Bug#935368: stretch-pu: package c-icap-modules/0.4.4-1+deb9u1
Package: release.debian.org
User: release.debian.org@packages.debian.org
Usertags: pu
Tags: stretch
Severity: normal
Please find attached the proposed update to c-icap-modules for Stretch as
part of the clamav transition, #924278.
Sebastian
diff -Nru c-icap-modules-0.4.4/debian/changelog c-icap-modules-0.4.4/debian/changelog
--- c-icap-modules-0.4.4/debian/changelog 2016-10-09 21:29:45.000000000 +0200
+++ c-icap-modules-0.4.4/debian/changelog 2019-03-10 22:00:14.000000000 +0100
@@ -1,3 +1,10 @@
+c-icap-modules (1:0.4.4-1+deb9u1) stretch; urgency=medium
+
+ * Non-maintainer upload.
+ * Add support for clamav 0.101.1 (Closes: #919814).
+
+ -- Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Sun, 10 Mar 2019 22:00:14 +0100
+
c-icap-modules (1:0.4.4-1) unstable; urgency=medium
* New upstream release
diff -Nru c-icap-modules-0.4.4/debian/control c-icap-modules-0.4.4/debian/control
--- c-icap-modules-0.4.4/debian/control 2016-10-09 21:29:45.000000000 +0200
+++ c-icap-modules-0.4.4/debian/control 2019-03-10 22:00:14.000000000 +0100
@@ -2,7 +2,7 @@
Section: net
Priority: extra
Maintainer: Mathieu Parent <sathieu@debian.org>
-Build-Depends: debhelper (>= 9~), autotools-dev, libicapapi-dev (>=1:0.4.1~), libclamav-dev, libltdl-dev | libltdl3-dev, libdb-dev, dh-autoreconf
+Build-Depends: debhelper (>= 9~), autotools-dev, libicapapi-dev (>=1:0.4.1~), libclamav-dev (>= 0.101.1), libltdl-dev | libltdl3-dev, libdb-dev, dh-autoreconf
Standards-Version: 3.9.8
Homepage: http://c-icap.sourceforge.net/
Vcs-Git: https://anonscm.debian.org/git/collab-maint/c-icap-modules.git
diff -Nru c-icap-modules-0.4.4/debian/patches/c-icap-modules-clamav-backport.patch c-icap-modules-0.4.4/debian/patches/c-icap-modules-clamav-backport.patch
--- c-icap-modules-0.4.4/debian/patches/c-icap-modules-clamav-backport.patch 1970-01-01 01:00:00.000000000 +0100
+++ c-icap-modules-0.4.4/debian/patches/c-icap-modules-clamav-backport.patch 2019-03-10 21:59:09.000000000 +0100
@@ -0,0 +1,131 @@
+From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
+Date: Sat, 19 Jan 2019 21:12:25 +0100
+Subject: [PATCH] backport clamav changes from 0.5.3
+
+---
+ configure.ac | 12 ++++++++
+ services/virus_scan/clamav_mod.c | 62 +++++++++++++++++++++++++++++++++++++++-
+ 2 files changed, 73 insertions(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index 6d01fad8e47b..df5060941b7b 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -187,7 +187,19 @@ if test a"$clamav" = "ayes"; then
+ AC_DEFINE(HAVE_LIBCLAMAV_095,1,[Define HAVE_LIBCLAMAV_095 if have clamav 0.95.x or newer])
+ AC_MSG_RESULT(yes),
+ )
++
++ #
++ # clamav dropped CL_SCAN_HEURISTIC_ENCRYPTED in 0.101 replacing it with
++ # CL_SCAN_HEURISTIC_ENCRYPTED_ARCHIVE and CL_SCAN_HEURISTIC_ENCRYPTED_DOC
+ # restore flags / clamav tests
++ AC_MSG_CHECKING([for HAVE_CL_SCAN_OPTIONS in clamav.h])
++ AC_TRY_COMPILE(
++ [#include <clamav.h>],
++ [struct cl_scan_options CLAMSCAN_OPTIONS = { 0, 0, 0, 0, 0 };],
++ AC_DEFINE(HAVE_CL_SCAN_OPTIONS,1,[Define HAVE_CL_SCAN_OPTIONS if have clamav 0.101.x or newer])
++ AC_MSG_RESULT(yes),
++ AC_MSG_RESULT(no),
++ )
+ CFLAGS=$OLD_CFLAGS
+ fi # if test a"$clamav" = "ayes";
+
+diff --git a/services/virus_scan/clamav_mod.c b/services/virus_scan/clamav_mod.c
+index e860a93d2e22..9a886f9e62b5 100644
+--- a/services/virus_scan/clamav_mod.c
++++ b/services/virus_scan/clamav_mod.c
+@@ -123,7 +123,12 @@ struct virus_db {
+ #ifndef HAVE_LIBCLAMAV_095
+ struct cl_limits limits;
+ #endif
++
++#ifdef HAVE_CL_SCAN_OPTIONS
++struct cl_scan_options CLAMSCAN_OPTIONS;
++#else
+ unsigned int CLAMSCAN_OPTIONS = CL_SCAN_STDOPT;
++#endif
+
+ struct virus_db *virusdb = NULL;
+ struct virus_db *old_virusdb = NULL;
+@@ -186,6 +191,55 @@ int clamav_post_init(struct ci_server_conf *server_conf)
+ #endif
+
+ /*Build scan options*/
++#ifdef HAVE_CL_SCAN_OPTIONS
++ memset(&CLAMSCAN_OPTIONS, 1, sizeof(CLAMSCAN_OPTIONS));
++ CLAMSCAN_OPTIONS.parse = ~0;
++
++#if defined(CL_SCAN_HEURISTIC_ENCRYPTED_ARCHIVE)
++ if (CLAMAV_BLOCKENCRYPTED) {
++ CLAMSCAN_OPTIONS.general |= CL_SCAN_GENERAL_HEURISTICS;
++ CLAMSCAN_OPTIONS.heuristic |= CL_SCAN_HEURISTIC_ENCRYPTED_ARCHIVE;
++ CLAMSCAN_OPTIONS.heuristic |= CL_SCAN_HEURISTIC_ENCRYPTED_DOC;
++ }
++#endif
++
++#if defined(CL_SCAN_HEURISTIC_BROKEN)
++ if (CLAMAV_BLOCKBROKEN) {
++ CLAMSCAN_OPTIONS.general |= CL_SCAN_GENERAL_HEURISTICS;
++ CLAMSCAN_OPTIONS.heuristic |= CL_SCAN_HEURISTIC_BROKEN;
++ }
++#endif
++
++#if defined(CL_SCAN_GENERAL_HEURISTIC_PRECEDENCE)
++ if (CLAMAV_HEURISTIC_PRECEDENCE) {
++ CLAMSCAN_OPTIONS.general |= CL_SCAN_GENERAL_HEURISTICS;
++ CLAMSCAN_OPTIONS.heuristic |= CL_SCAN_GENERAL_HEURISTIC_PRECEDENCE;
++ }
++#endif
++
++#if defined(CL_SCAN_HEURISTIC_MACROS)
++ if (CLAMAV_BLOCKMACROS) {
++ CLAMSCAN_OPTIONS.general |= CL_SCAN_GENERAL_HEURISTICS;
++ CLAMSCAN_OPTIONS.heuristic |= CL_SCAN_HEURISTIC_MACROS;
++ }
++#endif
++
++#if defined(CL_SCAN_HEURISTIC_PHISHING_SSL_MISMATCH)
++ if (CLAMAV_PHISHING_BLOCKSSL) {
++ CLAMSCAN_OPTIONS.general |= CL_SCAN_GENERAL_HEURISTICS;
++ CLAMSCAN_OPTIONS.heuristic |= CL_SCAN_HEURISTIC_PHISHING_SSL_MISMATCH;
++ }
++#endif
++
++#if defined(CL_SCAN_HEURISTIC_PHISHING_CLOAK)
++ if (CLAMAV_PHISHING_BLOCKCLOAK) {
++ CLAMSCAN_OPTIONS.general |= CL_SCAN_GENERAL_HEURISTICS;
++ CLAMSCAN_OPTIONS.heuristic |= CL_SCAN_HEURISTIC_PHISHING_CLOAK;
++ }
++#endif
++
++#else /*!HAVE_CL_SCAN_OPTIONS*/
++
+ #if defined(CL_SCAN_BLOCKENCRYPTED)
+ if (CLAMAV_BLOCKENCRYPTED)
+ CLAMSCAN_OPTIONS |= CL_SCAN_BLOCKENCRYPTED;
+@@ -211,6 +265,8 @@ int clamav_post_init(struct ci_server_conf *server_conf)
+ CLAMSCAN_OPTIONS |= CL_SCAN_PHISHING_BLOCKCLOAK;
+ #endif
+
++#endif /*HAVE_CL_SCAN_OPTIONS*/
++
+ clamav_set_versions();
+ av_register_engine(&clamav_engine);
+ av_reload_istag();
+@@ -483,7 +539,11 @@ int clamav_scan_simple_file(ci_simple_file_t *body, av_virus_info_t *vinfo)
+ vinfo->virus_found = 0;
+ vdb = get_virusdb();
+ lseek(fd, 0, SEEK_SET);
+-#ifndef HAVE_LIBCLAMAV_095
++#if defined(HAVE_CL_SCAN_OPTIONS)
++ ret =
++ cl_scandesc(fd, NULL, &virname, &scanned_data, vdb,
++ &CLAMSCAN_OPTIONS);
++#elif !defined(HAVE_LIBCLAMAV_095)
+ ret =
+ cl_scandesc(fd, &virname, &scanned_data, vdb, &limits,
+ CLAMSCAN_OPTIONS);
+--
+2.11.0
+
diff -Nru c-icap-modules-0.4.4/debian/patches/series c-icap-modules-0.4.4/debian/patches/series
--- c-icap-modules-0.4.4/debian/patches/series 1970-01-01 01:00:00.000000000 +0100
+++ c-icap-modules-0.4.4/debian/patches/series 2019-03-10 21:59:27.000000000 +0100
@@ -0,0 +1 @@
+c-icap-modules-clamav-backport.patch
Reply to: