://bugs.gentoo.org/709616
Package-Manager: Portage-2.3.94, Repoman-2.3.21
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
...mav-0.102.2.ebuild => clamav-0.102.2-r1.ebuild} | 178 +++++++++++----------
.../files/clamav-0.102.2-fix-curl-detection.patch | 26 +++
2 files changed, 123 insertions(+), 81 deletions(-)
diff --git a/app-antivirus/clamav/clamav-0.102.2.ebuild b/app-antivirus/clamav/clamav-0.102.2-r1.ebuild
similarity index 50%
rename from app-antivirus/clamav/clamav-0.102.2.ebuild
rename to app-antivirus/clamav/clamav-0.102.2-r1.ebuild
index 1aa121ef78f..1c7040145e4 100644
--- a/app-antivirus/clamav/clamav-0.102.2.ebuild
+++ b/app-antivirus/clamav/clamav-0.102.2-r1.ebuild
@@ -1,9 +1,9 @@
# Copyright 1999-2020 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
-EAPI=6
+EAPI=7
-inherit autotools eutils flag-o-matic ltprune systemd
+inherit autotools flag-o-matic systemd
DESCRIPTION="Clam Anti-Virus Scanner"
HOMEPAGE="https://www.clamav.net/"
@@ -13,6 +13,9 @@ LICENSE="GPL-2"
SLOT="0"
KEYWORDS="~alpha amd64 arm arm64 hppa ia64 ppc ppc64 ~sparc x86 ~amd64-linux ~x86-linux ~ppc-macos ~sparc-solaris ~x86-solaris"
IUSE="bzip2 doc clamdtop clamsubmit iconv ipv6 libclamav-only libressl milter metadata-analysis-api selinux static-libs test uclibc xml"
+
+REQUIRED_USE="libclamav-only? ( !clamdtop !clamsubmit !milter !metadata-analysis-api )"
+
RESTRICT="!test? ( test )"
# Require acct-{user,group}/clamav at build time so that we can set
@@ -20,37 +23,33 @@ RESTRICT="!test? ( test )"
# pkg_postinst; calling "chown" on the live filesystem scares me.
CDEPEND="acct-group/clamav
acct-user/clamav
+ dev-libs/libltdl
+ dev-libs/libmspack
+ || ( dev-libs/libpcre2 >dev-libs/libpcre-6 )
+ >=sys-libs/zlib-1.2.2:=
bzip2? ( app-arch/bzip2 )
clamdtop? ( sys-libs/ncurses:0 )
+ clamsubmit? ( net-misc/curl dev-libs/json-c:= )
+ elibc_musl? ( sys-libs/fts-standalone )
iconv? ( virtual/libiconv )
- metadata-analysis-api? ( dev-libs/json-c:= )
- milter? ( || ( mail-filter/libmilter mail-mta/sendmail ) )
- >=sys-libs/zlib-1.2.2:=
+ !libclamav-only? ( net-misc/curl )
!libressl? ( dev-libs/openssl:0= )
libressl? ( dev-libs/libressl:0= )
- dev-libs/libltdl
- || ( dev-libs/libpcre2 >dev-libs/libpcre-6 )
- dev-libs/libmspack
- xml? ( dev-libs/libxml2 )
- elibc_musl? ( sys-libs/fts-standalone )
- !libclamav-only? ( net-misc/curl )
- clamsubmit? ( net-misc/curl dev-libs/json-c:= )"
-REQUIRED_USE="
- libclamav-only? ( !clamsubmit )
- clamsubmit? ( !libclamav-only )
-"
+ milter? ( || ( mail-filter/libmilter mail-mta/sendmail ) )
+ xml? ( dev-libs/libxml2 )"
+
+BDEPEND="virtual/pkgconfig"
DEPEND="${CDEPEND}
- virtual/pkgconfig
+ metadata-analysis-api? ( dev-libs/json-c:* )
test? ( dev-libs/check )"
RDEPEND="${CDEPEND}
selinux? ( sec-policy/selinux-clamav )"
-HTML_DOCS=( docs/html/. )
-
PATCHES=(
"${FILESDIR}/${PN}-0.101.2-tinfo.patch" #670729
"${FILESDIR}/${PN}-0.102.1-libxml2_pkgconfig.patch" #661328
+ "${FILESDIR}/${PN}-0.102.2-fix-curl-detection.patch" #709616
)
src_prepare() {
@@ -106,79 +105,94 @@ src_install() {
default
rm -rf "${ED}"/var/lib/clamav || die
- newinitd "${FILESDIR}"/clamd.initd-r6 clamd
- newconfd "${FILESDIR}"/clamd.conf-r1 clamd
-
- systemd_dotmpfilesd "${FILESDIR}/tmpfiles.d/clamav.conf"
- systemd_newunit "${FILESDIR}/clamd_at.service" "clamd@.service"
- systemd_dounit "${FILESDIR}/clamd.service"
- systemd_dounit "${FILESDIR}/freshclamd.service"
-
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/clamav.logrotate clamav
-
- # Modify /etc/{clamd,freshclam}.conf to be usable out of the box
- sed -i -e "s:^\(Example\):\# \1:" \
- -e "s:.*\(PidFile\) .*:\1 ${EPREFIX}/var/run/clamav/clamd.pid:" \
- -e "s:.*\(LocalSocket\) .*:\1 ${EPREFIX}/var/run/clamav/clamd.sock:" \
- -e "s:.*\(User\) .*:\1 clamav:" \
- -e "s:^\#\(LogFile\) .*:\1 ${EPREFIX}/var/log/clamav/clamd.log:" \
- -e "s:^\#\(LogTime\).*:\1 yes:" \
- -e "s:^\#\(AllowSupplementaryGroups\).*:\1 yes:" \
- -e "s:^\#\(DatabaseDirectory\).*:\1 /var/lib/clamav:" \
- "${ED}"/etc/clamd.conf.sample || die
- sed -i -e "s:^\(Example\):\# \1:" \
- -e "s:.*\(PidFile\) .*:\1 ${EPREFIX}/var/run/clamav/freshclam.pid:" \
- -e "s:.*\(DatabaseOwner\) .*:\1 clamav:" \
- -e "s:^\#\(UpdateLogFile\) .*:\1 ${EPREFIX}/var/log/clamav/freshclam.log:" \
- -e "s:^\#\(NotifyClamd\).*:\1 ${EPREFIX}/etc/clamd.conf:" \
- -e "s:^\#\(ScriptedUpdates\).*:\1 yes:" \
- -e "s:^\#\(AllowSupplementaryGroups\).*:\1 yes:" \
- -e "s:^\#\(DatabaseDirectory\).*:\1 /var/lib/clamav:" \
- "${ED}"/etc/freshclam.conf.sample || die
- if use milter ; then
- # MilterSocket one to include ' /' because there is a 2nd line for
- # inet: which we want to leave
- ##dodoc "${FILESDIR}"/clamav-milter.README.gentoo
+ if ! use libclamav-only ; then
+ newinitd "${FILESDIR}"/clamd.initd-r6 clamd
+ newconfd "${FILESDIR}"/clamd.conf-r1 clamd
+
+ systemd_dotmpfilesd "${FILESDIR}/tmpfiles.d/clamav.conf"
+ systemd_newunit "${FILESDIR}/clamd_at.service" "clamd@.service"
+ systemd_dounit "${FILESDIR}/clamd.service"
+ systemd_dounit "${FILESDIR}/freshclamd.service"
+
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/clamav.logrotate clamav
+
+ # Modify /etc/{clamd,freshclam}.conf to be usable out of the box
sed -i -e "s:^\(Example\):\# \1:" \
- -e "s:.*\(PidFile\) .*:\1 ${EPREFIX}/var/run/clamav/clamav-milter.pid:" \
- -e "s+^\#\(ClamdSocket\) .*+\1 unix:${EPREFIX}/var/run/clamav/clamd.sock+" \
+ -e "s:.*\(PidFile\) .*:\1 ${EPREFIX}/var/run/clamav/clamd.pid:" \
+ -e "s:.*\(LocalSocket\) .*:\1 ${EPREFIX}/var/run/clamav/clamd.sock:" \
-e "s:.*\(User\) .*:\1 clamav:" \
- -e "s+^\#\(MilterSocket\) /.*+\1 unix:${EPREFIX}/var/run/clamav/clamav-milter.sock+" \
+ -e "s:^\#\(LogFile\) .*:\1 ${EPREFIX}/var/log/clamav/clamd.log:" \
+ -e "s:^\#\(LogTime\).*:\1 yes:" \
-e "s:^\#\(AllowSupplementaryGroups\).*:\1 yes:" \
- -e "s:^\#\(LogFile\) .*:\1 ${EPREFIX}/var/log/clamav/clamav-milter.log:" \
- "${ED}"/etc/clamav-milter.conf.sample || die
- cat >> "${ED}"/etc/conf.d/clamd <<-EOF
- MILTER_NICELEVEL=19
- START_MILTER=no
- EOF
-
- systemd_newunit "${FILESDIR}/clamav-milter.service-r1" clamav-milter.service
- fi
+ -e "s:^\#\(DatabaseDirectory\).*:\1 /var/lib/clamav:" \
+ "${ED}"/etc/clamd.conf.sample || die
- if use doc; then
- einstalldocs
- doman docs/man/*.[1-8]
+ sed -i -e "s:^\(Example\):\# \1:" \
+ -e "s:.*\(PidFile\) .*:\1 ${EPREFIX}/var/run/clamav/freshclam.pid:" \
+ -e "s:.*\(DatabaseOwner\) .*:\1 clamav:" \
+ -e "s:^\#\(UpdateLogFile\) .*:\1 ${EPREFIX}/var/log/clamav/freshclam.log:" \
+ -e "s:^\#\(NotifyClamd\).*:\1 ${EPREFIX}/etc/clamd.conf:" \
+ -e "s:^\#\(ScriptedUpdates\).*:\1 yes:" \
+ -e "s:^\#\(AllowSupplementaryGroups\).*:\1 yes:" \
+ -e "s:^\#\(DatabaseDirectory\).*:\1 /var/lib/clamav:" \
+ "${ED}"/etc/freshclam.conf.sample || die
+
+ if use milter ; then
+ # MilterSocket one to include ' /' because there is a 2nd line for
+ # inet: which we want to leave
+ ##dodoc "${FILESDIR}"/clamav-milter.README.gentoo
+ sed -i -e "s:^\(Example\):\# \1:" \
+ -e "s:.*\(PidFile\) .*:\1 ${EPREFIX}/var/run/clamav/clamav-milter.pid:" \
+ -e "s+^\#\(ClamdSocket\) .*+\1 unix:${EPREFIX}/var/run/clamav/clamd.sock+" \
+ -e "s:.*\(User\) .*:\1 clamav:" \
+ -e "s+^\#\(MilterSocket\) /.*+\1 unix:${EPREFIX}/var/run/clamav/clamav-milter.sock+" \
+ -e "s:^\#\(AllowSupplementaryGroups\).*:\1 yes:" \
+ -e "s:^\#\(LogFile\) .*:\1 ${EPREFIX}/var/log/clamav/clamav-milter.log:" \
+ "${ED}"/etc/clamav-milter.conf.sample || die
+
+ cat >> "${ED}"/etc/conf.d/clamd <<-EOF
+ MILTER_NICELEVEL=19
+ START_MILTER=no
+ EOF
+
+ systemd_newunit "${FILESDIR}/clamav-milter.service-r1" clamav-milter.service
+ fi
+
+ local i
+ for i in clamd freshclam clamav-milter
+ do
+ if [[ -f "${ED}"/etc/"${i}".conf.sample ]]; then
+ mv "${ED}"/etc/"${i}".conf{.sample,} || die
+ fi
+ done
+
+ # These both need to be writable by the clamav user.
+ # TODO: use syslog by default; that's what it's for.
+ diropts -o clamav -g clamav
+ keepdir /var/lib/clamav
+ keepdir /var/log/clamav
fi
- for i in clamd freshclam clamav-milter
- do
- if [[ -f "${D}"/etc/"${i}".conf.sample ]]; then
- mv "${D}"/etc/"${i}".conf{.sample,} || die
- fi
- done
+ if use doc ; then
+ local HTML_DOCS=( docs/html/. )
+ einstalldocs
- prune_libtool_files --all
+ if ! use libclamav-only ; then
+ doman docs/man/*.[1-8]
+ fi
+ fi
- # These both need to be writable by the clamav user.
- # TODO: use syslog by default; that's what it's for.
- diropts -o clamav -g clamav
- keepdir /var/lib/clamav
- keepdir /var/log/clamav
+ find "${ED}" -name '*.la' -delete || die
}
src_test() {
+ if use libclamav-only ; then
+ ewarn "Test target not available when USE=libclamav-only is set, skipping tests ..."
+ return 0
+ fi
+
emake quick-check
}
@@ -187,11 +201,13 @@ pkg_postinst() {
elog "For simple instructions how to setup the clamav-milter read the"
elog "clamav-milter.README.gentoo in /usr/share/doc/${PF}"
fi
- local databases=( "${ROOT}"var/lib/clamav/main.c[lv]d )
+
+ local databases=( "${EROOT}"/var/lib/clamav/main.c[lv]d )
if [[ ! -f "${databases}" ]] ; then
ewarn "You must run freshclam manually to populate the virus database"
ewarn "before starting clamav for the first time."
fi
+
elog "For instructions on how to use clamonacc, see"
elog
elog " https://www.clamav.net/documents/on-access-scanning"
diff --git a/app-antivirus/clamav/files/clamav-0.102.2-fix-curl-detection.patch b/app-antivirus/clamav/files/clamav-0.102.2-fix-curl-detection.patch
new file mode 100644
index 00000000000..f89a704ea3e
--- /dev/null
+++ b/app-antivirus/clamav/files/clamav-0.102.2-fix-curl-detection.patch
@@ -0,0 +1,26 @@
+https://bugs.gentoo.org/709616
+
+--- a/configure.ac
++++ b/configure.ac
+@@ -197,6 +197,10 @@ AC_CONFIG_FILES([
+ clamav-types.h
+ clamav-version.h])
+ if test "x$enable_libclamav_only" != "xyes"; then
++ if test "$have_curl" = "no"; then
++ AC_MSG_ERROR([libcurl not found. libcurl (e.g. libcurl-devel) is required in order to build freshclam and clamsubmit.])
++ fi
++
+ AC_CONFIG_FILES([
+ clamscan/Makefile
+ database/Makefile
+--- a/m4/reorganization/libs/curl.m4
++++ b/m4/reorganization/libs/curl.m4
+@@ -92,8 +92,6 @@ if test "X$have_curl" = "Xyes"; then
+ )
+
+ LDFLAGS="$save_LDFLAGS"
+-else
+- AC_MSG_ERROR([libcurl not found. libcurl (e.g. libcurl-devel) is required in order to build freshclam and clamsubmit.])
+ fi
+
+ AC_SUBST([CLAMSUBMIT_LIBS])
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-antivirus/clamav/, app-antivirus/clamav/files/
@ 2020-06-21 13:38 Michael Orlitzky
0 siblings, 0 replies; 16+ messages in thread
From: Michael Orlitzky @ 2020-06-21 13:38 UTC (permalink / raw
To: gentoo-commits
commit: 3bf547dbe7ade89d37115521322b3b6566e1f5c5
Author: Michael Orlitzky <mjo <AT> gentoo <DOT> org>
AuthorDate: Sun Jun 21 12:32:06 2020 +0000
Commit: Michael Orlitzky <mjo <AT> gentoo <DOT> org>
CommitDate: Sun Jun 21 13:37:44 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3bf547db
app-antivirus/clamav: new revision to unbundle tomsfastmath.
Now that dev-libs/tomsfastmath is in the tree, add a new revision of
clamav that (a) deletes the bundled copy from the source tree, and (b)
patches in the system copy. Thanks to sam_c for taking this on!
Closes: https://bugs.gentoo.org/649394
Package-Manager: Portage-2.3.99, Repoman-2.3.22
Signed-off-by: Michael Orlitzky <mjo <AT> gentoo.org>
app-antivirus/clamav/clamav-0.102.3-r1.ebuild | 222 +++++++++++++++++++++
.../files/clamav-0.102.3-system-tomsfastmath.patch | 113 +++++++++++
2 files changed, 335 insertions(+)
diff --git a/app-antivirus/clamav/clamav-0.102.3-r1.ebuild b/app-antivirus/clamav/clamav-0.102.3-r1.ebuild
new file mode 100644
index 00000000000..09054b32b34
--- /dev/null
+++ b/app-antivirus/clamav/clamav-0.102.3-r1.ebuild
@@ -0,0 +1,222 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit autotools flag-o-matic systemd
+
+DESCRIPTION="Clam Anti-Virus Scanner"
+HOMEPAGE="https://www.clamav.net/"
+SRC_URI="https://www.clamav.net/downloads/production/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~sparc-solaris ~x86-solaris"
+IUSE="bzip2 doc clamdtop clamsubmit iconv ipv6 libclamav-only libressl milter metadata-analysis-api selinux test uclibc xml"
+
+REQUIRED_USE="libclamav-only? ( !clamdtop !clamsubmit !milter !metadata-analysis-api )"
+
+RESTRICT="!test? ( test )"
+
+# Require acct-{user,group}/clamav at build time so that we can set
+# the permissions on /var/lib/clamav in src_install rather than in
+# pkg_postinst; calling "chown" on the live filesystem scares me.
+CDEPEND="acct-group/clamav
+ acct-user/clamav
+ dev-libs/libltdl
+ dev-libs/libmspack
+ || ( dev-libs/libpcre2 >dev-libs/libpcre-6 )
+ dev-libs/tomsfastmath
+ >=sys-libs/zlib-1.2.2:=
+ bzip2? ( app-arch/bzip2 )
+ clamdtop? ( sys-libs/ncurses:0 )
+ clamsubmit? ( net-misc/curl dev-libs/json-c:= )
+ elibc_musl? ( sys-libs/fts-standalone )
+ iconv? ( virtual/libiconv )
+ !libclamav-only? ( net-misc/curl )
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:0= )
+ milter? ( || ( mail-filter/libmilter mail-mta/sendmail ) )
+ xml? ( dev-libs/libxml2 )"
+
+BDEPEND="virtual/pkgconfig"
+
+DEPEND="${CDEPEND}
+ metadata-analysis-api? ( dev-libs/json-c:* )
+ test? ( dev-libs/check )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-clamav )"
+
+PATCHES=(
+ "${FILESDIR}/${PN}-0.101.2-tinfo.patch" #670729
+ "${FILESDIR}/${PN}-0.102.1-libxml2_pkgconfig.patch" #661328
+ "${FILESDIR}/${PN}-0.102.2-fix-curl-detection.patch" #709616
+ "${FILESDIR}/${P}-system-tomsfastmath.patch" # 649394
+)
+
+src_prepare() {
+ default
+
+ # Be extra sure that we're using the system copy of tomsfastmath
+ einfo "removing bundled copy of dev-libs/tomsfastmath"
+ rm -r libclamav/tomsfastmath || \
+ die "failed to remove bundled tomsfastmath"
+
+ AT_NO_RECURSIVE="yes" eautoreconf
+}
+
+src_configure() {
+ use elibc_musl && append-ldflags -lfts
+ use ppc64 && append-flags -mminimal-toc
+ use uclibc && export ac_cv_type_error_t=yes
+
+ # according to configure help it should be
+ # $(use_enable xml)
+ # but that does not work
+ # do not add this, since --disable-xml seems to override
+ # --without-xml
+ JSONUSE="--without-libjson"
+
+ if use clamsubmit || use metadata-analysis-api; then
+ # either of those 2 requires libjson.
+ # clamsubmit will be built as soon as libjson and curl are found
+ # but we only install the binary if requested
+ JSONUSE="--with-libjson=${EPREFIX}/usr"
+ fi
+
+ local myeconfargs=(
+ $(use_enable bzip2)
+ $(use_enable clamdtop)
+ $(use_enable ipv6)
+ $(use_enable milter)
+ $(use_enable test check)
+ $(use_with xml)
+ $(use_with iconv)
+ ${JSONUSE}
+ $(use_enable libclamav-only)
+ $(use_with !libclamav-only libcurl)
+ --with-system-libmspack
+ --cache-file="${S}"/config.cache
+ --disable-experimental
+ --disable-static
+ --disable-zlib-vcheck
+ --enable-id-check
+ --with-dbdir="${EPREFIX}"/var/lib/clamav
+ # Don't call --with-zlib=/usr (see bug #699296)
+ --with-zlib
+ --disable-llvm
+ )
+ econf "${myeconfargs[@]}"
+}
+
+src_install() {
+ default
+
+ rm -rf "${ED}"/var/lib/clamav || die
+
+ if ! use libclamav-only ; then
+ newinitd "${FILESDIR}"/clamd.initd-r6 clamd
+ newconfd "${FILESDIR}"/clamd.conf-r1 clamd
+
+ systemd_dotmpfilesd "${FILESDIR}/tmpfiles.d/clamav.conf"
+ systemd_newunit "${FILESDIR}/clamd_at.service" "clamd@.service"
+ systemd_dounit "${FILESDIR}/clamd.service"
+ systemd_dounit "${FILESDIR}/freshclamd.service"
+
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/clamav.logrotate clamav
+
+ # Modify /etc/{clamd,freshclam}.conf to be usable out of the box
+ sed -i -e "s:^\(Example\):\# \1:" \
+ -e "s:.*\(PidFile\) .*:\1 ${EPREFIX}/var/run/clamav/clamd.pid:" \
+ -e "s:.*\(LocalSocket\) .*:\1 ${EPREFIX}/var/run/clamav/clamd.sock:" \
+ -e "s:.*\(User\) .*:\1 clamav:" \
+ -e "s:^\#\(LogFile\) .*:\1 ${EPREFIX}/var/log/clamav/clamd.log:" \
+ -e "s:^\#\(LogTime\).*:\1 yes:" \
+ -e "s:^\#\(AllowSupplementaryGroups\).*:\1 yes:" \
+ -e "s:^\#\(DatabaseDirectory\).*:\1 /var/lib/clamav:" \
+ "${ED}"/etc/clamd.conf.sample || die
+
+ sed -i -e "s:^\(Example\):\# \1:" \
+ -e "s:.*\(PidFile\) .*:\1 ${EPREFIX}/var/run/clamav/freshclam.pid:" \
+ -e "s:.*\(DatabaseOwner\) .*:\1 clamav:" \
+ -e "s:^\#\(UpdateLogFile\) .*:\1 ${EPREFIX}/var/log/clamav/freshclam.log:" \
+ -e "s:^\#\(NotifyClamd\).*:\1 ${EPREFIX}/etc/clamd.conf:" \
+ -e "s:^\#\(ScriptedUpdates\).*:\1 yes:" \
+ -e "s:^\#\(AllowSupplementaryGroups\).*:\1 yes:" \
+ -e "s:^\#\(DatabaseDirectory\).*:\1 /var/lib/clamav:" \
+ "${ED}"/etc/freshclam.conf.sample || die
+
+ if use milter ; then
+ # MilterSocket one to include ' /' because there is a 2nd line for
+ # inet: which we want to leave
+ ##dodoc "${FILESDIR}"/clamav-milter.README.gentoo
+ sed -i -e "s:^\(Example\):\# \1:" \
+ -e "s:.*\(PidFile\) .*:\1 ${EPREFIX}/var/run/clamav/clamav-milter.pid:" \
+ -e "s+^\#\(ClamdSocket\) .*+\1 unix:${EPREFIX}/var/run/clamav/clamd.sock+" \
+ -e "s:.*\(User\) .*:\1 clamav:" \
+ -e "s+^\#\(MilterSocket\) /.*+\1 unix:${EPREFIX}/var/run/clamav/clamav-milter.sock+" \
+ -e "s:^\#\(AllowSupplementaryGroups\).*:\1 yes:" \
+ -e "s:^\#\(LogFile\) .*:\1 ${EPREFIX}/var/log/clamav/clamav-milter.log:" \
+ "${ED}"/etc/clamav-milter.conf.sample || die
+
+ cat >> "${ED}"/etc/conf.d/clamd <<-EOF
+ MILTER_NICELEVEL=19
+ START_MILTER=no
+ EOF
+
+ systemd_newunit "${FILESDIR}/clamav-milter.service-r1" clamav-milter.service
+ fi
+
+ local i
+ for i in clamd freshclam clamav-milter
+ do
+ if [[ -f "${ED}"/etc/"${i}".conf.sample ]]; then
+ mv "${ED}"/etc/"${i}".conf{.sample,} || die
+ fi
+ done
+
+ # These both need to be writable by the clamav user.
+ # TODO: use syslog by default; that's what it's for.
+ diropts -o clamav -g clamav
+ keepdir /var/lib/clamav
+ keepdir /var/log/clamav
+ fi
+
+ if use doc ; then
+ local HTML_DOCS=( docs/html/. )
+ einstalldocs
+
+ if ! use libclamav-only ; then
+ doman docs/man/*.[1-8]
+ fi
+ fi
+
+ find "${ED}" -name '*.la' -delete || die
+}
+
+src_test() {
+ if use libclamav-only ; then
+ ewarn "Test target not available when USE=libclamav-only is set, skipping tests ..."
+ return 0
+ fi
+
+ emake quick-check
+}
+
+pkg_postinst() {
+ if use milter ; then
+ elog "For simple instructions how to setup the clamav-milter read the"
+ elog "clamav-milter.README.gentoo in /usr/share/doc/${PF}"
+ fi
+
+ local databases=( "${EROOT}"/var/lib/clamav/main.c[lv]d )
+ if [[ ! -f "${databases}" ]] ; then
+ ewarn "You must run freshclam manually to populate the virus database"
+ ewarn "before starting clamav for the first time."
+ fi
+
+ elog "For instructions on how to use clamonacc, see"
+ elog
+ elog " https://www.clamav.net/documents/on-access-scanning"
+}
diff --git a/app-antivirus/clamav/files/clamav-0.102.3-system-tomsfastmath.patch b/app-antivirus/clamav/files/clamav-0.102.3-system-tomsfastmath.patch
new file mode 100644
index 00000000000..ee575c3b128
--- /dev/null
+++ b/app-antivirus/clamav/files/clamav-0.102.3-system-tomsfastmath.patch
@@ -0,0 +1,113 @@
+From bcf63fa6bbd519bc61c2b2553fb1913f802eb96e Mon Sep 17 00:00:00 2001
+From: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
+Date: Wed, 11 Mar 2015 20:03:15 +0100
+Subject: add support for system tomsfastmath
+
+Patch-Name: add-support-for-system-tomsfastmath.patch
+---
+ configure.ac | 2 ++
+ libclamav/Makefile.am | 10 ++++++++--
+ libclamav/bignum.h | 6 +++++-
+ libclamav/xdp.c | 2 +-
+ m4/reorganization/libs/tomsfastmath.m4 | 12 ++++++++++++
+ 5 files changed, 28 insertions(+), 4 deletions(-)
+ create mode 100644 m4/reorganization/libs/tomsfastmath.m4
+
+diff --git a/configure.ac b/configure.ac
+index 8375971..3cacfb8 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -98,6 +98,7 @@ m4_include([m4/reorganization/libs/libmspack.m4])
+ if test "x$use_internal_mspack" = "xno"; then
+ mspack_msg="External, $LIBMSPACK_CFLAGS $LIBMSPACK_LIBS"
+ fi
++m4_include([m4/reorganization/libs/tomsfastmath.m4])
+
+ AM_MAINTAINER_MODE
+ m4_include([m4/reorganization/libs/libz.m4])
+@@ -356,6 +357,7 @@ fi
+ CL_MSG_STATUS([yara ],[$enable_yara],[$enable_yara])
+ CL_MSG_STATUS([fts ],[yes],[$lfs_fts_msg])
+
++CL_MSG_STATUS([tomsfastmath],[yes],[$tomsfastmath_msg])
+
+ # Yep, downgrading the compiler avoids the bug too:
+ # 4.0.x, and 4.1.0 are the known buggy versions
+diff --git a/libclamav/Makefile.am b/libclamav/Makefile.am
+index 699d033..3282272 100644
+--- a/libclamav/Makefile.am
++++ b/libclamav/Makefile.am
+@@ -602,8 +602,10 @@ libclamav_la_SOURCES += yara_arena.c \
+ yara_clam.h
+ endif
+
+-libclamav_la_SOURCES += bignum.h\
+- bignum_fast.h\
++libclamav_la_SOURCES += bignum.h
++
++if !SYSTEM_TOMSFASTMATH
++libclamav_la_SOURCES += bignum_fast.h\
+ tomsfastmath/addsub/fp_add.c\
+ tomsfastmath/addsub/fp_add_d.c\
+ tomsfastmath/addsub/fp_addmod.c\
+@@ -685,6 +687,10 @@ libclamav_la_SOURCES += bignum.h\
+ tomsfastmath/sqr/fp_sqr_comba_generic.c\
+ tomsfastmath/sqr/fp_sqr_comba_small_set.c\
+ tomsfastmath/sqr/fp_sqrmod.c
++else
++libclamav_la_CFLAGS += $(TOMSFASTMATH_CFLAGS)
++libclamav_la_LIBADD += $(TOMSFASTMATH_LIBS)
++endif
+
+ .PHONY2: version.h.tmp
+ version.c: version.h
+diff --git a/libclamav/bignum.h b/libclamav/bignum.h
+index 8fdc956..56dfa95 100644
+--- a/libclamav/bignum.h
++++ b/libclamav/bignum.h
+@@ -1,9 +1,13 @@
+ #ifndef BIGNUM_H_
+ #define BIGNUM_H_
+
++#if HAVE_SYSTEM_TOMSFASTMATH
++#include <tfm.h>
++#else
+ #define TFM_CHECK
+-
+ #include "bignum_fast.h"
++#endif
++
+ typedef fp_int mp_int;
+ #define mp_cmp fp_cmp
+ #define mp_toradix_n(a, b, c, d) fp_toradix_n(a, b, c, d)
+diff --git a/libclamav/xdp.c b/libclamav/xdp.c
+index d5a4c4b..cc3b40d 100644
+--- a/libclamav/xdp.c
++++ b/libclamav/xdp.c
+@@ -52,7 +52,7 @@
+ #include "scanners.h"
+ #include "conv.h"
+ #include "xdp.h"
+-#include "bignum_fast.h"
++#include "bignum.h"
+ #include "filetypes.h"
+
+ static char *dump_xdp(cli_ctx *ctx, const char *start, size_t sz);
+diff --git a/m4/reorganization/libs/tomsfastmath.m4 b/m4/reorganization/libs/tomsfastmath.m4
+new file mode 100644
+index 0000000..2a821a1
+--- /dev/null
++++ b/m4/reorganization/libs/tomsfastmath.m4
+@@ -0,0 +1,12 @@
++dnl Check for system tomsfastmath
++PKG_CHECK_MODULES([TOMSFASTMATH], [tomsfastmath], [have_system_tomsfastmath=yes], [have_system_tomsfastmath=no])
++
++AM_CONDITIONAL([SYSTEM_TOMSFASTMATH], [test "x$have_system_tomsfastmath" = "xyes"])
++
++if test "x$have_system_tomsfastmath" = "xyes"; then
++ AC_DEFINE([HAVE_SYSTEM_TOMSFASTMATH], [1], [link against system-wide tomsfastmath library])
++ tomsfastmath_msg="External, $TOMSFASTMATH_CFLAGS $TOMSFASTMATH_LIBS"
++else
++ AC_DEFINE([HAVE_SYSTEM_TOMSFASTMATH], [0], [don't link against system-wide tomsfastmath library])
++ tomsfastmath_msg="Internal"
++fi
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-antivirus/clamav/, app-antivirus/clamav/files/
@ 2020-12-18 1:10 Michael Orlitzky
0 siblings, 0 replies; 16+ messages in thread
From: Michael Orlitzky @ 2020-12-18 1:10 UTC (permalink / raw
To: gentoo-commits
commit: 2de1bdef8744c467630be10ee4d2c723a05e708d
Author: Michael Orlitzky <mjo <AT> gentoo <DOT> org>
AuthorDate: Fri Dec 18 00:52:39 2020 +0000
Commit: Michael Orlitzky <mjo <AT> gentoo <DOT> org>
CommitDate: Fri Dec 18 00:52:39 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2de1bdef
app-antivirus/clamav: new revision with an upstream freshclam patch.
This -r2 adds a patch to ensure that freshclam does not validate
invalid databases and crash your clamd on the subsequent reload.
Upstream-bug: https://bugzilla.clamav.net/show_bug.cgi?id=12522
Package-Manager: Portage-3.0.9, Repoman-3.0.2
Signed-off-by: Michael Orlitzky <mjo <AT> gentoo.org>
...-0.103.0-r1.ebuild => clamav-0.103.0-r2.ebuild} | 1 +
.../clamav-0.103.0-freshclam-db-test-fix.patch | 27 ++++++++++++++++++++++
2 files changed, 28 insertions(+)
diff --git a/app-antivirus/clamav/clamav-0.103.0-r1.ebuild b/app-antivirus/clamav/clamav-0.103.0-r2.ebuild
similarity index 99%
rename from app-antivirus/clamav/clamav-0.103.0-r1.ebuild
rename to app-antivirus/clamav/clamav-0.103.0-r2.ebuild
index 52721c9856a..1ebe1bd96d9 100644
--- a/app-antivirus/clamav/clamav-0.103.0-r1.ebuild
+++ b/app-antivirus/clamav/clamav-0.103.0-r2.ebuild
@@ -55,6 +55,7 @@ PATCHES=(
"${FILESDIR}/${PN}-0.102.2-fix-curl-detection.patch" #709616
"${FILESDIR}/${PN}-0.103.0-system-tomsfastmath.patch" # 649394
"${FILESDIR}/${PN}-0.103.0-upstream-openrc.patch"
+ "${FILESDIR}/${PN}-0.103.0-freshclam-db-test-fix.patch"
)
src_prepare() {
diff --git a/app-antivirus/clamav/files/clamav-0.103.0-freshclam-db-test-fix.patch b/app-antivirus/clamav/files/clamav-0.103.0-freshclam-db-test-fix.patch
new file mode 100644
index 00000000000..25ae94b9fb8
--- /dev/null
+++ b/app-antivirus/clamav/files/clamav-0.103.0-freshclam-db-test-fix.patch
@@ -0,0 +1,27 @@
+diff --git a/freshclam/freshclam.c b/freshclam/freshclam.c
+index 8db3b8001..8cde8c9a8 100644
+--- a/freshclam/freshclam.c
++++ b/freshclam/freshclam.c
+@@ -280,6 +280,14 @@ fc_error_t download_complete_callback(const char *dbFilename, void *context)
+ goto done;
+ }
+ } else {
++ /*
++ * Attempt to test database in a child process.
++ */
++
++ /* We need to be able to wait for the child process ourselves.
++ * We'll re-enable wait in the global handler when we're done. */
++ g_sigchildWait = 0;
++
+ switch (pid = fork()) {
+ case -1: {
+ /*
+@@ -391,6 +399,7 @@ done:
+ logg("!Database test FAILED.\n");
+ }
+
++ /* Re-enable the global handler's child process wait */
+ g_sigchildWait = 1;
+
+ return status;
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-antivirus/clamav/, app-antivirus/clamav/files/
@ 2021-06-29 4:40 Sam James
0 siblings, 0 replies; 16+ messages in thread
From: Sam James @ 2021-06-29 4:40 UTC (permalink / raw
To: gentoo-commits
commit: 5e66ceb053b88d41ef3a76fdecd3144495d62976
Author: Hank Leininger <hlein <AT> korelogic <DOT> com>
AuthorDate: Sun Jun 27 18:11:39 2021 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Jun 29 04:12:01 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5e66ceb0
app-antivirus/clamav: fix logrotate file deployed when USE=milter
command -v writes to stdout, not stderr, so the check for openrc/systemd
was generating output and emails.
Signed-off-by: Hank Leininger <hlein <AT> korelogic.com>
Closes: https://bugs.gentoo.org/798933
Package-Manager: Portage-3.0.20, Repoman-3.0.3
Signed-off-by: Sam James <sam <AT> gentoo.org>
app-antivirus/clamav/clamav-0.103.3-r1.ebuild | 234 +++++++++++++++++++++
.../clamav/files/clamav-milter.logrotate-r1 | 25 +++
2 files changed, 259 insertions(+)
diff --git a/app-antivirus/clamav/clamav-0.103.3-r1.ebuild b/app-antivirus/clamav/clamav-0.103.3-r1.ebuild
new file mode 100644
index 00000000000..5fcae6ee66c
--- /dev/null
+++ b/app-antivirus/clamav/clamav-0.103.3-r1.ebuild
@@ -0,0 +1,234 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit autotools flag-o-matic systemd tmpfiles
+
+DESCRIPTION="Clam Anti-Virus Scanner"
+HOMEPAGE="https://www.clamav.net/"
+SRC_URI="https://www.clamav.net/downloads/production/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~sparc-solaris ~x86-solaris"
+IUSE="bzip2 doc clamonacc clamdtop clamsubmit iconv ipv6 libclamav-only milter metadata-analysis-api selinux systemd test uclibc xml"
+
+REQUIRED_USE="libclamav-only? ( !clamonacc !clamdtop !clamsubmit !milter !metadata-analysis-api )"
+
+RESTRICT="!test? ( test )"
+
+# Require acct-{user,group}/clamav at build time so that we can set
+# the permissions on /var/lib/clamav in src_install rather than in
+# pkg_postinst; calling "chown" on the live filesystem scares me.
+CDEPEND="acct-group/clamav
+ acct-user/clamav
+ dev-libs/libltdl
+ dev-libs/libmspack
+ || ( dev-libs/libpcre2 >dev-libs/libpcre-6 )
+ dev-libs/tomsfastmath
+ >=sys-libs/zlib-1.2.2:=
+ bzip2? ( app-arch/bzip2 )
+ clamdtop? ( sys-libs/ncurses:0 )
+ clamsubmit? ( net-misc/curl dev-libs/json-c:= )
+ elibc_musl? ( sys-libs/fts-standalone )
+ iconv? ( virtual/libiconv )
+ !libclamav-only? ( net-misc/curl )
+ dev-libs/openssl:0=
+ milter? ( || ( mail-filter/libmilter mail-mta/sendmail ) )
+ xml? ( dev-libs/libxml2 )"
+
+# We need at least autoconf-2.69-r5 because that's the first (patched)
+# version of it in Gentoo that supports ./configure --runstatedir.
+BDEPEND=">=sys-devel/autoconf-2.69-r5
+ virtual/pkgconfig"
+
+DEPEND="${CDEPEND}
+ metadata-analysis-api? ( dev-libs/json-c:* )
+ test? ( dev-libs/check )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-clamav )"
+
+PATCHES=(
+ "${FILESDIR}/${PN}-0.102.1-libxml2_pkgconfig.patch" #661328
+ "${FILESDIR}/${PN}-0.102.2-fix-curl-detection.patch" #709616
+ "${FILESDIR}/${PN}-0.103.0-system-tomsfastmath.patch" # 649394
+ "${FILESDIR}/${PN}-0.103.1-upstream-openrc.patch"
+)
+
+src_prepare() {
+ default
+
+ # Be extra sure that we're using the system copy of tomsfastmath
+ einfo "removing bundled copy of dev-libs/tomsfastmath"
+ rm -r libclamav/tomsfastmath || \
+ die "failed to remove bundled tomsfastmath"
+
+ AT_NO_RECURSIVE="yes" eautoreconf
+}
+
+src_configure() {
+ use elibc_musl && append-ldflags -lfts
+ use ppc64 && append-flags -mminimal-toc
+ use uclibc && export ac_cv_type_error_t=yes
+
+ # according to configure help it should be
+ # $(use_enable xml)
+ # but that does not work
+ # do not add this, since --disable-xml seems to override
+ # --without-xml
+ JSONUSE="--without-libjson"
+
+ if use clamsubmit || use metadata-analysis-api; then
+ # either of those 2 requires libjson.
+ # clamsubmit will be built as soon as libjson and curl are found
+ # but we only install the binary if requested
+ JSONUSE="--with-libjson=${EPREFIX}/usr"
+ fi
+
+ local myeconfargs=(
+ $(use_enable bzip2)
+ $(use_enable clamonacc)
+ $(use_enable clamdtop)
+ $(use_enable ipv6)
+ $(use_enable milter)
+ $(use_enable test check)
+ $(use_with xml)
+ $(use_with iconv)
+ ${JSONUSE}
+ $(use_enable libclamav-only)
+ $(use_with !libclamav-only libcurl)
+ --with-system-libmspack
+ --cache-file="${S}"/config.cache
+ --disable-experimental
+ --disable-static
+ --disable-zlib-vcheck
+ --enable-id-check
+ --with-dbdir="${EPREFIX}"/var/lib/clamav
+ # Don't call --with-zlib=/usr (see bug #699296)
+ --with-zlib
+ --disable-llvm
+ --enable-openrc
+ --runstatedir=/run
+ )
+ econf "${myeconfargs[@]}"
+}
+
+src_install() {
+ default
+
+ rm -rf "${ED}"/var/lib/clamav || die
+
+ if ! use libclamav-only ; then
+ if use systemd; then
+ # The tmpfiles entry is behind USE=systemd because the
+ # upstream OpenRC service files should (and do) ensure that
+ # the directories they need exist and have the correct
+ # permissions without the help of opentmpfiles. There are
+ # years-old root exploits in opentmpfiles, the design is
+ # fundamentally flawed, and the maintainer is not up to
+ # the task of fixing it.
+ dotmpfiles "${FILESDIR}/tmpfiles.d/clamav.conf"
+ systemd_newunit "${FILESDIR}/clamd_at.service" "clamd@.service"
+ systemd_dounit "${FILESDIR}/clamd.service"
+ systemd_newunit "${FILESDIR}/freshclamd.service-r1" \
+ "freshclamd.service"
+ fi
+
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}/clamd.logrotate" clamd
+ newins "${FILESDIR}/freshclam.logrotate" freshclam
+ use milter && \
+ newins "${FILESDIR}/clamav-milter.logrotate-r1" clamav-milter
+
+ # Modify /etc/{clamd,freshclam}.conf to be usable out of the box
+ sed -i -e "s:^\(Example\):\# \1:" \
+ -e "s/^#\(PidFile .*\)/\1/" \
+ -e "s/^#\(LocalSocket .*\)/\1/" \
+ -e "s/^#\(User .*\)/\1/" \
+ -e "s:^\#\(LogFile\) .*:\1 ${EPREFIX}/var/log/clamav/clamd.log:" \
+ -e "s:^\#\(LogTime\).*:\1 yes:" \
+ -e "s/^#\(DatabaseDirectory .*\)/\1/" \
+ "${ED}"/etc/clamd.conf.sample || die
+
+ sed -i -e "s:^\(Example\):\# \1:" \
+ -e "s/^#\(PidFile .*\)/\1/" \
+ -e "s/^#\(DatabaseOwner .*\)/\1/" \
+ -e "s:^\#\(UpdateLogFile\) .*:\1 ${EPREFIX}/var/log/clamav/freshclam.log:" \
+ -e "s:^\#\(NotifyClamd\).*:\1 ${EPREFIX}/etc/clamd.conf:" \
+ -e "s:^\#\(ScriptedUpdates\).*:\1 yes:" \
+ -e "s/^#\(DatabaseDirectory .*\)/\1/" \
+ "${ED}"/etc/freshclam.conf.sample || die
+
+ if use milter ; then
+ # Note: only keep the "unix" ClamdSocket and MilterSocket!
+ sed -i -e "s:^\(Example\):\# \1:" \
+ -e "s/^#\(PidFile .*\)/\1/" \
+ -e "s/^#\(ClamdSocket unix:.*\)/\1/" \
+ -e "s/^#\(User .*\)/\1/" \
+ -e "s/^#\(MilterSocket unix:.*\)/\1/" \
+ -e "s:^\#\(LogFile\) .*:\1 ${EPREFIX}/var/log/clamav/clamav-milter.log:" \
+ "${ED}"/etc/clamav-milter.conf.sample || die
+
+ cat >> "${ED}"/etc/conf.d/clamd <<-EOF
+ MILTER_NICELEVEL=19
+ START_MILTER=no
+ EOF
+
+ systemd_newunit "${FILESDIR}/clamav-milter.service-r1" clamav-milter.service
+ fi
+
+ local i
+ for i in clamd freshclam clamav-milter
+ do
+ if [[ -f "${ED}"/etc/"${i}".conf.sample ]]; then
+ mv "${ED}"/etc/"${i}".conf{.sample,} || die
+ fi
+ done
+
+ # These both need to be writable by the clamav user.
+ # TODO: use syslog by default; that's what it's for.
+ diropts -o clamav -g clamav
+ keepdir /var/lib/clamav
+ keepdir /var/log/clamav
+ fi
+
+ if use doc ; then
+ local HTML_DOCS=( docs/html/. )
+ einstalldocs
+
+ if ! use libclamav-only ; then
+ doman docs/man/*.[1-8]
+ fi
+ fi
+
+ find "${ED}" -name '*.la' -delete || die
+}
+
+src_test() {
+ if use libclamav-only ; then
+ ewarn "Test target not available when USE=libclamav-only is set, skipping tests ..."
+ return 0
+ fi
+
+ emake quick-check
+}
+
+pkg_postinst() {
+ if use milter ; then
+ elog "For simple instructions how to setup the clamav-milter read the"
+ elog "clamav-milter.README.gentoo in /usr/share/doc/${PF}"
+ fi
+
+ local databases=( "${EROOT}"/var/lib/clamav/main.c[lv]d )
+ if [[ ! -f "${databases}" ]] ; then
+ ewarn "You must run freshclam manually to populate the virus database"
+ ewarn "before starting clamav for the first time."
+ fi
+
+ ewarn "This version of ClamAV provides separate OpenRC services"
+ ewarn "for clamd, freshclam, clamav-milter, and clamonacc. The"
+ ewarn "clamd service now starts only the clamd daemon itself. You"
+ ewarn "should add freshclam (and perhaps clamav-milter) to any"
+ ewarn "runlevels that previously contained clamd."
+}
diff --git a/app-antivirus/clamav/files/clamav-milter.logrotate-r1 b/app-antivirus/clamav/files/clamav-milter.logrotate-r1
new file mode 100644
index 00000000000..8d2f31a852a
--- /dev/null
+++ b/app-antivirus/clamav/files/clamav-milter.logrotate-r1
@@ -0,0 +1,25 @@
+# This script is intended to rotate the logs for clamav-milter in its
+# default configuration on Gentoo, where clamav-milter writes to its
+# own log file but does not rotate that file itself. The clamav-milter
+# daemon is capable of rotating its own logs; if you have "LogRotate
+# yes" in clamav-milter.conf then you do not need this script (and
+# should disable it). Likewise, if you are logging to syslog
+# (LogSyslog yes), this is redundant.
+#
+# This is more complicated than the clamd/freshclam scripts because
+# the milter doesn't yet reopen its log files when it receives a
+# SIGHUP. See https://bugzilla.clamav.net/show_bug.cgi?id=12615
+# for that. Instead we have to attempt OpenRC/systemd service
+# restarts on (only) the machines that support them.
+/var/log/clamav/clamav-milter.log {
+ su clamav clamav
+ missingok
+ postrotate
+ if command -v rc-service >/dev/null; then
+ rc-service clamav-milter status 2>/dev/null 1>&2 && rc-service clamav-milter restart 1>/dev/null
+ fi
+ if command -v systemctl >/dev/null; then
+ systemctl try-restart clamav-milter
+ fi
+ endscript
+}
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-antivirus/clamav/, app-antivirus/clamav/files/
@ 2023-01-05 7:47 Sam James
0 siblings, 0 replies; 16+ messages in thread
From: Sam James @ 2023-01-05 7:47 UTC (permalink / raw
To: gentoo-commits
commit: 396f59676fd3c6429eb28206b1ac76bad18ba1cc
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Jan 5 07:46:02 2023 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Jan 5 07:46:02 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=396f5967
app-antivirus/clamav: drop 0.104.4-r1, 0.105.1
Signed-off-by: Sam James <sam <AT> gentoo.org>
app-antivirus/clamav/Manifest | 2 -
app-antivirus/clamav/clamav-0.104.4-r1.ebuild | 215 ------------------
app-antivirus/clamav/clamav-0.105.1.ebuild | 246 ---------------------
.../files/clamav-0.105.1-cmake-llvm-fix.patch | 73 ------
4 files changed, 536 deletions(-)
diff --git a/app-antivirus/clamav/Manifest b/app-antivirus/clamav/Manifest
index 2fec99b21026..481ecf0d62e2 100644
--- a/app-antivirus/clamav/Manifest
+++ b/app-antivirus/clamav/Manifest
@@ -15,8 +15,6 @@ DIST cexpr-0.6.0.crate 17966 BLAKE2B cb46f066eb1f4dbac00ec86dc3e562db7ee8ea5ff17
DIST cfg-if-1.0.0.crate 7934 BLAKE2B e99a5589c11d79d77a4537b34ce0a45d37b981c123b79b807cea836c89fc3926d693458893baca2882448d3d44e3f64e06141f6d916b748daa10b8cc1ae16d1b SHA512 0fb16a8882fd30e86b62c5143b1cb18ab564e84e75bd1f28fd12f24ffdc4a42e0d2e012a99abb606c12efe3c11061ff5bf8e24ab053e550ae083f7d90f6576ff
DIST clamav-0.103.6.tar.gz 16491761 BLAKE2B 3c43bcda4a613f81d1b31036e7323a7af7708e54af94ad30a659a8fb318d8f79f357086ce70703659298524d778374df886495cd8c75280bbbe4bae30795a85a SHA512 d39e1964678b8251bde3a9f3db30fe3d3d76cc566a86834297f4dd8489086dc9cc4c6541ca128089159f4c071d2d85b530455bd942987d3929ea0082b8ab272b
DIST clamav-0.103.7.tar.gz 16501741 BLAKE2B 49fc1c8c42ee8168dbaec4aa13ab0dfef7fa285e335cb38b17bc020df7400ee1daae49e06ba5b4ae0364d47d707cb83c0b1a8442d5b01d2bba5827606fe27fb4 SHA512 d426169889d94411b20a2c9c9579fc22a15090c9847849822c63fc6b404075feba0ff3663ee1382b2af5300394c7a93669844736f7473bfdce3250e1fd130326
-DIST clamav-0.104.4.tar.gz 12027448 BLAKE2B e8627b49b46e9bf5669b7186d829fd2caa76d9071b1533da252fea1bdeed1b78ec4a138db8957b0d121df1180eb37a6230f5f0db1e4d3f2de80bf7dddad5b47e SHA512 5aa8abe96ff49548cf74df47a7e56279c3082dc8ca98cab02f64f44b2da0230e75b5f634b3086ba8ca155052cbc22a2a47ab3dd159ae033d3f599dcde1f2420e
-DIST clamav-0.105.1.tar.gz 29467856 BLAKE2B be46d9afd76fb536d7de7363a45d38fef6a5983011e3cd0dcc25c2a209c8d37a2bbe1f7f4a5694152cabf622ef83e072b892ae12ba404da1955bb5b654e5216d SHA512 dcaa3eb90e5a8951f1750f0676791c33507206ae0d58a3da0d07f6f86b559799db09a4aed83fbd9d3eed8f1f17654f8304070e6770ba7e02de6f2be2cda65bec
DIST clamav-1.0.0.tar.gz 10311477 BLAKE2B 8d66c03e7717ed52cb90a139f565abe2ed3379e09d500530c260f129f1f8eb2549dca11898f6c1a85e7988ce06388c8967e6decea06c840220ffccb4010add60 SHA512 a1be526516e622fd3359461db7dd8eb0734f7ba8ecb0b63c1574e216885cd7bcdc69ffdbc5e507a0060d23769e3caa8423aa273ec57bb86e40049679a818152a
DIST clang-sys-1.4.0.crate 38679 BLAKE2B d15bdae2142ed26b4f6bd037bd2062e8c4b7b87fc5b749b872a95ff1952d000066c255aa0984e5f9c4a5c88066db4a20cfd048db4ba5a59b331d5ffa5e9a281d SHA512 062189bb0a341e2e85de4987f4b564c1fc69e4005c9c42cfedb61dee5f48db9126a8114d1d97be1b9c21b8c885243751232fbe8cf532e1d2be593308fe45216a
DIST clap-2.34.0.crate 202210 BLAKE2B f383adf1d757ac4b68995132b33837686ce451f85a02a8d05d2c746da398510d05d46330f3efade063c3952aacb1754cdac73dd0afcae0df5340a89f9353aa1c SHA512 c648a761b9996a7e7464a538bb53621bae22090b846a42c3b729beca3363958ae67e3da9f93f58b10a10e043cadf7ff930388680d168646178c2824177832db8
diff --git a/app-antivirus/clamav/clamav-0.104.4-r1.ebuild b/app-antivirus/clamav/clamav-0.104.4-r1.ebuild
deleted file mode 100644
index 6514459df831..000000000000
--- a/app-antivirus/clamav/clamav-0.104.4-r1.ebuild
+++ /dev/null
@@ -1,215 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-PYTHON_COMPAT=( python3_{8..10} )
-inherit cmake flag-o-matic python-any-r1 systemd tmpfiles
-
-DESCRIPTION="Clam Anti-Virus Scanner"
-HOMEPAGE="https://www.clamav.net/"
-SRC_URI="https://www.clamav.net/downloads/production/${P}.tar.gz"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~ppc ~ppc64 ~riscv ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~sparc-solaris ~x86-solaris"
-IUSE="doc clamonacc +clamapp libclamav-only milter rar selinux systemd test"
-
-REQUIRED_USE="libclamav-only? ( !clamonacc !clamapp !milter )
- clamonacc? ( clamapp )
- milter? ( clamapp )
- test? ( !libclamav-only )"
-
-RESTRICT="!test? ( test )"
-
-# Require acct-{user,group}/clamav at build time so that we can set
-# the permissions on /var/lib/clamav in src_install rather than in
-# pkg_postinst; calling "chown" on the live filesystem scares me.
-CDEPEND="acct-group/clamav
- acct-user/clamav
- dev-libs/libltdl
- dev-libs/libmspack
- dev-libs/json-c:=
- dev-libs/libpcre2
- >=sys-libs/zlib-1.2.2:=
- app-arch/bzip2
- clamapp? ( sys-libs/ncurses:= net-misc/curl )
- elibc_musl? ( sys-libs/fts-standalone )
- virtual/libiconv
- !libclamav-only? ( net-misc/curl )
- dev-libs/openssl:=
- milter? ( mail-filter/libmilter:= )
- dev-libs/libxml2
- rar? ( app-arch/unrar )
- test? ( dev-python/pytest )"
-# TODO: there is no way to use this with the new build system instead of the bundled one
-# dev-libs/tomsfastmath
-BDEPEND="virtual/pkgconfig
- doc? ( app-doc/doxygen )
- test? (
- ${PYTHON_DEPS}
- $(python_gen_any_dep 'dev-python/pytest[${PYTHON_USEDEP}]')
- )"
-DEPEND="${CDEPEND}
- test? ( dev-libs/check )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-clamav )"
-
-python_check_deps() {
- has_version -b "dev-python/pytest[${PYTHON_USEDEP}]"
-}
-
-pkg_setup() {
- use test && python-any-r1_pkg_setup
-}
-
-src_configure() {
- use elibc_musl && append-ldflags -lfts
- use ppc64 && append-flags -mminimal-toc
-
- local mycmakeargs=(
- -DDATABASE_DIRECTORY="${EPREFIX}"/var/lib/clamav
- -DAPP_CONFIG_DIRECTORY="${EPREFIX}"/etc/clamav
- -DENABLE_EXPERIMENTAL=OFF
- -DENABLE_JSON_SHARED=ON
- -DENABLE_APP=$(usex clamapp ON OFF)
- -DENABLE_MILTER=$(usex milter ON OFF)
- -DENABLE_CLAMONACC=$(usex clamonacc ON OFF)
- -DCLAMAV_USER="clamav"
- -DCLAMAV_GROUP="clamav"
- -DBYTECODE_RUNTIME=interpreter
- -DOPTIMIZE=ON
- -DENABLE_EXTERNAL_MSPACK=ON
- -DENABLE_MAN_PAGES=ON
- -DENABLE_DOXYGEN=$(usex doc)
- -DENABLE_UNRAR=$(usex rar ON OFF)
- -DENABLE_TESTS=$(usex test ON OFF)
- # Used to enable some more tests but doesn't behave well in
- # sandbox necessarily(?) + needs certain debug symbols present
- # in e.g. glibc.
- -DCMAKE_DISABLE_FIND_PACKAGE_Valgrind=ON
- -DENABLE_STATIC_LIB=OFF
- -DENABLE_SHARED_LIB=ON
- -DENABLE_SYSTEMD=$(usex systemd ON OFF)
- )
- cmake_src_configure
-}
-
-src_install() {
- cmake_src_install
-
- # init scripts
- newinitd "${FILESDIR}/clamd.initd" clamd
- newinitd "${FILESDIR}/freshclam.initd" freshclam
- use clamonacc && \
- newinitd "${FILESDIR}/clamonacc.initd" clamonacc
- use milter && \
- newinitd "${FILESDIR}/clamav-milter.initd" clamav-milter
-
- rm -rf "${ED}"/var/lib/clamav || die
-
- if ! use libclamav-only ; then
- if use systemd ; then
- # The tmpfiles entry is behind USE=systemd because the
- # upstream OpenRC service files should (and do) ensure that
- # the directories they need exist and have the correct
- # permissions without the help of opentmpfiles. There are
- # years-old root exploits in opentmpfiles, the design is
- # fundamentally flawed, and the maintainer is not up to
- # the task of fixing it.
- dotmpfiles "${FILESDIR}/tmpfiles.d/clamav.conf"
- systemd_newunit "${FILESDIR}/clamd_at.service-0.104.0" "clamd@.service"
- systemd_dounit "${FILESDIR}/clamd.service"
- systemd_newunit "${FILESDIR}/freshclamd.service-r1" \
- "freshclamd.service"
- fi
-
- if use clamapp ; then
- # Modify /etc/{clamd,freshclam}.conf to be usable out of the box
- sed -e "s:^\(Example\):\# \1:" \
- -e "s/^#\(PidFile .*\)/\1/" \
- -e "s/^#\(LocalSocket .*\)/\1/" \
- -e "s/^#\(User .*\)/\1/" \
- -e "s:^\#\(LogFile\) .*:\1 ${EPREFIX}/var/log/clamav/clamd.log:" \
- -e "s:^\#\(LogTime\).*:\1 yes:" \
- -e "s/^#\(DatabaseDirectory .*\)/\1/" \
- "${ED}"/etc/clamav/clamd.conf.sample > \
- "${ED}"/etc/clamav/clamd.conf || die
-
- sed -e "s:^\(Example\):\# \1:" \
- -e "s/^#\(PidFile .*\)/\1/" \
- -e "s/^#\(DatabaseOwner .*\)/\1/" \
- -e "s:^\#\(UpdateLogFile\) .*:\1 ${EPREFIX}/var/log/clamav/freshclam.log:" \
- -e "s:^\#\(NotifyClamd\).*:\1 ${EPREFIX}/etc/clamav/clamd.conf:" \
- -e "s:^\#\(ScriptedUpdates\).*:\1 yes:" \
- -e "s/^#\(DatabaseDirectory .*\)/\1/" \
- "${ED}"/etc/clamav/freshclam.conf.sample > \
- "${ED}"/etc/clamav/freshclam.conf || die
-
- if use milter ; then
- # Note: only keep the "unix" ClamdSocket and MilterSocket!
- sed -e "s:^\(Example\):\# \1:" \
- -e "s/^#\(PidFile .*\)/\1/" \
- -e "s/^#\(ClamdSocket unix:.*\)/\1/" \
- -e "s/^#\(User .*\)/\1/" \
- -e "s/^#\(MilterSocket unix:.*\)/\1/" \
- -e "s:^\#\(LogFile\) .*:\1 ${EPREFIX}/var/log/clamav/clamav-milter.log:" \
- "${ED}"/etc/clamav/clamav-milter.conf.sample > \
- "${ED}"/etc/clamav/clamav-milter.conf || die
-
- systemd_newunit "${FILESDIR}/clamav-milter.service-0.104.0" clamav-milter.service
- fi
-
- local i
- for i in clamd freshclam clamav-milter
- do
- if [[ -f "${ED}"/etc/"${i}".conf.sample ]] ; then
- mv "${ED}"/etc/"${i}".conf{.sample,} || die
- fi
- done
-
- # These both need to be writable by the clamav user.
- # TODO: use syslog by default; that's what it's for.
- diropts -o clamav -g clamav
- keepdir /var/lib/clamav
- keepdir /var/log/clamav
- fi
- fi
-
- if use doc ; then
- local HTML_DOCS=( docs/html/. )
- einstalldocs
- fi
-
- # Don't install man pages for utilities we didn't install
- if use libclamav-only ; then
- rm -r "${ED}"/usr/share/man || die
- fi
-
- find "${ED}" -name '*.la' -delete || die
-}
-
-pkg_postinst() {
- if ! use libclamav-only ; then
- if use systemd ; then
- tmpfiles_process clamav.conf
- fi
- fi
-
- if use milter ; then
- elog "For simple instructions how to setup the clamav-milter read the"
- elog "clamav-milter.README.gentoo in /usr/share/doc/${PF}"
- fi
-
- local databases=( "${EROOT}"/var/lib/clamav/main.c[lv]d )
- if [[ ! -f "${databases}" ]] ; then
- ewarn "You must run freshclam manually to populate the virus database"
- ewarn "before starting clamav for the first time."
- fi
-
- ewarn "This version of ClamAV provides separate OpenRC services"
- ewarn "for clamd, freshclam, clamav-milter, and clamonacc. The"
- ewarn "clamd service now starts only the clamd daemon itself. You"
- ewarn "should add freshclam (and perhaps clamav-milter) to any"
- ewarn "runlevels that previously contained clamd."
-}
diff --git a/app-antivirus/clamav/clamav-0.105.1.ebuild b/app-antivirus/clamav/clamav-0.105.1.ebuild
deleted file mode 100644
index 0d62bc5c14c0..000000000000
--- a/app-antivirus/clamav/clamav-0.105.1.ebuild
+++ /dev/null
@@ -1,246 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-LLVM_MAX_SLOT=13
-PYTHON_COMPAT=( python3_{8..11} )
-inherit cmake flag-o-matic llvm python-any-r1 systemd tmpfiles
-
-DESCRIPTION="Clam Anti-Virus Scanner"
-HOMEPAGE="https://www.clamav.net/"
-SRC_URI="https://www.clamav.net/downloads/production/${P}.tar.gz"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ppc ~ppc64 ~riscv ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~sparc-solaris ~x86-solaris"
-IUSE="doc clamonacc +clamapp experimental jit libclamav-only milter rar selinux systemd test"
-
-REQUIRED_USE="libclamav-only? ( !clamonacc !clamapp !milter )
- clamonacc? ( clamapp )
- milter? ( clamapp )
- test? ( !libclamav-only )"
-
-RESTRICT="!test? ( test )"
-
-# Require acct-{user,group}/clamav at build time so that we can set
-# the permissions on /var/lib/clamav in src_install rather than in
-# pkg_postinst; calling "chown" on the live filesystem scares me.
-CDEPEND="
- acct-group/clamav
- acct-user/clamav
- app-arch/bzip2
- dev-libs/json-c:=
- dev-libs/libltdl
- dev-libs/libmspack
- dev-libs/libpcre2:=
- dev-libs/libxml2
- dev-libs/openssl:=
- dev-libs/tomsfastmath:=
- >=sys-libs/zlib-1.2.2:=
- virtual/libiconv
- !libclamav-only? ( net-misc/curl )
- clamapp? ( sys-libs/ncurses:= net-misc/curl )
- elibc_musl? ( sys-libs/fts-standalone )
- jit? ( <sys-devel/llvm-$((${LLVM_MAX_SLOT} + 1)):= )
- milter? ( mail-filter/libmilter:= )
- rar? ( app-arch/unrar )
- test? ( dev-python/pytest )
-"
-
-BDEPEND="
- virtual/pkgconfig
- >=virtual/rust-1.56
- doc? ( app-doc/doxygen )
- test? (
- ${PYTHON_DEPS}
- $(python_gen_any_dep 'dev-python/pytest[${PYTHON_USEDEP}]')
- )
-"
-
-DEPEND="${CDEPEND}
- test? ( dev-libs/check )"
-
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-clamav )"
-
-python_check_deps() {
- python_has_version -b "dev-python/pytest[${PYTHON_USEDEP}]"
-}
-
-pkg_setup() {
- use jit && llvm_pkg_setup
- use test && python-any-r1_pkg_setup
-}
-
-PATCHES=(
- "${FILESDIR}/${P}-cmake-llvm-fix.patch"
-)
-
-src_configure() {
- use elibc_musl && append-ldflags -lfts
- use ppc64 && append-flags -mminimal-toc
-
- local mycmakeargs=(
- -DDATABASE_DIRECTORY="${EPREFIX}"/var/lib/clamav
- -DAPP_CONFIG_DIRECTORY="${EPREFIX}"/etc/clamav
- -DENABLE_EXPERIMENTAL=$(usex experimental ON OFF)
- -DENABLE_JSON_SHARED=ON
- -DENABLE_APP=$(usex clamapp ON OFF)
- -DENABLE_MILTER=$(usex milter ON OFF)
- -DENABLE_CLAMONACC=$(usex clamonacc ON OFF)
- -DCLAMAV_USER="clamav"
- -DCLAMAV_GROUP="clamav"
- -DBYTECODE_RUNTIME=$(usex jit llvm interpreter)
- -DOPTIMIZE=ON
- -DENABLE_EXTERNAL_MSPACK=ON
- -DENABLE_EXTERNAL_TOMSFASTMATH=ON
- -DENABLE_MAN_PAGES=ON
- -DENABLE_DOXYGEN=$(usex doc)
- -DENABLE_UNRAR=$(usex rar ON OFF)
- -DENABLE_TESTS=$(usex test ON OFF)
- -DENABLE_STATIC_LIB=OFF
- -DENABLE_SHARED_LIB=ON
- -DENABLE_SYSTEMD=$(usex systemd ON OFF)
- )
-
- if use test ; then
- # https://bugs.gentoo.org/818673
- # Used to enable some more tests but doesn't behave well in
- # sandbox necessarily(?) + needs certain debug symbols present
- # in e.g. glibc.
- mycmakeargs+=( -DCMAKE_DISABLE_FIND_PACKAGE_Valgrind=ON )
- fi
-
- if use jit ; then
- # Suppress CMake warnings that variables aren't consumed if we aren't using LLVM
- # https://github.com/Cisco-Talos/clamav/blob/main/INSTALL.md#llvm-optional-see-bytecode-runtime-section
- # https://github.com/Cisco-Talos/clamav/blob/main/INSTALL.md#bytecode-runtime
- mycmakeargs+=(
- -DLLVM_ROOT_DIR="$(get_llvm_prefix -d ${LLVM_MAX_SLOT})"
- -DLLVM_FIND_VERSION="$(best_version sys-devel/llvm:${LLVM_MAX_SLOT} | cut -c 16-)"
- )
- fi
-
- cmake_src_configure
-}
-
-src_install() {
- cmake_src_install
- # init scripts
- newinitd "${FILESDIR}/clamd.initd" clamd
- newinitd "${FILESDIR}/freshclam.initd" freshclam
- use clamonacc && \
- newinitd "${FILESDIR}/clamonacc.initd" clamonacc
- use milter && \
- newinitd "${FILESDIR}/clamav-milter.initd" clamav-milter
-
- rm -rf "${ED}"/var/lib/clamav || die
-
- if ! use libclamav-only ; then
- if use systemd ; then
- # The tmpfiles entry is behind USE=systemd because the
- # upstream OpenRC service files should (and do) ensure that
- # the directories they need exist and have the correct
- # permissions without the help of opentmpfiles. There are
- # years-old root exploits in opentmpfiles, the design is
- # fundamentally flawed, and the maintainer is not up to
- # the task of fixing it.
- dotmpfiles "${FILESDIR}/tmpfiles.d/clamav.conf"
- systemd_newunit "${FILESDIR}/clamd_at.service-0.104.0" "clamd@.service"
- systemd_dounit "${FILESDIR}/clamd.service"
- systemd_newunit "${FILESDIR}/freshclamd.service-r1" \
- "freshclamd.service"
- fi
-
- if use clamapp ; then
- # Modify /etc/{clamd,freshclam}.conf to be usable out of the box
- sed -e "s:^\(Example\):\# \1:" \
- -e "s/^#\(PidFile .*\)/\1/" \
- -e "s/^#\(LocalSocket .*\)/\1/" \
- -e "s/^#\(User .*\)/\1/" \
- -e "s:^\#\(LogFile\) .*:\1 ${EPREFIX}/var/log/clamav/clamd.log:" \
- -e "s:^\#\(LogTime\).*:\1 yes:" \
- -e "s/^#\(DatabaseDirectory .*\)/\1/" \
- "${ED}"/etc/clamav/clamd.conf.sample > \
- "${ED}"/etc/clamav/clamd.conf || die
-
- sed -e "s:^\(Example\):\# \1:" \
- -e "s/^#\(PidFile .*\)/\1/" \
- -e "s/^#\(DatabaseOwner .*\)/\1/" \
- -e "s:^\#\(UpdateLogFile\) .*:\1 ${EPREFIX}/var/log/clamav/freshclam.log:" \
- -e "s:^\#\(NotifyClamd\).*:\1 ${EPREFIX}/etc/clamav/clamd.conf:" \
- -e "s:^\#\(ScriptedUpdates\).*:\1 yes:" \
- -e "s/^#\(DatabaseDirectory .*\)/\1/" \
- "${ED}"/etc/clamav/freshclam.conf.sample > \
- "${ED}"/etc/clamav/freshclam.conf || die
-
- if use milter ; then
- # Note: only keep the "unix" ClamdSocket and MilterSocket!
- sed -e "s:^\(Example\):\# \1:" \
- -e "s/^#\(PidFile .*\)/\1/" \
- -e "s/^#\(ClamdSocket unix:.*\)/\1/" \
- -e "s/^#\(User .*\)/\1/" \
- -e "s/^#\(MilterSocket unix:.*\)/\1/" \
- -e "s:^\#\(LogFile\) .*:\1 ${EPREFIX}/var/log/clamav/clamav-milter.log:" \
- "${ED}"/etc/clamav/clamav-milter.conf.sample > \
- "${ED}"/etc/clamav/clamav-milter.conf || die
-
- systemd_newunit "${FILESDIR}/clamav-milter.service-0.104.0" clamav-milter.service
- fi
-
- local i
- for i in clamd freshclam clamav-milter
- do
- if [[ -f "${ED}"/etc/"${i}".conf.sample ]] ; then
- mv "${ED}"/etc/"${i}".conf{.sample,} || die
- fi
- done
-
- # These both need to be writable by the clamav user.
- # TODO: use syslog by default; that's what it's for.
- diropts -o clamav -g clamav
- keepdir /var/lib/clamav
- keepdir /var/log/clamav
- fi
- fi
-
- if use doc ; then
- local HTML_DOCS=( docs/html/. )
- einstalldocs
- fi
-
- # Don't install man pages for utilities we didn't install
- if use libclamav-only ; then
- rm -r "${ED}"/usr/share/man || die
- fi
-
- find "${ED}" -name '*.la' -delete || die
-}
-
-pkg_postinst() {
- if ! use libclamav-only ; then
- if use systemd ; then
- tmpfiles_process clamav.conf
- fi
- fi
-
- if use milter ; then
- elog "For simple instructions how to setup the clamav-milter read the"
- elog "clamav-milter.README.gentoo in /usr/share/doc/${PF}"
- fi
-
- local databases=( "${EROOT}"/var/lib/clamav/main.c[lv]d )
- if [[ ! -f "${databases}" ]] ; then
- ewarn "You must run freshclam manually to populate the virus database"
- ewarn "before starting clamav for the first time."
- fi
-
- if ! systemd_is_booted ; then
- ewarn "This version of ClamAV provides separate OpenRC services"
- ewarn "for clamd, freshclam, clamav-milter, and clamonacc. The"
- ewarn "clamd service now starts only the clamd daemon itself. You"
- ewarn "should add freshclam (and perhaps clamav-milter) to any"
- ewarn "runlevels that previously contained clamd."
- fi
-}
diff --git a/app-antivirus/clamav/files/clamav-0.105.1-cmake-llvm-fix.patch b/app-antivirus/clamav/files/clamav-0.105.1-cmake-llvm-fix.patch
deleted file mode 100644
index b73a2e066ef1..000000000000
--- a/app-antivirus/clamav/files/clamav-0.105.1-cmake-llvm-fix.patch
+++ /dev/null
@@ -1,73 +0,0 @@
-clamav 0.105.1 doesn't support LLVM version detection
-
-See: https://github.com/Cisco-Talos/clamav/pull/692
-
---- a/CMakeLists.txt
-+++ b/CMakeLists.txt
-@@ -480,39 +480,43 @@ find_package(JSONC REQUIRED)
- # Set variable required by libclamav to use libjson-c
- set(HAVE_JSON 1)
-
-+set(LLVM_MAX_VER "14.0.0")
-+set(LLVM_MIN_VER "8.0.0")
-+
- string (TOLOWER ${BYTECODE_RUNTIME} bytecodeRuntime)
- if(${bytecodeRuntime} STREQUAL "llvm")
-- set (LLVM_FIND_VERSION "8.0.0")
-- find_package(LLVM REQUIRED)
-+ if(DEFINED LLVM_ROOT_DIR AND DEFINED LLVM_FIND_VERSION)
-+ find_package(LLVM EXACT ${LLVM_FIND_VERSION} REQUIRED HINTS ${LLVM_ROOT_DIR})
-+ elseif(DEFINED LLVM_ROOT_DIR)
-+ find_package(LLVM REQUIRED HINTS ${LLVM_ROOT_DIR})
-+ elseif(DEFINED LLVM_FIND_VERSION)
-+ find_package(LLVM EXACT ${LLVM_FIND_VERSION} REQUIRED)
-+ else()
-+ set (LLVM_FIND_VERSION ${LLVM_MIN_VER})
-+ find_package(LLVM REQUIRED)
-+ endif()
- if(LLVM_FOUND)
- if (LLVM_AVAILABLE_LIBS)
-- # Found using LLVMConfig.cmake
-- message("LLVM found using LLVMConfig.cmake")
-- set(LLVM_VERSION ${LLVM_VERSION_MAJOR}${LLVM_VERSION_MINOR})
-+ message(STATUS "LLVM found using LLVMConfig.cmake")
- set(LLVM_LIBRARIES ${LLVM_AVAILABLE_LIBS})
--
-- if (${LLVM_PACKAGE_VERSION} VERSION_LESS "8.0.0")
-- message(FATAL "LLVM version ${LLVM_PACKAGE_VERSION} is too old")
-- endif()
--
- else()
-- # Found using FindLLVM.cmake
-- message("LLVM found using FindLLVM.cmake")
--
-- # Set variable required by libclamav to use llvm instead of interpreter
-- set(LLVM_VERSION ${LLVM_VERSION_MAJOR}${LLVM_VERSION_MINOR})
-- message("LLVM_FOUND ${LLVM_FOUND}")
-+ message(STATUS "LLVM found using FindLLVM.cmake")
-+ set(LLVM_PACKAGE_VERSION ${LLVM_VERSION_STRING})
-
-- if (${LLVM_VERSION_STRING} VERSION_GREATER_EQUAL "9.0.0")
-- if (${LLVM_VERSION_STRING} VERSION_LESS "10.0.0")
-- set (CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -DNDEBUG")
-- endif()
-+ if (${LLVM_VERSION_STRING} VERSION_GREATER_EQUAL "9.0.0" AND ${LLVM_VERSION_STRING} VERSION_LESS "10.0.0")
-+ set (CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -DNDEBUG")
- endif()
-+ endif()
-
-- if (${LLVM_VERSION_STRING} VERSION_LESS "8.0.0")
-- message(FATAL "LLVM version ${LLVM_VERSION_STRING} is too old")
-- endif()
-+ if (${LLVM_PACKAGE_VERSION} VERSION_LESS ${LLVM_MIN_VER})
-+ message(FATAL_ERROR "LLVM version ${LLVM_PACKAGE_VERSION} is too old")
-+ elseif (${LLVM_PACKAGE_VERSION} VERSION_GREATER_EQUAL ${LLVM_MAX_VER} )
-+ message(FATAL_ERROR "LLVM version ${LLVM_PACKAGE_VERSION} is too new")
-+ else()
-+ message(STATUS "LLVM version ${LLVM_PACKAGE_VERSION} found")
- endif()
-+ # Set variable required by libclamav to use llvm instead of interpreter
-+ set(LLVM_VERSION ${LLVM_VERSION_MAJOR}${LLVM_VERSION_MINOR})
- endif()
- endif()
-
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-antivirus/clamav/, app-antivirus/clamav/files/
@ 2023-02-15 22:51 Michael Orlitzky
0 siblings, 0 replies; 16+ messages in thread
From: Michael Orlitzky @ 2023-02-15 22:51 UTC (permalink / raw
To: gentoo-commits
commit: a12c3ed66db1fed82adc8010d05214db44ac31ff
Author: Michael Orlitzky <mjo <AT> gentoo <DOT> org>
AuthorDate: Wed Feb 15 22:32:11 2023 +0000
Commit: Michael Orlitzky <mjo <AT> gentoo <DOT> org>
CommitDate: Wed Feb 15 22:33:55 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a12c3ed6
app-antivirus/clamav: add 0.103.8 (CVE-2023-20032, CVE-2023-20052).
Bug: https://bugs.gentoo.org/879625
Signed-off-by: Michael Orlitzky <mjo <AT> gentoo.org>
app-antivirus/clamav/Manifest | 1 +
app-antivirus/clamav/clamav-0.103.8.ebuild | 240 +++++++++++++++++++++
.../clamav/files/clamav-0.103.8-c-std.patch | 204 ++++++++++++++++++
3 files changed, 445 insertions(+)
diff --git a/app-antivirus/clamav/Manifest b/app-antivirus/clamav/Manifest
index 3021a4290d7a..9cf4918148b8 100644
--- a/app-antivirus/clamav/Manifest
+++ b/app-antivirus/clamav/Manifest
@@ -14,6 +14,7 @@ DIST cbindgen-0.20.0.crate 183277 BLAKE2B 51529b21879e3a3212fbb951b3bdd5c8c396dc
DIST cexpr-0.6.0.crate 17966 BLAKE2B cb46f066eb1f4dbac00ec86dc3e562db7ee8ea5ff17d16a60004fa020405e455b8aeb3d001f669cb33d1b62525bfd04ec657ffca4ed44a83af4a5e75b2c820e3 SHA512 766bff7ca7f9bf0885aee6f014bcfc084e7fdfcd567a49443d5340acfe8f257db109de17b24588504fc35c53f2d4303e2d22da21f73669125cfca984950cf886
DIST cfg-if-1.0.0.crate 7934 BLAKE2B e99a5589c11d79d77a4537b34ce0a45d37b981c123b79b807cea836c89fc3926d693458893baca2882448d3d44e3f64e06141f6d916b748daa10b8cc1ae16d1b SHA512 0fb16a8882fd30e86b62c5143b1cb18ab564e84e75bd1f28fd12f24ffdc4a42e0d2e012a99abb606c12efe3c11061ff5bf8e24ab053e550ae083f7d90f6576ff
DIST clamav-0.103.7.tar.gz 16501741 BLAKE2B 49fc1c8c42ee8168dbaec4aa13ab0dfef7fa285e335cb38b17bc020df7400ee1daae49e06ba5b4ae0364d47d707cb83c0b1a8442d5b01d2bba5827606fe27fb4 SHA512 d426169889d94411b20a2c9c9579fc22a15090c9847849822c63fc6b404075feba0ff3663ee1382b2af5300394c7a93669844736f7473bfdce3250e1fd130326
+DIST clamav-0.103.8.tar.gz 16524716 BLAKE2B 207a6087de9134586215a4f3fe02cb071135c38fac792f6cb2d4c4a3c9e596bff5dd0a0ac3dd9f6018771d866fa9e64223933f96cec3ee6e8ce17a743c3d952f SHA512 8e030fef5788cf4df8f4d878363df1e5d9abcaa209b9f998f57334ede481d755b33958b5e9bb82be9643cb7442814711e4c9978314cadd7eb9161fee03b74439
DIST clamav-1.0.0.tar.gz 10311477 BLAKE2B 8d66c03e7717ed52cb90a139f565abe2ed3379e09d500530c260f129f1f8eb2549dca11898f6c1a85e7988ce06388c8967e6decea06c840220ffccb4010add60 SHA512 a1be526516e622fd3359461db7dd8eb0734f7ba8ecb0b63c1574e216885cd7bcdc69ffdbc5e507a0060d23769e3caa8423aa273ec57bb86e40049679a818152a
DIST clang-sys-1.4.0.crate 38679 BLAKE2B d15bdae2142ed26b4f6bd037bd2062e8c4b7b87fc5b749b872a95ff1952d000066c255aa0984e5f9c4a5c88066db4a20cfd048db4ba5a59b331d5ffa5e9a281d SHA512 062189bb0a341e2e85de4987f4b564c1fc69e4005c9c42cfedb61dee5f48db9126a8114d1d97be1b9c21b8c885243751232fbe8cf532e1d2be593308fe45216a
DIST clap-2.34.0.crate 202210 BLAKE2B f383adf1d757ac4b68995132b33837686ce451f85a02a8d05d2c746da398510d05d46330f3efade063c3952aacb1754cdac73dd0afcae0df5340a89f9353aa1c SHA512 c648a761b9996a7e7464a538bb53621bae22090b846a42c3b729beca3363958ae67e3da9f93f58b10a10e043cadf7ff930388680d168646178c2824177832db8
diff --git a/app-antivirus/clamav/clamav-0.103.8.ebuild b/app-antivirus/clamav/clamav-0.103.8.ebuild
new file mode 100644
index 000000000000..56035dbcf6c4
--- /dev/null
+++ b/app-antivirus/clamav/clamav-0.103.8.ebuild
@@ -0,0 +1,240 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit autotools flag-o-matic systemd tmpfiles
+
+DESCRIPTION="Clam Anti-Virus Scanner"
+HOMEPAGE="https://www.clamav.net/"
+SRC_URI="https://www.clamav.net/downloads/production/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~ppc ~ppc64 ~riscv ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~sparc-solaris ~x86-solaris"
+IUSE="bzip2 doc clamonacc clamdtop clamsubmit iconv ipv6 libclamav-only milter metadata-analysis-api selinux systemd test xml"
+
+REQUIRED_USE="libclamav-only? ( !clamonacc !clamdtop !clamsubmit !milter !metadata-analysis-api )"
+
+RESTRICT="!test? ( test )"
+
+# Require acct-{user,group}/clamav at build time so that we can set
+# the permissions on /var/lib/clamav in src_install rather than in
+# pkg_postinst; calling "chown" on the live filesystem scares me.
+CDEPEND="acct-group/clamav
+ acct-user/clamav
+ dev-libs/libltdl
+ dev-libs/libmspack
+ || ( dev-libs/libpcre2 >dev-libs/libpcre-6 )
+ dev-libs/tomsfastmath
+ >=sys-libs/zlib-1.2.2:=
+ bzip2? ( app-arch/bzip2 )
+ clamdtop? ( sys-libs/ncurses:0 )
+ clamsubmit? ( net-misc/curl dev-libs/json-c:= )
+ elibc_musl? ( sys-libs/fts-standalone )
+ iconv? ( virtual/libiconv )
+ !libclamav-only? ( net-misc/curl )
+ dev-libs/openssl:0=
+ milter? ( mail-filter/libmilter:= )
+ xml? ( dev-libs/libxml2 )"
+
+# We need at least autoconf-2.69-r5 because that's the first (patched)
+# version of it in Gentoo that supports ./configure --runstatedir.
+BDEPEND=">=sys-devel/autoconf-2.69-r5
+ virtual/pkgconfig"
+
+DEPEND="${CDEPEND}
+ metadata-analysis-api? ( dev-libs/json-c:* )
+ test? ( dev-libs/check )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-clamav )"
+
+PATCHES=(
+ "${FILESDIR}/${PN}-0.102.1-libxml2_pkgconfig.patch" #661328
+ "${FILESDIR}/${PN}-0.102.2-fix-curl-detection.patch" #709616
+ "${FILESDIR}/${PN}-0.103.0-system-tomsfastmath.patch" # 649394
+ "${FILESDIR}/${PN}-0.103.1-upstream-openrc.patch"
+ "${FILESDIR}/${PN}-0.103.8-c-std.patch" #879625
+)
+
+src_prepare() {
+ default
+
+ # Be extra sure that we're using the system copy of tomsfastmath
+ einfo "removing bundled copy of dev-libs/tomsfastmath"
+ rm -r libclamav/tomsfastmath || \
+ die "failed to remove bundled tomsfastmath"
+
+ AT_NO_RECURSIVE="yes" eautoreconf
+}
+
+src_configure() {
+ use elibc_musl && append-ldflags -lfts
+ use ppc64 && append-flags -mminimal-toc
+
+ # according to configure help it should be
+ # $(use_enable xml)
+ # but that does not work
+ # do not add this, since --disable-xml seems to override
+ # --without-xml
+ JSONUSE="--without-libjson"
+
+ if use clamsubmit || use metadata-analysis-api; then
+ # either of those 2 requires libjson.
+ # clamsubmit will be built as soon as libjson and curl are found
+ # but we only install the binary if requested
+ JSONUSE="--with-libjson=${EPREFIX}/usr"
+ fi
+
+ local myeconfargs=(
+ $(use_enable bzip2)
+ $(use_enable clamonacc)
+ $(use_enable clamdtop)
+ $(use_enable ipv6)
+ $(use_enable milter)
+ $(use_enable test check)
+ $(use_with xml)
+ $(use_with iconv)
+ ${JSONUSE}
+ $(use_enable libclamav-only)
+ $(use_with !libclamav-only libcurl)
+ --with-system-libmspack
+ --cache-file="${S}"/config.cache
+ --disable-experimental
+ --disable-static
+ --disable-zlib-vcheck
+ --enable-id-check
+ --with-dbdir="${EPREFIX}"/var/lib/clamav
+ # Don't call --with-zlib=/usr (see bug #699296)
+ --with-zlib
+ --disable-llvm
+ --enable-openrc
+ --runstatedir=/run
+ )
+ econf "${myeconfargs[@]}"
+}
+
+src_install() {
+ default
+
+ rm -rf "${ED}"/var/lib/clamav || die
+
+ if ! use libclamav-only ; then
+ if use systemd; then
+ # The tmpfiles entry is behind USE=systemd because the
+ # upstream OpenRC service files should (and do) ensure that
+ # the directories they need exist and have the correct
+ # permissions without the help of opentmpfiles. There are
+ # years-old root exploits in opentmpfiles, the design is
+ # fundamentally flawed, and the maintainer is not up to
+ # the task of fixing it.
+ dotmpfiles "${FILESDIR}/tmpfiles.d/clamav.conf"
+ systemd_newunit "${FILESDIR}/clamd_at.service" "clamd@.service"
+ systemd_dounit "${FILESDIR}/clamd.service"
+ systemd_newunit "${FILESDIR}/freshclamd.service-r1" \
+ "freshclamd.service"
+ fi
+
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}/clamd.logrotate" clamd
+ newins "${FILESDIR}/freshclam.logrotate" freshclam
+ use milter && \
+ newins "${FILESDIR}/clamav-milter.logrotate-r1" clamav-milter
+
+ # Modify /etc/{clamd,freshclam}.conf to be usable out of the box
+ sed -i -e "s:^\(Example\):\# \1:" \
+ -e "s/^#\(PidFile .*\)/\1/" \
+ -e "s/^#\(LocalSocket .*\)/\1/" \
+ -e "s/^#\(User .*\)/\1/" \
+ -e "s:^\#\(LogFile\) .*:\1 ${EPREFIX}/var/log/clamav/clamd.log:" \
+ -e "s:^\#\(LogTime\).*:\1 yes:" \
+ -e "s/^#\(DatabaseDirectory .*\)/\1/" \
+ "${ED}"/etc/clamd.conf.sample || die
+
+ sed -i -e "s:^\(Example\):\# \1:" \
+ -e "s/^#\(PidFile .*\)/\1/" \
+ -e "s/^#\(DatabaseOwner .*\)/\1/" \
+ -e "s:^\#\(UpdateLogFile\) .*:\1 ${EPREFIX}/var/log/clamav/freshclam.log:" \
+ -e "s:^\#\(NotifyClamd\).*:\1 ${EPREFIX}/etc/clamd.conf:" \
+ -e "s:^\#\(ScriptedUpdates\).*:\1 yes:" \
+ -e "s/^#\(DatabaseDirectory .*\)/\1/" \
+ "${ED}"/etc/freshclam.conf.sample || die
+
+ if use milter ; then
+ # Note: only keep the "unix" ClamdSocket and MilterSocket!
+ sed -i -e "s:^\(Example\):\# \1:" \
+ -e "s/^#\(PidFile .*\)/\1/" \
+ -e "s/^#\(ClamdSocket unix:.*\)/\1/" \
+ -e "s/^#\(User .*\)/\1/" \
+ -e "s/^#\(MilterSocket unix:.*\)/\1/" \
+ -e "s:^\#\(LogFile\) .*:\1 ${EPREFIX}/var/log/clamav/clamav-milter.log:" \
+ "${ED}"/etc/clamav-milter.conf.sample || die
+
+ cat >> "${ED}"/etc/conf.d/clamd <<-EOF
+ MILTER_NICELEVEL=19
+ START_MILTER=no
+ EOF
+
+ systemd_newunit "${FILESDIR}/clamav-milter.service-r1" clamav-milter.service
+ fi
+
+ local i
+ for i in clamd freshclam clamav-milter
+ do
+ if [[ -f "${ED}"/etc/"${i}".conf.sample ]]; then
+ mv "${ED}"/etc/"${i}".conf{.sample,} || die
+ fi
+ done
+
+ # These both need to be writable by the clamav user.
+ # TODO: use syslog by default; that's what it's for.
+ diropts -o clamav -g clamav
+ keepdir /var/lib/clamav
+ keepdir /var/log/clamav
+ fi
+
+ if use doc ; then
+ local HTML_DOCS=( docs/html/. )
+ einstalldocs
+
+ if ! use libclamav-only ; then
+ doman docs/man/*.[1-8]
+ fi
+ fi
+
+ find "${ED}" -name '*.la' -delete || die
+}
+
+src_test() {
+ if use libclamav-only ; then
+ ewarn "Test target not available when USE=libclamav-only is set, skipping tests ..."
+ return 0
+ fi
+
+ emake quick-check
+}
+
+pkg_postinst() {
+ if ! use libclamav-only ; then
+ if use systemd ; then
+ tmpfiles_process clamav.conf
+ fi
+ fi
+
+ if use milter ; then
+ elog "For simple instructions how to setup the clamav-milter read the"
+ elog "clamav-milter.README.gentoo in /usr/share/doc/${PF}"
+ fi
+
+ local databases=( "${EROOT}"/var/lib/clamav/main.c[lv]d )
+ if [[ ! -f "${databases}" ]] ; then
+ ewarn "You must run freshclam manually to populate the virus database"
+ ewarn "before starting clamav for the first time."
+ fi
+
+ ewarn "This version of ClamAV provides separate OpenRC services"
+ ewarn "for clamd, freshclam, clamav-milter, and clamonacc. The"
+ ewarn "clamd service now starts only the clamd daemon itself. You"
+ ewarn "should add freshclam (and perhaps clamav-milter) to any"
+ ewarn "runlevels that previously contained clamd."
+}
diff --git a/app-antivirus/clamav/files/clamav-0.103.8-c-std.patch b/app-antivirus/clamav/files/clamav-0.103.8-c-std.patch
new file mode 100644
index 000000000000..91556a1ae422
--- /dev/null
+++ b/app-antivirus/clamav/files/clamav-0.103.8-c-std.patch
@@ -0,0 +1,204 @@
+From b9e2714d5b42ad9a0742746996b989400c794adb Mon Sep 17 00:00:00 2001
+From: Michael Orlitzky <michael@orlitzky.com>
+Date: Fri, 4 Nov 2022 19:31:15 -0400
+Subject: [PATCH 1/2] clamonacc/c-thread-pool/thpool.c: define _GNU_SOURCE for
+ syscall().
+
+On Linux, thpool.c uses syscall() from unistd.h, but that function is
+not defined without _GNU_SOURCE:
+
+ c-thread-pool/thpool.c: In function 'jobqueue_pull':
+ c-thread-pool/thpool.c:474:105: error: implicit declaration of function
+ 'syscall' [-Werror=implicit-function-declaration]
+
+In general that's not great, because it hinders some compiler diagnostics,
+but it will also cause problems down the road if (for example) clang-16
+decides to enable -Werror=implicit-function-declaration by default.
+
+This commit changes the _POSIX_C_SOURCE definition at the top of
+thpool.c to _GNU_SOURCE, as in the syscall(2) man page.
+---
+ clamonacc/c-thread-pool/thpool.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/clamonacc/c-thread-pool/thpool.c b/clamonacc/c-thread-pool/thpool.c
+index 46572da5f4..27c5103ff1 100644
+--- a/clamonacc/c-thread-pool/thpool.c
++++ b/clamonacc/c-thread-pool/thpool.c
+@@ -8,7 +8,7 @@
+ *
+ ********************************/
+
+-#define _POSIX_C_SOURCE 200809L
++#define _GNU_SOURCE
+ #include <unistd.h>
+ #include <signal.h>
+ #include <stdio.h>
+
+From 7e3425ab701141064d179c45af2251f61af4ccc7 Mon Sep 17 00:00:00 2001
+From: Michael Orlitzky <michael@orlitzky.com>
+Date: Fri, 4 Nov 2022 20:08:30 -0400
+Subject: [PATCH 2/2] */*: fix invalid prototypes.
+
+Prototypes (or the declarations themselves, if there is no
+corresponding prototype) for functions that take no arguments are
+required by the C standard to specify (void) as their argument list;
+for example,
+
+ regex_pcre.h:79:1: error: function declaration isn't a prototype
+ [-Werror=strict-prototypes]
+ 79 | cl_error_t cli_pcre_init_internal();
+
+Future versions of clang may become strict about this, and there's no
+harm in conforming to the standard right now, so we fix all such
+instances in this commit.
+---
+ clamonacc/clamonacc.c | 2 +-
+ clamonacc/client/socket.h | 2 +-
+ clamonacc/inotif/hash.c | 2 +-
+ clamonacc/inotif/inotif.c | 2 +-
+ clamonacc/scan/onas_queue.c | 6 +++---
+ libclamav/matcher-pcre.h | 6 +++---
+ libclamav/regex_pcre.h | 2 +-
+ m4/reorganization/compiler_checks.m4 | 2 +-
+ shared/misc.h | 2 +-
+ 9 files changed, 13 insertions(+), 13 deletions(-)
+
+diff --git a/clamonacc/clamonacc.c b/clamonacc/clamonacc.c
+index ba986ef06c..c020897908 100644
+--- a/clamonacc/clamonacc.c
++++ b/clamonacc/clamonacc.c
+@@ -61,7 +61,7 @@
+ pthread_t ddd_pid = 0;
+ pthread_t scan_queue_pid = 0;
+
+-static void onas_handle_signals();
++static void onas_handle_signals(void);
+ static int startup_checks(struct onas_context *ctx);
+ static struct onas_context *g_ctx = NULL;
+
+diff --git a/clamonacc/client/socket.h b/clamonacc/client/socket.h
+index 915f9086ca..ea84fb4c41 100644
+--- a/clamonacc/client/socket.h
++++ b/clamonacc/client/socket.h
+@@ -31,4 +31,4 @@ struct onas_sock_t {
+ };
+
+ cl_error_t onas_set_sock_only_once(struct onas_context *ctx);
+-int onas_get_sockd();
++int onas_get_sockd(void);
+diff --git a/clamonacc/inotif/hash.c b/clamonacc/inotif/hash.c
+index e4b3f1f983..2bbc4cdbb4 100644
+--- a/clamonacc/inotif/hash.c
++++ b/clamonacc/inotif/hash.c
+@@ -58,7 +58,7 @@
+
+ #if defined(HAVE_SYS_FANOTIFY_H)
+
+-static struct onas_bucket *onas_bucket_init();
++static struct onas_bucket *onas_bucket_init(void);
+ static void onas_free_bucket(struct onas_bucket *bckt);
+ static int onas_bucket_insert(struct onas_bucket *bckt, struct onas_element *elem);
+ static int onas_bucket_remove(struct onas_bucket *bckt, struct onas_element *elem);
+diff --git a/clamonacc/inotif/inotif.c b/clamonacc/inotif/inotif.c
+index 7799ae4889..b8680e9856 100644
+--- a/clamonacc/inotif/inotif.c
++++ b/clamonacc/inotif/inotif.c
+@@ -66,7 +66,7 @@
+
+ static int onas_ddd_init_ht(uint32_t ht_size);
+ static int onas_ddd_init_wdlt(uint64_t nwatches);
+-static int onas_ddd_grow_wdlt();
++static int onas_ddd_grow_wdlt(void);
+
+ static int onas_ddd_watch(const char *pathname, int fan_fd, uint64_t fan_mask, int in_fd, uint64_t in_mask);
+ static int onas_ddd_watch_hierarchy(const char *pathname, size_t len, int fd, uint64_t mask, uint32_t type);
+diff --git a/clamonacc/scan/onas_queue.c b/clamonacc/scan/onas_queue.c
+index d279df7415..6fa7df6e96 100644
+--- a/clamonacc/scan/onas_queue.c
++++ b/clamonacc/scan/onas_queue.c
+@@ -82,7 +82,7 @@ static cl_error_t onas_new_event_queue_node(struct onas_event_queue_node **node)
+ return CL_SUCCESS;
+ }
+
+-static void *onas_init_event_queue()
++static void *onas_init_event_queue(void)
+ {
+
+ if (CL_EMEM == onas_new_event_queue_node(&g_onas_event_queue_head)) {
+@@ -122,7 +122,7 @@ static void onas_destroy_event_queue_node(struct onas_event_queue_node *node)
+ return;
+ }
+
+-static void onas_destroy_event_queue()
++static void onas_destroy_event_queue(void)
+ {
+
+ if (NULL == g_onas_event_queue_head) {
+@@ -200,7 +200,7 @@ void *onas_scan_queue_th(void *arg)
+ pthread_cleanup_pop(1);
+ }
+
+-static int onas_queue_is_b_empty()
++static int onas_queue_is_b_empty(void)
+ {
+
+ if (g_onas_event_queue.head->next == g_onas_event_queue.tail) {
+diff --git a/libclamav/matcher-pcre.h b/libclamav/matcher-pcre.h
+index 5ffc88fb26..b0bd51852b 100644
+--- a/libclamav/matcher-pcre.h
++++ b/libclamav/matcher-pcre.h
+@@ -68,11 +68,11 @@ struct cli_pcre_meta {
+ };
+
+ /* PCRE PERFORMANCE DECLARATIONS */
+-void cli_pcre_perf_print();
+-void cli_pcre_perf_events_destroy();
++void cli_pcre_perf_print(void);
++void cli_pcre_perf_events_destroy(void);
+
+ /* PCRE MATCHER DECLARATIONS */
+-int cli_pcre_init();
++int cli_pcre_init(void);
+ cl_error_t cli_pcre_addpatt(struct cli_matcher *root, const char *virname, const char *trigger, const char *pattern, const char *cflags, const char *offset, const uint32_t *lsigid, unsigned int options);
+ cl_error_t cli_pcre_build(struct cli_matcher *root, long long unsigned match_limit, long long unsigned recmatch_limit, const struct cli_dconf *dconf);
+ cl_error_t cli_pcre_recaloff(struct cli_matcher *root, struct cli_pcre_off *data, struct cli_target_info *info, cli_ctx *ctx);
+diff --git a/libclamav/regex_pcre.h b/libclamav/regex_pcre.h
+index d1f4127984..52653431d4 100644
+--- a/libclamav/regex_pcre.h
++++ b/libclamav/regex_pcre.h
+@@ -76,7 +76,7 @@ struct cli_pcre_results {
+ };
+ #endif
+
+-cl_error_t cli_pcre_init_internal();
++cl_error_t cli_pcre_init_internal(void);
+ cl_error_t cli_pcre_addoptions(struct cli_pcre_data *pd, const char **opt, int errout);
+ cl_error_t cli_pcre_compile(struct cli_pcre_data *pd, long long unsigned match_limit, long long unsigned match_limit_recursion, unsigned int options, int opt_override);
+ int cli_pcre_match(struct cli_pcre_data *pd, const unsigned char *buffer, size_t buflen, size_t override_offset, int options, struct cli_pcre_results *results);
+diff --git a/m4/reorganization/compiler_checks.m4 b/m4/reorganization/compiler_checks.m4
+index f7984f4cb2..80c81e1d30 100644
+--- a/m4/reorganization/compiler_checks.m4
++++ b/m4/reorganization/compiler_checks.m4
+@@ -121,7 +121,7 @@ extern void abort(void);
+ ((bb_size) > 0 && (sb_size) > 0 && (size_t)(sb_size) <= (size_t)(bb_size) \
+ && (sb) >= (bb) && ((sb) + (sb_size)) <= ((bb) + (bb_size)) && ((sb) + (sb_size)) > (bb) && (sb) < ((bb) + (bb_size)))
+
+-int crashtest()
++int crashtest(void)
+ {
+ unsigned int backsize, dcur;
+ int dval=0x12000, unp_offset;
+diff --git a/shared/misc.h b/shared/misc.h
+index 436c73117b..63fdea0f50 100644
+--- a/shared/misc.h
++++ b/shared/misc.h
+@@ -72,7 +72,7 @@ int daemonize(void);
+ /*closes stdin, stdout, stderr. This is called by daemonize, but not
+ * daemonize_all_return. Users of daemonize_all_return should call this
+ * when initialization is complete.*/
+-int close_std_descriptors();
++int close_std_descriptors(void);
+
+ /*Returns the return value of fork. All processes return */
+ int daemonize_all_return(void);
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-antivirus/clamav/, app-antivirus/clamav/files/
@ 2024-09-05 14:45 Michael Orlitzky
0 siblings, 0 replies; 16+ messages in thread
From: Michael Orlitzky @ 2024-09-05 14:45 UTC (permalink / raw
To: gentoo-commits
commit: d11fdf6428fab5bdf185322c3aa56e1829787e15
Author: Michael Orlitzky <mjo <AT> gentoo <DOT> org>
AuthorDate: Thu Sep 5 12:56:32 2024 +0000
Commit: Michael Orlitzky <mjo <AT> gentoo <DOT> org>
CommitDate: Thu Sep 5 14:43:49 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d11fdf64
app-antivirus/clamav: add 0.103.12
Also drop USE=ipv6, since inspecting the code shows that it does
absolutely nothing.
Signed-off-by: Michael Orlitzky <mjo <AT> gentoo.org>
app-antivirus/clamav/Manifest | 1 +
app-antivirus/clamav/clamav-0.103.12.ebuild | 237 +++++++++++++++++++++
.../files/clamav-0.103.12-missing-const.patch | 13 ++
3 files changed, 251 insertions(+)
diff --git a/app-antivirus/clamav/Manifest b/app-antivirus/clamav/Manifest
index 8950166567b5..0ad425ffd34c 100644
--- a/app-antivirus/clamav/Manifest
+++ b/app-antivirus/clamav/Manifest
@@ -38,6 +38,7 @@ DIST cexpr-0.6.0.crate 17966 BLAKE2B cb46f066eb1f4dbac00ec86dc3e562db7ee8ea5ff17
DIST cfg-if-1.0.0.crate 7934 BLAKE2B e99a5589c11d79d77a4537b34ce0a45d37b981c123b79b807cea836c89fc3926d693458893baca2882448d3d44e3f64e06141f6d916b748daa10b8cc1ae16d1b SHA512 0fb16a8882fd30e86b62c5143b1cb18ab564e84e75bd1f28fd12f24ffdc4a42e0d2e012a99abb606c12efe3c11061ff5bf8e24ab053e550ae083f7d90f6576ff
DIST chrono-0.4.38.crate 220559 BLAKE2B ab828bfeed56eb737a1797d5e1132cafe87a1e14bf7a1fe4a5098f50e6ceead50ca2e7f041cc2ff63d5f4e41e2853322f6c345bb31ff12a5b412e3e5202f5fea SHA512 858e47e3facebd5383e71898f26b27d92fe4a69027e2cc47da2af59975ead7767355e0b699f4228eabe76a3eff8b2519c7cecf8b60dc3fc60fbf9b28e2f3d4d9
DIST clamav-0.103.11.tar.gz 16550978 BLAKE2B 9fba6d5b41ef07b017be26b7ebd832ca03146a68545f794924332c67429ba27603745e2ad7fc0f58c341c6d9267e5b5265c37525dba9cbb15ab616915ec2d605 SHA512 86241ee8058d9a3ccc13b89bb41aa16cfbeb65717fbcfeea6117b7885e8854f5673c22475e7d33ee4210a15d583e806f252657c07933f072455027f1531427b8
+DIST clamav-0.103.12.tar.gz 16507685 BLAKE2B bc31787625f85867bf21c4555aa2fd2998514986fb571fa4e6cb9fa3fedf61b493c517291b662054edc0bbe8d45649d9c244d943df01950e204baa9e537e3e32 SHA512 0e870a5fd035fbf090359ef7634b1b36e346ff3066b896ff17c2c6ace04f4c17e16181a21fead8b8b2f397de9ea47b928515b717a41996bac4c8efed4d16ec4e
DIST clamav-1.0.5.tar.gz 10344955 BLAKE2B 1deceff859c9eec6185f6c83833333d1a030edd1c9dcc6788f669259b4922f332b564a7c6f3fa7f03ebe2051524132becb35cbd67526aac43e95ca3978793517 SHA512 7d46cf5555107d2856430a5f09f5dfd011b597d3dc7e691db3c956867b1314b50fd23008bf45b377d31493a12716c527159d163748d6ae759e97a041780da0d9
DIST clamav-1.0.6.tar.gz 10345779 BLAKE2B fbbef034a7bf6e2b323007a3de2464b60cc0a564551ddd4169a72af0328cfc2485c14395626e8d0258dfbb3bb41bc895d26622ff2dfb5fcd1181e6595da6489b SHA512 907cf51f8e6776a81ec5501026c240266b0eb8f7631fcbbcd0f8514446925dc731d819ae758217f9ed9414ca385b64e67f6de0e5133c04ba7590bd1e4445e09e
DIST clamav-1.2.2.tar.gz 10372690 BLAKE2B 47940236e38296ac908be4c5d1c5ce8bbc9ec5c69fa87b2472c941d2de9642e0ab6a59c63038aa706079e8efeb161083db69ad03eaaf27a6d05f4f1a5bb70aff SHA512 32562230f367a230f70dfca5ed5000ee8829a0da7452b0113e9dbaa47ef6b21901001f741b0e52ce52c02fe8f834bd559bcbdf1ea20495bead9c4976c3a4cc92
diff --git a/app-antivirus/clamav/clamav-0.103.12.ebuild b/app-antivirus/clamav/clamav-0.103.12.ebuild
new file mode 100644
index 000000000000..8a29edbb6daa
--- /dev/null
+++ b/app-antivirus/clamav/clamav-0.103.12.ebuild
@@ -0,0 +1,237 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit autotools flag-o-matic systemd tmpfiles
+
+DESCRIPTION="Clam Anti-Virus Scanner"
+HOMEPAGE="https://www.clamav.net/"
+SRC_URI="https://www.clamav.net/downloads/production/${P}.tar.gz"
+
+LICENSE="GPL-2 unRAR"
+SLOT="0/lts"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~ppc ~ppc64 ~riscv ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos"
+IUSE="bzip2 doc clamonacc clamdtop clamsubmit iconv libclamav-only milter metadata-analysis-api selinux systemd test xml"
+
+REQUIRED_USE="libclamav-only? ( !clamonacc !clamdtop !clamsubmit !milter !metadata-analysis-api )"
+
+RESTRICT="!test? ( test )"
+
+# Require acct-{user,group}/clamav at build time so that we can set
+# the permissions on /var/lib/clamav in src_install rather than in
+# pkg_postinst; calling "chown" on the live filesystem scares me.
+CDEPEND="acct-group/clamav
+ acct-user/clamav
+ dev-libs/libltdl
+ dev-libs/libmspack
+ || ( dev-libs/libpcre2 >dev-libs/libpcre-6 )
+ dev-libs/tomsfastmath
+ >=sys-libs/zlib-1.2.2:=
+ bzip2? ( app-arch/bzip2 )
+ clamdtop? ( sys-libs/ncurses:0 )
+ clamsubmit? ( net-misc/curl dev-libs/json-c:= )
+ elibc_musl? ( sys-libs/fts-standalone )
+ iconv? ( virtual/libiconv )
+ !libclamav-only? ( net-misc/curl )
+ dev-libs/openssl:0=
+ milter? ( mail-filter/libmilter:= )
+ xml? ( dev-libs/libxml2 )"
+
+# We need at least autoconf-2.69-r5 because that's the first (patched)
+# version of it in Gentoo that supports ./configure --runstatedir.
+BDEPEND=">=dev-build/autoconf-2.69-r5
+ virtual/pkgconfig"
+
+DEPEND="${CDEPEND}
+ metadata-analysis-api? ( dev-libs/json-c:* )
+ test? ( dev-libs/check )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-clamav )"
+
+PATCHES=(
+ "${FILESDIR}/${PN}-0.102.1-libxml2_pkgconfig.patch" #661328
+ "${FILESDIR}/${PN}-0.102.2-fix-curl-detection.patch" #709616
+ "${FILESDIR}/${PN}-0.103.0-system-tomsfastmath.patch" # 649394
+ "${FILESDIR}/${PN}-0.103.1-upstream-openrc.patch"
+ "${FILESDIR}/${PN}-0.103.12-missing-const.patch"
+)
+
+src_prepare() {
+ default
+
+ # Be extra sure that we're using the system copy of tomsfastmath
+ einfo "removing bundled copy of dev-libs/tomsfastmath"
+ rm -r libclamav/tomsfastmath || \
+ die "failed to remove bundled tomsfastmath"
+
+ AT_NO_RECURSIVE="yes" eautoreconf
+}
+
+src_configure() {
+ use elibc_musl && append-ldflags -lfts
+ use ppc64 && append-flags -mminimal-toc
+
+ # according to configure help it should be
+ # $(use_enable xml)
+ # but that does not work
+ # do not add this, since --disable-xml seems to override
+ # --without-xml
+ JSONUSE="--without-libjson"
+
+ if use clamsubmit || use metadata-analysis-api; then
+ # either of those 2 requires libjson.
+ # clamsubmit will be built as soon as libjson and curl are found
+ # but we only install the binary if requested
+ JSONUSE="--with-libjson=${EPREFIX}/usr"
+ fi
+
+ local myeconfargs=(
+ $(use_enable bzip2)
+ $(use_enable clamonacc)
+ $(use_enable clamdtop)
+ $(use_enable milter)
+ $(use_enable test check)
+ $(use_with xml)
+ $(use_with iconv)
+ ${JSONUSE}
+ $(use_enable libclamav-only)
+ $(use_with !libclamav-only libcurl)
+ --enable-ipv6
+ --with-system-libmspack
+ --cache-file="${S}"/config.cache
+ --disable-experimental
+ --disable-static
+ --disable-zlib-vcheck
+ --enable-id-check
+ --with-dbdir="${EPREFIX}"/var/lib/clamav
+ # Don't call --with-zlib=/usr (see bug #699296)
+ --with-zlib
+ --disable-llvm
+ --enable-openrc
+ --runstatedir=/run
+ )
+ econf "${myeconfargs[@]}"
+}
+
+src_install() {
+ default
+
+ rm -rf "${ED}"/var/lib/clamav || die
+
+ if ! use libclamav-only ; then
+ if use systemd; then
+ # The tmpfiles entry is behind USE=systemd because the
+ # OpenRC service scripts should (and do) ensure that the
+ # directories they need exist and have the correct
+ # permissions without the help of tmpfiles.
+ newtmpfiles "${FILESDIR}/tmpfiles.d/clamav-r1.conf" clamav.conf
+ systemd_newunit "${FILESDIR}/clamd_at.service" "clamd@.service"
+ systemd_dounit "${FILESDIR}/clamd.service"
+ systemd_newunit "${FILESDIR}/freshclamd.service-r1" \
+ "freshclamd.service"
+ fi
+
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}/clamd.logrotate" clamd
+ newins "${FILESDIR}/freshclam.logrotate" freshclam
+ use milter && \
+ newins "${FILESDIR}/clamav-milter.logrotate-r1" clamav-milter
+
+ # Modify /etc/{clamd,freshclam}.conf to be usable out of the box
+ sed -i -e "s:^\(Example\):\# \1:" \
+ -e "s/^#\(PidFile .*\)/\1/" \
+ -e "s/^#\(LocalSocket .*\)/\1/" \
+ -e "s/^#\(User .*\)/\1/" \
+ -e "s:^\#\(LogFile\) .*:\1 ${EPREFIX}/var/log/clamav/clamd.log:" \
+ -e "s:^\#\(LogTime\).*:\1 yes:" \
+ -e "s/^#\(DatabaseDirectory .*\)/\1/" \
+ "${ED}"/etc/clamd.conf.sample || die
+
+ sed -i -e "s:^\(Example\):\# \1:" \
+ -e "s/^#\(PidFile .*\)/\1/" \
+ -e "s/^#\(DatabaseOwner .*\)/\1/" \
+ -e "s:^\#\(UpdateLogFile\) .*:\1 ${EPREFIX}/var/log/clamav/freshclam.log:" \
+ -e "s:^\#\(NotifyClamd\).*:\1 ${EPREFIX}/etc/clamd.conf:" \
+ -e "s:^\#\(ScriptedUpdates\).*:\1 yes:" \
+ -e "s/^#\(DatabaseDirectory .*\)/\1/" \
+ "${ED}"/etc/freshclam.conf.sample || die
+
+ if use milter ; then
+ # Note: only keep the "unix" ClamdSocket and MilterSocket!
+ sed -i -e "s:^\(Example\):\# \1:" \
+ -e "s/^#\(PidFile .*\)/\1/" \
+ -e "s/^#\(ClamdSocket unix:.*\)/\1/" \
+ -e "s/^#\(User .*\)/\1/" \
+ -e "s/^#\(MilterSocket unix:.*\)/\1/" \
+ -e "s:^\#\(LogFile\) .*:\1 ${EPREFIX}/var/log/clamav/clamav-milter.log:" \
+ "${ED}"/etc/clamav-milter.conf.sample || die
+
+ cat >> "${ED}"/etc/conf.d/clamd <<-EOF
+ MILTER_NICELEVEL=19
+ START_MILTER=no
+ EOF
+
+ systemd_newunit "${FILESDIR}/clamav-milter.service-r1" clamav-milter.service
+ fi
+
+ local i
+ for i in clamd freshclam clamav-milter
+ do
+ if [[ -f "${ED}"/etc/"${i}".conf.sample ]]; then
+ mv "${ED}"/etc/"${i}".conf{.sample,} || die
+ fi
+ done
+
+ # These both need to be writable by the clamav user.
+ # TODO: use syslog by default; that's what it's for.
+ diropts -o clamav -g clamav
+ keepdir /var/lib/clamav
+ keepdir /var/log/clamav
+ fi
+
+ if use doc ; then
+ local HTML_DOCS=( docs/html/. )
+ einstalldocs
+
+ if ! use libclamav-only ; then
+ doman docs/man/*.[1-8]
+ fi
+ fi
+
+ find "${ED}" -name '*.la' -delete || die
+}
+
+src_test() {
+ if use libclamav-only ; then
+ ewarn "Test target not available when USE=libclamav-only is set, skipping tests ..."
+ return 0
+ fi
+
+ emake quick-check
+}
+
+pkg_postinst() {
+ if ! use libclamav-only ; then
+ if use systemd ; then
+ tmpfiles_process clamav.conf
+ fi
+ fi
+
+ if use milter ; then
+ elog "For simple instructions how to setup the clamav-milter read the"
+ elog "clamav-milter.README.gentoo in /usr/share/doc/${PF}"
+ fi
+
+ local databases=( "${EROOT}"/var/lib/clamav/main.c[lv]d )
+ if [[ ! -f "${databases}" ]] ; then
+ ewarn "You must run freshclam manually to populate the virus database"
+ ewarn "before starting clamav for the first time."
+ fi
+
+ ewarn "This version of ClamAV provides separate OpenRC services"
+ ewarn "for clamd, freshclam, clamav-milter, and clamonacc. The"
+ ewarn "clamd service now starts only the clamd daemon itself. You"
+ ewarn "should add freshclam (and perhaps clamav-milter) to any"
+ ewarn "runlevels that previously contained clamd."
+}
diff --git a/app-antivirus/clamav/files/clamav-0.103.12-missing-const.patch b/app-antivirus/clamav/files/clamav-0.103.12-missing-const.patch
new file mode 100644
index 000000000000..39b98b7f4732
--- /dev/null
+++ b/app-antivirus/clamav/files/clamav-0.103.12-missing-const.patch
@@ -0,0 +1,13 @@
+diff --git a/libclamav/regex/engine.c b/libclamav/regex/engine.c
+index ed359c3..3c25398 100644
+--- a/libclamav/regex/engine.c
++++ b/libclamav/regex/engine.c
+@@ -223,7 +223,7 @@ matcher(struct re_guts *g, const char *string, size_t nmatch,
+ dp = dissect(m, m->coldp, endp, gf, gl);
+ } else {
+ if (g->nplus > 0 && m->lastpos == NULL)
+- m->lastpos = (char **)cli_malloc((g->nplus+1) *
++ m->lastpos = (const char **)cli_malloc((g->nplus+1) *
+ sizeof(char *));
+ if (g->nplus > 0 && m->lastpos == NULL) {
+ free(m->pmatch);
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-antivirus/clamav/, app-antivirus/clamav/files/
@ 2025-06-19 1:46 Michael Orlitzky
0 siblings, 0 replies; 16+ messages in thread
From: Michael Orlitzky @ 2025-06-19 1:46 UTC (permalink / raw
To: gentoo-commits
commit: dab0419a1723cf871b14cd02cbef12c9c05cdbe7
Author: Michael Orlitzky <mjo <AT> gentoo <DOT> org>
AuthorDate: Thu Jun 19 00:23:12 2025 +0000
Commit: Michael Orlitzky <mjo <AT> gentoo <DOT> org>
CommitDate: Thu Jun 19 01:44:57 2025 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dab0419a
app-antivirus/clamav: backport security fixes from v1.0.9
Signed-off-by: Michael Orlitzky <mjo <AT> gentoo.org>
app-antivirus/clamav/clamav-0.103.12-r2.ebuild | 239 +++++++++++++++
.../files/clamav-0.103.12-cve-2025-20260.patch | 341 +++++++++++++++++++++
.../files/clamav-0.103.12-fix-lzma-uaf.patch | 34 ++
3 files changed, 614 insertions(+)
diff --git a/app-antivirus/clamav/clamav-0.103.12-r2.ebuild b/app-antivirus/clamav/clamav-0.103.12-r2.ebuild
new file mode 100644
index 000000000000..a3163edc0d0c
--- /dev/null
+++ b/app-antivirus/clamav/clamav-0.103.12-r2.ebuild
@@ -0,0 +1,239 @@
+# Copyright 1999-2025 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit autotools flag-o-matic systemd tmpfiles
+
+DESCRIPTION="Clam Anti-Virus Scanner"
+HOMEPAGE="https://www.clamav.net/"
+SRC_URI="https://www.clamav.net/downloads/production/${P}.tar.gz"
+
+LICENSE="GPL-2 unRAR"
+SLOT="0/lts"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ppc ~ppc64 ~riscv ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos"
+IUSE="bzip2 doc clamonacc clamdtop clamsubmit iconv libclamav-only milter metadata-analysis-api selinux systemd test xml"
+
+REQUIRED_USE="libclamav-only? ( !clamonacc !clamdtop !clamsubmit !milter !metadata-analysis-api )"
+
+RESTRICT="!test? ( test )"
+
+# Require acct-{user,group}/clamav at build time so that we can set
+# the permissions on /var/lib/clamav in src_install rather than in
+# pkg_postinst; calling "chown" on the live filesystem scares me.
+CDEPEND="acct-group/clamav
+ acct-user/clamav
+ dev-libs/libltdl
+ dev-libs/libmspack
+ || ( dev-libs/libpcre2 >dev-libs/libpcre-6 )
+ dev-libs/tomsfastmath
+ >=sys-libs/zlib-1.2.2:=
+ bzip2? ( app-arch/bzip2 )
+ clamdtop? ( sys-libs/ncurses:0 )
+ clamsubmit? ( net-misc/curl dev-libs/json-c:= )
+ elibc_musl? ( sys-libs/fts-standalone )
+ iconv? ( virtual/libiconv )
+ !libclamav-only? ( net-misc/curl )
+ dev-libs/openssl:0=
+ milter? ( mail-filter/libmilter:= )
+ xml? ( dev-libs/libxml2:= )"
+
+# We need at least autoconf-2.69-r5 because that's the first (patched)
+# version of it in Gentoo that supports ./configure --runstatedir.
+BDEPEND=">=dev-build/autoconf-2.69-r5
+ virtual/pkgconfig"
+
+DEPEND="${CDEPEND}
+ metadata-analysis-api? ( dev-libs/json-c:* )
+ test? ( dev-libs/check )"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-clamav )"
+
+PATCHES=(
+ "${FILESDIR}/${PN}-0.102.1-libxml2_pkgconfig.patch" #661328
+ "${FILESDIR}/${PN}-0.102.2-fix-curl-detection.patch" #709616
+ "${FILESDIR}/${PN}-0.103.0-system-tomsfastmath.patch" # 649394
+ "${FILESDIR}/${PN}-0.103.1-upstream-openrc.patch"
+ "${FILESDIR}/${PN}-0.103.12-missing-const.patch"
+ "${FILESDIR}/${PN}-0.103.12-fix-lzma-uaf.patch"
+ "${FILESDIR}/${PN}-0.103.12-cve-2025-20260.patch"
+)
+
+src_prepare() {
+ default
+
+ # Be extra sure that we're using the system copy of tomsfastmath
+ einfo "removing bundled copy of dev-libs/tomsfastmath"
+ rm -r libclamav/tomsfastmath || \
+ die "failed to remove bundled tomsfastmath"
+
+ AT_NO_RECURSIVE="yes" eautoreconf
+}
+
+src_configure() {
+ use elibc_musl && append-ldflags -lfts
+ use ppc64 && append-flags -mminimal-toc
+
+ # according to configure help it should be
+ # $(use_enable xml)
+ # but that does not work
+ # do not add this, since --disable-xml seems to override
+ # --without-xml
+ JSONUSE="--without-libjson"
+
+ if use clamsubmit || use metadata-analysis-api; then
+ # either of those 2 requires libjson.
+ # clamsubmit will be built as soon as libjson and curl are found
+ # but we only install the binary if requested
+ JSONUSE="--with-libjson=${EPREFIX}/usr"
+ fi
+
+ local myeconfargs=(
+ $(use_enable bzip2)
+ $(use_enable clamonacc)
+ $(use_enable clamdtop)
+ $(use_enable milter)
+ $(use_enable test check)
+ $(use_with xml)
+ $(use_with iconv)
+ ${JSONUSE}
+ $(use_enable libclamav-only)
+ $(use_with !libclamav-only libcurl)
+ --enable-ipv6
+ --with-system-libmspack
+ --cache-file="${S}"/config.cache
+ --disable-experimental
+ --disable-static
+ --disable-zlib-vcheck
+ --enable-id-check
+ --with-dbdir="${EPREFIX}"/var/lib/clamav
+ # Don't call --with-zlib=/usr (see bug #699296)
+ --with-zlib
+ --disable-llvm
+ --enable-openrc
+ --runstatedir=/run
+ )
+ econf "${myeconfargs[@]}"
+}
+
+src_install() {
+ default
+
+ rm -rf "${ED}"/var/lib/clamav || die
+
+ if ! use libclamav-only ; then
+ if use systemd; then
+ # The tmpfiles entry is behind USE=systemd because the
+ # OpenRC service scripts should (and do) ensure that the
+ # directories they need exist and have the correct
+ # permissions without the help of tmpfiles.
+ newtmpfiles "${FILESDIR}/tmpfiles.d/clamav-r1.conf" clamav.conf
+ systemd_newunit "${FILESDIR}/clamd_at.service" "clamd@.service"
+ systemd_dounit "${FILESDIR}/clamd.service"
+ systemd_newunit "${FILESDIR}/freshclamd.service-r1" \
+ "freshclamd.service"
+ fi
+
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}/clamd.logrotate" clamd
+ newins "${FILESDIR}/freshclam.logrotate" freshclam
+ use milter && \
+ newins "${FILESDIR}/clamav-milter.logrotate-r1" clamav-milter
+
+ # Modify /etc/{clamd,freshclam}.conf to be usable out of the box
+ sed -i -e "s:^\(Example\):\# \1:" \
+ -e "s/^#\(PidFile .*\)/\1/" \
+ -e "s/^#\(LocalSocket .*\)/\1/" \
+ -e "s/^#\(User .*\)/\1/" \
+ -e "s:^\#\(LogFile\) .*:\1 ${EPREFIX}/var/log/clamav/clamd.log:" \
+ -e "s:^\#\(LogTime\).*:\1 yes:" \
+ -e "s/^#\(DatabaseDirectory .*\)/\1/" \
+ "${ED}"/etc/clamd.conf.sample || die
+
+ sed -i -e "s:^\(Example\):\# \1:" \
+ -e "s/^#\(PidFile .*\)/\1/" \
+ -e "s/^#\(DatabaseOwner .*\)/\1/" \
+ -e "s:^\#\(UpdateLogFile\) .*:\1 ${EPREFIX}/var/log/clamav/freshclam.log:" \
+ -e "s:^\#\(NotifyClamd\).*:\1 ${EPREFIX}/etc/clamd.conf:" \
+ -e "s:^\#\(ScriptedUpdates\).*:\1 yes:" \
+ -e "s/^#\(DatabaseDirectory .*\)/\1/" \
+ "${ED}"/etc/freshclam.conf.sample || die
+
+ if use milter ; then
+ # Note: only keep the "unix" ClamdSocket and MilterSocket!
+ sed -i -e "s:^\(Example\):\# \1:" \
+ -e "s/^#\(PidFile .*\)/\1/" \
+ -e "s/^#\(ClamdSocket unix:.*\)/\1/" \
+ -e "s/^#\(User .*\)/\1/" \
+ -e "s/^#\(MilterSocket unix:.*\)/\1/" \
+ -e "s:^\#\(LogFile\) .*:\1 ${EPREFIX}/var/log/clamav/clamav-milter.log:" \
+ "${ED}"/etc/clamav-milter.conf.sample || die
+
+ cat >> "${ED}"/etc/conf.d/clamd <<-EOF
+ MILTER_NICELEVEL=19
+ START_MILTER=no
+ EOF
+
+ systemd_newunit "${FILESDIR}/clamav-milter.service-r1" clamav-milter.service
+ fi
+
+ local i
+ for i in clamd freshclam clamav-milter
+ do
+ if [[ -f "${ED}"/etc/"${i}".conf.sample ]]; then
+ mv "${ED}"/etc/"${i}".conf{.sample,} || die
+ fi
+ done
+
+ # These both need to be writable by the clamav user.
+ # TODO: use syslog by default; that's what it's for.
+ diropts -o clamav -g clamav
+ keepdir /var/lib/clamav
+ keepdir /var/log/clamav
+ fi
+
+ if use doc ; then
+ local HTML_DOCS=( docs/html/. )
+ einstalldocs
+
+ if ! use libclamav-only ; then
+ doman docs/man/*.[1-8]
+ fi
+ fi
+
+ find "${ED}" -name '*.la' -delete || die
+}
+
+src_test() {
+ if use libclamav-only ; then
+ ewarn "Test target not available when USE=libclamav-only is set, skipping tests ..."
+ return 0
+ fi
+
+ emake quick-check
+}
+
+pkg_postinst() {
+ if ! use libclamav-only ; then
+ if use systemd ; then
+ tmpfiles_process clamav.conf
+ fi
+ fi
+
+ if use milter ; then
+ elog "For simple instructions how to setup the clamav-milter read the"
+ elog "clamav-milter.README.gentoo in /usr/share/doc/${PF}"
+ fi
+
+ local databases=( "${EROOT}"/var/lib/clamav/main.c[lv]d )
+ if [[ ! -f "${databases}" ]] ; then
+ ewarn "You must run freshclam manually to populate the virus database"
+ ewarn "before starting clamav for the first time."
+ fi
+
+ ewarn "This version of ClamAV provides separate OpenRC services"
+ ewarn "for clamd, freshclam, clamav-milter, and clamonacc. The"
+ ewarn "clamd service now starts only the clamd daemon itself. You"
+ ewarn "should add freshclam (and perhaps clamav-milter) to any"
+ ewarn "runlevels that previously contained clamd."
+}
diff --git a/app-antivirus/clamav/files/clamav-0.103.12-cve-2025-20260.patch b/app-antivirus/clamav/files/clamav-0.103.12-cve-2025-20260.patch
new file mode 100644
index 000000000000..600b23cae179
--- /dev/null
+++ b/app-antivirus/clamav/files/clamav-0.103.12-cve-2025-20260.patch
@@ -0,0 +1,341 @@
+Taken from
+
+ https://github.com/Cisco-Talos/clamav/commit/fb541aed643
+
+and applied with a little fuzz to the 0.103.x branch. The bug is not
+actually exploitable on 0.103.x (according to the release notes), but
+we might as well apply the readily-available fix.
+
+diff --git a/libclamav/pdf.c b/libclamav/pdf.c
+index b8135f6..fe50146 100644
+--- a/libclamav/pdf.c
++++ b/libclamav/pdf.c
+@@ -441,7 +441,7 @@ int pdf_findobj_in_objstm(struct pdf_struct *pdf, struct objstm_struct *objstm,
+
+ if (CL_SUCCESS != cli_strntol_wrap(index, bytes_remaining, 0, 10, &temp_long)) {
+ /* Failed to find obj offset for next obj */
+- cli_dbgmsg("pdf_findobj_in_objstm: Failed to find next obj offset for obj in object stream though there should be {%u} more.\n", objstm->n - objstm->nobjs_found);
++ cli_dbgmsg("pdf_findobj_in_objstm: Failed to find next obj offset for obj in object stream though there should be {%zu} more.\n", objstm->n - objstm->nobjs_found);
+ status = CL_EPARSE;
+ goto done;
+ } else if (temp_long < 0) {
+@@ -1551,18 +1551,18 @@ cl_error_t pdf_extract_obj(struct pdf_struct *pdf, struct pdf_obj *obj, uint32_t
+ }
+ }
+
+- cli_dbgmsg("pdf_extract_obj: calculated length %lld\n", (long long)length);
++ cli_dbgmsg("pdf_extract_obj: calculated length %zu\n", length);
+ } else {
+ if (obj->stream_size > (size_t)length + 2) {
+ cli_dbgmsg("cli_pdf: calculated length %zu < %zu\n",
+- (size_t)length, obj->stream_size);
++ length, obj->stream_size);
+ length = obj->stream_size;
+ }
+ }
+
+- if ((0 != orig_length) && (obj->stream_size > (size_t)orig_length + 20)) {
+- cli_dbgmsg("pdf_extract_obj: orig length: %lld, length: %lld, size: %zu\n",
+- (long long)orig_length, (long long)length, obj->stream_size);
++ if ((0 != orig_length) && (obj->stream_size > orig_length + 20)) {
++ cli_dbgmsg("pdf_extract_obj: orig length: %zu, length: %zu, size: %zu\n",
++ orig_length, length, obj->stream_size);
+ pdfobj_flag(pdf, obj, BAD_STREAMLEN);
+ }
+
+@@ -1613,18 +1613,18 @@ cl_error_t pdf_extract_obj(struct pdf_struct *pdf, struct pdf_obj *obj, uint32_t
+ */
+ dict_len = obj->stream - start;
+ if (NULL != (pstr = pdf_getdict(start, &dict_len, "/Type/ObjStm"))) {
+- int32_t objstm_first = -1;
+- int32_t objstm_length = -1;
+- int32_t objstm_n = -1;
++ int objstm_first = -1;
++ int objstm_length = -1;
++ int objstm_n = -1;
+
+ cli_dbgmsg("pdf_extract_obj: Found /Type/ObjStm\n");
+
+ dict_len = obj->stream - start;
+- if ((-1 == (objstm_first = pdf_readint(start, dict_len, "/First")))) {
++ if (-1 == (objstm_first = pdf_readint(start, dict_len, "/First"))) {
+ cli_warnmsg("pdf_extract_obj: Failed to find offset of first object in object stream\n");
+- } else if ((-1 == (objstm_length = pdf_readint(start, dict_len, "/Length")))) {
++ } else if (-1 == (objstm_length = pdf_readint(start, dict_len, "/Length"))) {
+ cli_warnmsg("pdf_extract_obj: Failed to find length of object stream\n");
+- } else if ((-1 == (objstm_n = pdf_readint(start, dict_len, "/N")))) {
++ } else if (-1 == (objstm_n = pdf_readint(start, dict_len, "/N"))) {
+ cli_warnmsg("pdf_extract_obj: Failed to find num objects in object stream\n");
+ } else {
+ /* Add objstm to pdf struct, so it can be freed eventually */
+@@ -1646,19 +1646,19 @@ cl_error_t pdf_extract_obj(struct pdf_struct *pdf, struct pdf_obj *obj, uint32_t
+
+ memset(objstm, 0, sizeof(*objstm));
+
+- objstm->first = (uint32_t)objstm_first;
+- objstm->current = (uint32_t)objstm_first;
++ objstm->first = (size_t)objstm_first;
++ objstm->current = (size_t)objstm_first;
+ objstm->current_pair = 0;
+- objstm->length = (uint32_t)objstm_length;
+- objstm->n = (uint32_t)objstm_n;
++ objstm->length = (size_t)objstm_length;
++ objstm->n = (size_t)objstm_n;
+
+- cli_dbgmsg("pdf_extract_obj: ObjStm first obj at offset %d\n", objstm->first);
+- cli_dbgmsg("pdf_extract_obj: ObjStm length is %d bytes\n", objstm->length);
+- cli_dbgmsg("pdf_extract_obj: ObjStm should contain %d objects\n", objstm->n);
++ cli_dbgmsg("pdf_extract_obj: ObjStm first obj at offset %zu\n", objstm->first);
++ cli_dbgmsg("pdf_extract_obj: ObjStm length is %zu bytes\n", objstm->length);
++ cli_dbgmsg("pdf_extract_obj: ObjStm should contain %zu objects\n", objstm->n);
+ }
+ }
+
+- sum = pdf_decodestream(pdf, obj, dparams, obj->stream, (uint32_t)length, xref, fout, &rc, objstm);
++ sum = pdf_decodestream(pdf, obj, dparams, obj->stream, length, xref, fout, &rc, objstm);
+ if ((CL_SUCCESS != rc) && (CL_VIRUS != rc)) {
+ cli_dbgmsg("Error decoding stream! Error code: %d\n", rc);
+
+@@ -3341,7 +3341,7 @@ cl_error_t pdf_find_and_parse_objs_in_objstm(struct pdf_struct *pdf, struct objs
+ retval = pdf_findobj_in_objstm(pdf, objstm, &obj);
+ if (retval != CL_SUCCESS) {
+ if (retval != CL_BREAK) {
+- cli_dbgmsg("pdf_find_and_parse_objs_in_objstm: Fewer objects in stream than expected: %u found, %u expected.\n",
++ cli_dbgmsg("pdf_find_and_parse_objs_in_objstm: Fewer objects in stream than expected: %zu found, %zu expected.\n",
+ objstm->nobjs_found, objstm->n);
+ badobjects++;
+ pdf->stats.ninvalidobjs++;
+diff --git a/libclamav/pdf.h b/libclamav/pdf.h
+index 3a03f19..b5b69ce 100644
+--- a/libclamav/pdf.h
++++ b/libclamav/pdf.h
+@@ -25,14 +25,14 @@
+ #define PDF_FILTERLIST_MAX 64
+
+ struct objstm_struct {
+- uint32_t first; // offset of first obj
+- uint32_t current; // offset of current obj
+- uint32_t current_pair; // offset of current pair describing id, location of object
+- uint32_t length; // total length of all objects (starting at first)
+- uint32_t n; // number of objects that should be found in the object stream
+- uint32_t nobjs_found; // number of objects actually found in the object stream
+- char *streambuf; // address of stream buffer, beginning with first obj pair
+- size_t streambuf_len; // length of stream buffer, includes pairs followed by actual objects
++ size_t first; // offset of first obj
++ size_t current; // offset of current obj
++ size_t current_pair; // offset of current pair describing id, location of object
++ size_t length; // total length of all objects (starting at first)
++ size_t n; // number of objects that should be found in the object stream
++ size_t nobjs_found; // number of objects actually found in the object stream
++ char *streambuf; // address of stream buffer, beginning with first obj pair
++ size_t streambuf_len; // length of stream buffer, includes pairs followed by actual objects
+ };
+
+ struct pdf_obj {
+diff --git a/libclamav/pdfdecode.c b/libclamav/pdfdecode.c
+index 473cfcd..92ba52d 100644
+--- a/libclamav/pdfdecode.c
++++ b/libclamav/pdfdecode.c
+@@ -73,7 +73,7 @@
+ struct pdf_token {
+ uint32_t flags; /* tracking flags */
+ uint32_t success; /* successfully decoded filters */
+- uint32_t length; /* length of current content; TODO: transition to size_t */
++ size_t length; /* length of current content; TODO: transition to size_t */
+ uint8_t *content; /* content stream */
+ };
+
+@@ -461,10 +461,16 @@ static cl_error_t filter_ascii85decode(struct pdf_struct *pdf, struct pdf_obj *o
+ uint32_t declen = 0;
+
+ const uint8_t *ptr = (uint8_t *)token->content;
+- uint32_t remaining = token->length;
++ size_t remaining = token->length;
+ int quintet = 0, rc = CL_SUCCESS;
+ uint64_t sum = 0;
+
++ /* Check for overflow */
++ if (remaining > (SIZE_MAX / 4)) {
++ cli_dbgmsg("cli_pdf: ascii85decode: overflow detected\n");
++ return CL_EFORMAT;
++ }
++
+ /* 5:4 decoding ratio, with 1:4 expansion sequences => (4*length)+1 */
+ if (!(dptr = decoded = (uint8_t *)cli_malloc((4 * remaining) + 1))) {
+ cli_errmsg("cli_pdf: cannot allocate memory for decoded output\n");
+@@ -851,8 +857,8 @@ static cl_error_t filter_asciihexdecode(struct pdf_struct *pdf, struct pdf_obj *
+ uint8_t *decoded;
+
+ const uint8_t *content = (uint8_t *)token->content;
+- uint32_t length = token->length;
+- uint32_t i, j;
++ size_t length = token->length;
++ size_t i, j;
+ cl_error_t rc = CL_SUCCESS;
+
+ if (!(decoded = (uint8_t *)cli_calloc(length / 2 + 1, sizeof(uint8_t)))) {
+@@ -882,8 +888,8 @@ static cl_error_t filter_asciihexdecode(struct pdf_struct *pdf, struct pdf_obj *
+ if (rc == CL_SUCCESS) {
+ free(token->content);
+
+- cli_dbgmsg("cli_pdf: deflated %lu bytes from %lu total bytes\n",
+- (unsigned long)j, (unsigned long)(token->length));
++ cli_dbgmsg("cli_pdf: deflated %zu bytes from %zu total bytes\n",
++ j, token->length);
+
+ token->content = decoded;
+ token->length = j;
+@@ -891,8 +897,8 @@ static cl_error_t filter_asciihexdecode(struct pdf_struct *pdf, struct pdf_obj *
+ if (!(obj->flags & ((1 << OBJ_IMAGE) | (1 << OBJ_TRUNCATED))))
+ pdfobj_flag(pdf, obj, BAD_ASCIIDECODE);
+
+- cli_dbgmsg("cli_pdf: error occurred parsing byte %lu of %lu\n",
+- (unsigned long)i, (unsigned long)(token->length));
++ cli_dbgmsg("cli_pdf: error occurred parsing byte %zu of %zu\n",
++ i, token->length);
+ free(decoded);
+ }
+ return rc;
+@@ -933,27 +939,29 @@ static cl_error_t filter_decrypt(struct pdf_struct *pdf, struct pdf_obj *obj, st
+ return CL_EPARSE; /* TODO: what should this value be? CL_SUCCESS would mirror previous behavior */
+ }
+
+- cli_dbgmsg("cli_pdf: decrypted %zu bytes from %u total bytes\n",
++ cli_dbgmsg("cli_pdf: decrypted %zu bytes from %zu total bytes\n",
+ length, token->length);
+
+ free(token->content);
+ token->content = (uint8_t *)decrypted;
+- token->length = (uint32_t)length; /* this may truncate unfortunately, TODO: use 64-bit values internally? */
++ token->length = length;
+ return CL_SUCCESS;
+ }
+
+ static cl_error_t filter_lzwdecode(struct pdf_struct *pdf, struct pdf_obj *obj, struct pdf_dict *params, struct pdf_token *token)
+ {
+ uint8_t *decoded, *temp;
+- uint32_t declen = 0, capacity = 0;
++ size_t declen = 0, capacity = 0;
+
+ uint8_t *content = (uint8_t *)token->content;
+ uint32_t length = token->length;
+ lzw_stream stream;
+ int echg = 1, lzwstat, rc = CL_SUCCESS;
+
+- if (pdf->ctx && !(pdf->ctx->dconf->other & OTHER_CONF_LZW))
+- return CL_BREAK;
++ if (pdf->ctx && !(pdf->ctx->dconf->other & OTHER_CONF_LZW)) {
++ rc = CL_BREAK;
++ goto done;
++ }
+
+ if (params) {
+ struct pdf_dict_node *node = params->nodes;
+@@ -984,15 +992,18 @@ static cl_error_t filter_lzwdecode(struct pdf_struct *pdf, struct pdf_obj *obj,
+ * Sample 0015315109, it has \r followed by zlib header.
+ * Flag pdf as suspicious, and attempt to extract by skipping the \r.
+ */
+- if (!length)
+- return CL_SUCCESS;
++ if (!length) {
++ rc = CL_SUCCESS;
++ goto done;
++ }
+ }
+
+ capacity = INFLATE_CHUNK_SIZE;
+
+ if (!(decoded = (uint8_t *)cli_malloc(capacity))) {
+ cli_errmsg("cli_pdf: cannot allocate memory for decoded output\n");
+- return CL_EMEM;
++ rc = CL_EMEM;
++ goto done;
+ }
+
+ memset(&stream, 0, sizeof(stream));
+@@ -1007,7 +1018,8 @@ static cl_error_t filter_lzwdecode(struct pdf_struct *pdf, struct pdf_obj *obj,
+ if (lzwstat != Z_OK) {
+ cli_warnmsg("cli_pdf: lzwInit failed\n");
+ free(decoded);
+- return CL_EMEM;
++ rc = CL_EMEM;
++ goto done;
+ }
+
+ /* initial inflate */
+@@ -1022,16 +1034,23 @@ static cl_error_t filter_lzwdecode(struct pdf_struct *pdf, struct pdf_obj *obj,
+ length -= q - content;
+ content = q;
+
+- stream.next_in = (Bytef *)content;
+- stream.avail_in = length;
+- stream.next_out = (Bytef *)decoded;
++ stream.next_in = (Bytef *)content;
++ stream.avail_in = length;
++ stream.next_out = (Bytef *)decoded;
++ /* Make sure we don't overflow during type conversion */
++ if (capacity > UINT_MAX) {
++ cli_dbgmsg("cli_pdf: lzwdecode: overflow detected\n");
++ rc = CL_EFORMAT;
++ goto done;
++ }
+ stream.avail_out = capacity;
+
+ lzwstat = lzwInit(&stream);
+ if (lzwstat != Z_OK) {
+ cli_warnmsg("cli_pdf: lzwInit failed\n");
+ free(decoded);
+- return CL_EMEM;
++ rc = CL_EMEM;
++ goto done;
+ }
+
+ pdfobj_flag(pdf, obj, BAD_FLATESTART);
+@@ -1044,7 +1063,7 @@ static cl_error_t filter_lzwdecode(struct pdf_struct *pdf, struct pdf_obj *obj,
+ /* extend output capacity if needed,*/
+ if (stream.avail_out == 0) {
+ if ((rc = cli_checklimits("pdf", pdf->ctx, capacity + INFLATE_CHUNK_SIZE, 0, 0)) != CL_SUCCESS) {
+- cli_dbgmsg("cli_pdf: required buffer size to inflate compressed filter exceeds maximum: %u\n", capacity + INFLATE_CHUNK_SIZE);
++ cli_dbgmsg("cli_pdf: required buffer size to inflate compressed filter exceeds maximum: %zu\n", capacity + INFLATE_CHUNK_SIZE);
+ break;
+ }
+
+@@ -1056,7 +1075,17 @@ static cl_error_t filter_lzwdecode(struct pdf_struct *pdf, struct pdf_obj *obj,
+ decoded = temp;
+ stream.next_out = decoded + capacity;
+ stream.avail_out = INFLATE_CHUNK_SIZE;
++ if (declen > (SIZE_MAX - INFLATE_CHUNK_SIZE)) {
++ cli_dbgmsg("cli_pdf: lzwdecode: overflow detected\n");
++ rc = CL_EFORMAT;
++ goto done;
++ }
+ declen += INFLATE_CHUNK_SIZE;
++ if (capacity > (SIZE_MAX - INFLATE_CHUNK_SIZE)) {
++ cli_dbgmsg("cli_pdf: lzwdecode: overflow detected\n");
++ rc = CL_EFORMAT;
++ goto done;
++ }
+ capacity += INFLATE_CHUNK_SIZE;
+ }
+
+@@ -1064,6 +1093,12 @@ static cl_error_t filter_lzwdecode(struct pdf_struct *pdf, struct pdf_obj *obj,
+ lzwstat = lzwInflate(&stream);
+ }
+
++ if (declen > (UINT32_MAX - (INFLATE_CHUNK_SIZE - stream.avail_out))) {
++ cli_dbgmsg("cli_pdf: lzwdecode: overflow detected\n");
++ rc = CL_EFORMAT;
++ goto done;
++ }
++
+ /* add stream end fragment to decoded length */
+ declen += (INFLATE_CHUNK_SIZE - stream.avail_out);
+
+@@ -1104,6 +1139,7 @@ static cl_error_t filter_lzwdecode(struct pdf_struct *pdf, struct pdf_obj *obj,
+
+ (void)lzwInflateEnd(&stream);
+
++done:
+ if (rc == CL_SUCCESS) {
+ if (declen == 0) {
+ cli_dbgmsg("cli_pdf: empty stream after inflation completed.\n");
diff --git a/app-antivirus/clamav/files/clamav-0.103.12-fix-lzma-uaf.patch b/app-antivirus/clamav/files/clamav-0.103.12-fix-lzma-uaf.patch
new file mode 100644
index 000000000000..4d05e5ad16c2
--- /dev/null
+++ b/app-antivirus/clamav/files/clamav-0.103.12-fix-lzma-uaf.patch
@@ -0,0 +1,34 @@
+From fd9cf81463725023d25838a08c8de459f619a58c Mon Sep 17 00:00:00 2001
+From: Val Snyder <micasnyd@cisco.com>
+Date: Wed, 12 Mar 2025 16:08:25 -0400
+Subject: [PATCH] Fix lzma-sdk xz bug
+
+A use-after-free read is possible in the Xz decoder cleanup.
+
+The fix is to set a pointer to NULL so it doesn't try to
+dereference it and free a second time.
+
+Fixes https://issues.oss-fuzz.com/issues/384549094
+
+This fix is also present in lzma-sdk version 18.01.
+Ref: https://github.com/welovegit/LZMA-SDK/blame/main/C/XzDec.c#L508
+---
+ libclamav/7z/XzDec.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/libclamav/7z/XzDec.c b/libclamav/7z/XzDec.c
+index 00a28702f5..7e40d202fb 100644
+--- a/libclamav/7z/XzDec.c
++++ b/libclamav/7z/XzDec.c
+@@ -343,8 +343,10 @@ void MixCoder_Free(CMixCoder *p)
+ for (i = 0; i < p->numCoders; i++)
+ {
+ IStateCoder *sc = &p->coders[i];
+- if (p->alloc && sc->p)
++ if (p->alloc && sc->p) {
+ sc->Free(sc->p, p->alloc);
++ sc->p = NULL;
++ }
+ }
+ p->numCoders = 0;
+ if (p->buf)
^ permalink raw reply related [flat|nested] 16+ messages in thread
end of thread, other threads:[~2025-06-19 1:46 UTC | newest]
Thread overview: 16+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-10-14 7:11 [gentoo-commits] repo/gentoo:master commit in: app-antivirus/clamav/, app-antivirus/clamav/files/ Lars Wendler
-- strict thread matches above, loose matches on Subject: below --
2025-06-19 1:46 Michael Orlitzky
2024-09-05 14:45 Michael Orlitzky
2023-02-15 22:51 Michael Orlitzky
2023-01-05 7:47 Sam James
2021-06-29 4:40 Sam James
2020-12-18 1:10 Michael Orlitzky
2020-06-21 13:38 Michael Orlitzky
2020-03-20 23:50 Thomas Deutschmann
2018-04-20 12:03 Thomas Raschbacher
2018-04-12 12:13 Thomas Raschbacher
2018-03-29 22:42 Thomas Deutschmann
2018-01-26 15:23 Thomas Deutschmann
2017-12-07 15:29 Craig Andrews
2017-11-23 22:30 Robin H. Johnson
2017-01-27 19:44 Austin English
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox