Hello community, here is the log from the commit of package clamav for openSUSE:Factory checked in at 2018-08-02 14:58:41 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/clamav (Old) and /work/SRC/openSUSE:Factory/.clamav.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "clamav" Thu Aug 2 14:58:41 2018 rev:95 rq:626690 version:0.100.1 Changes: -------- --- /work/SRC/openSUSE:Factory/clamav/clamav.changes 2018-04-29 19:37:31.238033752 +0200 +++ /work/SRC/openSUSE:Factory/.clamav.new/clamav.changes 2018-08-02 14:58:47.708343329 +0200 @@ -1,0 +2,35 @@ +Tue Jul 31 08:43:39 UTC 2018 - max@suse.com + +- bsc#1101654: Disable YARA support for licensing reasons + (clamav-disable-yara.patch). +- Do not ignore errors from useradd et al. +- Unclutter the spec file. + +------------------------------------------------------------------- +Wed Jul 25 16:23:09 UTC 2018 - mpluskal@suse.com + +- Update dendencies (pcre2, libjson-c and systemd) +- Modernise spec file with spec-cleaner + +------------------------------------------------------------------- +Tue Jul 17 14:21:35 UTC 2018 - security@suse.com + +- fix library-without-ldconfig warnings on libclammspack + +------------------------------------------------------------------- +Tue Jul 10 08:06:33 UTC 2018 - egdfree@opensuse.org + +- Update to version 0.100.1 + * CVE-2018-0360: HWP integer overflow, infinite loop + vulnerability (bsc#1101410) + * CVE-2018-0361: PDF object length check, unreasonably long time + to parse relatively small file (bsc#1101412) + * Buffer over-read in unRAR code due to missing max value checks + in table initialization + * Libmspack heap buffer over-read in CHM parser + * PDF parser bugs + * Add HTTPS support for clamsubmit + * Fix for DNS resolution for users on IPv4-only machines where + IPv6 is not available or is link-local only + +------------------------------------------------------------------- Old: ---- clamav-0.100.0.tar.gz clamav-0.100.0.tar.gz.sig New: ---- clamav-0.100.1.tar.gz clamav-0.100.1.tar.gz.sig clamav-disable-yara.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ clamav.spec ++++++ --- /var/tmp/diff_new_pack.NZAwNQ/_old 2018-08-02 14:58:48.684344974 +0200 +++ /var/tmp/diff_new_pack.NZAwNQ/_new 2018-08-02 14:58:48.692344987 +0200 @@ -16,49 +16,55 @@ # +%define clamav_check --enable-check Name: clamav +Version: 0.100.1 +Release: 0 +Summary: Antivirus Toolkit +License: GPL-2.0-only +Group: Productivity/Security +URL: http://www.clamav.net +Source0: http://www.clamav.net/downloads/production/%name-%version.tar.gz +Source1: http://www.clamav.net/downloads/production/%name-%version.tar.gz.sig +Source4: clamav-rpmlintrc +Source6: clamav-tmpfiles.conf +Source7: service.clamd +Source8: service.freshclam +Source9: service.clamav-milter +Source11: clamav.keyring +Patch1: clamav-conf.patch +Patch4: clamav-disable-timestamps.patch +Patch5: clamav-obsolete-config.patch +Patch6: clamav-disable-yara.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: bc BuildRequires: check-devel BuildRequires: libbz2-devel BuildRequires: libcurl-devel +BuildRequires: libjson-c-devel BuildRequires: libopenssl-devel BuildRequires: libtool BuildRequires: libxml2-devel BuildRequires: ncurses-devel -BuildRequires: pcre-devel +BuildRequires: pcre2-devel BuildRequires: pkgconfig BuildRequires: pwdutils BuildRequires: python-devel BuildRequires: sed BuildRequires: sendmail-devel +BuildRequires: systemd-devel +BuildRequires: systemd-rpm-macros BuildRequires: zlib-devel -%define clamav_check --enable-check -Summary: Antivirus Toolkit -License: GPL-2.0-only -Group: Productivity/Security -Version: 0.100.0 -Release: 0 -Url: http://www.clamav.net +Requires(pre): %_bindir/awk +Requires(pre): %_sbindir/groupadd +Requires(pre): %_sbindir/useradd +Requires(pre): %_sbindir/usermod +Requires(pre): /bin/sed +Requires(pre): /bin/tar Obsoletes: clamav-db < 0.88.3 -Provides: clamav-nodb = %{version} +Provides: clamav-nodb = %version Obsoletes: clamav-nodb <= 0.98.4 -Requires(pre): %_sbindir/groupadd %_sbindir/useradd %_sbindir/usermod -Requires(pre): /usr/bin/awk /bin/sed /bin/tar -Source0: http://www.clamav.net/downloads/production/%{name}-%{version}.tar.gz -Source1: http://www.clamav.net/downloads/production/%{name}-%{version}.tar.gz.sig -Source11: clamav.keyring -Source4: clamav-rpmlintrc -Source6: clamav-tmpfiles.conf -Source7: service.clamd -Source8: service.freshclam -Source9: service.clamav-milter -Patch1: clamav-conf.patch -Patch4: clamav-disable-timestamps.patch -Patch5: clamav-obsolete-config.patch -BuildRequires: systemd -BuildRequires: systemd-rpm-macros %systemd_requires %description @@ -104,6 +110,7 @@ %patch1 %patch4 %patch5 +%patch6 %build CFLAGS="-fstack-protector" @@ -125,18 +132,19 @@ %clamav_check \ --enable-clamdtop \ --disable-zlib-vcheck \ - --disable-timestamps + --disable-timestamps \ + --disable-yara -make V=1 %{?_smp_mflags} +make V=1 %?_smp_mflags %install %make_install install -d -m755 %buildroot/var/lib/clamav install -d -m755 %buildroot/%_tmpfilesdir -install -m644 %{S:6} %buildroot%_tmpfilesdir/clamav.conf +install -m644 %SOURCE6 %buildroot%_tmpfilesdir/clamav.conf mkdir -p %buildroot/var/spool/amavis mkdir -p -m 0755 %buildroot/run/clamav -rm %buildroot/%_libdir/*.la +find %buildroot -type f -name "*.la" -delete -print # libclammspack is not meant to be linked against by anything but # libclamav @@ -144,24 +152,24 @@ rm %buildroot%_libdir/libclammspack.so # fix the new config file names -pushd %buildroot/etc +pushd %buildroot%_sysconfdir mv clamd.conf.sample clamd.conf mv clamav-milter.conf.sample clamav-milter.conf mv freshclam.conf.sample freshclam.conf popd # Systemd... -install -d -m 0755 %buildroot/%{_unitdir} -install -m 0644 %{S:7} %buildroot/%{_unitdir}/clamd.service -install -m 0644 %{S:8} %buildroot/%{_unitdir}/freshclam.service -install -m 0644 %{S:9} %buildroot/%{_unitdir}/clamav-milter.service -rm -f %buildroot/%{_unitdir}/clamav-daemon.service -rm -f %buildroot/%{_unitdir}/clamav-daemon.socket -rm -f %buildroot/%{_unitdir}/clamav-freshclam.service +install -d -m 0755 %buildroot/%_unitdir +install -m 0644 %SOURCE7 %buildroot/%_unitdir/clamd.service +install -m 0644 %SOURCE8 %buildroot/%_unitdir/freshclam.service +install -m 0644 %SOURCE9 %buildroot/%_unitdir/clamav-milter.service +rm -f %buildroot/%_unitdir/clamav-daemon.service +rm -f %buildroot/%_unitdir/clamav-daemon.socket +rm -f %buildroot/%_unitdir/clamav-freshclam.service # this is broken if system does not have systemd so don't # use it at all on systems without mandatory systemd for srvname in clamd freshclam clamav-milter;do - (export PATH=/usr/sbin:/sbin:$PATH ;ln -sf $(which service) %{buildroot}/%{_sbindir}/rc${srvname}) + (export PATH=%_prefix/sbin:/sbin:$PATH ;ln -sf $(which service) %buildroot/%_sbindir/rc${srvname}) done %check @@ -173,17 +181,19 @@ %post -n libclamav7 -p /sbin/ldconfig %postun -n libclamav7 -p /sbin/ldconfig +%post -n libclammspack0 -p /sbin/ldconfig +%postun -n libclammspack0 -p /sbin/ldconfig %files %config(noreplace) %_sysconfdir/*.conf #systemd... -%{_unitdir}/clamd.service -%{_unitdir}/freshclam.service -%{_unitdir}/clamav-milter.service +%_unitdir/clamd.service +%_unitdir/freshclam.service +%_unitdir/clamav-milter.service %_tmpfilesdir -%doc COPYING* +%license COPYING* %doc docs/*.pdf docs/html -%doc %_mandir/*/* +%_mandir/*/* %_bindir/* %_sbindir/* %defattr(-,vscan,vscan) @@ -203,11 +213,11 @@ %_includedir/* %pre -getent group vscan >/dev/null || %_sbindir/groupadd -r vscan || : +getent group vscan >/dev/null || %_sbindir/groupadd -r vscan getent passwd vscan >/dev/null || \ %_sbindir/useradd -r -o -g vscan -u 65 -s /bin/false \ - -c "Vscan account" -d /var/spool/amavis vscan || : -%_sbindir/usermod vscan -g vscan 2> /dev/null || : + -c "Vscan account" -d /var/spool/amavis vscan +%_sbindir/usermod vscan -g vscan %service_add_pre clamd.service freshclam.service clamav-milter.service %post ++++++ clamav-0.100.0.tar.gz -> clamav-0.100.1.tar.gz ++++++ /work/SRC/openSUSE:Factory/clamav/clamav-0.100.0.tar.gz /work/SRC/openSUSE:Factory/.clamav.new/clamav-0.100.1.tar.gz differ: char 5, line 1 ++++++ clamav-disable-timestamps.patch ++++++ --- /var/tmp/diff_new_pack.NZAwNQ/_old 2018-08-02 14:58:48.736345062 +0200 +++ /var/tmp/diff_new_pack.NZAwNQ/_new 2018-08-02 14:58:48.736345062 +0200 @@ -78,4 +78,4 @@ +_ACEOF - VERSION="0.100.0" + VERSION="0.100.1" ++++++ clamav-disable-yara.patch ++++++ --- m4/reorganization/yara.m4.orig +++ m4/reorganization/yara.m4 @@ -6,7 +6,7 @@ enable_yara=$enableval, enable_yara="yes if test "$enable_yara" = "yes"; then AC_DEFINE([HAVE_YARA],1,[yara sources are compiled in]) - AC_SUBST([HAVE_YARA]) + AC_SUBST([HAVE_YARA], 1) fi --- unit_tests/check_common.sh.orig +++ unit_tests/check_common.sh @@ -222,6 +222,7 @@ EOF scan_failed clamscan4.log "clamscan has detected spurious VI's" fi +if test "x$HAVE_YARA" = "x1"; then cat <<EOF >test-db/test.yara rule yara_at_offset {strings: \$tar_magic = { 75 73 74 61 72 } condition: \$tar_magic at 257} EOF @@ -249,6 +250,7 @@ EOF fi test_end $1 +fi } # ----------- clamd tests -------------------------------------------------------- --- configure.orig +++ configure @@ -24324,6 +24324,7 @@ if test "$enable_yara" = "yes"; then $as_echo "#define HAVE_YARA 1" >>confdefs.h + HAVE_YARA=1 fi