diff options
Diffstat (limited to 'app-antivirus')
| -rw-r--r-- | app-antivirus/Manifest.gz | bin | 717 -> 885 bytes | |||
| -rw-r--r-- | app-antivirus/clamav/Manifest | 5 | ||||
| -rw-r--r-- | app-antivirus/clamav/clamav-0.103.4.ebuild | 239 | ||||
| -rw-r--r-- | app-antivirus/clamav/clamav-0.103.5.ebuild | 2 | ||||
| -rw-r--r-- | app-antivirus/clamav/files/clamav-0.104.0-ncurses_detection.patch | 27 | ||||
| -rw-r--r-- | app-antivirus/fangfrisch/Manifest | 3 | ||||
| -rw-r--r-- | app-antivirus/fangfrisch/fangfrisch-1.5.0-r1.ebuild | 71 | ||||
| -rw-r--r-- | app-antivirus/fangfrisch/files/fangfrisch.service | 14 | ||||
| -rw-r--r-- | app-antivirus/fangfrisch/files/fangfrisch.timer | 12 | ||||
| -rw-r--r-- | app-antivirus/lkrg/Manifest | 5 | ||||
| -rw-r--r-- | app-antivirus/lkrg/files/lkrg-0.9.2-systemd-coredump-umh-whitelist.patch | 23 | ||||
| -rw-r--r-- | app-antivirus/lkrg/lkrg-0.9.2.ebuild | 40 | ||||
| -rw-r--r-- | app-antivirus/lkrg/metadata.xml | 11 |
13 files changed, 181 insertions, 271 deletions
diff --git a/app-antivirus/Manifest.gz b/app-antivirus/Manifest.gz Binary files differindex 7e2522cc8645..886f60d73323 100644 --- a/app-antivirus/Manifest.gz +++ b/app-antivirus/Manifest.gz diff --git a/app-antivirus/clamav/Manifest b/app-antivirus/clamav/Manifest index 2805c925c0e9..b691432c7c2c 100644 --- a/app-antivirus/clamav/Manifest +++ b/app-antivirus/clamav/Manifest @@ -2,7 +2,6 @@ AUX clamav-0.102.1-libxml2_pkgconfig.patch 4012 BLAKE2B 4c3e4fc3522d317c57bae942 AUX clamav-0.102.2-fix-curl-detection.patch 844 BLAKE2B a813b1f6003b9cff03fca8d72dbd44d6a4f700e3d60aee83f782a87893a3c6753698ca8715237155185660301dd81dc55bf6a6e3b9095f57b099607182c90bf5 SHA512 27e6aa5ad418eaa32b56ea7bbdab0b5b4cd649e55d34eb094b5f02d7e68d8913f39664ffd6bc4a07faf88f60bdbd15b0c381fbbd6d9c1c62cc36e72e34cabd19 AUX clamav-0.103.0-system-tomsfastmath.patch 3725 BLAKE2B 85640ded83600adfdcc03e8f42e3153c71a8b6c5884ca4cbd79a69121943fd171bc528aed26ded895189293008924cef6762a22001b4ee098fe5f680c7619bf0 SHA512 b67df39bc7d60f6ea9bb06d12413f0e4774185d4f020a68bdfdf8fe1ca669f70a62699b0f1100702af5ec47e460a35625dcaa09cfc6ea6d2f3957de227e87306 AUX clamav-0.103.1-upstream-openrc.patch 18249 BLAKE2B 305db3181a4a22acde5b28cef6c2d01b639be8c5b9e9c77737be1ebcb0553040b6eda117285e3e8b4bf06d2565a5d73225d7ce20ba1f115fd08bc822d779b370 SHA512 89e95057ee2f29bcdf5787f659ffe43b055b599d9bb80bf54794859113d760dad135b5b8d80c23e98f8c6b699dc839d4922c4c3b45edf97296f4eea668e62672 -AUX clamav-0.104.0-ncurses_detection.patch 906 BLAKE2B 9e1bd5814f0da5126fb9d8d34c2146c9cf9a6ca6e7ff2c574585f9df04c7f68f78ce8cc618cb346b9cdb545f78e938623adef642dd4b93961b2cf12047cdae5a SHA512 52d84cbe920e2dbdf4f6da26fe0ddc58596c0aa7e057cdd93407276847499269605e5a9db5fa61ab945b179a102c8d57930bad715cc595ebfb11ed7ba319d618 AUX clamav-milter.README.gentoo 2284 BLAKE2B 7afc18f3dad57c2d7595257b356943efb3d1af28d55ac8f09f0506430fd0dedf0820906ced666a7237e3af44a9bc1b43fff017c03faad844f96b132ca4c5dde6 SHA512 38eadf2d919a0c48345600ea5a39c90e766b62e8b1ffc7bb01969a8fd93c4545f2030058a470ac7efb75a1d6c74f9930438f58aeff5035e19e38241ed381f7b3 AUX clamav-milter.initd 1164 BLAKE2B 190dee3476f8763dc2498e2099e6afa83c36642298618ad959940771e73c07456e30e6319d649291c82fec49e3712e500a65b167fe91b12bd2758f79f040e1c3 SHA512 d21c60e7d3ee5eee65da18831eed905858a1c7ab4ec02de1c16fa36179d9c1cf517eca8402b872f3d995fa1d59a9b2e79994655ca4570370b40dc810af5e0a3d AUX clamav-milter.logrotate-r1 1103 BLAKE2B b506a07f6ebdf697f87060424368ce4e4085564c3fa8e8cc4780ba786f2f543ae51a6e0f9d04db9ea9eb5554c1e395592453235db5abcc243fd2523cb44adec2 SHA512 890744086dcd8d6f7eba0f49df0941c643c6d730ea27a660ecaaab50c51c931489fa25079ad1aa9e307f919ac98a4e5d6b2e952cc46dcea8322b3253c6ba07b1 @@ -18,10 +17,8 @@ AUX freshclam.initd 202 BLAKE2B 3bc294930984b779b032d40f9dd5063fb168a096cd45ef43 AUX freshclam.logrotate 631 BLAKE2B d5100e4f80227d3cda00193eb7a065f766d6b7b0c54ef58ad646fc7692cd4c6e572e053d368ba78c62c27cd3e1db111822208d29ecad67d10be7d5957d6622f3 SHA512 43838241c66bdf167105b25967576a568e0661e5b3292d24d3028837353280b03ffd1ea6adbbcbc152e50bc25f77357af42bbf3dd70817cf2cf02258ca0fe611 AUX freshclamd.service-r1 177 BLAKE2B 8c9304e8c43e03288dcb1c6897b53e7c36b6e6116bb5c43db1e9735cc5d7b50094d33679d2b42839a09c572ad631daf572f62c57e4a7b74bfad5ce40a5916364 SHA512 5243465d30de1e64697455b3af50f62e6d7f3d0df7e2ef9b60f89dc974d8118ff67df0b44fbbddd04dd196ca17cf4306ac99f1eec42a5a0ddd42a64c4cb992c8 AUX tmpfiles.d/clamav.conf 33 BLAKE2B 447c5ad4ad79bc70fc386833fa763451d30bf30f1ae26434039a3926ca5aae9734e0152c83b5b9aa5bed87b17c1b685c4ea9f41c9cb6b3197b1e78e800b71fd9 SHA512 eabe5a94c2679b82ea3e29272eb448b47e60b271381d3e97f3970b1a9e086d61662aff2d29887950a911025294aa7cea8bfd9003d257963566b251bcaeb5f6b2 -DIST clamav-0.103.4.tar.gz 16425023 BLAKE2B beca05941ce462bd98473a5ac72b36e63afeef5dea3e591fd8c9426c2077e550139b198ea7d0d12ac2be311d18c0170b94255c07df3e9a0defd3646ba4879bc7 SHA512 422a8cb98d355be098b0a0c575e4f08cf964e992d10ee02e7600eb9db6dfa943efbd988489f268e81e4d2ef29cfe582b236688ea209d6d2e46467f3c08eb475e DIST clamav-0.103.5.tar.gz 16434316 BLAKE2B c5a21b72419a8cd731656d8a8bbc79c5850895f1d8cc56cb5d19eabe2356a5dfcf88e7dc9553071a24b2719bae07cf1a941da3dbed69da8ac4ae3b8897ab32fe SHA512 242423b507eacbbd31dbae6dd0325dff87da25bb8072f2cee7a5e7cab4b8eb5ee6196c759570c1d75986a2777f0f79f92cfbd6250a30ae5b53390c75b238c29a DIST clamav-0.104.2.tar.gz 11950409 BLAKE2B 7d7eb9d22ca519f7ad0c171b6cab4b59cb52787a897ab31b9567166be2223f9ea89e79f42f1e4e0caf32fcb4b008f5ce755fa136566f85fe1de7808b436f80fa SHA512 8c89a05dec6650677125177434cc49ec2298701525508cdda52358e8f98086d80892287f6267f8b7fda0aef2ca361616cb584c3059f3b066bfde65f7f1ba2df5 -EBUILD clamav-0.103.4.ebuild 7353 BLAKE2B 6e08edaf316ed94fea7c0c78d40ef673cfeb7f42a39cc7f6de21dbce7ae030460271e58671099a468d07284a733eb497ef7d0a7c0c4a836d1b68c3e8d5b769fe SHA512 93b548284c7697bd69ba92505b673ead50b684cc213c24c2488de05c4dab6e3d311cef0aa6b78fb6ebbe49e86f3e25823b8cb7f45c5b3393b57ca736c05982a4 -EBUILD clamav-0.103.5.ebuild 7354 BLAKE2B 5c247a7d3e0b1d8c85556e3b3412e94599e8b219758e55e38522e916a780749a61dfa27b895e7dbc8a1755a338ace8ff0556f0a4e8514316c34e6b5541994849 SHA512 5c3497f507a0cc61c7bba3b1b46d3d4d702ec4f839f4db4e9a9277080a89937ffc20b3b7284b0e13ab46c542d2205bbf4eefa2f1f676eadd80aa942799e8cae6 +EBUILD clamav-0.103.5.ebuild 7353 BLAKE2B 9849983170e473ed2c906cec47b2e99727e603e0f3f5c72ddcab1cbce3f9255101bc5be34544b89037b90bb967d1ab29c93ed77d8e35ac611493020d0165f5d2 SHA512 b70196e273dc8668bc77211c702dcafd218d7aca2a3ea444ece7a9c132aa3bcc551ba0f07a016fa13963f7642a3716682e00a353c3bc044779081b399226301d EBUILD clamav-0.104.2.ebuild 6847 BLAKE2B 64117138433379a4432fb98c844745eb298875de45cdb08ed866489b4f40847f74ffd41591520d788a3e1468340b77e0170f78475a18eeecd93e1669a79c2103 SHA512 215f1b11136a888e612b32f05367f19d4a68add3d7415dc0256946e54c0f31ef9afd442182a54bd4532404fa4d7484accd945d8c6dfcc84fc3fee69bdd719c96 MISC metadata.xml 1287 BLAKE2B 75d0e2ee639919863a0b12951c04f6338fab836812a930b5cae82adc9546f0d9115c1c12a233b08e7bcf1810b38f8d0c119ee44a7640ade191f9bdb5c2bdf759 SHA512 2ef5d16db72356b72cfe6334b5a9b6c6e4d491ab445debbf9433d44c843e27d03aade9cc49a4fcad151ecfbb3dc4d99903e5a27eac8954991822eca3bad2b6c0 diff --git a/app-antivirus/clamav/clamav-0.103.4.ebuild b/app-antivirus/clamav/clamav-0.103.4.ebuild deleted file mode 100644 index 93554122c91a..000000000000 --- a/app-antivirus/clamav/clamav-0.103.4.ebuild +++ /dev/null @@ -1,239 +0,0 @@ -# Copyright 1999-2022 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -inherit autotools flag-o-matic systemd tmpfiles - -DESCRIPTION="Clam Anti-Virus Scanner" -HOMEPAGE="https://www.clamav.net/" -SRC_URI="https://www.clamav.net/downloads/production/${P}.tar.gz" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ppc ppc64 ~riscv ~sparc x86 ~amd64-linux ~x86-linux ~ppc-macos ~sparc-solaris ~x86-solaris" -IUSE="bzip2 doc clamonacc clamdtop clamsubmit iconv ipv6 libclamav-only milter metadata-analysis-api selinux systemd test xml" - -REQUIRED_USE="libclamav-only? ( !clamonacc !clamdtop !clamsubmit !milter !metadata-analysis-api )" - -RESTRICT="!test? ( test )" - -# Require acct-{user,group}/clamav at build time so that we can set -# the permissions on /var/lib/clamav in src_install rather than in -# pkg_postinst; calling "chown" on the live filesystem scares me. -CDEPEND="acct-group/clamav - acct-user/clamav - dev-libs/libltdl - dev-libs/libmspack - || ( dev-libs/libpcre2 >dev-libs/libpcre-6 ) - dev-libs/tomsfastmath - >=sys-libs/zlib-1.2.2:= - bzip2? ( app-arch/bzip2 ) - clamdtop? ( sys-libs/ncurses:0 ) - clamsubmit? ( net-misc/curl dev-libs/json-c:= ) - elibc_musl? ( sys-libs/fts-standalone ) - iconv? ( virtual/libiconv ) - !libclamav-only? ( net-misc/curl ) - dev-libs/openssl:0= - milter? ( || ( mail-filter/libmilter mail-mta/sendmail ) ) - xml? ( dev-libs/libxml2 )" - -# We need at least autoconf-2.69-r5 because that's the first (patched) -# version of it in Gentoo that supports ./configure --runstatedir. -BDEPEND=">=sys-devel/autoconf-2.69-r5 - virtual/pkgconfig" - -DEPEND="${CDEPEND} - metadata-analysis-api? ( dev-libs/json-c:* ) - test? ( dev-libs/check )" -RDEPEND="${CDEPEND} - selinux? ( sec-policy/selinux-clamav )" - -PATCHES=( - "${FILESDIR}/${PN}-0.102.1-libxml2_pkgconfig.patch" #661328 - "${FILESDIR}/${PN}-0.102.2-fix-curl-detection.patch" #709616 - "${FILESDIR}/${PN}-0.103.0-system-tomsfastmath.patch" # 649394 - "${FILESDIR}/${PN}-0.103.1-upstream-openrc.patch" -) - -src_prepare() { - default - - # Be extra sure that we're using the system copy of tomsfastmath - einfo "removing bundled copy of dev-libs/tomsfastmath" - rm -r libclamav/tomsfastmath || \ - die "failed to remove bundled tomsfastmath" - - AT_NO_RECURSIVE="yes" eautoreconf -} - -src_configure() { - use elibc_musl && append-ldflags -lfts - use ppc64 && append-flags -mminimal-toc - - # according to configure help it should be - # $(use_enable xml) - # but that does not work - # do not add this, since --disable-xml seems to override - # --without-xml - JSONUSE="--without-libjson" - - if use clamsubmit || use metadata-analysis-api; then - # either of those 2 requires libjson. - # clamsubmit will be built as soon as libjson and curl are found - # but we only install the binary if requested - JSONUSE="--with-libjson=${EPREFIX}/usr" - fi - - local myeconfargs=( - $(use_enable bzip2) - $(use_enable clamonacc) - $(use_enable clamdtop) - $(use_enable ipv6) - $(use_enable milter) - $(use_enable test check) - $(use_with xml) - $(use_with iconv) - ${JSONUSE} - $(use_enable libclamav-only) - $(use_with !libclamav-only libcurl) - --with-system-libmspack - --cache-file="${S}"/config.cache - --disable-experimental - --disable-static - --disable-zlib-vcheck - --enable-id-check - --with-dbdir="${EPREFIX}"/var/lib/clamav - # Don't call --with-zlib=/usr (see bug #699296) - --with-zlib - --disable-llvm - --enable-openrc - --runstatedir=/run - ) - econf "${myeconfargs[@]}" -} - -src_install() { - default - - rm -rf "${ED}"/var/lib/clamav || die - - if ! use libclamav-only ; then - if use systemd; then - # The tmpfiles entry is behind USE=systemd because the - # upstream OpenRC service files should (and do) ensure that - # the directories they need exist and have the correct - # permissions without the help of opentmpfiles. There are - # years-old root exploits in opentmpfiles, the design is - # fundamentally flawed, and the maintainer is not up to - # the task of fixing it. - dotmpfiles "${FILESDIR}/tmpfiles.d/clamav.conf" - systemd_newunit "${FILESDIR}/clamd_at.service" "clamd@.service" - systemd_dounit "${FILESDIR}/clamd.service" - systemd_newunit "${FILESDIR}/freshclamd.service-r1" \ - "freshclamd.service" - fi - - insinto /etc/logrotate.d - newins "${FILESDIR}/clamd.logrotate" clamd - newins "${FILESDIR}/freshclam.logrotate" freshclam - use milter && \ - newins "${FILESDIR}/clamav-milter.logrotate-r1" clamav-milter - - # Modify /etc/{clamd,freshclam}.conf to be usable out of the box - sed -i -e "s:^\(Example\):\# \1:" \ - -e "s/^#\(PidFile .*\)/\1/" \ - -e "s/^#\(LocalSocket .*\)/\1/" \ - -e "s/^#\(User .*\)/\1/" \ - -e "s:^\#\(LogFile\) .*:\1 ${EPREFIX}/var/log/clamav/clamd.log:" \ - -e "s:^\#\(LogTime\).*:\1 yes:" \ - -e "s/^#\(DatabaseDirectory .*\)/\1/" \ - "${ED}"/etc/clamd.conf.sample || die - - sed -i -e "s:^\(Example\):\# \1:" \ - -e "s/^#\(PidFile .*\)/\1/" \ - -e "s/^#\(DatabaseOwner .*\)/\1/" \ - -e "s:^\#\(UpdateLogFile\) .*:\1 ${EPREFIX}/var/log/clamav/freshclam.log:" \ - -e "s:^\#\(NotifyClamd\).*:\1 ${EPREFIX}/etc/clamd.conf:" \ - -e "s:^\#\(ScriptedUpdates\).*:\1 yes:" \ - -e "s/^#\(DatabaseDirectory .*\)/\1/" \ - "${ED}"/etc/freshclam.conf.sample || die - - if use milter ; then - # Note: only keep the "unix" ClamdSocket and MilterSocket! - sed -i -e "s:^\(Example\):\# \1:" \ - -e "s/^#\(PidFile .*\)/\1/" \ - -e "s/^#\(ClamdSocket unix:.*\)/\1/" \ - -e "s/^#\(User .*\)/\1/" \ - -e "s/^#\(MilterSocket unix:.*\)/\1/" \ - -e "s:^\#\(LogFile\) .*:\1 ${EPREFIX}/var/log/clamav/clamav-milter.log:" \ - "${ED}"/etc/clamav-milter.conf.sample || die - - cat >> "${ED}"/etc/conf.d/clamd <<-EOF - MILTER_NICELEVEL=19 - START_MILTER=no - EOF - - systemd_newunit "${FILESDIR}/clamav-milter.service-r1" clamav-milter.service - fi - - local i - for i in clamd freshclam clamav-milter - do - if [[ -f "${ED}"/etc/"${i}".conf.sample ]]; then - mv "${ED}"/etc/"${i}".conf{.sample,} || die - fi - done - - # These both need to be writable by the clamav user. - # TODO: use syslog by default; that's what it's for. - diropts -o clamav -g clamav - keepdir /var/lib/clamav - keepdir /var/log/clamav - fi - - if use doc ; then - local HTML_DOCS=( docs/html/. ) - einstalldocs - - if ! use libclamav-only ; then - doman docs/man/*.[1-8] - fi - fi - - find "${ED}" -name '*.la' -delete || die -} - -src_test() { - if use libclamav-only ; then - ewarn "Test target not available when USE=libclamav-only is set, skipping tests ..." - return 0 - fi - - emake quick-check -} - -pkg_postinst() { - if ! use libclamav-only ; then - if use systemd ; then - tmpfiles_process clamav.conf - fi - fi - - if use milter ; then - elog "For simple instructions how to setup the clamav-milter read the" - elog "clamav-milter.README.gentoo in /usr/share/doc/${PF}" - fi - - local databases=( "${EROOT}"/var/lib/clamav/main.c[lv]d ) - if [[ ! -f "${databases}" ]] ; then - ewarn "You must run freshclam manually to populate the virus database" - ewarn "before starting clamav for the first time." - fi - - ewarn "This version of ClamAV provides separate OpenRC services" - ewarn "for clamd, freshclam, clamav-milter, and clamonacc. The" - ewarn "clamd service now starts only the clamd daemon itself. You" - ewarn "should add freshclam (and perhaps clamav-milter) to any" - ewarn "runlevels that previously contained clamd." -} diff --git a/app-antivirus/clamav/clamav-0.103.5.ebuild b/app-antivirus/clamav/clamav-0.103.5.ebuild index 98ea805abba2..57871e2f02fe 100644 --- a/app-antivirus/clamav/clamav-0.103.5.ebuild +++ b/app-antivirus/clamav/clamav-0.103.5.ebuild @@ -11,7 +11,7 @@ SRC_URI="https://www.clamav.net/downloads/production/${P}.tar.gz" LICENSE="GPL-2" SLOT="0" -KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ppc ~ppc64 ~riscv ~sparc x86 ~amd64-linux ~x86-linux ~ppc-macos ~sparc-solaris ~x86-solaris" +KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ppc ppc64 ~riscv ~sparc x86 ~amd64-linux ~x86-linux ~ppc-macos ~sparc-solaris ~x86-solaris" IUSE="bzip2 doc clamonacc clamdtop clamsubmit iconv ipv6 libclamav-only milter metadata-analysis-api selinux systemd test xml" REQUIRED_USE="libclamav-only? ( !clamonacc !clamdtop !clamsubmit !milter !metadata-analysis-api )" diff --git a/app-antivirus/clamav/files/clamav-0.104.0-ncurses_detection.patch b/app-antivirus/clamav/files/clamav-0.104.0-ncurses_detection.patch deleted file mode 100644 index aa403a90bab3..000000000000 --- a/app-antivirus/clamav/files/clamav-0.104.0-ncurses_detection.patch +++ /dev/null @@ -1,27 +0,0 @@ -From cd99490efb82b66c75e92fab3ff97c480bfc9cf9 Mon Sep 17 00:00:00 2001 -From: Luca Barbato <lu_zero@gentoo.org> -Date: Sat, 16 Oct 2021 10:56:22 +0200 -Subject: [PATCH] Use all the link line from ncurses pkg-config - -Otherwise it would fail at link time if ncurses has a stand alone tinfo library. ---- - cmake/FindCURSES.cmake | 6 +----- - 1 file changed, 1 insertion(+), 5 deletions(-) - -diff --git a/cmake/FindCURSES.cmake b/cmake/FindCURSES.cmake -index 35d4a570f6..528211c45c 100644 ---- a/cmake/FindCURSES.cmake -+++ b/cmake/FindCURSES.cmake -@@ -58,11 +58,7 @@ if(NCURSES_NOT_FOUND EQUAL -1) - set(HAVE_LIBNCURSES 1) - set(CURSES_INCLUDE "<ncurses.h>") - -- find_library(CURSES_LIBRARY -- NAMES ncurses -- PATHS ${PC_NCurses_LIBRARY_DIRS} -- ) -- -+ set(CURSES_LIBRARY ${PC_NCurses_LINK_LIBRARIES}) - set(CURSES_VERSION ${PC_NCurses_VERSION}) - - include(FindPackageHandleStandardArgs) diff --git a/app-antivirus/fangfrisch/Manifest b/app-antivirus/fangfrisch/Manifest index 9433ec449fbf..6af2d3216f9b 100644 --- a/app-antivirus/fangfrisch/Manifest +++ b/app-antivirus/fangfrisch/Manifest @@ -1,5 +1,8 @@ AUX fangfrisch.conf 512 BLAKE2B 1b1cd87fbf2095f8d6839fef2175b70cdf1c8d72bcfa8eb06e9abe5e88150f3d4414a64679d775f1fef4378a940334c6c1567f387dbf6ce7f8bb40f6070f31c0 SHA512 e3fff2b24a6bd05a709472e9b7b5416732807171539d31c9f2129e8b7c2ef2b5f047a7090818a2aae77941169030e7785be7a6cded1220f8a130e9e60ea05ce6 AUX fangfrisch.cron 170 BLAKE2B b2b3572bb468942eecc006749710900bb19e29d40ad444a4b1ee1575f2d4eda77e2b4c66f6ab75208bbb28c48f0d26075b2d0517982cd62d0f082aa657ff82f2 SHA512 46ba3a9bbdc93896387e9ca3a2fef1bbae6711b3680baa0afddf41c83b537e62d9425fe93d7d7befc60dd8a89aa4c70f9947b596594d5ca93024acec1f9bf454 +AUX fangfrisch.service 347 BLAKE2B d7c36538bc8c96bd9f31cbfbba5e26572557cd87567b7c0aec1e6d4d6041194531a8da3ca831ba11f7df3558754e4bd965e03a5ae06ed8cadb9617b28028dbcf SHA512 e296b4c2f81754650845ed9ad9bd655cc81c2e59843508da5eca07d808a50a9bad5a3972f4f55ef4b97652d5f2f0c8d4e3b0cc63c7e38cc27074801e98961bcc +AUX fangfrisch.timer 212 BLAKE2B debdcfa78e9583aa490be4e6c91834e134e1680b0f0f1284046f5ac611fa77878e0258f92e4f99ae2c4616b57a6a240b6be797c2e36308a218983e51dbf20848 SHA512 1e5d5cf39bddd7527350ef5f2fa7b1e3018ca32b3f0b2d0df4d31184eef11c811b1c0111f547b4174e1a550ffeee73f5c7215da8c381edb0cccf71887c77f8ff DIST fangfrisch-1.5.0.tar.gz 115352 BLAKE2B 2c8ed5484255e336a960285f4eb13180691b2e4da0260f6ed2d1308575f5104cb79602c6c5bda93d2889dfdf24817748560376c9e13e6071810d9246b6120724 SHA512 cb15933d0cacc0912e7f1f103a213e277905a40ff4f7fe818c60d28c2ce92377aaea77b413f55f0ae8701e41eb35bcb2c3b3e04c624a6a57533ca621f93e00f5 +EBUILD fangfrisch-1.5.0-r1.ebuild 2099 BLAKE2B 8f3749d7ccf04f4c81b1fceda6e60f656aa5b4022741896a18f0dae1a57c2f5d17526bdd77f6598297a747ab960a1ebdf22c29b7aa54bf83024d885056919786 SHA512 e7aa0fe417a26c5f23c7781c66e5e9dd9d45b6e2ebc23d8c1c52a1a5aa2d861ecc0b904a4f55fefcce5e57b8b0dae01ca45a7e0b07205771ccf15620b2bf6656 EBUILD fangfrisch-1.5.0.ebuild 1941 BLAKE2B 66e519a27a2fc38a46cb0469c41016e6484bfc2e5c0b0a30ee83133a6d574a404d8db99bb40dd3351f8a14e98ca1fcdf0692f9bd62d5a579dffb6652b12082c0 SHA512 6723fb3247fa18f78dadf909295f27ef7c5c06211a9bb2d15e48c9a3791c027d9ae709bfe4efeee04d008d685349d83d42470654473fa4429d5e1f05d6483808 MISC metadata.xml 920 BLAKE2B 879f3328bdda86673c3adcd3915c8031c39cf4b40b4c8a57bcaa9933c20c237066a83f5a8aad46df25701b85a06996d1b49132c3f9a938bd53abd5a1849ce759 SHA512 c7008978e3a919ddd3f2890cb4f29c23eebabccbd27f078b56749715862db3e604ca8b677af8c2b233d554f3089ff9c40b80a3bd49eebfb5c4c2a7db6d8436fe diff --git a/app-antivirus/fangfrisch/fangfrisch-1.5.0-r1.ebuild b/app-antivirus/fangfrisch/fangfrisch-1.5.0-r1.ebuild new file mode 100644 index 000000000000..7f825da973c9 --- /dev/null +++ b/app-antivirus/fangfrisch/fangfrisch-1.5.0-r1.ebuild @@ -0,0 +1,71 @@ +# Copyright 1999-2022 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +PYTHON_COMPAT=( python3_{8,9,10} ) + +inherit distutils-r1 readme.gentoo-r1 systemd + +DESCRIPTION="Update and verify unofficial Clam Anti-Virus signatures" +HOMEPAGE="https://github.com/rseichter/fangfrisch https://pypi.org/project/fangfrisch/" +SRC_URI="https://github.com/rseichter/fangfrisch/archive/${PV}.tar.gz -> ${P}.tar.gz" + +MY_CONF="/etc/${PN}.conf" +MY_DBDIR="/var/lib/${PN}" +DISABLE_AUTOFORMATTING=1 +DOC_CONTENTS="See https://rseichter.github.io/fangfrisch/ for the official +documentation. + +### Fresh installations: + +Modify ${MY_CONF} according to your preferences. +Assuming you place the database into ${MY_DBDIR} +(recommended), execute the following commands in a root shell: + +mkdir -m 0770 ${MY_DBDIR} +chgrp clamav ${MY_DBDIR} +sudo -u clamav -- fangfrisch -c ${MY_CONF} initdb + +You can now enable /etc/cron.d/${PN} for periodic updates. + +### Alternative: Updating from release 1.0.1: + +Either create a fresh database or manually delete all existing +database tables, then run the initdb command as shown above." + +LICENSE="GPL-3+" +SLOT="0" +KEYWORDS="~amd64 ~x86" + +DEPEND=">=dev-python/requests-2.22.0[${PYTHON_USEDEP}] + >=dev-python/sqlalchemy-1.3.11[${PYTHON_USEDEP}]" +RDEPEND="${DEPEND}" + +python_prepare_all() { + sed -i -e '/SQLAlchemy/d' setup.py || die + # Due to the nature of Fangfrisch, most tests require network + # connectivity and/or access keys to download signature files. + # Also, my own CI reports show that the tests are successful, + # so instead of a pick-and-choose approach, the complete tests + # directory is removed in this ebuild. --RS + if [ -d tests ]; then + rm -r tests || die + fi + distutils-r1_python_prepare_all +} + +python_install_all() { + insinto /etc + doins "${FILESDIR}/${PN}.conf" + insinto /etc/cron.d + newins "${FILESDIR}/${PN}.cron" ${PN} + systemd_dounit "${FILESDIR}/${PN}.service" + systemd_dounit "${FILESDIR}/${PN}.timer" + distutils-r1_python_install_all + readme.gentoo_create_doc +} + +pkg_postinst() { + FORCE_PRINT_ELOG=1 readme.gentoo_print_elog +} diff --git a/app-antivirus/fangfrisch/files/fangfrisch.service b/app-antivirus/fangfrisch/files/fangfrisch.service new file mode 100644 index 000000000000..5b22decaa627 --- /dev/null +++ b/app-antivirus/fangfrisch/files/fangfrisch.service @@ -0,0 +1,14 @@ +[Unit] +Description=Download unofficial ClamAV virus definition files +ConditionPathExists=/var/lib/fangfrisch/db.sqlite +After=network-online.target +Wants=network-online.target + +[Service] +Type=simple +User=clamav +WorkingDirectory=/var/lib/fangfrisch +ExecStart=/usr/bin/fangfrisch -c /etc/fangfrisch.conf refresh + +[Install] +WantedBy=multi-user.target diff --git a/app-antivirus/fangfrisch/files/fangfrisch.timer b/app-antivirus/fangfrisch/files/fangfrisch.timer new file mode 100644 index 000000000000..c63323e3c7d4 --- /dev/null +++ b/app-antivirus/fangfrisch/files/fangfrisch.timer @@ -0,0 +1,12 @@ +[Unit] +Description=Periodically run Fangfrisch +Requires=fangfrisch.service + +[Timer] +OnCalendar=*:00,10,20,30,40,50 +Persistent=true +RandomizedDelaySec=10s +Unit=fangfrisch.service + +[Install] +WantedBy=timers.target diff --git a/app-antivirus/lkrg/Manifest b/app-antivirus/lkrg/Manifest new file mode 100644 index 000000000000..58abb30508d0 --- /dev/null +++ b/app-antivirus/lkrg/Manifest @@ -0,0 +1,5 @@ +AUX lkrg-0.9.2-systemd-coredump-umh-whitelist.patch 1052 BLAKE2B 6cf0af6b59026b1526f85f6db4a6c6b936add6b0f612a38a06eefb1de9363e57417c03c69e770be1c5e3da0fdb1f0382e862154e84c9828526dbca7c813bdadb SHA512 daba60c48e68ea8c0102424fd20c1eca360ffb1ce8eec25bd52935b5f2b5c0b6936fb3476fc941a27cef7fe4dc3be3446a8424f48e3bedf856e70fb56bd267c8 +DIST lkrg-0.9.2.tar.gz 125976 BLAKE2B c3da2d4599c9dd5b7d6fbec426fd93d802715f6c8566471f82c8f1c7d31621ebb4a2cc4c285d076aad6a6ee6b1bb790debbb365cfc6220192df049ac1d3c67a9 SHA512 5fec807618817bcb516e1a6779def6979badbdac6fe9b38fcce8425a0c7ebe3fb55c05d3080d8cac2d67cac6e8b7d2d77b3a1be450227299e2a02a311e223331 +DIST lkrg-0.9.2.tar.gz.sign 801 BLAKE2B 0cd8b18c8a0fbcca61ffa868b406d048461ddf9189fb08f15faa45e01b8731906a6b14105dfcf92bb5124373860f6695594063ee8d138c94c70adf471bc15e0a SHA512 18b547ca84a7fd2957484857e17983408e92fd005d58b77b399c5156ecb09fc5e9e6c910337654a2655883d103098c1769b1993017eec753bd21e63d6491ad04 +EBUILD lkrg-0.9.2.ebuild 1026 BLAKE2B 6fb93f1537b995dc893095d87b8a40b531f39486ccfca6cb5f58a371ae4bd9d620757a5040d6697860ba48010952f1999b3fb26249c2f5be2ad0961beb80f169 SHA512 d69194399c394b528e51b4e9f2a63ebe80f92bbf6eca3208d43b51c3931975f1fc15eb3b0cc5e31c58895a2aeedf13ab2eab00a527c363eceec9b1940cc3facd +MISC metadata.xml 326 BLAKE2B 01848278e317c44c65d36ffb73d68b87981796f69301447a32ea47f93bc1fda9ca82e7b8036310e733bf1f0ab67a4e31868e48e0c720023a016ae9f743b72f59 SHA512 afa115a36eeb4290c82de2be302f5432294beb26e3d4709de0c67df693694bcdd73573ca24b404493af492e958698c257f4b48395c29d4ab46a9796e871bcc3a diff --git a/app-antivirus/lkrg/files/lkrg-0.9.2-systemd-coredump-umh-whitelist.patch b/app-antivirus/lkrg/files/lkrg-0.9.2-systemd-coredump-umh-whitelist.patch new file mode 100644 index 000000000000..438784aff16e --- /dev/null +++ b/app-antivirus/lkrg/files/lkrg-0.9.2-systemd-coredump-umh-whitelist.patch @@ -0,0 +1,23 @@ +commit 7939aa03e00e7e48781d405743e2f2d31fca113b +Author: John Helmert III <ajak@gentoo.org> +Date: Fri Jan 7 01:46:35 2022 -0600 + + Add non-usr-merged systemd-coredump to UMH whitelist + + Some distributions haven't merged /usr yet, so add the alternative + path for systemd-coredump. + + Signed-off-by: John Helmert III <ajak@gentoo.org> + +diff --git a/src/modules/exploit_detection/syscalls/p_call_usermodehelper/p_call_usermodehelper.c b/src/modules/exploit_detection/syscalls/p_call_usermodehelper/p_call_usermodehelper.c +index ac2a737..7387135 100644 +--- a/src/modules/exploit_detection/syscalls/p_call_usermodehelper/p_call_usermodehelper.c ++++ b/src/modules/exploit_detection/syscalls/p_call_usermodehelper/p_call_usermodehelper.c +@@ -45,6 +45,7 @@ static const char * const p_umh_global[] = { + "/etc/acpi/events/RadioPower.sh", + "/etc/acpi/wireless-rtl-ac-dc-power.sh", + "/lib/systemd/systemd-cgroups-agent", ++ "/lib/systemd/systemd-coredump", + "/sbin/bridge-stp", + "/sbin/critical_overtemp", + "/sbin/drbdadm", diff --git a/app-antivirus/lkrg/lkrg-0.9.2.ebuild b/app-antivirus/lkrg/lkrg-0.9.2.ebuild new file mode 100644 index 000000000000..05421d7d8ec1 --- /dev/null +++ b/app-antivirus/lkrg/lkrg-0.9.2.ebuild @@ -0,0 +1,40 @@ +# Copyright 1999-2022 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit linux-mod linux-info verify-sig + +DESCRIPTION="Linux Kernel Runtime Guard" +HOMEPAGE="https://lkrg.org" +SRC_URI="https://lkrg.org/download/${P}.tar.gz + verify-sig? ( https://lkrg.org/download/${P}.tar.gz.sign )" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64" + +BDEPEND="verify-sig? ( sec-keys/openpgp-keys-openwall )" + +PATCHES=( "${FILESDIR}/${PN}-${PV}-systemd-coredump-umh-whitelist.patch" ) + +MODULE_NAMES="p_lkrg(misc:${S}:${S})" +VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}/usr/share/openpgp-keys/openwall.asc" + +pkg_setup() { + CONFIG_CHECK="HAVE_KRETPROBES KALLSYMS_ALL KPROBES JUMP_LABEL" + CONFIG_CHECK+=" MODULE_UNLOAD !PREEMPT_RT ~STACKTRACE" + linux-mod_pkg_setup + + # compile against selected (not running) target + BUILD_PARAMS="P_KVER=${KV_FULL} P_KERNEL=${KERNEL_DIR}" + BUILD_TARGETS="all" +} + +src_unpack() { + if use verify-sig; then + verify-sig_verify_detached ${DISTDIR}/${P}.tar.gz{,.sign} + fi + + default +} diff --git a/app-antivirus/lkrg/metadata.xml b/app-antivirus/lkrg/metadata.xml new file mode 100644 index 000000000000..e9dbfa382604 --- /dev/null +++ b/app-antivirus/lkrg/metadata.xml @@ -0,0 +1,11 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="person"> + <email>ajak@gentoo.org</email> + <name>John Helmert III</name> + </maintainer> + <upstream> + <remote-id type="github">lkrg-org/lkrg</remote-id> + </upstream> +</pkgmetadata> |