[clamav-users] 99.3 for Ubuntu

Chris cpollock at embarqmail.com
Sat Jan 27 23:22:22 UTC 2018 

On Sat, 2018-01-27 at 23:22 +0100, Marcus Schopen wrote:
> Am Freitag, den 26.01.2018, 16:25 +0100 schrieb Reindl Harald:
> > 
> > 
> > if you use distribution packages you are supposed to wait for a
> > update 
> > from the distribution or learn to proper package at your own
> > 
> > i heard that's not that easy as on Redhat systems because you don't
> > have 
> > everything in a .src.rpm and just need to replace the tarball
> > after 
> > unpack the src.rpm and edit the version in the spec file but again:
> That's not right. Building a 0.99.3 deb package based on the current
> 0.99.2 deb source package are just a few shell commands, e.g.:
> 
> 0. set up an build environment e.g. on a fresh box:
> 
>  aptitude install dpkg-dev devscripts equivs quilt
> 
>  export QUILT_PATCHES=debian/patches
> 
> 1. get the current 0.99.2 clamav src package, e.g. for 14.04 TLS from
> 
>  https://packages.ubuntu.com/source/trusty/clamav
> 
> wget http://archive.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.99.
> 2+
> addedllvm-0ubuntu0.14.04.2.dsc
> 
> wget http://archive.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.99.
> 2+
> addedllvm.orig.tar.xz
> 
> wget http://archive.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.99.
> 2+
> addedllvm-0ubuntu0.14.04.2.debian.tar.gz
> 
> 2. unpack the source package
>  
>  dpkg-source -x clamav_0.99.2+addedllvm-0ubuntu0.14.04.2.dsc
> 
> 3. download the new original 0.99.3 clamav source
> 
>  http://www.clamav.net/downloads/production/clamav-0.99.3.tar.gz
> 
> 4. upgrade the old 0.99.2 deb source package
> 
>  cd clamav-0.99.2+addedllvm
>  uupdate -v 0.99.3 ../clamav-0.99.3.tar.gz
> 
> 5. enter the new 0.99.3 deb source package dir
> 
>   cd ../clamav-0.99.3
> 
> 6. remove old patches from ./debian/patches dir which are not longer
> needed. 
> 
>  In this case (to my mind) on 14.04 LTS CVE-2017-6418 and CVE-2017-
> 6420 
> are already patched in 0.99.3. Unsure about CVE-2017-6419 (didn't
> find
> it in the README); I removed it, because 0.99.3 original source
> doesn't
> come up with this patch. May be someone knows better.
> 
>  quilt pop -a
>  quilt delete -r CVE-2017-6418
>  quilt delete -r CVE-2017-6419
>  quilt delete -r CVE-2017-6420
>  quilt delete -r CVE-2017-6420-2
> 
> 7. maintenance debian/changelog and add your suffix, e.g.
> 
>  dch --local ~yoursuffix
> 
Thanks so much for this Marcus, seems a lot easier than going through
using pbuilder. One question. I'm at step 7, what should go after
--local? Not sure what you mean by ~yoursuffix.

> 8. finally build new deb package
> 
>  dpkg-buildpackage -us -uc
> 
> That's it. So basically it's replacing the orig tar ball and update
> changelog too.
> 
> Ciao
> Marcus
> 
> 
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml
-- 
Chris
KeyID 0xE372A7DA98E6705C
31.11972; -97.90167 (Elev. 1092 ft)
17:20:28 up 1 day, 9:08, 1 user, load average: 0.78, 0.69, 0.74
Description:	Ubuntu 16.04.3 LTS, kernel 4.13.0-32-generic
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: This is a digitally signed message part
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20180127/727f1ba2/attachment.sig>

More information about the clamav-users mailing list