Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/lavabit/magma.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/lib/patches/clamav/freshclam_cafile_option_01042.patch
diff options
context:
space:
mode:
Diffstat (limited to 'lib/patches/clamav/freshclam_cafile_option_01042.patch')
-rw-r--r--lib/patches/clamav/freshclam_cafile_option_01042.patch107
1 files changed, 107 insertions, 0 deletions
diff --git a/lib/patches/clamav/freshclam_cafile_option_01042.patch b/lib/patches/clamav/freshclam_cafile_option_01042.patch
new file mode 100644
index 00000000..57bfc391
--- /dev/null
+++ b/lib/patches/clamav/freshclam_cafile_option_01042.patch
@@ -0,0 +1,107 @@
+diff --git a/common/optparser.c b/common/optparser.c
+index 5f06a9c..ef9ee72 100644
+--- a/common/optparser.c
++++ b/common/optparser.c
+@@ -271,6 +271,8 @@ const struct clam_option __clam_options[] = {
+
+ {"DatabaseDirectory", "datadir", 0, CLOPT_TYPE_STRING, NULL, -1, CONST_DATADIR, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_SIGTOOL, "This option allows you to change the default database directory.\nIf you enable it, please make sure it points to the same directory in\nboth clamd and freshclam.", "/var/lib/clamav"},
+
++ {"CAFile", "ca", 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM, "This option allows you to override the location of the CA bundle file used by freshclam.\nIf you enable it, please make sure it points to a valid certifcate bundle file.\n", ""},
++
+ {"OfficialDatabaseOnly", "official-db-only", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "Only load the official signatures published by the ClamAV project.", "no"},
+
+ {"YaraRules", "yara-rules", 0, CLOPT_TYPE_STRING, NULL, 0, NULL, 0, OPT_CLAMSCAN, "By default, yara rules will be loaded. This option allows you to exclude yara rules when scanning and also to scan only using yara rules. Valid options are yes|no|only", "yes"},
+diff --git a/freshclam/freshclam.c b/freshclam/freshclam.c
+index d5896b5..bee4967 100644
+--- a/freshclam/freshclam.c
++++ b/freshclam/freshclam.c
+@@ -154,6 +154,7 @@ static int writepid(const char *pidfile)
+ }
+ #endif /*_WIN32 */
+
++ printf(" --ca=FILE Override the certificate bundle FILE location\n");
+ return 0;
+ }
+
+@@ -856,6 +857,7 @@ static fc_error_t initialize(struct optstruct *opts)
+
+ if (optget(opts, "LogTime")->enabled) {
+ fcConfig.logFlags |= FC_CONFIG_LOG_TIME;
++ fcConfig.caFile = optget(opts, "CAFile")->strarg;
+ }
+ if (optget(opts, "LogFileMaxSize")->numarg && optget(opts, "LogRotate")->enabled) {
+ fcConfig.logFlags |= FC_CONFIG_LOG_ROTATE;
+diff --git a/libfreshclam/libfreshclam.c b/libfreshclam/libfreshclam.c
+index 76c9db0..3f17aba 100644
+--- a/libfreshclam/libfreshclam.c
++++ b/libfreshclam/libfreshclam.c
+@@ -213,6 +213,9 @@ fc_error_t fc_initialize(fc_config *fcConfig)
+ if (NULL != fcConfig->proxyPassword) {
+ g_proxyPassword = cli_strdup(fcConfig->proxyPassword);
+ }
++ if (NULL != fcConfig->caFile) {
++ g_caFile = cli_strdup(fcConfig->caFile);
++ }
+
+ #ifdef _WIN32
+ if ((fcConfig->databaseDirectory[strlen(fcConfig->databaseDirectory) - 1] != '/') &&
+@@ -288,6 +291,10 @@ void fc_cleanup(void)
+ free(g_userAgent);
+ g_userAgent = NULL;
+ }
++ if (NULL != g_caFile) {
++ free(g_caFile);
++ g_caFile = NULL;
++ }
+ if (NULL != g_proxyServer) {
+ free(g_proxyServer);
+ g_proxyServer = NULL;
+diff --git a/libfreshclam/libfreshclam.h b/libfreshclam/libfreshclam.h
+index a3f1bc4..9d6a422 100644
+--- a/libfreshclam/libfreshclam.h
++++ b/libfreshclam/libfreshclam.h
+@@ -50,6 +50,7 @@ typedef struct fc_config_ {
+ uint32_t connectTimeout; /**< CURLOPT_CONNECTTIMEOUT, Timeout for the. connection phase (seconds). */
+ uint32_t requestTimeout; /**< CURLOPT_TIMEOUT, Timeout for libcurl transfer operation (seconds). */
+ uint32_t bCompressLocalDatabase; /**< If set, will apply gz compression to CLD databases. */
++ const char *caFile; /**< (optional) CA file to use for certificate verification, if desired. */
+ const char *logFile; /**< (optional) Filepath to use for log output, if desired. */
+ const char *logFacility; /**< (optional) System logging facility (I.e. "syslog"), if desired. */
+ const char *localIP; /**< (optional) client IP for multihomed systems. */
+diff --git a/libfreshclam/libfreshclam_internal.c b/libfreshclam/libfreshclam_internal.c
+index b836302..0aec176 100644
+--- a/libfreshclam/libfreshclam_internal.c
++++ b/libfreshclam/libfreshclam_internal.c
+@@ -107,6 +107,7 @@ uint16_t g_proxyPort = 0;
+ char *g_proxyUsername = NULL;
+ char *g_proxyPassword = NULL;
+
++char *g_caFile = NULL;
+ char *g_tempDirectory = NULL;
+ char *g_databaseDirectory = NULL;
+
+@@ -714,6 +715,12 @@ static fc_error_t create_curl_handle(
+ }
+ }
+
++ if (g_caFile) {
++ if (CURLE_OK != curl_easy_setopt(curl, CURLOPT_CAINFO, g_caFile)) {
++ logg("!create_curl_handle: Failed to set CURLOPT_CAINFO (%s)!\n", g_caFile);
++ }
++ }
++
+ #if defined(C_DARWIN) || defined(_WIN32)
+ if (CURLE_OK != curl_easy_setopt(curl, CURLOPT_SSL_CTX_FUNCTION, *sslctx_function)) {
+ logg("*create_curl_handle: Failed to set SSL CTX function. Your libcurl may use an SSL backend that does not support CURLOPT_SSL_CTX_FUNCTION.\n");
+diff --git a/libfreshclam/libfreshclam_internal.h b/libfreshclam/libfreshclam_internal.h
+index 890d7e5..401d0d4 100644
+--- a/libfreshclam/libfreshclam_internal.h
++++ b/libfreshclam/libfreshclam_internal.h
+@@ -54,6 +54,7 @@ extern uint16_t g_proxyPort;
+ extern char *g_proxyUsername;
+ extern char *g_proxyPassword;
+
++extern char *g_caFile;
+ extern char *g_tempDirectory;
+ extern char *g_databaseDirectory;
+
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-01 21:27:00 +0300