4 files changed, 126 insertions, 118 deletions

diff --git a/.SRCINFO b/.SRCINFO
index f04ccf4e2494..4e677a2d9880 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,7 +1,7 @@
 pkgbase = eea-dkms
 	pkgdesc = ESET Endpoint Antivirus Business for Linux (DKMS)
-	pkgver = 7.1.9.0
-	pkgrel = 7
+	pkgver = 8.1.3.0
+	pkgrel = 1
 	url = https://www.eset.com/int/business/endpoint-antivirus-linux/
 	install = eea.install
 	arch = x86_64
@@ -13,14 +13,11 @@ pkgbase = eea-dkms
 	depends = openssl-1.0
 	conflicts = esets
 	conflicts = eea
-	source = https://download.eset.com/com/eset/apps/business/eea/linux/g2/v7/7.1.9.0/eeau.x86_64.bin
+	source = https://download.eset.com/com/eset/apps/business/eea/linux/g2/v8/8.1.3.0/eeau.x86_64.bin
 	source = dkms.conf
 	source = dkms_postinst
-	source = linux-5.10.patch
-	sha256sums = 59e6ad38eb3809997e2d5eb91a0195a3c321656f5e8e8c64e61a02a9ac8c922e
+	sha256sums = 932d6cef253d4c7d4d5484911889f19a51fe268201ef8a50e40ddb7f4b3741ed
 	sha256sums = 0ff7dd79c8811afbc95b121f322bbec4839d7ce7334e5825fa447e3f3ad129e7
 	sha256sums = 29108ffcfd83fc9e1b5cdfd6b7a06143f213466a7bfa0222b07490d04900e641
-	sha256sums = fb0ce96e2586ff6d41e2d707c8738d3ecc14a5b1072bd8973c7a11af647c2f4d
 
 pkgname = eea-dkms
-
diff --git a/PKGBUILD b/PKGBUILD
index a4b0dffa8cc9..cd010d6e8f4d 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -5,9 +5,9 @@
 
 _pkgname=eea
 pkgname="${_pkgname}-dkms"
-_pkgver_major=7
-pkgver=7.1.9.0
-pkgrel=7
+_pkgver_major=8
+pkgver=8.1.3.0
+pkgrel=1
 arch=('x86_64')
 pkgdesc='ESET Endpoint Antivirus Business for Linux (DKMS)'
 url='https://www.eset.com/int/business/endpoint-antivirus-linux/'
@@ -32,13 +32,11 @@ _deb=${_pkgname}-${pkgver}-${_distro}.${arch}.deb
 source=("${_bundle_url}/${_bundle_file}"
   "dkms.conf"
   "dkms_postinst"
-  "linux-5.10.patch"
 )
 
-sha256sums=('59e6ad38eb3809997e2d5eb91a0195a3c321656f5e8e8c64e61a02a9ac8c922e'
+sha256sums=('932d6cef253d4c7d4d5484911889f19a51fe268201ef8a50e40ddb7f4b3741ed'
             '0ff7dd79c8811afbc95b121f322bbec4839d7ce7334e5825fa447e3f3ad129e7'
-            '29108ffcfd83fc9e1b5cdfd6b7a06143f213466a7bfa0222b07490d04900e641'
-            'fb0ce96e2586ff6d41e2d707c8738d3ecc14a5b1072bd8973c7a11af647c2f4d')
+            '29108ffcfd83fc9e1b5cdfd6b7a06143f213466a7bfa0222b07490d04900e641')
 
 _kernel_module_dir=/var/opt/eset/${_pkgname}/eventd
 
diff --git a/eea.install b/eea.install
index 94e552a07805..00f37a415943 100644
--- a/eea.install
+++ b/eea.install
@@ -2,16 +2,34 @@ pre_install() {
 
 	# Script to be run before package is installed / upgraded
 
-	SYSTEMD_CAT="`which systemd-cat 2>/dev/null || true`"
+	SYSTEMD_CAT="$(which systemd-cat 2>/dev/null || true)"
 	print_error() {
 		errorstr="ESET Endpoint Antivirus error: $1"
 		if [ -n "$SYSTEMD_CAT" ]; then
-			echo -n "$errorstr" | $SYSTEMD_CAT -t "eea" -p err
+			printf "%s" "$errorstr" | $SYSTEMD_CAT -t "eea" -p err
 		else
 			echo "$errorstr" 1>&2
 		fi
 	}
 
+	# Check for UTF-8 support
+	if ! localectl list-locales | grep -i "UTF-8\|UTF8" 1>/dev/null ; then
+		print_error 'UTF-8 support is not installed in the system. Please install a UTF-8 locale first. Aborting installation.'
+		exit 1
+	fi
+
+	# Check noexec flag for /var/opt /tmp and MODMAPDIR
+	if findmnt -n --target /var/opt | grep "noexec" 1>/dev/null && \
+		findmnt -n --target /tmp | grep "noexec" 1>/dev/null ; then
+		if [ -z "$MODMAPDIR" ] ; then
+			print_error '"/var/opt" and "/tmp" are both mounted as NOEXEC. Please disable NOEXEC flag for one of them or set variable MODMAPIDR according to documentation.'
+			exit 1
+		elif findmnt -n --target "$MODMAPDIR" | grep "noexec" 1>/dev/null ; then
+			print_error '"/var/opt", "/tmp" and directory specified in MODMAPDIR are all mounted as NOEXEC. Please disable NOEXEC flag for one of them or set variable MODMAPIDR according to documentation.'
+			exit 1
+		fi
+	fi
+
 	# Check for previous product
 	if [ -d "/opt/eset/esets/" ] || [ -f "/opt/eset/efs/etc/pkgid" ] || [ -f "/etc/opt/eset/esets/info/pkgid" ] || [ -f "/etc/opt/eset/esets/esets.cfg" ]; then
 		print_error 'Previous ESET Security product must be uninstalled first, package won'\''t be installed.'
@@ -24,16 +42,34 @@ pre_upgrade() {
 
 	# Script to be run before package is installed / upgraded
 
-	SYSTEMD_CAT="`which systemd-cat 2>/dev/null || true`"
+	SYSTEMD_CAT="$(which systemd-cat 2>/dev/null || true)"
 	print_error() {
 		errorstr="ESET Endpoint Antivirus error: $1"
 		if [ -n "$SYSTEMD_CAT" ]; then
-			echo -n "$errorstr" | $SYSTEMD_CAT -t "eea" -p err
+			printf "%s" "$errorstr" | $SYSTEMD_CAT -t "eea" -p err
 		else
 			echo "$errorstr" 1>&2
 		fi
 	}
 
+	# Check for UTF-8 support
+	if ! localectl list-locales | grep -i "UTF-8\|UTF8" 1>/dev/null ; then
+		print_error 'UTF-8 support is not installed in the system. Please install a UTF-8 locale first. Aborting installation.'
+		exit 1
+	fi
+
+	# Check noexec flag for /var/opt /tmp and MODMAPDIR
+	if findmnt -n --target /var/opt | grep "noexec" 1>/dev/null && \
+		findmnt -n --target /tmp | grep "noexec" 1>/dev/null ; then
+		if [ -z "$MODMAPDIR" ] ; then
+			print_error '"/var/opt" and "/tmp" are both mounted as NOEXEC. Please disable NOEXEC flag for one of them or set variable MODMAPIDR according to documentation.'
+			exit 1
+		elif findmnt -n --target "$MODMAPDIR" | grep "noexec" 1>/dev/null ; then
+			print_error '"/var/opt", "/tmp" and directory specified in MODMAPDIR are all mounted as NOEXEC. Please disable NOEXEC flag for one of them or set variable MODMAPIDR according to documentation.'
+			exit 1
+		fi
+	fi
+
 	# Check for previous product
 	if [ -d "/opt/eset/esets/" ] || [ -f "/opt/eset/efs/etc/pkgid" ] || [ -f "/etc/opt/eset/esets/info/pkgid" ] || [ -f "/etc/opt/eset/esets/esets.cfg" ]; then
 		print_error 'Previous ESET Security product must be uninstalled first, package won'\''t be installed.'
@@ -43,10 +79,28 @@ pre_upgrade() {
 	#################################### Upgrade ####################################
 	if true; then
 		# stop and unregister old product
-		/opt/eset/eea/lib/install_scripts/unregister_service.sh
+		'/opt/eset/eea/lib/install_scripts/unregister_service.sh'
+
 		# export configuration from old product to xml
 		# this path must be into old product
-		/opt/eset/eea/lib/cfg-upgrade --export-xml /var/opt/eset/eea/confd/exported.xml
+		if [ -f '/var/opt/eset/eea/confd/settings.json' ]; then
+			confd_ug='eset-eea-confd:eset-eea-daemons'
+			sudo -u ${confd_ug%:*} -- '/opt/eset/eea/lib/cfg-upgrade' --export-xml '/var/opt/eset/eea/confd/exported.xml'
+		fi
+
+		# convert product license file name to newer format
+		if [ -f /var/opt/eset/eea/licensed/license.lf ]; then
+			mv /var/opt/eset/eea/licensed/license.lf /var/opt/eset/eea/licensed/license_113.lf
+		fi
+		if [ -f /var/opt/eset/eea/licensed/license_cfg.json ]; then
+			mv /var/opt/eset/eea/licensed/license_cfg.json /var/opt/eset/eea/licensed/license_cfg_113.json
+		fi
+
+		# remove potential upgrade package already prepared in product, as we are upgrading first
+		# because /var/opt/eset is left intact during upgrade, prepared upgrade
+		# package can be present there, which would cause "pcu update when product starts" during this
+		# upgrade
+		rm -f '/var/opt/eset/eea/updated/app/eea.bin'
 	fi
 }
 
@@ -54,17 +108,26 @@ post_install() {
 
 	# Script to be run after package is installed
 
+	SYSTEMD_CAT="$(which systemd-cat 2>/dev/null || true)"
+	print_error() {
+		errorstr="ESET Endpoint Antivirus error: $1"
+		if [ -n "$SYSTEMD_CAT" ]; then
+			printf "%s" "$errorstr" | $SYSTEMD_CAT -t "eea" -p err
+		else
+			echo "$errorstr" 1>&2
+		fi
+	}
 
 	# import config engine configuration from old product
 	import_configuration() {
 		# import only if we have exported xml from old product
-		if [ -f /var/opt/eset/eea/confd/exported.xml ]; then
+		if [ -f '/var/opt/eset/eea/confd/exported.xml' ]; then
 			# we don't want to leave old settings.json, all information is
 			# in exported xml
-			rm -f /var/opt/eset/eea/confd/settings.json
+			rm -f '/var/opt/eset/eea/confd/settings.json'
 			confd_ug='eset-eea-confd:eset-eea-daemons'
-			sudo -u ${confd_ug%:*} /opt/eset/eea/lib/cfg-upgrade --import-xml /var/opt/eset/eea/confd/exported.xml
-			rm /var/opt/eset/eea/confd/exported.xml
+			sudo -u ${confd_ug%:*} -- '/opt/eset/eea/lib/cfg-upgrade' --import-xml '/var/opt/eset/eea/confd/exported.xml'
+			rm -f '/var/opt/eset/eea/confd/exported.xml'
 		fi
 	}
 
@@ -78,7 +141,7 @@ post_install() {
 				groupadd -r $g
 			done
 
-			for ug in eset-eea-licensed:eset-eea-daemons eset-eea-logd:eset-eea-daemons eset-eea-updated:eset-eea-daemons eset-eea-scand:eset-eea-daemons eset-eea-confd:eset-eea-daemons; do
+			for ug in eset-eea-scand:eset-eea-daemons eset-eea-licensed:eset-eea-daemons eset-eea-confd:eset-eea-daemons eset-eea-updated:eset-eea-daemons eset-eea-logd:eset-eea-daemons; do
 				useradd -d '/opt/eset/eea' -M -N -r -s /sbin/nologin -g "${ug#*:}" "${ug%:*}"
 			done
 		fi
@@ -93,8 +156,9 @@ post_install() {
 	chown -R ${logd_ug%:*} '/var/log/eset/eea'
 	chmod -R 700 '/var/log/eset/eea'
 	mkdir -p '/var/opt/eset/eea/cache/data/Logs'
+	mkdir -p '/var/opt/eset/eea/cache/data/Diagnostics'
 
-	chgrp -R 'eset-eea-daemons' '/var/opt/eset/eea/cache' '/var/opt/eset/eea/cache/data' '/var/opt/eset/eea/modules_notice'
+	chgrp -R 'eset-eea-daemons' '/var/opt/eset/eea/cache' '/var/opt/eset/eea/cache/data' '/var/opt/eset/eea/modules_notice' '/var/opt/eset/eea/dumps'
 	for dir in /var/opt/eset/eea/cache /var/opt/eset/eea/cache/data; do
 		chmod -R 770 "$dir"
 		chmod 1770 "$dir"
@@ -105,9 +169,12 @@ post_install() {
 	chown -R ${scand_ug%:*} /var/opt/eset/eea/cache
 
 	# extract modules from tar
-	tar -xf /var/opt/eset/eea/lib/modules.tar -C /var/opt/eset/eea/lib
+	tar -xf /var/opt/eset/eea/lib/modules_eea.tar -C /var/opt/eset/eea/lib
 	# compile modules
-	/opt/eset/eea/bin/upd --compile-nups
+	if ! /opt/eset/eea/bin/upd --compile-nups ; then
+		print_error 'Module compilation failed.'
+	fi
+
 	# set correct user to compiled modules
 	updated_ug='eset-eea-updated:eset-eea-daemons'
 	chown -R ${updated_ug} /var/opt/eset/eea/lib
@@ -123,24 +190,38 @@ post_install() {
 	fi
 
 	# register and start service
-	/opt/eset/eea/lib/install_scripts/register_service.sh
+	'/opt/eset/eea/lib/install_scripts/register_service.sh'
+
+	# add current eula info into CE path AcceptedEulas
+	# esmc may have already modified this by policy, in that case it is locked, so
+	# ignore error here and leave esmc to manage this setting
+	'/opt/eset/eea/lib/cfg' --eula-tag "EULA-BUS-STANDARD" --eula-version "2020.1" > /dev/null || true
 }
 
 post_upgrade() {
 
 	# Script to be run after package is installed
 
+	SYSTEMD_CAT="$(which systemd-cat 2>/dev/null || true)"
+	print_error() {
+		errorstr="ESET Endpoint Antivirus error: $1"
+		if [ -n "$SYSTEMD_CAT" ]; then
+			printf "%s" "$errorstr" | $SYSTEMD_CAT -t "eea" -p err
+		else
+			echo "$errorstr" 1>&2
+		fi
+	}
 
 	# import config engine configuration from old product
 	import_configuration() {
 		# import only if we have exported xml from old product
-		if [ -f /var/opt/eset/eea/confd/exported.xml ]; then
+		if [ -f '/var/opt/eset/eea/confd/exported.xml' ]; then
 			# we don't want to leave old settings.json, all information is
 			# in exported xml
-			rm -f /var/opt/eset/eea/confd/settings.json
+			rm -f '/var/opt/eset/eea/confd/settings.json'
 			confd_ug='eset-eea-confd:eset-eea-daemons'
-			sudo -u ${confd_ug%:*} /opt/eset/eea/lib/cfg-upgrade --import-xml /var/opt/eset/eea/confd/exported.xml
-			rm /var/opt/eset/eea/confd/exported.xml
+			sudo -u ${confd_ug%:*} -- '/opt/eset/eea/lib/cfg-upgrade' --import-xml '/var/opt/eset/eea/confd/exported.xml'
+			rm -f '/var/opt/eset/eea/confd/exported.xml'
 		fi
 	}
 
@@ -154,7 +235,7 @@ post_upgrade() {
 				groupadd -r $g
 			done
 
-			for ug in eset-eea-licensed:eset-eea-daemons eset-eea-logd:eset-eea-daemons eset-eea-updated:eset-eea-daemons eset-eea-scand:eset-eea-daemons eset-eea-confd:eset-eea-daemons; do
+			for ug in eset-eea-scand:eset-eea-daemons eset-eea-licensed:eset-eea-daemons eset-eea-confd:eset-eea-daemons eset-eea-updated:eset-eea-daemons eset-eea-logd:eset-eea-daemons; do
 				useradd -d '/opt/eset/eea' -M -N -r -s /sbin/nologin -g "${ug#*:}" "${ug%:*}"
 			done
 		fi
@@ -169,8 +250,9 @@ post_upgrade() {
 	chown -R ${logd_ug%:*} '/var/log/eset/eea'
 	chmod -R 700 '/var/log/eset/eea'
 	mkdir -p '/var/opt/eset/eea/cache/data/Logs'
+	mkdir -p '/var/opt/eset/eea/cache/data/Diagnostics'
 
-	chgrp -R 'eset-eea-daemons' '/var/opt/eset/eea/cache' '/var/opt/eset/eea/cache/data' '/var/opt/eset/eea/modules_notice'
+	chgrp -R 'eset-eea-daemons' '/var/opt/eset/eea/cache' '/var/opt/eset/eea/cache/data' '/var/opt/eset/eea/modules_notice' '/var/opt/eset/eea/dumps'
 	for dir in /var/opt/eset/eea/cache /var/opt/eset/eea/cache/data; do
 		chmod -R 770 "$dir"
 		chmod 1770 "$dir"
@@ -181,9 +263,12 @@ post_upgrade() {
 	chown -R ${scand_ug%:*} /var/opt/eset/eea/cache
 
 	# extract modules from tar
-	tar -xf /var/opt/eset/eea/lib/modules.tar -C /var/opt/eset/eea/lib
+	tar -xf /var/opt/eset/eea/lib/modules_eea.tar -C /var/opt/eset/eea/lib
 	# compile modules
-	/opt/eset/eea/bin/upd --compile-nups
+	if ! /opt/eset/eea/bin/upd --compile-nups ; then
+		print_error 'Module compilation failed.'
+	fi
+
 	# set correct user to compiled modules
 	updated_ug='eset-eea-updated:eset-eea-daemons'
 	chown -R ${updated_ug} /var/opt/eset/eea/lib
@@ -199,18 +284,23 @@ post_upgrade() {
 	fi
 
 	# register and start service
-	/opt/eset/eea/lib/install_scripts/register_service.sh
+	'/opt/eset/eea/lib/install_scripts/register_service.sh'
+
+	# add current eula info into CE path AcceptedEulas
+	# esmc may have already modified this by policy, in that case it is locked, so
+	# ignore error here and leave esmc to manage this setting
+	'/opt/eset/eea/lib/cfg' --eula-tag "EULA-BUS-STANDARD" --eula-version "2020.1" > /dev/null || true
 }
 
 pre_remove() {
 
 	# Script to be run before package is uninstalled
 
-	SYSTEMD_CAT="`which systemd-cat 2>/dev/null || true`"
+	SYSTEMD_CAT="$(which systemd-cat 2>/dev/null || true)"
 	print_error() {
 		errorstr="ESET Endpoint Antivirus error: $1"
 		if [ -n "$SYSTEMD_CAT" ]; then
-			echo -n "$errorstr" | $SYSTEMD_CAT -t "eea" -p err
+			printf "%s" "$errorstr" | $SYSTEMD_CAT -t "eea" -p err
 		else
 			echo "$errorstr" 1>&2
 		fi
@@ -261,7 +351,7 @@ post_remove() {
 
 	#################################### Uninstall ####################################
 	# remove users and groups
-	for ug in eset-eea-licensed:eset-eea-daemons eset-eea-logd:eset-eea-daemons eset-eea-updated:eset-eea-daemons eset-eea-scand:eset-eea-daemons eset-eea-confd:eset-eea-daemons; do
+	for ug in eset-eea-scand:eset-eea-daemons eset-eea-licensed:eset-eea-daemons eset-eea-confd:eset-eea-daemons eset-eea-updated:eset-eea-daemons eset-eea-logd:eset-eea-daemons; do
 		usr=${ug%:*}
 		userdel $usr 2>/dev/null || true
 	done
diff --git a/linux-5.10.patch b/linux-5.10.patch
deleted file mode 100644
index bcf192348ab9..000000000000
--- a/linux-5.10.patch
+++ /dev/null
@@ -1,77 +0,0 @@
-diff --git a/eset_rtp/ertp_handlers.c b/eset_rtp/ertp_handlers.c
-index 7410bbe..12cb688 100755
---- a/eset_rtp/ertp_handlers.c
-+++ b/eset_rtp/ertp_handlers.c
-@@ -178,14 +178,71 @@ ERTP_SYSCALL_HANDLER3(dup3, unsigned int, oldfd, unsigned int, newfd, int, flags
- }
- 
- /***************************** sys_unlink*() handlers ************************/
-+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(5,10,0))
-+/**
-+ * vfs_statx - Get basic and extra attributes by filename
-+ * @dfd: A file descriptor representing the base dir for a relative filename
-+ * @filename: The name of the file of interest
-+ * @flags: Flags to control the query
-+ * @stat: The result structure to fill in.
-+ * @request_mask: STATX_xxx flags indicating what the caller wants
-+ *
-+ * This function is a wrapper around vfs_getattr().  The main difference is
-+ * that it uses a filename and base directory to determine the file location.
-+ * Additionally, the use of AT_SYMLINK_NOFOLLOW in flags will prevent a symlink
-+ * at the given name from being referenced.
-+ *
-+ * 0 will be returned on success, and a -ve error code if unsuccessful.
-+ */
-+static inline int ertp_vfs_statx(int dfd, const char __user *filename, int flags,
-+				 struct kstat *stat, u32 request_mask)
-+{
-+	struct path path;
-+	unsigned lookup_flags = 0;
-+	int error;
-+
-+	if (flags & ~(AT_SYMLINK_NOFOLLOW | AT_NO_AUTOMOUNT | AT_EMPTY_PATH |
-+		      AT_STATX_SYNC_TYPE))
-+		return -EINVAL;
-+
-+	if (!(flags & AT_SYMLINK_NOFOLLOW))
-+		lookup_flags |= LOOKUP_FOLLOW;
-+	if (!(flags & AT_NO_AUTOMOUNT))
-+		lookup_flags |= LOOKUP_AUTOMOUNT;
-+	if (flags & AT_EMPTY_PATH)
-+		lookup_flags |= LOOKUP_EMPTY;
-+
-+retry:
-+	error = user_path_at(dfd, filename, lookup_flags, &path);
-+	if (error)
-+		goto out;
-+
-+	error = vfs_getattr(&path, stat, request_mask, flags);
-+//	stat->mnt_id = real_mount(path.mnt)->mnt_id;
-+	stat->result_mask |= STATX_MNT_ID;
-+	if (path.mnt->mnt_root == path.dentry)
-+		stat->attributes |= STATX_ATTR_MOUNT_ROOT;
-+	stat->attributes_mask |= STATX_ATTR_MOUNT_ROOT;
-+	path_put(&path);
-+	if (retry_estale(error, lookup_flags)) {
-+		lookup_flags |= LOOKUP_REVAL;
-+		goto retry;
-+	}
-+out:
-+	return error;
-+}
-+#endif
-+
- static inline int ertp_vfs_fstatat(int dfd, const char __user *filename,
- 	struct kstat *stat, int flag)
- {
- // mute warnings on older kernels, where filename was (char __user *)
- #if (LINUX_VERSION_CODE < KERNEL_VERSION(2,6,36))
- 	return vfs_fstatat(dfd, (char __user *)filename, stat, flag);
--#else
-+#elif (LINUX_VERSION_CODE < KERNEL_VERSION(5,10,0))
- 	return vfs_fstatat(dfd, filename, stat, flag);
-+#else
-+	return ertp_vfs_statx(dfd, filename, flag | AT_NO_AUTOMOUNT, stat, STATX_BASIC_STATS);
- #endif
- }
-