Bug 1518016

Summary: the jitoff patch is no longer needed and should be removed
Product: [Fedora] Fedora EPEL Reporter: James Ralston <ralston>
Component: clamavAssignee: Robert Scheck <redhat-bugzilla>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: epel7CC: bennie.joubert, gbcox, janfrode, j, ondrejj, orion, redhat-bugzilla, rh-bugzilla, sergio, steve
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: clamav-0.99.2-18.fc27 clamav-0.99.2-18.fc26 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-01-25 07:15:19 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description James Ralston 2017-11-27 22:09:11 UTC 
The jitoff patch was originally added way back when clamav first started using the JIT for bytecode, and did not gracefully handle the case when SELinux denied the execmem ability.

This patch is not needed for any recent version of clamav, because recent clamav versions default to "Auto" for BytecodeMode. (In Auto mode, clamav will use the JIT if execmem is permitted; otherwise, it will fall back to the interpreter.) The value of the antivirus_use_jit SELinux boolean will determine whether clamav can use execmem.

Furthermore, the patch is broken, because it is inconsistent. Specifically, it's missing this required change to libclamav/others.c:

diff -up clamav-0.99.2/libclamav/others.c.jitoff clamav-0.99.2/libclamav/others.c
--- clamav-0.99.2/libclamav/others.c.jitoff	2016-04-22 11:02:19.000000000 -0400
+++ clamav-0.99.2/libclamav/others.c	2017-11-27 16:52:25.402299617 -0500
@@ -344,7 +344,7 @@ struct cl_engine *cl_engine_new(void)
     new->bytecode_security = CL_BYTECODE_TRUST_SIGNED;
     /* 5 seconds timeout */
     new->bytecode_timeout = 60000;
-    new->bytecode_mode = CL_BYTECODE_MODE_AUTO;
+    new->bytecode_mode = CL_BYTECODE_MODE_INTERPRETER;
     new->refcount = 1;
     new->ac_only = 0;
     new->ac_mindepth = CLI_DEFAULT_AC_MINDEPTH;

Because the patch doesn't change the clamav engine default for bytecode_mode within libclamav, and because freshclam doesn't go through optparser when it instantiates a new engine, freshclam always uses Auto for ByteCodeMode, but clam/clamd default to ForceInterpreter for ByteCodeMode. This is both inconsistent and confusing.

If this patch is going to be retained, it should be updated so that it consistently defaults ByteCodeMode to ForceInterpreter, regardless of how the clamav engine is instantiated.

But again, I think the best solution here is to remove the patch entirely:

1. The upstream package should only be patched as part of the build process when it is clearly and compelling necessary.
2. This patch is no longer necessary for any recent version of clamav.
3. The patch produces inconsistent behavior.
Comment 1 Sergio Basto 2018-01-04 16:11:06 UTC 
you are saying drop clamav-0.99.1-jitoff.patch ?
Comment 2 Fedora Update System 2018-01-05 13:29:41 UTC 
clamav-0.99.2-14.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-5c735626b3
Comment 3 Fedora Update System 2018-01-05 16:35:11 UTC 
clamav-0.99.2-14.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2018-84398a7cff
Comment 4 Fedora Update System 2018-01-06 15:33:19 UTC 
clamav-0.99.2-14.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-713df7476e
Comment 5 Fedora Update System 2018-01-06 20:54:18 UTC 
clamav-0.99.2-14.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-84398a7cff
Comment 6 James Ralston 2018-01-06 21:07:53 UTC 
(In reply to Sergio Monteiro Basto from comment #1)
> you are saying drop clamav-0.99.1-jitoff.patch ?

Yes, exactly.
Comment 7 Fedora Update System 2018-01-06 21:09:34 UTC 
clamav-0.99.2-14.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-5c735626b3
Comment 8 Fedora Update System 2018-01-06 23:30:44 UTC 
clamav-0.99.2-14.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-713df7476e
Comment 9 Fedora Update System 2018-01-09 02:22:49 UTC 
clamav-0.99.2-15.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-546d6f3abc
Comment 10 Fedora Update System 2018-01-09 17:44:14 UTC 
clamav-0.99.2-15.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-546d6f3abc
Comment 11 Fedora Update System 2018-01-10 00:14:36 UTC 
clamav-0.99.2-16.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-546d6f3abc
Comment 12 Fedora Update System 2018-01-10 16:13:29 UTC 
clamav-0.99.2-16.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-546d6f3abc
Comment 13 Fedora Update System 2018-01-12 02:52:57 UTC 
clamav-0.99.2-17.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-e5e5ec6ca2
Comment 14 Fedora Update System 2018-01-12 02:53:16 UTC 
clamav-0.99.2-17.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2018-107dd0492c
Comment 15 Fedora Update System 2018-01-12 02:54:04 UTC 
clamav-0.99.2-17.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-1713497ca1
Comment 16 Fedora Update System 2018-01-12 15:14:02 UTC 
clamav-0.99.2-17.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-1713497ca1
Comment 17 Fedora Update System 2018-01-12 15:28:03 UTC 
clamav-0.99.2-17.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-107dd0492c
Comment 18 Fedora Update System 2018-01-12 15:52:34 UTC 
clamav-0.99.2-17.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-e5e5ec6ca2
Comment 19 Fedora Update System 2018-01-17 21:38:34 UTC 
clamav-0.99.2-18.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-2a1f469c85
Comment 20 Fedora Update System 2018-01-17 21:39:24 UTC 
clamav-0.99.2-18.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2018-a86bad9689
Comment 21 Fedora Update System 2018-01-17 21:39:57 UTC 
clamav-0.99.2-18.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-11ba3bced1
Comment 22 Fedora Update System 2018-01-18 00:31:58 UTC 
clamav-0.99.2-18.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-11ba3bced1
Comment 23 Fedora Update System 2018-01-18 01:18:29 UTC 
clamav-0.99.2-18.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-a86bad9689
Comment 24 Fedora Update System 2018-01-18 02:12:38 UTC 
clamav-0.99.2-18.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-2a1f469c85
Comment 25 Fedora Update System 2018-01-25 07:15:19 UTC 
clamav-0.99.2-18.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report.
Comment 26 Fedora Update System 2018-01-26 17:56:23 UTC 
clamav-0.99.2-18.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.