diff --git a/lfs/squidguard b/lfs/squidguard index 38efab0ee..5d5f04163 100644 --- a/lfs/squidguard +++ b/lfs/squidguard @@ -24,7 +24,7 @@ include Config -VER = 1.4.1 +VER = 1.5-beta THISAPP = squidGuard-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = 9ae7b62a63631bb2dd1f474cf2bbe4dc +$(DL_FILE)_MD5 = 85216992d14acb29d6f345608f21f268 install : $(TARGET) @@ -70,13 +70,27 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/squidguard-1.4-squid-helper-protocol.patch - cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/squidGuard-1.4-db5.patch - cd $(DIR_APP) && ./configure --prefix=/usr --datadir=/usr/share \ - --sysconfdir=/etc --localstatedir=/var --infodir=/usr/info --mandir=/usr/man \ + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/squidguard/01_squidguard-1.5-beta_db_v4_up.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/squidguard/02_squidguard-1.5-beta_helper-protocol.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/squidguard/03_squidguard-1.5-beta_remove-debug-logging.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/squidguard/04_squidguard-1.5-beta_stdout-always.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/squidguard/05_squidguard-1.5-beta_fixes_htunescape-size_t-ldap_functions-unused_variables-noinput_and_nounput.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/squidguard/06_squidguard_version.patch + cd $(DIR_APP) && ./configure \ + --prefix=/usr \ + --datadir=/usr/share \ + --sysconfdir=/etc \ + --localstatedir=/var \ + --infodir=/usr/info \ + --mandir=/usr/man \ --with-sg-config=/var/ipfire/urlfilter/squidGuard.conf \ - --with-sg-logdir=/var/log/squidGuard --with-sg-dbhome=/var/lib/squidguard \ - --with-db=/usr --with-db-inc=/usr/include --with-db-lib=/usr/lib + --with-sg-logdir=/var/log/squidGuard \ + --with-syslog=yes \ + --with-sg-dbhome=/var/lib/squidguard \ + --with-db=/usr \ + --with-db-inc=/usr/include \ + --with-db-lib=/usr/lib + cd $(DIR_APP) && make cd $(DIR_APP) && make install @@ -92,7 +106,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) chmod 755 /var/ipfire/urlfilter/bin/prebuild.pl cp -f $(DIR_CONF)/urlfilter/autoupdate.pl /var/ipfire/urlfilter/bin/autoupdate.pl chmod 755 /var/ipfire/urlfilter/bin/autoupdate.pl - echo "1.7.1" > /var/ipfire/urlfilter/version + echo "1.5-beta" > /var/ipfire/urlfilter/version # Wrapper cp -f $(DIR_CONF)/urlfilter/redirect_wrapper /usr/sbin diff --git a/src/patches/squidguard/01_squidguard-1.5-beta_db_v4_up.patch b/src/patches/squidguard/01_squidguard-1.5-beta_db_v4_up.patch new file mode 100644 index 000000000..bc50efd68 --- /dev/null +++ b/src/patches/squidguard/01_squidguard-1.5-beta_db_v4_up.patch @@ -0,0 +1,14 @@ +Make BerkeleyDB version 4.7 and higher working. + +diff -Nur a/src/sgDb.c b/src/sgDb.c +--- a/src/sgDb.c 2010-09-09 12:35:22.000000000 +0200 ++++ b/src/sgDb.c 2013-11-23 10:05:55.000000000 +0100 +@@ -112,7 +112,7 @@ + } + } + #endif +-#if DB_VERSION_MAJOR == 4 ++#if DB_VERSION_MAJOR >= 4 + if(globalUpdate || createdb || (dbfile != NULL && stat(dbfile,&st))){ + flag = DB_CREATE; + if(createdb) diff --git a/src/patches/squidguard/02_squidguard-1.5-beta_helper-protocol.patch b/src/patches/squidguard/02_squidguard-1.5-beta_helper-protocol.patch new file mode 100644 index 000000000..a2f9177f5 --- /dev/null +++ b/src/patches/squidguard/02_squidguard-1.5-beta_helper-protocol.patch @@ -0,0 +1,125 @@ + +From Jeffries Amos http://bugs.squid-cache.org/show_bug.cgi?id=3978#c5 + +--- squidGuard-1.5-beta.orig/src/main.c 2013-12-12 11:47:31.000000000 +1300 ++++ squidGuard-1.5-beta.orig/src/main.c 2013-12-12 11:50:38.000000000 +1300 +@@ -185,7 +185,7 @@ + sgReloadConfig(); + } + if(failsafe_mode) { +- puts(""); ++ puts("ERR message=\"squidGuard failsafe mode\""); + fflush(stdout); + if(sig_hup){ + sgReloadConfig(); +@@ -194,7 +194,7 @@ + } + if(parseLine(buf,&squidInfo) != 1){ + sgLogError("ERROR: Error parsing squid line: %s",buf); +- puts(""); ++ puts("BH message=\"squidGuard error parsing squid line\""); + } + else { + src = Source; +@@ -206,14 +206,14 @@ + acl = sgAclCheckSource(src); + if((redirect = sgAclAccess(src,acl,&squidInfo)) == NULL){ + if(src == NULL || src->cont_search == 0){ +- puts(""); ++ puts("ERR"); + break; + } else + if(src->next != NULL){ + src = src->next; + continue; + } else { +- puts(""); ++ puts("ERR"); + break; + } + } else { +@@ -228,6 +228,10 @@ + fprintf(stdout,"%s %s/%s %s %s\n",redirect,squidInfo.src, + squidInfo.srcDomain,squidInfo.ident, + squidInfo.method); ++ if (isdigit(redirect[0]) && isdigit(redirect[1]) && isdigit(redirect[2]) && redirect[3]==':') { ++ fprintf(stdout,"OK status=%c%c%c url=\"%s\"\n", redirect[0], redirect[1], redirect[2], &redirect[4]); ++ } else ++ fprintf(stdout,"OK rewrite-url=\"%s\"\n",redirect); + /* sgLogDebug("DEBUG: %s %s/%s %s %s\n",redirect,squidInfo.src,squidInfo.srcDomain,squidInfo.ident,squidInfo.method); */ + break; + } +--- squidGuard-1.5-beta.orig/src/main.c.in 2013-12-12 11:47:31.000000000 +1300 ++++ squidGuard-1.5-beta.orig/src/main.c.in 2013-12-12 11:53:18.000000000 +1300 +@@ -185,7 +185,7 @@ + sgReloadConfig(); + } + if(failsafe_mode) { +- puts(""); ++ puts("ERR message=\"squidGuard failsafe mode\""); + fflush(stdout); + if(sig_hup){ + sgReloadConfig(); +@@ -194,7 +194,7 @@ + } + if(parseLine(buf,&squidInfo) != 1){ + sgLogError("ERROR: Error parsing squid line: %s",buf); +- puts(""); ++ puts("BH message=\"squidGuard error parsing squid line\""); + } + else { + src = Source; +@@ -206,14 +206,14 @@ + acl = sgAclCheckSource(src); + if((redirect = sgAclAccess(src,acl,&squidInfo)) == NULL){ + if(src == NULL || src->cont_search == 0){ +- puts(""); ++ puts("ERR"); + break; + } else + if(src->next != NULL){ + src = src->next; + continue; + } else { +- puts(""); ++ puts("ERR"); + break; + } + } else { +@@ -225,9 +225,11 @@ + squidInfo.ident[0] = '-'; + squidInfo.ident[1] = '\0'; + } +- fprintf(stdout,"%s %s/%s %s %s\n",redirect,squidInfo.src, +- squidInfo.srcDomain,squidInfo.ident, +- squidInfo.method); ++ if (isdigit(redirect[0]) && isdigit(redirect[1]) && isdigit(redirect[2]) && redirect[3]==':') { ++ fprintf(stdout,"OK status=%c%c%c url=\"%s\"\n", redirect[0], redirect[1], redirect[2], &redirect[4]); ++ } else ++ fprintf(stdout,"OK rewrite-url=\"%s\"\n",redirect); ++ + /* sgLogDebug("DEBUG: %s %s/%s %s %s\n",redirect,squidInfo.src,squidInfo.srcDomain,squidInfo.ident,squidInfo.method); */ + break; + } +--- squidGuard-1.5-beta.orig/src/sgDiv.c 2013-12-12 11:47:31.000000000 +1300 ++++ squidGuard-1.5-beta.orig/src/sgDiv.c 2013-12-12 11:48:36.000000000 +1300 +@@ -782,7 +782,7 @@ + } + sgLogError("ERROR: Going into emergency mode"); + while(fgets(buf, MAX_BUF, stdin) != NULL){ +- puts(""); ++ puts("ERR"); + fflush(stdout); + } + sgLogError("ERROR: Ending emergency mode, stdin empty"); +--- squidGuard-1.5-beta.orig/src/sgDiv.c.in 2013-12-12 11:47:31.000000000 +1300 ++++ squidGuard-1.5-beta.orig/src/sgDiv.c.in 2013-12-12 11:48:36.000000000 +1300 +@@ -782,7 +782,7 @@ + } + sgLogError("ERROR: Going into emergency mode"); + while(fgets(buf, MAX_BUF, stdin) != NULL){ +- puts(""); ++ puts("ERR"); + fflush(stdout); + } + sgLogError("ERROR: Ending emergency mode, stdin empty"); diff --git a/src/patches/squidguard/03_squidguard-1.5-beta_remove-debug-logging.patch b/src/patches/squidguard/03_squidguard-1.5-beta_remove-debug-logging.patch new file mode 100644 index 000000000..ba2840bac --- /dev/null +++ b/src/patches/squidguard/03_squidguard-1.5-beta_remove-debug-logging.patch @@ -0,0 +1,66 @@ +--- a/src/sg.y.in 2014-04-14 16:23:39.183396677 +0200 ++++ b/src/sg.y.in 2014-04-14 16:24:19.000000000 +0200 +@@ -795,9 +795,9 @@ + { + struct Source *sp; + sp = lastSource; +- ++/* DEBUG + @NOLOG1@ sgLogError("DEBUG: sgSourceLdapIpSearch called with: %s", url); @NOLOG2@ +- ++*/ + if(!ldap_is_ldap_url(url)) { + sgLogError("%s: can't parse LDAP url %s",progname, url); + return; +@@ -1311,10 +1311,12 @@ + } + sp->domainlistDb = (struct sgDb *) sgCalloc(1,sizeof(struct sgDb)); + sp->domainlistDb->type=SGDBTYPE_DOMAINLIST; ++/* DEBUG + sgLogError("init domainlist %s",sp->domainlist); ++*/ + sgDbInit(sp->domainlistDb,sp->domainlist); + if(sp->domainlistDb->entries == 0) { /* empty database */ +- sgLogError("domainlist empty, removed from memory"); ++ sgLogError("domainlist %s empty, removed from memory",sp->domainlist); + sgFree(sp->domainlistDb); + sp->domainlistDb = NULL; + } +@@ -1356,10 +1356,12 @@ + } + sp->urllistDb = (struct sgDb *) sgCalloc(1,sizeof(struct sgDb)); + sp->urllistDb->type=SGDBTYPE_URLLIST; ++/* DEBUG + sgLogError("init urllist %s",sp->urllist); ++*/ + sgDbInit(sp->urllistDb,sp->urllist); + if(sp->urllistDb->entries == 0) { /* empty database */ +- sgLogError("urllist empty, removed from memory"); ++ sgLogError("urllist empty %s, removed from memory",sp->urllist); + sgFree(sp->urllistDb); + sp->urllistDb = NULL; + } +@@ -2773,9 +2773,9 @@ + char *interval; + struct UserInfo *userinfo; + static struct UserInfo info; +- ++/* DEBUG + @NOLOG1@ sgLogError("DEBUG: sgFindUser called with: %s", ident); @NOLOG2@ +- ++*/ + /* defined in the userDB? */ + if(defined(src->userDb, ident, (char **) &userinfo) == 1) { + #ifdef HAVE_LIBLDAP +--- a/src/sgDb.c 2014-04-17 08:53:29.961367395 +0200 ++++ b/src/sgDb.c 2014-04-17 08:53:58.000000000 +0200 +@@ -48,7 +48,9 @@ + strcat(dbfile,".db"); + if(stat(dbfile,&st) == 0){ + if(!createdb){ ++/* DEBUG + sgLogNotice("INFO: loading dbfile %s",dbfile); ++*/ + } + } else { + if(!createdb){ diff --git a/src/patches/squidguard/04_squidguard-1.5-beta_stdout-always.patch b/src/patches/squidguard/04_squidguard-1.5-beta_stdout-always.patch new file mode 100644 index 000000000..dbc13e20e --- /dev/null +++ b/src/patches/squidguard/04_squidguard-1.5-beta_stdout-always.patch @@ -0,0 +1,76 @@ +Original input to stdout, to be useable with multiple redirectors +when option -f is given on squidGuard start +We have to remember the raw original URL as the URL is modified for testing +purpose. So the exisiting HTML entities like %3F (?), %26 (&), %3D (=) etc. are changed +which breaks the URL for further processing if it is send to stdout like we do it for the +redirector chain (THIS patch). +diff -Nur a/src/main.c.in b/src/main.c.in +--- a/src/main.c.in 2009-09-27 21:41:50.000000000 +0200 ++++ b/src/main.c.in 2013-06-01 21:18:55.000000000 +0200 +@@ -59,6 +59,7 @@ + char **globalEnvp ; + int globalDebugTimeDelta = 0; + int globalDebug = 0; ++int globalFullStdout = 0; + int globalPid = 0; + int globalUpdate = 0; + int passthrough = 0; +@@ -89,6 +90,7 @@ + struct Acl *acl; + struct timeval start_time,ready_time,stop_time; + char buf[MAX_BUF]; ++ char origraw[MAX_BUF]; + char *redirect,tmp[MAX_BUF]; + char *configFile = NULL; + time_t t; +@@ -101,11 +102,14 @@ + #ifdef USE_SYSLOG + openlog("squidGuard", LOG_PID | LOG_NDELAY | LOG_CONS, LOG_ at LOGFAC@); + #endif +- while ((ch = getopt(argc, argv, "hbduPC:t:c:v")) != EOF) ++ while ((ch = getopt(argc, argv, "hbdfuPC:t:c:v")) != EOF) + switch (ch) { + case 'd': + globalDebug = 1; + break; ++ case 'f': ++ globalFullStdout = 1; ++ break; + case 'c': + configFile = optarg; + break; +@@ -192,6 +193,8 @@ + } + continue; + } ++ strcpy(origraw,buf); ++ if (strlen(origraw) && (origraw[strlen(origraw)-1] == '\n')) origraw[strlen(origraw)-1] = 0; + if(parseLine(buf,&squidInfo) != 1){ + sgLogError("ERROR: Error parsing squid line: %s",buf); + puts("BH message=\"squidGuard error parsing squid line\""); +@@ -206,7 +210,12 @@ + acl = sgAclCheckSource(src); + if((redirect = sgAclAccess(src,acl,&squidInfo)) == NULL){ + if(src == NULL || src->cont_search == 0){ ++ if (globalFullStdout) { ++ puts(origraw); ++ } ++ else { + puts("ERR"); ++ } + break; + } else + if(src->next != NULL){ +@@ -213,7 +214,12 @@ + src = src->next; + continue; + } else { ++ if (globalFullStdout) { ++ puts(origraw); ++ } ++ else { + puts("ERR"); ++ } + break; + } + } else { diff --git a/src/patches/squidguard/05_squidguard-1.5-beta_fixes_htunescape-size_t-ldap_functions-unused_variables-noinput_and_nounput.patch b/src/patches/squidguard/05_squidguard-1.5-beta_fixes_htunescape-size_t-ldap_functions-unused_variables-noinput_and_nounput.patch new file mode 100644 index 000000000..33732deea --- /dev/null +++ b/src/patches/squidguard/05_squidguard-1.5-beta_fixes_htunescape-size_t-ldap_functions-unused_variables-noinput_and_nounput.patch @@ -0,0 +1,56 @@ +--- a/src/sg.l Sat Jan 30 13:51:12 2016 ++++ b/src/sg.l Sat Jan 30 14:01:28 2016 +@@ -23,6 +23,8 @@ + + %} + ++%option noinput ++%option nounput + ignore [,\t\r ]+ + s [\t ] + d [0-9] +--- a/src/sg.y.in Sat Jan 30 13:52:26 2016 ++++ b/src/sg.y.in Sat Jan 30 14:00:50 2016 +@@ -26,6 +26,7 @@ + + #ifdef HAVE_LIBLDAP + #include "lber.h" ++#define LDAP_DEPRECATED 1 + #include "ldap.h" + #endif + +@@ -1097,7 +1098,6 @@ + foundip = 1; + unblockedip = 1; + if(s->ipquota.seconds != 0){ +- struct IpInfo uq; + time_t t = time(NULL) + globalDebugTimeDelta; + sgLogError("status %d time %d lasttime %d consumed %d", ipquota->status, ipquota->time, ipquota->last, ipquota->consumed); + sgLogError("renew %d seconds %d", s->ipquota.renew, s->ipquota.seconds); +@@ -1157,7 +1157,6 @@ + founduser = 1; + unblockeduser = 1; + if(s->userquota.seconds != 0){ +- struct UserInfo uq; + time_t t = time(NULL) + globalDebugTimeDelta; + //sgLogError("status %d time %d lasttime %d consumed %d", userquota->status, userquota->time, userquota->last, userquota->consumed); + //sgLogError("renew %d seconds %d", s->userquota.renew, s->userquota.seconds); +--- a/src/sgDiv.c.in Sat Jan 30 13:52:10 2016 ++++ b/src/sgDiv.c.in Sat Jan 30 13:59:16 2016 +@@ -18,6 +18,7 @@ + + #include "sg.h" + #include "sgEx.h" ++#include "HTEscape.h" + + /* #define METEST 8; */ + +@@ -692,7 +693,7 @@ + struct UserInfo *userquota; + if(defined(s->userDb, req->ident, (char **) &userquota) == 1){ + char qbuf[150]; +- sprintf(qbuf, "%d-%d-%d-%d-%d-%d", s->userquota.renew, s->userquota.seconds, userquota->status, userquota->time, userquota->last, userquota->consumed); ++ sprintf(qbuf, "%d-%d-%d-%d-%d-%d", s->userquota.renew, (int)s->userquota.seconds, userquota->status, (int)userquota->time, (int)userquota->last, userquota->consumed); + strcat(buf, qbuf); + } else { + strcat(buf, "noquota"); diff --git a/src/patches/squidguard/06_squidguard_version.patch b/src/patches/squidguard/06_squidguard_version.patch new file mode 100644 index 000000000..351804c49 --- /dev/null +++ b/src/patches/squidguard/06_squidguard_version.patch @@ -0,0 +1,8 @@ +--- a/src/version.h Thu Apr 17 17:00:48 2008 ++++ b/src/version.h Fri May 08 20:44:48 2009 +@@ -16,4 +16,4 @@ + (GPL) along with this program. + */ + +-#define VERSION "1.5-alpha" ++#define VERSION "1.5-beta"