all messages for Guix-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed
* [bug#55437] [PATCH] gnu: clamav: Update to 0.103.6 [fixes CVE-2022-{20803, 20770, 20796, 20771, 20785, 20792}].
@ 2022-05-15 20:12 kiasoc5--- via Guix-patches via
  2022-05-16 14:59 ` kiasoc5--- via Guix-patches via
                   ` (4 more replies)
  0 siblings, 5 replies; 6+ messages in thread
From: kiasoc5--- via Guix-patches via @ 2022-05-15 20:12 UTC (permalink / raw)
  To: 55437

[-- Attachment #1: Type: text/plain, Size: 544 bytes --]

This patch updates clamav to the latest LTS version.
Per the release notes [1], a future update of clamav to 0.105+ will take some effort:

1. 0.105+ needs Rust 1.57+ to build.
2. The build should switch from tarball to git to avoid vendored crates.
3. 0.105+ works with llvm 8-12 (no more llvm 3.7).

I suggest we keep clamav on the LTS version until we update Rust.

PS: As you can see from the email address, I am migrating from Tutanota to Disroot.

[1] https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html#more

[-- Attachment #2: 0001-gnu-clamav-Update-to-0.103.6-fixes-CVE-2022-20803-20.patch --]
[-- Type: application/octet-stream, Size: 1241 bytes --]

From c453008d05f4bc897eecd6f2545ff8047dc4e1fd Mon Sep 17 00:00:00 2001
From: kiasoc5 <kiasoc5@disroot.org>
Date: Sun, 15 May 2022 03:37:58 -0400
Subject: [PATCH] gnu: clamav: Update to 0.103.6 [fixes
 CVE-2022-{20803,20770,20796,20771,20785,20792}].

* gnu/packages/antivirus.scm (clamav): Update to 0.103.6.
---
 gnu/packages/antivirus.scm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/gnu/packages/antivirus.scm b/gnu/packages/antivirus.scm
index 80126a5b59..4a5f995e42 100644
--- a/gnu/packages/antivirus.scm
+++ b/gnu/packages/antivirus.scm
@@ -44,14 +44,14 @@ (define-module (gnu packages antivirus)
 (define-public clamav
   (package
     (name "clamav")
-    (version "0.103.3")
+    (version "0.103.6")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://www.clamav.net/downloads/production/"
                                   "clamav-" version ".tar.gz"))
               (sha256
                (base32
-                "1sba4zccgwjqk29b5qkgfc9gm794hmk6j7bpj8wilgcz8hc3svlz"))
+                "0cxsv5m9pqxxb56qd7hlj11pwmdgm07s3msh3hxk47czq4yjx8da"))
               (modules '((guix build utils)))
               (snippet
                '(begin
-- 
2.36.1


^ permalink raw reply related	[flat|nested] 6+ messages in thread

* [bug#55437] [PATCH] gnu: clamav: Update to 0.103.6 [fixes CVE-2022-{20803, 20770, 20796, 20771, 20785, 20792}].
  2022-05-15 20:12 [bug#55437] [PATCH] gnu: clamav: Update to 0.103.6 [fixes CVE-2022-{20803, 20770, 20796, 20771, 20785, 20792}] kiasoc5--- via Guix-patches via
@ 2022-05-16 14:59 ` kiasoc5--- via Guix-patches via
  2022-05-18  4:37 ` Maxim Cournoyer
                   ` (3 subsequent siblings)
  4 siblings, 0 replies; 6+ messages in thread
From: kiasoc5--- via Guix-patches via @ 2022-05-16 14:59 UTC (permalink / raw)
  To: 55437

Mumi is not showing the patch, sending it inline.

From c453008d05f4bc897eecd6f2545ff8047dc4e1fd Mon Sep 17 00:00:00 2001
From: kiasoc5 <kiasoc5@disroot.org>
Date: Sun, 15 May 2022 03:37:58 -0400
Subject: [PATCH] gnu: clamav: Update to 0.103.6 [fixes
CVE-2022-{20803,20770,20796,20771,20785,20792}].

* gnu/packages/antivirus.scm (clamav): Update to 0.103.6.
---
gnu/packages/antivirus.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/gnu/packages/antivirus.scm b/gnu/packages/antivirus.scm
index 80126a5b59..4a5f995e42 100644
--- a/gnu/packages/antivirus.scm
+++ b/gnu/packages/antivirus.scm
@@ -44,14 +44,14 @@ (define-module (gnu packages antivirus)
(define-public clamav
(package
(name "clamav")
- (version "0.103.3")
+ (version "0.103.6")
(source (origin
(method url-fetch)
(uri (string-append "https://www.clamav.net/downloads/production/"
"clamav-" version ".tar.gz"))
(sha256
(base32
- "1sba4zccgwjqk29b5qkgfc9gm794hmk6j7bpj8wilgcz8hc3svlz"))
+ "0cxsv5m9pqxxb56qd7hlj11pwmdgm07s3msh3hxk47czq4yjx8da"))
(modules '((guix build utils)))
(snippet
'(begin
-- 
2.36.1




^ permalink raw reply related	[flat|nested] 6+ messages in thread

* [bug#55437] [PATCH] gnu: clamav: Update to 0.103.6 [fixes CVE-2022-{20803, 20770, 20796, 20771, 20785, 20792}].
  2022-05-15 20:12 [bug#55437] [PATCH] gnu: clamav: Update to 0.103.6 [fixes CVE-2022-{20803, 20770, 20796, 20771, 20785, 20792}] kiasoc5--- via Guix-patches via
  2022-05-16 14:59 ` kiasoc5--- via Guix-patches via
@ 2022-05-18  4:37 ` Maxim Cournoyer
  2022-05-19  3:05 ` kiasoc5--- via Guix-patches via
                   ` (2 subsequent siblings)
  4 siblings, 0 replies; 6+ messages in thread
From: Maxim Cournoyer @ 2022-05-18  4:37 UTC (permalink / raw)
  To: kiasoc5; +Cc: 55437

Hi,

kiasoc5@disroot.org writes:

> This patch updates clamav to the latest LTS version.
> Per the release notes [1], a future update of clamav to 0.105+ will take some effort:
>
> 1. 0.105+ needs Rust 1.57+ to build.
> 2. The build should switch from tarball to git to avoid vendored crates.
> 3. 0.105+ works with llvm 8-12 (no more llvm 3.7).
>
> I suggest we keep clamav on the LTS version until we update Rust.

Sounds like a fine plan.

> PS: As you can see from the email address, I am migrating from Tutanota to Disroot.
>
> [1] https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html#more

I see the following guix lint warnings:

--8<---------------cut here---------------start------------->8---
clamav@0.103.6: label 'libcurl' does not match package name 'curl'
clamav@0.103.6: label 'libjson' does not match package name 'json-c'
clamav@0.103.6: label 'openssl' does not match package name 'libressl'
clamav@0.103.6: label 'sasl' does not match package name 'cyrus-sasl'
clamav@0.103.6: label 'xml' does not match package name 'libxml2'
clamav@0.103.6: updater 'generic-html' failed to find upstream releases
--8<---------------cut here---------------end--------------->8---

I'm not sure about the last one, but the other ones could be fixed
simply by updating to the new style (list input1 input2 ...) instead of
`(("input1" ,input1) ("input2" ,input2) ...).

Would you mind updating the patch with such changes?

Thanks!

Maxim




^ permalink raw reply	[flat|nested] 6+ messages in thread

* [bug#55437] [PATCH] gnu: clamav: Update to 0.103.6 [fixes CVE-2022-{20803, 20770, 20796, 20771, 20785, 20792}].
  2022-05-15 20:12 [bug#55437] [PATCH] gnu: clamav: Update to 0.103.6 [fixes CVE-2022-{20803, 20770, 20796, 20771, 20785, 20792}] kiasoc5--- via Guix-patches via
  2022-05-16 14:59 ` kiasoc5--- via Guix-patches via
  2022-05-18  4:37 ` Maxim Cournoyer
@ 2022-05-19  3:05 ` kiasoc5--- via Guix-patches via
  2022-05-20 22:01 ` bug#55437: " Ludovic Courtès
  2022-05-31 21:06 ` [bug#55437] " Jonathan Brielmaier
  4 siblings, 0 replies; 6+ messages in thread
From: kiasoc5--- via Guix-patches via @ 2022-05-19  3:05 UTC (permalink / raw)
  To: Maxim Cournoyer; +Cc: 55437

From 151cbfbefd039ce28d38109493bf8b49f19a2edc Mon Sep 17 00:00:00 2001
From: kiasoc5 <kiasoc5@disroot.org>
Date: Wed, 18 May 2022 22:51:14 -0400
Subject: [PATCH 2/2] gnu: clamav: Use new style and G-expressions.

* gnu/packages/antivirus.scm (clamav)[source]: Remove trailing #t from snippet.
[inputs]: Use new input style.
[arguments]: Use G-expressions. Remove trailing #t from phases
[configure-flags]: Adjust to new input style.
---
 gnu/packages/antivirus.scm | 128 ++++++++++++++++++-------------------
 1 file changed, 64 insertions(+), 64 deletions(-)

diff --git a/gnu/packages/antivirus.scm b/gnu/packages/antivirus.scm
index 4a5f995e42..cda3fc942b 100644
--- a/gnu/packages/antivirus.scm
+++ b/gnu/packages/antivirus.scm
@@ -21,6 +21,7 @@
 (define-module (gnu packages antivirus)
   #:use-module ((guix licenses) #:prefix license:)
   #:use-module (guix build-system gnu)
+  #:use-module (guix gexp)
   #:use-module (guix packages)
   #:use-module (guix download)
   #:use-module (guix utils)
@@ -59,8 +60,7 @@ (define-public clamav
                             '("win32"                  ; unnecessary
                               "libclamav/c++/llvm"     ; use system llvm
                               "libclamav/tomsfastmath" ; use system tomsfastmath
-                              "libclamunrar"))         ; non-free license
-                  #t))
+                              "libclamunrar"))))       ; non-free license
               (patches
                (search-patches "clamav-system-tomsfastmath.patch"
                                "clamav-config-llvm-libs.patch"))))
@@ -72,70 +72,70 @@ (define-public clamav
            libtool
            pkg-config))
     (inputs
-     `(("bzip2" ,bzip2)
-       ("libcurl" ,curl)
-       ("libjson" ,json-c)
-       ("libltdl" ,libltdl)
-       ("libmspack" ,libmspack)
-       ("llvm" ,llvm-3.6)               ; requires <3.7, for JIT/verifier
-       ("ncurses" ,ncurses)
-       ("openssl" ,libressl)
-       ("pcre2" ,pcre2)
-       ("sasl" ,cyrus-sasl)             ; for linking curl with libtool
-       ("tomsfastmath" ,tomsfastmath)
-       ("xml" ,libxml2)
-       ("zlib" ,zlib)))
+      (list bzip2
+            curl
+            json-c
+            libltdl
+            libmspack
+            llvm-3.6               ; requires <3.7, for JIT/verifier
+            ncurses
+            libressl
+            pcre2
+            cyrus-sasl             ; for linking curl with libtool
+            tomsfastmath
+            libxml2
+            zlib))
     (arguments
-     `(#:configure-flags
-       (let-syntax ((with (syntax-rules ()
-                            ((_ name)
+      (list #:configure-flags
+            #~(let-syntax ((with (syntax-rules ()
+                            ((_ name use)
                              (string-append "--with-" name "="
-                                            (assoc-ref %build-inputs name))))))
-         (list "--disable-unrar"
-               "--enable-llvm"
-               "--with-system-llvm"
-               "--with-system-libmspack"
-               "--without-included-ltdl"
-               (with "xml")
-               (with "openssl")
-               (with "libjson")
-               (with "pcre2")
-               (with "zlib")
-               (with "libcurl")
-               ;; For sanity, specifying --enable-* flags turns
-               ;; "support unavailable" warnings into errors.
-               "--enable-bzip2"
-               "--enable-check"
-               "--sysconfdir=/etc/clamav"
-               ;; Default database directory needs to be writeable
-               "--with-dbdir=/var/db/clamav"))
-       ;; install sample .conf files to %output/etc rather than /etc/clamav
-       #:make-flags (list (string-append "sysconfdir=" %output "/etc"))
-       #:phases (modify-phases %standard-phases
-                  ;; Regenerate configure script.  Without this we don't get
-                  ;; the correct value for LLVM linker variables.
-                  (add-after 'unpack 'reconf
-                    (lambda _ (invoke "autoreconf" "-vfi")))
-                  (add-before 'configure 'patch-llvm-config
-                    (lambda _
-                      (substitute* '("libclamav/c++/detect.cpp"
-                                     "libclamav/c++/ClamBCRTChecks.cpp"
-                                     "libclamav/c++/bytecode2llvm.cpp")
-                        (("llvm/Config/config.h") "llvm/Config/llvm-config.h"))
-                      ;; `llvm-config --libfiles` inappropriately lists lib*.a
-                      ;; libraries, rather than the lib*.so's that our llvm
-                      ;; contains.  They're used only for listing extra build
-                      ;; dependencies, so ignore them until that's fixed.
-                      (substitute* "libclamav/c++/Makefile.in"
-                        (("@LLVMCONFIG_LIBFILES@") ""))
-                      #t))
-                  (add-before 'check 'skip-clamd-tests
-                    ;; XXX: The check?_clamd tests fail inside the build
-                    ;; chroot, but pass outside.
-                    (lambda _
-                      (substitute* "unit_tests/Makefile"
-                        (("check2_clamd.sh.*check4_clamd.sh") ""))
-                      #t)))))
+                                            (assoc-ref %build-inputs use))))))
+              (list "--disable-unrar"
+                    "--enable-llvm"
+                    "--with-system-llvm"
+                    "--with-system-libmspack"
+                    "--without-included-ltdl"
+                    (with "xml" "libxml2")
+                    (with "openssl" "libressl")
+                    (with "libjson" "json-c")
+                    (with "pcre2" "pcre2")
+                    (with "zlib" "zlib")
+                    (with "libcurl" "curl")
+                    ;; For sanity, specifying --enable-* flags turns
+                    ;; "support unavailable" warnings into errors.
+                    "--enable-bzip2"
+                    "--enable-check"
+                    "--sysconfdir=/etc/clamav"
+                    ;; Default database directory needs to be writeable
+                    "--with-dbdir=/var/db/clamav"))
+            ;; install sample .conf files to %output/etc rather than /etc/clamav
+            #:make-flags
+            #~(list (string-append "sysconfdir=" %output "/etc"))
+            #:phases
+            #~(modify-phases %standard-phases
+                ;; Regenerate configure script.  Without this we don't get
+                ;; the correct value for LLVM linker variables.
+                (add-after 'unpack 'reconf
+                  (lambda _ (invoke "autoreconf" "-vfi")))
+                (add-before 'configure 'patch-llvm-config
+                  (lambda _
+                    (substitute* '("libclamav/c++/detect.cpp"
+                                   "libclamav/c++/ClamBCRTChecks.cpp"
+                                   "libclamav/c++/bytecode2llvm.cpp")
+                      (("llvm/Config/config.h") "llvm/Config/llvm-config.h"))
+                    ;; `llvm-config --libfiles` inappropriately lists lib*.a
+                    ;; libraries, rather than the lib*.so's that our llvm
+                    ;; contains.  They're used only for listing extra build
+                    ;; dependencies, so ignore them until that's fixed.
+                    (substitute* "libclamav/c++/Makefile.in"
+                      (("@LLVMCONFIG_LIBFILES@") ""))))
+                (add-before 'check 'skip-clamd-tests
+                  ;; XXX: The check?_clamd tests fail inside the build
+                  ;; chroot, but pass outside.
+                  (lambda _
+                    (substitute* "unit_tests/Makefile"
+                      (("check2_clamd.sh.*check4_clamd.sh") "")))))))
     (home-page "https://www.clamav.net")
     (synopsis "Antivirus engine")
     (description
-- 
2.36.1




^ permalink raw reply related	[flat|nested] 6+ messages in thread

* bug#55437: [PATCH] gnu: clamav: Update to 0.103.6 [fixes CVE-2022-{20803, 20770, 20796, 20771, 20785, 20792}].
  2022-05-15 20:12 [bug#55437] [PATCH] gnu: clamav: Update to 0.103.6 [fixes CVE-2022-{20803, 20770, 20796, 20771, 20785, 20792}] kiasoc5--- via Guix-patches via
                   ` (2 preceding siblings ...)
  2022-05-19  3:05 ` kiasoc5--- via Guix-patches via
@ 2022-05-20 22:01 ` Ludovic Courtès
  2022-05-31 21:06 ` [bug#55437] " Jonathan Brielmaier
  4 siblings, 0 replies; 6+ messages in thread
From: Ludovic Courtès @ 2022-05-20 22:01 UTC (permalink / raw)
  To: kiasoc5; +Cc: 55437-done

Hi,

kiasoc5@disroot.org skribis:

> From c453008d05f4bc897eecd6f2545ff8047dc4e1fd Mon Sep 17 00:00:00 2001
> From: kiasoc5 <kiasoc5@disroot.org>
> Date: Sun, 15 May 2022 03:37:58 -0400
> Subject: [PATCH] gnu: clamav: Update to 0.103.6 [fixes
>  CVE-2022-{20803,20770,20796,20771,20785,20792}].
>
> * gnu/packages/antivirus.scm (clamav): Update to 0.103.6.

[...]

>>From 151cbfbefd039ce28d38109493bf8b49f19a2edc Mon Sep 17 00:00:00 2001
> From: kiasoc5 <kiasoc5@disroot.org>
> Date: Wed, 18 May 2022 22:51:14 -0400
> Subject: [PATCH 2/2] gnu: clamav: Use new style and G-expressions.
>
> * gnu/packages/antivirus.scm (clamav)[source]: Remove trailing #t from snippet.
> [inputs]: Use new input style.
> [arguments]: Use G-expressions. Remove trailing #t from phases
> [configure-flags]: Adjust to new input style.

Applied, thanks!

Ludo’.




^ permalink raw reply	[flat|nested] 6+ messages in thread

* [bug#55437] [PATCH] gnu: clamav: Update to 0.103.6 [fixes CVE-2022-{20803, 20770, 20796, 20771, 20785, 20792}].
  2022-05-15 20:12 [bug#55437] [PATCH] gnu: clamav: Update to 0.103.6 [fixes CVE-2022-{20803, 20770, 20796, 20771, 20785, 20792}] kiasoc5--- via Guix-patches via
                   ` (3 preceding siblings ...)
  2022-05-20 22:01 ` bug#55437: " Ludovic Courtès
@ 2022-05-31 21:06 ` Jonathan Brielmaier
  4 siblings, 0 replies; 6+ messages in thread
From: Jonathan Brielmaier @ 2022-05-31 21:06 UTC (permalink / raw)
  To: 55437


Hm, our rust is already at 1.57.0. So this requirement shouldn't be a
problem.




^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2022-05-31 21:07 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-05-15 20:12 [bug#55437] [PATCH] gnu: clamav: Update to 0.103.6 [fixes CVE-2022-{20803, 20770, 20796, 20771, 20785, 20792}] kiasoc5--- via Guix-patches via
2022-05-16 14:59 ` kiasoc5--- via Guix-patches via
2022-05-18  4:37 ` Maxim Cournoyer
2022-05-19  3:05 ` kiasoc5--- via Guix-patches via
2022-05-20 22:01 ` bug#55437: " Ludovic Courtès
2022-05-31 21:06 ` [bug#55437] " Jonathan Brielmaier

Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/guix.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.