commit: f2ed7b0fa315384aa5131056a3221c2cac0beb3f Author: S. Lockwood-Childs <sjl <AT> vctlabs <DOT> com> AuthorDate: Wed May 23 09:52:37 2018 +0000 Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> CommitDate: Tue Jun 12 11:09:43 2018 +0000 URL: https://gitweb.gentoo.org/proj/musl.git/commit/?id=f2ed7b0f
app-antivirus/clamav: add package clamav uses fts functions, so depend on fts-standalone and link against that external libfts when building against musl app-antivirus/clamav/Manifest | 2 + app-antivirus/clamav/clamav-0.100.0.ebuild | 169 +++++++++++++++++++ app-antivirus/clamav/clamav-0.99.4-r1.ebuild | 161 ++++++++++++++++++ .../clamav/files/clamav-0.100.0_autotools.patch | 10 ++ app-antivirus/clamav/files/clamav-0.99-zlib.patch | 22 +++ .../clamav/files/clamav-0.99.2-bytecode_api.patch | 50 ++++++ .../clamav/files/clamav-0.99.2-gcc-6.patch | 84 ++++++++++ .../clamav-0.99.2-pcre2-compile-erroffset.patch | 12 ++ .../clamav/files/clamav-0.99.2-tinfo.patch | 23 +++ ...lamav-0.99.3-VMSF_DELTA-fix-CVE-2012-6706.patch | 186 +++++++++++++++++++++ ...mav-0.99.3-fix-fd-leaks-in-cli_scanscript.patch | 132 +++++++++++++++ .../files/clamav-0.99.4-fix-newer-zlib.patch | 54 ++++++ .../clamav-0.99.4-pcre2-compile-erroffset.patch | 11 ++ .../clamav/files/clamav-milter.README.gentoo | 85 ++++++++++ app-antivirus/clamav/files/clamav-milter.service | 12 ++ .../clamav/files/clamav-milter.service-r1 | 13 ++ app-antivirus/clamav/files/clamav.logrotate | 17 ++ app-antivirus/clamav/files/clamd.conf | 9 + app-antivirus/clamav/files/clamd.conf-r1 | 7 + app-antivirus/clamav/files/clamd.initd-r6 | 128 ++++++++++++++ app-antivirus/clamav/files/clamd.service | 12 ++ app-antivirus/clamav/files/clamd_at.service | 12 ++ app-antivirus/clamav/files/freshclamd.service | 10 ++ app-antivirus/clamav/files/tmpfiles.d/clamav.conf | 1 + app-antivirus/clamav/metadata.xml | 20 +++ 25 files changed, 1242 insertions(+) diff --git a/app-antivirus/clamav/Manifest b/app-antivirus/clamav/Manifest new file mode 100644 index 0000000..e2e5315 --- /dev/null +++ b/app-antivirus/clamav/Manifest @@ -0,0 +1,2 @@ +DIST clamav-0.100.0.tar.gz 16036757 BLAKE2B c51edfb05726e16e2ff1ef1fee9f174af5a0d65396f847a4f6e1246d5844b92eb70896fc598d2c73719b1315ff3c41aca503823431e0918d52f56d29399dd796 SHA512 57e1da86a32fdfb66887c4aeed03008bc070ce3cb6b881db411332f2f2e640b73dca84d990f5886526b3d6bd0c2770c7dcce5b4e7cf48323824c362452593549 +DIST clamav-0.99.4.tar.gz 16083015 BLAKE2B 3c2e7d11ee05fe846f75c3fb6501b5fd809a2e58f8e69c82e493e32fcbc87ca0e5b5f7ab83a0d7e251a5dc8e84aed1475c87c1248b393fa04b6924a2ab32b9bf SHA512 778d5ef510d8d4bdfac5dc33d92469ed4283c414b3d42da6e1a0b13ed70e37755d5c837622dc336bc728ba1f8bf5485fc8a8d3a67a90e9aaa9e4dc71ece0691d diff --git a/app-antivirus/clamav/clamav-0.100.0.ebuild b/app-antivirus/clamav/clamav-0.100.0.ebuild new file mode 100644 index 0000000..004feb5 --- /dev/null +++ b/app-antivirus/clamav/clamav-0.100.0.ebuild @@ -0,0 +1,169 @@ +# Copyright 1999-2018 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +inherit autotools eutils flag-o-matic user systemd + +DESCRIPTION="Clam Anti-Virus Scanner" +HOMEPAGE="https://www.clamav.net/"; +SRC_URI="https://www.clamav.net/downloads/production/${P}.tar.gz"; + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~arm ~ia64 ~ppc64 ~sparc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~sparc-solaris ~x86-solaris" +IUSE="bzip2 doc clamdtop iconv ipv6 libressl milter metadata-analysis-api selinux static-libs system-libmspack test uclibc" + +CDEPEND="bzip2? ( app-arch/bzip2 ) + clamdtop? ( sys-libs/ncurses:0 ) + iconv? ( virtual/libiconv ) + metadata-analysis-api? ( dev-libs/json-c:= ) + milter? ( || ( mail-filter/libmilter mail-mta/sendmail ) ) + dev-libs/libtommath + >=sys-libs/zlib-1.2.2:= + !libressl? ( dev-libs/openssl:0= ) + libressl? ( dev-libs/libressl:0= ) + sys-devel/libtool + || ( dev-libs/libpcre2 >dev-libs/libpcre-6 ) + system-libmspack? ( dev-libs/libmspack ) + elibc_musl? ( sys-libs/fts-standalone ) + !!<app-antivirus/clamav-0.99" +# hard block clamav < 0.99 due to linking problems Bug #567680 +# openssl is now *required* see this link as to why +# https://blog.clamav.net/2014/02/introducing-openssl-as-dependency-to.html +DEPEND="${CDEPEND} + virtual/pkgconfig + test? ( dev-libs/check )" +RDEPEND="${CDEPEND} + selinux? ( sec-policy/selinux-clamav )" + +DOCS=( docs/clamdoc.pdf docs/phishsigs_howto.pdf docs/signatures.pdf ) +HTML_DOCS=( docs/html ) + +PATCHES=( + "${FILESDIR}/${P}_autotools.patch" +) + +pkg_setup() { + enewgroup clamav + enewuser clamav -1 -1 /dev/null clamav +} + +src_prepare() { + use elibc_musl && append-ldflags -lfts + default + + eautoconf +} + +src_configure() { + use ppc64 && append-flags -mminimal-toc + use uclibc && export ac_cv_type_error_t=yes + + econf \ + $(use_enable bzip2) \ + $(use_enable clamdtop) \ + $(use_enable ipv6) \ + $(use_enable milter) \ + $(use_enable static-libs static) \ + $(use_enable test check) \ + $(use_with iconv) \ + $(use_with metadata-analysis-api libjson /usr) \ + $(use_with system-libmspack) \ + --cache-file="${S}"/config.cache \ + --disable-experimental \ + --disable-gcc-vcheck \ + --disable-zlib-vcheck \ + --enable-id-check \ + --with-dbdir="${EPREFIX}"/var/lib/clamav \ + --with-system-tommath \ + --with-zlib="${EPREFIX}"/usr \ + --disable-llvm +} + +src_install() { + default + + rm -rf "${ED}"/var/lib/clamav + newinitd "${FILESDIR}"/clamd.initd-r6 clamd + newconfd "${FILESDIR}"/clamd.conf-r1 clamd + + systemd_dotmpfilesd "${FILESDIR}/tmpfiles.d/clamav.conf" + systemd_newunit "${FILESDIR}/clamd_at.service" "clamd@.service" + systemd_dounit "${FILESDIR}/clamd.service" + systemd_dounit "${FILESDIR}/freshclamd.service" + + keepdir /var/lib/clamav + fowners clamav:clamav /var/lib/clamav + keepdir /var/log/clamav + fowners clamav:clamav /var/log/clamav + + dodir /etc/logrotate.d + insinto /etc/logrotate.d + newins "${FILESDIR}"/clamav.logrotate clamav + + # Modify /etc/{clamd,freshclam}.conf to be usable out of the box + sed -i -e "s:^\(Example\):\# \1:" \ + -e "s:.*\(PidFile\) .*:\1 ${EPREFIX}/var/run/clamav/clamd.pid:" \ + -e "s:.*\(LocalSocket\) .*:\1 ${EPREFIX}/var/run/clamav/clamd.sock:" \ + -e "s:.*\(User\) .*:\1 clamav:" \ + -e "s:^\#\(LogFile\) .*:\1 ${EPREFIX}/var/log/clamav/clamd.log:" \ + -e "s:^\#\(LogTime\).*:\1 yes:" \ + -e "s:^\#\(AllowSupplementaryGroups\).*:\1 yes:" \ + "${ED}"/etc/clamd.conf.sample || die + sed -i -e "s:^\(Example\):\# \1:" \ + -e "s:.*\(PidFile\) .*:\1 ${EPREFIX}/var/run/clamav/freshclam.pid:" \ + -e "s:.*\(DatabaseOwner\) .*:\1 clamav:" \ + -e "s:^\#\(UpdateLogFile\) .*:\1 ${EPREFIX}/var/log/clamav/freshclam.log:" \ + -e "s:^\#\(NotifyClamd\).*:\1 ${EPREFIX}/etc/clamd.conf:" \ + -e "s:^\#\(ScriptedUpdates\).*:\1 yes:" \ + -e "s:^\#\(AllowSupplementaryGroups\).*:\1 yes:" \ + "${ED}"/etc/freshclam.conf.sample || die + + if use milter ; then + # MilterSocket one to include ' /' because there is a 2nd line for + # inet: which we want to leave + ##dodoc "${FILESDIR}"/clamav-milter.README.gentoo + sed -i -e "s:^\(Example\):\# \1:" \ + -e "s:.*\(PidFile\) .*:\1 ${EPREFIX}/var/run/clamav/clamav-milter.pid:" \ + -e "s+^\#\(ClamdSocket\) .*+\1 unix:${EPREFIX}/var/run/clamav/clamd.sock+" \ + -e "s:.*\(User\) .*:\1 clamav:" \ + -e "s+^\#\(MilterSocket\) /.*+\1 unix:${EPREFIX}/var/run/clamav/clamav-milter.sock+" \ + -e "s:^\#\(AllowSupplementaryGroups\).*:\1 yes:" \ + -e "s:^\#\(LogFile\) .*:\1 ${EPREFIX}/var/log/clamav/clamav-milter.log:" \ + "${ED}"/etc/clamav-milter.conf.sample || die + cat >> "${ED}"/etc/conf.d/clamd <<-EOF + MILTER_NICELEVEL=19 + START_MILTER=no + EOF + + systemd_newunit "${FILESDIR}/clamav-milter.service-r1" clamav-milter.service + fi + + if use doc; then + einstalldocs + doman docs/man/*.[1-8] + fi + + for i in clamd freshclam clamav-milter + do + [[ -f "${D}"/etc/"${i}".conf.sample ]] && mv "${D}"/etc/"${i}".conf{.sample,} + done + + prune_libtool_files --all +} + +src_test() { + emake quick-check +} + +pkg_postinst() { + if use milter ; then + elog "For simple instructions how to setup the clamav-milter read the" + elog "clamav-milter.README.gentoo in /usr/share/doc/${PF}" + fi + if test -z $(find "${ROOT}"var/lib/clamav -maxdepth 1 -name 'main.c*' -print -quit) ; then + ewarn "You must run freshclam manually to populate the virus database files" + ewarn "before starting clamav for the first time.\n" + fi +} diff --git a/app-antivirus/clamav/clamav-0.99.4-r1.ebuild b/app-antivirus/clamav/clamav-0.99.4-r1.ebuild new file mode 100644 index 0000000..049142a --- /dev/null +++ b/app-antivirus/clamav/clamav-0.99.4-r1.ebuild @@ -0,0 +1,161 @@ +# Copyright 1999-2018 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +inherit autotools eutils flag-o-matic user systemd + +DESCRIPTION="Clam Anti-Virus Scanner" +HOMEPAGE="https://www.clamav.net/"; +SRC_URI="https://www.clamav.net/downloads/production/${P}.tar.gz"; + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="alpha amd64 ~arm hppa ia64 ~ppc ppc64 ~sparc x86 ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~sparc-solaris ~x86-solaris" +IUSE="bzip2 clamdtop iconv ipv6 libressl milter metadata-analysis-api selinux static-libs test uclibc" + +CDEPEND="bzip2? ( app-arch/bzip2 ) + clamdtop? ( sys-libs/ncurses:0 ) + iconv? ( virtual/libiconv ) + metadata-analysis-api? ( dev-libs/json-c:= ) + milter? ( || ( mail-filter/libmilter mail-mta/sendmail ) ) + dev-libs/libtommath + >=sys-libs/zlib-1.2.2:= + !libressl? ( dev-libs/openssl:0= ) + libressl? ( dev-libs/libressl:0= ) + sys-devel/libtool + || ( dev-libs/libpcre2 >dev-libs/libpcre-6 ) + elibc_musl? ( sys-libs/fts-standalone ) + !!<app-antivirus/clamav-0.99" +# hard block clamav < 0.99 due to linking problems Bug #567680 +# openssl is now *required* see this link as to why +# https://blog.clamav.net/2014/02/introducing-openssl-as-dependency-to.html +DEPEND="${CDEPEND} + virtual/pkgconfig + test? ( dev-libs/check )" +RDEPEND="${CDEPEND} + selinux? ( sec-policy/selinux-clamav )" + +DOCS=( AUTHORS BUGS ChangeLog FAQ INSTALL NEWS README UPGRADE ) +PATCHES=( + "${FILESDIR}"/${PN}-0.99.4-fix-newer-zlib.patch + "${FILESDIR}/${P}-pcre2-compile-erroffset.patch" +) + +pkg_setup() { + enewgroup clamav + enewuser clamav -1 -1 /dev/null clamav +} + +src_prepare() { + use elibc_musl && append-ldflags -lfts + default + + eautoconf +} + +src_configure() { + use ppc64 && append-flags -mminimal-toc + use uclibc && export ac_cv_type_error_t=yes + + econf \ + $(use_enable bzip2) \ + $(use_enable clamdtop) \ + $(use_enable ipv6) \ + $(use_enable milter) \ + $(use_enable static-libs static) \ + $(use_enable test check) \ + $(use_with iconv) \ + $(use_with metadata-analysis-api libjson /usr) \ + --cache-file="${S}"/config.cache \ + --disable-experimental \ + --disable-gcc-vcheck \ + --disable-zlib-vcheck \ + --enable-id-check \ + --with-dbdir="${EPREFIX}"/var/lib/clamav \ + --with-system-tommath \ + --with-zlib="${EPREFIX}"/usr \ + --disable-llvm +} + +src_install() { + default + + rm -rf "${ED}"/var/lib/clamav + newinitd "${FILESDIR}"/clamd.initd-r6 clamd + newconfd "${FILESDIR}"/clamd.conf-r1 clamd + + systemd_dotmpfilesd "${FILESDIR}/tmpfiles.d/clamav.conf" + systemd_newunit "${FILESDIR}/clamd_at.service" "clamd@.service" + systemd_dounit "${FILESDIR}/clamd.service" + systemd_dounit "${FILESDIR}/freshclamd.service" + + keepdir /var/lib/clamav + fowners clamav:clamav /var/lib/clamav + keepdir /var/log/clamav + fowners clamav:clamav /var/log/clamav + + dodir /etc/logrotate.d + insinto /etc/logrotate.d + newins "${FILESDIR}"/clamav.logrotate clamav + + # Modify /etc/{clamd,freshclam}.conf to be usable out of the box + sed -i -e "s:^\(Example\):\# \1:" \ + -e "s:.*\(PidFile\) .*:\1 ${EPREFIX}/var/run/clamav/clamd.pid:" \ + -e "s:.*\(LocalSocket\) .*:\1 ${EPREFIX}/var/run/clamav/clamd.sock:" \ + -e "s:.*\(User\) .*:\1 clamav:" \ + -e "s:^\#\(LogFile\) .*:\1 ${EPREFIX}/var/log/clamav/clamd.log:" \ + -e "s:^\#\(LogTime\).*:\1 yes:" \ + -e "s:^\#\(AllowSupplementaryGroups\).*:\1 yes:" \ + "${ED}"/etc/clamd.conf.sample || die + sed -i -e "s:^\(Example\):\# \1:" \ + -e "s:.*\(PidFile\) .*:\1 ${EPREFIX}/var/run/clamav/freshclam.pid:" \ + -e "s:.*\(DatabaseOwner\) .*:\1 clamav:" \ + -e "s:^\#\(UpdateLogFile\) .*:\1 ${EPREFIX}/var/log/clamav/freshclam.log:" \ + -e "s:^\#\(NotifyClamd\).*:\1 ${EPREFIX}/etc/clamd.conf:" \ + -e "s:^\#\(ScriptedUpdates\).*:\1 yes:" \ + -e "s:^\#\(AllowSupplementaryGroups\).*:\1 yes:" \ + "${ED}"/etc/freshclam.conf.sample || die + + if use milter ; then + # MilterSocket one to include ' /' because there is a 2nd line for + # inet: which we want to leave + dodoc "${FILESDIR}"/clamav-milter.README.gentoo + sed -i -e "s:^\(Example\):\# \1:" \ + -e "s:.*\(PidFile\) .*:\1 ${EPREFIX}/var/run/clamav/clamav-milter.pid:" \ + -e "s+^\#\(ClamdSocket\) .*+\1 unix:${EPREFIX}/var/run/clamav/clamd.sock+" \ + -e "s:.*\(User\) .*:\1 clamav:" \ + -e "s+^\#\(MilterSocket\) /.*+\1 unix:${EPREFIX}/var/run/clamav/clamav-milter.sock+" \ + -e "s:^\#\(AllowSupplementaryGroups\).*:\1 yes:" \ + -e "s:^\#\(LogFile\) .*:\1 ${EPREFIX}/var/log/clamav/clamav-milter.log:" \ + "${ED}"/etc/clamav-milter.conf.sample || die + cat >> "${ED}"/etc/conf.d/clamd <<-EOF + MILTER_NICELEVEL=19 + START_MILTER=no + EOF + + systemd_newunit "${FILESDIR}/clamav-milter.service-r1" clamav-milter.service + fi + + for i in clamd freshclam clamav-milter + do + [[ -f "${D}"/etc/"${i}".conf.sample ]] && mv "${D}"/etc/"${i}".conf{.sample,} + done + + prune_libtool_files --all +} + +src_test() { + emake quick-check +} + +pkg_postinst() { + if use milter ; then + elog "For simple instructions how to setup the clamav-milter read the" + elog "clamav-milter.README.gentoo in /usr/share/doc/${PF}" + fi + if test -z $(find "${ROOT}"var/lib/clamav -maxdepth 1 -name 'main.c*' -print -quit) ; then + ewarn "You must run freshclam manually to populate the virus database files" + ewarn "before starting clamav for the first time.\n" + fi +} diff --git a/app-antivirus/clamav/files/clamav-0.100.0_autotools.patch b/app-antivirus/clamav/files/clamav-0.100.0_autotools.patch new file mode 100644 index 0000000..58c3b4e --- /dev/null +++ b/app-antivirus/clamav/files/clamav-0.100.0_autotools.patch @@ -0,0 +1,10 @@ +--- clamav-0.100.0/configure.ac_orig 2018-04-12 13:12:58.201729248 +0200 ++++ clamav-0.100.0/configure.ac 2018-04-12 13:23:44.982679360 +0200 +@@ -47,6 +47,7 @@ + LT_CONFIG_LTDL_DIR([libltdl]) + LT_INIT([dlopen disable-static]) + LTDL_INIT([recursive]) ++PKG_PROG_PKG_CONFIG(0.16) + + m4_include([m4/reorganization/build_tools.m4]) + m4_include([m4/reorganization/headers.m4]) diff --git a/app-antivirus/clamav/files/clamav-0.99-zlib.patch b/app-antivirus/clamav/files/clamav-0.99-zlib.patch new file mode 100644 index 0000000..8d1f4e6 --- /dev/null +++ b/app-antivirus/clamav/files/clamav-0.99-zlib.patch @@ -0,0 +1,22 @@ +commit f0bcd186190fe6e67b3f0eaaceb7a99aa6a98865 +Author: Steven Morgan <stevm...@cisco.com> +Date: Thu Jan 5 12:30:35 2017 -0500 + + bb111711 - fix zlib version check - patch by Daniel J. Luke. + +diff --git a/m4/reorganization/libs/libz.m4 b/m4/reorganization/libs/libz.m4 +index b5c7414..f7b67ca 100644 +--- a/m4/reorganization/libs/libz.m4 ++++ b/m4/reorganization/libs/libz.m4 +@@ -29,9 +29,9 @@ then + AC_MSG_ERROR([Please install zlib and zlib-devel packages]) + else + +- vuln=`grep "ZLIB_VERSION \"1.2.0" $ZLIB_HOME/include/zlib.h` ++ vuln=`grep "ZLIB_VERSION \"1.2.0\"" $ZLIB_HOME/include/zlib.h` + if test -z "$vuln"; then +- vuln=`grep "ZLIB_VERSION \"1.2.1" $ZLIB_HOME/include/zlib.h` ++ vuln=`grep "ZLIB_VERSION \"1.2.1\"" $ZLIB_HOME/include/zlib.h` + fi + + if test -n "$vuln"; then diff --git a/app-antivirus/clamav/files/clamav-0.99.2-bytecode_api.patch b/app-antivirus/clamav/files/clamav-0.99.2-bytecode_api.patch new file mode 100644 index 0000000..d6cd526 --- /dev/null +++ b/app-antivirus/clamav/files/clamav-0.99.2-bytecode_api.patch @@ -0,0 +1,50 @@ +Description: fix compatibility with zlib 1.2.9 and newer +Author: Marc Deslauriers <marc.deslauri...@canonical.com> +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1692073 + +--- a/libclamav/bytecode_api.c 2017-08-08 15:20:06.651685637 -0400 ++++ b/libclamav/bytecode_api.c 2017-08-15 15:45:14.645714766 -0400 +@@ -811,8 +811,20 @@ int32_t cli_bcapi_inflate_init(struct cl + cli_dbgmsg("bytecode api: inflate_init: invalid buffers!\n"); + return -1; + } +- memset(&stream, 0, sizeof(stream)); +- ret = inflateInit2(&stream, windowBits); ++ ++ b = cli_realloc(ctx->inflates, sizeof(*ctx->inflates)*n); ++ if (!b) { ++ return -1; ++ } ++ ctx->inflates = b; ++ ctx->ninflates = n; ++ b = &b[n-1]; ++ ++ b->from = from; ++ b->to = to; ++ b->needSync = 0; ++ memset(&b->stream, 0, sizeof(stream)); ++ ret = inflateInit2(&b->stream, windowBits); + switch (ret) { + case Z_MEM_ERROR: + cli_dbgmsg("bytecode api: inflateInit2: out of memory!\n"); +@@ -829,20 +841,6 @@ int32_t cli_bcapi_inflate_init(struct cl + cli_dbgmsg("bytecode api: inflateInit2: unknown error %d\n", ret); + return -1; + } +- +- b = cli_realloc(ctx->inflates, sizeof(*ctx->inflates)*n); +- if (!b) { +- inflateEnd(&stream); +- return -1; +- } +- ctx->inflates = b; +- ctx->ninflates = n; +- b = &b[n-1]; +- +- b->from = from; +- b->to = to; +- b->needSync = 0; +- memcpy(&b->stream, &stream, sizeof(stream)); + return n-1; + } + diff --git a/app-antivirus/clamav/files/clamav-0.99.2-gcc-6.patch b/app-antivirus/clamav/files/clamav-0.99.2-gcc-6.patch new file mode 100644 index 0000000..2031edb --- /dev/null +++ b/app-antivirus/clamav/files/clamav-0.99.2-gcc-6.patch @@ -0,0 +1,84 @@ +diff --git a/libclamav/c++/llvm/include/llvm/ADT/StringMap.h b/libclamav/c++/llvm/include/llvm/ADT/StringMap.h +index 59ff6aa..1325394 100644 +--- a/libclamav/c++/llvm/include/llvm/ADT/StringMap.h ++++ b/libclamav/c++/llvm/include/llvm/ADT/StringMap.h +@@ -169,3 +169,3 @@ public: + KeyLength+1; +- unsigned Alignment = alignof<StringMapEntry>(); ++ unsigned Alignment = alignOf<StringMapEntry>(); + +diff --git a/libclamav/c++/llvm/include/llvm/CodeGen/SlotIndexes.h b/libclamav/c++/llvm/include/llvm/CodeGen/SlotIndexes.h +index 88044c7..86b0f40 100644 +--- a/libclamav/c++/llvm/include/llvm/CodeGen/SlotIndexes.h ++++ b/libclamav/c++/llvm/include/llvm/CodeGen/SlotIndexes.h +@@ -417,3 +417,3 @@ namespace llvm { + ileAllocator.Allocate(sizeof(IndexListEntry), +- alignof<IndexListEntry>())); ++ alignOf<IndexListEntry>())); + +diff --git a/libclamav/c++/llvm/include/llvm/Support/AlignOf.h b/libclamav/c++/llvm/include/llvm/Support/AlignOf.h +index 6a7a1a6..979e597 100644 +--- a/libclamav/c++/llvm/include/llvm/Support/AlignOf.h ++++ b/libclamav/c++/llvm/include/llvm/Support/AlignOf.h +@@ -51,8 +51,8 @@ struct AlignOf { + +-/// alignof - A templated function that returns the mininum alignment of ++/// alignOf - A templated function that returns the mininum alignment of + /// of a type. This provides no extra functionality beyond the AlignOf + /// class besides some cosmetic cleanliness. Example usage: +-/// alignof<int>() returns the alignment of an int. ++/// alignOf<int>() returns the alignment of an int. + template <typename T> +-static inline unsigned alignof() { return AlignOf<T>::Alignment; } ++static inline unsigned alignOf() { return AlignOf<T>::Alignment; } + +diff --git a/libclamav/c++/llvm/include/llvm/Support/Allocator.h b/libclamav/c++/llvm/include/llvm/Support/Allocator.h +index 4a7251f..17caf5e 100644 +--- a/libclamav/c++/llvm/include/llvm/Support/Allocator.h ++++ b/libclamav/c++/llvm/include/llvm/Support/Allocator.h +@@ -203,3 +203,3 @@ public: + for (char *Ptr = (char*)(Slab+1); Ptr < End; Ptr += sizeof(T)) { +- Ptr = Allocator.AlignPtr(Ptr, alignof<T>()); ++ Ptr = Allocator.AlignPtr(Ptr, alignOf<T>()); + if (Ptr + sizeof(T) <= End) +diff --git a/libclamav/c++/llvm/lib/Analysis/ScalarEvolution.cpp b/libclamav/c++/llvm/lib/Analysis/ScalarEvolution.cpp +index b892d85..dc72346 100644 +--- a/libclamav/c++/llvm/lib/Analysis/ScalarEvolution.cpp ++++ b/libclamav/c++/llvm/lib/Analysis/ScalarEvolution.cpp +@@ -495,3 +495,3 @@ void SCEVUnknown::print(raw_ostream &OS) const { + if (isAlignOf(AllocTy)) { +- OS << "alignof(" << *AllocTy << ")"; ++ OS << "alignOf(" << *AllocTy << ")"; + return; +diff --git a/libclamav/c++/llvm/lib/Target/X86/X86CodeEmitter.cpp b/libclamav/c++/llvm/lib/Target/X86/X86CodeEmitter.cpp +index 824021c..757ca50 100644 +--- a/libclamav/c++/llvm/lib/Target/X86/X86CodeEmitter.cpp ++++ b/libclamav/c++/llvm/lib/Target/X86/X86CodeEmitter.cpp +@@ -569,3 +569,3 @@ void Emitter<CodeEmitter>::emitMemModRMByte(const MachineInstr &MI, + // Calculate what the SS field value should be... +- static const unsigned SSTable[] = { ~0, 0, 1, ~0, 2, ~0, ~0, ~0, 3 }; ++ static const unsigned SSTable[] = { ~0u, 0u, 1u, ~0u, 2u, ~0u, ~0u, ~0u, 3u }; + unsigned SS = SSTable[Scale.getImm()]; +diff --git a/libclamav/c++/llvm/lib/Target/X86/X86MCCodeEmitter.cpp b/libclamav/c++/llvm/lib/Target/X86/X86MCCodeEmitter.cpp +index 9564fe0..b2b7986 100644 +--- a/libclamav/c++/llvm/lib/Target/X86/X86MCCodeEmitter.cpp ++++ b/libclamav/c++/llvm/lib/Target/X86/X86MCCodeEmitter.cpp +@@ -332,3 +332,3 @@ void X86MCCodeEmitter::EmitMemModRMByte(const MCInst &MI, unsigned Op, + // Calculate what the SS field value should be... +- static const unsigned SSTable[] = { ~0, 0, 1, ~0, 2, ~0, ~0, ~0, 3 }; ++ static const unsigned SSTable[] = { ~0u, 0u, 1u, ~0u, 2u, ~0u, ~0u, ~0u, 3u }; + unsigned SS = SSTable[Scale.getImm()]; +diff --git a/libclamav/mpool.c b/libclamav/mpool.c +index cd38e15..b5e537d 100644 +--- a/libclamav/mpool.c ++++ b/libclamav/mpool.c +@@ -417,3 +417,3 @@ static size_t from_bits(unsigned int bits) { + +-static inline unsigned int alignof(size_t size) ++static inline unsigned int alignOf(size_t size) + { +@@ -609,3 +609,3 @@ static void* allocate_aligned(struct MPMAP *mpm, size_t size, unsigned align, co + void *mpool_malloc(struct MP *mp, size_t size) { +- size_t align = alignof(size); ++ size_t align = alignOf(size); + size_t i, needed = align_increase(size+FRAG_OVERHEAD, align); diff --git a/app-antivirus/clamav/files/clamav-0.99.2-pcre2-compile-erroffset.patch b/app-antivirus/clamav/files/clamav-0.99.2-pcre2-compile-erroffset.patch new file mode 100644 index 0000000..1ee5517 --- /dev/null +++ b/app-antivirus/clamav/files/clamav-0.99.2-pcre2-compile-erroffset.patch @@ -0,0 +1,12 @@ +--- clamav-0.99.2/libclamav/regex_pcre.c~ 2017-11-28 14:40:56.484208243 +0100 ++++ clamav-0.99.2/libclamav/regex_pcre.c 2017-11-28 14:41:07.301207800 +0100 +@@ -112,7 +112,8 @@ int cli_pcre_addoptions(struct cli_pcre_ + #if USING_PCRE2 + int cli_pcre_compile(struct cli_pcre_data *pd, long long unsigned match_limit, long long unsigned match_limit_recursion, unsigned int options, int opt_override) + { +- int errornum, erroffset; ++ int errornum; ++ size_t erroffset; + pcre2_general_context *gctx; + pcre2_compile_context *cctx; + diff --git a/app-antivirus/clamav/files/clamav-0.99.2-tinfo.patch b/app-antivirus/clamav/files/clamav-0.99.2-tinfo.patch new file mode 100644 index 0000000..4593d16 --- /dev/null +++ b/app-antivirus/clamav/files/clamav-0.99.2-tinfo.patch @@ -0,0 +1,23 @@ +--- a/m4/reorganization/clamdtop.m4 ++++ b/m4/reorganization/clamdtop.m4 +@@ -4,12 +4,20 @@ + + if test "$enable_clamdtop" != "no"; then + ++PKG_CHECK_MODULES([CURSES],[ncurses], ++ [HAVE_LIBNCURSES=yes; CURSES_INCLUDE="<ncurses.h>"], ++ [HAVE_LIBNCURSES=no], ++) ++ ++if test "X$HAVE_LIBNCURSES" != "Xyes"; then ++ HAVE_LIBNCURSES= + AC_LIB_FIND([ncurses], [ncurses/ncurses.h], + AC_LANG_PROGRAM([#include <ncurses/ncurses.h>], + [initscr(); KEY_RESIZE;]), + [CURSES_CPPFLAGS="$INCNCURSES"; CURSES_LIBS="$LTLIBNCURSES"; + CURSES_INCLUDE="<ncurses/ncurses.h>"], + []) ++fi + + if test "X$HAVE_LIBNCURSES" != "Xyes"; then + HAVE_LIBNCURSES= diff --git a/app-antivirus/clamav/files/clamav-0.99.3-VMSF_DELTA-fix-CVE-2012-6706.patch b/app-antivirus/clamav/files/clamav-0.99.3-VMSF_DELTA-fix-CVE-2012-6706.patch new file mode 100644 index 0000000..90facf6 --- /dev/null +++ b/app-antivirus/clamav/files/clamav-0.99.3-VMSF_DELTA-fix-CVE-2012-6706.patch @@ -0,0 +1,186 @@ +Apply proposed changes to fix RAR VMSF_DELTA Filter Signedness error (CVE-2012-6706) + +Cherry picked from commit a7d8447bd9a4d5ae1fa970c1849c8caeb5f1a805 [Link 1] and +d4699442bce76574573dc564e7f2177d679b88bd [Link 2]. + +Link 1: https://github.com/Cisco-Talos/clamav-devel/commit/a7d8447bd9a4d5ae1fa970c1849c8caeb5f1a805 +Link 2: https://github.com/Cisco-Talos/clamav-devel/commit/d4699442bce76574573dc564e7f2177d679b88bd + +--- a/libclamunrar/unrarvm.c ++++ b/libclamunrar/unrarvm.c +@@ -213,17 +213,20 @@ void rarvm_addbits(rarvm_input_t *rarvm_input, int bits) + + unsigned int rarvm_getbits(rarvm_input_t *rarvm_input) + { +- unsigned int bit_field; ++ unsigned int bit_field = 0; + +- if (rarvm_input->in_addr+2 < rarvm_input->buf_size) { ++ if (rarvm_input->in_addr < rarvm_input->buf_size) { + bit_field = (unsigned int) rarvm_input->in_buf[rarvm_input->in_addr] << 16; +- bit_field |= (unsigned int) rarvm_input->in_buf[rarvm_input->in_addr+1] << 8; +- bit_field |= (unsigned int) rarvm_input->in_buf[rarvm_input->in_addr+2]; +- bit_field >>= (8-rarvm_input->in_bit); +- +- return (bit_field & 0xffff); ++ if (rarvm_input->in_addr+1 < rarvm_input->buf_size) { ++ bit_field |= (unsigned int) rarvm_input->in_buf[rarvm_input->in_addr+1] << 8; ++ if (rarvm_input->in_addr+2 < rarvm_input->buf_size) { ++ bit_field |= (unsigned int) rarvm_input->in_buf[rarvm_input->in_addr+2]; ++ } ++ } + } +- return 0; ++ bit_field >>= (8-rarvm_input->in_bit); ++ ++ return (bit_field & 0xffff); + } + + unsigned int rarvm_read_data(rarvm_input_t *rarvm_input) +@@ -311,10 +314,10 @@ static unsigned int *rarvm_get_operand(rarvm_data_t *rarvm_data, + } + } + +-static unsigned int filter_itanium_getbits(unsigned char *data, int bit_pos, int bit_count) ++static unsigned int filter_itanium_getbits(unsigned char *data, unsigned int bit_pos, unsigned int bit_count) + { +- int in_addr=bit_pos/8; +- int in_bit=bit_pos&7; ++ unsigned int in_addr=bit_pos/8; ++ unsigned int in_bit=bit_pos&7; + unsigned int bit_field=(unsigned int)data[in_addr++]; + bit_field|=(unsigned int)data[in_addr++] << 8; + bit_field|=(unsigned int)data[in_addr++] << 16; +@@ -323,10 +326,10 @@ static unsigned int filter_itanium_getbits(unsigned char *data, int bit_pos, int + return(bit_field & (0xffffffff>>(32-bit_count))); + } + +-static void filter_itanium_setbits(unsigned char *data, unsigned int bit_field, int bit_pos, int bit_count) ++static void filter_itanium_setbits(unsigned char *data, unsigned int bit_field, unsigned int bit_pos, unsigned int bit_count) + { +- int i, in_addr=bit_pos/8; +- int in_bit=bit_pos&7; ++ unsigned int i, in_addr=bit_pos/8; ++ unsigned int in_bit=bit_pos&7; + unsigned int and_mask=0xffffffff>>(32-bit_count); + and_mask=~(and_mask<<in_bit); + +@@ -343,11 +346,12 @@ static void filter_itanium_setbits(unsigned char *data, unsigned int bit_field, + static void execute_standard_filter(rarvm_data_t *rarvm_data, rarvm_standard_filters_t filter_type) + { + unsigned char *data, cmp_byte2, cur_byte, *src_data, *dest_data; +- int i, j, data_size, channels, src_pos, dest_pos, border, width, PosR; +- int op_type, cur_channel, byte_count, start_pos, pa, pb, pc; ++ unsigned int i, j, data_size, channels, src_pos, dest_pos, border, width, PosR; ++ unsigned int op_type, cur_channel, byte_count, start_pos; ++ int pa, pb, pc; + unsigned int file_offset, cur_pos, predicted; +- int32_t offset, addr; +- const int file_size=0x1000000; ++ uint32_t offset, addr; ++ const unsigned int file_size=0x1000000; + + switch(filter_type) { + case VMSF_E8: +@@ -356,7 +360,7 @@ static void execute_standard_filter(rarvm_data_t *rarvm_data, rarvm_standard_fil + data_size = rarvm_data->R[4]; + file_offset = rarvm_data->R[6]; + +- if (((unsigned int)data_size >= VM_GLOBALMEMADDR) || (data_size < 4)) { ++ if ((data_size > VM_GLOBALMEMADDR) || (data_size < 4)) { + break; + } + +@@ -367,12 +371,14 @@ static void execute_standard_filter(rarvm_data_t *rarvm_data, rarvm_standard_fil + if (cur_byte==0xe8 || cur_byte==cmp_byte2) { + offset = cur_pos+file_offset; + addr = GET_VALUE(FALSE, data); +- if (addr < 0) { +- if (addr+offset >=0 ) { ++ // We check 0x80000000 bit instead of '< 0' comparison ++ // not assuming int32 presence or uint size and endianness. ++ if ((addr & 0x80000000)!=0) { // addr<0 ++ if (((addr+offset) & 0x80000000)==0) { // addr+offset>=0 + SET_VALUE(FALSE, data, addr+file_size); + } + } else { +- if (addr<file_size) { ++ if (((addr-file_size) & 0x80000000)!=0) { // addr<file_size + SET_VALUE(FALSE, data, addr-offset); + } + } +@@ -386,7 +392,7 @@ static void execute_standard_filter(rarvm_data_t *rarvm_data, rarvm_standard_fil + data_size = rarvm_data->R[4]; + file_offset = rarvm_data->R[6]; + +- if (((unsigned int)data_size >= VM_GLOBALMEMADDR) || (data_size < 21)) { ++ if ((data_size > VM_GLOBALMEMADDR) || (data_size < 21)) { + break; + } + +@@ -429,7 +435,7 @@ static void execute_standard_filter(rarvm_data_t *rarvm_data, rarvm_standard_fil + border = data_size*2; + + SET_VALUE(FALSE, &rarvm_data->mem[VM_GLOBALMEMADDR+0x20], data_size); +- if ((unsigned int)data_size >= VM_GLOBALMEMADDR/2) { ++ if (data_size > VM_GLOBALMEMADDR/2 || channels > 1024 || channels == 0) { + break; + } + for (cur_channel=0 ; cur_channel < channels ; cur_channel++) { +@@ -440,7 +446,7 @@ static void execute_standard_filter(rarvm_data_t *rarvm_data, rarvm_standard_fil + } + break; + case VMSF_RGB: { +- const int channels=3; ++ const unsigned int channels=3; + data_size = rarvm_data->R[4]; + width = rarvm_data->R[0] - 3; + PosR = rarvm_data->R[1]; +@@ -448,15 +454,14 @@ static void execute_standard_filter(rarvm_data_t *rarvm_data, rarvm_standard_fil + dest_data = src_data + data_size; + + SET_VALUE(FALSE, &rarvm_data->mem[VM_GLOBALMEMADDR+0x20], data_size); +- if ((unsigned int)data_size >= VM_GLOBALMEMADDR/2) { ++ if (data_size > VM_GLOBALMEMADDR/2 || data_size < 3 || width > data_size || PosR > 2) { + break; + } + for (cur_channel=0 ; cur_channel < channels; cur_channel++) { + unsigned int prev_byte = 0; + for (i=cur_channel ; i<data_size ; i+=channels) { +- int upper_pos=i-width; +- if (upper_pos >= 3) { +- unsigned char *upper_data = dest_data+upper_pos; ++ if (i >= width+3) { ++ unsigned char *upper_data = dest_data+i-width; + unsigned int upper_byte = *upper_data; + unsigned int upper_left_byte = *(upper_data-3); + predicted = prev_byte+upper_byte-upper_left_byte; +@@ -486,13 +491,14 @@ static void execute_standard_filter(rarvm_data_t *rarvm_data, rarvm_standard_fil + break; + } + case VMSF_AUDIO: { +- int channels=rarvm_data->R[0]; ++ unsigned int channels=rarvm_data->R[0]; + data_size = rarvm_data->R[4]; + src_data = rarvm_data->mem; + dest_data = src_data + data_size; + + SET_VALUE(FALSE, &rarvm_data->mem[VM_GLOBALMEMADDR+0x20], data_size); +- if ((unsigned int)data_size >= VM_GLOBALMEMADDR/2) { ++ // In fact, audio channels never exceed 4. ++ if (data_size > VM_GLOBALMEMADDR/2 || channels > 128 || channels == 0) { + break; + } + for (cur_channel=0 ; cur_channel < channels ; cur_channel++) { +@@ -553,7 +559,7 @@ static void execute_standard_filter(rarvm_data_t *rarvm_data, rarvm_standard_fil + data_size = rarvm_data->R[4]; + src_pos = 0; + dest_pos = data_size; +- if ((unsigned int)data_size >= VM_GLOBALMEMADDR/2) { ++ if (data_size > VM_GLOBALMEMADDR/2) { + break; + } + while (src_pos < data_size) { +-- +2.16.2 + diff --git a/app-antivirus/clamav/files/clamav-0.99.3-fix-fd-leaks-in-cli_scanscript.patch b/app-antivirus/clamav/files/clamav-0.99.3-fix-fd-leaks-in-cli_scanscript.patch new file mode 100644 index 0000000..a457a71 --- /dev/null +++ b/app-antivirus/clamav/files/clamav-0.99.3-fix-fd-leaks-in-cli_scanscript.patch @@ -0,0 +1,132 @@ +Author: Manuel Mausz <manuel-cla...@mausz.at> + +http://lists.clamav.net/pipermail/clamav-users/2018-January/005687.html + +--- clamav-0.99.3/libclamav/scanners.c.orig 2018-01-26 14:35:23.299386703 +0100 ++++ clamav-0.99.3/libclamav/scanners.c 2018-01-26 14:47:44.422451335 +0100 +@@ -1342,39 +1342,35 @@ + return CL_CLEAN; + } + +- /* dump to disk only if explicitly asked to +- * or if necessary to check relative offsets, +- * otherwise we can process just in-memory */ +- if(ctx->engine->keeptmp || (troot && troot->ac_reloff_num > 0)) { +- if((ret = cli_gentempfd(ctx->engine->tmpdir, &tmpname, &ofd))) { +- cli_dbgmsg("cli_scanscript: Can't generate temporary file/descriptor\n"); +- return ret; +- } +- if (ctx->engine->keeptmp) +- cli_dbgmsg("cli_scanscript: saving normalized file to %s\n", tmpname); +- } +- + if(!(normalized = cli_malloc(SCANBUFF + maxpatlen))) { + cli_dbgmsg("cli_scanscript: Unable to malloc %u bytes\n", SCANBUFF); +- free(tmpname); + return CL_EMEM; + } +- + text_normalize_init(&state, normalized, SCANBUFF + maxpatlen); +- ret = CL_CLEAN; +- + + if ((ret = cli_ac_initdata(&tmdata, troot?troot->ac_partsigs:0, troot?troot->ac_lsigs:0, troot?troot->ac_reloff_num:0, CLI_DEFAULT_AC_TRACKLEN))) { +- free(tmpname); ++ free(normalized); + return ret; + } + + if ((ret = cli_ac_initdata(&gmdata, groot->ac_partsigs, groot->ac_lsigs, groot->ac_reloff_num, CLI_DEFAULT_AC_TRACKLEN))) { + cli_ac_freedata(&tmdata); +- free(tmpname); ++ free(normalized); + return ret; + } + ++ /* dump to disk only if explicitly asked to ++ * or if necessary to check relative offsets, ++ * otherwise we can process just in-memory */ ++ if(ctx->engine->keeptmp || (troot && troot->ac_reloff_num > 0)) { ++ if((ret = cli_gentempfd(ctx->engine->tmpdir, &tmpname, &ofd))) { ++ cli_dbgmsg("cli_scanscript: Can't generate temporary file/descriptor\n"); ++ goto done; ++ } ++ if (ctx->engine->keeptmp) ++ cli_dbgmsg("cli_scanscript: saving normalized file to %s\n", tmpname); ++ } ++ + mdata[0] = &tmdata; + mdata[1] = &gmdata; + +@@ -1388,9 +1384,8 @@ + + if (write(ofd, state.out, state.out_pos) == -1) { + cli_errmsg("cli_scanscript: can't write to file %s\n",tmpname); +- close(ofd); +- free(tmpname); +- return CL_EWRITE; ++ ret = CL_EWRITE; ++ goto done; + } + text_normalize_reset(&state); + } +@@ -1409,11 +1404,6 @@ + funmap(*ctx->fmap); + } + *ctx->fmap = map; +- +- /* If we aren't keeping temps, delete the normalized file after scan. */ +- if(!(ctx->engine->keeptmp)) +- if (cli_unlink(tmpname)) ret = CL_EUNLINK; +- + } else { + /* Since the above is moderately costly all in all, + * do the old stuff if there's no relative offsets. */ +@@ -1421,11 +1411,8 @@ + if (troot) { + cli_targetinfo(&info, 7, map); + ret = cli_ac_caloff(troot, &tmdata, &info); +- if (ret) { +- cli_ac_freedata(&tmdata); +- free(tmpname); +- return ret; +- } ++ if (ret) ++ goto done; + } + + while(1) { +@@ -1466,13 +1453,6 @@ + + } + +- if(ctx->engine->keeptmp) { +- free(tmpname); +- if (ofd >= 0) +- close(ofd); +- } +- free(normalized); +- + if(ret != CL_VIRUS || SCAN_ALL) { + if ((ret = cli_exp_eval(ctx, troot, &tmdata, NULL, NULL)) == CL_VIRUS) + viruses_found++; +@@ -1481,9 +1461,19 @@ + viruses_found++; + } + ++done: ++ free(normalized); + cli_ac_freedata(&tmdata); + cli_ac_freedata(&gmdata); + ++ if (ofd != -1) ++ close(ofd); ++ if (tmpname != NULL) { ++ if (!ctx->engine->keeptmp) ++ if (cli_unlink(tmpname)) ret = CL_EUNLINK; ++ free(tmpname); ++ } ++ + if (SCAN_ALL && viruses_found) + return CL_VIRUS; + diff --git a/app-antivirus/clamav/files/clamav-0.99.4-fix-newer-zlib.patch b/app-antivirus/clamav/files/clamav-0.99.4-fix-newer-zlib.patch new file mode 100644 index 0000000..1867341 --- /dev/null +++ b/app-antivirus/clamav/files/clamav-0.99.4-fix-newer-zlib.patch @@ -0,0 +1,54 @@ +https://bugs.gentoo.org/649516 + +Description: fix compatibility with zlib 1.2.9 and newer +Author: Marc Deslauriers <marc.deslauri...@canonical.com> +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1692073 + +Index: clamav-0.99.2+dfsg/libclamav/bytecode_api.c +=================================================================== +--- clamav-0.99.2+dfsg.orig/libclamav/bytecode_api.c 2017-08-08 15:20:06.651685637 -0400 ++++ clamav-0.99.2+dfsg/libclamav/bytecode_api.c 2017-08-15 15:45:14.645714766 -0400 +@@ -811,8 +811,20 @@ int32_t cli_bcapi_inflate_init(struct cl + cli_dbgmsg("bytecode api: inflate_init: invalid buffers!\n"); + return -1; + } +- memset(&stream, 0, sizeof(stream)); +- ret = inflateInit2(&stream, windowBits); ++ ++ b = cli_realloc(ctx->inflates, sizeof(*ctx->inflates)*n); ++ if (!b) { ++ return -1; ++ } ++ ctx->inflates = b; ++ ctx->ninflates = n; ++ b = &b[n-1]; ++ ++ b->from = from; ++ b->to = to; ++ b->needSync = 0; ++ memset(&b->stream, 0, sizeof(stream)); ++ ret = inflateInit2(&b->stream, windowBits); + switch (ret) { + case Z_MEM_ERROR: + cli_dbgmsg("bytecode api: inflateInit2: out of memory!\n"); +@@ -829,20 +841,6 @@ int32_t cli_bcapi_inflate_init(struct cl + cli_dbgmsg("bytecode api: inflateInit2: unknown error %d\n", ret); + return -1; + } +- +- b = cli_realloc(ctx->inflates, sizeof(*ctx->inflates)*n); +- if (!b) { +- inflateEnd(&stream); +- return -1; +- } +- ctx->inflates = b; +- ctx->ninflates = n; +- b = &b[n-1]; +- +- b->from = from; +- b->to = to; +- b->needSync = 0; +- memcpy(&b->stream, &stream, sizeof(stream)); + return n-1; + } + diff --git a/app-antivirus/clamav/files/clamav-0.99.4-pcre2-compile-erroffset.patch b/app-antivirus/clamav/files/clamav-0.99.4-pcre2-compile-erroffset.patch new file mode 100644 index 0000000..5585ea6 --- /dev/null +++ b/app-antivirus/clamav/files/clamav-0.99.4-pcre2-compile-erroffset.patch @@ -0,0 +1,11 @@ +--- clamav-0.99.4/libclamav/regex_pcre.c_orig 2018-03-02 19:10:39.702899702 +0100 ++++ clamav-0.99.4/libclamav/regex_pcre.c 2018-03-02 19:09:27.600901912 +0100 +@@ -112,7 +112,8 @@ + #if USING_PCRE2 + int cli_pcre_compile(struct cli_pcre_data *pd, long long unsigned match_limit, long long unsigned match_limit_recursion, unsigned int options, int opt_override) + { +- int errornum, erroffset; ++ int errornum; ++ size_t erroffset; + pcre2_general_context *gctx; + pcre2_compile_context *cctx; diff --git a/app-antivirus/clamav/files/clamav-milter.README.gentoo b/app-antivirus/clamav/files/clamav-milter.README.gentoo new file mode 100644 index 0000000..f526bd3 --- /dev/null +++ b/app-antivirus/clamav/files/clamav-milter.README.gentoo @@ -0,0 +1,85 @@ +Nick Hadaway <ra...@gentoo.org> +Updated by Andrea Barisani <lc...@gentoo.org> +18/05/2004 + +Setting up clamav-milter on Gentoo Linux + +Step 1 - Configure clamd + +Check /etc/clamd.conf, default values should work out of the box but +read and understand all the options especially if you are going to +use it on production boxes. + +Step 2 - Tell the init script to start clamd as well as freshclam and the + milter itself. + + nano -w /etc/conf.d/clamd + + START_CLAMD=yes + START_FRESHCLAM=yes + START_MILTER=yes + +Step 3 - Inform your MTA about the new milter. + + SENDMAIL + Step 3.a.1 - Edit sendmail.mc + + Add these lines to sendmail.mc before any any other + INPUT_MAIL_FILTER lines and before MAILER(local) + NOTE: ANY INPUT_MAIL_FILTER definitions put before these lines + will be discarded due to the use of confINPUT_MAIL_FILTERS + Make this your first mail filter. :) + + INPUT_MAIL_FILTER(`clmilter',`S=local:/var/run/clamav/clmilter.sock, F=, T=S:4m;R:4m')dnl + define(`confINPUT_MAIL_FILTERS', `clmilter')dnl + + Step 3.a.2 - Rebuild sendmail.cf + + cd /etc/mail + m4 sendmail.mc > sendmail.cf + + + + POSTFIX + Step 3.b - Edit main.cf. + + Add unix:/var/run/clamav/clamav-milter.sock to your + smtpd_milters line. If the line doesn't exist, just + stick it at the bottom of main.cf on a new line. + + If you're appending, this is a space separated list. + If virus scanning is your most intensive test, you + may wish to put it on the end of the list so earlier, + easiser tests may punt the message before you go through the + trouble of virus scanning it. + + Only one milter example: + + # milters to run on network received mail. + smtpd_milters=unix:/var/run/clamav/clamav-milter.suck + + Multiple milters example: + + # milters to run on network received mail. + smtpd_milters=unix:/var/run/dkim-filter/dkim-filter.sock unix:/var/run/clamav/clamav-milter.sock + + +Step 5 - Adjust permissions for clamav-milter socket + + Edit /etc/clamav-milter.conf and check/change MilterSocketGroup and MilterSocketMode + e.g. for postfix it would be this (sendmail,.. should be similar): + MiltersocketGroup postfix + MilterSocketMode 660 + +Step 6 - Start clamad + + /etc/init.d/clamd start + +Step 7 - Restart your MTA + + SENDMAIL + /etc/init.d/sendmail restart + + POSTFIX + /etc/init.d/postfix restart + diff --git a/app-antivirus/clamav/files/clamav-milter.service b/app-antivirus/clamav/files/clamav-milter.service new file mode 100644 index 0000000..5a1a24f --- /dev/null +++ b/app-antivirus/clamav/files/clamav-milter.service @@ -0,0 +1,12 @@ +[Unit] +Description=Milter module for the ClamAV scanner +After=nss-lookup.target network.target +Before=sendmail.service +Before=postfix.service + +[Service] +ExecStart=/usr/sbin/clamav-milter -c /etc/clamav-milter.conf --nofork=yes +Restart=on-failure + +[Install] +WantedBy=multi-user.target diff --git a/app-antivirus/clamav/files/clamav-milter.service-r1 b/app-antivirus/clamav/files/clamav-milter.service-r1 new file mode 100644 index 0000000..f0118d8 --- /dev/null +++ b/app-antivirus/clamav/files/clamav-milter.service-r1 @@ -0,0 +1,13 @@ +[Unit] +Description=Milter module for the ClamAV scanner +After=nss-lookup.target network.target +Before=sendmail.service +Before=postfix.service + +[Service] +Type=forking +PIDFile=/run/clamav/clamav-milter.pid +ExecStart=/usr/sbin/clamav-milter -c /etc/clamav-milter.conf + +[Install] +WantedBy=multi-user.target diff --git a/app-antivirus/clamav/files/clamav.logrotate b/app-antivirus/clamav/files/clamav.logrotate new file mode 100644 index 0000000..7a81126 --- /dev/null +++ b/app-antivirus/clamav/files/clamav.logrotate @@ -0,0 +1,17 @@ +/var/log/clamav/clamd.log { + su clamav clamav + missingok + postrotate + /etc/init.d/clamd logfix + /bin/kill -HUP `cat /var/run/clamav/clamd.pid 2> /dev/null` 2>/dev/null || true + endscript +} + +/var/log/clamav/freshclam.log { + su clamav clamav + missingok + postrotate + /etc/init.d/clamd logfix + /bin/kill -HUP `cat /var/run/clamav/freshclam.pid 2> /dev/null` 2>/dev/null || true + endscript +} diff --git a/app-antivirus/clamav/files/clamd.conf b/app-antivirus/clamav/files/clamd.conf new file mode 100644 index 0000000..ee05513 --- /dev/null +++ b/app-antivirus/clamav/files/clamd.conf @@ -0,0 +1,9 @@ +# Config file for /etc/init.d/clamd + +# NOTICE: Since clamav-0.85-r1, only START_CLAMD and START_FRESHCLAM settings +# are used, other are silently ignored + +START_CLAMD=yes +START_FRESHCLAM=yes +CLAMD_NICELEVEL=3 +FRESHCLAM_NICELEVEL=19 diff --git a/app-antivirus/clamav/files/clamd.conf-r1 b/app-antivirus/clamav/files/clamd.conf-r1 new file mode 100644 index 0000000..de95554 --- /dev/null +++ b/app-antivirus/clamav/files/clamd.conf-r1 @@ -0,0 +1,7 @@ +# Config file for /etc/init.d/clamd + +START_CLAMD=yes +START_FRESHCLAM=yes +CLAMD_NICELEVEL=3 +FRESHCLAM_NICELEVEL=19 +IONICE_LEVEL=2 diff --git a/app-antivirus/clamav/files/clamd.initd-r6 b/app-antivirus/clamav/files/clamd.initd-r6 new file mode 100644 index 0000000..8cf8dd0 --- /dev/null +++ b/app-antivirus/clamav/files/clamd.initd-r6 @@ -0,0 +1,128 @@ +#!/sbin/openrc-run +# Copyright 1999-2018 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +daemon_clamd="/usr/sbin/clamd" +daemon_freshclam="/usr/bin/freshclam" +daemon_milter="/usr/sbin/clamav-milter" + +extra_commands="logfix" + +depend() { + use net + provide antivirus +} + +get_config() { + clamconf | sed 's/["=]//g' | \ + awk "{ + if(\$0==\"Config file: $1.conf\") S=1 + if(S==1&&\$0==\"\") { + print \"$3\" + exit + } + if(S==1&&\$1~\"^$2\$\") { + print \$2!=\"disabled\"?\$2:\"$3\" + exit + } + }" +} + +start() { + # populate variables and fix log file permissions + logfix + + if [ "${START_CLAMD}" = "yes" ]; then + checkpath --quiet --mode 755 \ + --owner "${clamd_user}":"${clamd_user}" \ + --directory `dirname ${clamd_socket}` + if [ -S "${clamd_socket}" ]; then + rm -f ${clamd_socket} + fi + ebegin "Starting clamd" + start-stop-daemon --start --quiet \ + --nicelevel ${CLAMD_NICELEVEL:-0} \ + --ionice ${IONICE_LEVEL:-0} \ + --exec ${daemon_clamd} + eend $? "Failed to start clamd" + fi + + if [ "${START_FRESHCLAM}" = "yes" ]; then + checkpath --quiet --mode 755 \ + --owner "${clamd_user}":"${clamd_user}" \ + --directory `dirname ${clamd_socket}` + ebegin "Starting freshclam" + start-stop-daemon --start --quiet \ + --nicelevel ${FRESHCLAM_NICELEVEL:-0} \ + --ionice ${IONICE_LEVEL:-0} \ + --exec ${daemon_freshclam} -- -d + retcode=$? + if [ ${retcode} = 1 ]; then + eend 0 + einfo "Virus databases are already up to date." + else + eend ${retcode} "Failed to start freshclam" + fi + fi + + if [ "${START_MILTER}" = "yes" ]; then + if [ -z "${MILTER_CONF_FILE}" ]; then + MILTER_CONF_FILE="/etc/clamav-milter.conf" + fi + + ebegin "Starting clamav-milter" + start-stop-daemon --start --quiet \ + --nicelevel ${MILTER_NICELEVEL:-0} \ + --ionice ${IONICE_LEVEL:-0} \ + --exec ${daemon_milter} -- -c ${MILTER_CONF_FILE} + eend $? "Failed to start clamav-milter" + fi +} + +stop() { + if [ "${START_CLAMD}" = "yes" ]; then + ebegin "Stopping clamd" + start-stop-daemon --stop --quiet --name clamd + eend $? "Failed to stop clamd" + fi + if [ "${START_FRESHCLAM}" = "yes" ]; then + ebegin "Stopping freshclam" + start-stop-daemon --stop --quiet --name freshclam + eend $? "Failed to stop freshclam" + fi + if [ "${START_MILTER}" = "yes" ]; then + ebegin "Stopping clamav-milter" + start-stop-daemon --stop --quiet --name clamav-milter + eend $? "Failed to stop clamav-milter" + fi +} + +logfix() { + clamd_socket=$(get_config clamd LocalSocket /run/clamav/clamd.sock) + clamd_user=$(get_config clamd User clamav) + freshclam_user=$(get_config freshclam DatabaseOwner clamav) + + if [ "${START_CLAMD}" = "yes" ]; then + # fix clamd log permissions + # (might be clobbered by logrotate or something) + local logfile=$(get_config clamd LogFile) + if [ -n "${logfile}" ]; then + checkpath --quiet \ + --owner "${clamd_user}":"${clamd_user}" \ + --mode 640 \ + --file ${logfile} + fi + fi + + if [ "${START_FRESHCLAM}" = "yes" ]; then + # fix freshclam log permissions + # (might be clobbered by logrotate or something) + local logfile=$(get_config freshclam UpdateLogFile) + if [ -n "${logfile}" ]; then + checkpath --quiet \ + --owner "${freshclam_user}":"${freshclam_user}" \ + --mode 640 \ + --file ${logfile} + fi + fi +} diff --git a/app-antivirus/clamav/files/clamd.service b/app-antivirus/clamav/files/clamd.service new file mode 100644 index 0000000..75aa2cc --- /dev/null +++ b/app-antivirus/clamav/files/clamd.service @@ -0,0 +1,12 @@ +[Unit] +Description=clamd scanner daemon +After=nss-lookup.target network.target + +[Service] +Type=forking +ExecStart=/usr/sbin/clamd +Restart=on-failure +PrivateTmp=true + +[Install] +WantedBy=multi-user.target diff --git a/app-antivirus/clamav/files/clamd_at.service b/app-antivirus/clamav/files/clamd_at.service new file mode 100644 index 0000000..9008ba7 --- /dev/null +++ b/app-antivirus/clamav/files/clamd_at.service @@ -0,0 +1,12 @@ +[Unit] +Description=clamd scanner (%i) daemon +After=nss-lookup.target network.target + +[Service] +Type=forking +ExecStart=/usr/sbin/clamd -c /etc/clamd%i.conf +Restart=on-failure +PrivateTmp=true + +[Install] +WantedBy=multi-user.target diff --git a/app-antivirus/clamav/files/freshclamd.service b/app-antivirus/clamav/files/freshclamd.service new file mode 100644 index 0000000..a0a72c2 --- /dev/null +++ b/app-antivirus/clamav/files/freshclamd.service @@ -0,0 +1,10 @@ +[Unit] +Description=clamav updater + +[Service] +Type=forking +PIDFile=/run/clamav/freshclam.pid +ExecStart=/usr/bin/freshclam -d -p /run/clamav/freshclam.pid + +[Install] +WantedBy=multi-user.target diff --git a/app-antivirus/clamav/files/tmpfiles.d/clamav.conf b/app-antivirus/clamav/files/tmpfiles.d/clamav.conf new file mode 100644 index 0000000..1672df6 --- /dev/null +++ b/app-antivirus/clamav/files/tmpfiles.d/clamav.conf @@ -0,0 +1 @@ +d /run/clamav 0710 clamav clamav diff --git a/app-antivirus/clamav/metadata.xml b/app-antivirus/clamav/metadata.xml new file mode 100644 index 0000000..5ddb818 --- /dev/null +++ b/app-antivirus/clamav/metadata.xml @@ -0,0 +1,20 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd";> +<pkgmetadata> + <maintainer type="project"> + <email>antivi...@gentoo.org</email> + <name>Gentoo Antivirus Project</name> + </maintainer> + <maintainer type="project"> + <email>net-m...@gentoo.org</email> + <name>Net-Mail</name> + </maintainer> + <use> + <flag name="clamdtop">A Top like tool which shows what clamd is currently scanning amongst other things</flag> + <flag name="metadata-analysis-api">Enables collection of file property metadata using ClamAV API for analysis by ClamAV bytecode programs.</flag> + <flag name="system-libmspack">Use system libmspack instead of built in</flag> + </use> + <upstream> + <remote-id type="sourceforge">clamav</remote-id> + </upstream> +</pkgmetadata>
