@@ -79,6 +79,7 @@ Martin Blapp <mb*imp.ch>

 Igor Brezac <igor*ipass.net>

 Mike Brudenell <pmb1*york.ac.uk>

 Len Budney <lbudney*pobox.com>

+Ales Casar <casar*uni-mb.si>

 David Champion <dgc*uchicago.edu>

 Andrey Cherezov <andrey*cherezov.koenig.su>

 Alex Cherney <alex*cher.id.au>

@@ -116,6 +117,7 @@ Martin Kraft <martin.kraft*fal.de>

 Thomas Lamy <Thomas.Lamy*in-online.net>

 Marty Lee <marty*maui.co.uk>

 Peter N Lewis <peter*stairways.com.au>

+Roger Lucas <roger*planbit.co.uk>

 David S. Madole <david*madole.net>

 Joe Maimon <jmaimon*ttec.com>

 Andrey V. Malyshev <amal*krasn.ru>

@@ -1,3 +1,8 @@

+Fri Nov  5 11:04:45 CET 2004 (tk)

+---------------------------------

+  * freshclam: add support for AllowSupplementaryGroups (patch by Ales Casar

+	       <casar*uni-mb.si>)

+

 Fri Nov  5 09:44:43 CET 2004 (tk)

 ---------------------------------

   * add UPGRADE file

@@ -90,7 +95,7 @@ Wed Oct 27 09:30:47 BST 2004 (trog)

 Wed Oct 27 07:36:49 BST 2004 (njh)

 ----------------------------------

  * libclamav/untar.c:	Handle links to another file already archived, patch

-				by "Roger Lucas" <roger@planbit.co.uk>

+				by "Roger Lucas" <roger*planbit.co.uk>

 Sun Oct 24 05:36:39 BST 2004 (njh)

 ----------------------------------

@@ -112,7 +117,7 @@ Fri Oct 22 18:20:03 BST 2004 (njh)

 ----------------------------------

   * libclamav/message.c:	Handle broken messages which state

 			Content-Transfer-Encoding: us-ascii

-				reported by arny@arny.ro

+				reported by arny*arny.ro

 Fri Oct 22 16:57:13 BST 2004 (njh)

 ----------------------------------

@@ -28,6 +28,11 @@ If this option is set freshclam will not run.

 When started by root, drop privileges to a specified user. .br 

 Default: @CLAMAVUSER@

 .TP 

+\fBAllowSupplementaryGroups\fR

+Initialize supplementary group access (freshclam must be started by root).

+.br 

+Default: disabled

+.TP 

 \fBDatabaseDirectory STRING\fR

 Path to a directory containing database files.

 .br 

@@ -39,6 +39,10 @@ Example

 # Default: clamav (may depend on installation options)

 #DatabaseOwner clamav

+# Initialize supplementary group access (freshclam must be started by root).

+# Default: disabled

+#AllowSupplementaryGroups

+

 # Use DNS to verify virus database version. Freshclam uses DNS TXT records

 # to verify database and software versions. We highly recommend enabling

 # this option.

@@ -155,12 +155,21 @@ int freshclam(struct optstruct *opt)

 	    exit(60); /* this is critical problem, so we just exit here */

 	}

+	if(cfgopt(copt, "AllowSupplementaryGroups")) {

+#ifdef HAVE_INITGROUPS

+	    if(initgroups(unpuser, user->pw_gid)) {

+		mprintf("@initgroups() failed.\n");

+		exit(61);

+	    }

+#endif

+	} else {

 #ifdef HAVE_SETGROUPS

-	if(setgroups(1, &user->pw_gid)) {

-	    mprintf("@setgroups() failed.\n");

-	    exit(61);

-	}

+	    if(setgroups(1, &user->pw_gid)) {

+		mprintf("@setgroups() failed.\n");

+		exit(61);

+	    }

 #endif

+	}

 	if(setgid(user->pw_gid)) {

 	    mprintf("@setgid(%d) failed.\n", (int) user->pw_gid);