nixpkgs/pkgs/tools/security/clamav/default.nix
Thomas Gerbet df7cebe08b clamav: 0.103.1 -> 0.103.2
Fixes CVE-2021-1252, CVE-2021-1404 and CVE-2021-1405.

Release notes:
https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html
2021-04-12 11:13:35 +02:00

60 lines
1.9 KiB
Nix

{ lib, stdenv, fetchurl, pkg-config
, zlib, bzip2, libiconv, libxml2, openssl, ncurses, curl, libmilter, pcre2
, libmspack, systemd, Foundation, json_c, check
}:
stdenv.mkDerivation rec {
pname = "clamav";
version = "0.103.2";
src = fetchurl {
url = "https://www.clamav.net/downloads/production/${pname}-${version}.tar.gz";
sha256 = "sha256-1LXQrGZiYuQjoyb7VHeMqnxpYk1sP5VCiV/rhHgnG9I=";
};
# don't install sample config files into the absolute sysconfdir folder
postPatch = ''
substituteInPlace Makefile.in --replace ' etc ' ' '
'';
enableParallelBuilding = true;
nativeBuildInputs = [ pkg-config ];
buildInputs = [
zlib bzip2 libxml2 openssl ncurses curl libiconv libmilter pcre2 libmspack json_c check
] ++ lib.optional stdenv.isLinux systemd
++ lib.optional stdenv.isDarwin Foundation;
configureFlags = [
"--libdir=$(out)/lib"
"--sysconfdir=/etc/clamav"
"--disable-llvm" # enabling breaks the build at the moment
"--with-zlib=${zlib.dev}"
"--with-xml=${libxml2.dev}"
"--with-openssl=${openssl.dev}"
"--with-libcurl=${curl.dev}"
"--with-libjson=${json_c.dev}"
"--with-system-libmspack"
"--enable-milter"
"--disable-unrar" # disable unrar because it's non-free and requires some extra patching to work properly
"--enable-check"
] ++ lib.optional stdenv.isLinux
"--with-systemdsystemunitdir=$(out)/lib/systemd";
postInstall = ''
mkdir $out/etc
cp etc/*.sample $out/etc
'';
# Only required for the unit tests
hardeningDisable = [ "format" ];
doCheck = true;
meta = with lib; {
homepage = "https://www.clamav.net";
description = "Antivirus engine designed for detecting Trojans, viruses, malware and other malicious threats";
license = licenses.gpl2;
maintainers = with maintainers; [ phreedom robberer qknight fpletz globin ];
platforms = platforms.unix;
};
}