From 168e483aed955c04196ceebf6a9a708cdc1d14d1 Mon Sep 17 00:00:00 2001 From: Micah Snyder Date: Fri, 16 Aug 2024 11:45:37 -0400 Subject: [PATCH 01/10] Bump version to 0.103.12 and FLEVEL to 133 --- CMakeLists.txt | 2 +- Jenkinsfile | 2 +- NEWS.md | 4 ++++ configure.ac | 2 +- libclamav/bytecode_api.h | 1 + libclamav/others.h | 2 +- m4/reorganization/version.m4 | 2 +- win32/ClamAV-Installer.iss | 4 ++-- win32/clamav-config.h | 6 +++--- win32/res/common.rc | 4 ++-- win32/update-win32.pl | 4 ++-- 11 files changed, 19 insertions(+), 14 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 0f544271bb..400f0287d4 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -15,7 +15,7 @@ string(TIMESTAMP TODAY "%Y%m%d") set(VERSION_SUFFIX "") project( ClamAV - VERSION "0.103.11" + VERSION "0.103.12" DESCRIPTION "ClamAV open source email, web, and end-point anti-virus toolkit." ) set(CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/cmake" ${CMAKE_MODULE_PATH}) diff --git a/Jenkinsfile b/Jenkinsfile index 85df4755c5..a6e04af5f0 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -4,7 +4,7 @@ properties( parameters( [ string(name: 'VERSION', - defaultValue: '0.103.11', + defaultValue: '0.103.12', description: 'ClamAV version string'), string(name: 'FRAMEWORK_BRANCH', defaultValue: '0.103', diff --git a/NEWS.md b/NEWS.md index 1621efea63..9c8801a4fe 100644 --- a/NEWS.md +++ b/NEWS.md @@ -3,6 +3,10 @@ Note: This file refers to the source tarball. Things described here may differ slightly from the binary packages. +## 0.103.12 + +ClamAV 0.103.12 is a patch release with the following fixes: + ## 0.103.11 ClamAV 0.103.11 is a patch release with the following fixes: diff --git a/configure.ac b/configure.ac index d5500f6fed..33b2f9945f 100644 --- a/configure.ac +++ b/configure.ac @@ -22,7 +22,7 @@ AC_PREREQ([2.59]) dnl For a release change [devel] to the real version [0.xy] dnl also change VERSION below -AC_INIT([ClamAV], [0.103.11], [https://github.com/Cisco-Talos/clamav/issues], [clamav], [https://www.clamav.net/]) +AC_INIT([ClamAV], [0.103.12], [https://github.com/Cisco-Talos/clamav/issues], [clamav], [https://www.clamav.net/]) dnl put configure auxiliary into config AC_CONFIG_AUX_DIR([config]) diff --git a/libclamav/bytecode_api.h b/libclamav/bytecode_api.h index 7575a0b72e..029a1d5d44 100644 --- a/libclamav/bytecode_api.h +++ b/libclamav/bytecode_api.h @@ -157,6 +157,7 @@ enum FunctionalityLevels { FUNC_LEVEL_0103_9 = 130, /**< LibClamAV release 0.103.9 */ FUNC_LEVEL_0103_10 = 131, /**< LibClamAV release 0.103.10 */ FUNC_LEVEL_0103_11 = 132, /**< LibClamAV release 0.103.11 */ + FUNC_LEVEL_0103_12 = 133, /**< LibClamAV release 0.103.12 */ }; /** diff --git a/libclamav/others.h b/libclamav/others.h index 9f090ddae6..2e45ab57ed 100644 --- a/libclamav/others.h +++ b/libclamav/others.h @@ -73,7 +73,7 @@ * in re-enabling affected modules. */ -#define CL_FLEVEL 132 +#define CL_FLEVEL 133 #define CL_FLEVEL_DCONF CL_FLEVEL #define CL_FLEVEL_SIGTOOL CL_FLEVEL diff --git a/m4/reorganization/version.m4 b/m4/reorganization/version.m4 index 5ce62f5e4f..b66e5491ab 100644 --- a/m4/reorganization/version.m4 +++ b/m4/reorganization/version.m4 @@ -3,7 +3,7 @@ dnl During active development, set: VERSION="-devel-`date +%Y%m%d`" dnl For beta, set: VERSION="-beta" dnl For release candidate, set: VERSION="-rc" dnl For release, set: VERSION="" -VERSION="0.103.11" +VERSION="0.103.12" major=`echo $PACKAGE_VERSION |cut -d. -f1 | sed -e "s/[^0-9]//g"` minor=`echo $PACKAGE_VERSION |cut -d. -f2 | sed -e "s/[^0-9]//g"` diff --git a/win32/ClamAV-Installer.iss b/win32/ClamAV-Installer.iss index 518f6175ba..b3a3d06fca 100644 --- a/win32/ClamAV-Installer.iss +++ b/win32/ClamAV-Installer.iss @@ -8,7 +8,7 @@ [Setup] AppName=ClamAV -AppVersion=0.103.11 +AppVersion=0.103.12 DefaultDirName={pf}\ClamAV DefaultGroupName=ClamAV AppCopyright=2021 Cisco Systems, Inc. @@ -20,7 +20,7 @@ UninstallDisplayName=ClamAV Compression=lzma2 SolidCompression=yes OutputDir=. -OutputBaseFilename=ClamAV-0.103.11 +OutputBaseFilename=ClamAV-0.103.12 WizardImageFile=demon.bmp WizardSmallImageFile=talos.bmp diff --git a/win32/clamav-config.h b/win32/clamav-config.h index 03f975f8e1..c08dac57f3 100644 --- a/win32/clamav-config.h +++ b/win32/clamav-config.h @@ -480,7 +480,7 @@ #define PACKAGE_NAME "ClamAV" /* Define to the full name and version of this package. */ -#define PACKAGE_STRING "ClamAV 0.103.11" +#define PACKAGE_STRING "ClamAV 0.103.12" /* Define to the one symbol short name of this package. */ #define PACKAGE_TARNAME "clamav" @@ -489,7 +489,7 @@ #define PACKAGE_URL "https://www.clamav.net/" /* Define to the version of this package. */ -#define PACKAGE_VERSION "0.103.11" +#define PACKAGE_VERSION "0.103.12" /* scan buffer size */ #define SCANBUFF 131072 @@ -525,7 +525,7 @@ /* #undef USE_SYSLOG */ /* Version number of package */ -#define VERSION "0.103.11" +#define VERSION "0.103.12" /* Version suffix for package */ #define VERSION_SUFFIX "" diff --git a/win32/res/common.rc b/win32/res/common.rc index 81cb41bc78..9f0c6d1b8f 100644 --- a/win32/res/common.rc +++ b/win32/res/common.rc @@ -6,8 +6,8 @@ #define REPO_VERSION VERSION #endif -#define RES_VER_Q 0,103,11,0 -#define RES_VER_S "ClamAV 0.103.11" +#define RES_VER_Q 0,103,12,0 +#define RES_VER_S "ClamAV 0.103.12" VS_VERSION_INFO VERSIONINFO FILEVERSION RES_VER_Q diff --git a/win32/update-win32.pl b/win32/update-win32.pl index 56bb8530a6..8812389ad4 100644 --- a/win32/update-win32.pl +++ b/win32/update-win32.pl @@ -180,10 +180,10 @@ 'PACKAGE' => 'PACKAGE_NAME', 'PACKAGE_BUGREPORT' => '"https://github.com/Cisco-Talos/clamav/issues"', 'PACKAGE_NAME' => '"ClamAV"', - 'PACKAGE_STRING' => '"ClamAV 0.103.11"', + 'PACKAGE_STRING' => '"ClamAV 0.103.12"', 'PACKAGE_TARNAME' => '"clamav"', 'PACKAGE_URL' => '"https://www.clamav.net/"', - 'PACKAGE_VERSION' => '"0.103.11"', + 'PACKAGE_VERSION' => '"0.103.12"', 'SCANBUFF' => '131072', 'SETPGRP_VOID' => '1', 'SIZEOF_INT' => '4', From 360712eea03fcbb1891a52a00440dd49e5567cfd Mon Sep 17 00:00:00 2001 From: Sebastian Andrzej Siewior Date: Wed, 26 Jun 2024 23:01:47 +0200 Subject: [PATCH 02/10] cli_check_mydoom_log: Avoid unaligned access. fmap_need_off_once() may return an unaligned pointer. This in return leads to an unaligned access during the load of the uint32_t variables loading to failures on architectures not supporting unaligned access. This was reported to the Debian BTS as #1073128. [bigeasy: Commit message, reworked the patch a bit]. Link: https://bugs.debian.org/1073128 Signed-off-by: Sebastian Andrzej Siewior --- libclamav/special.c | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/libclamav/special.c b/libclamav/special.c index f9b3b3ced9..bb925e7f16 100644 --- a/libclamav/special.c +++ b/libclamav/special.c @@ -48,7 +48,8 @@ int cli_check_mydoom_log(cli_ctx *ctx) { - const uint32_t *record; + uint32_t record[16]; + const uint32_t *ptr; uint32_t check, key; fmap_t *map = ctx->fmap; unsigned int blocks = map->len / (8 * 4); @@ -59,14 +60,24 @@ int cli_check_mydoom_log(cli_ctx *ctx) if (blocks > 5) blocks = 5; - record = fmap_need_off_once(map, 0, 8 * 4 * blocks); - if (!record) + /* + * The following pointer might not be properly aligned. There there is + * memcmp() + memcpy() workaround to avoid performing an unaligned access + * while reading the uint32_t. + */ + ptr = fmap_need_off_once(map, 0, 8 * 4 * blocks); + if (!ptr) return CL_CLEAN; + while (blocks) { /* This wasn't probably intended but that's what the current code does anyway */ - if (record[--blocks] == 0xffffffff) + const uint32_t marker_ff = 0xffffffff; + + if (!memcmp(&ptr[--blocks], &marker_ff, sizeof(uint32_t))) return CL_CLEAN; } + memcpy(record, ptr, sizeof(record)); + key = ~be32_to_host(record[0]); check = (be32_to_host(record[1]) ^ key) + (be32_to_host(record[2]) ^ key) + From f1f5394faf43bfd3251167efa5560341821adfcc Mon Sep 17 00:00:00 2001 From: rsundriyal Date: Tue, 30 Apr 2024 13:25:31 -0400 Subject: [PATCH 03/10] Adding param to define test pipelines path --- Jenkinsfile | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index a6e04af5f0..d9c617357d 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -18,6 +18,9 @@ properties( string(name: 'TESTS_FUZZ_BRANCH', defaultValue: '0.103', description: 'tests-fuzz-regression branch'), + string(name: 'TEST_PIPELINES_PATH', + defaultValue: 'ClamAV/test-pipelines', + description: 'test-pipelines path for clamav in Jenkins'), string(name: 'BUILD_PIPELINE', defaultValue: 'build-0.103', description: 'test-pipelines branch for build acceptance'), @@ -78,7 +81,7 @@ node('ubuntu-18-x64') { def buildResult stage('Build') { - buildResult = build(job: "test-pipelines/${params.BUILD_PIPELINE}", + buildResult = build(job: "${params.TEST_PIPELINES_PATH}/${params.BUILD_PIPELINE}", propagate: true, wait: true, parameters: [ @@ -89,7 +92,7 @@ node('ubuntu-18-x64') { [$class: 'StringParameterValue', name: 'SHARED_LIB_BRANCH', value: "${params.SHARED_LIB_BRANCH}"] ] ) - echo "test-pipelines/${params.BUILD_PIPELINE} #${buildResult.number} succeeded." + echo "${params.TEST_PIPELINES_PATH}/${params.BUILD_PIPELINE} #${buildResult.number} succeeded." } stage('Test') { @@ -100,13 +103,13 @@ node('ubuntu-18-x64') { def exception = null try { stage("Regular Pipeline") { - regularResult = build(job: "test-pipelines/${params.REGULAR_PIPELINE}", + regularResult = build(job: "${params.TEST_PIPELINES_PATH}/${params.REGULAR_PIPELINE}", propagate: true, wait: true, parameters: [ [$class: 'StringParameterValue', name: 'CLAMAV_JOB_NAME', value: "${JOB_NAME}"], [$class: 'StringParameterValue', name: 'CLAMAV_JOB_NUMBER', value: "${BUILD_NUMBER}"], - [$class: 'StringParameterValue', name: 'BUILD_JOB_NAME', value: "test-pipelines/${params.BUILD_PIPELINE}"], + [$class: 'StringParameterValue', name: 'BUILD_JOB_NAME', value: "${params.TEST_PIPELINES_PATH}/${params.BUILD_PIPELINE}"], [$class: 'StringParameterValue', name: 'BUILD_JOB_NUMBER', value: "${buildResult.number}"], [$class: 'StringParameterValue', name: 'TESTS_BRANCH', value: "${params.TESTS_BRANCH}"], [$class: 'StringParameterValue', name: 'FRAMEWORK_BRANCH', value: "${params.FRAMEWORK_BRANCH}"], @@ -114,14 +117,14 @@ node('ubuntu-18-x64') { [$class: 'StringParameterValue', name: 'SHARED_LIB_BRANCH', value: "${params.SHARED_LIB_BRANCH}"] ] ) - echo "test-pipelines/${params.REGULAR_PIPELINE} #${regularResult.number} succeeded." + echo "${params.TEST_PIPELINES_PATH}/${params.REGULAR_PIPELINE} #${regularResult.number} succeeded." } } catch (exc) { - echo "test-pipelines/${params.REGULAR_PIPELINE} failed." + echo "${params.TEST_PIPELINES_PATH}/${params.REGULAR_PIPELINE} failed." exception = exc } stage("Custom Pipeline") { - final customResult = build(job: "test-pipelines/${params.CUSTOM_PIPELINE}", + final customResult = build(job: "${params.TEST_PIPELINES_PATH}/${params.CUSTOM_PIPELINE}", propagate: true, wait: true, parameters: [ @@ -133,7 +136,7 @@ node('ubuntu-18-x64') { [$class: 'StringParameterValue', name: 'SHARED_LIB_BRANCH', value: "${params.SHARED_LIB_BRANCH}"] ] ) - echo "test-pipelines/${params.CUSTOM_PIPELINE} #${customResult.number} succeeded." + echo "${params.TEST_PIPELINES_PATH}/${params.CUSTOM_PIPELINE} #${customResult.number} succeeded." } if(exception != null) { echo "Custom Pipeline passed, but Regular pipeline failed!" @@ -143,7 +146,7 @@ node('ubuntu-18-x64') { tasks["fuzz_regression"] = { stage("Fuzz Regression") { - final fuzzResult = build(job: "test-pipelines/${params.FUZZ_PIPELINE}", + final fuzzResult = build(job: "${params.TEST_PIPELINES_PATH}/${params.FUZZ_PIPELINE}", propagate: true, wait: true, parameters: [ @@ -154,7 +157,7 @@ node('ubuntu-18-x64') { [$class: 'StringParameterValue', name: 'VERSION', value: "${params.VERSION}"] ] ) - echo "test-pipelines/${params.FUZZ_PIPELINE} #${fuzzResult.number} succeeded." + echo "${params.TEST_PIPELINES_PATH}/${params.FUZZ_PIPELINE} #${fuzzResult.number} succeeded." } } From 5b209e4c492fa2dded9480aa571dbfd4d094f39b Mon Sep 17 00:00:00 2001 From: Micah Snyder Date: Wed, 22 May 2024 15:42:23 -0400 Subject: [PATCH 04/10] Jenkins: separate build pipeline and package test pipeline The build pipeline used to build clamav packages and then test those packages with a rudimentary test set. This change will build the clamav packages in one pipeline - then test the packages in a new test pipeline. The new test pipeline will use the larger test suite that we use for testing from-source builds in the "regular" test pipeline. --- Jenkinsfile | 53 +++++++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 43 insertions(+), 10 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index d9c617357d..a862124eeb 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -11,19 +11,25 @@ properties( description: 'test-framework branch'), string(name: 'TESTS_BRANCH', defaultValue: '0.103', - description: 'tests branch'), + description: 'tests branch for the package and regular tests'), string(name: 'TESTS_CUSTOM_BRANCH', defaultValue: '0.103', description: 'tests-custom branch'), string(name: 'TESTS_FUZZ_BRANCH', defaultValue: '0.103', description: 'tests-fuzz-regression branch'), + string(name: 'BUILD_PIPELINES_PATH', + defaultValue: 'ClamAV/build-pipelines', + description: 'build-pipelines path for clamav in Jenkins'), string(name: 'TEST_PIPELINES_PATH', defaultValue: 'ClamAV/test-pipelines', description: 'test-pipelines path for clamav in Jenkins'), string(name: 'BUILD_PIPELINE', defaultValue: 'build-0.103', description: 'test-pipelines branch for build acceptance'), + string(name: 'PACKAGE_PIPELINE', + defaultValue: 'package-0.103', + description: 'test-pipelines branch for package tests.'), string(name: 'REGULAR_PIPELINE', defaultValue: 'regular-0.103', description: 'test-pipelines branch for regular tests.'), @@ -47,7 +53,7 @@ properties( ] ) -node('ubuntu-18-x64') { +node('default') { stage('Generate Tarball') { cleanWs() @@ -81,10 +87,11 @@ node('ubuntu-18-x64') { def buildResult stage('Build') { - buildResult = build(job: "${params.TEST_PIPELINES_PATH}/${params.BUILD_PIPELINE}", + buildResult = build(job: "${params.BUILD_PIPELINES_PATH}/${params.BUILD_PIPELINE}", propagate: true, wait: true, parameters: [ + [$class: 'StringParameterValue', name: 'PIPELINE_BRANCH_NAME', value: "${params.BUILD_PIPELINE}"], [$class: 'StringParameterValue', name: 'CLAMAV_JOB_NAME', value: "${JOB_NAME}"], [$class: 'StringParameterValue', name: 'CLAMAV_JOB_NUMBER', value: "${BUILD_NUMBER}"], [$class: 'StringParameterValue', name: 'FRAMEWORK_BRANCH', value: "${params.FRAMEWORK_BRANCH}"], @@ -92,21 +99,45 @@ node('ubuntu-18-x64') { [$class: 'StringParameterValue', name: 'SHARED_LIB_BRANCH', value: "${params.SHARED_LIB_BRANCH}"] ] ) - echo "${params.TEST_PIPELINES_PATH}/${params.BUILD_PIPELINE} #${buildResult.number} succeeded." + echo "${params.BUILD_PIPELINES_PATH}/${params.BUILD_PIPELINE} #${buildResult.number} succeeded." } stage('Test') { def tasks = [:] - tasks["regular_and_custom"] = { - def regularResult + tasks["package_regular_custom"] = { def exception = null try { - stage("Regular Pipeline") { - regularResult = build(job: "${params.TEST_PIPELINES_PATH}/${params.REGULAR_PIPELINE}", + stage("Package") { + final regularResult = build(job: "${params.TEST_PIPELINES_PATH}/${params.PACKAGE_PIPELINE}", propagate: true, wait: true, parameters: [ + [$class: 'StringParameterValue', name: 'PIPELINE_BRANCH_NAME', value: "${params.PACKAGE_PIPELINE}"], + [$class: 'StringParameterValue', name: 'CLAMAV_JOB_NAME', value: "${JOB_NAME}"], + [$class: 'StringParameterValue', name: 'CLAMAV_JOB_NUMBER', value: "${BUILD_NUMBER}"], + [$class: 'StringParameterValue', name: 'BUILD_JOB_NAME', value: "${params.TEST_PIPELINES_PATH}/${params.BUILD_PIPELINE}"], + [$class: 'StringParameterValue', name: 'BUILD_JOB_NUMBER', value: "${buildResult.number}"], + [$class: 'StringParameterValue', name: 'TESTS_BRANCH', value: "${params.TESTS_BRANCH}"], + [$class: 'StringParameterValue', name: 'FRAMEWORK_BRANCH', value: "${params.FRAMEWORK_BRANCH}"], + [$class: 'StringParameterValue', name: 'VERSION', value: "${params.VERSION}"], + [$class: 'StringParameterValue', name: 'SHARED_LIB_BRANCH', value: "${params.SHARED_LIB_BRANCH}"] + ] + ) + echo "${params.TEST_PIPELINES_PATH}/${params.PACKAGE_PIPELINE} #${regularResult.number} succeeded." + } + } catch (exc) { + echo "${params.TEST_PIPELINES_PATH}/${params.PACKAGE_PIPELINE} failed." + exception = exc + } + + try { + stage("Regular From-Source") { + final regularResult = build(job: "${params.TEST_PIPELINES_PATH}/${params.REGULAR_PIPELINE}", + propagate: true, + wait: true, + parameters: [ + [$class: 'StringParameterValue', name: 'PIPELINE_BRANCH_NAME', value: "${params.REGULAR_PIPELINE}"], [$class: 'StringParameterValue', name: 'CLAMAV_JOB_NAME', value: "${JOB_NAME}"], [$class: 'StringParameterValue', name: 'CLAMAV_JOB_NUMBER', value: "${BUILD_NUMBER}"], [$class: 'StringParameterValue', name: 'BUILD_JOB_NAME', value: "${params.TEST_PIPELINES_PATH}/${params.BUILD_PIPELINE}"], @@ -123,11 +154,13 @@ node('ubuntu-18-x64') { echo "${params.TEST_PIPELINES_PATH}/${params.REGULAR_PIPELINE} failed." exception = exc } - stage("Custom Pipeline") { + + stage("Custom From-Source") { final customResult = build(job: "${params.TEST_PIPELINES_PATH}/${params.CUSTOM_PIPELINE}", propagate: true, wait: true, parameters: [ + [$class: 'StringParameterValue', name: 'PIPELINE_BRANCH_NAME', value: "${params.CUSTOM_PIPELINE}"], [$class: 'StringParameterValue', name: 'CLAMAV_JOB_NAME', value: "${JOB_NAME}"], [$class: 'StringParameterValue', name: 'CLAMAV_JOB_NUMBER', value: "${BUILD_NUMBER}"], [$class: 'StringParameterValue', name: 'TESTS_BRANCH', value: "${params.TESTS_CUSTOM_BRANCH}"], @@ -139,7 +172,7 @@ node('ubuntu-18-x64') { echo "${params.TEST_PIPELINES_PATH}/${params.CUSTOM_PIPELINE} #${customResult.number} succeeded." } if(exception != null) { - echo "Custom Pipeline passed, but Regular pipeline failed!" + echo "Custom Pipeline passed, but prior pipelines failed!" throw exception } } From 4d566ef9d311a52381789aff48ac4f2a5e220916 Mon Sep 17 00:00:00 2001 From: Micah Snyder Date: Thu, 23 May 2024 21:01:53 -0400 Subject: [PATCH 05/10] Jenkins: Fixup build-pipeline path --- Jenkinsfile | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index a862124eeb..7a42d430bf 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -91,7 +91,6 @@ node('default') { propagate: true, wait: true, parameters: [ - [$class: 'StringParameterValue', name: 'PIPELINE_BRANCH_NAME', value: "${params.BUILD_PIPELINE}"], [$class: 'StringParameterValue', name: 'CLAMAV_JOB_NAME', value: "${JOB_NAME}"], [$class: 'StringParameterValue', name: 'CLAMAV_JOB_NUMBER', value: "${BUILD_NUMBER}"], [$class: 'StringParameterValue', name: 'FRAMEWORK_BRANCH', value: "${params.FRAMEWORK_BRANCH}"], @@ -113,10 +112,9 @@ node('default') { propagate: true, wait: true, parameters: [ - [$class: 'StringParameterValue', name: 'PIPELINE_BRANCH_NAME', value: "${params.PACKAGE_PIPELINE}"], [$class: 'StringParameterValue', name: 'CLAMAV_JOB_NAME', value: "${JOB_NAME}"], [$class: 'StringParameterValue', name: 'CLAMAV_JOB_NUMBER', value: "${BUILD_NUMBER}"], - [$class: 'StringParameterValue', name: 'BUILD_JOB_NAME', value: "${params.TEST_PIPELINES_PATH}/${params.BUILD_PIPELINE}"], + [$class: 'StringParameterValue', name: 'BUILD_JOB_NAME', value: "${params.BUILD_PIPELINES_PATH}/${params.BUILD_PIPELINE}"], [$class: 'StringParameterValue', name: 'BUILD_JOB_NUMBER', value: "${buildResult.number}"], [$class: 'StringParameterValue', name: 'TESTS_BRANCH', value: "${params.TESTS_BRANCH}"], [$class: 'StringParameterValue', name: 'FRAMEWORK_BRANCH', value: "${params.FRAMEWORK_BRANCH}"], @@ -137,11 +135,8 @@ node('default') { propagate: true, wait: true, parameters: [ - [$class: 'StringParameterValue', name: 'PIPELINE_BRANCH_NAME', value: "${params.REGULAR_PIPELINE}"], [$class: 'StringParameterValue', name: 'CLAMAV_JOB_NAME', value: "${JOB_NAME}"], [$class: 'StringParameterValue', name: 'CLAMAV_JOB_NUMBER', value: "${BUILD_NUMBER}"], - [$class: 'StringParameterValue', name: 'BUILD_JOB_NAME', value: "${params.TEST_PIPELINES_PATH}/${params.BUILD_PIPELINE}"], - [$class: 'StringParameterValue', name: 'BUILD_JOB_NUMBER', value: "${buildResult.number}"], [$class: 'StringParameterValue', name: 'TESTS_BRANCH', value: "${params.TESTS_BRANCH}"], [$class: 'StringParameterValue', name: 'FRAMEWORK_BRANCH', value: "${params.FRAMEWORK_BRANCH}"], [$class: 'StringParameterValue', name: 'VERSION', value: "${params.VERSION}"], @@ -160,7 +155,6 @@ node('default') { propagate: true, wait: true, parameters: [ - [$class: 'StringParameterValue', name: 'PIPELINE_BRANCH_NAME', value: "${params.CUSTOM_PIPELINE}"], [$class: 'StringParameterValue', name: 'CLAMAV_JOB_NAME', value: "${JOB_NAME}"], [$class: 'StringParameterValue', name: 'CLAMAV_JOB_NUMBER', value: "${BUILD_NUMBER}"], [$class: 'StringParameterValue', name: 'TESTS_BRANCH', value: "${params.TESTS_CUSTOM_BRANCH}"], From a3060c1a12009e9ae5f1254b2304c8a3d7ebf3b6 Mon Sep 17 00:00:00 2001 From: Micah Snyder Date: Fri, 12 Apr 2024 13:57:01 -0400 Subject: [PATCH 06/10] Add 'valhalla' to Freshclam's list of optional CVD's --- freshclam/freshclam.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/freshclam/freshclam.c b/freshclam/freshclam.c index 1f97d51164..b7a4817086 100644 --- a/freshclam/freshclam.c +++ b/freshclam/freshclam.c @@ -998,7 +998,7 @@ fc_error_t get_official_database_lists( uint32_t i; const char *hardcodedStandardDatabaseList[] = {"daily", "main", "bytecode"}; - const char *hardcodedOptionalDatabaseList[] = {"safebrowsing", "test"}; + const char *hardcodedOptionalDatabaseList[] = {"safebrowsing", "test", "valhalla"}; if ((NULL == standardDatabases) || (NULL == nStandardDatabases) || (NULL == optionalDatabases) || (NULL == nOptionalDatabases)) { mprintf("!get_official_database_lists: Invalid arguments.\n"); From b1d462e8e99cd28ff10e49091d48f2c806c63a78 Mon Sep 17 00:00:00 2001 From: Micah Snyder Date: Fri, 12 Apr 2024 13:52:19 -0400 Subject: [PATCH 07/10] Freshclam: fix issue DatabaseCustomURL CVD prune issue If using DatabaseCustomURL to download a CVD that Freshclam doesn't know about, i.e. one that is not in the hardcoded standard or optional database lists in freshclam.c, Freshclam will prune the database and then re-download it. This change makes it so we look for URL's with ".cvd" at the end and then take those into consideration when checking which CVD's (or CLD's) should be pruned. Note that I didn't change the interface to fc_prune_database_directory(). That would have been cleaner, but would've changed the public API and I want to backport this fix. --- freshclam/freshclam.c | 47 ++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 46 insertions(+), 1 deletion(-) diff --git a/freshclam/freshclam.c b/freshclam/freshclam.c index b7a4817086..7c23b9e615 100644 --- a/freshclam/freshclam.c +++ b/freshclam/freshclam.c @@ -1424,6 +1424,10 @@ fc_error_t perform_database_update( uint32_t nUpdated = 0; uint32_t nTotalUpdated = 0; + uint32_t i; + char **doNotPruneDatabaseList = NULL; + uint32_t nDoNotPruneDatabases = 0; + STATBUF statbuf; if (NULL == serverList) { @@ -1444,7 +1448,38 @@ fc_error_t perform_database_update( * Prune database directory of official databases * that are no longer available or no longer desired. */ - (void)fc_prune_database_directory(databaseList, nDatabases); + + // include the URL databases in the prune process + doNotPruneDatabaseList = (char **)malloc(sizeof(char *) * (nDatabases + nUrlDatabases)); + if (NULL == doNotPruneDatabaseList) { + logg("!perform_database_update: Can't allocate memory for doNotPruneDatabaseList\n"); + status = FC_EMEM; + goto done; + } + + for (i = 0; i < nDatabases; i++) { + doNotPruneDatabaseList[i] = strdup(databaseList[i]); + if (doNotPruneDatabaseList[i] == NULL) { + logg("!perform_database_update: Can't allocate memory for database name in doNotPruneDatabaseList\n"); + status = FC_EMEM; + goto done; + } + } + nDoNotPruneDatabases = nDatabases; + + for (i = 0; i < nUrlDatabases; i++) { + // Only append the URL databases that end with '.cvd' + if (strlen(urlDatabaseList[i]) > 4 && 0 == strcasecmp(urlDatabaseList[i] + strlen(urlDatabaseList[i]) - 4, ".cvd")) { + const char *startOfFilename = strrchr(urlDatabaseList[i], '/') + 1; + if (NULL != startOfFilename) { + // Add the base database name to the do-not-prune list, excluding the '.cvd' extension. + doNotPruneDatabaseList[nDatabases + i] = CLI_STRNDUP(startOfFilename, strlen(startOfFilename) - strlen(".cvd")); + nDoNotPruneDatabases++; + } + } + } + + (void)fc_prune_database_directory(doNotPruneDatabaseList, nDoNotPruneDatabases); } /* @@ -1515,6 +1550,16 @@ fc_error_t perform_database_update( done: + // Free up the database list + if (NULL != doNotPruneDatabaseList) { + for (i = 0; i < nDoNotPruneDatabases; i++) { + free(doNotPruneDatabaseList[i]); + doNotPruneDatabaseList[i] = NULL; + } + free(doNotPruneDatabaseList); + doNotPruneDatabaseList = NULL; + } + if (LSTAT(g_freshclamTempDirectory, &statbuf) != -1) { /* Remove temp directory */ if (*g_freshclamTempDirectory) { From e66145bbb7c31cc870ea9aec47b22b3762ec1c7e Mon Sep 17 00:00:00 2001 From: Micah Snyder Date: Wed, 28 Aug 2024 15:42:31 -0400 Subject: [PATCH 08/10] Jenkins: build tarball in Docker container Due to build issues with libldtl and/or Autotools in Ubuntu:22.04, perform the build within a Docker container running Ubuntu:18.04. --- Jenkins/Dockerfile | 6 ++++++ Jenkinsfile | 27 +++++++++++++++++++-------- 2 files changed, 25 insertions(+), 8 deletions(-) create mode 100644 Jenkins/Dockerfile diff --git a/Jenkins/Dockerfile b/Jenkins/Dockerfile new file mode 100644 index 0000000000..1d6759f872 --- /dev/null +++ b/Jenkins/Dockerfile @@ -0,0 +1,6 @@ +FROM ubuntu:18.04 + +RUN apt-get update && apt-get install -y \ + gcc make automake autoconf m4 pkg-config libtool flex bison valgrind \ + check libbz2-dev libcurl4-openssl-dev libjson-c-dev libmilter-dev \ + libncurses5-dev libpcre2-dev libssl-dev libxml2-dev zlib1g-dev diff --git a/Jenkinsfile b/Jenkinsfile index 7a42d430bf..c264d96fec 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -53,7 +53,7 @@ properties( ] ) -node('default') { +node('docker') { stage('Generate Tarball') { cleanWs() @@ -72,13 +72,24 @@ node('default') { ''' } - dir(path: 'build') { - sh """# Make Dist - if [ -f '../autogen.sh' ] ; then /bin/chmod +x ../autogen.sh && ../autogen.sh ; fi - ../configure --enable-milter --disable-clamav --disable-silent-rules --enable-llvm --with-system-llvm=no - make distcheck - mv clamav-${params.VERSION}*.tar.gz clamav-${params.VERSION}.tar.gz || true""" - archiveArtifacts(artifacts: "clamav-${params.VERSION}.tar.gz", onlyIfSuccessful: true) + // start up docker image + def dockerImage = docker.build("autoconf", "./Jenkins") + + try { + dockerImage.inside { c -> + dir(path: "build") { + sh """# Make Dist + if [ -f '../autogen.sh' ] ; then /bin/chmod +x ../autogen.sh && ../autogen.sh ; fi + ../configure --enable-milter --disable-clamav --disable-silent-rules --enable-llvm --with-system-llvm=no + make distcheck + mv clamav-${params.VERSION}*.tar.gz clamav-${params.VERSION}.tar.gz || true""" + archiveArtifacts(artifacts: "clamav-${params.VERSION}.tar.gz", onlyIfSuccessful: true) + } + } + } + catch(IOException err) { + cleanWs() + throw err } cleanWs() From 84ffdff1e1b233d0b69273ed73cf7f52e9e4d8e2 Mon Sep 17 00:00:00 2001 From: Micah Snyder Date: Thu, 29 Aug 2024 10:41:08 -0400 Subject: [PATCH 09/10] Disable check part of making the tar.gz distribution We run a set of from-source builds that use the tarball. Distcheck is being problematic, but if all the from-source builds work correctly, that may suffice to check the dist. --- Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Jenkinsfile b/Jenkinsfile index c264d96fec..26d4ce6b10 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -81,7 +81,7 @@ node('docker') { sh """# Make Dist if [ -f '../autogen.sh' ] ; then /bin/chmod +x ../autogen.sh && ../autogen.sh ; fi ../configure --enable-milter --disable-clamav --disable-silent-rules --enable-llvm --with-system-llvm=no - make distcheck + make dist mv clamav-${params.VERSION}*.tar.gz clamav-${params.VERSION}.tar.gz || true""" archiveArtifacts(artifacts: "clamav-${params.VERSION}.tar.gz", onlyIfSuccessful: true) } From 515f1839a8f7cda2fbf05b47b5be765ed18d21c5 Mon Sep 17 00:00:00 2001 From: Micah Snyder Date: Thu, 29 Aug 2024 19:22:00 -0400 Subject: [PATCH 10/10] Windows: Fix build issue with newer Visual Studio Encountered this error after updates to Visual Studio. 5>rarpch.cpp 5>c:\program files (x86)\windows kits\10\include\10.0.22621.0\um\winnt.h(2535): error C2338: Windows headers require the default packing option. Changing this can lead to memory corruption. This diagnostic can be disabled by building with WINDOWS_IGNORE_PACKING_MISMATCH defined. It seems that libclamunrar VS project file was set to 4-byte struct member alignment. Changing this to "Default" fixes the issue. --- win32/libclamunrar.vcxproj | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/win32/libclamunrar.vcxproj b/win32/libclamunrar.vcxproj index 89860990fa..c0771f344c 100644 --- a/win32/libclamunrar.vcxproj +++ b/win32/libclamunrar.vcxproj @@ -100,7 +100,7 @@ Sync EnableFastChecks MultiThreadedDebug - 4Bytes + Default false Use rar.hpp @@ -131,7 +131,7 @@ Sync EnableFastChecks MultiThreadedDebug - 4Bytes + Default false Use rar.hpp @@ -162,7 +162,7 @@ false Sync MultiThreadedDebug - 4Bytes + Default true true NoExtensions @@ -204,7 +204,7 @@ false Sync MultiThreadedDebug - 4Bytes + Default true true false