ports/59948: security/clamav several fixes and improvements
Marius Strobl
marius at alchemy.franken.de
Thu Dec 4 13:40:24 UTC 2003
>Number: 59948
>Category: ports
>Synopsis: security/clamav several fixes and improvements
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Dec 04 05:40:12 PST 2003
>Closed-Date:
>Last-Modified:
>Originator: Marius Strobl
>Release: FreeBSD 5.2-BETA sparc64
>Organization:
>Environment:
System: FreeBSD alchemy.franken.de 5.2-BETA FreeBSD 5.2-BETA #6: Tue Nov 25 20:03:30 CET 2003 root at alchemy.franken.de:/tmp/obj/usr/src/sys/alchemy sparc64
>Description:
The patch referenced below implements the following changes:
- Respect PTHREAD_CFLAGS.
- Use USE_LIBTOOL_VER=14 as the libtool shipping with clamav 0.65
erroneously links against libc _and_ libc_r on FreeBSD 4.
- Don't link against libcipher on FreeBSD < 501100, clamav doesn't
depend on it. The linker warnings suggesting that it is required
were triggered by linking against both, libc and libc_r.
- Unconditionally depend on math/libgmp4. Otherwise, if libgmp4 is
already installed on a FreeBSD 4-STABLE system compilation of
security/clamav fails, as the headers of libgmp4 are used but the
base libgmp is used for linking.
- Fix generation of clamav-milter.8 when building with WITH_MILTER
(part of new files/patch-clamav-milter::Makefile.in).
- Don't USE_GETOPT_LONG when compiling with WITH_MILTER, clamav
uses its own getopt_long() regardless if a devel/libgnugetopt is
installed or the version in the base of FreeBSD 5 is present.
- Allow compilation of WITH_MILTER with mail/sendmail.
- Install a startup-script (taken from security/clamav-devel with some
fixes in comments) for clamav-milter when compiled with WITH_MILTER.
BEWARE: As rcoder(8) isn't present on FreeBSD 4 but clamd must be
be started before clamav-milter the startup-script for clamd
must alphabetically arranged before the startup-script for
clamav-milter. I decided to use the clamd statup-scrtipt from
security/clamav-devel (clamav-clamd.sh), so users running
an older version of security/clamav have to change
'clamd_enable="YES"' to 'clamav_clamd_enable="YES"' in
/etc/rc.conf. On the other hand this changes makes it easier
to switch between security/clamav and security/clamav-devel.
- In pkg-descr remove the note that clamav-milter doesn't build on
FreeBSD 4 with base gcc, it builds fine there. Mention that
clamav-milter can be optionally used (taken from pkg-descr of
security/clamav-devel).
- Fix compilation when an older version of security/clamav is installed.
If there's an older version of libclamav installed clamav 0.65 will
link against it instead of the newly built one. This is not a problem
if the installed version is compatible with the new one as libclamav
gets linked dynamically and the installed version will be replaced
with the new one. However, if the older version is incompatible
linking of clamav 0.65 fails. This problem was discovered by
Jan-Peter Koopmann Jan-Peter.Koopmann at seceidos.de and the fix
(most of the new patches in the files directory) confirmed working.
- Remove the obsolete files/patch5-* patches.
>How-To-Repeat:
>Fix:
Patch is at: http://quad.zeist.de/security_clamav.diff
New files: files/clamav-clamd.sh
files/clamav-milter.sh
files/patch-clamav-milter::Makefile.in
files/patch-clamd::Makefile.in
files/patch-clamdscan::Makefile.in
files/patch-clamscan::Makefile.in
files/patch-freshclam::Makefile.in
files/patch-sigtool::Makefile.in
Deleted files: files/clamd.sh
files/patch5-libclamav::zziplib::zzip-file.c
files/patch5-libclamav::zziplib::zzip-stat.c
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list