Bug#935368: stretch-pu: package c-icap-modules/0.4.4-1+deb9u1

To: submit@bugs.debian.org
Subject: Bug#935368: stretch-pu: package c-icap-modules/0.4.4-1+deb9u1
From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date: Thu, 22 Aug 2019 00:26:20 +0200
Message-id: <[🔎] 20190821222616.7dpg4h2bs6r7z2ib@flow>
Reply-to: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>, 935368@bugs.debian.org

Package: release.debian.org
User: release.debian.org@packages.debian.org
Usertags: pu
Tags: stretch
Severity: normal

Please find attached the proposed update to c-icap-modules for Stretch as
part of the clamav transition, #924278.

Sebastian

diff -Nru c-icap-modules-0.4.4/debian/changelog c-icap-modules-0.4.4/debian/changelog
--- c-icap-modules-0.4.4/debian/changelog	2016-10-09 21:29:45.000000000 +0200
+++ c-icap-modules-0.4.4/debian/changelog	2019-03-10 22:00:14.000000000 +0100
@@ -1,3 +1,10 @@
+c-icap-modules (1:0.4.4-1+deb9u1) stretch; urgency=medium
+
+  * Non-maintainer upload.
+  * Add support for clamav 0.101.1 (Closes: #919814).
+
+ -- Sebastian Andrzej Siewior <sebastian@breakpoint.cc>  Sun, 10 Mar 2019 22:00:14 +0100
+
 c-icap-modules (1:0.4.4-1) unstable; urgency=medium
 
   * New upstream release
diff -Nru c-icap-modules-0.4.4/debian/control c-icap-modules-0.4.4/debian/control
--- c-icap-modules-0.4.4/debian/control	2016-10-09 21:29:45.000000000 +0200
+++ c-icap-modules-0.4.4/debian/control	2019-03-10 22:00:14.000000000 +0100
@@ -2,7 +2,7 @@
 Section: net
 Priority: extra
 Maintainer: Mathieu Parent <sathieu@debian.org>
-Build-Depends: debhelper (>= 9~), autotools-dev, libicapapi-dev (>=1:0.4.1~), libclamav-dev, libltdl-dev | libltdl3-dev, libdb-dev, dh-autoreconf
+Build-Depends: debhelper (>= 9~), autotools-dev, libicapapi-dev (>=1:0.4.1~), libclamav-dev (>= 0.101.1), libltdl-dev | libltdl3-dev, libdb-dev, dh-autoreconf
 Standards-Version: 3.9.8
 Homepage: http://c-icap.sourceforge.net/
 Vcs-Git: https://anonscm.debian.org/git/collab-maint/c-icap-modules.git
diff -Nru c-icap-modules-0.4.4/debian/patches/c-icap-modules-clamav-backport.patch c-icap-modules-0.4.4/debian/patches/c-icap-modules-clamav-backport.patch
--- c-icap-modules-0.4.4/debian/patches/c-icap-modules-clamav-backport.patch	1970-01-01 01:00:00.000000000 +0100
+++ c-icap-modules-0.4.4/debian/patches/c-icap-modules-clamav-backport.patch	2019-03-10 21:59:09.000000000 +0100
@@ -0,0 +1,131 @@
+From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
+Date: Sat, 19 Jan 2019 21:12:25 +0100
+Subject: [PATCH] backport clamav changes from 0.5.3
+
+---
+ configure.ac                     | 12 ++++++++
+ services/virus_scan/clamav_mod.c | 62 +++++++++++++++++++++++++++++++++++++++-
+ 2 files changed, 73 insertions(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index 6d01fad8e47b..df5060941b7b 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -187,7 +187,19 @@ if test a"$clamav" = "ayes"; then
+     AC_DEFINE(HAVE_LIBCLAMAV_095,1,[Define HAVE_LIBCLAMAV_095 if have clamav 0.95.x or newer])
+     AC_MSG_RESULT(yes),
+     )
++
++    #
++    # clamav dropped CL_SCAN_HEURISTIC_ENCRYPTED in 0.101 replacing it with
++    # CL_SCAN_HEURISTIC_ENCRYPTED_ARCHIVE and CL_SCAN_HEURISTIC_ENCRYPTED_DOC
+     # restore flags  / clamav tests
++    AC_MSG_CHECKING([for HAVE_CL_SCAN_OPTIONS in clamav.h])
++    AC_TRY_COMPILE(
++    [#include <clamav.h>],
++    [struct cl_scan_options CLAMSCAN_OPTIONS = { 0, 0, 0, 0, 0 };],
++    AC_DEFINE(HAVE_CL_SCAN_OPTIONS,1,[Define HAVE_CL_SCAN_OPTIONS if have clamav 0.101.x or newer])
++    AC_MSG_RESULT(yes),
++    AC_MSG_RESULT(no),
++    )
+     CFLAGS=$OLD_CFLAGS
+ fi # if test a"$clamav" = "ayes";
+ 
+diff --git a/services/virus_scan/clamav_mod.c b/services/virus_scan/clamav_mod.c
+index e860a93d2e22..9a886f9e62b5 100644
+--- a/services/virus_scan/clamav_mod.c
++++ b/services/virus_scan/clamav_mod.c
+@@ -123,7 +123,12 @@ struct virus_db {
+ #ifndef HAVE_LIBCLAMAV_095
+ struct cl_limits limits;
+ #endif
++
++#ifdef HAVE_CL_SCAN_OPTIONS
++struct cl_scan_options CLAMSCAN_OPTIONS;
++#else
+ unsigned int CLAMSCAN_OPTIONS = CL_SCAN_STDOPT;
++#endif
+ 
+ struct virus_db *virusdb = NULL;
+ struct virus_db *old_virusdb = NULL;
+@@ -186,6 +191,55 @@ int clamav_post_init(struct ci_server_conf *server_conf)
+ #endif
+ 
+      /*Build scan options*/
++#ifdef HAVE_CL_SCAN_OPTIONS
++     memset(&CLAMSCAN_OPTIONS, 1, sizeof(CLAMSCAN_OPTIONS));
++     CLAMSCAN_OPTIONS.parse = ~0;
++
++#if defined(CL_SCAN_HEURISTIC_ENCRYPTED_ARCHIVE)
++     if (CLAMAV_BLOCKENCRYPTED) {
++         CLAMSCAN_OPTIONS.general |= CL_SCAN_GENERAL_HEURISTICS;
++         CLAMSCAN_OPTIONS.heuristic |= CL_SCAN_HEURISTIC_ENCRYPTED_ARCHIVE;
++         CLAMSCAN_OPTIONS.heuristic |= CL_SCAN_HEURISTIC_ENCRYPTED_DOC;
++     }
++#endif
++
++#if defined(CL_SCAN_HEURISTIC_BROKEN)
++     if (CLAMAV_BLOCKBROKEN) {
++         CLAMSCAN_OPTIONS.general |= CL_SCAN_GENERAL_HEURISTICS;
++         CLAMSCAN_OPTIONS.heuristic |= CL_SCAN_HEURISTIC_BROKEN;
++     }
++#endif
++
++#if defined(CL_SCAN_GENERAL_HEURISTIC_PRECEDENCE)
++     if (CLAMAV_HEURISTIC_PRECEDENCE) {
++         CLAMSCAN_OPTIONS.general |= CL_SCAN_GENERAL_HEURISTICS;
++         CLAMSCAN_OPTIONS.heuristic |= CL_SCAN_GENERAL_HEURISTIC_PRECEDENCE;
++     }
++#endif
++
++#if defined(CL_SCAN_HEURISTIC_MACROS)
++     if (CLAMAV_BLOCKMACROS) {
++         CLAMSCAN_OPTIONS.general |= CL_SCAN_GENERAL_HEURISTICS;
++         CLAMSCAN_OPTIONS.heuristic |= CL_SCAN_HEURISTIC_MACROS;
++     }
++#endif
++
++#if defined(CL_SCAN_HEURISTIC_PHISHING_SSL_MISMATCH)
++     if (CLAMAV_PHISHING_BLOCKSSL) {
++         CLAMSCAN_OPTIONS.general |= CL_SCAN_GENERAL_HEURISTICS;
++         CLAMSCAN_OPTIONS.heuristic |= CL_SCAN_HEURISTIC_PHISHING_SSL_MISMATCH;
++     }
++#endif
++
++#if defined(CL_SCAN_HEURISTIC_PHISHING_CLOAK)
++     if (CLAMAV_PHISHING_BLOCKCLOAK) {
++         CLAMSCAN_OPTIONS.general |= CL_SCAN_GENERAL_HEURISTICS;
++         CLAMSCAN_OPTIONS.heuristic |= CL_SCAN_HEURISTIC_PHISHING_CLOAK;
++     }
++#endif
++
++#else /*!HAVE_CL_SCAN_OPTIONS*/
++
+ #if defined(CL_SCAN_BLOCKENCRYPTED)
+      if (CLAMAV_BLOCKENCRYPTED)
+          CLAMSCAN_OPTIONS |= CL_SCAN_BLOCKENCRYPTED;
+@@ -211,6 +265,8 @@ int clamav_post_init(struct ci_server_conf *server_conf)
+          CLAMSCAN_OPTIONS |= CL_SCAN_PHISHING_BLOCKCLOAK;
+ #endif
+ 
++#endif /*HAVE_CL_SCAN_OPTIONS*/
++
+      clamav_set_versions();
+      av_register_engine(&clamav_engine);
+      av_reload_istag();
+@@ -483,7 +539,11 @@ int clamav_scan_simple_file(ci_simple_file_t *body, av_virus_info_t *vinfo)
+     vinfo->virus_found = 0;
+      vdb = get_virusdb();
+      lseek(fd, 0, SEEK_SET);
+-#ifndef HAVE_LIBCLAMAV_095
++#if defined(HAVE_CL_SCAN_OPTIONS)
++     ret =
++         cl_scandesc(fd, NULL, &virname, &scanned_data, vdb,
++                     &CLAMSCAN_OPTIONS);
++#elif !defined(HAVE_LIBCLAMAV_095)
+      ret =
+          cl_scandesc(fd, &virname, &scanned_data, vdb, &limits,
+                      CLAMSCAN_OPTIONS);
+-- 
+2.11.0
+
diff -Nru c-icap-modules-0.4.4/debian/patches/series c-icap-modules-0.4.4/debian/patches/series
--- c-icap-modules-0.4.4/debian/patches/series	1970-01-01 01:00:00.000000000 +0100
+++ c-icap-modules-0.4.4/debian/patches/series	2019-03-10 21:59:27.000000000 +0100
@@ -0,0 +1 @@
+c-icap-modules-clamav-backport.patch

Reply to:

Follow-Ups:
- Bug#935368: c-icap-modules 0.4.4-1+deb9u1 flagged for acceptance
  - From: Adam D Barratt <adam@adam-barratt.org.uk>

Prev by Date: Bug#935367: stretch-pu: package python-clamav/0.4.1-8+deb9u1
Next by Date: Bug#935369: stretch-pu: package libclamunrar/0.101.2-0+deb9u1
Previous by thread: Processed: python-clamav 0.4.1-8+deb9u1 flagged for acceptance
Next by thread: Bug#935368: c-icap-modules 0.4.4-1+deb9u1 flagged for acceptance
Index(es):
- Date
- Thread