--- Begin Message ---
Package: release.debian.org
User: release.debian.org@packages.debian.org
Usertags: pu
Tags: stretch
Severity: normal
0.100.0 clamav version had a few config options removed. This is covered
by postinst as long as the config is handled by debconf. If the user
makes changes manually then ucf ask the user to resolve it and if nothing happens
(during unattended-upgrades) then the old options remain set and clamav
refuses to start.
This was reported during the deb8 point upgrade. To avoid this during
the upcomming deb9 upgrade I hereby propose a patch to simply declare
the removed options as "deprecated" which results in a warning like
| clamd[8720]: WARNING: Ignoring deprecated option StatsTimeout at line 88
| clamd[8720]: WARNING: Ignoring deprecated option StatsPEDisabled at line 89
in the log file and clamav continues.
In terms of full disclosure: There is a yara regression within clamav
(that is if you use clamav-unofficial-sigs) as reported in #902899
yesterday. The bug has been reported on 16th April to
clamav-unofficial-sigs upstream (as per the forwarded link in BTS) and
nothing happend since. Give the freeze this weekend I don't think that
this will change for Stretch.
Sebastian
diff -Nru clamav-0.100.0+dfsg/debian/changelog clamav-0.100.0+dfsg/debian/changelog
--- clamav-0.100.0+dfsg/debian/changelog 2018-04-25 21:59:49.000000000 +0200
+++ clamav-0.100.0+dfsg/debian/changelog 2018-07-04 23:14:43.000000000 +0200
@@ -1,3 +1,9 @@
+clamav (0.100.0+dfsg-0+deb9u2) stretch; urgency=medium
+
+ * Don't fail on recently removed config options (Closes: #902290).
+
+ -- Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Wed, 04 Jul 2018 23:14:43 +0200
+
clamav (0.100.0+dfsg-0+deb9u1) stretch; urgency=medium
[ Sebastian Andrzej Siewior ]
diff -Nru clamav-0.100.0+dfsg/debian/.git-dpm clamav-0.100.0+dfsg/debian/.git-dpm
--- clamav-0.100.0+dfsg/debian/.git-dpm 2018-04-25 21:59:43.000000000 +0200
+++ clamav-0.100.0+dfsg/debian/.git-dpm 2018-07-04 22:11:57.000000000 +0200
@@ -1,6 +1,6 @@
# see git-dpm(1) from git-dpm package
-7a040ad8b6aad81cd3b37661345727e43e3cd78a
-7a040ad8b6aad81cd3b37661345727e43e3cd78a
+e7d1d6e337cc5ecf533b991879c6374a71c0bf18
+e7d1d6e337cc5ecf533b991879c6374a71c0bf18
c6bf3661e036ec9579e544d999438b0147e75315
c6bf3661e036ec9579e544d999438b0147e75315
clamav_0.100.0+dfsg.orig.tar.xz
diff -Nru clamav-0.100.0+dfsg/debian/patches/Deprecate-unused-options-instead-of-removing-it.patch clamav-0.100.0+dfsg/debian/patches/Deprecate-unused-options-instead-of-removing-it.patch
--- clamav-0.100.0+dfsg/debian/patches/Deprecate-unused-options-instead-of-removing-it.patch 1970-01-01 01:00:00.000000000 +0100
+++ clamav-0.100.0+dfsg/debian/patches/Deprecate-unused-options-instead-of-removing-it.patch 2018-07-04 22:11:57.000000000 +0200
@@ -0,0 +1,60 @@
+From e7d1d6e337cc5ecf533b991879c6374a71c0bf18 Mon Sep 17 00:00:00 2001
+From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
+Date: Wed, 4 Jul 2018 21:26:50 +0200
+Subject: Deprecate unused options instead of removing it
+
+The following options were removed:
+- StatsHostID
+- StatsEnabled
+- StatsPEDisabled
+- StatsTimeout
+- SubmitDetectionStats
+- DetectionStatsCountry
+- DetectionStatsHostID
+
+and if they remain in the config file (during automatic upgrade without
+user action which would be required by ucf) then clamav will refuse the
+start. By marking them as deprecated clamav will point it out and
+continue. This patch will be dropped by moving to next Debian stable
+version (the user is expected to edit the config manually at this
+point if it did not happen earlier).
+
+BTS: https://bugs.debian.org/902290
+Patch-Name: Deprecate-unused-options-instead-of-removing-it.patch
+Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
+---
+ shared/optparser.c | 14 ++++++++++++++
+ 1 file changed, 14 insertions(+)
+
+diff --git a/shared/optparser.c b/shared/optparser.c
+index b5a7208..7dea853 100644
+--- a/shared/optparser.c
++++ b/shared/optparser.c
+@@ -194,6 +194,14 @@ const struct clam_option __clam_options[] = {
+
+ { "LogFile", "log", 'l', CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_CLAMD | OPT_MILTER | OPT_CLAMSCAN | OPT_CLAMDSCAN, "Save all reports to a log file.", "/tmp/clamav.log" },
+
++ { "StatsHostID", "stats-host-id", 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_CLAMD | OPT_CLAMSCAN | OPT_DEPRECATED, "HostID in the form of an UUID to use when submitting statistical information. See the clamscan manpage for more information.", "default" },
++
++ { "StatsEnabled", "enable-stats", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_CLAMSCAN | OPT_DEPRECATED, "Enable submission of statistical data", "yes" },
++
++ { "StatsPEDisabled", "disable-pe-stats", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN | OPT_DEPRECATED, "Disable submission of PE section statistical data", "no" },
++
++ { "StatsTimeout", "stats-timeout", 0, CLOPT_TYPE_NUMBER, MATCH_NUMBER, -1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN | OPT_FRESHCLAM | OPT_DEPRECATED, "Timeout in seconds to timeout communication with the stats server.", "10" },
++
+ { "LogFileUnlock", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_MILTER, "By default the log file is locked for writing and only a single\ndaemon process can write to it. This option disables the lock.", "yes" },
+
+ { "LogFileMaxSize", NULL, 0, CLOPT_TYPE_SIZE, MATCH_SIZE, 1048576, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_MILTER, "Maximum size of the log file.\nValue of 0 disables the limit.", "5M" },
+@@ -479,6 +487,12 @@ const struct clam_option __clam_options[] = {
+
+ { "ReceiveTimeout", NULL, 0, CLOPT_TYPE_NUMBER, MATCH_NUMBER, 30, NULL, 0, OPT_FRESHCLAM, "Timeout in seconds when reading from database server.", "30" },
+
++ { "SubmitDetectionStats", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_DEPRECATED, "When enabled freshclam will submit statistics to the ClamAV Project about\nthe latest virus detections in your environment. The ClamAV maintainers\nwill then use this data to determine what types of malware are the most\ndetected in the field and in what geographic area they are.\nFreshclam will connect to clamd in order to get recent statistics.", "/path/to/clamd.conf" },
++
++ { "DetectionStatsCountry", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_DEPRECATED, "Country of origin of malware/detection statistics (for statistical\npurposes only). The statistics collector at ClamAV.net will look up\nyour IP address to determine the geographical origin of the malware\nreported by your installation. If this installation is mainly used to\nscan data which comes from a different location, please enable this\noption and enter a two-letter code (see http://www.iana.org/domains/root/db/)\nof the country of origin.", "country-code" },
++
++ { "DetectionStatsHostID", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_DEPRECATED, "This option enables support for our \"Personal Statistics\" service.\nWhen this option is enabled, the information on malware detected by\nyour clamd installation is made available to you through our website.\nTo get your HostID, log on http://www.stats.clamav.net and add a new\nhost to your host list. Once you have the HostID, uncomment this option\nand paste the HostID here. As soon as your freshclam starts submitting\ninformation to our stats collecting service, you will be able to view\nthe statistics of this clamd installation by logging into\nhttp://www.stats.clamav.net with the same credentials you used to\ngenerate the HostID. For more information refer to:\nhttp://www.clamav.net/doc/cctts.html\nThis feature requires SubmitDetectionStats to be enabled.", "unique-id" },
++
+ { "SafeBrowsing", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_FRESHCLAM, "This option enables support for Google Safe Browsing. When activated for\nthe first time, freshclam will download a new database file (safebrowsing.cvd)\nwhich will be automatically loaded by clamd and clamscan during the next\nreload, provided that the heuristic phishing detection is turned on. This\ndatabase includes information about websites that may be phishing sites or\npossible sources of malware. When using this option, it's mandatory to run\nfreshclam at least every 30 minutes.\nFreshclam uses the ClamAV's mirror infrastructure to distribute the\ndatabase and its updates but all the contents are provided under Google's\nterms of use. See https://transparencyreport.google.com/safe-browsing/overview \n and https://www.clamav.net/documents/safebrowsing for more information.", "yes" },
+
+ { "Bytecode", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_FRESHCLAM, "This option enables downloading of bytecode.cvd, which includes additional\ndetection mechanisms and improvements to the ClamAV engine.", "yes" },
diff -Nru clamav-0.100.0+dfsg/debian/patches/series clamav-0.100.0+dfsg/debian/patches/series
--- clamav-0.100.0+dfsg/debian/patches/series 2018-04-25 21:59:43.000000000 +0200
+++ clamav-0.100.0+dfsg/debian/patches/series 2018-07-04 22:11:55.000000000 +0200
@@ -4,3 +4,4 @@
Add-support-for-LLVM-3.7.patch
Add-support-for-LLVM-3.8.patch
Add-support-for-LLVM-3.9.patch
+Deprecate-unused-options-instead-of-removing-it.patch
--- End Message ---