Bug#946557: buster-pu: package clamav/0.102.1+dfsg-0+deb10u1
On December 29, 2019 11:30:51 AM UTC, "Adam D. Barratt" wrote: >> I slightly updated the package to >> - add the new `clamonacc' binary to the clamav-daemon package. >> - remove the `ScanOnAccess' option from the postinst/debconf script. >> The option is deprecated and the functionality moved into the >> clamonacc binary. > >Is there a migration path there, or are users expected to notice and >somehow update their deployments? Upstream provides no migration path. The documentation says how to start it manually. The package provides no init script for the new binary. I have currently no idea what the best way of integrating is. I expected the users to notice it and come back and tell what they expect. Now that you bring it up, it might be good to provide an initscript. Maybe just adding the script would be enough. Feel free to reject it and I look at it. >Regards, > >Adam -- Sebastian
Bug#946557: buster-pu: package clamav/0.102.1+dfsg-0+deb10u1
On Mon, 2019-12-23 at 21:58 +0100, Sebastian Andrzej Siewior wrote: > On 2019-12-10 23:46:47 [+0100], To sub...@bugs.debian.org wrote: > > It is unstable for 10 days now. It did not migrate to testing due > > to a > > debci regression in pg-snakeoil. I opened a bug against pg- > > snakeoil, I > > don't see anything wrong within clamav. > > In the meantime the package migrated into testing. I didn't manage to > reproduce the ci bug. The pg-snakeoil package change its testsuite to > avoid downloading the whole database on each test. > I slightly updated the package to > - add the new `clamonacc' binary to the clamav-daemon package. > - remove the `ScanOnAccess' option from the postinst/debconf script. > The option is deprecated and the functionality moved into the > clamonacc binary. Is there a migration path there, or are users expected to notice and somehow update their deployments? Regards, Adam
Bug#946557: buster-pu: package clamav/0.102.1+dfsg-0+deb10u1
On 2019-12-10 23:46:47 [+0100], To sub...@bugs.debian.org wrote: > It is unstable for 10 days now. It did not migrate to testing due to a > debci regression in pg-snakeoil. I opened a bug against pg-snakeoil, I > don't see anything wrong within clamav. In the meantime the package migrated into testing. I didn't manage to reproduce the ci bug. The pg-snakeoil package change its testsuite to avoid downloading the whole database on each test. I slightly updated the package to - add the new `clamonacc' binary to the clamav-daemon package. - remove the `ScanOnAccess' option from the postinst/debconf script. The option is deprecated and the functionality moved into the clamonacc binary. Sebastian diff --git a/debian/changelog b/debian/changelog index bca40e2..d3cd598 100644 --- a/debian/changelog +++ b/debian/changelog @@ -6,8 +6,10 @@ clamav (0.102.1+dfsg-0+deb10u1) buster; urgency=medium - Let freshclam show progress during download (Closes: #690789). * Update symbol file. * Add libfreshclam to the libclamav9 package. + * Add the clamonacc binary to the clamav-daemon package. + * Drop ScanOnAccess option. The clamonacc provides this functionality. - -- Sebastian Andrzej Siewior Sun, 08 Dec 2019 12:40:16 +0100 + -- Sebastian Andrzej Siewior Mon, 23 Dec 2019 21:04:45 +0100 clamav (0.101.4+dfsg-0+deb10u1) buster; urgency=medium diff --git a/debian/clamav-daemon.config.in b/debian/clamav-daemon.config.in index 60bef89..131336c 100644 --- a/debian/clamav-daemon.config.in +++ b/debian/clamav-daemon.config.in @@ -72,7 +72,6 @@ set_debconf_value daemon LogSyslog set_debconf_value daemon LogFile set_debconf_value daemon LogTime set_debconf_value daemon LogRotate -set_debconf_value daemon ScanOnAccess set_debconf_value daemon OnAccessMaxFileSize set_debconf_value daemon AllowAllMatchScan set_debconf_value daemon ForceToDisk @@ -327,13 +326,10 @@ while [ "$STATE" != "End" ]; do StateGeneric low clamav-daemon/LogTime LogRotate LogFile ;; "LogRotate") -StateGeneric low clamav-daemon/LogRotate ScanOnAccess LogFile -;; -"ScanOnAccess") -StateGeneric low clamav-daemon/ScanOnAccess OnAccessMaxFileSize LogFile +StateGeneric low clamav-daemon/LogRotate LogFile ;; "OnAccessMaxFileSize") -StateGeneric low clamav-daemon/OnAccessMaxFileSize AllowAllMatchScan ScanOnAccess +StateGeneric low clamav-daemon/OnAccessMaxFileSize AllowAllMatchScan ;; "AllowAllMatchScan") StateGeneric low clamav-daemon/AllowAllMatchScan ForceToDisk OnAccessMaxFileSize diff --git a/debian/clamav-daemon.install b/debian/clamav-daemon.install index 1ae9a50..ef63c2a 100644 --- a/debian/clamav-daemon.install +++ b/debian/clamav-daemon.install @@ -2,5 +2,6 @@ debian/script usr/share/bug/clamav-daemon/ debian/tmp/lib/systemd/system/clamav-daemon.service debian/tmp/usr/bin/clamconf debian/tmp/usr/bin/clamdtop +debian/tmp/usr/bin/clamonacc debian/tmp/usr/sbin/clamd debian/usr.sbin.clamd etc/apparmor.d/ diff --git a/debian/clamav-daemon.postinst.in b/debian/clamav-daemon.postinst.in index a4a3595..0770634 100644 --- a/debian/clamav-daemon.postinst.in +++ b/debian/clamav-daemon.postinst.in @@ -116,12 +116,8 @@ case "$1" in db_get clamav-daemon/BytecodeTimeout || true BytecodeTimeout="$RET" fi -db_get clamav-daemon/ScanOnAccess || true -ScanOnAccess="$RET" -if [ "$ScanOnAccess" = "true" ]; then - db_get clamav-daemon/OnAccessMaxFileSize || true - OnAccessMaxFileSize="$RET" -fi +db_get clamav-daemon/OnAccessMaxFileSize || true +OnAccessMaxFileSize="$RET" db_get clamav-daemon/AllowAllMatchScan || true AllowAllMatchScan="$RET" db_get clamav-daemon/ForceToDisk || true @@ -148,8 +144,6 @@ case "$1" in # Use the defaults instead of the bogus values created by that versions. db_metaget clamav-daemon/LogRotate default || true LogRotate="$RET" - db_metaget clamav-daemon/ScanOnAccess default || true - ScanOnAccess="$RET" OnAccessMaxFileSize="" OnAccessIncludePath="" OnAccessExcludePath="" @@ -327,7 +321,6 @@ SendBufTimeout $SendBufTimeout MaxQueue $MaxQueue ExtendedDetectionInfo $ExtendedDetectionInfo OLE2BlockMacros $OLE2BlockMacros -ScanOnAccess $ScanOnAccess AllowAllMatchScan $AllowAllMatchScan ForceToDisk $ForceToDisk DisableCertCheck $DisableCertCheck diff --git a/debian/clamav-daemon.templates b/debian/clamav-daemon.templates index 8b71902..0b8ea43 100644 --- a/debian/clamav-daemon.templates +++ b/debian/clamav-daemon.templates @@ -143,11 +143,6 @@ Type: boolean Default: true _Description: Do you want to enable log rotation? -Template: clamav-daemon/ScanOnAccess -Type: boolean -Default: false -_Description: Do you want to enable on-access scanning? - Template: clamav-daemon/OnAccessMaxFileSize Type: string Default: 5M
Bug#946557: buster-pu: package clamav/0.102.1+dfsg-0+deb10u1
On 2019-12-11 10:46:36 [+0100], Christoph Berg wrote: > Re: Sebastian Andrzej Siewior 2019-12-10 > <20191210224647.dk4svg65hleftr7r@flow> > > +clamav (0.101.4+dfsg-0+deb10u1) buster; urgency=medium > > + > > + - update symbols file (bump to 101.4 and drop unused cli_strnstr). > > Did all these symbols change semantics? I'm surprised to see so many > symbols bumped. The CLAMAV_PRIVATE symbols are only used internaly by clamav. From one release to another, the semantics/ABI of one or more of those functions may change. The result is something between a crash/not working properly and refusing to start because 'clamd' in clamav-daemon has a higher "functionality" than the provided libclamav. Instead of tracking this I go the easy way and bump all private symbols on each release. The CLAMAV_PUBLIC symbols are only touched on a so bump since they are also used by third party (i.e. libclamav-dev users). Sebastian
Bug#946557: buster-pu: package clamav/0.102.1+dfsg-0+deb10u1
Re: Sebastian Andrzej Siewior 2019-12-10 <20191210224647.dk4svg65hleftr7r@flow> > +clamav (0.101.4+dfsg-0+deb10u1) buster; urgency=medium > + > + - update symbols file (bump to 101.4 and drop unused cli_strnstr). Did all these symbols change semantics? I'm surprised to see so many symbols bumped. > diff -Nru clamav-0.101.2+dfsg/debian/libclamav9.symbols > clamav-0.101.4+dfsg/debian/libclamav9.symbols > --- clamav-0.101.2+dfsg/debian/libclamav9.symbols 2019-08-06 > 22:02:44.0 +0200 > +++ clamav-0.101.4+dfsg/debian/libclamav9.symbols 2019-08-25 > 12:53:19.0 +0200 > @@ -1,16 +1,16 @@ > libclamav.so.9 libclamav9 #MINVER# > * Build-Depends-Package: libclamav-dev > - CLAMAV_PRIVATE@CLAMAV_PRIVATE 0.101.2 > + CLAMAV_PRIVATE@CLAMAV_PRIVATE 0.101.4 > CLAMAV_PUBLIC@CLAMAV_PUBLIC 0.101.0 > - base64Flush@CLAMAV_PRIVATE 0.101.2 > - blobAddData@CLAMAV_PRIVATE 0.101.2 > - blobCreate@CLAMAV_PRIVATE 0.101.2 > - blobDestroy@CLAMAV_PRIVATE 0.101.2 > - cl_ASN1_GetTimeT@CLAMAV_PRIVATE 0.101.2 > + base64Flush@CLAMAV_PRIVATE 0.101.4 > + blobAddData@CLAMAV_PRIVATE 0.101.4 > + blobCreate@CLAMAV_PRIVATE 0.101.4 > + blobDestroy@CLAMAV_PRIVATE 0.101.4 > + cl_ASN1_GetTimeT@CLAMAV_PRIVATE 0.101.4 > cl_always_gen_section_hash@CLAMAV_PUBLIC 0.101.0 > - cl_base64_decode@CLAMAV_PRIVATE 0.101.2 > - cl_base64_encode@CLAMAV_PRIVATE 0.101.2 > - cl_cleanup_crypto@CLAMAV_PRIVATE 0.101.2 > + cl_base64_decode@CLAMAV_PRIVATE 0.101.4 > + cl_base64_encode@CLAMAV_PRIVATE 0.101.4 > + cl_cleanup_crypto@CLAMAV_PRIVATE 0.101.4 > cl_countsigs@CLAMAV_PUBLIC 0.101.0 > cl_cvdfree@CLAMAV_PUBLIC 0.101.0 > cl_cvdhead@CLAMAV_PUBLIC 0.101.0 > @@ -39,7 +39,7 @@ > cl_engine_set_clcb_stats_remove_sample@CLAMAV_PUBLIC 0.101.0 > cl_engine_set_clcb_stats_submit@CLAMAV_PUBLIC 0.101.0 > cl_engine_set_clcb_virus_found@CLAMAV_PUBLIC 0.101.0 > - cl_engine_set_num@CLAMAV_PUBLIC 0.101.0 > + cl_engine_set_num@CLAMAV_PUBLIC 0.101.4 > cl_engine_set_stats_set_cbdata@CLAMAV_PUBLIC 0.101.0 > cl_engine_set_str@CLAMAV_PUBLIC 0.101.0 > cl_engine_settings_apply@CLAMAV_PUBLIC 0.101.0 > @@ -50,21 +50,21 @@ > cl_fmap_close@CLAMAV_PUBLIC 0.101.0 > cl_fmap_open_handle@CLAMAV_PUBLIC 0.101.0 > cl_fmap_open_memory@CLAMAV_PUBLIC 0.101.0 > - cl_get_pkey_file@CLAMAV_PRIVATE 0.101.2 > - cl_get_x509_from_mem@CLAMAV_PRIVATE 0.101.2 > - cl_hash_data@CLAMAV_PRIVATE 0.101.2 > + cl_get_pkey_file@CLAMAV_PRIVATE 0.101.4 > + cl_get_x509_from_mem@CLAMAV_PRIVATE 0.101.4 > + cl_hash_data@CLAMAV_PRIVATE 0.101.4 > cl_hash_destroy@CLAMAV_PUBLIC 0.101.0 > - cl_hash_file_fd@CLAMAV_PRIVATE 0.101.2 > - cl_hash_file_fd_ctx@CLAMAV_PRIVATE 0.101.2 > - cl_hash_file_fp@CLAMAV_PRIVATE 0.101.2 > + cl_hash_file_fd@CLAMAV_PRIVATE 0.101.4 > + cl_hash_file_fd_ctx@CLAMAV_PRIVATE 0.101.4 > + cl_hash_file_fp@CLAMAV_PRIVATE 0.101.4 > cl_hash_init@CLAMAV_PUBLIC 0.101.0 > cl_init@CLAMAV_PUBLIC 0.101.0 > - cl_initialize_crypto@CLAMAV_PRIVATE 0.101.2 > + cl_initialize_crypto@CLAMAV_PRIVATE 0.101.4 > cl_load@CLAMAV_PUBLIC 0.101.0 > - cl_load_cert@CLAMAV_PRIVATE 0.101.2 > - cl_load_crl@CLAMAV_PRIVATE 0.101.2 > + cl_load_cert@CLAMAV_PRIVATE 0.101.4 > + cl_load_crl@CLAMAV_PRIVATE 0.101.4 > cl_retdbdir@CLAMAV_PUBLIC 0.101.0 > - cl_retflevel@CLAMAV_PUBLIC 0.101.1 > + cl_retflevel@CLAMAV_PUBLIC 0.101.4 > cl_retver@CLAMAV_PUBLIC 0.101.0 > cl_scandesc@CLAMAV_PUBLIC 0.101.0 > cl_scandesc_callback@CLAMAV_PUBLIC 0.101.0 > @@ -72,185 +72,184 @@ > cl_scanfile_callback@CLAMAV_PUBLIC 0.101.0 > cl_scanmap_callback@CLAMAV_PUBLIC 0.101.0 > cl_set_clcb_msg@CLAMAV_PUBLIC 0.101.0 > - cl_sha1@CLAMAV_PRIVATE 0.101.2 > - cl_sha256@CLAMAV_PRIVATE 0.101.2 > - cl_sign_data@CLAMAV_PRIVATE 0.101.2 > - cl_sign_data_keyfile@CLAMAV_PRIVATE 0.101.2 > - cl_sign_file_fd@CLAMAV_PRIVATE 0.101.2 > - cl_sign_file_fp@CLAMAV_PRIVATE 0.101.2 > + cl_sha1@CLAMAV_PRIVATE 0.101.4 > + cl_sha256@CLAMAV_PRIVATE 0.101.4 > + cl_sign_data@CLAMAV_PRIVATE 0.101.4 > + cl_sign_data_keyfile@CLAMAV_PRIVATE 0.101.4 > + cl_sign_file_fd@CLAMAV_PRIVATE 0.101.4 > + cl_sign_file_fp@CLAMAV_PRIVATE 0.101.4 > cl_statchkdir@CLAMAV_PUBLIC 0.101.0 > cl_statfree@CLAMAV_PUBLIC 0.101.0 > cl_statinidir@CLAMAV_PUBLIC 0.101.0 > cl_strerror@CLAMAV_PUBLIC 0.101.0 > cl_update_hash@CLAMAV_PUBLIC 0.101.0 > - cl_validate_certificate_chain@CLAMAV_PRIVATE 0.101.2 > - cl_validate_certificate_chain_ts_dir@CLAMAV_PRIVATE 0.101.2 > - cl_verify_signature@CLAMAV_PRIVATE 0.101.2 > - cl_verify_signature_fd@CLAMAV_PRIVATE 0.101.2 > - cl_verify_signature_fd_x509@CLAMAV_PRIVATE 0.101.2 > - cl_verify_signature_fd_x509_keyfile@CLAMAV_PRIVATE 0.101.2 > - cl_verify_signature_hash@CLAMAV_PRIVATE 0.101.2 > - cl_verify_signature_hash_x509@CLAMAV_PRIVATE 0.101.2 > - cl_verify_signature_hash_x509_keyfile@CLAMAV_PRIVATE 0.101.2 > - cl_verify_signature_x509@CLAMAV_PRIVATE 0.101.2 > - cl_verify_signature_x509_keyfile@CLAMAV_PRIVATE 0.101.2 > - cli_ac_buildtrie@CLAMAV_PRIVATE 0.101.2 > - cli_ac_chklsig@CLAMAV_PRIVATE 0.101.2 > -