Bump EVR

This is part of https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_4

If there will be no comments in two weeks, I will merge this.

README.fedora.md

@@ -1,37 +1,25 @@
+## README.fedora.md (mainly clamav-milter) 
+
+
 Please note for Fedora and EPEL 7+ we use only systemd.
-upstart and sysvinit only apply to EPEL 6.
 
 A clamav-milter setup consists of the following three components:
 
-* the clamav-milter itself
-
-  --> this is provided by the 'clamav-milter' package plus (alternatively)
-      'clamav-milter-upstart' or 'clamav-milter-sysvinit'
+### The clamav-milter itself
 
   The main configuration is in /etc/mail/clamav-milter.conf and MUST
   be changed before first use.
 
   This can be enabled with: 'systemctl enable clamav-milter.service'
 
-  The -sysvinit package is managed by the traditional tools, but
-  -upstart requires modification of /etc/event.d/clamav-milter to
-  enable automatic startup.  See comments there for more details.
-
-* a clamav scanner daemon
-
-  --> this is in the clamd package (or on EL6:
-      'clamav-scanner-upstart' or 'clamav-scanner-sysvinit')
+### A clamav scanner daemon
 
   The daemon is configured by /etc/clamd.d/scan.conf (which MUST be
   edited before first use).
 
   This can be enabled with: 'systemctl enable clamd@scan.service'
 
-  The -sysvinit package is managed by the traditional tools, but
-  -upstart requires modification of /etc/event.d/clamd.scan to enable
-  automatic startup.  See comments there for more details.
-
-* the MTA (sendmail/postfix)
+### The MTA (sendmail/postfix)
 
   --> you should know how to install this...
 
@@ -43,6 +31,13 @@ A clamav-milter setup consists of the following three components:
 
   to your sendmail.mc.
 
+### Changing permissions of directory /var/lib/clamav  
+
+  - Whenever ClamAV is upgraded by dnf, the permissions for the /var/lib/clamav directory change to user clamupdate  
+  - If for some reason you need DatabaseOwner be another user, you may copy /usr/lib/systemd/system/clamav-freshclam.service to /etc/systemd/system/ and add ExecStartPre=+/usr/bin/chown youruser:yourgroup /var/lib/clamav and updates won't break your configuration ...
+  - Please add comments to https://bugzilla.redhat.com/show_bug.cgi?id=2023371 if not work for you or if you have any suggestion.
+  - Note: =+ on systemd.service (man 5 systemd.service, Special executable prefixes)  If the executable path is prefixed with "+" then the process is executed with full privileges.
+
 
 EXAMPLE
 =======

clamav-check.patch

@@ -1,12 +0,0 @@
-diff -up clamav-0.103.0/unit_tests/check_jsnorm.c.check clamav-0.103.0/unit_tests/check_jsnorm.c
---- clamav-0.103.0/unit_tests/check_jsnorm.c.check	2020-09-12 18:27:10.000000000 -0600
-+++ clamav-0.103.0/unit_tests/check_jsnorm.c	2020-09-17 22:15:26.199957518 -0600
-@@ -247,7 +247,7 @@ static void tokenizer_test(const char *i
-     fd = open(filename, O_RDONLY);
-     if (fd < 0) {
-         jstest_teardown();
--        ck_assert_msg("failed to open output file: %s", filename);
-+        ck_assert_msg(0, "failed to open output file: %s", filename);
-     }
- 
-     diff_file_mem(fd, expected, len);

clamav-clamonacc-service.patch

@@ -1,6 +1,6 @@
-diff -up clamav-0.103.0/clamonacc/clamav-clamonacc.service.in.clamonacc-service clamav-0.103.0/clamonacc/clamav-clamonacc.service.in
---- clamav-0.103.0/clamonacc/clamav-clamonacc.service.in.clamonacc-service	2020-09-12 18:27:09.000000000 -0600
-+++ clamav-0.103.0/clamonacc/clamav-clamonacc.service.in	2020-09-18 19:49:35.400152760 -0600
+diff -up clamav-1.4.0/clamonacc/clamav-clamonacc.service.in.clamonacc-service clamav-1.4.0/clamonacc/clamav-clamonacc.service.in
+--- clamav-1.4.0/clamonacc/clamav-clamonacc.service.in.clamonacc-service	2024-08-15 20:12:56.950984705 -0600
++++ clamav-1.4.0/clamonacc/clamav-clamonacc.service.in	2024-08-15 20:14:19.088770747 -0600
 @@ -4,14 +4,12 @@
  [Unit]
  Description=ClamAV On-Access Scanner
@@ -13,8 +13,8 @@ diff -up clamav-0.103.0/clamonacc/clamav-clamonacc.service.in.clamonacc-service
  Type=simple
  User=root
 -ExecStartPre=/bin/bash -c "while [ ! -S /run/clamav/clamd.ctl ]; do sleep 1; done"
--ExecStart=@prefix@/sbin/clamonacc -F --config-file=@APP_CONFIG_DIRECTORY@/clamd.conf --log=/var/log/clamav/clamonacc.log --move=/root/quarantine
+-ExecStart=@prefix@/sbin/clamonacc -F --log=/var/log/clamav/clamonacc.log --move=/root/quarantine
 +ExecStart=@prefix@/sbin/clamonacc -F --config-file=/etc/clamd.d/scan.conf
+ ExecStop=/bin/kill -SIGKILL $MAINPID
  
  [Install]
- WantedBy=multi-user.target

clamav-default_confs.patch

@@ -1,6 +1,6 @@
-diff -up clamav-0.103.0/clamconf/clamconf.c.default_confs clamav-0.103.0/clamconf/clamconf.c
---- clamav-0.103.0/clamconf/clamconf.c.default_confs	2020-09-12 18:27:09.000000000 -0600
-+++ clamav-0.103.0/clamconf/clamconf.c	2020-09-17 22:00:20.792879792 -0600
+diff -up clamav-0.104.3/clamconf/clamconf.c.default_confs clamav-0.104.3/clamconf/clamconf.c
+--- clamav-0.104.3/clamconf/clamconf.c.default_confs	2022-05-02 00:24:50.000000000 -0600
++++ clamav-0.104.3/clamconf/clamconf.c	2022-05-12 22:04:42.883348923 -0600
 @@ -63,9 +63,9 @@ static struct _cfgfile {
      const char *name;
      int tool;
@@ -13,66 +13,66 @@ diff -up clamav-0.103.0/clamconf/clamconf.c.default_confs clamav-0.103.0/clamcon
      {NULL, 0}};
  
  static void printopts(struct optstruct *opts, int nondef)
-diff -up clamav-0.103.0/docs/man/clamav-milter.8.in.default_confs clamav-0.103.0/docs/man/clamav-milter.8.in
---- clamav-0.103.0/docs/man/clamav-milter.8.in.default_confs	2020-09-12 18:27:09.000000000 -0600
-+++ clamav-0.103.0/docs/man/clamav-milter.8.in	2020-09-17 22:00:20.793879800 -0600
+diff -up clamav-0.104.3/docs/man/clamav-milter.8.in.default_confs clamav-0.104.3/docs/man/clamav-milter.8.in
+--- clamav-0.104.3/docs/man/clamav-milter.8.in.default_confs	2022-05-12 22:04:42.885348940 -0600
++++ clamav-0.104.3/docs/man/clamav-milter.8.in	2022-05-12 22:05:25.031719791 -0600
 @@ -27,7 +27,7 @@ Print the version number and exit.
  Read configuration from FILE.
  .SH "FILES"
- .LP 
--@CFGDIR@/clamav-milter.conf
-+@CFGDIR@/mail/clamav-milter.conf
+ .LP
+-@CONFDIR@/clamav-milter.conf
++@CONFDIR@/mail/clamav-milter.conf
  .SH "AUTHOR"
- .LP 
+ .LP
  aCaB <acab@clamav.net>
-diff -up clamav-0.103.0/docs/man/clamav-milter.conf.5.in.default_confs clamav-0.103.0/docs/man/clamav-milter.conf.5.in
---- clamav-0.103.0/docs/man/clamav-milter.conf.5.in.default_confs	2020-09-12 18:27:09.000000000 -0600
-+++ clamav-0.103.0/docs/man/clamav-milter.conf.5.in	2020-09-17 22:00:20.794879808 -0600
+diff -up clamav-0.104.3/docs/man/clamav-milter.conf.5.in.default_confs clamav-0.104.3/docs/man/clamav-milter.conf.5.in
+--- clamav-0.104.3/docs/man/clamav-milter.conf.5.in.default_confs	2022-05-12 22:04:42.887348958 -0600
++++ clamav-0.104.3/docs/man/clamav-milter.conf.5.in	2022-05-12 22:05:48.834929418 -0600
 @@ -239,7 +239,7 @@ Default: no
  All options expressing a size are limited to max 4GB. Values in excess will be reset to the maximum.
  .SH "FILES"
- .LP 
--@CFGDIR@/clamav-milter.conf
-+@CFGDIR@/mail/clamav-milter.conf
+ .LP
+-@CONFDIR@/clamav-milter.conf
++@CONFDIR@/mail/clamav-milter.conf
  .SH "AUTHOR"
- .LP 
+ .LP
  aCaB <acab@clamav.net>
-diff -up clamav-0.103.0/docs/man/clamd.8.in.default_confs clamav-0.103.0/docs/man/clamd.8.in
---- clamav-0.103.0/docs/man/clamd.8.in.default_confs	2020-09-12 18:27:09.000000000 -0600
-+++ clamav-0.103.0/docs/man/clamd.8.in	2020-09-17 22:00:20.794879808 -0600
+diff -up clamav-0.104.3/docs/man/clamd.8.in.default_confs clamav-0.104.3/docs/man/clamd.8.in
+--- clamav-0.104.3/docs/man/clamd.8.in.default_confs	2022-05-12 22:04:42.888348967 -0600
++++ clamav-0.104.3/docs/man/clamd.8.in	2022-05-12 22:07:01.657570942 -0600
 @@ -7,7 +7,7 @@ clamd \- an anti\-virus daemon
  clamd [options]
  .SH "DESCRIPTION"
- .LP 
--The daemon listens for incoming connections on Unix and/or TCP socket and scans files or directories on demand. It reads the configuration from @CFGDIR@/clamd.conf
-+The daemon listens for incoming connections on Unix and/or TCP socket and scans files or directories on demand. It reads the configuration from @CFGDIR@/clamd.d/scan.conf
+ .LP
+-The daemon listens for incoming connections on Unix and/or TCP socket and scans files or directories on demand. It reads the configuration from @CONFDIR@/clamd.conf
++The daemon listens for incoming connections on Unix and/or TCP socket and scans files or directories on demand. It reads the configuration from @CONFDIR@/clamd.d/scan.conf
  .SH "COMMANDS"
- .LP 
+ .LP
  It's recommended to prefix clamd commands with the letter \fBz\fR (eg. zSCAN) to indicate that the command will be delimited by a NULL character and that clamd should continue reading command data until a NULL character is read. The null delimiter assures that the complete command and its entire argument will be processed as a single command. Alternatively commands may be prefixed with the letter \fBn\fR (e.g. nSCAN) to use a newline character as the delimiter. Clamd replies will honour the requested terminator in turn.
-@@ -125,7 +125,7 @@ Reload the signature databases.
+@@ -133,7 +133,7 @@ Reload the signature databases.
  Perform a clean exit.
  .SH "FILES"
- .LP 
--@CFGDIR@/clamd.conf
-+@CFGDIR@/clamd.d/scan.conf
+ .LP
+-@CONFDIR@/clamd.conf
++@CONFDIR@/clamd.d/scan.conf
  .SH "CREDITS"
  Please check the full documentation for credits.
  .SH "AUTHOR"
-diff -up clamav-0.103.0/docs/man/clamd.conf.5.in.default_confs clamav-0.103.0/docs/man/clamd.conf.5.in
---- clamav-0.103.0/docs/man/clamd.conf.5.in.default_confs	2020-09-17 22:00:20.795879816 -0600
-+++ clamav-0.103.0/docs/man/clamd.conf.5.in	2020-09-17 22:01:21.414353121 -0600
-@@ -759,7 +759,7 @@ Default: no
+diff -up clamav-0.104.3/docs/man/clamd.conf.5.in.default_confs clamav-0.104.3/docs/man/clamd.conf.5.in
+--- clamav-0.104.3/docs/man/clamd.conf.5.in.default_confs	2022-05-12 22:04:42.889348976 -0600
++++ clamav-0.104.3/docs/man/clamd.conf.5.in	2022-05-12 22:06:21.800219822 -0600
+@@ -765,7 +765,7 @@ Default: no
  All options expressing a size are limited to max 4GB. Values in excess will be reset to the maximum.
  .SH "FILES"
  .LP
--@CFGDIR@/clamd.conf
-+@CFGDIR@/clamd.d/scan.conf
+-@CONFDIR@/clamd.conf
++@CONFDIR@/clamd.d/scan.conf
  .SH "AUTHORS"
  .LP
  Tomasz Kojm <tkojm@clamav.net>, Kevin Lin <klin@sourcefire.com>
-diff -up clamav-0.103.0/platform.h.in.default_confs clamav-0.103.0/platform.h.in
---- clamav-0.103.0/platform.h.in.default_confs	2020-09-17 22:00:20.796879824 -0600
-+++ clamav-0.103.0/platform.h.in	2020-09-17 22:01:56.842629739 -0600
+diff -up clamav-0.104.3/platform.h.in.default_confs clamav-0.104.3/platform.h.in
+--- clamav-0.104.3/platform.h.in.default_confs	2022-05-02 00:24:50.000000000 -0600
++++ clamav-0.104.3/platform.h.in	2022-05-12 22:04:42.891348993 -0600
 @@ -112,9 +112,9 @@ typedef unsigned int in_addr_t;
  #endif
  

clamav-freshclam.service.patch

@@ -1,17 +1,12 @@
---- ./freshclam/clamav-freshclam.service.in.orig	2021-06-14 10:36:39.029730737 +0100
-+++ ./freshclam/clamav-freshclam.service.in	2021-06-14 10:37:53.621423748 +0100
-@@ -2,13 +2,12 @@
+diff -up clamav-0.104.3/freshclam/clamav-freshclam.service.in.freshclam-service clamav-0.104.3/freshclam/clamav-freshclam.service.in
+--- clamav-0.104.3/freshclam/clamav-freshclam.service.in.freshclam-service	2022-05-12 22:07:25.472780737 -0600
++++ clamav-0.104.3/freshclam/clamav-freshclam.service.in	2022-05-12 22:08:06.280140224 -0600
+@@ -2,7 +2,7 @@
  Description=ClamAV virus database updater
  Documentation=man:freshclam(1) man:freshclam.conf(5) https://docs.clamav.net/
  # If user wants it run from cron, don't start the daemon.
 -ConditionPathExists=!/etc/cron.d/clamav-freshclam
-+# ConditionPathExists=!/etc/cron.d/clamav-update
++# ConditionPathExists=!/etc/cron.d/clamav-freshclam
  Wants=network-online.target
  After=network-online.target
  
- [Service]
- ExecStart=@prefix@/bin/freshclam -d --foreground=true
--StandardOutput=syslog
- 
- [Install]
- WantedBy=multi-user.target

clamav-private.patch

@@ -8,8 +8,17 @@
 +Libs.private: -L${libdir} -lclamav @LIBCLAMAV_LIBS@
  Cflags: -I${includedir}
  
---- clamav-0.99/clamav-config.in		2015-05-28 23:56:25.000000000 +0200
-+++ clamav-0.99/clamav-config.in.private	2015-12-02 01:31:34.933705763 +0100
+diff -up clamav-1.0.0/clamav-config.in.private clamav-1.0.0/clamav-config.in
+--- clamav-1.0.0/clamav-config.in.private	2023-01-22 17:40:01.711757908 -0700
++++ clamav-1.0.0/clamav-config.in	2023-01-22 18:01:06.188743168 -0700
+@@ -4,7 +4,6 @@
+ prefix=@prefix@
+ exec_prefix=@exec_prefix@
+ includedir=@includedir@
+-libdir=@libdir@
+ 
+ usage()
+ {
 @@ -54,12 +54,8 @@
  	usage 0
  	;;

clamav-rust-dependency-versions.patch

@@ -0,0 +1,21 @@
+diff -Naur clamav-1.4.3-original/libclamav_rust/Cargo.toml clamav-1.4.3/libclamav_rust/Cargo.toml
+--- clamav-1.4.3-original/libclamav_rust/Cargo.toml	2025-12-04 10:01:33.233889863 +0000
++++ clamav-1.4.3/libclamav_rust/Cargo.toml	2025-12-04 10:02:29.088468217 +0000
+@@ -12,7 +12,7 @@
+ sha2 = "0.10"
+ tempfile = "3"
+ thiserror = "1"
+-image = "0.24"
++image = ">=0.24, <0.26"
+ rustdct = "0.7"
+ transpose = "0.2"
+ num-traits = "0.2"
+@@ -21,7 +21,7 @@
+ unicode-segmentation = "1.10"
+ bindgen = "0.69"
+ onenote_parser = "0.3.1"
+-hex-literal = "0.4"
++hex-literal = ">=0.4, <2.0"
+ inflate = "0.4"
+ bzip2-rs = "0.1"
+ byteorder = "1.5"

clamav-rustflags.patch

@@ -0,0 +1,54 @@
+diff -up clamav-1.0.2/cmake/FindRust.cmake.rustflags clamav-1.0.2/cmake/FindRust.cmake
+--- clamav-1.0.2/cmake/FindRust.cmake.rustflags	2023-08-15 16:24:07.000000000 -0600
++++ clamav-1.0.2/cmake/FindRust.cmake	2023-08-17 21:17:03.957070383 -0600
+@@ -236,7 +236,7 @@ function(add_rust_executable)
+     # Build the executable.
+     add_custom_command(
+         OUTPUT "${OUTPUT}"
+-        COMMAND ${CMAKE_COMMAND} -E env "CARGO_TARGET_DIR=${ARGS_BINARY_DIRECTORY}" ${cargo_EXECUTABLE} ARGS ${MY_CARGO_ARGS}
++        COMMAND ${CMAKE_COMMAND} -E env "CARGO_TARGET_DIR=${ARGS_BINARY_DIRECTORY}" ${cargo_EXECUTABLE} ${MY_CARGO_ARGS}
+         WORKING_DIRECTORY "${ARGS_SOURCE_DIRECTORY}"
+         DEPENDS ${EXE_SOURCES}
+         COMMENT "Building ${ARGS_TARGET} in ${ARGS_BINARY_DIRECTORY} with:\n\t ${cargo_EXECUTABLE} ${MY_CARGO_ARGS_STRING}")
+@@ -287,8 +287,8 @@ function(add_rust_library)
+     if("${CMAKE_OSX_ARCHITECTURES}" MATCHES "^(arm64;x86_64|x86_64;arm64)$")
+         add_custom_command(
+             OUTPUT "${OUTPUT}"
+-            COMMAND ${CMAKE_COMMAND} -E env "CARGO_CMD=build" "CARGO_TARGET_DIR=${ARGS_BINARY_DIRECTORY}" "MAINTAINER_MODE=${MAINTAINER_MODE}" "RUSTFLAGS=\"${RUSTFLAGS}\"" ${cargo_EXECUTABLE} ARGS ${MY_CARGO_ARGS} --target=x86_64-apple-darwin
+-            COMMAND ${CMAKE_COMMAND} -E env "CARGO_CMD=build" "CARGO_TARGET_DIR=${ARGS_BINARY_DIRECTORY}" "MAINTAINER_MODE=${MAINTAINER_MODE}" "RUSTFLAGS=\"${RUSTFLAGS}\"" ${cargo_EXECUTABLE} ARGS ${MY_CARGO_ARGS} --target=aarch64-apple-darwin
++            COMMAND ${CMAKE_COMMAND} -E env "CARGO_CMD=build" "CARGO_TARGET_DIR=${ARGS_BINARY_DIRECTORY}" "MAINTAINER_MODE=${MAINTAINER_MODE}" "RUSTFLAGS=${RUSTFLAGS}" ${cargo_EXECUTABLE} ARGS ${MY_CARGO_ARGS} --target=x86_64-apple-darwin
++            COMMAND ${CMAKE_COMMAND} -E env "CARGO_CMD=build" "CARGO_TARGET_DIR=${ARGS_BINARY_DIRECTORY}" "MAINTAINER_MODE=${MAINTAINER_MODE}" "RUSTFLAGS=${RUSTFLAGS}" ${cargo_EXECUTABLE} ARGS ${MY_CARGO_ARGS} --target=aarch64-apple-darwin
+             COMMAND ${CMAKE_COMMAND} -E make_directory "${ARGS_BINARY_DIRECTORY}/${RUST_COMPILER_TARGET}/${CARGO_BUILD_TYPE}"
+             COMMAND lipo ARGS -create ${ARGS_BINARY_DIRECTORY}/x86_64-apple-darwin/${CARGO_BUILD_TYPE}/lib${ARGS_TARGET}.a ${ARGS_BINARY_DIRECTORY}/aarch64-apple-darwin/${CARGO_BUILD_TYPE}/lib${ARGS_TARGET}.a -output "${OUTPUT}"
+             WORKING_DIRECTORY "${ARGS_SOURCE_DIRECTORY}"
+@@ -312,7 +312,7 @@ function(add_rust_library)
+     else()
+         add_custom_command(
+             OUTPUT "${OUTPUT}"
+-            COMMAND ${CMAKE_COMMAND} -E env "CARGO_CMD=build" "CARGO_TARGET_DIR=${ARGS_BINARY_DIRECTORY}" "MAINTAINER_MODE=${MAINTAINER_MODE}" "RUSTFLAGS=\"${RUSTFLAGS}\"" ${cargo_EXECUTABLE} ARGS ${MY_CARGO_ARGS}
++            COMMAND ${CMAKE_COMMAND} -E env "CARGO_CMD=build" "CARGO_TARGET_DIR=${ARGS_BINARY_DIRECTORY}" "MAINTAINER_MODE=${MAINTAINER_MODE}" "RUSTFLAGS=${RUSTFLAGS}" ${cargo_EXECUTABLE} ${MY_CARGO_ARGS}
+             WORKING_DIRECTORY "${ARGS_SOURCE_DIRECTORY}"
+             DEPENDS ${LIB_SOURCES}
+             COMMENT "Building ${ARGS_TARGET} in ${ARGS_BINARY_DIRECTORY} with:  ${cargo_EXECUTABLE} ${MY_CARGO_ARGS_STRING}")
+@@ -465,8 +465,6 @@ if(NOT "${RUST_COMPILER_TARGET}" MATCHES
+     list(APPEND CARGO_ARGS "--target" ${RUST_COMPILER_TARGET})
+ endif()
+ 
+-set(RUSTFLAGS "")
+-
+ if(NOT CMAKE_BUILD_TYPE)
+     set(CARGO_BUILD_TYPE "debug")
+ elseif(${CMAKE_BUILD_TYPE} STREQUAL "Release" OR ${CMAKE_BUILD_TYPE} STREQUAL "MinSizeRel")
+@@ -475,10 +473,11 @@ elseif(${CMAKE_BUILD_TYPE} STREQUAL "Rel
+ elseif(${CMAKE_BUILD_TYPE} STREQUAL "RelWithDebInfo")
+     set(CARGO_BUILD_TYPE "release")
+     list(APPEND CARGO_ARGS "--release")
+-    set(RUSTFLAGS "-g")
++    string(APPEND RUSTFLAGS " -g")
+ else()
+     set(CARGO_BUILD_TYPE "debug")
+ endif()
++string(STRIP "${RUSTFLAGS}" RUSTFLAGS)
+ 
+ find_package_handle_standard_args(Rust
+     REQUIRED_VARS cargo_EXECUTABLE

clamav-stats-deprecation.patch

@@ -1,17 +0,0 @@
-diff -up clamav-0.102.0/shared/optparser.c.stats-deprecation clamav-0.102.0/shared/optparser.c
---- clamav-0.102.0/shared/optparser.c.stats-deprecation	2019-10-10 21:55:31.245995091 -0600
-+++ clamav-0.102.0/shared/optparser.c	2019-10-11 20:40:04.580067432 -0600
-@@ -524,6 +524,13 @@ const struct clam_option __clam_options[
-     {"ArchiveLimitMemoryUsage", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, -1, NULL, 0, OPT_CLAMD | OPT_DEPRECATED, "", ""},
-     {"MailFollowURLs", "mail-follow-urls", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, -1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN | OPT_DEPRECATED, "", ""},
-     {"AllowSupplementaryGroups", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_MILTER | OPT_DEPRECATED, "Initialize a supplementary group access (the process must be started by root).", "no"},
-+    {"StatsHostID", "stats-host-id", 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_CLAMD | OPT_CLAMSCAN | OPT_DEPRECATED, "", "" },
-+    {"StatsEnabled", "enable-stats", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_CLAMSCAN | OPT_DEPRECATED, "", ""},
-+    {"StatsPEDisabled", "disable-pe-stats", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN | OPT_DEPRECATED, "", ""},
-+    {"StatsTimeout", "stats-timeout", 0, CLOPT_TYPE_NUMBER, MATCH_NUMBER, -1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN | OPT_FRESHCLAM | OPT_DEPRECATED, "", ""},
-+    {"SubmitDetectionStats", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_DEPRECATED, "", ""},
-+    {"DetectionStatsCountry", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_DEPRECATED, "", ""},
-+    {"DetectionStatsHostID", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_DEPRECATED, "", ""},
-     {"ScanOnAccess", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, -1, NULL, 0, OPT_CLAMD | OPT_DEPRECATED, "", ""},
- 
-     /* Milter specific options */

clamav-types.h

@@ -0,0 +1,14 @@
+#ifndef CLAMAV_TYPES_H_MULTILIB
+#define CLAMAV_TYPES_H_MULTILIB
+
+#include <bits/wordsize.h>
+
+#if __WORDSIZE == 32
+# include "clamav-types-32.h"
+#elif __WORDSIZE == 64
+# include "clamav-types-64.h"
+#else
+# error "unexpected value for __WORDSIZE macro"
+#endif
+
+#endif

clamav.spec

@@ -1,26 +1,18 @@
-#global prerelease  rc1
+#global prerelease  -rc
 
 %global _hardened_build 1
 
 ## Fedora specific customization below...
 %bcond_without  clamonacc
 %bcond_with     unrar
-%ifnarch ppc64
-%bcond_without  llvm
-%else
-%bcond_with     llvm
-%endif
+# Failing with llvm 14 https://github.com/Cisco-Talos/clamav/issues/581
+%bcond_with  llvm
 
-%if 0%{?fedora} || 0%{?rhel} >= 8
-%bcond_with old_freshclam
+# No ocaml on ix86
+%ifarch %{ix86}
+%bcond_with ocaml
 %else
-%bcond_without old_freshclam
-%endif
-
-%ifnarch s390 s390x
-%global have_ocaml  1
-%else
-%global have_ocaml  0
+%bcond_without ocaml
 %endif
 
 %global scanuser    clamscan
@@ -33,19 +25,21 @@
 
 Summary:    End-user tools for the Clam Antivirus scanner
 Name:       clamav
-Version:    0.103.4
-Release:    1%{?dist}
-License:    %{?with_unrar:proprietary}%{!?with_unrar:GPLv2}
+Version:    1.4.3
+Release:    3%{?dist}
+License:    %{?with_unrar:proprietary}%{!?with_unrar:GPL-2.0-only}
 URL:        https://www.clamav.net/
 %if %{with unrar}
-Source0:    https://www.clamav.net/downloads/production/%name-%version%{?prerelease}.tar.gz
-Source999:  https://www.clamav.net/downloads/production/%name-%version%{?prerelease}.tar.gz.sig
+Source0:    https://www.clamav.net/downloads/production/%{name}-%{version}%{?prerelease}.tar.gz
+Source999:  https://www.clamav.net/downloads/production/%{name}-%{version}%{?prerelease}.tar.gz.sig
 %else
 # Unfortunately, clamav includes support for RAR v3, derived from GPL
 # incompatible unrar from RARlabs. We have to pull this code out.
 # tarball was created with update_clamav.sh
-Source0:    %name-%version%{?prerelease}-norar.tar.xz
+Source0:    %{name}-%{version}%{?prerelease}-norar.tar.xz
 %endif
+# Multilib headers
+Source1:    clamav-types.h
 #for server
 Source3:    clamd.logrotate
 Source5:    clamd-README
@@ -56,69 +50,100 @@ Source5:    clamd-README
 #http://database.clamav.net/main.cvd
 Source10:   main-62.cvd
 #http://database.clamav.net/daily.cvd
-Source11:   daily-26345.cvd
+Source11:   daily-27673.cvd
 #http://database.clamav.net/bytecode.cvd
-Source12:   bytecode-333.cvd
+Source12:   bytecode-336.cvd
 #for update
 Source200:  freshclam-sleep
 Source201:  freshclam.sysconfig
 Source202:  clamav-update.crond
 Source203:  clamav-update.logrotate
 #for milter
-Source300:  README.fedora
+Source300:  README.fedora.md
 #for clamav-milter.systemd
 Source330:  clamav-milter.systemd
 #for scanner-systemd/server-systemd
 Source530:  clamd@.service
 
-# Restore some options removed in 0.100 as deprecated
-# Could be dropped in F32 with a note
-# https://bugzilla.redhat.com/show_bug.cgi?id=1565381#c1
-Patch0:     clamav-stats-deprecation.patch
 # Change default config locations for Fedora
 Patch1:     clamav-default_confs.patch
 # Fix pkg-config flags for static linking, multilib
-Patch2:     clamav-0.99-private.patch
-# Fix ck_assert_msg() call
-# https://github.com/Cisco-Talos/clamav-devel/pull/138
-Patch4:     clamav-check.patch
+Patch2:     clamav-private.patch
 # Modify clamav-clamonacc.service for Fedora compatibility
 Patch5:     clamav-clamonacc-service.patch
-
+# Allow freshclam service to run if cron.d file is present
 Patch6:     clamav-freshclam.service.patch
+# Debian patch to fix big-endian
+Patch7:     https://salsa.debian.org/clamav-team/clamav/-/raw/unstable/debian/patches/libclamav-pe-Use-endian-wrapper-in-more-places.patch
+# - Update the image crate dependency to 0.25, the current release,
+#   https://github.com/Cisco-Talos/clamav/pull/1366/commits/24d1341e8e34aa325ac03718121e33a3b4e5b75e,
+#   allowing 0.24 for backwards-compatibility with vendored dependencies in EPEL8
+# - Allow version 1.0 of the hex-literal crate dependency; not suitable for
+#   upstream yet due to MSRV
+Patch8:     clamav-rust-dependency-versions.patch
 
-BuildRequires:  autoconf
-BuildRequires:  automake
+BuildRequires:  cmake3
 BuildRequires:  gettext-devel
-BuildRequires:  libtool
-BuildRequires:  libtool-ltdl-devel
+BuildRequires:  make
 BuildRequires:  gcc-c++
+BuildRequires:  rust
+%if 0%{?fedora} || 0%{?rhel} >= 9
+BuildRequires:  rust-packaging
+%else
+# Undefining the appropriate __cmake*_in_source_build macro causes the
+# build to use a separate build path, so the build does not output to
+# the source path.  This separate build path is the default behavior
+# for >=EL9 and fedora.
+%if 0%{?rhel} == 8
+# EL8 defines cmake_in_source_build
+%undefine __cmake_in_source_build
+%else
+# EL7 defines cmake3_in_source_build
+%undefine __cmake3_in_source_build
+%endif
+BuildRequires:  rust-toolset
+%endif
+BuildRequires:  cargo
 BuildRequires:  bzip2-devel
+BuildRequires:  check-devel
 BuildRequires:  curl-devel
+BuildRequires:  git-core
 BuildRequires:  gmp-devel
 BuildRequires:  json-c-devel
+%if ! (0%{?fedora} > 40 || 0%{?rhel} > 9)
 BuildRequires:  libprelude-devel
 # libprelude-config --libs brings in gnutls, pcre
 # https://bugzilla.redhat.com/show_bug.cgi?id=1830473
-BuildRequires:  gnutls-devel pcre-devel
+BuildRequires:  gnutls-devel
+%endif
 BuildRequires:  libxml2-devel
 BuildRequires:  ncurses-devel
 BuildRequires:  openssl-devel
 BuildRequires:  pcre2-devel
+# Explicitly needed on EL8
+BuildRequires:  python3
+BuildRequires:  python3-pytest
+%if 0%{?fedora} >= 41
+BuildRequires:  python3-cgi
+%endif
 BuildRequires:  zlib-devel
 #BuildRequires:  %%{_includedir}/tcpd.h
 BuildRequires:  bc
 BuildRequires:  tcl
 BuildRequires:  groff
 BuildRequires:  graphviz
-%{?have_ocaml:BuildRequires: ocaml}
+%{?with_ocaml:BuildRequires: ocaml}
 # nc required for tests
 BuildRequires:  nc
 %{?systemd_requires}
+BuildRequires:  systemd
 BuildRequires:  systemd-devel
+BuildRequires:  systemd-rpm-macros
 #for milter
 BuildRequires:  sendmail-devel
-BuildRequires: make
+%ifarch %{valgrind_arches}
+BuildRequires:  valgrind
+%endif
 
 Requires:   clamav-filesystem = %{version}-%{release}
 Requires:   clamav-lib = %{version}-%{release}
@@ -140,7 +165,6 @@ Summary:    Filesystem structure for clamav
 # Prevent version mix
 Conflicts:  %{name} < %{version}-%{release}
 Conflicts:  %{name} > %{version}-%{release}
-Requires(pre):  shadow-utils
 BuildArch:  noarch
 
 %description filesystem
@@ -150,9 +174,63 @@ user-creation scripts required by clamav.
 
 %package lib
 Summary:    Dynamic libraries for the Clam Antivirus scanner
-Requires:   data(clamav)
 Provides:   bundled(libmspack) = 0.5-0.1.alpha.modified_by_clamav
 
+# LICENSE.dependencies contains a full license breakdown
+# From the output of %%{cargo_license_summary}:
+#
+%if 0%{?fedora} || 0%{?rhel} >= 9
+# 0BSD OR MIT OR Apache-2.0
+# Apache-2.0
+# Apache-2.0 OR MIT
+# Apache-2.0 WITH LLVM-exception OR Apache-2.0 OR MIT
+# BSD-2-Clause
+# BSD-2-Clause AND ISC
+# BSD-3-Clause
+# MIT
+# MIT OR Apache-2.0 (duplicate)
+# MIT OR Apache-2.0 OR Zlib
+# MIT OR Zlib OR Apache-2.0 (duplicate)
+# Unlicense OR MIT
+# Zlib OR Apache-2.0 OR MIT (duplicate)
+License:    %{shrink:
+            %{?with_unrar:proprietary}%{!?with_unrar:GPL-2.0-only} AND
+            (0BSD OR MIT OR Apache-2.0) AND
+            Apache-2.0 AND
+            (Apache-2.0 OR MIT) AND
+            (Apache-2.0 WITH LLVM-exception OR Apache-2.0 OR MIT) AND
+            BSD-2-Clause AND
+            BSD-3-Clause AND
+            ISC AND
+            MIT AND
+            (MIT OR Zlib OR Apache-2.0) AND
+            (Unlicense OR MIT) AND
+            Zlib
+            }
+%else
+# 0BSD OR MIT OR Apache-2.0
+# Apache-2.0 OR MIT
+# Apache-2.0 WITH LLVM-exception OR Apache-2.0 OR MIT
+# BSD-3-Clause
+# MIT
+# MIT OR Apache-2.0 (duplicate)
+# MIT OR Zlib OR Apache-2.0
+# Unlicense OR MIT
+# Zlib
+# Zlib OR Apache-2.0 OR MIT (duplicate)
+License:    %{shrink:
+            %{?with_unrar:proprietary}%{!?with_unrar:GPL-2.0-only} AND
+            (0BSD OR MIT OR Apache-2.0) AND
+            (Apache-2.0 OR MIT) AND
+            (Apache-2.0 WITH LLVM-exception OR Apache-2.0 OR MIT) AND
+            BSD-3-Clause AND
+            MIT AND
+            (MIT OR Zlib OR Apache-2.0) AND
+            (Unlicense OR MIT) AND
+            Zlib
+            }
+%endif
+
 %description lib
 This package contains dynamic libraries shared between applications
 using the Clam Antivirus scanner.
@@ -185,25 +263,33 @@ working (but perhaps outdated) virus scanner immediately after package
 installation.
 
 
-%package update
+%package doc
+Summary:    Documentation for the Clam Antivirus scanner
+Requires:   clamav-filesystem = %{version}-%{release}
+BuildArch:  noarch
+
+%description doc
+This package contains the documentation for clamav.
+
+
+%package freshclam
 Summary:    Auto-updater for the Clam Antivirus scanner data-files
 Requires:   clamav-filesystem = %{version}-%{release}
-%if %{with old_freshclam}
-Requires:   crontabs
-Requires:   /etc/cron.d
-Requires(post): %{__chown} %{__chmod}
+Requires:   clamav-lib        = %{version}-%{release}
+%if 0%{?fedora} || 0%{?rhel} >= 8
+Supplements:clamd
 %endif
 Provides:   data(clamav) = empty
 Provides:   clamav-data-empty = %{version}-%{release}
 Obsoletes:  clamav-data-empty < %{version}-%{release}
+Provides:   clamav-update = %{version}-%{release}
+Obsoletes:  clamav-update < %{version}-%{release}
 
-%description update
-This package contains programs which can be used to update the clamav
-anti-virus database automatically. It uses the freshclam(1) utility for
-this task. To activate it use, uncomment the entry in /etc/cron.d/clamav-update.
-Use this package when you go updating the virus database regulary and
-do not want to download a >160MB sized rpm-package with outdated virus
-definitions.
+%description freshclam
+This package contains the freshclam(1) program and clamav-freshclam
+service which can be used to update the clamav anti-virus database
+automatically. Most users should install this package in order to
+keep their definitions up to date.
 
 
 %package -n clamd
@@ -212,7 +298,6 @@ Requires:   data(clamav)
 Requires:   clamav-filesystem = %{version}-%{release}
 Requires:   clamav-lib        = %{version}-%{release}
 Requires:   coreutils
-Requires(pre):  shadow-utils
 # This is still used by clamsmtp and exim-clamav
 Provides: clamav-server = %{version}-%{release}
 Provides: clamav-scanner-systemd = %{version}-%{release}
@@ -233,9 +318,9 @@ Summary:    Milter module for the Clam Antivirus scanner
 #Requires: clamd = %%{version}-%%{release}
 #Requires: /usr/sbin/sendmail
 Requires:   clamav-filesystem = %{version}-%{release}
-Requires(pre):  shadow-utils
 Provides: clamav-milter-systemd = %{version}-%{release}
 Obsoletes: clamav-milter-systemd < %{version}-%{release}
+Requires: group(clamscan)
 
 %description milter
 This package contains files which are needed to run the clamav-milter.
@@ -243,22 +328,55 @@ This package contains files which are needed to run the clamav-milter.
 
 %prep
 %setup -q -n %{name}-%{version}%{?prerelease}
-
-# No longer support deprecated options in F32+ and EL8+
-%if (0%{?fedora} && 0%{?fedora} < 32) || (0%{?rhel} && 0%{?rhel} < 8)
-%patch0 -p1 -b .stats-deprecation
+%if 0%{?fedora} || 0%{?rhel} >= 9
+# EL8 and earlier do not have the Rust cargo dependencies that are
+# defined by the generate_buildrequires stage in EL9 and later, so the
+# vendored packages included in the ClamAV sources suffice.
+%cargo_prep
+cd libclamav_rust
+sed -i -e '/^base64 *=/s/= .*/= "0.22"/' Cargo.toml
+sed -i -e '/^bindgen *=/s/= .*/= "0.69"/' Cargo.toml
+sed -i -e '/^cbindgen *=/s/= *".*"/= "0.26"/' Cargo.toml
+sed -i -e '/^onenote_parser *=/s/= *.*/= "0.3.1"/' Cargo.toml
+%cargo_prep
+cd ..
 %endif
-%patch1 -p1 -b .default_confs
-%patch2 -p1 -b .private
-%patch4 -p1 -b .check
-%patch5 -p1 -b .clamonacc-service
-%patch6 -p1 -b .freshclam-service
+
+%patch -P1 -p1 -b .default_confs
+%patch -P2 -p1 -b .private
+%patch -P5 -p1 -b .clamonacc-service
+%patch -P6 -p1 -b .freshclam-service
+%patch -P7 -p1 -b .big-endian
+%patch -P8 -p1 -b .rust-dependencies
 
 install -p -m0644 %{SOURCE300} clamav-milter/
 
 mkdir -p libclamunrar{,_iface}
 %{!?with_unrar:touch libclamunrar/{Makefile.in,all,install}}
 
+# Create sysusers.d config files
+cat >clamav.sysusers.conf <<EOF
+g virusgroup -
+u clamupdate - 'Clamav database update user' %{homedir} -
+m clamupdate virusgroup
+EOF
+cat >clamd.sysusers.conf <<EOF
+u clamscan - 'Clamav scanner user' - -
+m clamscan virusgroup
+EOF
+cat >clamav-milter.sysusers.conf <<EOF
+u clamilt - 'Clamav milter user' %{_rundir}/clamav-milter -
+m clamilt virusgroup
+m clamilt clamscan
+EOF
+
+%if 0%{?fedora} || 0%{?rhel} >= 9
+%generate_buildrequires
+# The generate_buildrequires stage doesn't exist prior to EL9, so this
+# section is conditionally removed in these build environments.
+cd libclamav_rust
+%cargo_generate_buildrequires
+%endif
 
 %build
 # add -Wl,--as-needed if not exist
@@ -266,42 +384,39 @@ export LDFLAGS=$(echo %{?__global_ldflags} | sed '/-Wl,--as-needed/!s/$/ -Wl,--a
 # IPv6 check is buggy and does not work when there are no IPv6 interface on build machine
 export have_cv_ipv6=yes
 
-rm -rf libltdl autom4te.cache Makefile.in
-autoreconf -i
-%configure \
-    --enable-milter \
-    --disable-clamav \
-    --disable-static \
-    --disable-zlib-vcheck \
-    %{!?with_unrar:--disable-unrar} \
-    --enable-id-check \
-    --enable-dns \
-    --with-dbdir=%{homedir} \
-    --with-group=%{updateuser} \
-    --with-user=%{updateuser} \
-    --disable-rpath \
-    --disable-silent-rules \
-    --enable-clamdtop \
-    --enable-prelude \
-    %{!?with_clamonacc:--disable-clamonacc} \
-    %{!?with_llvm:--disable-llvm}
+%cmake3 \
+%if 0%{?fedora} || 0%{?rhel} >= 8
+    -DRUSTFLAGS="%build_rustflags" \
+%else
+    -DRUSTFLAGS="%__global_rustflags" \
+%endif
+    -DAPP_CONFIG_DIRECTORY=%{_sysconfdir} \
+    -DCMAKE_INSTALL_DOCDIR=%{_pkgdocdir} \
+    -DCLAMAV_USER=%{updateuser} -DCLAMAV_GROUP=%{updateuser} \
+    -DDATABASE_DIRECTORY=%{homedir} \
+    -DDO_NOT_SET_RPATH=ON \
+    %{!?with_clamonacc:-DENABLE_CLAMONACC=OFF} \
+    %{?with_llvm:-DBYTECODE_RUNTIME=llvm -D LLVM_FIND_VERSION="3.6.0"} \
+    %{!?with_unrar:-DENABLE_UNRAR=OFF}
 
 # TODO: check periodically that CLAMAVUSER is used for freshclam only
 
-%make_build
+%cmake3_build
+
+cd libclamav_rust
+%cargo_license_summary
+%{cargo_license} > ../LICENSES.dependencies
 
 
 %install
 rm -rf _doc*
-%make_install
+%cmake3_install
 
 install -d -m 0755 \
     %{buildroot}%{_tmpfilesdir} \
     %{buildroot}%{homedir} \
     %{buildroot}%{quarantinedir}
 
-rm -f %{buildroot}%{_libdir}/*.la
-
 ### data
 install -D -m 0644 -p %{SOURCE10}     %{buildroot}%{homedir}/main.cvd
 install -D -m 0644 -p %{SOURCE11}     %{buildroot}%{homedir}/daily.cvd
@@ -317,15 +432,6 @@ mv %{buildroot}%{_sysconfdir}/freshclam.conf{.sample,}
 # Can contain HTTPProxyPassword (bugz#1733112)
 chmod 600 %{buildroot}%{_sysconfdir}/freshclam.conf
 
-%if %{with old_freshclam}
-install -d -m 0755 %{buildroot}%{_var}/log
-install -d -m 0755 %{buildroot}%{_sysconfdir}/logrotate.d
-install -D -p -m 0755 %{SOURCE200}    %{buildroot}%{_datadir}/%{name}/freshclam-sleep
-install -D -p -m 0644 %{SOURCE201}    %{buildroot}%{_sysconfdir}/sysconfig/freshclam
-install -D -p -m 0600 %{SOURCE202}    %{buildroot}%{_sysconfdir}/cron.d/clamav-update
-install -D -m 0644 -p %{SOURCE203}    %{buildroot}%{_sysconfdir}/logrotate.d/clamav-update
-%endif
-
 ### The scanner stuff
 install -D -m 0644 -p %{SOURCE3}      _doc_server/clamd.logrotate
 install -D -m 0644 -p %{SOURCE5}      _doc_server/README
@@ -376,12 +482,34 @@ cat << EOF > %{buildroot}%{_tmpfilesdir}/clamav-milter.conf
 d %{_rundir}/clamav-milter 0710 %{milteruser} %{milteruser}
 EOF
 
+#Fixup headers and scripts for multilib
+%if 0%{?__isa_bits} == 64
+mv %{buildroot}%{_includedir}/clamav-types.h \
+   %{buildroot}%{_includedir}/clamav-types-64.h
+%else
+mv %{buildroot}%{_includedir}/clamav-types.h \
+   %{buildroot}%{_includedir}/clamav-types-32.h
+%endif
+install -m 0644 %SOURCE1 %{buildroot}%{_includedir}/clamav-types.h
+
 # TODO: Evaluate using upstream's unit with clamav-daemon.socket
 rm %{buildroot}%{_unitdir}/clamav-daemon.*
 
+install -m0644 -D clamav.sysusers.conf %{buildroot}%{_sysusersdir}/clamav.conf
+install -m0644 -D clamd.sysusers.conf %{buildroot}%{_sysusersdir}/clamd.conf
+install -m0644 -D clamav-milter.sysusers.conf %{buildroot}%{_sysusersdir}/clamav-milter.conf
+
 
 %check
-make check
+%ifarch s390x
+# Tests fail on s390x
+# https://github.com/Cisco-Talos/clamav/issues/759
+%ctest3 -E valgrind || :
+%else
+%ctest3 -E valgrind
+%endif
+# valgrind tests fail https://github.com/Cisco-Talos/clamav/issues/584
+%ctest3 -R valgrind || :
 
 
 %post
@@ -394,35 +522,21 @@ make check
 %systemd_postun_with_restart clamav-clamonacc.service
 
 
-%pre filesystem
-getent group %{updateuser} >/dev/null || groupadd -r %{updateuser}
-getent passwd %{updateuser} >/dev/null || \
-    useradd -r -g %{updateuser} -d %{homedir} -s /sbin/nologin \
-    -c "Clamav database update user" %{updateuser}
-getent group virusgroup >/dev/null || groupadd -r virusgroup
-usermod %{updateuser} -a -G virusgroup
-exit 0
-
-
-%pre -n clamd
-getent group %{scanuser} >/dev/null || groupadd -r %{scanuser}
-getent passwd %{scanuser} >/dev/null || \
-    useradd -r -g %{scanuser} -d / -s /sbin/nologin \
-    -c "Clamav scanner user" %{scanuser}
-usermod %{scanuser} -a -G virusgroup
-exit 0
+%post data
+# nullglob. If set, Bash allows filename patterns which match no files to expand to a null string, rather than themselves
+shopt -s nullglob
+# Let newer .cld files take precedence over the shipped .cvd files
+for f in %{homedir}/*.cld
+do
+    cvd=${f/.cld/.cvd}
+    [ -f $f -a $f -nt $cvd ] && rm -f $cvd || :
+done
 
 %post -n clamd
 # Point to the new service unit
 [ -L /etc/systemd/system/multi-user.target.wants/clamd@scan.service ] &&
     ln -sf /usr/lib/systemd/system/clamd@.service /etc/systemd/system/multi-user.target.wants/clamd@scan.service || :
 %systemd_post clamd@scan.service
-%if 0%{?rhel}
-if [ $1 -eq 1 ] && [ -x /usr/bin/systemctl ]; then
-# Initial installation
-/bin/systemd-tmpfiles --create %{_tmpfilesdir}/clamd.scan.conf
-fi
-%endif
 
 %preun -n clamd
 %systemd_preun clamd@scan.service
@@ -430,28 +544,8 @@ fi
 %postun -n clamd
 %systemd_postun_with_restart clamd@scan.service
 
-
-%triggerin milter -- clamav-scanner
-# Add the milteruser to the scanuser group; this is required when
-# milter and clamd communicate through local sockets
-/usr/sbin/groupmems -g %{scanuser} -a %{milteruser} &>/dev/null || :
-
-%pre milter
-getent group %{milteruser} >/dev/null || groupadd -r %{milteruser}
-getent passwd %{milteruser} >/dev/null || \
-    useradd -r -g %{milteruser} -d %{_rundir}/clamav-milter -s /sbin/nologin \
-    -c "Clamav Milter user" %{milteruser}
-usermod %{milteruser} -a -G virusgroup
-exit 0
-
 %post milter
 %systemd_post clamav-milter.service
-%if 0%{?rhel}
-if [ $1 -eq 1 ] && [ -x /usr/bin/systemctl ]; then
-# Initial installation
-/bin/systemd-tmpfiles --create %{_tmpfilesdir}/clamav-milter.conf || :
-fi
-%endif
 
 %preun milter
 %systemd_preun clamav-milter.service
@@ -459,28 +553,13 @@ fi
 %postun milter
 %systemd_postun_with_restart clamav-milter.service
 
-%post update
-%if %{with old_freshclam}
-test -e %{freshclamlog} || {
-    touch %{freshclamlog}
-    %{__chmod} 0664 %{freshclamlog}
-    %{__chown} root:%{updateuser} %{freshclamlog}
-    ! test -x /sbin/restorecon || /sbin/restorecon %{freshclamlog}
-}
-#%%else
-#if [ $1 -eq 2 ] ; then
-#   echo "Warning: clamav-update package changed"
-#   echo "Now we provide clamav-freshclam.service systemd unit instead old scripts and the cron.d entry."
-#   echo "Unfortunately this may break existing unattended installations."
-#   echo "Please run 'systemctl enable clamav-freshclam --now' to enable freshclam updates again."
-#fi
-%endif
+%post freshclam
 %systemd_post clamav-freshclam.service
 
-%preun update
+%preun freshclam
 %systemd_preun clamav-freshclam.service
 
-%postun update
+%postun freshclam
 %systemd_postun_with_restart clamav-freshclam.service
 
 %ldconfig_scriptlets   lib
@@ -488,7 +567,7 @@ test -e %{freshclamlog} || {
 
 %files
 %license COPYING
-%doc NEWS.md README.md docs/html
+%doc NEWS.md README.md
 %{_bindir}/clambc
 %{_bindir}/clamconf
 %{_bindir}/clamdscan
@@ -509,16 +588,19 @@ test -e %{freshclamlog} || {
 
 
 %files lib
-%{_libdir}/libclamav.so.9*
+# Licenses for statically linked Rust dependencies in libclamav
+%license LICENSES.dependencies
+%{_libdir}/libclamav.so.12*
 %{_libdir}/libclammspack.so.0*
 %if %{with unrar}
-%{_libdir}/libclamunrar*.so.9*
+%{_libdir}/libclamunrar*.so.12*
 %endif
 
 
 %files devel
 %{_includedir}/*
 %{_libdir}/*.so
+%{_libdir}/libclamav_rust.a
 %{_libdir}/pkgconfig/*
 %{_bindir}/clamav-config
 
@@ -528,6 +610,7 @@ test -e %{freshclamlog} || {
 %dir %{_sysconfdir}/clamd.d
 # Used by both clamd, clamdscan, and clamonacc
 %config(noreplace) %{_sysconfdir}/clamd.d/scan.conf
+%{_sysusersdir}/clamav.conf
 
 
 %files data
@@ -538,24 +621,26 @@ test -e %{freshclamlog} || {
 %config %verify(not size md5 mtime) %{homedir}/*.cvd
 
 
-%files update
+%files doc
+%license COPYING
+%{_pkgdocdir}/html/
+
+
+%files freshclam
 %{_bindir}/freshclam
-%{_libdir}/libfreshclam.so.2*
+%{_libdir}/libfreshclam.so.3*
 %{_mandir}/*/freshclam*
 %{_unitdir}/clamav-freshclam.service
+%{_unitdir}/clamav-freshclam-once.service
+%{_unitdir}/clamav-freshclam-once.timer
 %config(noreplace) %verify(not mtime)    %{_sysconfdir}/freshclam.conf
-%if %{with old_freshclam}
-%{_datadir}/%{name}/freshclam-sleep
-%config(noreplace) %{_sysconfdir}/cron.d/clamav-update
-%config(noreplace) %{_sysconfdir}/sysconfig/freshclam
-%config(noreplace) %verify(not mtime)  %{_sysconfdir}/logrotate.d/*
-# freshclamlog file is created in post
-%ghost %attr(0664,root,%{updateuser}) %verify(not size md5 mtime) %{freshclamlog}
-%endif
-%ghost %attr(0664,%{updateuser},%{updateuser}) %{homedir}/main.cvd
-%ghost %attr(0664,%{updateuser},%{updateuser}) %{homedir}/freshclam.dat
-%ghost %attr(0664,%{updateuser},%{updateuser}) %{homedir}/daily.cld
-%ghost %attr(0664,%{updateuser},%{updateuser}) %{homedir}/bytecode.cld
+%ghost %attr(0644,%{updateuser},%{updateuser}) %{homedir}/bytecode.cld
+%ghost %attr(0644,%{updateuser},%{updateuser}) %{homedir}/bytecode.cvd
+%ghost %attr(0644,%{updateuser},%{updateuser}) %{homedir}/freshclam.dat
+%ghost %attr(0644,%{updateuser},%{updateuser}) %{homedir}/daily.cld
+%ghost %attr(0644,%{updateuser},%{updateuser}) %{homedir}/daily.cvd
+%ghost %attr(0644,%{updateuser},%{updateuser}) %{homedir}/main.cld
+%ghost %attr(0644,%{updateuser},%{updateuser}) %{homedir}/main.cvd
 
 
 %files -n clamd
@@ -565,19 +650,138 @@ test -e %{freshclamlog} || {
 %{_sbindir}/clamd
 %{_unitdir}/clamd@.service
 %{_tmpfilesdir}/clamd.scan.conf
+%{_sysusersdir}/clamd.conf
 
 
 %files milter
-%doc clamav-milter/README.fedora
+%doc clamav-milter/README.fedora.md
 %{_sbindir}/*milter*
 %{_unitdir}/clamav-milter.service
 %{_mandir}/man8/clamav-milter*
 %dir %{_sysconfdir}/mail
 %config(noreplace) %{_sysconfdir}/mail/clamav-milter.conf
 %{_tmpfilesdir}/clamav-milter.conf
+%{_sysusersdir}/clamav-milter.conf
 
 
 %changelog
+* Thu Dec 04 2025 Gwyn Ciesla <gwync@protonmail.com> - 1.4.3-3
+- Bump EVR, hex-literal patches.
+
+* Wed Jul 23 2025 Fedora Release Engineering <releng@fedoraproject.org> - 1.4.3-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
+
+* Wed Jun 18 2025 Gwyn Ciesla <gwync@protonmail.com> - 1.4.3-1
+- 1.4.3
+
+* Sat Feb  8 2025 Zbigniew Jedrzejewski-Szmek <zbyszek@in.waw.pl> - 1.4.2-2
+- Add sysusers.d config files to allow rpm to create users/groups automatically
+
+* Thu Jan 23 2025 Orion Poplawski <orion@nwra.com> - 1.4.2-1
+- Update to 1.4.2
+
+* Thu Jan 16 2025 Fedora Release Engineering <releng@fedoraproject.org> - 1.4.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
+
+* Wed Sep 25 2024 Orion Poplawski <orion@nwra.com> - 1.4.1-1
+- Update to 1.4.1
+
+* Sun Sep 15 2024 Benjamin A. Beasley <code@musicinmybrain.net> - 1.0.7-2
+- Update the image crate dependency to 0.25, the current release
+
+* Thu Sep 05 2024 Yaakov Selkowitz <yselkowi@redhat.com> - 1.0.7-1
+- Update to 1.0.7
+
+* Wed Jul 17 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.6-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
+
+* Fri Apr 26 2024 Orion Poplawski <orion@nwra.com> - 1.0.6-1
+- Update to 1.0.6
+
+* Mon Apr 08 2024 Sérgio Basto <sergio@serjux.com> - 1.0.5-5
+- Update clamav-data and README.fedora.md
+
+* Thu Apr 04 2024 John Sullivan <jsullivan@nasuni.com> - 1.0.5-4
+- Update EPEL 7 and 8 support for 1.0.5
+
+* Sat Mar 16 2024 Sérgio Basto <sergio@serjux.com> - 1.0.5-3
+- (#1679375) fixes syntax error in /etc/logrotate.d/clamd.exim
+
+* Tue Mar 05 2024 Sérgio Basto <sergio@serjux.com> - 1.0.5-2
+- set nullblog to fix post script (#2253914)
+- Properly check valgrind arches
+
+* Thu Feb 08 2024 Orion Poplawski <orion@nwra.com> - 1.0.5-1
+- Update to 1.0.5
+
+* Tue Jan 23 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.4-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Fri Jan 19 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.4-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Sun Oct 29 2023 Orion Poplawski <orion@nwra.com> - 1.0.4-1
+- Update to 1.0.4
+- Remove docs again from main package (bz#2230512)
+
+* Fri Aug 18 2023 Orion Poplawski <orion@nwra.com> - 1.0.2-1
+- Update to 1.0.2 CVE-2023-20197 (bz#2232508)
+
+* Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.1-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Mon Feb 27 2023 Orion Poplawski <orion@nwra.com> - 1.0.1-4
+- Mark cvd files is clamav-data as %%config(noreplace) (bz#2170876)
+- Rename clamav-update to clamav-freshclam
+- Make clamav-freshclam supplement clamd
+- Have clamav-freshclam ghost all of the .cld and .cvd files
+- Update data files with help of Cisco-Talos/cvdupdate
+- Update to 1.0.1
+- Make sure RUSTFLAGS are passed to rustc (bz#2167194)
+- Fix multilib install
+
+* Mon Feb 20 2023 Orion Poplawski <orion@nwra.com> - 0.103.8-3
+- Fix daily.cvd file
+
+* Sat Feb 18 2023 Sérgio Basto <sergio@serjux.com> - 0.103.8-2
+- Split out documentation into separate -doc sub-package
+- (#2128276) Please port your pcre dependency to pcre2
+- Explicit dependency on systemd since systemd-devel no longer has this dependency on F37+
+- (#2136977) not requires data(clamav) on clamav-libs
+- (#2023371) Add documentation to preserve user permissions of DatabaseOwner
+
+* Fri Feb 17 2023 Orion Poplawski <orion@nwra.com> - 0.103.8-1
+- Update to 0.103.8
+
+* Mon Nov 07 2022 Sérgio Basto <sergio@serjux.com> - 0.103.7-4
+- (#2136977) not requires data(clamav) on clamav-libs
+- (#2023371) Add documentation to preserve user permissions of DatabaseOwner
+
+* Thu Sep 22 2022 Sérgio Basto <sergio@serjux.com> - 0.103.7-3
+- (#2128276) Please port your pcre dependency to pcre2
+- Explicit dependency on systemd since systemd-devel no longer has this dependency on F37+
+
+* Mon Aug 01 2022 Orion Poplawski <orion@nwra.com> - 0.103.7-2
+- Split out documentation into separate -doc sub-package
+
+* Thu Jul 28 2022 Sérgio Basto <sergio@serjux.com> - 0.103.7-1
+- Update to 0.103.7
+
+* Wed Jul 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.103.6-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Thu May 05 2022 Sérgio Basto <sergio@serjux.com> - 0.103.6-1
+- Update to 0.103.6
+
+* Tue Mar 01 2022 Sérgio Basto <sergio@serjux.com> - 0.103.5-3
+- Fix for dnf update clamav-update (#2059618)
+
+* Wed Jan 19 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.103.5-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Thu Jan 13 2022 Sérgio Basto <sergio@serjux.com> - 0.103.5-1
+- Update to 0.103.5
+
 * Sun Nov 07 2021 Sérgio Basto <sergio@serjux.com> - 0.103.4-1
 - Update to 0.103.4
 

clamd.logrotate

@@ -4,6 +4,6 @@
 	missingok
 
 	postrotate
-		pkill -u <USER> -HUP -f '/usr/sbin/clamd -c /etc/clamd.d/<SERVICE>.conf >/dev/null 2>&1 || :
+		pkill -u <USER> -HUP -f "/usr/sbin/clamd -c /etc/clamd.d/<SERVICE>.conf" >/dev/null 2>&1 || :
 	endscript
 }

libclamav-pe-Use-endian-wrapper-in-more-places.patch

@@ -0,0 +1,73 @@
+diff -up clamav-1.4.0/libclamav/pe.c.big-endian clamav-1.4.0/libclamav/pe.c
+--- clamav-1.4.0/libclamav/pe.c.big-endian	2024-08-13 14:24:46.000000000 -0600
++++ clamav-1.4.0/libclamav/pe.c	2024-08-15 20:16:02.017730419 -0600
+@@ -2424,22 +2424,22 @@ static cl_error_t hash_imptbl(cli_ctx *c
+ 
+     /* If the PE doesn't have an import table then skip it. This is an
+      * uncommon case but can happen. */
+-    if (peinfo->dirs[1].VirtualAddress == 0 || peinfo->dirs[1].Size == 0) {
++    if (EC32(peinfo->dirs[1].VirtualAddress) == 0 || EC32(peinfo->dirs[1].Size) == 0) {
+         cli_dbgmsg("scan_pe: import table data dir does not exist (skipping .imp scanning)\n");
+         status = CL_BREAK;
+         goto done;
+     }
+ 
+     // TODO Add EC32 wrappers
+-    impoff = cli_rawaddr(peinfo->dirs[1].VirtualAddress, peinfo->sections, peinfo->nsections, &err, fsize, peinfo->hdr_size);
+-    if (err || impoff + peinfo->dirs[1].Size > fsize) {
++    impoff = cli_rawaddr(EC32(peinfo->dirs[1].VirtualAddress), peinfo->sections, peinfo->nsections, &err, fsize, peinfo->hdr_size);
++    if (err || impoff + EC32(peinfo->dirs[1].Size) > fsize) {
+         cli_dbgmsg("scan_pe: invalid rva for import table data\n");
+         status = CL_BREAK;
+         goto done;
+     }
+ 
+     // TODO Add EC32 wrapper
+-    impdes = (const struct pe_image_import_descriptor *)fmap_need_off(map, impoff, peinfo->dirs[1].Size);
++    impdes = (const struct pe_image_import_descriptor *)fmap_need_off(map, impoff, EC32(peinfo->dirs[1].Size));
+     if (impdes == NULL) {
+         cli_dbgmsg("scan_pe: failed to acquire fmap buffer\n");
+         status = CL_EREAD;
+@@ -2449,7 +2449,7 @@ static cl_error_t hash_imptbl(cli_ctx *c
+ 
+     /* Safety: We can trust peinfo->dirs[1].Size only because `fmap_need_off()` (above)
+      * would have failed if the size exceeds the end of the fmap. */
+-    left = peinfo->dirs[1].Size;
++    left = EC32(peinfo->dirs[1].Size);
+ 
+     if (genhash[CLI_HASH_MD5]) {
+         hashctx[CLI_HASH_MD5] = cl_hash_init("md5");
+@@ -2556,7 +2556,7 @@ static cl_error_t hash_imptbl(cli_ctx *c
+ 
+ done:
+     if (needed_impoff) {
+-        fmap_unneed_off(map, impoff, peinfo->dirs[1].Size);
++        fmap_unneed_off(map, impoff, EC32(peinfo->dirs[1].Size));
+     }
+ 
+     for (type = CLI_HASH_MD5; type < CLI_HASH_AVAIL_TYPES; type++) {
+@@ -3241,7 +3241,7 @@ int cli_scanpe(cli_ctx *ctx)
+ 
+     /* Trojan.Swizzor.Gen */
+     if (SCAN_HEURISTICS && (DCONF & PE_CONF_SWIZZOR) && peinfo->nsections > 1 && fsize > 64 * 1024 && fsize < 4 * 1024 * 1024) {
+-        if (peinfo->dirs[2].Size) {
++        if (EC32(peinfo->dirs[2].Size)) {
+             struct swizz_stats *stats = calloc(1, sizeof(*stats));
+             unsigned int m            = 1000;
+             ret                       = CL_CLEAN;
+@@ -5250,13 +5250,13 @@ cl_error_t cli_peheader(fmap_t *map, str
+         cli_dbgmsg("EntryPoint offset: 0x%x (%d)\n", peinfo->ep, peinfo->ep);
+     }
+ 
+-    if (is_dll || peinfo->ndatadirs < 3 || !peinfo->dirs[2].Size)
++    if (is_dll || peinfo->ndatadirs < 3 || !EC32(peinfo->dirs[2].Size))
+         peinfo->res_addr = 0;
+     else
+         peinfo->res_addr = peinfo->dirs[2].VirtualAddress;
+ 
+     while (opts & CLI_PEHEADER_OPT_EXTRACT_VINFO &&
+-           peinfo->ndatadirs >= 3 && peinfo->dirs[2].Size) {
++           peinfo->ndatadirs >= 3 && EC32(peinfo->dirs[2].Size)) {
+         struct vinfo_list vlist;
+         const uint8_t *vptr, *baseptr;
+         uint32_t rva, res_sz;

sources

@@ -1,4 +1,4 @@
-SHA512 (clamav-0.103.4-norar.tar.xz) = bcdb1cc1f5dd1d4a881156e0e2b3a4662a0a67fe944ae1ebae149980149cd14a512d5364fcbdf6d9aa2f4cd843a225057fe044c2fd58bf255fe1fd3fe6422c1e
+SHA512 (clamav-1.4.3-norar.tar.xz) = d9e6835b88e4934a36b037d28cf01e627b7843e52ef9fc6858f59000acf26120f3534e7a6b262d3ad66a2668557f3a1d0a93fb676711c91f64c8b97fa36fe191
 SHA512 (main-62.cvd) = b52e5d9ecacbd9b11c3b0cc460388746fccb353a7520522ed15ee25f645a432bed5be7e6b38512f134f085eb9be76a1e26c19de8b09491d4ec46da8c5afc318e
-SHA512 (daily-26345.cvd) = 7a7d004fa26a33b4b46a9ee09fb390865e32f9d746a42fa12d9a2143c2eb1006294ccf758ed1daed7c7e8b826f013e5da020eb271e291b21c3b1ff5ffc71401c
-SHA512 (bytecode-333.cvd) = 895c41266b9bc332f3a00c9267907251ad32abe3a5bff7584285e087430fe0dd7343e4ac0245308f3734d971d6ecb5656fd9ce6caf0fa24f9da7a41a96bc4d07
+SHA512 (daily-27673.cvd) = e0447f80ef2cc8981b0e1ea430a7006a1027de0b989f5a3256766804f74a50aac52f577ef929c8e1789b9353d1a4cf18d289a27b1f7e609098e11ad81bb62226
+SHA512 (bytecode-336.cvd) = 62a7f8b62da2a2476d3f66851d71e84f055f84543112b18f14e86484b02370d4daff0cb3e2b9ec77acf4a179327619a8b9950122e7882003074a9a0bf4a7ebab

update_clamav.sh

@@ -1,47 +1,80 @@
-VERSION=0.103.4
+VERSION=1.4.3
+REPOS="n"
+
+if [ -z "$1" ]
+then
+      stage=0
+else
+      stage=$1
+fi
+
 NAME=clamav
 TARBALL_CLEAN=${NAME}-${VERSION}-norar.tar.xz
 TARBALL=${NAME}-${VERSION}.tar.gz
 
+echo "Usage: $0 stage"
+echo "stage 0: prepare sources"
+echo "stage 1: get cvd using cvdupdate https://pypi.org/project/cvdupdate/"
+echo "stage 2: ask for scratch build and upload sources"
+echo "stage 3: push and build on rawhide"
+echo "stage 4: build on others branches"
+echo ""
+
+if test $stage -le 0
+then
+echo STAGE 0
+echo Press enter to prepare sources and bump version or n to skip ; read dummy;
+if [[ "$dummy" != "n" ]]; then
 wget -c https://www.clamav.net/downloads/production/${TARBALL}
 wget -c https://www.clamav.net/downloads/production/${TARBALL}.sig
 gpg --verify ${TARBALL}.sig ${TARBALL}
 zcat ${TARBALL} | tar --delete -f - '*/libclamunrar/*' | xz -c > ${TARBALL_CLEAN}
-
-# WIP clouflare don't allow wget we need download with browser
-#wget http://database.clamav.net/main.cvd
-#get http://database.clamav.net/daily.cvd
-#get http://database.clamav.net/bytecode.cvd
-
-main_ver=$(file main.cvd | sed -e 's/.*version /main-/;s/,.*/.cvd/')
-daily_ver=$(file daily.cvd | sed -e 's/.*version /daily-/;s/,.*/.cvd/')
-bytecode_ver=$(file bytecode.cvd | sed -e 's/.*version /bytecode-/;s/,.*/.cvd/')
-
-cp -f main.cvd $main_ver
-cp -f daily.cvd $daily_ver
-cp -f bytecode.cvd $bytecode_ver
-
-sed -i "s|^Source10: .*|Source10:   $main_ver|" clamav.spec
-sed -i "s|^Source11: .*|Source11:   $daily_ver|" clamav.spec
-sed -i "s|^Source12: .*|Source12:   $bytecode_ver|" clamav.spec
-
+git checkout rawhide
+git pull
 rpmdev-bumpspec -n $VERSION -c "Update to $VERSION" clamav.spec
-echo fedpkg new-sources ${TARBALL_CLEAN} $main_ver $daily_ver $bytecode_ver
+fi
+fi
+
+if test $stage -le 1
+then
+echo STAGE 1
+echo Press enter convert cvd into spec or n to skip ; read dummy;
+if [[ "$dummy" != "n" ]]; then
+./update_clamav_data.sh
+fi
+fi
+
+if test $stage -le 2
+then
+echo STAGE 2
 echo Press enter scratch-build or n to skip ; read dummy;
 if [[ "$dummy" != "n" ]]; then
 #fkinit -u sergiomb
 fedpkg scratch-build --srpm
 fi
-echo Press enter to upload sources and commit ; read dummy;
-fedpkg new-sources ${TARBALL_CLEAN} $main_ver $daily_ver $bytecode_ver
+echo Press enter to upload sources and commit or n to skip; read dummy;
+if [[ "$dummy" != "n" ]]; then
+echo fedpkg new-sources ${TARBALL_CLEAN} $main_ver $daily_ver $bytecode_ver
+fedpkg new-sources ${TARBALL_CLEAN} $(spectool -l clamav.spec | grep -P "Source10|Source11|Source12" | sed 's/.* //')
 fedpkg ci -c && git show
+fi
+fi
 
-echo Press enter to build rawhide; read dummy;
+if test $stage -le 3
+then
+echo STAGE 3
+echo Press enter to build rawhide or n to skip; read dummy;
+if [[ "$dummy" != "n" ]]; then
 git push && fedpkg build --nowait
+fi
+fi
 
-for repo in "f35 f34 f33 epel8-playground epel8 epel7" ; do
-echo Press enter to build on branch $repo; read dummy;
+echo STAGE 4
+for repo in $REPOS ; do
+echo Press enter to build on branch $repo or n to skip; read dummy;
+if [[ "$dummy" != "n" ]]; then
 git checkout $repo && git merge rawhide && fedpkg push && fedpkg build --nowait; git checkout rawhide
+fi
 done
 
 exit

update_clamav_data.sh

@@ -0,0 +1,20 @@
+# dnf install python3-cvdupdate
+# python -m cvdupdate.cvdupdate --help
+cvd config set --dbdir my_dbs
+cvdupdate list
+cvdupdate update
+pushd my_dbs
+main_ver=$(file main.cvd | sed -e 's/.*version /main-/;s/,.*/.cvd/')
+daily_ver=$(file daily.cvd | sed -e 's/.*version /daily-/;s/,.*/.cvd/')
+bytecode_ver=$(file bytecode.cvd | sed -e 's/.*version /bytecode-/;s/,.*/.cvd/')
+popd
+
+pushd my_dbs
+cp -f main.cvd ../$main_ver
+cp -f daily.cvd ../$daily_ver
+cp -f bytecode.cvd ../$bytecode_ver
+popd
+
+sed -i "s|^Source10: .*|Source10:   $main_ver|" clamav.spec
+sed -i "s|^Source11: .*|Source11:   $daily_ver|" clamav.spec
+sed -i "s|^Source12: .*|Source12:   $bytecode_ver|" clamav.spec