diff --git a/24d1341e8e34aa325ac03718121e33a3b4e5b75e.patch b/24d1341e8e34aa325ac03718121e33a3b4e5b75e.patch new file mode 100644 index 0000000..7bd5cfb --- /dev/null +++ b/24d1341e8e34aa325ac03718121e33a3b4e5b75e.patch @@ -0,0 +1,22 @@ +From 24d1341e8e34aa325ac03718121e33a3b4e5b75e Mon Sep 17 00:00:00 2001 +From: "Benjamin A. Beasley" +Date: Sun, 15 Sep 2024 12:50:07 -0400 +Subject: [PATCH] In libclamav_rust, use the current version of the image crate + +--- + libclamav_rust/Cargo.toml | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libclamav_rust/Cargo.toml b/libclamav_rust/Cargo.toml +index 526951c519..eb95ca8011 100644 +--- a/libclamav_rust/Cargo.toml ++++ b/libclamav_rust/Cargo.toml +@@ -12,7 +12,7 @@ log = { version = "0.4", features = ["std"] } + sha2 = "0.10" + tempfile = "3" + thiserror = "1" +-image = "0.24" ++image = "0.25" + rustdct = "0.7" + transpose = "0.2" + num-traits = "0.2" diff --git a/clamav-rust-dependency-versions.patch b/clamav-rust-dependency-versions.patch deleted file mode 100644 index 56bd08d..0000000 --- a/clamav-rust-dependency-versions.patch +++ /dev/null @@ -1,21 +0,0 @@ -diff -Naur clamav-1.4.3-original/libclamav_rust/Cargo.toml clamav-1.4.3/libclamav_rust/Cargo.toml ---- clamav-1.4.3-original/libclamav_rust/Cargo.toml 2025-12-04 10:01:33.233889863 +0000 -+++ clamav-1.4.3/libclamav_rust/Cargo.toml 2025-12-04 10:02:29.088468217 +0000 -@@ -12,7 +12,7 @@ - sha2 = "0.10" - tempfile = "3" - thiserror = "1" --image = "0.24" -+image = ">=0.24, <0.26" - rustdct = "0.7" - transpose = "0.2" - num-traits = "0.2" -@@ -21,7 +21,7 @@ - unicode-segmentation = "1.10" - bindgen = "0.69" - onenote_parser = "0.3.1" --hex-literal = "0.4" -+hex-literal = ">=0.4, <2.0" - inflate = "0.4" - bzip2-rs = "0.1" - byteorder = "1.5" diff --git a/clamav.spec b/clamav.spec index 60ea311..92f92c7 100644 --- a/clamav.spec +++ b/clamav.spec @@ -26,7 +26,7 @@ Summary: End-user tools for the Clam Antivirus scanner Name: clamav Version: 1.4.3 -Release: 3%{?dist} +Release: 2%{?dist} License: %{?with_unrar:proprietary}%{!?with_unrar:GPL-2.0-only} URL: https://www.clamav.net/ %if %{with unrar} @@ -75,12 +75,8 @@ Patch5: clamav-clamonacc-service.patch Patch6: clamav-freshclam.service.patch # Debian patch to fix big-endian Patch7: https://salsa.debian.org/clamav-team/clamav/-/raw/unstable/debian/patches/libclamav-pe-Use-endian-wrapper-in-more-places.patch -# - Update the image crate dependency to 0.25, the current release, -# https://github.com/Cisco-Talos/clamav/pull/1366/commits/24d1341e8e34aa325ac03718121e33a3b4e5b75e, -# allowing 0.24 for backwards-compatibility with vendored dependencies in EPEL8 -# - Allow version 1.0 of the hex-literal crate dependency; not suitable for -# upstream yet due to MSRV -Patch8: clamav-rust-dependency-versions.patch +# Update the image crate dependency to 0.25, the current release +Patch8: https://github.com/Cisco-Talos/clamav/pull/1366/commits/24d1341e8e34aa325ac03718121e33a3b4e5b75e.patch BuildRequires: cmake3 BuildRequires: gettext-devel @@ -165,6 +161,7 @@ Summary: Filesystem structure for clamav # Prevent version mix Conflicts: %{name} < %{version}-%{release} Conflicts: %{name} > %{version}-%{release} +Requires(pre): shadow-utils BuildArch: noarch %description filesystem @@ -298,6 +295,7 @@ Requires: data(clamav) Requires: clamav-filesystem = %{version}-%{release} Requires: clamav-lib = %{version}-%{release} Requires: coreutils +Requires(pre): shadow-utils # This is still used by clamsmtp and exim-clamav Provides: clamav-server = %{version}-%{release} Provides: clamav-scanner-systemd = %{version}-%{release} @@ -318,9 +316,9 @@ Summary: Milter module for the Clam Antivirus scanner #Requires: clamd = %%{version}-%%{release} #Requires: /usr/sbin/sendmail Requires: clamav-filesystem = %{version}-%{release} +Requires(pre): shadow-utils Provides: clamav-milter-systemd = %{version}-%{release} Obsoletes: clamav-milter-systemd < %{version}-%{release} -Requires: group(clamscan) %description milter This package contains files which are needed to run the clamav-milter. @@ -347,28 +345,17 @@ cd .. %patch -P5 -p1 -b .clamonacc-service %patch -P6 -p1 -b .freshclam-service %patch -P7 -p1 -b .big-endian -%patch -P8 -p1 -b .rust-dependencies +# This patch is not made to be backwards-compatible (even though it could have +# been), and the vendored dependencies in EPEL8 include image 0.24, not 0.25. +%if 0%{?fedora} || 0%{?rhel} >= 9 +%patch -P8 -p1 -b .image-0.25 +%endif install -p -m0644 %{SOURCE300} clamav-milter/ mkdir -p libclamunrar{,_iface} %{!?with_unrar:touch libclamunrar/{Makefile.in,all,install}} -# Create sysusers.d config files -cat >clamav.sysusers.conf <clamd.sysusers.conf <clamav-milter.sysusers.conf <= 9 %generate_buildrequires @@ -378,6 +365,7 @@ cd libclamav_rust %cargo_generate_buildrequires %endif + %build # add -Wl,--as-needed if not exist export LDFLAGS=$(echo %{?__global_ldflags} | sed '/-Wl,--as-needed/!s/$/ -Wl,--as-needed/') @@ -495,21 +483,17 @@ install -m 0644 %SOURCE1 %{buildroot}%{_includedir}/clamav-types.h # TODO: Evaluate using upstream's unit with clamav-daemon.socket rm %{buildroot}%{_unitdir}/clamav-daemon.* -install -m0644 -D clamav.sysusers.conf %{buildroot}%{_sysusersdir}/clamav.conf -install -m0644 -D clamd.sysusers.conf %{buildroot}%{_sysusersdir}/clamd.conf -install -m0644 -D clamav-milter.sysusers.conf %{buildroot}%{_sysusersdir}/clamav-milter.conf - %check %ifarch s390x # Tests fail on s390x # https://github.com/Cisco-Talos/clamav/issues/759 -%ctest3 -E valgrind || : +%ctest3 -- -E valgrind || : %else -%ctest3 -E valgrind +%ctest3 -- -E valgrind %endif # valgrind tests fail https://github.com/Cisco-Talos/clamav/issues/584 -%ctest3 -R valgrind || : +%ctest3 -- -R valgrind || : %post @@ -532,6 +516,24 @@ do [ -f $f -a $f -nt $cvd ] && rm -f $cvd || : done +%pre filesystem +getent group %{updateuser} >/dev/null || groupadd -r %{updateuser} +getent passwd %{updateuser} >/dev/null || \ + useradd -r -g %{updateuser} -d %{homedir} -s /sbin/nologin \ + -c "Clamav database update user" %{updateuser} +getent group virusgroup >/dev/null || groupadd -r virusgroup +usermod %{updateuser} -a -G virusgroup +exit 0 + + +%pre -n clamd +getent group %{scanuser} >/dev/null || groupadd -r %{scanuser} +getent passwd %{scanuser} >/dev/null || \ + useradd -r -g %{scanuser} -d / -s /sbin/nologin \ + -c "Clamav scanner user" %{scanuser} +usermod %{scanuser} -a -G virusgroup +exit 0 + %post -n clamd # Point to the new service unit [ -L /etc/systemd/system/multi-user.target.wants/clamd@scan.service ] && @@ -544,6 +546,19 @@ done %postun -n clamd %systemd_postun_with_restart clamd@scan.service +%triggerin milter -- clamav-scanner +# Add the milteruser to the scanuser group; this is required when +# milter and clamd communicate through local sockets +/usr/sbin/groupmems -g %{scanuser} -a %{milteruser} &>/dev/null || : + +%pre milter +getent group %{milteruser} >/dev/null || groupadd -r %{milteruser} +getent passwd %{milteruser} >/dev/null || \ + useradd -r -g %{milteruser} -d %{_rundir}/clamav-milter -s /sbin/nologin \ + -c "Clamav Milter user" %{milteruser} +usermod %{milteruser} -a -G virusgroup +exit 0 + %post milter %systemd_post clamav-milter.service @@ -610,7 +625,6 @@ done %dir %{_sysconfdir}/clamd.d # Used by both clamd, clamdscan, and clamonacc %config(noreplace) %{_sysconfdir}/clamd.d/scan.conf -%{_sysusersdir}/clamav.conf %files data @@ -650,7 +664,6 @@ done %{_sbindir}/clamd %{_unitdir}/clamd@.service %{_tmpfilesdir}/clamd.scan.conf -%{_sysusersdir}/clamd.conf %files milter @@ -661,40 +674,27 @@ done %dir %{_sysconfdir}/mail %config(noreplace) %{_sysconfdir}/mail/clamav-milter.conf %{_tmpfilesdir}/clamav-milter.conf -%{_sysusersdir}/clamav-milter.conf %changelog -* Thu Dec 04 2025 Gwyn Ciesla - 1.4.3-3 -- Bump EVR, hex-literal patches. +* Mon Aug 25 2025 Gwyn Ciesla - 1.4.3-2 +- Revert sysuser change -* Wed Jul 23 2025 Fedora Release Engineering - 1.4.3-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild - -* Wed Jun 18 2025 Gwyn Ciesla - 1.4.3-1 -- 1.4.3 - -* Sat Feb 8 2025 Zbigniew Jedrzejewski-Szmek - 1.4.2-2 -- Add sysusers.d config files to allow rpm to create users/groups automatically - -* Thu Jan 23 2025 Orion Poplawski - 1.4.2-1 -- Update to 1.4.2 - -* Thu Jan 16 2025 Fedora Release Engineering - 1.4.1-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild - -* Wed Sep 25 2024 Orion Poplawski - 1.4.1-1 +* Wed Jul 23 2025 Orion Poplawski - 1.4.1-1 - Update to 1.4.1 -* Sun Sep 15 2024 Benjamin A. Beasley - 1.0.7-2 +* Wed Jul 23 2025 Orion Poplawski - 1.0.9-2 - Update the image crate dependency to 0.25, the current release +* Wed Jun 18 2025 Gwyn Ciesla - 1.0.9-1 +- Update to 1.0.9 + +* Sun Jan 26 2025 Orion Poplawski - 1.0.8-1 +- Update to 1.0.8 + * Thu Sep 05 2024 Yaakov Selkowitz - 1.0.7-1 - Update to 1.0.7 -* Wed Jul 17 2024 Fedora Release Engineering - 1.0.6-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild - * Fri Apr 26 2024 Orion Poplawski - 1.0.6-1 - Update to 1.0.6 @@ -704,41 +704,56 @@ done * Thu Apr 04 2024 John Sullivan - 1.0.5-4 - Update EPEL 7 and 8 support for 1.0.5 -* Sat Mar 16 2024 Sérgio Basto - 1.0.5-3 + * Sat Mar 16 2024 Sérgio Basto - 1.0.5-3 + - (#1679375) fixes syntax error in /etc/logrotate.d/clamd.exim + + * Tue Mar 05 2024 Sérgio Basto - 1.0.5-2 + - set nullblog to fix post script (#2253914) + - Properly check valgrind arches + + * Thu Feb 08 2024 Orion Poplawski - 1.0.5-1 + - Update to 1.0.5 + + * Tue Jan 23 2024 Fedora Release Engineering - 1.0.4-3 + - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + + * Fri Jan 19 2024 Fedora Release Engineering - 1.0.4-2 + - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + + * Sun Oct 29 2023 Orion Poplawski - 1.0.4-1 + - Update to 1.0.4 + - Remove docs again from main package (bz#2230512) + + * Fri Aug 18 2023 Orion Poplawski - 1.0.2-1 + - Update to 1.0.2 CVE-2023-20197 (bz#2232508) + + * Wed Jul 19 2023 Fedora Release Engineering - 1.0.1-5 + - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + + * Mon Feb 27 2023 Orion Poplawski - 1.0.1-4 + - Mark cvd files is clamav-data as %%config(noreplace) (bz#2170876) + - Rename clamav-update to clamav-freshclam + - Make clamav-freshclam supplement clamd + - Have clamav-freshclam ghost all of the .cld and .cvd files + - Update data files with help of Cisco-Talos/cvdupdate + - Update to 1.0.1 + - Make sure RUSTFLAGS are passed to rustc (bz#2167194) + - Fix multilib install + +* Mon Mar 18 2024 Sérgio Basto - 0.103.11-2 - (#1679375) fixes syntax error in /etc/logrotate.d/clamd.exim -* Tue Mar 05 2024 Sérgio Basto - 1.0.5-2 -- set nullblog to fix post script (#2253914) -- Properly check valgrind arches +* Sun Oct 29 2023 Orion Poplawski - 0.103.11-1 +- Update to 0.103.11 -* Thu Feb 08 2024 Orion Poplawski - 1.0.5-1 -- Update to 1.0.5 +* Thu Aug 31 2023 Sérgio Basto - 0.103.10-1 +- Update to 0.103.10 -* Tue Jan 23 2024 Fedora Release Engineering - 1.0.4-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild +* Fri Aug 18 2023 Orion Poplawski - 0.103.9-1 +- Update to 0.103.9 CVE-2023-20197 (bz#2232508) -* Fri Jan 19 2024 Fedora Release Engineering - 1.0.4-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild - -* Sun Oct 29 2023 Orion Poplawski - 1.0.4-1 -- Update to 1.0.4 -- Remove docs again from main package (bz#2230512) - -* Fri Aug 18 2023 Orion Poplawski - 1.0.2-1 -- Update to 1.0.2 CVE-2023-20197 (bz#2232508) - -* Wed Jul 19 2023 Fedora Release Engineering - 1.0.1-5 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild - -* Mon Feb 27 2023 Orion Poplawski - 1.0.1-4 -- Mark cvd files is clamav-data as %%config(noreplace) (bz#2170876) -- Rename clamav-update to clamav-freshclam -- Make clamav-freshclam supplement clamd -- Have clamav-freshclam ghost all of the .cld and .cvd files +* Fri Feb 24 2023 Sérgio Basto - 0.103.8-4 - Update data files with help of Cisco-Talos/cvdupdate -- Update to 1.0.1 -- Make sure RUSTFLAGS are passed to rustc (bz#2167194) -- Fix multilib install * Mon Feb 20 2023 Orion Poplawski - 0.103.8-3 - Fix daily.cvd file