Re: [Comm] [Sysadmins] I: clamav-0.90.2 update needs some extra attention (Fwd: Re: [Security-team] [Sisyphus-cybertalk] I: Sisyphus-20070414 bugs: +8 -12 (1902))

[Motsyo Gennadi aka Drool <motsyo@gmail.com>]

[-- Attachment #1: Type: text/plain, Size: 472 bytes --]

Sergey пишет:
> On Saturday 21 April 2007, Michael Shigorin wrote:
> 
>> При обновлении пакета clamav на Master 2.4
> 
> Тут апдейт "немного не собрался". После применения buildreq обнаружил, что 
> имеет место большое несоответствие по количеству требуемых пакетов, хотя 
> Дмитрий написал, что проблему вызвал zlib-devel. Надеюсь, что доразберусь 
> сегодня-завтра с тем, кто там реально требуется.

	Спек для ALM-2.4 прилагаю.
$ rpm -q clamav
clamav-0.90.2-alt0.M24.1


[-- Attachment #2: clamav.spec --]
[-- Type: text/plain, Size: 14581 bytes --]

%def_without static
%def_with milter

%def_with ownconfdir

%if_with ownconfdir
%define clamconfdir /etc/clamav
%else
%define clamconfdir /etc
%endif

Name: clamav
Version: 0.90.2
Release: alt0.M24.1

Summary: Clam Antivirus scanner
License: GPL
Group: File tools

URL: http://www.clamav.net/
%ifdef snap
Source0: http://www.clamav.net/snapshot/clamav-devel-%snap.tar.gz
%else
Source0: http://download.sourceforge.net/clamav/clamav-%{version}.tar.gz
%endif

Source1: clamav.init
Source2: clamav.sysconfig

Source4: freshclam.cron
Source5: freshclam.logrotate
Source6: clamav.logrotate

Source10: clamav-milter.init
Source11: clamav-milter.sysconfig
Source12: clamav-milter.msg
Source13: clamav-milter.whitelist
Source14: clamav-milter.conf

Source20: virusstat-perIP
Source21: virusstat-perIP-PrevHour
Source22: virusstat-total
Source23: virusstat.cron.example

Patch1: clamav-0.90-config.patch
Patch2: freshclam-0.90RC1-config.patch

Patch10: clamav-milter-20070313-template.patch
Patch11: clamav-milter-20041206-ip-to-log.patch

Patch12: clamav-milter-0.87.3-2-log.patch
Patch13: clamav.cfgparser.0.88.3.c.SysLogVerbose.parch

Patch20: clamav-0.90-libs.private.patch

# Package with clamd should require libclamav, not vice versa.
# Corresponding libclamav version need to be updated before, or clamd restart may fail!
Requires: lib%{name} = %version-%release

# Database updater moved to separated package.
Requires: clamav-freshclam = %version-%release

# postinstall uses subst utility
Requires(post): sed >= 1:3.02-alt1

# bc and sed used by configure script
BuildRequires: sed

# Automatically added by buildreq on Wed Feb 14 2007
# ...and edited manually to separate conditional buildreqs (and remove exim-common :-)
BuildRequires: bc bzlib-devel libcurl-devel libgmp-devel zlib-devel libssl-devel

# for snapshots
%ifdef snap
BuildRequires: automake_1.8
%endif

%{?_with_static:BuildRequires: glibc-devel-static}
%{?_with_milter:BuildRequires: sendmail-devel sendmail-libs}

%description
Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose
of this software is the integration with mail servers (attachment
scanning). The package provides a flexible and scalable
multi-threaded daemon, a commandline scanner, and a tool for
automatic updating via Internet. The programs are based on a
shared library distributed with the Clam AntiVirus package, which
you can use in your own software.

%package -n lib%{name}
Summary: Shared libraries for clamav
Group: Development/C

%description -n lib%{name}
Shared libraries for clamav.

%package -n lib%{name}-devel
Summary: Development header files and libraries for clamav
Group: Development/C
Requires: %name = %version

%description -n lib%{name}-devel
This package contains the development header files and libraries
necessary to develop clamav client applications.

%package -n lib%{name}-devel-static
Summary: clamav static libraries
Group: Development/C
Requires: lib%{name}-devel = %version

%description -n lib%{name}-devel-static
clamav static libraries.

%package milter
Summary: clamav-milter for sendmail
Group: File tools
Requires: clamav = %version, sendmail

%description milter
This package contains the filter for Sendmail necessary to
integrate clamav with Sendmail MTA.

%package manual
Summary: ClamAV User Manual
Group: Books/Howtos

%description manual
This package contains user manual for clamav in HTML format.

%package freshclam
Summary: Auto-updater for the Clam Antivirus scanner virus signature files
Group: File tools

%description freshclam
This package contains programs which can be used to update the clamav
anti-virus database automatically. It uses the freshclam(1) utility for
this task.

%prep
%setup -q %{?snap: -n clamav-devel-%snap} %{?beta: -n clamav-%{version}%{beta}}
%patch1 -p1
%patch2 -p1

%patch10 -p0
#%patch11 -p0
#%patch12 -p0
#%patch13 -p0
%patch20 -p1

%build
%ifdef snap
aclocal
%endif

# --disable-clamav: Disable test for clamav user/group
%configure \
	--enable-experimental \
	--sysconfdir=%clamconfdir \
	--disable-clamav \
	--with-user=mail \
	--with-group=mail \
	--without-tcpwrappers \
	--with-libcurl \
	--with-dbdir=/var/lib/%name %{?_with_milter: --enable-milter --with-sendmail=/usr/sbin/sendmail}

# configure trying to get sendmail version (used in milter code) from installed sendmail!
# I'd like to simplify build on host systems with alternative MTA installed so I prefer
# to just add needed strings:
cat <<EOF >>clamav-config.h
#define SENDMAIL_VERSION_A 8
#define SENDMAIL_VERSION_B 14
#define SENDMAIL_VERSION_C 0
EOF
# NB: yes, hardcoded. If you want to build clamav-milter for older sendmail
# change numbers accordingly!

%make_build

install -m644 %_sourcedir/virusstat* .

tar zxf contrib/clamdmon/clamdmon-*
cd clamdmon*
make CFLAGS="%optflags"

%install
%make_install install DESTDIR=%buildroot

# fix config
%__subst 's|@@CLAMAVCONFDIR@@|%clamconfdir|' %buildroot%clamconfdir/freshclam.conf

%{!?_with_milter:rm -f %buildroot%_man1dir/clamav-milter*}

install -pD -m755 %_sourcedir/clamav.init %buildroot/etc/rc.d/init.d/clamd
install -m755 %_sourcedir/clamav-milter.init %buildroot/etc/rc.d/init.d/clamav-milter

install -pD %_sourcedir/clamav.sysconfig %buildroot/etc/sysconfig/clamd

%if_with milter
#install -m644 %_sourcedir/clamav-milter.sysconfig %buildroot/etc/sysconfig/clamav-milter
sed -e 's|@@CLAMAVCONFDIR@@|%clamconfdir|' < %_sourcedir/clamav-milter.sysconfig > %buildroot/etc/sysconfig/clamav-milter
install -m644 %_sourcedir/clamav-milter.whitelist %buildroot%clamconfdir/
install -m644 %_sourcedir/clamav-milter.msg %buildroot%clamconfdir/
install -m644 %_sourcedir/clamav-milter.conf %buildroot%clamconfdir/
%endif

install -d %buildroot%_logdir/clamav
touch %buildroot%_logdir/clamav/clamd.log
touch %buildroot%_logdir/clamav/freshclam.log

# install the logrotate stuff
install -pD -m644 %_sourcedir/freshclam.logrotate %buildroot%_sysconfdir/logrotate.d/freshclam
install -m644 %_sourcedir/clamav.logrotate %buildroot%_sysconfdir/logrotate.d/clamav

# pid file dir
install -d %buildroot/var/run/clamav

# install clamdmon
pushd clamdmon*
install -m755 clamdmon %buildroot%_bindir/
subst 's@/usr/local/sbin@/usr/bin@' clamdmon.sh
popd

# install html docs
mkdir -p %buildroot%_defaultdocdir/clamav-manual
rm -rf docs/html/CVS
install -m644 docs/html/* %buildroot%_defaultdocdir/clamav-manual

# remove non-packaged files
rm -f %buildroot%_libdir/*.la
rm -f %buildroot/var/lib/clamav/*.cvd
%if_without static
rm -f %buildroot%_libdir/*.a
%endif

install -d %buildroot%_sysconfdir/cron.d
cat <<EOF >%buildroot%_sysconfdir/cron.d/freshclam
30 * * * *       root    %_bindir/freshclam --quiet --daemon-notify
EOF

%post
# virus db format changed with 0.65, so delete old databases
rm -f /var/lib/clamav/viruses.db*

# randomize time of database updating (in order to distribute load on servers evenly)
RNDM=$[$RANDOM/555]
/usr/bin/subst s/^[0-9]*/$RNDM/ %_sysconfdir/cron.d/freshclam

touch %_logdir/clamav/clamd.log
chown mail.root %_logdir/clamav/clamd.log
chmod 644 %_logdir/clamav/clamd.log

%post_service clamd

%preun
%preun_service clamd

%post -n lib%{name} -p %post_ldconfig
%postun -n lib%{name} -p %postun_ldconfig

%post milter
%post_service clamav-milter

%preun milter
%preun_service clamav-milter

%files
%doc AUTHORS BUGS ChangeLog README
%doc docs/signatures.* clamdmon*/clamdmon.sh
%doc virusstat*

%_bindir/clamdscan
%_bindir/clamscan
%_bindir/sigtool
%_bindir/clamdmon
%_sbindir/clamd
%config %_initdir/clamd
%{?_with_ownconfdir: %dir %clamconfdir}
%config(noreplace) %verify(not md5 size mtime) %clamconfdir/clamd.conf
%config(noreplace) %_sysconfdir/logrotate.d/clamav
%attr(640,root,root) %config(noreplace) %verify(not md5 size mtime) /etc/sysconfig/clamd
%_man1dir/clamdscan*
%_man1dir/clamscan*
%_man1dir/sigtool*
%_man5dir/*
%_man8dir/clamd*
%attr(3775,root,mail) %dir /var/lib/clamav
%attr(3775,root,mail) %dir /var/run/clamav
%attr(3771,root,mail) %dir %_logdir/clamav
%attr(640,mail,root) %ghost %_logdir/clamav/clamd.log

%files -n lib%{name}
%_libdir/lib*.so.*

%files freshclam
%{?_with_ownconfdir: %dir %clamconfdir}
%attr(3775,root,mail) %dir /var/lib/clamav
%attr(3775,root,mail) %dir /var/run/clamav
%attr(3771,root,mail) %dir %_logdir/clamav
%_bindir/freshclam
%_man1dir/freshclam*
%_bindir/clamconf
%_man1dir/clamconf*
%config(noreplace) %verify(not md5 size mtime) %clamconfdir/freshclam.conf
%config(noreplace) %_sysconfdir/cron.d/freshclam
%config(noreplace) %_sysconfdir/logrotate.d/freshclam
%attr(644,mail,mail) %ghost %_logdir/clamav/freshclam.log

%files -n lib%{name}-devel
%_bindir/clamav-config
%_libdir/lib*.so
%_libdir/pkgconfig/*
%_includedir/*.h

%files manual
%_defaultdocdir/clamav-manual

%if_with static
%files -n lib%{name}-devel-static
%_libdir/lib*.a
%endif

%if_with milter
%files milter
%_sbindir/clamav-milter
%config %_initdir/clamav-milter
%config(noreplace) %verify(not md5 size mtime) /etc/sysconfig/clamav-milter
%config(noreplace) %verify(not md5 size mtime) %clamconfdir/*.msg
%config(noreplace) %verify(not md5 size mtime) %clamconfdir/clamav-milter.conf
%config(noreplace) %verify(not md5 size mtime) %clamconfdir/clamav-milter.whitelist
%_man8dir/clamav-milter.*
%endif

%changelog
* Sun Apr 15 2007 Motsyo Gennadi <drool@altlinux.ru> 0.90.2-alt0.M24.1
- build for ALM-2.4

* Fri Apr 13 2007 Victor Forsyuk <force@altlinux.org> 0.90.2-alt1
- 0.90.2 (contains security related fixes).

* Mon Mar 05 2007 Victor Forsyuk <force@altlinux.org> 0.90.1-alt1
- 0.90.1

* Thu Mar 01 2007 Victor Forsyuk <force@altlinux.org> 0.90-alt2
- Fix not expanded variable in freshclam config (ALT#10958).

* Wed Feb 14 2007 Victor Forsyuk <force@altlinux.org> 0.90-alt1
- 0.90
- Move clamconf to clamav-freshclam package.
- Cleaned up pkgconfig and clamav-config.

* Fri Feb 09 2007 Victor Forsyuk <force@altlinux.org> 0.90-alt0.2.rc3
- Rebuilt with libmilter.so.3.

* Fri Feb 02 2007 Victor Forsyuk <force@altlinux.org> 0.90-alt0.1.rc3
- 0.90 RC3.
- Fix ALT#10486: clamav-freshclam package should contain /var/lib/clamav.

* Tue Oct 31 2006 Victor Forsyuk <force@altlinux.org> 0.90-alt0.0.rc2
- 0.90 RC2
- Move post_service call to end of post-install script (thnx to Sergey Afonin).
- Move freshclam to separate package as it just updates signature databases that
  used by all software built around libclamav (such as havp, clement etc).
- Apply patch that fixes RH#202043.

* Thu Aug 10 2006 Victor Forsyuk <force@altlinux.ru> 0.88.4-alt1
- 0.88.4, fixed CVE-2006-4018.

* Wed Jul 26 2006 Victor Forsyuk <force@altlinux.ru> 0.88.3-alt1
- 0.88.3

* Thu May 04 2006 Victor Forsyuk <force@altlinux.ru> 0.88.2-alt1
- Fixes security issue in freshclam.

* Thu Apr 06 2006 Victor Forsyuk <force@altlinux.ru> 0.88.1-alt1
- 0.88.1
- Fixed CVE-2006-1614, CVE-2006-1615 and CVE-2006-1630.
- Patches for clamav-milter from Sergey Y. Afonin.

* Fri Jan 13 2006 Victor Forsyuk <force@altlinux.ru> 0.88-alt1
- 0.88

* Tue Nov 08 2005 Victor Forsyuk <force@altlinux.ru> 0.87.1-alt1
- 0.87.1
- Create clamd.log in postinstall script with correct owner and mode.
  Otherwise clamav-milter will be very unhappy :) (reported by asy@).

* Wed Sep 28 2005 Victor Forsyuk <force@altlinux.ru> 0.87-alt1
- 0.87

* Tue Jul 26 2005 Victor Forsyuk <force@altlinux.ru> 0.86.2-alt1
- 0.86.2

* Mon Jul 11 2005 Victor Forsyuk <force@altlinux.ru> 0.86.1-alt1
- 0.86.1.
- Enable scanning RAR archives in default config.
- Hack to define sendmail version used in clamav-milter code when
  building on boxes without sendmail installed.

* Tue May 17 2005 Victor Forsyuk <force@altlinux.ru> 0.85.1-alt1
- 0.85.1.

* Wed May 04 2005 Victor Forsyuk <force@altlinux.ru> 0.84-alt1
- 0.84 release.
- Allow replacement of rc.d service script during upgrades
  (i.e., remove "noreplace" in spec).

* Fri Apr 08 2005 Victor Forsyuk <force@altlinux.ru> 0.84-alt0.rc1
- Add clamdmon to package.
- Move HTML docs to separate package.

* Thu Feb 17 2005 Victor Forsyuk <force@altlinux.ru> 0.83-alt2
- clamav-milter tweaks from Sergey Afonin.

* Mon Feb 14 2005 Victor Forsyuk <force@altlinux.ru> 0.83-alt1
- 0.83.

* Mon Feb 07 2005 Victor Forsyuk <force@altlinux.ru> 0.82-alt1
- 0.82.

* Thu Jan 27 2005 Victor Forsyuk <force@altlinux.ru> 0.81-alt2
- 0.81.
- Fix from Sergey Afonin: add `bc' to BuildRequires.
- Patch to fix freshclam error with buggy proxy servers (that answers
  in HTTP/1.0 when we requested HTTP/1.1).

* Fri Jan 21 2005 Victor Forsyuk <force@altlinux.ru> 0.81-alt1.rc1
- 0.81rc1.
- Address BTS #5377.

* Fri Oct 29 2004 Victor Forsyuk <force@altlinux.ru> 0.80-alt4
- Check for database updates hourly.
- Fix path to config file in NotifyClamd.

* Mon Oct 18 2004 Victor Forsyuk <force@altlinux.ru> 0.80-alt3
- 0.80.
- Patches from Sergey Afonin.

* Tue Oct 12 2004 Victor Forsyuk <force@altlinux.ru> 0.80-alt2.rc4
- Mark clamav-milter startup script as noreplaced config.
- Small fix in database updating time randomizer.
- Modify clamav-milter sysconfig file.
- Move config files to /etc/clamav.
- Tweak initscripts priorities to start clamd before clamav-milter
  and both of them before MTA.

* Wed Sep 29 2004 Victor Forsyuk <force@altlinux.ru> 0.80-alt1.rc3
- 0.80rc3.

* Mon Aug 30 2004 Victor Forsyuk <force@altlinux.ru> 0.75.1-alt2
- Build --without-tcpwrappers to fix bug #5064.

* Mon Aug 02 2004 Victor Forsyuk <force@altlinux.ru> 0.75.1-alt1
- 0.75.1

* Fri Jun 25 2004 Victor Forsyuk <force@altlinux.ru> 0.73-alt1
- 0.73.
- Add pkgconfig file and clamav-config to -devel package.

* Wed May 19 2004 Victor Forsyuk <force@altlinux.ru> 0.71-alt1
- New version.

* Wed Apr 21 2004 Victor Forsyuk <force@altlinux.ru> 0.70-alt2
- New version.
- Freshclam launching time randomized at package installation.
  Thanks to Sergey Afonin <asy <at> kraft-s.ru> for idea.

* Wed Apr 14 2004 Victor Forsyuk <force@altlinux.ru> 0.70-alt1.20040414
- Build (post-0.70rc) snapshot from 2004/04/14.

* Mon Mar 01 2004 Victor Forsyuk <force@altlinux.ru> 0.67-alt2.20040301
- Build snapshot from 2004/03/01.
- Fix logrotate for clamd logs.
- Add --daemon-notify to options freshclam run with.
- Add build with milter and create clamav-milter subpackage.

* Sun Feb 15 2004 Victor Forsyuk <force@altlinux.ru> 0.67-alt1
- New version.
- Checks for new database every two hours (suggested by clamav authors).
- Rotate logs weekly (was monthly).

* Thu Dec 18 2003 Victor Forsyuk <force@altlinux.ru> 0.65-alt0.1
- New version.
- Removed *.la files.
- Do not build devel-static subpackage by default.

* Fri Jun 27 2003 Victor Forsyuk <force@altlinux.ru> 0.60-alt1
- Initial build for Sisyphus.