Package: release.debian.org User: release.debian....@packages.debian.org Usertags: pu Tags: jessie Severity: normal
The last version (0.99.2+dfsg-0+deb8u1) removed AllowSupplementaryGroups and hit stable over the weekend. Now Hans van Kranenburg had an unattended upgrade and the config file was not fixed up (i.e. the option removed as suggested during the upgrade process). clamav did not start, he fixed it manually and reported #826406. This update will ignore the AllowSupplementaryGroups option whether set or not and the behaviour will remain unchanged. All binaries will behave the same except they won't complain about the AllowSupplementaryGroups option. The plan is not to push this change into unstable so people upgrading Jessie -> Stretch have to have this option removed at this point. I am not sure if this update makes sense at this point since most people got probably bitten by this, cursed my name and moved on. So if you think that this update makes sense here it is - otherwise... Sebastian
diff --git a/debian/.git-dpm b/debian/.git-dpm index 462fb68..286a2a5 100644 --- a/debian/.git-dpm +++ b/debian/.git-dpm @@ -1,6 +1,6 @@ # see git-dpm(1) from git-dpm package -2489109e048f803a6019c00671cff2b43f139555 -2489109e048f803a6019c00671cff2b43f139555 +279c06a817c13eb22dc3ade949ea8b4a8aea9825 +279c06a817c13eb22dc3ade949ea8b4a8aea9825 48a96d2a3f0f4aca12f39f62a53fe1671a6e15a2 48a96d2a3f0f4aca12f39f62a53fe1671a6e15a2 clamav_0.99.2+dfsg.orig.tar.xz diff --git a/debian/changelog b/debian/changelog index 9cde7f8..5ebcb45 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +clamav (0.99.2+dfsg-0+deb8u2) stable; urgency=medium + + * Don't fail if AllowSupplementaryGroups is still set in the config file but + ignore it and continue (Closes: #826406). + + -- Sebastian Andrzej Siewior <sebast...@breakpoint.cc> Mon, 06 Jun 2016 22:06:52 +0200 + clamav (0.99.2+dfsg-0+deb8u1) stable; urgency=medium * Import new Upstream. diff --git a/debian/patches/ingore-AllowSupplementaryGroups-option.patch b/debian/patches/ingore-AllowSupplementaryGroups-option.patch new file mode 100644 index 0000000..b152276 --- /dev/null +++ b/debian/patches/ingore-AllowSupplementaryGroups-option.patch @@ -0,0 +1,28 @@ +From 279c06a817c13eb22dc3ade949ea8b4a8aea9825 Mon Sep 17 00:00:00 2001 +From: Sebastian Andrzej Siewior <sebast...@breakpoint.cc> +Date: Mon, 6 Jun 2016 21:17:34 +0200 +Subject: Ignore AllowSupplementaryGroups if set + +Ignore the AllowSupplementaryGroups option if set. This should ease +stable auto upgrade in case nobody touches the config files. + +BTS: https://bugs.debian.org/826406 +Patch-Name: ingore-AllowSupplementaryGroups-option.patch +Signed-off-by: Sebastian Andrzej Siewior <sebast...@breakpoint.cc> +--- + shared/optparser.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/shared/optparser.c b/shared/optparser.c +index e2b28cc..f8911ea 100644 +--- a/shared/optparser.c ++++ b/shared/optparser.c +@@ -285,6 +285,8 @@ const struct clam_option __clam_options[] = { + + { "User", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_CLAMD | OPT_MILTER, "Run the daemon as a specified user (the process must be started by root).", "clamav" }, + ++ { "AllowSupplementaryGroups", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_MILTER, "Initialize a supplementary group access (the process must be started by root).", "no" }, ++ + /* Scan options */ + { "Bytecode", "bytecode", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "With this option enabled ClamAV will load bytecode from the database. It is highly recommended you keep this option on, otherwise you'll miss detections for many new viruses.", "yes" }, + diff --git a/debian/patches/series b/debian/patches/series index 82aadd6..3c7804d 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -7,3 +7,4 @@ clamav_add_private_fts_implementation.patch fix-ssize_t-size_t-off_t-printf-modifier.patch libclamav-use-libmspack.patch drop-AllowSupplementaryGroups-option-and-make-it-def.patch +ingore-AllowSupplementaryGroups-option.patch diff --git a/shared/optparser.c b/shared/optparser.c index e2b28cc..f8911ea 100644 --- a/shared/optparser.c +++ b/shared/optparser.c @@ -285,6 +285,8 @@ const struct clam_option __clam_options[] = { { "User", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_CLAMD | OPT_MILTER, "Run the daemon as a specified user (the process must be started by root).", "clamav" }, + { "AllowSupplementaryGroups", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_MILTER, "Initialize a supplementary group access (the process must be started by root).", "no" }, + /* Scan options */ { "Bytecode", "bytecode", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "With this option enabled ClamAV will load bytecode from the database. It is highly recommended you keep this option on, otherwise you'll miss detections for many new viruses.", "yes" },
