Hi,
Features:
* Included configurable logging.
* Progress bar when compiling blacklists.
* Full sed compliance for rewrite statements.
* Blocking of urls with hostnames.
* Added patch by Marc Clayton to include a progressbar to the build of
the database.
* Added patch by Eric Harrison to enable full sed compliance to rewrite
statements.
* Added patch from satish to block urls entries that include hostnames.
* Bug Fixes:
- Modified auth code to work with and without ldap (choosing
subroutine rfc1738_unescape or sgFindUser in sg.y.in).
- Fixed missing evaluation of configure parameters for logdir, dbhome
and config file.
- Fixed broken regex evaluation.
- Fixed a compile problem on some systems.
- Corrected an issue with the fix for the double slash vulnerability
I only have test on i386. Can someone test this update and then
commit this one, please!
regards
===================================================================
diff -Nuar --exclude CVS /usr/ports/www/squidguard/Makefile ./Makefile
--- /usr/ports/www/squidguard/Makefile Sat Nov 10 18:35:59 2007
+++ ./Makefile Sat Nov 10 17:57:35 2007
@@ -1,9 +1,9 @@
-# $OpenBSD: Makefile,v 1.3 2007/10/25 21:05:33 steven Exp $
+# $OpenBSD: $
COMMENT= filter, redirector and access controller for
Squid
-DISTNAME= squidGuard-1.2.1
-PKGNAME= ${DISTNAME}p0
+DISTNAME= squidGuard-1.3
+PKGNAME= ${DISTNAME}
CATEGORIES= www
HOMEPAGE= http://www.squidguard.org/
@@ -19,7 +19,7 @@
MASTER_SITES= http://www.squidguard.org/Downloads/
-SG_DIR= /var/squidguard
+SG_DIR= /var/db/squidGuard
CONFIG_DIR= ${SYSCONFDIR}/squidguard
CONFIG_FILE= ${CONFIG_DIR}/squidguard.conf
SUBST_VARS= SG_DIR CONFIG_DIR CONFIG_FILE
@@ -52,9 +52,10 @@
CONFIGURE_ARGS+= --with-ldap=no
.endif
-post-configure:
- @perl -pi -e "s,%%CONFIG_DIR%%,${CONFIG_DIR},"
${WRKSRC}/src/sg.h
- @perl -pi -e "s,%%SG_DIR%%,${SG_DIR}," ${WRKSRC}/src/sg.h
+pre-configure:
+ @perl -pi -e "s,[EMAIL PROTECTED]@\/squidGuard/squidGuard.conf,[EMAIL
PROTECTED]
[EMAIL PROTECTED]/squidguard/squidguard.conf," ${WRKSRC}/src/sg.h.in
+ @perl -pi -e "s,[EMAIL PROTECTED]@\/squidGuard/log,[EMAIL PROTECTED]@
\/squidGuard," ${WRKSRC}/src/sg.h.in
+ @perl -pi -e "s,[EMAIL PROTECTED]@\/squidGuard/db,[EMAIL PROTECTED]@
\/squidGuard/db," ${WRKSRC}/src/sg.h.in
do-install:
${INSTALL_PROGRAM} ${WRKDIST}/src/squidGuard ${PREFIX}/bin
@@ -64,7 +65,7 @@
cp -R ${WRKDIST}/doc/* ${PREFIX}/share/doc/squidguard/
${INSTALL_DATA_DIR} ${PREFIX}/share/examples/squidguard
- @rm ${WRKDIST}/samples/{Makefile,*.in,*.orig}
+ @rm ${WRKDIST}/samples/{Makefile,*.in}
cp -R ${WRKDIST}/samples/* ${PREFIX}/share/examples/squidguard/
.include <bsd.port.mk>
diff -Nuar --exclude CVS /usr/ports/www/squidguard/distinfo ./distinfo
--- /usr/ports/www/squidguard/distinfo Sat Nov 10 18:35:59 2007
+++ ./distinfo Fri Nov 9 18:36:56 2007
@@ -1,4 +1,5 @@
-MD5 (squidGuard-1.2.1.tar.gz) = b6700f59c48fde5ad4d12f871acba93a
-RMD160 (squidGuard-1.2.1.tar.gz) =
0b998792a3612db28adb795c9fb0ea9b70118af3 -SHA1
(squidGuard-1.2.1.tar.gz) = f8134ad0627ce61659f0d79a4a0bcf60e8b25796
-SIZE (squidGuard-1.2.1.tar.gz) = 1947273 +MD5 (squidGuard-1.3.tar.gz)
= 18LC4DooNeTRw773Uaznbw== +RMD160 (squidGuard-1.3.tar.gz) =
SmqbXPNtnh0JlLPsQQ90Gnt5VdM= +SHA1 (squidGuard-1.3.tar.gz) =
Sh41lnnzKM/1lw6S6TzJQjbq1sc= +SHA256 (squidGuard-1.3.tar.gz) =
vjNCvnTa2/XCfOA5bbZ1qYnE+RmhnlyCQM5yxrPDYaQ= +SIZE
(squidGuard-1.3.tar.gz) = 1905252 diff -Nuar --exclude
CVS /usr/ports/www/squidguard/patches/patch-Makefile_in
./patches/patch-Makefile_in
--- /usr/ports/www/squidguard/patches/patch-Makefile_in Sat Jun
2 12:26:54 2007 +++ ./patches/patch-Makefile_in Wed Dec 31
21:00:00 1969 @@ -1,12 +0,0 @@
-$OpenBSD: patch-Makefile_in,v 1.1.1.1 2007/06/02 15:26:54 aanriot Exp $
---- Makefile.in.orig Fri Dec 29 07:03:53 2006
-+++ Makefile.in Mon Apr 30 18:48:21 2007
-@@ -19,6 +19,8 @@ prefix = @prefix@
- exec_prefix = @exec_prefix@
- bindir = $(exec_prefix)/bin
- infodir = $(prefix)/info
-+cfgdir = @sg_cfgdir@
-+logdir = @sg_logdir@
- SQUIDUSER = @squiduser@
-
- SUBDIRS = src doc test samples contrib
diff -Nuar --exclude
CVS /usr/ports/www/squidguard/patches/patch-samples_sample_conf_in
./patches/patch-samples_sample_conf_in
--- /usr/ports/www/squidguard/patches/patch-samples_sample_conf_in
Sat Jun 2 12:26:54 2007 ++
+ ./patches/patch-samples_sample_conf_in Wed Dec 31 21:00:00
1969 @@ -1,14 +0,0 @@ -$OpenBSD: patch-samples_sample_conf_in,v 1.1.1.1
2007/06/02 15:26:54 aanriot Exp $
---- samples/sample.conf.in.orig Fri Apr 27 15:16:00 2007
-+++ samples/sample.conf.in Fri Apr 27 15:16:44 2007
-@@ -2,8 +2,8 @@
- # CONFIG FILE FOR SQUIDGUARD
- #
-
--dbhome @prefix@/squidGuard/db
--logdir @prefix@/squidGuard/log
-+dbhome @localstatedir@/db
-+logdir @localstatedir@/log
-
- #
- # TIME RULES:
diff -Nuar --exclude
CVS /usr/ports/www/squidguard/patches/patch-src_sgDiv_c
./patches/patch-src_sgDiv_c
--- /usr/ports/www/squidguard/patches/patch-src_sgDiv_c Sat Jun
2 12:26:54 2007 +++ ./patches/patch-src_sgDiv_c Wed Dec 31
21:00:00 1969 @@ -1,159 +0,0 @@
-$OpenBSD: patch-src_sgDiv_c,v 1.1.1.1 2007/06/02 15:26:54 aanriot Exp $
---- src/sgDiv.c.orig Sun Apr 15 09:48:19 2007
-+++ src/sgDiv.c Wed May 23 17:58:33 2007
-@@ -20,6 +20,7 @@
-
- #include "sg.h"
- #include "sgEx.h"
-+#include "HTEscape.h"
-
- /* #define METEST 8; */
-
-@@ -94,6 +95,8 @@ int parseLine(line, s)
- {
- char *p, *d = NULL, *a = NULL, *e = NULL, *o, *field;
- int i = 0;
-+ int report_once = 1;
-+ size_t strsz;
- char c;
- int ndx = 0;
-
-@@ -126,22 +129,28 @@ int parseLine(line, s)
- */
- /* Fix for multiple slash vulnerability (bug1). */
- /* Check if there are still two or more slashes in sequence which
must not happen */
-- int report_once = 1;
-+ strsz = strlen(p);
-
-- /* loop thru the string 'p' until the char '?' is hit */
-+ /* loop thru the string 'p' until the char '?' is hit or the
"end" is hit */
- while('?' != p[ndx] && '\0' != p[ndx])
- {
-- /* if this char and the next char are slashes,
-- then shift the rest of the string left one char */
-- if('/' == p[ndx] && '/' == p[ndx+1])
-- {
-- size_t sz = strlen(p+ndx+1);
-- strncpy(p+ndx,p+ndx+1, sz);
-- p[ndx+sz] = '\0';
-- if(1 == report_once) {
-- sgLogError("Warning: Possible bypass attempt. Found
multiple slashes where only one is expected: %s", s->orig);
-- report_once--;
-+ /* in case this is a '://' skip over it, but try to not read
past EOS */ -+ if(3 <= strsz-ndx) {
-+ if(':' == p[ndx] && '/' == p[ndx+1] && '/' == p[ndx+2]) {
-+ ndx+=3; /* 3 == strlen("://"); */
-+ }
- }
-+
-+ /* if this char and the next char are slashes,
-+ * then shift the rest of the string left one char */
-+ if('/' == p[ndx] && '/' == p[ndx+1]) {
-+ size_t sz = strlen(p+ndx+1);
-+ strncpy(p+ndx,p+ndx+1, sz);
-+ p[ndx+sz] = '\0';
-+ if(1 == report_once) {
-+ sgLogError("Warning: Possible bypass attempt. Found
multiple slashes where only one is expected: %s", s->orig);
-+ report_once--; -+ }
- }
- else
- {
-@@ -537,13 +546,13 @@ char *sgRegExpSubst(regexp, pattern)
- #endif
- {
- struct sgRegExp *re;
-- regmatch_t pm;
-+ regmatch_t pm[10];
- static char newstring[MAX_BUF];
- char *result = NULL, *p;
- int substlen;
- *newstring='\0';
- for(re = regexp; re != NULL; re = re->next){
-- if (regexec (re->compiled, pattern, 1, &pm, 0) != 0){
-+ if (regexec (re->compiled, pattern, sizeof(pm) / sizeof(pm[0]),
pm, 0) != 0){
- result = NULL;
- } else {
- substlen = strlen(re->substitute);
-@@ -553,21 +562,73 @@ char *sgRegExpSubst(regexp, pattern)
- *newstring = '\0';
- p = newstring;
- do {
-- if((p - newstring)+ pm.rm_so >= MAX_BUF)
-+ if((p - newstring)+ pm[0].rm_so >= MAX_BUF)
- break;
-- p = strncat(newstring,pattern,pm.rm_so);
-- if((p - newstring)+ substlen >= MAX_BUF)
-- break;
-- p = strcat(newstring,re->substitute);
-- pattern = pattern + pm.rm_eo;
-- } while(regexec (re->compiled, pattern, 1, &pm, REG_NOTBOL)== 0
&&
-- re->global);
-+ p = strncat(newstring,pattern,pm[0].rm_so);
-+ {
-+ char *p_cur;
-+ char *p_next;
-+
-+ for (p_next = p_cur = re->substitute;
-+ p_next < (re->substitute + substlen);
-+ p_next++)
-+ {
-+ if (*p_next == '\\')
-+ {
-+ if (p_cur < p_next)
-+ {
-+ if (((p - newstring) + (p_next - p_cur)) >=
MAX_BUF) -+ goto err;
-+ p = strncat(newstring, p_cur, p_next - p_cur);
-+ }
-+ p_next++;
-+ if (p_next < (re->substitute + substlen)
-+ && '0' <= *p_next && *p_next <= '9')
-+ {
-+ int i = *p_next - '0';
-+ if ((p - newstring) + (pm[i].rm_eo - pm
[i].rm_so) >= MAX_BUF) -+ goto err;
-+ p = strncat(newstring, pattern + pm[i].rm_so,
pm[i].rm_eo - pm[i].rm_so); -+ }
-+ else
-+ {
-+ if ((p - newstring + 1) >= MAX_BUF)
-+ goto err;
-+ p = strncat(newstring, p_next, 1);
-+ }
-+ p_cur = p_next + 1;
-+ }
-+ else if (*p_next == '&')
-+ {
-+ if (p_cur < p_next)
-+ {
-+ if (((p - newstring) + (p_next - p_cur)) >=
MAX_BUF) -+ goto err;
-+ p = strncat(newstring, p_cur, p_next - p_cur);
-+ }
-+ if (((p - newstring) + (pm[0].rm_eo - pm
[0].rm_so)) >= MAX_BUF) -+ goto err;
-+ p = strncat(newstring, pattern + pm[0].rm_so, pm
[0].rm_eo - pm[0].rm_so); -+ p_cur = p_next + 1;
-+ }
-+ }
-+ if (p_cur < p_next)
-+ {
-+ if (((p - newstring) + (p_next - p_cur)) >= MAX_BUF)
-+ goto err;
-+ p = strncat(newstring, p_cur, p_next - p_cur);
-+ }
-+ }
-+ pattern = pattern + pm[0].rm_eo;
-+ } while(regexec (re->compiled, pattern, sizeof(pm) / sizeof(pm
[0]), pm, REG_NOTBOL)== 0 && -+ re->global);
- if((p - newstring)+ strlen(pattern) <= MAX_BUF)
- p = strcat(newstring,pattern);
- result = newstring;
- break;
- }
- }
-+err:
- return result;
- }
-
diff -Nuar --exclude
CVS /usr/ports/www/squidguard/patches/patch-src_sg_h ./patches/patch-src_sg_h
--- /usr/ports/www/squidguard/patches/patch-src_sg_h Sat Jun 2
12:26:54 2007 +++ ./patches/patch-src_sg_h Wed Dec 31 21:00:00
1969 @@ -1,30 +0,0 @@
-$OpenBSD: patch-src_sg_h,v 1.1.1.1 2007/06/02 15:26:54 aanriot Exp $
---- src/sg.h.orig Wed Apr 11 06:20:25 2007
-+++ src/sg.h Wed May 16 14:44:38 2007
-@@ -86,17 +86,17 @@ int tolower();
-
- #ifdef ACCONFIG
- #undef DEFAULT_CONFIGFILE
--#define DEFAULT_CONFIGFILE ""
-+#define DEFAULT_CONFIGFILE "/etc/squidguard/squidguard.conf"
- #endif
-
- #ifdef ACLOGDIR
- #undef DEFAULT_LOGDIR
--#define DEFAULT_LOGDIR ""
-+#define DEFAULT_LOGDIR "/var/squidguard"
- #endif
-
- #ifdef ACDBHOME
- #undef DEFAULT_DBHOME
--#define DEFAULT_DBHOME ""
-+#define DEFAULT_DBHOME "/var/squidguard/db"
- #endif
-
- #define INVALID_IP_ADDR 1
-@@ -442,4 +442,4 @@ int sgDoLdapSearch __P((const char *,
-
- int expand_url __P((char *, size_t, const char *, const char *));
-
--
-+struct UserInfo *setuserinfo();
diff -Nuar --exclude
CVS /usr/ports/www/squidguard/patches/patch-src_sg_y ./patches/patch-src_sg_y
--- /usr/ports/www/squidguard/patches/patch-src_sg_y Sat Jun 2
12:26:54 2007 +++ ./patches/patch-src_sg_y Wed Dec 31 21:00:00
1969 @@ -1,54 +0,0 @@
-$OpenBSD: patch-src_sg_y,v 1.1.1.1 2007/06/02 15:26:54 aanriot Exp $
---- src/sg.y.orig Wed Apr 11 02:57:02 2007
-+++ src/sg.y Fri Jun 1 20:07:12 2007
-@@ -21,9 +21,12 @@
- #include "sg.h"
-
- #ifdef HAVE_LIBLDAP
--#include "lber.h"
--#include "ldap.h"
-+#ifndef LDAP_DEPRECATED
-+#define LDAP_DEPRECATED 1
- #endif
-+#include <lber.h>
-+#include <ldap.h>
-+#endif
-
- #include "sgEx.h"
-
-@@ -954,7 +957,7 @@ struct Source *sgFindSource (bsrc, net, ident,
domain)
- founduser = 1;
- unblockeduser = 1;
- if(s->userquota.seconds != 0){
-- struct UserInfo uq;
-+ // struct UserInfo uq;
- time_t t = time(NULL) + globalDebugTimeDelta;
- //sgLogError("status %d time %d lasttime %d consumed %d",
userquota->status, userquota->time, userquota->last,
userquota->consumed);
- //sgLogError("renew %d seconds %d", s->userquota.renew,
s->userquota.seconds); -@@ -1940,11 +1943,14 @@ void sgTimeSetAcl()
- for(rew = Rewrite; rew != NULL; rew = rew->next){
- if(rew->time != NULL){
- rew->active = rew->time->active;
-- if(rew->within == OUTSIDE)
-- if(rew->active)
-+ if(rew->within == OUTSIDE) {
-+ if(rew->active) {
- rew->active = 0;
-- else
-+ }
-+ else {
- rew->active = 1;
-+ }
-+ }
- }
- }
- }
-@@ -2347,7 +2353,7 @@ char *sgAclAccess(src, acl, req)
- }
- }
- if(aclpass->dest->regExp != NULL && access){
-- if((result = sgRegExpMatch(aclpass->dest->regExp,req->url)) !
= 0){ -+ if((result = sgRegExpMatch
(aclpass->dest->regExp,req->strippedurl)) != 0){
- if(aclpass->access){
- access++;
- break;
diff -Nuar --exclude
CVS /usr/ports/www/squidguard/patches/patch-src_sg_y_in
./patches/patch-src_sg_y_in
--- /usr/ports/www/squidguard/patches/patch-src_sg_y_in Wed Dec
31 21:00:00 1969 +++ ./patches/patch-src_sg_y_in Fri Nov 9
22:39:05 2007 @@ -0,0 +1,17 @@
+$OpenBSD$
+--- src/sg.y.in.orig Sat Nov 3 11:59:49 2007
++++ src/sg.y.in Fri Nov 9 22:38:46 2007
+@@ -22,8 +22,11 @@
+ extern int globalDebug;
+
+ #ifdef HAVE_LIBLDAP
+-#include "lber.h"
+-#include "ldap.h"
++#ifndef LDAP_DEPRECATED
++#define LDAP_DEPRECATED 1
++#endif
++#include <lber.h>
++#include <ldap.h>
+ #endif
+
+ #include "sgEx.h"
diff -Nuar --exclude
CVS /usr/ports/www/squidguard/patches/patch-src_y_tab_c_bison
./patches/patch-src_y_tab_c_bison
--- /usr/ports/www/squidguard/patches/patch-src_y_tab_c_bison
Sat Jun 2 12:26:54 2007 +++ ./patches/patch-src_y_tab_c_bison
Fri Nov 9 22:39:02 2007 @@ -1,7 +1,7 @@
-$OpenBSD: patch-src_y_tab_c_bison,v 1.1.1.1 2007/06/02 15:26:54
aanriot Exp $
---- src/y.tab.c.bison.orig Fri Mar 16 05:15:05 2007
-+++ src/y.tab.c.bison Fri Jun 1 19:58:04 2007
-@@ -189,9 +189,12 @@
+$OpenBSD$
+--- src/y.tab.c.bison.orig Thu May 10 12:39:44 2007
++++ src/y.tab.c.bison Fri Nov 9 22:38:08 2007
+@@ -189,8 +189,11 @@
#include "sg.h"
#ifdef HAVE_LIBLDAP
@@ -9,37 +9,9 @@
-#include "ldap.h"
+#ifndef LDAP_DEPRECATED
+#define LDAP_DEPRECATED 1
- #endif
++#endif
+#include <lber.h>
+#include <ldap.h>
-+#endif
+ #endif
#include "sgEx.h"
-
-@@ -2943,7 +2946,7 @@ struct Source *sgFindSource (bsrc, net, ident,
domain)
- founduser = 1;
- unblockeduser = 1;
- if(s->userquota.seconds != 0){
-- struct UserInfo uq;
-+ // struct UserInfo uq;
- time_t t = time(NULL) + globalDebugTimeDelta;
- //sgLogError("status %d time %d lasttime %d consumed %d",
userquota->status, userquota->time, userquota->last,
userquota->consumed);
- //sgLogError("renew %d seconds %d", s->userquota.renew,
s->userquota.seconds); -@@ -3929,11 +3932,14 @@ void sgTimeSetAcl()
- for(rew = Rewrite; rew != NULL; rew = rew->next){
- if(rew->time != NULL){
- rew->active = rew->time->active;
-- if(rew->within == OUTSIDE)
-- if(rew->active)
-+ if(rew->within == OUTSIDE) {
-+ if(rew->active) {
- rew->active = 0;
-- else
-+ }
-+ else {
- rew->active = 1;
-+ }
-+ }
- }
- }
- }
diff -Nuar --exclude
CVS /usr/ports/www/squidguard/patches/patch-test_Makefile_in
./patches/patch-test_Makefile_in
--- /usr/ports/www/squidguard/patches/patch-test_Makefile_in Wed
Dec 31 21:00:00 1969 +++ ./patches/patch-test_Makefile_in Fri
Nov 9 20:47:26 2007 @@ -0,0 +1,12 @@
+$OpenBSD$
+--- test/Makefile.in.orig Fri Nov 9 20:45:50 2007
++++ test/Makefile.in Fri Nov 9 20:47:14 2007
+@@ -44,7 +44,7 @@ test1 test2:: test1.conf
test2.conf ../src/squidGuard
+ @test `wc -l<requests` -eq `wc -l<[EMAIL PROTECTED]
+ @echo .OK
+ @echo @ac_n@ "Checking the output against the
[EMAIL PROTECTED]@" +- @cmp -s [EMAIL PROTECTED] [EMAIL PROTECTED]
++ @-cmp -s [EMAIL PROTECTED] [EMAIL PROTECTED]
+ @echo .OK
+ @lines=`wc -l<requests`;\
+ awk -F'[()]' '/ squidGuard.+started \([0-9]+\.[0-9]+\)$$/
{start=$$(NF-1)};\
