Bump EVR

This is part of https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_4

If there will be no comments in two weeks, I will merge this.

clamav-clamonacc-service.patch

@@ -1,5 +1,6 @@
---- ./clamonacc/clamav-clamonacc.service.in.clamonacc-service	2022-05-05 22:36:27.572671129 +0100
-+++ ./clamonacc/clamav-clamonacc.service.in	2022-05-05 22:43:05.204324524 +0100
+diff -up clamav-1.4.0/clamonacc/clamav-clamonacc.service.in.clamonacc-service clamav-1.4.0/clamonacc/clamav-clamonacc.service.in
+--- clamav-1.4.0/clamonacc/clamav-clamonacc.service.in.clamonacc-service	2024-08-15 20:12:56.950984705 -0600
++++ clamav-1.4.0/clamonacc/clamav-clamonacc.service.in	2024-08-15 20:14:19.088770747 -0600
 @@ -4,14 +4,12 @@
  [Unit]
  Description=ClamAV On-Access Scanner
@@ -14,6 +15,6 @@
 -ExecStartPre=/bin/bash -c "while [ ! -S /run/clamav/clamd.ctl ]; do sleep 1; done"
 -ExecStart=@prefix@/sbin/clamonacc -F --log=/var/log/clamav/clamonacc.log --move=/root/quarantine
 +ExecStart=@prefix@/sbin/clamonacc -F --config-file=/etc/clamd.d/scan.conf
+ ExecStop=/bin/kill -SIGKILL $MAINPID
  
  [Install]
- WantedBy=multi-user.target

clamav-rpath.patch

@@ -1,18 +0,0 @@
-diff -up clamav-1.0.0/CMakeLists.txt.rpath clamav-1.0.0/CMakeLists.txt
---- clamav-1.0.0/CMakeLists.txt.rpath	2023-01-15 22:04:58.217120124 -0700
-+++ clamav-1.0.0/CMakeLists.txt	2023-01-15 22:05:57.121818812 -0700
-@@ -180,14 +180,6 @@ endif()
- 
- include(GNUInstallDirs)
- 
--if (NOT DEFINED CMAKE_INSTALL_RPATH)
--    if(CMAKE_INSTALL_FULL_LIBDIR)
--        set(CMAKE_INSTALL_RPATH "${CMAKE_INSTALL_FULL_LIBDIR}")
--    else()
--        set(CMAKE_INSTALL_RPATH "${CMAKE_INSTALL_PREFIX}/lib")
--    endif()
--endif()
--
- if("${CMAKE_CXX_COMPILER_ID}" MATCHES "Clang")
-   set(USING_CLANG ON)
- else()

clamav-rust-dependency-versions.patch

@@ -0,0 +1,21 @@
+diff -Naur clamav-1.4.3-original/libclamav_rust/Cargo.toml clamav-1.4.3/libclamav_rust/Cargo.toml
+--- clamav-1.4.3-original/libclamav_rust/Cargo.toml	2025-12-04 10:01:33.233889863 +0000
++++ clamav-1.4.3/libclamav_rust/Cargo.toml	2025-12-04 10:02:29.088468217 +0000
+@@ -12,7 +12,7 @@
+ sha2 = "0.10"
+ tempfile = "3"
+ thiserror = "1"
+-image = "0.24"
++image = ">=0.24, <0.26"
+ rustdct = "0.7"
+ transpose = "0.2"
+ num-traits = "0.2"
+@@ -21,7 +21,7 @@
+ unicode-segmentation = "1.10"
+ bindgen = "0.69"
+ onenote_parser = "0.3.1"
+-hex-literal = "0.4"
++hex-literal = ">=0.4, <2.0"
+ inflate = "0.4"
+ bzip2-rs = "0.1"
+ byteorder = "1.5"

clamav.spec

@@ -1,4 +1,4 @@
-#global prerelease  -rc2
+#global prerelease  -rc
 
 %global _hardened_build 1
 
@@ -25,9 +25,9 @@
 
 Summary:    End-user tools for the Clam Antivirus scanner
 Name:       clamav
-Version:    1.0.7
-Release:    1%{?dist}
-License:    %{?with_unrar:proprietary}%{!?with_unrar:GPLv2}
+Version:    1.4.3
+Release:    3%{?dist}
+License:    %{?with_unrar:proprietary}%{!?with_unrar:GPL-2.0-only}
 URL:        https://www.clamav.net/
 %if %{with unrar}
 Source0:    https://www.clamav.net/downloads/production/%{name}-%{version}%{?prerelease}.tar.gz
@@ -50,9 +50,9 @@ Source5:    clamd-README
 #http://database.clamav.net/main.cvd
 Source10:   main-62.cvd
 #http://database.clamav.net/daily.cvd
-Source11:   daily-27388.cvd
+Source11:   daily-27673.cvd
 #http://database.clamav.net/bytecode.cvd
-Source12:   bytecode-335.cvd
+Source12:   bytecode-336.cvd
 #for update
 Source200:  freshclam-sleep
 Source201:  freshclam.sysconfig
@@ -65,21 +65,22 @@ Source330:  clamav-milter.systemd
 #for scanner-systemd/server-systemd
 Source530:  clamd@.service
 
-# Accept RUSTFLAGS
-# https://github.com/Cisco-Talos/clamav/pull/835
-Patch0:     clamav-rustflags.patch
 # Change default config locations for Fedora
 Patch1:     clamav-default_confs.patch
 # Fix pkg-config flags for static linking, multilib
 Patch2:     clamav-private.patch
-# Remove rpath
-Patch3:     clamav-rpath.patch
 # Modify clamav-clamonacc.service for Fedora compatibility
 Patch5:     clamav-clamonacc-service.patch
 # Allow freshclam service to run if cron.d file is present
 Patch6:     clamav-freshclam.service.patch
 # Debian patch to fix big-endian
 Patch7:     https://salsa.debian.org/clamav-team/clamav/-/raw/unstable/debian/patches/libclamav-pe-Use-endian-wrapper-in-more-places.patch
+# - Update the image crate dependency to 0.25, the current release,
+#   https://github.com/Cisco-Talos/clamav/pull/1366/commits/24d1341e8e34aa325ac03718121e33a3b4e5b75e,
+#   allowing 0.24 for backwards-compatibility with vendored dependencies in EPEL8
+# - Allow version 1.0 of the hex-literal crate dependency; not suitable for
+#   upstream yet due to MSRV
+Patch8:     clamav-rust-dependency-versions.patch
 
 BuildRequires:  cmake3
 BuildRequires:  gettext-devel
@@ -122,6 +123,9 @@ BuildRequires:  pcre2-devel
 # Explicitly needed on EL8
 BuildRequires:  python3
 BuildRequires:  python3-pytest
+%if 0%{?fedora} >= 41
+BuildRequires:  python3-cgi
+%endif
 BuildRequires:  zlib-devel
 #BuildRequires:  %%{_includedir}/tcpd.h
 BuildRequires:  bc
@@ -173,6 +177,61 @@ user-creation scripts required by clamav.
 Summary:    Dynamic libraries for the Clam Antivirus scanner
 Provides:   bundled(libmspack) = 0.5-0.1.alpha.modified_by_clamav
 
+# LICENSE.dependencies contains a full license breakdown
+# From the output of %%{cargo_license_summary}:
+#
+%if 0%{?fedora} || 0%{?rhel} >= 9
+# 0BSD OR MIT OR Apache-2.0
+# Apache-2.0
+# Apache-2.0 OR MIT
+# Apache-2.0 WITH LLVM-exception OR Apache-2.0 OR MIT
+# BSD-2-Clause
+# BSD-2-Clause AND ISC
+# BSD-3-Clause
+# MIT
+# MIT OR Apache-2.0 (duplicate)
+# MIT OR Apache-2.0 OR Zlib
+# MIT OR Zlib OR Apache-2.0 (duplicate)
+# Unlicense OR MIT
+# Zlib OR Apache-2.0 OR MIT (duplicate)
+License:    %{shrink:
+            %{?with_unrar:proprietary}%{!?with_unrar:GPL-2.0-only} AND
+            (0BSD OR MIT OR Apache-2.0) AND
+            Apache-2.0 AND
+            (Apache-2.0 OR MIT) AND
+            (Apache-2.0 WITH LLVM-exception OR Apache-2.0 OR MIT) AND
+            BSD-2-Clause AND
+            BSD-3-Clause AND
+            ISC AND
+            MIT AND
+            (MIT OR Zlib OR Apache-2.0) AND
+            (Unlicense OR MIT) AND
+            Zlib
+            }
+%else
+# 0BSD OR MIT OR Apache-2.0
+# Apache-2.0 OR MIT
+# Apache-2.0 WITH LLVM-exception OR Apache-2.0 OR MIT
+# BSD-3-Clause
+# MIT
+# MIT OR Apache-2.0 (duplicate)
+# MIT OR Zlib OR Apache-2.0
+# Unlicense OR MIT
+# Zlib
+# Zlib OR Apache-2.0 OR MIT (duplicate)
+License:    %{shrink:
+            %{?with_unrar:proprietary}%{!?with_unrar:GPL-2.0-only} AND
+            (0BSD OR MIT OR Apache-2.0) AND
+            (Apache-2.0 OR MIT) AND
+            (Apache-2.0 WITH LLVM-exception OR Apache-2.0 OR MIT) AND
+            BSD-3-Clause AND
+            MIT AND
+            (MIT OR Zlib OR Apache-2.0) AND
+            (Unlicense OR MIT) AND
+            Zlib
+            }
+%endif
+
 %description lib
 This package contains dynamic libraries shared between applications
 using the Clam Antivirus scanner.
@@ -275,21 +334,22 @@ This package contains files which are needed to run the clamav-milter.
 # EL8 and earlier do not have the Rust cargo dependencies that are
 # defined by the generate_buildrequires stage in EL9 and later, so the
 # vendored packages included in the ClamAV sources suffice.
-sed -i -e '/cbindgen/s/version = *"0.20"/version = "0.24"/' -e '/^bindgen *=/s/= .*/= "0.63"/' libclamav_rust/Cargo.toml
 %cargo_prep
 cd libclamav_rust
-rm -r .cargo
+sed -i -e '/^base64 *=/s/= .*/= "0.22"/' Cargo.toml
+sed -i -e '/^bindgen *=/s/= .*/= "0.69"/' Cargo.toml
+sed -i -e '/^cbindgen *=/s/= *".*"/= "0.26"/' Cargo.toml
+sed -i -e '/^onenote_parser *=/s/= *.*/= "0.3.1"/' Cargo.toml
 %cargo_prep
 cd ..
 %endif
 
-%patch -P0 -p1 -b .rustflags
 %patch -P1 -p1 -b .default_confs
 %patch -P2 -p1 -b .private
-%patch -P3 -p1 -b .rpath
 %patch -P5 -p1 -b .clamonacc-service
 %patch -P6 -p1 -b .freshclam-service
 %patch -P7 -p1 -b .big-endian
+%patch -P8 -p1 -b .rust-dependencies
 
 install -p -m0644 %{SOURCE300} clamav-milter/
 
@@ -322,6 +382,7 @@ export have_cv_ipv6=yes
     -DCMAKE_INSTALL_DOCDIR=%{_pkgdocdir} \
     -DCLAMAV_USER=%{updateuser} -DCLAMAV_GROUP=%{updateuser} \
     -DDATABASE_DIRECTORY=%{homedir} \
+    -DDO_NOT_SET_RPATH=ON \
     %{!?with_clamonacc:-DENABLE_CLAMONACC=OFF} \
     %{?with_llvm:-DBYTECODE_RUNTIME=llvm -D LLVM_FIND_VERSION="3.6.0"} \
     %{!?with_unrar:-DENABLE_UNRAR=OFF}
@@ -330,6 +391,10 @@ export have_cv_ipv6=yes
 
 %cmake3_build
 
+cd libclamav_rust
+%cargo_license_summary
+%{cargo_license} > ../LICENSES.dependencies
+
 
 %install
 rm -rf _doc*
@@ -420,7 +485,13 @@ rm %{buildroot}%{_unitdir}/clamav-daemon.*
 
 
 %check
+%ifarch s390x
+# Tests fail on s390x
+# https://github.com/Cisco-Talos/clamav/issues/759
+%ctest3 -- -E valgrind || :
+%else
 %ctest3 -- -E valgrind
+%endif
 # valgrind tests fail https://github.com/Cisco-Talos/clamav/issues/584
 %ctest3 -- -R valgrind || :
 
@@ -445,7 +516,6 @@ do
     [ -f $f -a $f -nt $cvd ] && rm -f $cvd || :
 done
 
-
 %pre filesystem
 getent group %{updateuser} >/dev/null || groupadd -r %{updateuser}
 getent passwd %{updateuser} >/dev/null || \
@@ -476,7 +546,6 @@ exit 0
 %postun -n clamd
 %systemd_postun_with_restart clamd@scan.service
 
-
 %triggerin milter -- clamav-scanner
 # Add the milteruser to the scanuser group; this is required when
 # milter and clamd communicate through local sockets
@@ -534,16 +603,19 @@ exit 0
 
 
 %files lib
-%{_libdir}/libclamav.so.11*
+# Licenses for statically linked Rust dependencies in libclamav
+%license LICENSES.dependencies
+%{_libdir}/libclamav.so.12*
 %{_libdir}/libclammspack.so.0*
 %if %{with unrar}
-%{_libdir}/libclamunrar*.so.11*
+%{_libdir}/libclamunrar*.so.12*
 %endif
 
 
 %files devel
 %{_includedir}/*
 %{_libdir}/*.so
+%{_libdir}/libclamav_rust.a
 %{_libdir}/pkgconfig/*
 %{_bindir}/clamav-config
 
@@ -570,9 +642,11 @@ exit 0
 
 %files freshclam
 %{_bindir}/freshclam
-%{_libdir}/libfreshclam.so.2*
+%{_libdir}/libfreshclam.so.3*
 %{_mandir}/*/freshclam*
 %{_unitdir}/clamav-freshclam.service
+%{_unitdir}/clamav-freshclam-once.service
+%{_unitdir}/clamav-freshclam-once.timer
 %config(noreplace) %verify(not mtime)    %{_sysconfdir}/freshclam.conf
 %ghost %attr(0644,%{updateuser},%{updateuser}) %{homedir}/bytecode.cld
 %ghost %attr(0644,%{updateuser},%{updateuser}) %{homedir}/bytecode.cvd
@@ -603,6 +677,24 @@ exit 0
 
 
 %changelog
+* Thu Dec 04 2025 Gwyn Ciesla <gwync@protonmail.com> - 1.4.3-3
+- Bump EVR, hex-literal patches.
+
+* Mon Aug 25 2025 Gwyn Ciesla <gwync@protonmail.com> - 1.4.3-2
+- Revert sysuser change
+
+* Wed Jul 23 2025 Orion Poplawski <orion@nwra.com> - 1.4.1-1
+- Update to 1.4.1
+
+* Wed Jul 23 2025 Orion Poplawski <orion@nwra.com> - 1.0.9-2
+- Update the image crate dependency to 0.25, the current release
+
+* Wed Jun 18 2025 Gwyn Ciesla <gwync@protonmail.com> - 1.0.9-1
+- Update to 1.0.9
+
+* Sun Jan 26 2025 Orion Poplawski <orion@nwra.com> - 1.0.8-1
+- Update to 1.0.8
+
 * Thu Sep 05 2024 Yaakov Selkowitz <yselkowi@redhat.com> - 1.0.7-1
 - Update to 1.0.7
 

libclamav-pe-Use-endian-wrapper-in-more-places.patch

@@ -1,25 +1,7 @@
-From 5a7b1cdfadc980fb1c4fa32e6275e7c96a963110 Mon Sep 17 00:00:00 2001
-From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
-Date: Fri, 6 Jan 2023 21:42:30 +0100
-Subject: libclamav/pe: Use endian wrapper in more places.
-
-A few user of VirtualAddress and Size in cli_exe_info::pe_image_data_dir
-don't use the endian wrapper while other places do. This leads to
-testsuite failures on big endian machines.
-
-Use the endian wrapper in all places across pe.c for the two members.
-
-Patch-Name: libclamav-pe-Use-endian-wrapper-in-more-places.patch
-Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
----
- libclamav/pe.c | 18 +++++++++---------
- 1 file changed, 9 insertions(+), 9 deletions(-)
-
-diff --git a/libclamav/pe.c b/libclamav/pe.c
-index f5dcea9..19cd2d4 100644
---- a/libclamav/pe.c
-+++ b/libclamav/pe.c
-@@ -2422,22 +2422,22 @@ static cl_error_t hash_imptbl(cli_ctx *ctx, unsigned char **digest, uint32_t *im
+diff -up clamav-1.4.0/libclamav/pe.c.big-endian clamav-1.4.0/libclamav/pe.c
+--- clamav-1.4.0/libclamav/pe.c.big-endian	2024-08-13 14:24:46.000000000 -0600
++++ clamav-1.4.0/libclamav/pe.c	2024-08-15 20:16:02.017730419 -0600
+@@ -2424,22 +2424,22 @@ static cl_error_t hash_imptbl(cli_ctx *c
  
      /* If the PE doesn't have an import table then skip it. This is an
       * uncommon case but can happen. */
@@ -46,7 +28,7 @@ index f5dcea9..19cd2d4 100644
      if (impdes == NULL) {
          cli_dbgmsg("scan_pe: failed to acquire fmap buffer\n");
          status = CL_EREAD;
-@@ -2447,7 +2447,7 @@ static cl_error_t hash_imptbl(cli_ctx *ctx, unsigned char **digest, uint32_t *im
+@@ -2449,7 +2449,7 @@ static cl_error_t hash_imptbl(cli_ctx *c
  
      /* Safety: We can trust peinfo->dirs[1].Size only because `fmap_need_off()` (above)
       * would have failed if the size exceeds the end of the fmap. */
@@ -55,7 +37,7 @@ index f5dcea9..19cd2d4 100644
  
      if (genhash[CLI_HASH_MD5]) {
          hashctx[CLI_HASH_MD5] = cl_hash_init("md5");
-@@ -2546,7 +2546,7 @@ static cl_error_t hash_imptbl(cli_ctx *ctx, unsigned char **digest, uint32_t *im
+@@ -2556,7 +2556,7 @@ static cl_error_t hash_imptbl(cli_ctx *c
  
  done:
      if (needed_impoff) {
@@ -64,16 +46,16 @@ index f5dcea9..19cd2d4 100644
      }
  
      for (type = CLI_HASH_MD5; type < CLI_HASH_AVAIL_TYPES; type++) {
-@@ -3250,7 +3250,7 @@ int cli_scanpe(cli_ctx *ctx)
+@@ -3241,7 +3241,7 @@ int cli_scanpe(cli_ctx *ctx)
  
      /* Trojan.Swizzor.Gen */
      if (SCAN_HEURISTICS && (DCONF & PE_CONF_SWIZZOR) && peinfo->nsections > 1 && fsize > 64 * 1024 && fsize < 4 * 1024 * 1024) {
 -        if (peinfo->dirs[2].Size) {
 +        if (EC32(peinfo->dirs[2].Size)) {
-             struct swizz_stats *stats = cli_calloc(1, sizeof(*stats));
+             struct swizz_stats *stats = calloc(1, sizeof(*stats));
              unsigned int m            = 1000;
              ret                       = CL_CLEAN;
-@@ -5292,13 +5292,13 @@ cl_error_t cli_peheader(fmap_t *map, struct cli_exe_info *peinfo, uint32_t opts,
+@@ -5250,13 +5250,13 @@ cl_error_t cli_peheader(fmap_t *map, str
          cli_dbgmsg("EntryPoint offset: 0x%x (%d)\n", peinfo->ep, peinfo->ep);
      }
  
@@ -81,7 +63,7 @@ index f5dcea9..19cd2d4 100644
 +    if (is_dll || peinfo->ndatadirs < 3 || !EC32(peinfo->dirs[2].Size))
          peinfo->res_addr = 0;
      else
-         peinfo->res_addr = EC32(peinfo->dirs[2].VirtualAddress);
+         peinfo->res_addr = peinfo->dirs[2].VirtualAddress;
  
      while (opts & CLI_PEHEADER_OPT_EXTRACT_VINFO &&
 -           peinfo->ndatadirs >= 3 && peinfo->dirs[2].Size) {

sources

@@ -1,4 +1,4 @@
-SHA512 (clamav-1.0.7-norar.tar.xz) = c8563a927005cc3782e7c43e95d40324e5254501b94ce5f4a8526abd2e5455a84d060f9e7199879706b551f3bb64209e5935e6899846cfec6c271de4917bed97
+SHA512 (clamav-1.4.3-norar.tar.xz) = d9e6835b88e4934a36b037d28cf01e627b7843e52ef9fc6858f59000acf26120f3534e7a6b262d3ad66a2668557f3a1d0a93fb676711c91f64c8b97fa36fe191
 SHA512 (main-62.cvd) = b52e5d9ecacbd9b11c3b0cc460388746fccb353a7520522ed15ee25f645a432bed5be7e6b38512f134f085eb9be76a1e26c19de8b09491d4ec46da8c5afc318e
-SHA512 (daily-27388.cvd) = ff8f3fd3386e41c288de5aec00de937807ad4e7b2d93533b7e254d2068b943b8b7310471af0dbe7e7e639668d73ff447c59038e56882bc7e1911c6dd28c1970d
-SHA512 (bytecode-335.cvd) = 9177c0533658b21584de0623ff9b7c70b2ec92ce9f6fecf98a881902c98025930430415715e9914ce7c0c6fb91aad532b4c907677c3010a0da47583b7ad24d4f
+SHA512 (daily-27673.cvd) = e0447f80ef2cc8981b0e1ea430a7006a1027de0b989f5a3256766804f74a50aac52f577ef929c8e1789b9353d1a4cf18d289a27b1f7e609098e11ad81bb62226
+SHA512 (bytecode-336.cvd) = 62a7f8b62da2a2476d3f66851d71e84f055f84543112b18f14e86484b02370d4daff0cb3e2b9ec77acf4a179327619a8b9950122e7882003074a9a0bf4a7ebab

update_clamav.sh

@@ -1,5 +1,5 @@
-VERSION=1.0.7
-REPOS="f41 f40 f39 epel9"
+VERSION=1.4.3
+REPOS="n"
 
 if [ -z "$1" ]
 then