GNU bug report logs -
#55437
[PATCH] gnu: clamav: Update to 0.103.6 [fixes CVE-2022-{20803,20770,20796,20771,20785,20792}].
Previous Next
Reported by: kiasoc5 <at> disroot.org
Date: Sun, 15 May 2022 22:17:02 UTC
Severity: normal
Tags: patch
Done: Ludovic Courtès <ludo <at> gnu.org>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 55437 in the body.
You can then email your comments to 55437 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
guix-patches <at> gnu.org
:
bug#55437
; Package
guix-patches
.
(Sun, 15 May 2022 22:17:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
kiasoc5 <at> disroot.org
:
New bug report received and forwarded. Copy sent to
guix-patches <at> gnu.org
.
(Sun, 15 May 2022 22:17:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
This patch updates clamav to the latest LTS version.
Per the release notes [1], a future update of clamav to 0.105+ will take some effort:
1. 0.105+ needs Rust 1.57+ to build.
2. The build should switch from tarball to git to avoid vendored crates.
3. 0.105+ works with llvm 8-12 (no more llvm 3.7).
I suggest we keep clamav on the LTS version until we update Rust.
PS: As you can see from the email address, I am migrating from Tutanota to Disroot.
[1] https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html#more
[0001-gnu-clamav-Update-to-0.103.6-fixes-CVE-2022-20803-20.patch (application/octet-stream, attachment)]
Information forwarded
to
guix-patches <at> gnu.org
:
bug#55437
; Package
guix-patches
.
(Mon, 16 May 2022 15:26:01 GMT)
Full text and
rfc822 format available.
Message #8 received at 55437 <at> debbugs.gnu.org (full text, mbox):
Mumi is not showing the patch, sending it inline.
From c453008d05f4bc897eecd6f2545ff8047dc4e1fd Mon Sep 17 00:00:00 2001
From: kiasoc5 <kiasoc5 <at> disroot.org>
Date: Sun, 15 May 2022 03:37:58 -0400
Subject: [PATCH] gnu: clamav: Update to 0.103.6 [fixes
CVE-2022-{20803,20770,20796,20771,20785,20792}].
* gnu/packages/antivirus.scm (clamav): Update to 0.103.6.
---
gnu/packages/antivirus.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/antivirus.scm b/gnu/packages/antivirus.scm
index 80126a5b59..4a5f995e42 100644
--- a/gnu/packages/antivirus.scm
+++ b/gnu/packages/antivirus.scm
@@ -44,14 +44,14 @@ (define-module (gnu packages antivirus)
(define-public clamav
(package
(name "clamav")
- (version "0.103.3")
+ (version "0.103.6")
(source (origin
(method url-fetch)
(uri (string-append "https://www.clamav.net/downloads/production/"
"clamav-" version ".tar.gz"))
(sha256
(base32
- "1sba4zccgwjqk29b5qkgfc9gm794hmk6j7bpj8wilgcz8hc3svlz"))
+ "0cxsv5m9pqxxb56qd7hlj11pwmdgm07s3msh3hxk47czq4yjx8da"))
(modules '((guix build utils)))
(snippet
'(begin
--
2.36.1
Information forwarded
to
guix-patches <at> gnu.org
:
bug#55437
; Package
guix-patches
.
(Wed, 18 May 2022 04:38:01 GMT)
Full text and
rfc822 format available.
Message #11 received at 55437 <at> debbugs.gnu.org (full text, mbox):
Hi,
kiasoc5 <at> disroot.org writes:
> This patch updates clamav to the latest LTS version.
> Per the release notes [1], a future update of clamav to 0.105+ will take some effort:
>
> 1. 0.105+ needs Rust 1.57+ to build.
> 2. The build should switch from tarball to git to avoid vendored crates.
> 3. 0.105+ works with llvm 8-12 (no more llvm 3.7).
>
> I suggest we keep clamav on the LTS version until we update Rust.
Sounds like a fine plan.
> PS: As you can see from the email address, I am migrating from Tutanota to Disroot.
>
> [1] https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html#more
I see the following guix lint warnings:
--8<---------------cut here---------------start------------->8---
clamav <at> 0.103.6: label 'libcurl' does not match package name 'curl'
clamav <at> 0.103.6: label 'libjson' does not match package name 'json-c'
clamav <at> 0.103.6: label 'openssl' does not match package name 'libressl'
clamav <at> 0.103.6: label 'sasl' does not match package name 'cyrus-sasl'
clamav <at> 0.103.6: label 'xml' does not match package name 'libxml2'
clamav <at> 0.103.6: updater 'generic-html' failed to find upstream releases
--8<---------------cut here---------------end--------------->8---
I'm not sure about the last one, but the other ones could be fixed
simply by updating to the new style (list input1 input2 ...) instead of
`(("input1" ,input1) ("input2" ,input2) ...).
Would you mind updating the patch with such changes?
Thanks!
Maxim
Information forwarded
to
guix-patches <at> gnu.org
:
bug#55437
; Package
guix-patches
.
(Thu, 19 May 2022 03:06:02 GMT)
Full text and
rfc822 format available.
Message #14 received at 55437 <at> debbugs.gnu.org (full text, mbox):
From 151cbfbefd039ce28d38109493bf8b49f19a2edc Mon Sep 17 00:00:00 2001
From: kiasoc5 <kiasoc5 <at> disroot.org>
Date: Wed, 18 May 2022 22:51:14 -0400
Subject: [PATCH 2/2] gnu: clamav: Use new style and G-expressions.
* gnu/packages/antivirus.scm (clamav)[source]: Remove trailing #t from snippet.
[inputs]: Use new input style.
[arguments]: Use G-expressions. Remove trailing #t from phases
[configure-flags]: Adjust to new input style.
---
gnu/packages/antivirus.scm | 128 ++++++++++++++++++-------------------
1 file changed, 64 insertions(+), 64 deletions(-)
diff --git a/gnu/packages/antivirus.scm b/gnu/packages/antivirus.scm
index 4a5f995e42..cda3fc942b 100644
--- a/gnu/packages/antivirus.scm
+++ b/gnu/packages/antivirus.scm
@@ -21,6 +21,7 @@
(define-module (gnu packages antivirus)
#:use-module ((guix licenses) #:prefix license:)
#:use-module (guix build-system gnu)
+ #:use-module (guix gexp)
#:use-module (guix packages)
#:use-module (guix download)
#:use-module (guix utils)
@@ -59,8 +60,7 @@ (define-public clamav
'("win32" ; unnecessary
"libclamav/c++/llvm" ; use system llvm
"libclamav/tomsfastmath" ; use system tomsfastmath
- "libclamunrar")) ; non-free license
- #t))
+ "libclamunrar")))) ; non-free license
(patches
(search-patches "clamav-system-tomsfastmath.patch"
"clamav-config-llvm-libs.patch"))))
@@ -72,70 +72,70 @@ (define-public clamav
libtool
pkg-config))
(inputs
- `(("bzip2" ,bzip2)
- ("libcurl" ,curl)
- ("libjson" ,json-c)
- ("libltdl" ,libltdl)
- ("libmspack" ,libmspack)
- ("llvm" ,llvm-3.6) ; requires <3.7, for JIT/verifier
- ("ncurses" ,ncurses)
- ("openssl" ,libressl)
- ("pcre2" ,pcre2)
- ("sasl" ,cyrus-sasl) ; for linking curl with libtool
- ("tomsfastmath" ,tomsfastmath)
- ("xml" ,libxml2)
- ("zlib" ,zlib)))
+ (list bzip2
+ curl
+ json-c
+ libltdl
+ libmspack
+ llvm-3.6 ; requires <3.7, for JIT/verifier
+ ncurses
+ libressl
+ pcre2
+ cyrus-sasl ; for linking curl with libtool
+ tomsfastmath
+ libxml2
+ zlib))
(arguments
- `(#:configure-flags
- (let-syntax ((with (syntax-rules ()
- ((_ name)
+ (list #:configure-flags
+ #~(let-syntax ((with (syntax-rules ()
+ ((_ name use)
(string-append "--with-" name "="
- (assoc-ref %build-inputs name))))))
- (list "--disable-unrar"
- "--enable-llvm"
- "--with-system-llvm"
- "--with-system-libmspack"
- "--without-included-ltdl"
- (with "xml")
- (with "openssl")
- (with "libjson")
- (with "pcre2")
- (with "zlib")
- (with "libcurl")
- ;; For sanity, specifying --enable-* flags turns
- ;; "support unavailable" warnings into errors.
- "--enable-bzip2"
- "--enable-check"
- "--sysconfdir=/etc/clamav"
- ;; Default database directory needs to be writeable
- "--with-dbdir=/var/db/clamav"))
- ;; install sample .conf files to %output/etc rather than /etc/clamav
- #:make-flags (list (string-append "sysconfdir=" %output "/etc"))
- #:phases (modify-phases %standard-phases
- ;; Regenerate configure script. Without this we don't get
- ;; the correct value for LLVM linker variables.
- (add-after 'unpack 'reconf
- (lambda _ (invoke "autoreconf" "-vfi")))
- (add-before 'configure 'patch-llvm-config
- (lambda _
- (substitute* '("libclamav/c++/detect.cpp"
- "libclamav/c++/ClamBCRTChecks.cpp"
- "libclamav/c++/bytecode2llvm.cpp")
- (("llvm/Config/config.h") "llvm/Config/llvm-config.h"))
- ;; `llvm-config --libfiles` inappropriately lists lib*.a
- ;; libraries, rather than the lib*.so's that our llvm
- ;; contains. They're used only for listing extra build
- ;; dependencies, so ignore them until that's fixed.
- (substitute* "libclamav/c++/Makefile.in"
- (("@LLVMCONFIG_LIBFILES@") ""))
- #t))
- (add-before 'check 'skip-clamd-tests
- ;; XXX: The check?_clamd tests fail inside the build
- ;; chroot, but pass outside.
- (lambda _
- (substitute* "unit_tests/Makefile"
- (("check2_clamd.sh.*check4_clamd.sh") ""))
- #t)))))
+ (assoc-ref %build-inputs use))))))
+ (list "--disable-unrar"
+ "--enable-llvm"
+ "--with-system-llvm"
+ "--with-system-libmspack"
+ "--without-included-ltdl"
+ (with "xml" "libxml2")
+ (with "openssl" "libressl")
+ (with "libjson" "json-c")
+ (with "pcre2" "pcre2")
+ (with "zlib" "zlib")
+ (with "libcurl" "curl")
+ ;; For sanity, specifying --enable-* flags turns
+ ;; "support unavailable" warnings into errors.
+ "--enable-bzip2"
+ "--enable-check"
+ "--sysconfdir=/etc/clamav"
+ ;; Default database directory needs to be writeable
+ "--with-dbdir=/var/db/clamav"))
+ ;; install sample .conf files to %output/etc rather than /etc/clamav
+ #:make-flags
+ #~(list (string-append "sysconfdir=" %output "/etc"))
+ #:phases
+ #~(modify-phases %standard-phases
+ ;; Regenerate configure script. Without this we don't get
+ ;; the correct value for LLVM linker variables.
+ (add-after 'unpack 'reconf
+ (lambda _ (invoke "autoreconf" "-vfi")))
+ (add-before 'configure 'patch-llvm-config
+ (lambda _
+ (substitute* '("libclamav/c++/detect.cpp"
+ "libclamav/c++/ClamBCRTChecks.cpp"
+ "libclamav/c++/bytecode2llvm.cpp")
+ (("llvm/Config/config.h") "llvm/Config/llvm-config.h"))
+ ;; `llvm-config --libfiles` inappropriately lists lib*.a
+ ;; libraries, rather than the lib*.so's that our llvm
+ ;; contains. They're used only for listing extra build
+ ;; dependencies, so ignore them until that's fixed.
+ (substitute* "libclamav/c++/Makefile.in"
+ (("@LLVMCONFIG_LIBFILES@") ""))))
+ (add-before 'check 'skip-clamd-tests
+ ;; XXX: The check?_clamd tests fail inside the build
+ ;; chroot, but pass outside.
+ (lambda _
+ (substitute* "unit_tests/Makefile"
+ (("check2_clamd.sh.*check4_clamd.sh") "")))))))
(home-page "https://www.clamav.net")
(synopsis "Antivirus engine")
(description
--
2.36.1
Reply sent
to
Ludovic Courtès <ludo <at> gnu.org>
:
You have taken responsibility.
(Fri, 20 May 2022 22:02:02 GMT)
Full text and
rfc822 format available.
Notification sent
to
kiasoc5 <at> disroot.org
:
bug acknowledged by developer.
(Fri, 20 May 2022 22:02:02 GMT)
Full text and
rfc822 format available.
Message #19 received at 55437-done <at> debbugs.gnu.org (full text, mbox):
Hi,
kiasoc5 <at> disroot.org skribis:
> From c453008d05f4bc897eecd6f2545ff8047dc4e1fd Mon Sep 17 00:00:00 2001
> From: kiasoc5 <kiasoc5 <at> disroot.org>
> Date: Sun, 15 May 2022 03:37:58 -0400
> Subject: [PATCH] gnu: clamav: Update to 0.103.6 [fixes
> CVE-2022-{20803,20770,20796,20771,20785,20792}].
>
> * gnu/packages/antivirus.scm (clamav): Update to 0.103.6.
[...]
>>From 151cbfbefd039ce28d38109493bf8b49f19a2edc Mon Sep 17 00:00:00 2001
> From: kiasoc5 <kiasoc5 <at> disroot.org>
> Date: Wed, 18 May 2022 22:51:14 -0400
> Subject: [PATCH 2/2] gnu: clamav: Use new style and G-expressions.
>
> * gnu/packages/antivirus.scm (clamav)[source]: Remove trailing #t from snippet.
> [inputs]: Use new input style.
> [arguments]: Use G-expressions. Remove trailing #t from phases
> [configure-flags]: Adjust to new input style.
Applied, thanks!
Ludo’.
Information forwarded
to
guix-patches <at> gnu.org
:
bug#55437
; Package
guix-patches
.
(Tue, 31 May 2022 21:07:02 GMT)
Full text and
rfc822 format available.
Message #22 received at 55437 <at> debbugs.gnu.org (full text, mbox):
Hm, our rust is already at 1.57.0. So this requirement shouldn't be a
problem.
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org
.
(Wed, 29 Jun 2022 11:24:06 GMT)
Full text and
rfc822 format available.
This bug report was last modified 1 year and 274 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.