Bug 259835
| Summary: | security/clamav : Fix fetch | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Ports & Packages | Reporter: | Rodrigo Osorio <rodrigo> | ||||
| Component: | Individual Port(s) | Assignee: | Yasuhiro Kimura <yasu> | ||||
| Status: | Closed FIXED | ||||||
| Severity: | Affects Many People | CC: | dinoex, joel.esler, leres | ||||
| Priority: | --- | Flags: | bugzilla:
maintainer-feedback?
(yasu) |
||||
| Version: | Latest | ||||||
| Hardware: | Any | ||||||
| OS: | Any | ||||||
| Attachments: |
|
||||||
(In reply to Rodrigo Osorio from comment #0) Thanks for reporting it. I asked upstream if it is intended change. https://lists.clamav.net/pipermail/clamav-users/2021-November/012076.html Great, feel free to change the status of the ticket to 'CLOSE, overcome by events' when problem is solved I see the fetch failed on most of my builders. But on a few machine it succeeds. It seems IP-Address does matter as well. fetch -v https://www.clamav.net/downloads/production/clamav-0.104.1.tar.gz resolving server address: www.clamav.net:443 SSL options: 82004854 Peer verification enabled Using CA cert file: /usr/local/etc/ssl/cert.pem Verify hostname TLSv1.3 connection established using TLS_AES_256_GCM_SHA384 Certificate subject: /C=US/ST=California/L=San Francisco/O=Cloudflare, Inc./CN=sni.cloudflaressl.com Certificate issuer: /C=US/O=Cloudflare, Inc./CN=Cloudflare Inc ECC CA-3 requesting https://www.clamav.net/downloads/production/clamav-0.104.1.tar.gz 302 redirect to https://clamav-site.s3.amazonaws.com/production/release_files/files/000/000/708/original/clamav-0.104.1.tar.gz?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAU7AK5ITMGOEV4EFM%2F20211115%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20211115T144316Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Signature=9d45f5afd2b6169c3114b1e7be64788a259a7938f7e60ec679a6d612b80366f8 resolving server address: clamav-site.s3.amazonaws.com:443 SSL options: 82004854 Peer verification enabled Using CA cert file: /usr/local/etc/ssl/cert.pem Verify hostname TLSv1.2 connection established using ECDHE-RSA-AES128-GCM-SHA256 Certificate subject: /C=US/ST=Washington/L=Seattle/O=Amazon.com, Inc./CN=*.s3.amazonaws.com Certificate issuer: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Baltimore CA-2 G2 requesting https://clamav-site.s3.amazonaws.com/production/release_files/files/000/000/708/original/clamav-0.104.1.tar.gz?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAU7AK5ITMGOEV4EFM%2F20211115%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20211115T144316Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Signature=9d45f5afd2b6169c3114b1e7be64788a259a7938f7e60ec679a6d612b80366f8 remote size / mtime: 11953064 / 1635896384 clamav-0.104.1.tar.gz 11 MB 3167 kBps 03s Please try now, I may have fixed it server side. (In reply to Joel Esler from comment #4) It works fine for me now. yasu@eastasia[1930]% make fetch ===> License GPLv2 accepted by the user ===> clamav-0.104.1,1 depends on file: /usr/local/sbin/pkg - found => clamav-0.104.1.tar.gz doesn't seem to exist in /usr0/freebsd/ports/distfiles/. => Attempting to fetch https://www.clamav.net/downloads/production/clamav-0.104.1.tar.gz clamav-0.104.1.tar.gz 11 MB 4465 kBps 02s ===> Fetching all distfiles required by clamav-0.104.1,1 for building yasu@eastasia[1931]% (In reply to Joel Esler from comment #4) Looks good to me now. @yasu can close this PR. |
Created attachment 229494 [details] Use alternative user agent when fetching files The clamav fetch was broken by upstream, who rejects fetch GET requests with the default user agent. Same thing occurs when using curl user agent signature. Using "Mozilla/5.0" works fine. Fin attached a patch to fix the fetch.