README.fedora.md

@@ -1,25 +1,25 @@
-## README.fedora.md (mainly clamav-milter) 
+# README.Fedora.md for clamav-milter
 
 
 Please note for Fedora and EPEL 7+ we use only systemd.
 
 A clamav-milter setup consists of the following three components:
 
-### The clamav-milter itself
+* the clamav-milter itself
 
   The main configuration is in /etc/mail/clamav-milter.conf and MUST
   be changed before first use.
 
   This can be enabled with: 'systemctl enable clamav-milter.service'
 
-### A clamav scanner daemon
+* a clamav scanner daemon
 
   The daemon is configured by /etc/clamd.d/scan.conf (which MUST be
   edited before first use).
 
   This can be enabled with: 'systemctl enable clamd@scan.service'
 
-### The MTA (sendmail/postfix)
+* the MTA (sendmail/postfix)
 
   --> you should know how to install this...
 
@@ -31,12 +31,13 @@ A clamav-milter setup consists of the following three components:
 
   to your sendmail.mc.
 
-### Changing permissions of directory /var/lib/clamav  
-
-  - Whenever ClamAV is upgraded by dnf, the permissions for the /var/lib/clamav directory change to user clamupdate  
-  - If for some reason you need DatabaseOwner be another user, you may copy /usr/lib/systemd/system/clamav-freshclam.service to /etc/systemd/system/ and add ExecStartPre=+/usr/bin/chown youruser:yourgroup /var/lib/clamav and updates won't break your configuration ...
-  - Please add comments to https://bugzilla.redhat.com/show_bug.cgi?id=2023371 if not work for you or if you have any suggestion.
-  - Note: =+ on systemd.service (man 5 systemd.service, Special executable prefixes)  If the executable path is prefixed with "+" then the process is executed with full privileges.
+* Changing permissions of directory /var/lib/clamav
+  Whenever ClamAV is upgraded by dnf, the permissions for the /var/lib/clamav directory change to user clamupdate
+  If for some reason you need DatabaseOwner be another user, you may copy /usr/lib/systemd/system/clamav-freshclam.service to /etc/systemd/system/
+  and add ExecStartPre=+/usr/bin/chown youruser:yourgroup /var/lib/clamav and updates won't break your configuration ...
+  Please add comments to https://bugzilla.redhat.com/show_bug.cgi?id=2023371 if not work for you or if you have any suggestion.
+  Note: =+ on systemd.service (man 5 systemd.service, Special executable prefixes)
+  If the executable path is prefixed with "+" then the process is executed with full privileges.
 
 
 EXAMPLE

clamav-clamonacc-service.patch

@@ -1,6 +1,5 @@
-diff -up clamav-1.4.0/clamonacc/clamav-clamonacc.service.in.clamonacc-service clamav-1.4.0/clamonacc/clamav-clamonacc.service.in
---- clamav-1.4.0/clamonacc/clamav-clamonacc.service.in.clamonacc-service	2024-08-15 20:12:56.950984705 -0600
-+++ clamav-1.4.0/clamonacc/clamav-clamonacc.service.in	2024-08-15 20:14:19.088770747 -0600
+--- ./clamonacc/clamav-clamonacc.service.in.clamonacc-service	2022-05-05 22:36:27.572671129 +0100
++++ ./clamonacc/clamav-clamonacc.service.in	2022-05-05 22:43:05.204324524 +0100
 @@ -4,14 +4,12 @@
  [Unit]
  Description=ClamAV On-Access Scanner
@@ -15,6 +14,6 @@ diff -up clamav-1.4.0/clamonacc/clamav-clamonacc.service.in.clamonacc-service cl
 -ExecStartPre=/bin/bash -c "while [ ! -S /run/clamav/clamd.ctl ]; do sleep 1; done"
 -ExecStart=@prefix@/sbin/clamonacc -F --log=/var/log/clamav/clamonacc.log --move=/root/quarantine
 +ExecStart=@prefix@/sbin/clamonacc -F --config-file=/etc/clamd.d/scan.conf
- ExecStop=/bin/kill -SIGKILL $MAINPID
  
  [Install]
+ WantedBy=multi-user.target

clamav-rpath.patch

@@ -0,0 +1,18 @@
+diff -up clamav-1.0.0/CMakeLists.txt.rpath clamav-1.0.0/CMakeLists.txt
+--- clamav-1.0.0/CMakeLists.txt.rpath	2023-01-15 22:04:58.217120124 -0700
++++ clamav-1.0.0/CMakeLists.txt	2023-01-15 22:05:57.121818812 -0700
+@@ -180,14 +180,6 @@ endif()
+ 
+ include(GNUInstallDirs)
+ 
+-if (NOT DEFINED CMAKE_INSTALL_RPATH)
+-    if(CMAKE_INSTALL_FULL_LIBDIR)
+-        set(CMAKE_INSTALL_RPATH "${CMAKE_INSTALL_FULL_LIBDIR}")
+-    else()
+-        set(CMAKE_INSTALL_RPATH "${CMAKE_INSTALL_PREFIX}/lib")
+-    endif()
+-endif()
+-
+ if("${CMAKE_CXX_COMPILER_ID}" MATCHES "Clang")
+   set(USING_CLANG ON)
+ else()

clamav-rust-dependency-versions.patch

@@ -1,21 +0,0 @@
-diff -Naur clamav-1.4.3-original/libclamav_rust/Cargo.toml clamav-1.4.3/libclamav_rust/Cargo.toml
---- clamav-1.4.3-original/libclamav_rust/Cargo.toml	2025-12-04 10:01:33.233889863 +0000
-+++ clamav-1.4.3/libclamav_rust/Cargo.toml	2025-12-04 10:02:29.088468217 +0000
-@@ -12,7 +12,7 @@
- sha2 = "0.10"
- tempfile = "3"
- thiserror = "1"
--image = "0.24"
-+image = ">=0.24, <0.26"
- rustdct = "0.7"
- transpose = "0.2"
- num-traits = "0.2"
-@@ -21,7 +21,7 @@
- unicode-segmentation = "1.10"
- bindgen = "0.69"
- onenote_parser = "0.3.1"
--hex-literal = "0.4"
-+hex-literal = ">=0.4, <2.0"
- inflate = "0.4"
- bzip2-rs = "0.1"
- byteorder = "1.5"

clamav.spec

@@ -1,4 +1,4 @@
-#global prerelease  -rc
+#global prerelease  -rc2
 
 %global _hardened_build 1
 
@@ -25,9 +25,9 @@
 
 Summary:    End-user tools for the Clam Antivirus scanner
 Name:       clamav
-Version:    1.4.3
-Release:    3%{?dist}
-License:    %{?with_unrar:proprietary}%{!?with_unrar:GPL-2.0-only}
+Version:    1.0.6
+Release:    1%{?dist}
+License:    %{?with_unrar:proprietary}%{!?with_unrar:GPLv2}
 URL:        https://www.clamav.net/
 %if %{with unrar}
 Source0:    https://www.clamav.net/downloads/production/%{name}-%{version}%{?prerelease}.tar.gz
@@ -50,9 +50,9 @@ Source5:    clamd-README
 #http://database.clamav.net/main.cvd
 Source10:   main-62.cvd
 #http://database.clamav.net/daily.cvd
-Source11:   daily-27673.cvd
+Source11:   daily-27256.cvd
 #http://database.clamav.net/bytecode.cvd
-Source12:   bytecode-336.cvd
+Source12:   bytecode-335.cvd
 #for update
 Source200:  freshclam-sleep
 Source201:  freshclam.sysconfig
@@ -65,22 +65,21 @@ Source330:  clamav-milter.systemd
 #for scanner-systemd/server-systemd
 Source530:  clamd@.service
 
+# Accept RUSTFLAGS
+# https://github.com/Cisco-Talos/clamav/pull/835
+Patch0:     clamav-rustflags.patch
 # Change default config locations for Fedora
 Patch1:     clamav-default_confs.patch
 # Fix pkg-config flags for static linking, multilib
 Patch2:     clamav-private.patch
+# Remove rpath
+Patch3:     clamav-rpath.patch
 # Modify clamav-clamonacc.service for Fedora compatibility
 Patch5:     clamav-clamonacc-service.patch
 # Allow freshclam service to run if cron.d file is present
 Patch6:     clamav-freshclam.service.patch
 # Debian patch to fix big-endian
 Patch7:     https://salsa.debian.org/clamav-team/clamav/-/raw/unstable/debian/patches/libclamav-pe-Use-endian-wrapper-in-more-places.patch
-# - Update the image crate dependency to 0.25, the current release,
-#   https://github.com/Cisco-Talos/clamav/pull/1366/commits/24d1341e8e34aa325ac03718121e33a3b4e5b75e,
-#   allowing 0.24 for backwards-compatibility with vendored dependencies in EPEL8
-# - Allow version 1.0 of the hex-literal crate dependency; not suitable for
-#   upstream yet due to MSRV
-Patch8:     clamav-rust-dependency-versions.patch
 
 BuildRequires:  cmake3
 BuildRequires:  gettext-devel
@@ -110,12 +109,10 @@ BuildRequires:  curl-devel
 BuildRequires:  git-core
 BuildRequires:  gmp-devel
 BuildRequires:  json-c-devel
-%if ! (0%{?fedora} > 40 || 0%{?rhel} > 9)
 BuildRequires:  libprelude-devel
 # libprelude-config --libs brings in gnutls, pcre
 # https://bugzilla.redhat.com/show_bug.cgi?id=1830473
 BuildRequires:  gnutls-devel
-%endif
 BuildRequires:  libxml2-devel
 BuildRequires:  ncurses-devel
 BuildRequires:  openssl-devel
@@ -123,9 +120,6 @@ BuildRequires:  pcre2-devel
 # Explicitly needed on EL8
 BuildRequires:  python3
 BuildRequires:  python3-pytest
-%if 0%{?fedora} >= 41
-BuildRequires:  python3-cgi
-%endif
 BuildRequires:  zlib-devel
 #BuildRequires:  %%{_includedir}/tcpd.h
 BuildRequires:  bc
@@ -165,6 +159,7 @@ Summary:    Filesystem structure for clamav
 # Prevent version mix
 Conflicts:  %{name} < %{version}-%{release}
 Conflicts:  %{name} > %{version}-%{release}
+Requires(pre):  shadow-utils
 BuildArch:  noarch
 
 %description filesystem
@@ -176,61 +171,6 @@ user-creation scripts required by clamav.
 Summary:    Dynamic libraries for the Clam Antivirus scanner
 Provides:   bundled(libmspack) = 0.5-0.1.alpha.modified_by_clamav
 
-# LICENSE.dependencies contains a full license breakdown
-# From the output of %%{cargo_license_summary}:
-#
-%if 0%{?fedora} || 0%{?rhel} >= 9
-# 0BSD OR MIT OR Apache-2.0
-# Apache-2.0
-# Apache-2.0 OR MIT
-# Apache-2.0 WITH LLVM-exception OR Apache-2.0 OR MIT
-# BSD-2-Clause
-# BSD-2-Clause AND ISC
-# BSD-3-Clause
-# MIT
-# MIT OR Apache-2.0 (duplicate)
-# MIT OR Apache-2.0 OR Zlib
-# MIT OR Zlib OR Apache-2.0 (duplicate)
-# Unlicense OR MIT
-# Zlib OR Apache-2.0 OR MIT (duplicate)
-License:    %{shrink:
-            %{?with_unrar:proprietary}%{!?with_unrar:GPL-2.0-only} AND
-            (0BSD OR MIT OR Apache-2.0) AND
-            Apache-2.0 AND
-            (Apache-2.0 OR MIT) AND
-            (Apache-2.0 WITH LLVM-exception OR Apache-2.0 OR MIT) AND
-            BSD-2-Clause AND
-            BSD-3-Clause AND
-            ISC AND
-            MIT AND
-            (MIT OR Zlib OR Apache-2.0) AND
-            (Unlicense OR MIT) AND
-            Zlib
-            }
-%else
-# 0BSD OR MIT OR Apache-2.0
-# Apache-2.0 OR MIT
-# Apache-2.0 WITH LLVM-exception OR Apache-2.0 OR MIT
-# BSD-3-Clause
-# MIT
-# MIT OR Apache-2.0 (duplicate)
-# MIT OR Zlib OR Apache-2.0
-# Unlicense OR MIT
-# Zlib
-# Zlib OR Apache-2.0 OR MIT (duplicate)
-License:    %{shrink:
-            %{?with_unrar:proprietary}%{!?with_unrar:GPL-2.0-only} AND
-            (0BSD OR MIT OR Apache-2.0) AND
-            (Apache-2.0 OR MIT) AND
-            (Apache-2.0 WITH LLVM-exception OR Apache-2.0 OR MIT) AND
-            BSD-3-Clause AND
-            MIT AND
-            (MIT OR Zlib OR Apache-2.0) AND
-            (Unlicense OR MIT) AND
-            Zlib
-            }
-%endif
-
 %description lib
 This package contains dynamic libraries shared between applications
 using the Clam Antivirus scanner.
@@ -298,6 +238,7 @@ Requires:   data(clamav)
 Requires:   clamav-filesystem = %{version}-%{release}
 Requires:   clamav-lib        = %{version}-%{release}
 Requires:   coreutils
+Requires(pre):  shadow-utils
 # This is still used by clamsmtp and exim-clamav
 Provides: clamav-server = %{version}-%{release}
 Provides: clamav-scanner-systemd = %{version}-%{release}
@@ -318,9 +259,9 @@ Summary:    Milter module for the Clam Antivirus scanner
 #Requires: clamd = %%{version}-%%{release}
 #Requires: /usr/sbin/sendmail
 Requires:   clamav-filesystem = %{version}-%{release}
+Requires(pre):  shadow-utils
 Provides: clamav-milter-systemd = %{version}-%{release}
 Obsoletes: clamav-milter-systemd < %{version}-%{release}
-Requires: group(clamscan)
 
 %description milter
 This package contains files which are needed to run the clamav-milter.
@@ -332,43 +273,27 @@ This package contains files which are needed to run the clamav-milter.
 # EL8 and earlier do not have the Rust cargo dependencies that are
 # defined by the generate_buildrequires stage in EL9 and later, so the
 # vendored packages included in the ClamAV sources suffice.
+sed -i -e '/cbindgen/s/version = *"0.20"/version = "0.24"/' -e '/^bindgen *=/s/= .*/= "0.63"/' libclamav_rust/Cargo.toml
 %cargo_prep
 cd libclamav_rust
-sed -i -e '/^base64 *=/s/= .*/= "0.22"/' Cargo.toml
-sed -i -e '/^bindgen *=/s/= .*/= "0.69"/' Cargo.toml
-sed -i -e '/^cbindgen *=/s/= *".*"/= "0.26"/' Cargo.toml
-sed -i -e '/^onenote_parser *=/s/= *.*/= "0.3.1"/' Cargo.toml
+rm -r .cargo
 %cargo_prep
 cd ..
 %endif
 
+%patch -P0 -p1 -b .rustflags
 %patch -P1 -p1 -b .default_confs
 %patch -P2 -p1 -b .private
+%patch -P3 -p1 -b .rpath
 %patch -P5 -p1 -b .clamonacc-service
 %patch -P6 -p1 -b .freshclam-service
 %patch -P7 -p1 -b .big-endian
-%patch -P8 -p1 -b .rust-dependencies
 
 install -p -m0644 %{SOURCE300} clamav-milter/
 
 mkdir -p libclamunrar{,_iface}
 %{!?with_unrar:touch libclamunrar/{Makefile.in,all,install}}
 
-# Create sysusers.d config files
-cat >clamav.sysusers.conf <<EOF
-g virusgroup -
-u clamupdate - 'Clamav database update user' %{homedir} -
-m clamupdate virusgroup
-EOF
-cat >clamd.sysusers.conf <<EOF
-u clamscan - 'Clamav scanner user' - -
-m clamscan virusgroup
-EOF
-cat >clamav-milter.sysusers.conf <<EOF
-u clamilt - 'Clamav milter user' %{_rundir}/clamav-milter -
-m clamilt virusgroup
-m clamilt clamscan
-EOF
 
 %if 0%{?fedora} || 0%{?rhel} >= 9
 %generate_buildrequires
@@ -378,6 +303,7 @@ cd libclamav_rust
 %cargo_generate_buildrequires
 %endif
 
+
 %build
 # add -Wl,--as-needed if not exist
 export LDFLAGS=$(echo %{?__global_ldflags} | sed '/-Wl,--as-needed/!s/$/ -Wl,--as-needed/')
@@ -385,7 +311,7 @@ export LDFLAGS=$(echo %{?__global_ldflags} | sed '/-Wl,--as-needed/!s/$/ -Wl,--a
 export have_cv_ipv6=yes
 
 %cmake3 \
-%if 0%{?fedora} || 0%{?rhel} >= 8
+%if 0%{?fedora} || 0%{?rhel} >= 9
     -DRUSTFLAGS="%build_rustflags" \
 %else
     -DRUSTFLAGS="%__global_rustflags" \
@@ -394,7 +320,6 @@ export have_cv_ipv6=yes
     -DCMAKE_INSTALL_DOCDIR=%{_pkgdocdir} \
     -DCLAMAV_USER=%{updateuser} -DCLAMAV_GROUP=%{updateuser} \
     -DDATABASE_DIRECTORY=%{homedir} \
-    -DDO_NOT_SET_RPATH=ON \
     %{!?with_clamonacc:-DENABLE_CLAMONACC=OFF} \
     %{?with_llvm:-DBYTECODE_RUNTIME=llvm -D LLVM_FIND_VERSION="3.6.0"} \
     %{!?with_unrar:-DENABLE_UNRAR=OFF}
@@ -403,10 +328,6 @@ export have_cv_ipv6=yes
 
 %cmake3_build
 
-cd libclamav_rust
-%cargo_license_summary
-%{cargo_license} > ../LICENSES.dependencies
-
 
 %install
 rm -rf _doc*
@@ -495,21 +416,11 @@ install -m 0644 %SOURCE1 %{buildroot}%{_includedir}/clamav-types.h
 # TODO: Evaluate using upstream's unit with clamav-daemon.socket
 rm %{buildroot}%{_unitdir}/clamav-daemon.*
 
-install -m0644 -D clamav.sysusers.conf %{buildroot}%{_sysusersdir}/clamav.conf
-install -m0644 -D clamd.sysusers.conf %{buildroot}%{_sysusersdir}/clamd.conf
-install -m0644 -D clamav-milter.sysusers.conf %{buildroot}%{_sysusersdir}/clamav-milter.conf
-
 
 %check
-%ifarch s390x
-# Tests fail on s390x
-# https://github.com/Cisco-Talos/clamav/issues/759
-%ctest3 -E valgrind || :
-%else
-%ctest3 -E valgrind
-%endif
+%ctest3 -- -E valgrind
 # valgrind tests fail https://github.com/Cisco-Talos/clamav/issues/584
-%ctest3 -R valgrind || :
+%ctest3 -- -R valgrind || :
 
 
 %post
@@ -532,6 +443,25 @@ do
     [ -f $f -a $f -nt $cvd ] && rm -f $cvd || :
 done
 
+
+%pre filesystem
+getent group %{updateuser} >/dev/null || groupadd -r %{updateuser}
+getent passwd %{updateuser} >/dev/null || \
+    useradd -r -g %{updateuser} -d %{homedir} -s /sbin/nologin \
+    -c "Clamav database update user" %{updateuser}
+getent group virusgroup >/dev/null || groupadd -r virusgroup
+usermod %{updateuser} -a -G virusgroup
+exit 0
+
+
+%pre -n clamd
+getent group %{scanuser} >/dev/null || groupadd -r %{scanuser}
+getent passwd %{scanuser} >/dev/null || \
+    useradd -r -g %{scanuser} -d / -s /sbin/nologin \
+    -c "Clamav scanner user" %{scanuser}
+usermod %{scanuser} -a -G virusgroup
+exit 0
+
 %post -n clamd
 # Point to the new service unit
 [ -L /etc/systemd/system/multi-user.target.wants/clamd@scan.service ] &&
@@ -544,6 +474,20 @@ done
 %postun -n clamd
 %systemd_postun_with_restart clamd@scan.service
 
+
+%triggerin milter -- clamav-scanner
+# Add the milteruser to the scanuser group; this is required when
+# milter and clamd communicate through local sockets
+/usr/sbin/groupmems -g %{scanuser} -a %{milteruser} &>/dev/null || :
+
+%pre milter
+getent group %{milteruser} >/dev/null || groupadd -r %{milteruser}
+getent passwd %{milteruser} >/dev/null || \
+    useradd -r -g %{milteruser} -d %{_rundir}/clamav-milter -s /sbin/nologin \
+    -c "Clamav Milter user" %{milteruser}
+usermod %{milteruser} -a -G virusgroup
+exit 0
+
 %post milter
 %systemd_post clamav-milter.service
 
@@ -588,19 +532,16 @@ done
 
 
 %files lib
-# Licenses for statically linked Rust dependencies in libclamav
-%license LICENSES.dependencies
-%{_libdir}/libclamav.so.12*
+%{_libdir}/libclamav.so.11*
 %{_libdir}/libclammspack.so.0*
 %if %{with unrar}
-%{_libdir}/libclamunrar*.so.12*
+%{_libdir}/libclamunrar*.so.11*
 %endif
 
 
 %files devel
 %{_includedir}/*
 %{_libdir}/*.so
-%{_libdir}/libclamav_rust.a
 %{_libdir}/pkgconfig/*
 %{_bindir}/clamav-config
 
@@ -610,7 +551,6 @@ done
 %dir %{_sysconfdir}/clamd.d
 # Used by both clamd, clamdscan, and clamonacc
 %config(noreplace) %{_sysconfdir}/clamd.d/scan.conf
-%{_sysusersdir}/clamav.conf
 
 
 %files data
@@ -628,11 +568,9 @@ done
 
 %files freshclam
 %{_bindir}/freshclam
-%{_libdir}/libfreshclam.so.3*
+%{_libdir}/libfreshclam.so.2*
 %{_mandir}/*/freshclam*
 %{_unitdir}/clamav-freshclam.service
-%{_unitdir}/clamav-freshclam-once.service
-%{_unitdir}/clamav-freshclam-once.timer
 %config(noreplace) %verify(not mtime)    %{_sysconfdir}/freshclam.conf
 %ghost %attr(0644,%{updateuser},%{updateuser}) %{homedir}/bytecode.cld
 %ghost %attr(0644,%{updateuser},%{updateuser}) %{homedir}/bytecode.cvd
@@ -650,7 +588,6 @@ done
 %{_sbindir}/clamd
 %{_unitdir}/clamd@.service
 %{_tmpfilesdir}/clamd.scan.conf
-%{_sysusersdir}/clamd.conf
 
 
 %files milter
@@ -661,40 +598,9 @@ done
 %dir %{_sysconfdir}/mail
 %config(noreplace) %{_sysconfdir}/mail/clamav-milter.conf
 %{_tmpfilesdir}/clamav-milter.conf
-%{_sysusersdir}/clamav-milter.conf
 
 
 %changelog
-* Thu Dec 04 2025 Gwyn Ciesla <gwync@protonmail.com> - 1.4.3-3
-- Bump EVR, hex-literal patches.
-
-* Wed Jul 23 2025 Fedora Release Engineering <releng@fedoraproject.org> - 1.4.3-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
-
-* Wed Jun 18 2025 Gwyn Ciesla <gwync@protonmail.com> - 1.4.3-1
-- 1.4.3
-
-* Sat Feb  8 2025 Zbigniew Jedrzejewski-Szmek <zbyszek@in.waw.pl> - 1.4.2-2
-- Add sysusers.d config files to allow rpm to create users/groups automatically
-
-* Thu Jan 23 2025 Orion Poplawski <orion@nwra.com> - 1.4.2-1
-- Update to 1.4.2
-
-* Thu Jan 16 2025 Fedora Release Engineering <releng@fedoraproject.org> - 1.4.1-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
-
-* Wed Sep 25 2024 Orion Poplawski <orion@nwra.com> - 1.4.1-1
-- Update to 1.4.1
-
-* Sun Sep 15 2024 Benjamin A. Beasley <code@musicinmybrain.net> - 1.0.7-2
-- Update the image crate dependency to 0.25, the current release
-
-* Thu Sep 05 2024 Yaakov Selkowitz <yselkowi@redhat.com> - 1.0.7-1
-- Update to 1.0.7
-
-* Wed Jul 17 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.6-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
-
 * Fri Apr 26 2024 Orion Poplawski <orion@nwra.com> - 1.0.6-1
 - Update to 1.0.6
 

libclamav-pe-Use-endian-wrapper-in-more-places.patch

@@ -1,7 +1,25 @@
-diff -up clamav-1.4.0/libclamav/pe.c.big-endian clamav-1.4.0/libclamav/pe.c
---- clamav-1.4.0/libclamav/pe.c.big-endian	2024-08-13 14:24:46.000000000 -0600
-+++ clamav-1.4.0/libclamav/pe.c	2024-08-15 20:16:02.017730419 -0600
-@@ -2424,22 +2424,22 @@ static cl_error_t hash_imptbl(cli_ctx *c
+From 5a7b1cdfadc980fb1c4fa32e6275e7c96a963110 Mon Sep 17 00:00:00 2001
+From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
+Date: Fri, 6 Jan 2023 21:42:30 +0100
+Subject: libclamav/pe: Use endian wrapper in more places.
+
+A few user of VirtualAddress and Size in cli_exe_info::pe_image_data_dir
+don't use the endian wrapper while other places do. This leads to
+testsuite failures on big endian machines.
+
+Use the endian wrapper in all places across pe.c for the two members.
+
+Patch-Name: libclamav-pe-Use-endian-wrapper-in-more-places.patch
+Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
+---
+ libclamav/pe.c | 18 +++++++++---------
+ 1 file changed, 9 insertions(+), 9 deletions(-)
+
+diff --git a/libclamav/pe.c b/libclamav/pe.c
+index f5dcea9..19cd2d4 100644
+--- a/libclamav/pe.c
++++ b/libclamav/pe.c
+@@ -2422,22 +2422,22 @@ static cl_error_t hash_imptbl(cli_ctx *ctx, unsigned char **digest, uint32_t *im
  
      /* If the PE doesn't have an import table then skip it. This is an
       * uncommon case but can happen. */
@@ -28,7 +46,7 @@ diff -up clamav-1.4.0/libclamav/pe.c.big-endian clamav-1.4.0/libclamav/pe.c
      if (impdes == NULL) {
          cli_dbgmsg("scan_pe: failed to acquire fmap buffer\n");
          status = CL_EREAD;
-@@ -2449,7 +2449,7 @@ static cl_error_t hash_imptbl(cli_ctx *c
+@@ -2447,7 +2447,7 @@ static cl_error_t hash_imptbl(cli_ctx *ctx, unsigned char **digest, uint32_t *im
  
      /* Safety: We can trust peinfo->dirs[1].Size only because `fmap_need_off()` (above)
       * would have failed if the size exceeds the end of the fmap. */
@@ -37,7 +55,7 @@ diff -up clamav-1.4.0/libclamav/pe.c.big-endian clamav-1.4.0/libclamav/pe.c
  
      if (genhash[CLI_HASH_MD5]) {
          hashctx[CLI_HASH_MD5] = cl_hash_init("md5");
-@@ -2556,7 +2556,7 @@ static cl_error_t hash_imptbl(cli_ctx *c
+@@ -2546,7 +2546,7 @@ static cl_error_t hash_imptbl(cli_ctx *ctx, unsigned char **digest, uint32_t *im
  
  done:
      if (needed_impoff) {
@@ -46,16 +64,16 @@ diff -up clamav-1.4.0/libclamav/pe.c.big-endian clamav-1.4.0/libclamav/pe.c
      }
  
      for (type = CLI_HASH_MD5; type < CLI_HASH_AVAIL_TYPES; type++) {
-@@ -3241,7 +3241,7 @@ int cli_scanpe(cli_ctx *ctx)
+@@ -3250,7 +3250,7 @@ int cli_scanpe(cli_ctx *ctx)
  
      /* Trojan.Swizzor.Gen */
      if (SCAN_HEURISTICS && (DCONF & PE_CONF_SWIZZOR) && peinfo->nsections > 1 && fsize > 64 * 1024 && fsize < 4 * 1024 * 1024) {
 -        if (peinfo->dirs[2].Size) {
 +        if (EC32(peinfo->dirs[2].Size)) {
-             struct swizz_stats *stats = calloc(1, sizeof(*stats));
+             struct swizz_stats *stats = cli_calloc(1, sizeof(*stats));
              unsigned int m            = 1000;
              ret                       = CL_CLEAN;
-@@ -5250,13 +5250,13 @@ cl_error_t cli_peheader(fmap_t *map, str
+@@ -5292,13 +5292,13 @@ cl_error_t cli_peheader(fmap_t *map, struct cli_exe_info *peinfo, uint32_t opts,
          cli_dbgmsg("EntryPoint offset: 0x%x (%d)\n", peinfo->ep, peinfo->ep);
      }
  
@@ -63,7 +81,7 @@ diff -up clamav-1.4.0/libclamav/pe.c.big-endian clamav-1.4.0/libclamav/pe.c
 +    if (is_dll || peinfo->ndatadirs < 3 || !EC32(peinfo->dirs[2].Size))
          peinfo->res_addr = 0;
      else
-         peinfo->res_addr = peinfo->dirs[2].VirtualAddress;
+         peinfo->res_addr = EC32(peinfo->dirs[2].VirtualAddress);
  
      while (opts & CLI_PEHEADER_OPT_EXTRACT_VINFO &&
 -           peinfo->ndatadirs >= 3 && peinfo->dirs[2].Size) {

sources

@@ -1,4 +1,4 @@
-SHA512 (clamav-1.4.3-norar.tar.xz) = d9e6835b88e4934a36b037d28cf01e627b7843e52ef9fc6858f59000acf26120f3534e7a6b262d3ad66a2668557f3a1d0a93fb676711c91f64c8b97fa36fe191
+SHA512 (clamav-1.0.6-norar.tar.xz) = 8e056ec657f379a5de3cd62dfb90dfc9bac5814497ee8e917484b4203f04d5765b23691415b11eafbd084d1e55c6c864b7424e82a760993765194360d0acb609
 SHA512 (main-62.cvd) = b52e5d9ecacbd9b11c3b0cc460388746fccb353a7520522ed15ee25f645a432bed5be7e6b38512f134f085eb9be76a1e26c19de8b09491d4ec46da8c5afc318e
-SHA512 (daily-27673.cvd) = e0447f80ef2cc8981b0e1ea430a7006a1027de0b989f5a3256766804f74a50aac52f577ef929c8e1789b9353d1a4cf18d289a27b1f7e609098e11ad81bb62226
-SHA512 (bytecode-336.cvd) = 62a7f8b62da2a2476d3f66851d71e84f055f84543112b18f14e86484b02370d4daff0cb3e2b9ec77acf4a179327619a8b9950122e7882003074a9a0bf4a7ebab
+SHA512 (daily-27256.cvd) = cafb9ee0228662b512614d75f8d13585ce55ffb3aafca809cca247adf5e8bb21f39c2beb29ca6030b7a4df3e0ece835601396fe26c40564f6bc5e9b693b4b700
+SHA512 (bytecode-335.cvd) = 9177c0533658b21584de0623ff9b7c70b2ec92ce9f6fecf98a881902c98025930430415715e9914ce7c0c6fb91aad532b4c907677c3010a0da47583b7ad24d4f

update_clamav.sh

@@ -1,5 +1,5 @@
-VERSION=1.4.3
-REPOS="n"
+VERSION=1.0.6
+REPOS="f40 f39 f38 epel9"
 
 if [ -z "$1" ]
 then