1 |
commit: f6499af7e15a3ca218e84da12f3b75edc14cc0ff |
2 |
Author: Michael Orlitzky <mjo <AT> gentoo <DOT> org> |
3 |
AuthorDate: Thu May 5 15:36:29 2022 +0000 |
4 |
Commit: Michael Orlitzky <mjo <AT> gentoo <DOT> org> |
5 |
CommitDate: Thu May 5 15:55:21 2022 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f6499af7 |
7 |
|
8 |
app-antivirus/clamav: new upstream v0.103.6 with multiple CVE fixes. |
9 |
|
10 |
Package-Manager: Portage-3.0.30, Repoman-3.0.3 |
11 |
Signed-off-by: Michael Orlitzky <mjo <AT> gentoo.org> |
12 |
|
13 |
app-antivirus/clamav/Manifest | 1 + |
14 |
app-antivirus/clamav/clamav-0.103.6.ebuild | 239 +++++++++++++++++++++++++++++ |
15 |
2 files changed, 240 insertions(+) |
16 |
|
17 |
diff --git a/app-antivirus/clamav/Manifest b/app-antivirus/clamav/Manifest |
18 |
index 25346f721b8b..cf94a37f3ba3 100644 |
19 |
--- a/app-antivirus/clamav/Manifest |
20 |
+++ b/app-antivirus/clamav/Manifest |
21 |
@@ -1,2 +1,3 @@ |
22 |
DIST clamav-0.103.5.tar.gz 16434316 BLAKE2B c5a21b72419a8cd731656d8a8bbc79c5850895f1d8cc56cb5d19eabe2356a5dfcf88e7dc9553071a24b2719bae07cf1a941da3dbed69da8ac4ae3b8897ab32fe SHA512 242423b507eacbbd31dbae6dd0325dff87da25bb8072f2cee7a5e7cab4b8eb5ee6196c759570c1d75986a2777f0f79f92cfbd6250a30ae5b53390c75b238c29a |
23 |
+DIST clamav-0.103.6.tar.gz 16491761 BLAKE2B 3c43bcda4a613f81d1b31036e7323a7af7708e54af94ad30a659a8fb318d8f79f357086ce70703659298524d778374df886495cd8c75280bbbe4bae30795a85a SHA512 d39e1964678b8251bde3a9f3db30fe3d3d76cc566a86834297f4dd8489086dc9cc4c6541ca128089159f4c071d2d85b530455bd942987d3929ea0082b8ab272b |
24 |
DIST clamav-0.104.2.tar.gz 11950409 BLAKE2B 7d7eb9d22ca519f7ad0c171b6cab4b59cb52787a897ab31b9567166be2223f9ea89e79f42f1e4e0caf32fcb4b008f5ce755fa136566f85fe1de7808b436f80fa SHA512 8c89a05dec6650677125177434cc49ec2298701525508cdda52358e8f98086d80892287f6267f8b7fda0aef2ca361616cb584c3059f3b066bfde65f7f1ba2df5 |
25 |
|
26 |
diff --git a/app-antivirus/clamav/clamav-0.103.6.ebuild b/app-antivirus/clamav/clamav-0.103.6.ebuild |
27 |
new file mode 100644 |
28 |
index 000000000000..c741ac2099ac |
29 |
--- /dev/null |
30 |
+++ b/app-antivirus/clamav/clamav-0.103.6.ebuild |
31 |
@@ -0,0 +1,239 @@ |
32 |
+# Copyright 1999-2022 Gentoo Authors |
33 |
+# Distributed under the terms of the GNU General Public License v2 |
34 |
+ |
35 |
+EAPI=8 |
36 |
+ |
37 |
+inherit autotools flag-o-matic systemd tmpfiles |
38 |
+ |
39 |
+DESCRIPTION="Clam Anti-Virus Scanner" |
40 |
+HOMEPAGE="https://www.clamav.net/" |
41 |
+SRC_URI="https://www.clamav.net/downloads/production/${P}.tar.gz" |
42 |
+ |
43 |
+LICENSE="GPL-2" |
44 |
+SLOT="0" |
45 |
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~ppc ~ppc64 ~riscv ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~sparc-solaris ~x86-solaris" |
46 |
+IUSE="bzip2 doc clamonacc clamdtop clamsubmit iconv ipv6 libclamav-only milter metadata-analysis-api selinux systemd test xml" |
47 |
+ |
48 |
+REQUIRED_USE="libclamav-only? ( !clamonacc !clamdtop !clamsubmit !milter !metadata-analysis-api )" |
49 |
+ |
50 |
+RESTRICT="!test? ( test )" |
51 |
+ |
52 |
+# Require acct-{user,group}/clamav at build time so that we can set |
53 |
+# the permissions on /var/lib/clamav in src_install rather than in |
54 |
+# pkg_postinst; calling "chown" on the live filesystem scares me. |
55 |
+CDEPEND="acct-group/clamav |
56 |
+ acct-user/clamav |
57 |
+ dev-libs/libltdl |
58 |
+ dev-libs/libmspack |
59 |
+ || ( dev-libs/libpcre2 >dev-libs/libpcre-6 ) |
60 |
+ dev-libs/tomsfastmath |
61 |
+ >=sys-libs/zlib-1.2.2:= |
62 |
+ bzip2? ( app-arch/bzip2 ) |
63 |
+ clamdtop? ( sys-libs/ncurses:0 ) |
64 |
+ clamsubmit? ( net-misc/curl dev-libs/json-c:= ) |
65 |
+ elibc_musl? ( sys-libs/fts-standalone ) |
66 |
+ iconv? ( virtual/libiconv ) |
67 |
+ !libclamav-only? ( net-misc/curl ) |
68 |
+ dev-libs/openssl:0= |
69 |
+ milter? ( || ( mail-filter/libmilter mail-mta/sendmail ) ) |
70 |
+ xml? ( dev-libs/libxml2 )" |
71 |
+ |
72 |
+# We need at least autoconf-2.69-r5 because that's the first (patched) |
73 |
+# version of it in Gentoo that supports ./configure --runstatedir. |
74 |
+BDEPEND=">=sys-devel/autoconf-2.69-r5 |
75 |
+ virtual/pkgconfig" |
76 |
+ |
77 |
+DEPEND="${CDEPEND} |
78 |
+ metadata-analysis-api? ( dev-libs/json-c:* ) |
79 |
+ test? ( dev-libs/check )" |
80 |
+RDEPEND="${CDEPEND} |
81 |
+ selinux? ( sec-policy/selinux-clamav )" |
82 |
+ |
83 |
+PATCHES=( |
84 |
+ "${FILESDIR}/${PN}-0.102.1-libxml2_pkgconfig.patch" #661328 |
85 |
+ "${FILESDIR}/${PN}-0.102.2-fix-curl-detection.patch" #709616 |
86 |
+ "${FILESDIR}/${PN}-0.103.0-system-tomsfastmath.patch" # 649394 |
87 |
+ "${FILESDIR}/${PN}-0.103.1-upstream-openrc.patch" |
88 |
+) |
89 |
+ |
90 |
+src_prepare() { |
91 |
+ default |
92 |
+ |
93 |
+ # Be extra sure that we're using the system copy of tomsfastmath |
94 |
+ einfo "removing bundled copy of dev-libs/tomsfastmath" |
95 |
+ rm -r libclamav/tomsfastmath || \ |
96 |
+ die "failed to remove bundled tomsfastmath" |
97 |
+ |
98 |
+ AT_NO_RECURSIVE="yes" eautoreconf |
99 |
+} |
100 |
+ |
101 |
+src_configure() { |
102 |
+ use elibc_musl && append-ldflags -lfts |
103 |
+ use ppc64 && append-flags -mminimal-toc |
104 |
+ |
105 |
+ # according to configure help it should be |
106 |
+ # $(use_enable xml) |
107 |
+ # but that does not work |
108 |
+ # do not add this, since --disable-xml seems to override |
109 |
+ # --without-xml |
110 |
+ JSONUSE="--without-libjson" |
111 |
+ |
112 |
+ if use clamsubmit || use metadata-analysis-api; then |
113 |
+ # either of those 2 requires libjson. |
114 |
+ # clamsubmit will be built as soon as libjson and curl are found |
115 |
+ # but we only install the binary if requested |
116 |
+ JSONUSE="--with-libjson=${EPREFIX}/usr" |
117 |
+ fi |
118 |
+ |
119 |
+ local myeconfargs=( |
120 |
+ $(use_enable bzip2) |
121 |
+ $(use_enable clamonacc) |
122 |
+ $(use_enable clamdtop) |
123 |
+ $(use_enable ipv6) |
124 |
+ $(use_enable milter) |
125 |
+ $(use_enable test check) |
126 |
+ $(use_with xml) |
127 |
+ $(use_with iconv) |
128 |
+ ${JSONUSE} |
129 |
+ $(use_enable libclamav-only) |
130 |
+ $(use_with !libclamav-only libcurl) |
131 |
+ --with-system-libmspack |
132 |
+ --cache-file="${S}"/config.cache |
133 |
+ --disable-experimental |
134 |
+ --disable-static |
135 |
+ --disable-zlib-vcheck |
136 |
+ --enable-id-check |
137 |
+ --with-dbdir="${EPREFIX}"/var/lib/clamav |
138 |
+ # Don't call --with-zlib=/usr (see bug #699296) |
139 |
+ --with-zlib |
140 |
+ --disable-llvm |
141 |
+ --enable-openrc |
142 |
+ --runstatedir=/run |
143 |
+ ) |
144 |
+ econf "${myeconfargs[@]}" |
145 |
+} |
146 |
+ |
147 |
+src_install() { |
148 |
+ default |
149 |
+ |
150 |
+ rm -rf "${ED}"/var/lib/clamav || die |
151 |
+ |
152 |
+ if ! use libclamav-only ; then |
153 |
+ if use systemd; then |
154 |
+ # The tmpfiles entry is behind USE=systemd because the |
155 |
+ # upstream OpenRC service files should (and do) ensure that |
156 |
+ # the directories they need exist and have the correct |
157 |
+ # permissions without the help of opentmpfiles. There are |
158 |
+ # years-old root exploits in opentmpfiles, the design is |
159 |
+ # fundamentally flawed, and the maintainer is not up to |
160 |
+ # the task of fixing it. |
161 |
+ dotmpfiles "${FILESDIR}/tmpfiles.d/clamav.conf" |
162 |
+ systemd_newunit "${FILESDIR}/clamd_at.service" "clamd@.service" |
163 |
+ systemd_dounit "${FILESDIR}/clamd.service" |
164 |
+ systemd_newunit "${FILESDIR}/freshclamd.service-r1" \ |
165 |
+ "freshclamd.service" |
166 |
+ fi |
167 |
+ |
168 |
+ insinto /etc/logrotate.d |
169 |
+ newins "${FILESDIR}/clamd.logrotate" clamd |
170 |
+ newins "${FILESDIR}/freshclam.logrotate" freshclam |
171 |
+ use milter && \ |
172 |
+ newins "${FILESDIR}/clamav-milter.logrotate-r1" clamav-milter |
173 |
+ |
174 |
+ # Modify /etc/{clamd,freshclam}.conf to be usable out of the box |
175 |
+ sed -i -e "s:^\(Example\):\# \1:" \ |
176 |
+ -e "s/^#\(PidFile .*\)/\1/" \ |
177 |
+ -e "s/^#\(LocalSocket .*\)/\1/" \ |
178 |
+ -e "s/^#\(User .*\)/\1/" \ |
179 |
+ -e "s:^\#\(LogFile\) .*:\1 ${EPREFIX}/var/log/clamav/clamd.log:" \ |
180 |
+ -e "s:^\#\(LogTime\).*:\1 yes:" \ |
181 |
+ -e "s/^#\(DatabaseDirectory .*\)/\1/" \ |
182 |
+ "${ED}"/etc/clamd.conf.sample || die |
183 |
+ |
184 |
+ sed -i -e "s:^\(Example\):\# \1:" \ |
185 |
+ -e "s/^#\(PidFile .*\)/\1/" \ |
186 |
+ -e "s/^#\(DatabaseOwner .*\)/\1/" \ |
187 |
+ -e "s:^\#\(UpdateLogFile\) .*:\1 ${EPREFIX}/var/log/clamav/freshclam.log:" \ |
188 |
+ -e "s:^\#\(NotifyClamd\).*:\1 ${EPREFIX}/etc/clamd.conf:" \ |
189 |
+ -e "s:^\#\(ScriptedUpdates\).*:\1 yes:" \ |
190 |
+ -e "s/^#\(DatabaseDirectory .*\)/\1/" \ |
191 |
+ "${ED}"/etc/freshclam.conf.sample || die |
192 |
+ |
193 |
+ if use milter ; then |
194 |
+ # Note: only keep the "unix" ClamdSocket and MilterSocket! |
195 |
+ sed -i -e "s:^\(Example\):\# \1:" \ |
196 |
+ -e "s/^#\(PidFile .*\)/\1/" \ |
197 |
+ -e "s/^#\(ClamdSocket unix:.*\)/\1/" \ |
198 |
+ -e "s/^#\(User .*\)/\1/" \ |
199 |
+ -e "s/^#\(MilterSocket unix:.*\)/\1/" \ |
200 |
+ -e "s:^\#\(LogFile\) .*:\1 ${EPREFIX}/var/log/clamav/clamav-milter.log:" \ |
201 |
+ "${ED}"/etc/clamav-milter.conf.sample || die |
202 |
+ |
203 |
+ cat >> "${ED}"/etc/conf.d/clamd <<-EOF |
204 |
+ MILTER_NICELEVEL=19 |
205 |
+ START_MILTER=no |
206 |
+ EOF |
207 |
+ |
208 |
+ systemd_newunit "${FILESDIR}/clamav-milter.service-r1" clamav-milter.service |
209 |
+ fi |
210 |
+ |
211 |
+ local i |
212 |
+ for i in clamd freshclam clamav-milter |
213 |
+ do |
214 |
+ if [[ -f "${ED}"/etc/"${i}".conf.sample ]]; then |
215 |
+ mv "${ED}"/etc/"${i}".conf{.sample,} || die |
216 |
+ fi |
217 |
+ done |
218 |
+ |
219 |
+ # These both need to be writable by the clamav user. |
220 |
+ # TODO: use syslog by default; that's what it's for. |
221 |
+ diropts -o clamav -g clamav |
222 |
+ keepdir /var/lib/clamav |
223 |
+ keepdir /var/log/clamav |
224 |
+ fi |
225 |
+ |
226 |
+ if use doc ; then |
227 |
+ local HTML_DOCS=( docs/html/. ) |
228 |
+ einstalldocs |
229 |
+ |
230 |
+ if ! use libclamav-only ; then |
231 |
+ doman docs/man/*.[1-8] |
232 |
+ fi |
233 |
+ fi |
234 |
+ |
235 |
+ find "${ED}" -name '*.la' -delete || die |
236 |
+} |
237 |
+ |
238 |
+src_test() { |
239 |
+ if use libclamav-only ; then |
240 |
+ ewarn "Test target not available when USE=libclamav-only is set, skipping tests ..." |
241 |
+ return 0 |
242 |
+ fi |
243 |
+ |
244 |
+ emake quick-check |
245 |
+} |
246 |
+ |
247 |
+pkg_postinst() { |
248 |
+ if ! use libclamav-only ; then |
249 |
+ if use systemd ; then |
250 |
+ tmpfiles_process clamav.conf |
251 |
+ fi |
252 |
+ fi |
253 |
+ |
254 |
+ if use milter ; then |
255 |
+ elog "For simple instructions how to setup the clamav-milter read the" |
256 |
+ elog "clamav-milter.README.gentoo in /usr/share/doc/${PF}" |
257 |
+ fi |
258 |
+ |
259 |
+ local databases=( "${EROOT}"/var/lib/clamav/main.c[lv]d ) |
260 |
+ if [[ ! -f "${databases}" ]] ; then |
261 |
+ ewarn "You must run freshclam manually to populate the virus database" |
262 |
+ ewarn "before starting clamav for the first time." |
263 |
+ fi |
264 |
+ |
265 |
+ ewarn "This version of ClamAV provides separate OpenRC services" |
266 |
+ ewarn "for clamd, freshclam, clamav-milter, and clamonacc. The" |
267 |
+ ewarn "clamd service now starts only the clamd daemon itself. You" |
268 |
+ ewarn "should add freshclam (and perhaps clamav-milter) to any" |
269 |
+ ewarn "runlevels that previously contained clamd." |
270 |
+} |