From nobody Mon Dec 12 14:40:28 2022 X-Original-To: ports-bugs@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4NW46l6cH1z4kXM9 for ; Mon, 12 Dec 2022 14:40:31 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4NW46l5SPZz4L12 for ; Mon, 12 Dec 2022 14:40:31 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1670856031; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=hLlBNm9aAY2ONE+01Ys5zhBWciUi7mGamodXRrYLHSQ=; b=rFHGrrlIwcsPxFInORVWJqsP7VHm9eVpubrViZuFAwholHsVIh0i73QGpHPnuhJxqqHNA2 JebieYTUwGIvIXk2cPLI9WQwpqNg3BAbXF7rA26tU8ql5uMzxLNLLtaPSsB6JS5tsdFfbV +3ukacfgVtwcXCWftxagvjJY7jbOitNyrM6+1be3L77337BRLE57pPAlak3sBBufQBAJHW eRDL8qD+5Zu772HKj/X6QtSSD7a0XVXUlUrc2p5SyNa/UdY4KjZL6Ds0PBXqNnRgkw8vXF +5Jrpftci9dzZUkybILtGfhjRQBm0w93n/zzJTeZ3KXthZghqJyTkmz9XMdOog== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1670856031; a=rsa-sha256; cv=none; b=fIMRzCO9HgxWSQIXt3sgCmBhoUtUJWIIEizTDchPiF9BJuVfA2P2n6dF3rVxumV8FojBJK Kwz3jkFaBrUvw7lXeuD9t+ldBUCytHrnAPYIeez81njG4BdlVQgZ0D+lOov6xL1s4i+tJK kcAx4u1rMAeSp615/cflv+c/RwTDY8kbXFABxWh2CtkOP+tPbo9xoAk6qe53Hbkq1YDf+o Qu6OjPHBrr/hn+/KV2ZbfVFmb5kPTJK2tajHNrRrby3kEH7loUc/y3Xs0422uloluL7ywU Hs2xPf5zMwRHuOdFU8/LmTC0spCtfTPhJOOneYcsHb7Kq/EczElSYYvenNJbDw== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4NW46l4MqqzdRy for ; Mon, 12 Dec 2022 14:40:31 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 2BCEeVkb004158 for ; Mon, 12 Dec 2022 14:40:31 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 2BCEeVGp004157 for ports-bugs@FreeBSD.org; Mon, 12 Dec 2022 14:40:31 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 268069] security/clamav: 1.0.0 does no work with cld and cvd files Date: Mon, 12 Dec 2022 14:40:28 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: fsbruva@yahoo.com X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: ports-bugs@FreeBSD.org X-Bugzilla-Flags: maintainer-feedback? X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Ports bug reports List-Archive: https://lists.freebsd.org/archives/freebsd-ports-bugs List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-ports-bugs@freebsd.org X-BeenThere: freebsd-ports-bugs@freebsd.org MIME-Version: 1.0 X-ThisMailContainsUnwantedMimeParts: N https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D268069 --- Comment #17 from fsbruva@yahoo.com --- Good morning. I have been tearing my hair out on this one. Here's the output when starting clamav 1.0.0 on the broken jail, using a known good (downloaded/verified by freshclam 1.0.0 in functioning jail) backup of /var/db/clamav: Attempting to start clamav-clamd 1.0.0 with known good database in broken j= ail: LibClamAV debug: Loading databases from /var/db/clamav LibClamAV debug: in cli_cvdload() LibClamAV debug: MD5(.tar.gz) =3D 8cbf2717c14dbd1406290693c0dcf014 LibClamAV debug: cli_versig: Decoded signature: 00000000000000000000000000000000 LibClamAV debug: cli_versig: Signature doesn't match. LibClamAV debug: cli_cvdverify: Digital signature verification error LibClamAV Error: Can't load /var/db/clamav/daily.cvd: Can't verify database integrity LibClamAV Error: cli_loaddbdir: error loading database /var/db/clamav/daily= .cvd ERROR: Can't verify database integrity Closing the main socket. /usr/local/etc/rc.d/clamav-clamd: WARNING: failed to start clamav_clamd A similar error occurs when running freshclam 1.0.0 in the broken jail. You can see that the correct hash is present in the file.... user@machine:/var/db/clamav # hexdump -vC daily.cvd | head -n10 00000000 43 6c 61 6d 41 56 2d 56 44 42 3a 30 31 20 44 65 |ClamAV-VDB:01 = De| 00000010 63 20 32 30 32 32 20 30 33 2d 32 32 20 2d 30 35 |c 2022 03-22 -= 05| 00000020 30 30 3a 32 36 37 33 37 3a 32 30 31 33 32 33 32 |00:26737:20132= 32| 00000030 3a 39 30 3a 38 63 62 66 32 37 31 37 63 31 34 64 |:90:8cbf2717c1= 4d| 00000040 62 64 31 34 30 36 32 39 30 36 39 33 63 30 64 63 |bd1406290693c0= dc| 00000050 66 30 31 34 3a 78 32 73 4f 65 6e 52 32 36 70 6a |f014:x2sOenR26= pj| 00000060 39 44 36 30 4a 67 2f 79 44 44 78 53 64 47 6c 54 |9D60Jg/yDDxSdG= lT| 00000070 79 45 78 48 35 4e 66 76 42 36 4a 30 2f 66 79 58 |yExH5NfvB6J0/f= yX| 00000080 46 71 4f 41 59 50 6a 2f 37 74 34 52 76 34 66 43 |FqOAYPj/7t4Rv4= fC| 00000090 34 65 47 42 4b 69 34 6b 56 2b 62 63 70 46 57 49 |4eGBKi4kV+bcpF= WI| When that same file is used in the working jail, when clamav-clamd 1.0.0 is started, here's what you see... LibClamAV debug: Loading databases from /var/db/clamav LibClamAV debug: in cli_cvdload() LibClamAV debug: MD5(.tar.gz) =3D 8cbf2717c14dbd1406290693c0dcf014 LibClamAV debug: cli_versig: Decoded signature: 8cbf2717c14dbd1406290693c0dcf014 I have done the following thus far: 1. Installed all the ports that were unique to the functioning jail (using = same OPTIONS) that into the non-working jail to try to solve dependencies issues. 2. Completely rebuilt entire chain and all dependencies in functioning jail, using portmaster -f security/clamav. Afterwards, resulting port install of clamav 1.0.0 still worked in the functioning jail. 3. Copied all ports OPTIONS from the functioning jail into non-working jail, and completely rebuilt entire chain in non-working jail, using portmaster -f security/clamav. Afterwards, resulting port install of clamav 1.0.0 still failed with the same error. 4. Looked at the diff between git releases 0.105 and 1.0. Nothing stood out= in libclamav/dsig.c for changes to the behavior of cli_versig() or cli_decodes= ig() functions, or in libclamav/cvd.c within the cli_cvdload() or cli_cvdcertify= () functions. Most of the code for those sections hasn't changed in like 3 yea= rs or more. It *might* be related to the upgrade of the TomsFastMath code from commit 375ecf6. But even if it is, I still can't figure why the jails are building differently. My next step is to progressively install the ports unique to the non-working jail into the functioning jail so I can try and detect when a failure occur= s. I thought maybe the others seeing this issue could share the list of other po= rts they have installed, so help me confirm my outcomes. (In reply to doctor from comment #0) Can you please upload a file with the output of `pkg info`? (In reply to ek from comment #3) Can you please upload a file with the output of `pkg info`? (In reply to Arnaud de Prelle from comment #12) Can you please upload a file with the output of `pkg info`? (In reply to Sigi from comment #15) Can you please upload a file with the output of `pkg info`? (In reply to jasiu from comment #16) Can you please upload a file with the output of `pkg info`? --=20 You are receiving this mail because: You are the assignee for the bug.=