diff options
Diffstat (limited to 'lib/patches/clamav/freshclam_cafile_option_01042.patch')
-rw-r--r-- | lib/patches/clamav/freshclam_cafile_option_01042.patch | 107 |
1 files changed, 107 insertions, 0 deletions
diff --git a/lib/patches/clamav/freshclam_cafile_option_01042.patch b/lib/patches/clamav/freshclam_cafile_option_01042.patch new file mode 100644 index 00000000..57bfc391 --- /dev/null +++ b/lib/patches/clamav/freshclam_cafile_option_01042.patch @@ -0,0 +1,107 @@ +diff --git a/common/optparser.c b/common/optparser.c +index 5f06a9c..ef9ee72 100644 +--- a/common/optparser.c ++++ b/common/optparser.c +@@ -271,6 +271,8 @@ const struct clam_option __clam_options[] = { + + {"DatabaseDirectory", "datadir", 0, CLOPT_TYPE_STRING, NULL, -1, CONST_DATADIR, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_SIGTOOL, "This option allows you to change the default database directory.\nIf you enable it, please make sure it points to the same directory in\nboth clamd and freshclam.", "/var/lib/clamav"}, + ++ {"CAFile", "ca", 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM, "This option allows you to override the location of the CA bundle file used by freshclam.\nIf you enable it, please make sure it points to a valid certifcate bundle file.\n", ""}, ++ + {"OfficialDatabaseOnly", "official-db-only", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "Only load the official signatures published by the ClamAV project.", "no"}, + + {"YaraRules", "yara-rules", 0, CLOPT_TYPE_STRING, NULL, 0, NULL, 0, OPT_CLAMSCAN, "By default, yara rules will be loaded. This option allows you to exclude yara rules when scanning and also to scan only using yara rules. Valid options are yes|no|only", "yes"}, +diff --git a/freshclam/freshclam.c b/freshclam/freshclam.c +index d5896b5..bee4967 100644 +--- a/freshclam/freshclam.c ++++ b/freshclam/freshclam.c +@@ -154,6 +154,7 @@ static int writepid(const char *pidfile) + } + #endif /*_WIN32 */ + ++ printf(" --ca=FILE Override the certificate bundle FILE location\n"); + return 0; + } + +@@ -856,6 +857,7 @@ static fc_error_t initialize(struct optstruct *opts) + + if (optget(opts, "LogTime")->enabled) { + fcConfig.logFlags |= FC_CONFIG_LOG_TIME; ++ fcConfig.caFile = optget(opts, "CAFile")->strarg; + } + if (optget(opts, "LogFileMaxSize")->numarg && optget(opts, "LogRotate")->enabled) { + fcConfig.logFlags |= FC_CONFIG_LOG_ROTATE; +diff --git a/libfreshclam/libfreshclam.c b/libfreshclam/libfreshclam.c +index 76c9db0..3f17aba 100644 +--- a/libfreshclam/libfreshclam.c ++++ b/libfreshclam/libfreshclam.c +@@ -213,6 +213,9 @@ fc_error_t fc_initialize(fc_config *fcConfig) + if (NULL != fcConfig->proxyPassword) { + g_proxyPassword = cli_strdup(fcConfig->proxyPassword); + } ++ if (NULL != fcConfig->caFile) { ++ g_caFile = cli_strdup(fcConfig->caFile); ++ } + + #ifdef _WIN32 + if ((fcConfig->databaseDirectory[strlen(fcConfig->databaseDirectory) - 1] != '/') && +@@ -288,6 +291,10 @@ void fc_cleanup(void) + free(g_userAgent); + g_userAgent = NULL; + } ++ if (NULL != g_caFile) { ++ free(g_caFile); ++ g_caFile = NULL; ++ } + if (NULL != g_proxyServer) { + free(g_proxyServer); + g_proxyServer = NULL; +diff --git a/libfreshclam/libfreshclam.h b/libfreshclam/libfreshclam.h +index a3f1bc4..9d6a422 100644 +--- a/libfreshclam/libfreshclam.h ++++ b/libfreshclam/libfreshclam.h +@@ -50,6 +50,7 @@ typedef struct fc_config_ { + uint32_t connectTimeout; /**< CURLOPT_CONNECTTIMEOUT, Timeout for the. connection phase (seconds). */ + uint32_t requestTimeout; /**< CURLOPT_TIMEOUT, Timeout for libcurl transfer operation (seconds). */ + uint32_t bCompressLocalDatabase; /**< If set, will apply gz compression to CLD databases. */ ++ const char *caFile; /**< (optional) CA file to use for certificate verification, if desired. */ + const char *logFile; /**< (optional) Filepath to use for log output, if desired. */ + const char *logFacility; /**< (optional) System logging facility (I.e. "syslog"), if desired. */ + const char *localIP; /**< (optional) client IP for multihomed systems. */ +diff --git a/libfreshclam/libfreshclam_internal.c b/libfreshclam/libfreshclam_internal.c +index b836302..0aec176 100644 +--- a/libfreshclam/libfreshclam_internal.c ++++ b/libfreshclam/libfreshclam_internal.c +@@ -107,6 +107,7 @@ uint16_t g_proxyPort = 0; + char *g_proxyUsername = NULL; + char *g_proxyPassword = NULL; + ++char *g_caFile = NULL; + char *g_tempDirectory = NULL; + char *g_databaseDirectory = NULL; + +@@ -714,6 +715,12 @@ static fc_error_t create_curl_handle( + } + } + ++ if (g_caFile) { ++ if (CURLE_OK != curl_easy_setopt(curl, CURLOPT_CAINFO, g_caFile)) { ++ logg("!create_curl_handle: Failed to set CURLOPT_CAINFO (%s)!\n", g_caFile); ++ } ++ } ++ + #if defined(C_DARWIN) || defined(_WIN32) + if (CURLE_OK != curl_easy_setopt(curl, CURLOPT_SSL_CTX_FUNCTION, *sslctx_function)) { + logg("*create_curl_handle: Failed to set SSL CTX function. Your libcurl may use an SSL backend that does not support CURLOPT_SSL_CTX_FUNCTION.\n"); +diff --git a/libfreshclam/libfreshclam_internal.h b/libfreshclam/libfreshclam_internal.h +index 890d7e5..401d0d4 100644 +--- a/libfreshclam/libfreshclam_internal.h ++++ b/libfreshclam/libfreshclam_internal.h +@@ -54,6 +54,7 @@ extern uint16_t g_proxyPort; + extern char *g_proxyUsername; + extern char *g_proxyPassword; + ++extern char *g_caFile; + extern char *g_tempDirectory; + extern char *g_databaseDirectory; + |