Ubuntu
clamav package

Merge ~lucaskanashiro/ubuntu/+source/clamav:focal-merge into ubuntu/+source/clamav:debian/sid

  1. Git
  2. lp:~lucaskanashiro/ubuntu/+source/clamav
  3. focal-merge
  4. Merge into debian/sid
Proposed by Lucas Kanashiro
Status: Merged
Approved by: Andreas Hasenack
Approved revision: fce6a19e0f2b19043381b6ca2cb8946b7a298d17
Merge reported by: Andreas Hasenack
Merged at revision: fce6a19e0f2b19043381b6ca2cb8946b7a298d17
Proposed branch: ~lucaskanashiro/ubuntu/+source/clamav:focal-merge
Merge into: ubuntu/+source/clamav:debian/sid
Diff against target: 194 lines (+125/-1)
4 files modified
debian/changelog (+66/-0)
debian/control (+2/-1)
debian/patches/Deprecate-unused-options-instead-of-removing-it.patch (+56/-0)
debian/patches/series (+1/-0)
Reviewer Review Type Date Requested Status
Andreas Hasenack Approve
Christian Ehrhardt  Pending
Canonical Server Pending
Review via email: mp+377951@code.launchpad.net

Description of the change

Merge version 0.102.1+dfsg-2 from Debian. In this version, the maintainer did the following:

  * Add the clamonacc binary to the clamav-daemon package.
  * Drop ScanOnAccess option. The clamonacc provides this functionality.

Our delta kept the same:

    - clamav-daemon may fail to start due to options removed in new version
      and manually edited configuration file. (LP #1783632)
      + debian/patches/Deprecate-unused-options-instead-of-removing-it.patch:
        add patch from Debian stretch to simply warn about removed options.

It built fine in all architectures in my PPA:

https://launchpad.net/~lucaskanashiro/+archive/ubuntu/focal-clamav-merge-3.49.1-1

And the DEP-8 tests are also passing:

autopkgtest [14:03:53]: @@@@@@@@@@@@@@@@@@@@ summary
clamd PASS
client PASS
milter PASS

To post a comment you must log in.
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Taking a look

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Can you find out what was the last ubuntu release which shipped an upstream clamav that still supported those options we are deprecating (instead of removing) via Deprecate-unused-options-instead-of-removing-it.patch? Just so we know when we can drop it.

review: Needs Information
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Also please try this clamav version with those options set, see what happens. If they work with a deprecation warning, or if things explode.

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

The merge machinery itself is correct, so let's just see for how long we have to carry that patch still (or if we could even drop it already).

Revision history for this message
Lucas Kanashiro (lucaskanashiro) wrote :

> Can you find out what was the last ubuntu release which shipped an upstream
> clamav that still supported those options we are deprecating (instead of
> removing) via Deprecate-unused-options-instead-of-removing-it.patch? Just so
> we know when we can drop it.

According to the information in the bug report (https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1783632) those options were dropped by upstream in version 0.100.0. As you can see below, the version 0.99.4 was shipped in bionic but later it was fixed via security/updates. So if for some reason an user doesn't have security/updates enabled in their system, they were not warned about the removal of those features.

$ rmadison clamav
...
 clamav | 0.99.4+addedllvm-0ubuntu1 | bionic | source, amd64, arm64, armhf, i386, ppc64el, s390x
 clamav | 0.100.3+dfsg-0ubuntu0.14.04.1 | trusty-security | source, amd64, arm64, armhf, i386, powerpc, ppc64el
 clamav | 0.100.3+dfsg-0ubuntu0.14.04.1 | trusty-updates | source, amd64, arm64, armhf, i386, powerpc, ppc64el
 clamav | 0.100.3+dfsg-0ubuntu1 | disco | source, amd64, arm64, armhf, i386, ppc64el, s390x
 clamav | 0.101.4+dfsg-1ubuntu1 | eoan | source, amd64, arm64, armhf, i386, ppc64el, s390x
 clamav | 0.102.1+dfsg-0ubuntu0.16.04.2 | xenial-security | source, amd64, arm64, armhf, i386, powerpc, ppc64el, s390x
 clamav | 0.102.1+dfsg-0ubuntu0.16.04.2 | xenial-updates | source, amd64, arm64, armhf, i386, powerpc, ppc64el, s390x
 clamav | 0.102.1+dfsg-0ubuntu0.18.04.2 | bionic-security | source, amd64, arm64, armhf, i386, ppc64el, s390x
 clamav | 0.102.1+dfsg-0ubuntu0.18.04.2 | bionic-updates | source, amd64, arm64, armhf, i386, ppc64el, s390x
 clamav | 0.102.1+dfsg-0ubuntu0.19.04.2 | disco-security | source, amd64, arm64, armhf, i386, ppc64el, s390x
 clamav | 0.102.1+dfsg-0ubuntu0.19.04.2 | disco-updates | source, amd64, arm64, armhf, i386, ppc64el, s390x
 clamav | 0.102.1+dfsg-0ubuntu0.19.10.2 | eoan-security | source, amd64, arm64, armhf, i386, ppc64el, s390x
 clamav | 0.102.1+dfsg-0ubuntu0.19.10.2 | eoan-updates | source, amd64, arm64, armhf, i386, ppc64el, s390x
 clamav | 0.102.1+dfsg-1ubuntu1 | focal | source, amd64, arm64, armhf, ppc64el, s390x

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

And what does it look like in the logs when you use one of these options?

Revision history for this message
Lucas Kanashiro (lucaskanashiro) wrote :

It looks like as expected. I tested only one option and it works and the user is warned about the deprecation. I added "StatsEnabled true" at the of /etc/clamav/clamd.conf and when the clamd is executed the user get this message:

WARNING: Ignoring deprecated option StatsEnabled at /etc/clamav/clamd.conf:88

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

So this patch is already present in the bionic updates. I'm wondering if we can just drop it now.

@paelzer, you always have me check for when patches can be dropped, what do you think? It's debian/patches/Deprecate-unused-options-instead-of-removing-it.patch and we have it in bionic updates and security already, just not in bionic release. That should have been enough warning? Or should we keep it in focal?

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Sorry, added the comment before adding a review slot for Christian.

@paelzer, could you please take a look as to whether we can drop this delta, given my comment just above?

The impact is, if the user still has one of these options, clamd will fail to start, i.e., package upgrades would likely fail with a postinst error.

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Thanks, +1. Sponsoring fce6a19e0f2b19043381b6ca2cb8946b7a298d17

review: Approve
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

$ git push pkg upload/0.102.1+dfsg-2ubuntu1
Enumerating objects: 25, done.
Counting objects: 100% (25/25), done.
Delta compression using up to 4 threads
Compressing objects: 100% (18/18), done.
Writing objects: 100% (19/19), 4.45 KiB | 227.00 KiB/s, done.
Total 19 (delta 13), reused 1 (delta 1)
To ssh://git.launchpad.net/~usd-import-team/ubuntu/+source/clamav
 * [new tag] upload/0.102.1+dfsg-2ubuntu1 -> upload/0.102.1+dfsg-2ubuntu1

$ dput ubuntu ../clamav_0.102.1+dfsg-2ubuntu1_source.changes
Checking signature on .changes
gpg: ../clamav_0.102.1+dfsg-2ubuntu1_source.changes: Valid signature from AC983EB5BF6BCBA9
Checking signature on .dsc
gpg: ../clamav_0.102.1+dfsg-2ubuntu1.dsc: Valid signature from AC983EB5BF6BCBA9
Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading clamav_0.102.1+dfsg-2ubuntu1.dsc: done.
  Uploading clamav_0.102.1+dfsg.orig.tar.xz: done.
  Uploading clamav_0.102.1+dfsg-2ubuntu1.debian.tar.xz: done.
  Uploading clamav_0.102.1+dfsg-2ubuntu1_source.buildinfo: done.
  Uploading clamav_0.102.1+dfsg-2ubuntu1_source.changes: done.
Successfully uploaded packages.

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

This migrated into focal release.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index 85b6b14..edb7a61 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,13 @@
6+clamav (0.102.1+dfsg-2ubuntu1) focal; urgency=medium
7+
8+ * Merge with Debian unstable. Remaining changes:
9+ - clamav-daemon may fail to start due to options removed in new version
10+ and manually edited configuration file. (LP #1783632)
11+ + debian/patches/Deprecate-unused-options-instead-of-removing-it.patch:
12+ add patch from Debian stretch to simply warn about removed options.
13+
14+ -- Lucas Kanashiro <lucas.kanashiro@canonical.com> Wed, 22 Jan 2020 09:37:47 -0300
15+
16 clamav (0.102.1+dfsg-2) unstable; urgency=medium
17
18 * Add the clamonacc binary to the clamav-daemon package.
19@@ -5,6 +15,16 @@ clamav (0.102.1+dfsg-2) unstable; urgency=medium
20
21 -- Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Mon, 23 Dec 2019 20:54:21 +0100
22
23+clamav (0.102.1+dfsg-1ubuntu1) focal; urgency=medium
24+
25+ * Merge with Debian unstable. Remaining changes:
26+ - clamav-daemon may fail to start due to options removed in new version
27+ and manually edited configuration file. (LP #1783632)
28+ + debian/patches/Deprecate-unused-options-instead-of-removing-it.patch:
29+ add patch from Debian stretch to simply warn about removed options.
30+
31+ -- Lucas Kanashiro <lucas.kanashiro@canonical.com> Thu, 05 Dec 2019 18:01:14 -0300
32+
33 clamav (0.102.1+dfsg-1) unstable; urgency=medium
34
35 * Import 0.102.1 (Closes: #945265)
36@@ -16,6 +36,16 @@ clamav (0.102.1+dfsg-1) unstable; urgency=medium
37
38 -- Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Sat, 30 Nov 2019 19:22:15 +0100
39
40+clamav (0.101.4+dfsg-1ubuntu1) eoan; urgency=low
41+
42+ * Merge from Debian unstable. Remaining changes:
43+ - clamav-daemon may fail to start due to options removed in new version
44+ and manually edited configuration file. (LP #1783632)
45+ + debian/patches/Deprecate-unused-options-instead-of-removing-it.patch:
46+ add patch from Debian stretch to simply warn about removed options.
47+
48+ -- Gianfranco Costamagna <locutusofborg@debian.org> Sun, 25 Aug 2019 23:25:27 +0200
49+
50 clamav (0.101.4+dfsg-1) unstable; urgency=medium
51
52 * Import 0.101.4
53@@ -27,6 +57,16 @@ clamav (0.101.4+dfsg-1) unstable; urgency=medium
54
55 -- Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Sun, 25 Aug 2019 12:38:25 +0200
56
57+clamav (0.101.2+dfsg-3ubuntu1) eoan; urgency=low
58+
59+ * Merge from Debian unstable. Remaining changes:
60+ - clamav-daemon may fail to start due to options removed in new version
61+ and manually edited configuration file. (LP #1783632)
62+ + debian/patches/Deprecate-unused-options-instead-of-removing-it.patch:
63+ add patch from Debian stretch to simply warn about removed options.
64+
65+ -- Gianfranco Costamagna <locutusofborg@debian.org> Wed, 07 Aug 2019 08:54:47 +0200
66+
67 clamav (0.101.2+dfsg-3) unstable; urgency=medium
68
69 * Cherry-pick a fix from 0.101.3 to address a vulnerability to
70@@ -34,6 +74,16 @@ clamav (0.101.2+dfsg-3) unstable; urgency=medium
71
72 -- Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Tue, 06 Aug 2019 21:42:06 +0200
73
74+clamav (0.101.2+dfsg-2ubuntu1) eoan; urgency=low
75+
76+ * Merge from Debian unstable. Remaining changes:
77+ - clamav-daemon may fail to start due to options removed in new version
78+ and manually edited configuration file. (LP #1783632)
79+ + debian/patches/Deprecate-unused-options-instead-of-removing-it.patch:
80+ add patch from Debian stretch to simply warn about removed options.
81+
82+ -- Gianfranco Costamagna <locutusofborg@debian.org> Sat, 03 Aug 2019 10:20:31 +0200
83+
84 clamav (0.101.2+dfsg-2) unstable; urgency=medium
85
86 * Remove python from build-depends:
87@@ -43,6 +93,22 @@ clamav (0.101.2+dfsg-2) unstable; urgency=medium
88
89 -- Scott Kitterman <scott@kitterman.com> Fri, 02 Aug 2019 09:20:43 -0400
90
91+clamav (0.101.2+dfsg-1ubuntu2) eoan; urgency=medium
92+
93+ * Rebuild against new libjson-c4.
94+
95+ -- Gianfranco Costamagna <locutusofborg@debian.org> Sat, 29 Jun 2019 13:48:24 +0200
96+
97+clamav (0.101.2+dfsg-1ubuntu1) eoan; urgency=medium
98+
99+ * Sync with Debian. Remaining change:
100+ - clamav-daemon may fail to start due to options removed in new version
101+ and manually edited configuration file. (LP #1783632)
102+ + debian/patches/Deprecate-unused-options-instead-of-removing-it.patch:
103+ add patch from Debian stretch to simply warn about removed options.
104+
105+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 23 Apr 2019 11:40:41 -0400
106+
107 clamav (0.101.2+dfsg-1) unstable; urgency=high
108
109 * Import 0.101.2
110diff --git a/debian/control b/debian/control
111index a635cf6..1e1cd53 100644
112--- a/debian/control
113+++ b/debian/control
114@@ -1,7 +1,8 @@
115 Source: clamav
116 Section: utils
117 Priority: optional
118-Maintainer: ClamAV Team <pkg-clamav-devel@lists.alioth.debian.org>
119+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
120+XSBC-Original-Maintainer: ClamAV Team <pkg-clamav-devel@lists.alioth.debian.org>
121 Uploaders: Michael Meskes <meskes@debian.org>,
122 Michael Tautschnig <mt@debian.org>,
123 Scott Kitterman <scott@kitterman.com>,
124diff --git a/debian/patches/Deprecate-unused-options-instead-of-removing-it.patch b/debian/patches/Deprecate-unused-options-instead-of-removing-it.patch
125new file mode 100644
126index 0000000..8303c07
127--- /dev/null
128+++ b/debian/patches/Deprecate-unused-options-instead-of-removing-it.patch
129@@ -0,0 +1,56 @@
130+Description: Deprecate unused options instead of removing it
131+ Refresh Debian patch from Sebastian Andrzej Siewior <sebastian@breakpoint.cc>,
132+ original description below:
133+ .
134+ The following options were removed:
135+ - StatsHostID
136+ - StatsEnabled
137+ - StatsPEDisabled
138+ - StatsTimeout
139+ - SubmitDetectionStats
140+ - DetectionStatsCountry
141+ - DetectionStatsHostID
142+ .
143+ and if they remain in the config file (during automatic upgrade without
144+ user action which would be required by ucf) then clamav will refuse the
145+ start. By marking them as deprecated clamav will point it out and
146+ continue. This patch will be dropped by moving to next Debian stable
147+ version (the user is expected to edit the config manually at this
148+ point if it did not happen earlier).
149+ .
150+ NOTE: this patch should be droppped when Ubuntu 18.04 is EOL.
151+Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
152+Origin: vendor, https://salsa.debian.org/clamav-team/clamav/commit/66e2eb1b356939b83369dd8cf21f06f2f3abb234
153+Bug: https://bugs.debian.org/902290
154+Bug-Ubuntu: https://bugs.launchpad.net/bugs/1783632
155+Reviewed-by: Lucas Kanashiro <lucas.kanashiro@canonical.com>
156+Last-Update: 2019-12-05
157+---
158+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
159+
160+--- a/shared/optparser.c
161++++ b/shared/optparser.c
162+@@ -587,6 +587,23 @@
163+ {"TCPSocket", NULL, 0, CLOPT_TYPE_NUMBER, MATCH_NUMBER, -1, NULL, 0, OPT_MILTER | OPT_DEPRECATED, "", ""},
164+ {"TemporaryDirectory", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_MILTER | OPT_DEPRECATED, "", ""},
165+
166++ /* Deprecated stats options - avoid breakage during upgrades from old Ubuntu releases */
167++
168++ { "StatsHostID", "stats-host-id", 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_CLAMD | OPT_CLAMSCAN | OPT_DEPRECATED, "HostID in the form of an UUID to use when submitting statistical information. See the clamscan manpage for more information.", "default" },
169++
170++ { "StatsEnabled", "enable-stats", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_CLAMSCAN | OPT_DEPRECATED, "Enable submission of statistical data", "yes" },
171++
172++ { "StatsPEDisabled", "disable-pe-stats", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN | OPT_DEPRECATED, "Disable submission of PE section statistical data", "no" },
173++
174++ { "StatsTimeout", "stats-timeout", 0, CLOPT_TYPE_NUMBER, MATCH_NUMBER, -1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN | OPT_FRESHCLAM | OPT_DEPRECATED, "Timeout in seconds to timeout communication with the stats server.", "10" },
175++
176++ { "SubmitDetectionStats", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_DEPRECATED, "When enabled freshclam will submit statistics to the ClamAV Project about\nthe latest virus detections in your environment. The ClamAV maintainers\nwill then use this data to determine what types of malware are the most\ndetected in the field and in what geographic area they are.\nFreshclam will connect to clamd in order to get recent statistics.", "/path/to/clamd.conf" },
177++
178++ { "DetectionStatsCountry", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_DEPRECATED, "Country of origin of malware/detection statistics (for statistical\npurposes only). The statistics collector at ClamAV.net will look up\nyour IP address to determine the geographical origin of the malware\nreported by your installation. If this installation is mainly used to\nscan data which comes from a different location, please enable this\noption and enter a two-letter code (see http://www.iana.org/domains/root/db/)\nof the country of origin.", "country-code" },
179++
180++ { "DetectionStatsHostID", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_DEPRECATED, "This option enables support for our \"Personal Statistics\" service.\nWhen this option is enabled, the information on malware detected by\nyour clamd installation is made available to you through our website.\nTo get your HostID, log on http://www.stats.clamav.net and add a new\nhost to your host list. Once you have the HostID, uncomment this option\nand paste the HostID here. As soon as your freshclam starts submitting\ninformation to our stats collecting service, you will be able to view\nthe statistics of this clamd installation by logging into\nhttp://www.stats.clamav.net with the same credentials you used to\ngenerate the HostID. For more information refer to:\nhttp://www.clamav.net/doc/cctts.html\nThis feature requires SubmitDetectionStats to be enabled.", "unique-id" },
181++
182++
183+ {NULL, NULL, 0, 0, NULL, 0, NULL, 0, 0, NULL, NULL}};
184+ const struct clam_option *clam_options = __clam_options;
185+
186diff --git a/debian/patches/series b/debian/patches/series
187index 28004d0..1e4a08e 100644
188--- a/debian/patches/series
189+++ b/debian/patches/series
190@@ -4,3 +4,4 @@ clamd_dont_depend_on_clamav_demon_socket.patch
191 Add-support-for-LLVM-3.7.patch
192 Add-support-for-LLVM-3.8.patch
193 Add-support-for-LLVM-3.9.patch
194+Deprecate-unused-options-instead-of-removing-it.patch

Subscribers

People subscribed via source and target branches