--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: jessie-pu: package clamav/0.99.2+dfsg-0+deb8u2
- From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
- Date: Tue, 7 Jun 2016 00:13:36 +0200
- Message-id: <20160606221335.GA17506@breakpoint.cc>
Package: release.debian.org
User: release.debian.org@packages.debian.org
Usertags: pu
Tags: jessie
Severity: normal
The last version (0.99.2+dfsg-0+deb8u1) removed AllowSupplementaryGroups
and hit stable over the weekend. Now Hans van Kranenburg had an
unattended upgrade and the config file was not fixed up (i.e. the option
removed as suggested during the upgrade process). clamav did not start,
he fixed it manually and reported #826406.
This update will ignore the AllowSupplementaryGroups option whether set
or not and the behaviour will remain unchanged. All binaries will behave
the same except they won't complain about the AllowSupplementaryGroups
option. The plan is not to push this change into unstable so people
upgrading Jessie -> Stretch have to have this option removed at this
point.
I am not sure if this update makes sense at this point since most people
got probably bitten by this, cursed my name and moved on. So if you
think that this update makes sense here it is - otherwise...
Sebastian
diff --git a/debian/.git-dpm b/debian/.git-dpm
index 462fb68..286a2a5 100644
--- a/debian/.git-dpm
+++ b/debian/.git-dpm
@@ -1,6 +1,6 @@
# see git-dpm(1) from git-dpm package
-2489109e048f803a6019c00671cff2b43f139555
-2489109e048f803a6019c00671cff2b43f139555
+279c06a817c13eb22dc3ade949ea8b4a8aea9825
+279c06a817c13eb22dc3ade949ea8b4a8aea9825
48a96d2a3f0f4aca12f39f62a53fe1671a6e15a2
48a96d2a3f0f4aca12f39f62a53fe1671a6e15a2
clamav_0.99.2+dfsg.orig.tar.xz
diff --git a/debian/changelog b/debian/changelog
index 9cde7f8..5ebcb45 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+clamav (0.99.2+dfsg-0+deb8u2) stable; urgency=medium
+
+ * Don't fail if AllowSupplementaryGroups is still set in the config file but
+ ignore it and continue (Closes: #826406).
+
+ -- Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Mon, 06 Jun 2016 22:06:52 +0200
+
clamav (0.99.2+dfsg-0+deb8u1) stable; urgency=medium
* Import new Upstream.
diff --git a/debian/patches/ingore-AllowSupplementaryGroups-option.patch b/debian/patches/ingore-AllowSupplementaryGroups-option.patch
new file mode 100644
index 0000000..b152276
--- /dev/null
+++ b/debian/patches/ingore-AllowSupplementaryGroups-option.patch
@@ -0,0 +1,28 @@
+From 279c06a817c13eb22dc3ade949ea8b4a8aea9825 Mon Sep 17 00:00:00 2001
+From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
+Date: Mon, 6 Jun 2016 21:17:34 +0200
+Subject: Ignore AllowSupplementaryGroups if set
+
+Ignore the AllowSupplementaryGroups option if set. This should ease
+stable auto upgrade in case nobody touches the config files.
+
+BTS: https://bugs.debian.org/826406
+Patch-Name: ingore-AllowSupplementaryGroups-option.patch
+Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
+---
+ shared/optparser.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/shared/optparser.c b/shared/optparser.c
+index e2b28cc..f8911ea 100644
+--- a/shared/optparser.c
++++ b/shared/optparser.c
+@@ -285,6 +285,8 @@ const struct clam_option __clam_options[] = {
+
+ { "User", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_CLAMD | OPT_MILTER, "Run the daemon as a specified user (the process must be started by root).", "clamav" },
+
++ { "AllowSupplementaryGroups", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_MILTER, "Initialize a supplementary group access (the process must be started by root).", "no" },
++
+ /* Scan options */
+ { "Bytecode", "bytecode", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "With this option enabled ClamAV will load bytecode from the database. It is highly recommended you keep this option on, otherwise you'll miss detections for many new viruses.", "yes" },
+
diff --git a/debian/patches/series b/debian/patches/series
index 82aadd6..3c7804d 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -7,3 +7,4 @@ clamav_add_private_fts_implementation.patch
fix-ssize_t-size_t-off_t-printf-modifier.patch
libclamav-use-libmspack.patch
drop-AllowSupplementaryGroups-option-and-make-it-def.patch
+ingore-AllowSupplementaryGroups-option.patch
diff --git a/shared/optparser.c b/shared/optparser.c
index e2b28cc..f8911ea 100644
--- a/shared/optparser.c
+++ b/shared/optparser.c
@@ -285,6 +285,8 @@ const struct clam_option __clam_options[] = {
{ "User", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_CLAMD | OPT_MILTER, "Run the daemon as a specified user (the process must be started by root).", "clamav" },
+ { "AllowSupplementaryGroups", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_MILTER, "Initialize a supplementary group access (the process must be started by root).", "no" },
+
/* Scan options */
{ "Bytecode", "bytecode", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "With this option enabled ClamAV will load bytecode from the database. It is highly recommended you keep this option on, otherwise you'll miss detections for many new viruses.", "yes" },
--- End Message ---