Latest upstream release: 0.99.3 Current version/release in rawhide: 0.99.2-18.fc28 URL: http://www.clamav.net/ Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from anitya: https://release-monitoring.org/project/291/
Skipping the scratch build because an SRPM could not be built: ['rpmbuild', '-D', '_sourcedir .', '-D', '_topdir .', '-bs', u'/var/tmp/thn-2XHWq_/clamav.spec'] returned 1: error: File ./clamav-0.99.3-norar.tar.xz: No such file or directory
This seems to be a rather critical update as it fixes several security issues: http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html An article by Heise (German only: https://www.heise.de/security/meldung/Jetzt-patchen-Angriffe-auf-Viren-Scanner-ClamAV-3951801.html) mentions that some flaws are being actively exploited. It would be nice to see a timely update, also for EPEL.
OK, my plan is push this ones [1] to stable before . Please give me some feedback that nothing is broken. Only this weekend I have spare time. Thanks, [1] https://bodhi.fedoraproject.org/updates/?search=clamav
That update works for me in combination with clamav-milter (where there is only the annoyance that SELinux prevents clamav-milter to bind to milter_t ports which I have fixed with a local override). Just updated Karma on Bodhi. However, just to avoid a misunderstanding: 0.99.2 which is on Bodhi does not fix the mentioned vulnerabilities.
yeah ,
I'll see if I can get 0.99.3 out soon.
*** Bug 1539041 has been marked as a duplicate of this bug. ***
clamav-0.99.3-1.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-685990fa70
clamav-0.99.3-1.el6 has been submitted as an update to Fedora EPEL 6. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-369a48191f
clamav-0.99.3-1.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-cb339851e7
Sergio, could you please explain why you simply merged the EPEL 7 packaging layout into the EPEL 6 package? Because so far, EPEL 6 clamav packages had a completely different packaging layout.
I have tested this version on EL7 and it's working fine (using clamav-milter). Thanks for the quick update!
(In reply to Robert Scheck from comment #11) > Sergio, could you please explain why you simply merged the EPEL 7 packaging > layout into the EPEL 6 package? Because so far, EPEL 6 clamav packages had a > completely different packaging layout. IIRC I had inform you that my intention in another bugzilla report, after we got this urgency, release version reset and I took the "opportunity" to change. I wanted merge repos because still some bugs out there to fix [1] and I want fix it in all releases . epel 6 have some different files and I'm studying it : clamav-milter.init clamav-milter.sysconfig clamav.init Also I'm checking if we need provides / obsoletes for el6 exactly because the change of the layout, meanwhile the package is only in testing repo, I hope . I'm doing what I think is the best, I had inform you and any suggestion / help is welcome . Best regards and thanks. [1] https://bugzilla.redhat.com/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=POST&bug_status=MODIFIED&bug_status=ON_DEV&bug_status=ON_QA&bug_status=VERIFIED&bug_status=RELEASE_PENDING&component=clamav&known_name=clamav&list_id=8348125&product=Fedora&product=Fedora%20EPEL&query_based_on=clamav&query_format=advanced
Related to a critical security update, I dislike the idea of changing the packaging layout at all. Aside of that you argumented that RHEL 6 goes EOL in < 1.5 years. So why not keeping the old layout for this time simply? It definitely doesn't make server admins happy to handle such changes now.
clamav-0.99.3-1.el6 has been pushed to the Fedora EPEL 6 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-369a48191f
clamav-0.99.3-1.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-685990fa70
RHEL 6 EOL is November 30, 2020 [1], all 2018 , 2019 and almost all 2020 , so EOL is > 2.5 , I will try reduce the impact. I had already all prepared, was not precipitation, if we haven't this security urgency, maybe update to el6 was delayed one or two months . And don't gave me more work, now all Fedora(s) and RHEL(s) will have same experience, so will be more well tested. Thanks [1] https://access.redhat.com/support/policy/updates/errata
clamav-0.99.3-1.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-cb339851e7
The changed package layout for EPEL 6 breaks dependencies for amavisd-new. $ yum info amavisd-new Name : amavisd-new Arch : noarch Version : 2.9.1 Release : 3.el6 Size : 3.0 M Repo : installed From repo : epel $ yum deplist amavisd-new | grep clam dependency: clamd provider: clamd.x86_64 0.99.2-3.el6 I haven't found a way to update to ClamAV 0.99.3. An updated version of amavisd-new doesn't exist in epel-testing.
clamav-0.99.3-1.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.
clamav-0.99.3-1.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report.
(In reply to Sergio Monteiro Basto from comment #17) > RHEL 6 EOL is November 30, 2020 [1], all 2018 , 2019 and almost all 2020 , > so EOL is > 2.5 , I will try reduce the impact. I had already all prepared, > was not precipitation, if we haven't this security urgency, maybe update to > el6 was delayed one or two months . And don't gave me more work, now all > Fedora(s) and RHEL(s) will have same experience, so will be more well tested. Anyway, breaking things like it is currently happening is IMHO not acceptable for EPEL. Do you have objections to revert to the old packaging layout for EPEL 6 to get the security fix ASAP out? The upgrade path to the new packaging layout seems not to be ready yet according to Bodhi karma and above comment.
hello , please wait a little bit , unfortunately I'm very busy , I'd like add provides / obsolete to el6 , or use same layout but in this spec , I think thing could be fixed very easily . we even could use same init script of el6 , but easily applicable on current spec , At least give me 24 hours ... Things are easy to fix testing with mock [1] error number 1 package clamd-0.99.2-3.el6.x86_64 requires clamav = 0.99.2-3.el6, but what provides "old" clamd ? clamav-scanner ? [1] mock -r epel-6-x86_64 --install "clamav*" mock -r epel-6-x86_64 --update "clamav*" --enablerepo=testing Problem 1: problem with installed package clamd-0.99.2-3.el6.x86_64 - package clamd-0.99.2-3.el6.x86_64 requires clamav = 0.99.2-3.el6, but none of the providers can be installed - clamav-0.99.2-3.el6.i686 has inferior architecture - cannot install both clamav-0.99.3-1.el6.x86_64 and clamav-0.99.2-3.el6.x86_64 - cannot install the best update candidate for package clamav-0.99.2-3.el6.x86_64 Problem 2: problem with installed package amavisd-new-2.9.1-3.el6.noarch - package amavisd-new-2.9.1-3.el6.noarch requires clamd, but none of the providers can be installed - package clamd-0.99.2-3.el6.x86_64 requires clamav = 0.99.2-3.el6, but none of the providers can be installed - package clamav-filesystem-0.99.3-1.el6.noarch conflicts with clamav < 0.99.3-1.el6 provided by clamav-0.99.2-3.el6.x86_64 - package clamav-filesystem-0.99.3-1.el6.noarch conflicts with clamav < 0.99.3-1.el6 provided by clamav-0.99.2-3.el6.i686 - package clamav-devel-0.99.3-1.el6.x86_64 requires clamav-filesystem = 0.99.3-1.el6, but none of the providers can be installed - cannot install the best update candidate for package clamav-devel-0.99.2-3.el6.x86_64 (try to add '--allowerasing' to command line to replace conflicting packages or '--skip-broken' to skip uninstallable packages) next testing amavisd-new mock -r epel-6-x86_64 --install amavisd-new mock -r epel-6-x86_64 --update --enablerepo=testing Error: Problem 1: clamav-0.99.2-3.el6.i686 has inferior architecture - package clamd-0.99.2-3.el6.x86_64 requires clamav = 0.99.2-3.el6, but none of the providers can be installed - cannot install both clamav-0.99.3-1.el6.x86_64 and clamav-0.99.2-3.el6.x86_64 - cannot install the best update candidate for package clamd-0.99.2-3.el6.x86_64 - cannot install the best update candidate for package clamav-0.99.2-3.el6.x86_64 Problem 2: package amavisd-new-2.9.1-3.el6.noarch requires clamd, but none of the providers can be installed - package clamd-0.99.2-3.el6.x86_64 requires clamav = 0.99.2-3.el6, but none of the providers can be installed - package clamav-filesystem-0.99.3-1.el6.noarch conflicts with clamav < 0.99.3-1.el6 provided by clamav-0.99.2-3.el6.x86_64 - package clamav-filesystem-0.99.3-1.el6.noarch conflicts with clamav < 0.99.3-1.el6 provided by clamav-0.99.2-3.el6.i686 - package clamav-devel-0.99.3-1.el6.x86_64 requires clamav-filesystem = 0.99.3-1.el6, but none of the providers can be installed - cannot install the best update candidate for package clamav-devel-0.99.2-3.el6.x86_64 - cannot install the best update candidate for package amavisd-new-2.9.1-3.el6.noarch Problem 3: problem with installed package clamd-0.99.2-3.el6.x86_64 - package clamd-0.99.2-3.el6.x86_64 requires clamav = 0.99.2-3.el6, but none of the providers can be installed - package clamav-filesystem-0.99.3-1.el6.noarch conflicts with clamav < 0.99.3-1.el6 provided by clamav-0.99.2-3.el6.x86_64 - package clamav-filesystem-0.99.3-1.el6.noarch conflicts with clamav < 0.99.3-1.el6 provided by clamav-0.99.2-3.el6.i686 - package clamav-milter-0.99.3-1.el6.x86_64 requires group(virusgroup), but none of the providers can be installed - cannot install the best update candidate for package clamav-milter-0.99.2-3.el6.x86_64 (try to add '--allowerasing' to command line to replace conflicting packages or '--skip-broken' to skip uninstallable packages)
Hello , sorry I give up , before next week is impossible , and I'm sorry though that specs be a little more similar ... 2 big problems 1- cat /etc/passwd | grep clam clamupdate:x:492:479:Clamav database update user:/var/lib/clamav:/sbin/nologin clamscan:x:483:461::/:/sbin/nologin clamilt:x:438:401:Clamav Milter user:/var/run/clamav-milter:/sbin/nologin vs cat /etc/passwd | grep clam clam:x:499:462:Clam Anti Virus Checker:/var/lib/clamav:/sbin/nologin clam-update:x:498:461:clamav-unofficial-sigs user account:/var/lib/clamav-unofficial-sigs:/bin/bash 2- This gives errors like [LibClamAV] cli_loadldb: logical signature for Win.Trojan.ssid18332-1 uses PCREs but support is disabled, skipping when a scan is run. This is a regression as clamconf | grep Optional gives Optional features supported: MEMPOOL IPv6 AUTOIT_EA06 BZIP2 LIBXML2 ICONV JIT for this version but clamav-0.99.2-2.el6 gave Optional features supported: MEMPOOL IPv6 AUTOIT_EA06 BZIP2 LIBXML2 PCRE ICONV JIT
Hello , First I'm deeply sorry for this mess . I'm thinking remove sub-packages , sysvinit , upstart, systemd to be more compatible with el6 . Second thing is copy from el6 to master the sysvinit scripts ...
Please don't. No need to confuse users of systemd systems with unnecessary scripts. I think the best way to resolve this is to acknowledge that el6 has to stay separate and different from the other branches. After all, that is something branches in git handle very well. Maybe someone still relying on el6 can step in and help?
(In reply to Tim Niemueller from comment #26) > Please don't. No need to confuse users of systemd systems with unnecessary > scripts. NAK, Nobody packs systemd in a sub-package (almost), clamav-server-systemd and others packages have only file [1], for me the confuse is not have clamav-scanner-systemd when I install clamav-scanner [1] rpm -ql clamav-server-systemd /usr/lib/systemd/system/clamd@.service rpm -ql clamav-milter-systemd /usr/lib/systemd/system/clamav-milter.service rpm -ql clamav-scanner-systemd usr/lib/systemd/system/clamd
Fair enough. But also installing SysV is just error-prone and confusing. The sane way would be to package systemd files on el7 and Fedora, and SysV init on el6.
Severity of this bug being urgent, what kind of timeline can we look for the fix being available in epel for the el6 package?
(In reply to Tim Niemueller from comment #28) > Fair enough. But also installing SysV is just error-prone and confusing. The > sane way would be to package systemd files on el7 and Fedora, and SysV init > on el6. yeah I'm observe more errors in main clamav.spec , systemd-tmpfiles have to be exclusive for systemd and not without systemd , but tmpfiles are in main packages , is an error . Now other problem , clamav-scanner and clamav-server , old el6 package [1] obsolete them and IMHO it is the correct clamav-scanner package it is a little stange [2] . So I will drop server and scanner in favor of clamd , also sysv files from el6 seems more correct the work already done [3] [1] https://koji.fedoraproject.org/koji/rpminfo?rpmID=12188240 [2] https://koji.fedoraproject.org/koji/rpminfo?rpmID=12908851 [3] https://src.fedoraproject.org/rpms/clamav/c/5491d97aceda628aa23cca34147c3e6d9db8571d?branch=master
Hello , I'm reverting clamav el6 to old state , I found many issues to fix . So I prefer revert el6 to old state , fix all issues with some time , and maybe one day try again using master branch on el6 I'm just testing the build before commit ... Thanks
clamav-0.99.3-8.el6 has been submitted as an update to Fedora EPEL 6. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-be69c94866
clamav-0.99.3-8.el6 has been pushed to the Fedora EPEL 6 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-be69c94866
clamav-0.99.3-8.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.