* [bug#55437] [PATCH] gnu: clamav: Update to 0.103.6 [fixes CVE-2022-{20803, 20770, 20796, 20771, 20785, 20792}].
@ 2022-05-15 20:12 kiasoc5--- via Guix-patches via
2022-05-16 14:59 ` kiasoc5--- via Guix-patches via
` (4 more replies)
0 siblings, 5 replies; 6+ messages in thread
From: kiasoc5--- via Guix-patches via @ 2022-05-15 20:12 UTC (permalink / raw)
To: 55437
[-- Attachment #1: Type: text/plain, Size: 544 bytes --]
This patch updates clamav to the latest LTS version.
Per the release notes [1], a future update of clamav to 0.105+ will take some effort:
1. 0.105+ needs Rust 1.57+ to build.
2. The build should switch from tarball to git to avoid vendored crates.
3. 0.105+ works with llvm 8-12 (no more llvm 3.7).
I suggest we keep clamav on the LTS version until we update Rust.
PS: As you can see from the email address, I am migrating from Tutanota to Disroot.
[1] https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html#more
[-- Attachment #2: 0001-gnu-clamav-Update-to-0.103.6-fixes-CVE-2022-20803-20.patch --]
[-- Type: application/octet-stream, Size: 1241 bytes --]
From c453008d05f4bc897eecd6f2545ff8047dc4e1fd Mon Sep 17 00:00:00 2001
From: kiasoc5 <kiasoc5@disroot.org>
Date: Sun, 15 May 2022 03:37:58 -0400
Subject: [PATCH] gnu: clamav: Update to 0.103.6 [fixes
CVE-2022-{20803,20770,20796,20771,20785,20792}].
* gnu/packages/antivirus.scm (clamav): Update to 0.103.6.
---
gnu/packages/antivirus.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/antivirus.scm b/gnu/packages/antivirus.scm
index 80126a5b59..4a5f995e42 100644
--- a/gnu/packages/antivirus.scm
+++ b/gnu/packages/antivirus.scm
@@ -44,14 +44,14 @@ (define-module (gnu packages antivirus)
(define-public clamav
(package
(name "clamav")
- (version "0.103.3")
+ (version "0.103.6")
(source (origin
(method url-fetch)
(uri (string-append "https://www.clamav.net/downloads/production/"
"clamav-" version ".tar.gz"))
(sha256
(base32
- "1sba4zccgwjqk29b5qkgfc9gm794hmk6j7bpj8wilgcz8hc3svlz"))
+ "0cxsv5m9pqxxb56qd7hlj11pwmdgm07s3msh3hxk47czq4yjx8da"))
(modules '((guix build utils)))
(snippet
'(begin
--
2.36.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [bug#55437] [PATCH] gnu: clamav: Update to 0.103.6 [fixes CVE-2022-{20803, 20770, 20796, 20771, 20785, 20792}].
2022-05-15 20:12 [bug#55437] [PATCH] gnu: clamav: Update to 0.103.6 [fixes CVE-2022-{20803, 20770, 20796, 20771, 20785, 20792}] kiasoc5--- via Guix-patches via
@ 2022-05-16 14:59 ` kiasoc5--- via Guix-patches via
2022-05-18 4:37 ` Maxim Cournoyer
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: kiasoc5--- via Guix-patches via @ 2022-05-16 14:59 UTC (permalink / raw)
To: 55437
Mumi is not showing the patch, sending it inline.
From c453008d05f4bc897eecd6f2545ff8047dc4e1fd Mon Sep 17 00:00:00 2001
From: kiasoc5 <kiasoc5@disroot.org>
Date: Sun, 15 May 2022 03:37:58 -0400
Subject: [PATCH] gnu: clamav: Update to 0.103.6 [fixes
CVE-2022-{20803,20770,20796,20771,20785,20792}].
* gnu/packages/antivirus.scm (clamav): Update to 0.103.6.
---
gnu/packages/antivirus.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/antivirus.scm b/gnu/packages/antivirus.scm
index 80126a5b59..4a5f995e42 100644
--- a/gnu/packages/antivirus.scm
+++ b/gnu/packages/antivirus.scm
@@ -44,14 +44,14 @@ (define-module (gnu packages antivirus)
(define-public clamav
(package
(name "clamav")
- (version "0.103.3")
+ (version "0.103.6")
(source (origin
(method url-fetch)
(uri (string-append "https://www.clamav.net/downloads/production/"
"clamav-" version ".tar.gz"))
(sha256
(base32
- "1sba4zccgwjqk29b5qkgfc9gm794hmk6j7bpj8wilgcz8hc3svlz"))
+ "0cxsv5m9pqxxb56qd7hlj11pwmdgm07s3msh3hxk47czq4yjx8da"))
(modules '((guix build utils)))
(snippet
'(begin
--
2.36.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [bug#55437] [PATCH] gnu: clamav: Update to 0.103.6 [fixes CVE-2022-{20803, 20770, 20796, 20771, 20785, 20792}].
2022-05-15 20:12 [bug#55437] [PATCH] gnu: clamav: Update to 0.103.6 [fixes CVE-2022-{20803, 20770, 20796, 20771, 20785, 20792}] kiasoc5--- via Guix-patches via
2022-05-16 14:59 ` kiasoc5--- via Guix-patches via
@ 2022-05-18 4:37 ` Maxim Cournoyer
2022-05-19 3:05 ` kiasoc5--- via Guix-patches via
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: Maxim Cournoyer @ 2022-05-18 4:37 UTC (permalink / raw)
To: kiasoc5; +Cc: 55437
Hi,
kiasoc5@disroot.org writes:
> This patch updates clamav to the latest LTS version.
> Per the release notes [1], a future update of clamav to 0.105+ will take some effort:
>
> 1. 0.105+ needs Rust 1.57+ to build.
> 2. The build should switch from tarball to git to avoid vendored crates.
> 3. 0.105+ works with llvm 8-12 (no more llvm 3.7).
>
> I suggest we keep clamav on the LTS version until we update Rust.
Sounds like a fine plan.
> PS: As you can see from the email address, I am migrating from Tutanota to Disroot.
>
> [1] https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html#more
I see the following guix lint warnings:
--8<---------------cut here---------------start------------->8---
clamav@0.103.6: label 'libcurl' does not match package name 'curl'
clamav@0.103.6: label 'libjson' does not match package name 'json-c'
clamav@0.103.6: label 'openssl' does not match package name 'libressl'
clamav@0.103.6: label 'sasl' does not match package name 'cyrus-sasl'
clamav@0.103.6: label 'xml' does not match package name 'libxml2'
clamav@0.103.6: updater 'generic-html' failed to find upstream releases
--8<---------------cut here---------------end--------------->8---
I'm not sure about the last one, but the other ones could be fixed
simply by updating to the new style (list input1 input2 ...) instead of
`(("input1" ,input1) ("input2" ,input2) ...).
Would you mind updating the patch with such changes?
Thanks!
Maxim
^ permalink raw reply [flat|nested] 6+ messages in thread
* [bug#55437] [PATCH] gnu: clamav: Update to 0.103.6 [fixes CVE-2022-{20803, 20770, 20796, 20771, 20785, 20792}].
2022-05-15 20:12 [bug#55437] [PATCH] gnu: clamav: Update to 0.103.6 [fixes CVE-2022-{20803, 20770, 20796, 20771, 20785, 20792}] kiasoc5--- via Guix-patches via
2022-05-16 14:59 ` kiasoc5--- via Guix-patches via
2022-05-18 4:37 ` Maxim Cournoyer
@ 2022-05-19 3:05 ` kiasoc5--- via Guix-patches via
2022-05-20 22:01 ` bug#55437: " Ludovic Courtès
2022-05-31 21:06 ` [bug#55437] " Jonathan Brielmaier
4 siblings, 0 replies; 6+ messages in thread
From: kiasoc5--- via Guix-patches via @ 2022-05-19 3:05 UTC (permalink / raw)
To: Maxim Cournoyer; +Cc: 55437
From 151cbfbefd039ce28d38109493bf8b49f19a2edc Mon Sep 17 00:00:00 2001
From: kiasoc5 <kiasoc5@disroot.org>
Date: Wed, 18 May 2022 22:51:14 -0400
Subject: [PATCH 2/2] gnu: clamav: Use new style and G-expressions.
* gnu/packages/antivirus.scm (clamav)[source]: Remove trailing #t from snippet.
[inputs]: Use new input style.
[arguments]: Use G-expressions. Remove trailing #t from phases
[configure-flags]: Adjust to new input style.
---
gnu/packages/antivirus.scm | 128 ++++++++++++++++++-------------------
1 file changed, 64 insertions(+), 64 deletions(-)
diff --git a/gnu/packages/antivirus.scm b/gnu/packages/antivirus.scm
index 4a5f995e42..cda3fc942b 100644
--- a/gnu/packages/antivirus.scm
+++ b/gnu/packages/antivirus.scm
@@ -21,6 +21,7 @@
(define-module (gnu packages antivirus)
#:use-module ((guix licenses) #:prefix license:)
#:use-module (guix build-system gnu)
+ #:use-module (guix gexp)
#:use-module (guix packages)
#:use-module (guix download)
#:use-module (guix utils)
@@ -59,8 +60,7 @@ (define-public clamav
'("win32" ; unnecessary
"libclamav/c++/llvm" ; use system llvm
"libclamav/tomsfastmath" ; use system tomsfastmath
- "libclamunrar")) ; non-free license
- #t))
+ "libclamunrar")))) ; non-free license
(patches
(search-patches "clamav-system-tomsfastmath.patch"
"clamav-config-llvm-libs.patch"))))
@@ -72,70 +72,70 @@ (define-public clamav
libtool
pkg-config))
(inputs
- `(("bzip2" ,bzip2)
- ("libcurl" ,curl)
- ("libjson" ,json-c)
- ("libltdl" ,libltdl)
- ("libmspack" ,libmspack)
- ("llvm" ,llvm-3.6) ; requires <3.7, for JIT/verifier
- ("ncurses" ,ncurses)
- ("openssl" ,libressl)
- ("pcre2" ,pcre2)
- ("sasl" ,cyrus-sasl) ; for linking curl with libtool
- ("tomsfastmath" ,tomsfastmath)
- ("xml" ,libxml2)
- ("zlib" ,zlib)))
+ (list bzip2
+ curl
+ json-c
+ libltdl
+ libmspack
+ llvm-3.6 ; requires <3.7, for JIT/verifier
+ ncurses
+ libressl
+ pcre2
+ cyrus-sasl ; for linking curl with libtool
+ tomsfastmath
+ libxml2
+ zlib))
(arguments
- `(#:configure-flags
- (let-syntax ((with (syntax-rules ()
- ((_ name)
+ (list #:configure-flags
+ #~(let-syntax ((with (syntax-rules ()
+ ((_ name use)
(string-append "--with-" name "="
- (assoc-ref %build-inputs name))))))
- (list "--disable-unrar"
- "--enable-llvm"
- "--with-system-llvm"
- "--with-system-libmspack"
- "--without-included-ltdl"
- (with "xml")
- (with "openssl")
- (with "libjson")
- (with "pcre2")
- (with "zlib")
- (with "libcurl")
- ;; For sanity, specifying --enable-* flags turns
- ;; "support unavailable" warnings into errors.
- "--enable-bzip2"
- "--enable-check"
- "--sysconfdir=/etc/clamav"
- ;; Default database directory needs to be writeable
- "--with-dbdir=/var/db/clamav"))
- ;; install sample .conf files to %output/etc rather than /etc/clamav
- #:make-flags (list (string-append "sysconfdir=" %output "/etc"))
- #:phases (modify-phases %standard-phases
- ;; Regenerate configure script. Without this we don't get
- ;; the correct value for LLVM linker variables.
- (add-after 'unpack 'reconf
- (lambda _ (invoke "autoreconf" "-vfi")))
- (add-before 'configure 'patch-llvm-config
- (lambda _
- (substitute* '("libclamav/c++/detect.cpp"
- "libclamav/c++/ClamBCRTChecks.cpp"
- "libclamav/c++/bytecode2llvm.cpp")
- (("llvm/Config/config.h") "llvm/Config/llvm-config.h"))
- ;; `llvm-config --libfiles` inappropriately lists lib*.a
- ;; libraries, rather than the lib*.so's that our llvm
- ;; contains. They're used only for listing extra build
- ;; dependencies, so ignore them until that's fixed.
- (substitute* "libclamav/c++/Makefile.in"
- (("@LLVMCONFIG_LIBFILES@") ""))
- #t))
- (add-before 'check 'skip-clamd-tests
- ;; XXX: The check?_clamd tests fail inside the build
- ;; chroot, but pass outside.
- (lambda _
- (substitute* "unit_tests/Makefile"
- (("check2_clamd.sh.*check4_clamd.sh") ""))
- #t)))))
+ (assoc-ref %build-inputs use))))))
+ (list "--disable-unrar"
+ "--enable-llvm"
+ "--with-system-llvm"
+ "--with-system-libmspack"
+ "--without-included-ltdl"
+ (with "xml" "libxml2")
+ (with "openssl" "libressl")
+ (with "libjson" "json-c")
+ (with "pcre2" "pcre2")
+ (with "zlib" "zlib")
+ (with "libcurl" "curl")
+ ;; For sanity, specifying --enable-* flags turns
+ ;; "support unavailable" warnings into errors.
+ "--enable-bzip2"
+ "--enable-check"
+ "--sysconfdir=/etc/clamav"
+ ;; Default database directory needs to be writeable
+ "--with-dbdir=/var/db/clamav"))
+ ;; install sample .conf files to %output/etc rather than /etc/clamav
+ #:make-flags
+ #~(list (string-append "sysconfdir=" %output "/etc"))
+ #:phases
+ #~(modify-phases %standard-phases
+ ;; Regenerate configure script. Without this we don't get
+ ;; the correct value for LLVM linker variables.
+ (add-after 'unpack 'reconf
+ (lambda _ (invoke "autoreconf" "-vfi")))
+ (add-before 'configure 'patch-llvm-config
+ (lambda _
+ (substitute* '("libclamav/c++/detect.cpp"
+ "libclamav/c++/ClamBCRTChecks.cpp"
+ "libclamav/c++/bytecode2llvm.cpp")
+ (("llvm/Config/config.h") "llvm/Config/llvm-config.h"))
+ ;; `llvm-config --libfiles` inappropriately lists lib*.a
+ ;; libraries, rather than the lib*.so's that our llvm
+ ;; contains. They're used only for listing extra build
+ ;; dependencies, so ignore them until that's fixed.
+ (substitute* "libclamav/c++/Makefile.in"
+ (("@LLVMCONFIG_LIBFILES@") ""))))
+ (add-before 'check 'skip-clamd-tests
+ ;; XXX: The check?_clamd tests fail inside the build
+ ;; chroot, but pass outside.
+ (lambda _
+ (substitute* "unit_tests/Makefile"
+ (("check2_clamd.sh.*check4_clamd.sh") "")))))))
(home-page "https://www.clamav.net")
(synopsis "Antivirus engine")
(description
--
2.36.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* bug#55437: [PATCH] gnu: clamav: Update to 0.103.6 [fixes CVE-2022-{20803, 20770, 20796, 20771, 20785, 20792}].
2022-05-15 20:12 [bug#55437] [PATCH] gnu: clamav: Update to 0.103.6 [fixes CVE-2022-{20803, 20770, 20796, 20771, 20785, 20792}] kiasoc5--- via Guix-patches via
` (2 preceding siblings ...)
2022-05-19 3:05 ` kiasoc5--- via Guix-patches via
@ 2022-05-20 22:01 ` Ludovic Courtès
2022-05-31 21:06 ` [bug#55437] " Jonathan Brielmaier
4 siblings, 0 replies; 6+ messages in thread
From: Ludovic Courtès @ 2022-05-20 22:01 UTC (permalink / raw)
To: kiasoc5; +Cc: 55437-done
Hi,
kiasoc5@disroot.org skribis:
> From c453008d05f4bc897eecd6f2545ff8047dc4e1fd Mon Sep 17 00:00:00 2001
> From: kiasoc5 <kiasoc5@disroot.org>
> Date: Sun, 15 May 2022 03:37:58 -0400
> Subject: [PATCH] gnu: clamav: Update to 0.103.6 [fixes
> CVE-2022-{20803,20770,20796,20771,20785,20792}].
>
> * gnu/packages/antivirus.scm (clamav): Update to 0.103.6.
[...]
>>From 151cbfbefd039ce28d38109493bf8b49f19a2edc Mon Sep 17 00:00:00 2001
> From: kiasoc5 <kiasoc5@disroot.org>
> Date: Wed, 18 May 2022 22:51:14 -0400
> Subject: [PATCH 2/2] gnu: clamav: Use new style and G-expressions.
>
> * gnu/packages/antivirus.scm (clamav)[source]: Remove trailing #t from snippet.
> [inputs]: Use new input style.
> [arguments]: Use G-expressions. Remove trailing #t from phases
> [configure-flags]: Adjust to new input style.
Applied, thanks!
Ludo’.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [bug#55437] [PATCH] gnu: clamav: Update to 0.103.6 [fixes CVE-2022-{20803, 20770, 20796, 20771, 20785, 20792}].
2022-05-15 20:12 [bug#55437] [PATCH] gnu: clamav: Update to 0.103.6 [fixes CVE-2022-{20803, 20770, 20796, 20771, 20785, 20792}] kiasoc5--- via Guix-patches via
` (3 preceding siblings ...)
2022-05-20 22:01 ` bug#55437: " Ludovic Courtès
@ 2022-05-31 21:06 ` Jonathan Brielmaier
4 siblings, 0 replies; 6+ messages in thread
From: Jonathan Brielmaier @ 2022-05-31 21:06 UTC (permalink / raw)
To: 55437
Hm, our rust is already at 1.57.0. So this requirement shouldn't be a
problem.
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2022-05-31 21:07 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-05-15 20:12 [bug#55437] [PATCH] gnu: clamav: Update to 0.103.6 [fixes CVE-2022-{20803, 20770, 20796, 20771, 20785, 20792}] kiasoc5--- via Guix-patches via
2022-05-16 14:59 ` kiasoc5--- via Guix-patches via
2022-05-18 4:37 ` Maxim Cournoyer
2022-05-19 3:05 ` kiasoc5--- via Guix-patches via
2022-05-20 22:01 ` bug#55437: " Ludovic Courtès
2022-05-31 21:06 ` [bug#55437] " Jonathan Brielmaier
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).