include Config
-VER = 1.4.1
+VER = 1.5-beta
THISAPP = squidGuard-$(VER)
DL_FILE = $(THISAPP).tar.gz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 9ae7b62a63631bb2dd1f474cf2bbe4dc
+$(DL_FILE)_MD5 = 85216992d14acb29d6f345608f21f268
install : $(TARGET)
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
- cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/squidguard-1.4-squid-helper-protocol.patch
- cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/squidGuard-1.4-db5.patch
- cd $(DIR_APP) && ./configure --prefix=/usr --datadir=/usr/share \
- --sysconfdir=/etc --localstatedir=/var --infodir=/usr/info --mandir=/usr/man \
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/squidguard/01_squidguard-1.5-beta_db_v4_up.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/squidguard/02_squidguard-1.5-beta_helper-protocol.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/squidguard/03_squidguard-1.5-beta_remove-debug-logging.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/squidguard/04_squidguard-1.5-beta_stdout-always.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/squidguard/05_squidguard-1.5-beta_fixes_htunescape-size_t-ldap_functions-unused_variables-noinput_and_nounput.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/squidguard/06_squidguard_version.patch
+ cd $(DIR_APP) && ./configure \
+ --prefix=/usr \
+ --datadir=/usr/share \
+ --sysconfdir=/etc \
+ --localstatedir=/var \
+ --infodir=/usr/info \
+ --mandir=/usr/man \
--with-sg-config=/var/ipfire/urlfilter/squidGuard.conf \
- --with-sg-logdir=/var/log/squidGuard --with-sg-dbhome=/var/lib/squidguard \
- --with-db=/usr --with-db-inc=/usr/include --with-db-lib=/usr/lib
+ --with-sg-logdir=/var/log/squidGuard \
+ --with-syslog=yes \
+ --with-sg-dbhome=/var/lib/squidguard \
+ --with-db=/usr \
+ --with-db-inc=/usr/include \
+ --with-db-lib=/usr/lib
+
cd $(DIR_APP) && make
cd $(DIR_APP) && make install
chmod 755 /var/ipfire/urlfilter/bin/prebuild.pl
cp -f $(DIR_CONF)/urlfilter/autoupdate.pl /var/ipfire/urlfilter/bin/autoupdate.pl
chmod 755 /var/ipfire/urlfilter/bin/autoupdate.pl
- echo "1.7.1" > /var/ipfire/urlfilter/version
+ echo "1.5-beta" > /var/ipfire/urlfilter/version
# Wrapper
cp -f $(DIR_CONF)/urlfilter/redirect_wrapper /usr/sbin
--- /dev/null
+Make BerkeleyDB version 4.7 and higher working.
+
+diff -Nur a/src/sgDb.c b/src/sgDb.c
+--- a/src/sgDb.c 2010-09-09 12:35:22.000000000 +0200
++++ b/src/sgDb.c 2013-11-23 10:05:55.000000000 +0100
+@@ -112,7 +112,7 @@
+ }
+ }
+ #endif
+-#if DB_VERSION_MAJOR == 4
++#if DB_VERSION_MAJOR >= 4
+ if(globalUpdate || createdb || (dbfile != NULL && stat(dbfile,&st))){
+ flag = DB_CREATE;
+ if(createdb)
--- /dev/null
+
+From Jeffries Amos http://bugs.squid-cache.org/show_bug.cgi?id=3978#c5
+
+--- squidGuard-1.5-beta.orig/src/main.c 2013-12-12 11:47:31.000000000 +1300
++++ squidGuard-1.5-beta.orig/src/main.c 2013-12-12 11:50:38.000000000 +1300
+@@ -185,7 +185,7 @@
+ sgReloadConfig();
+ }
+ if(failsafe_mode) {
+- puts("");
++ puts("ERR message=\"squidGuard failsafe mode\"");
+ fflush(stdout);
+ if(sig_hup){
+ sgReloadConfig();
+@@ -194,7 +194,7 @@
+ }
+ if(parseLine(buf,&squidInfo) != 1){
+ sgLogError("ERROR: Error parsing squid line: %s",buf);
+- puts("");
++ puts("BH message=\"squidGuard error parsing squid line\"");
+ }
+ else {
+ src = Source;
+@@ -206,14 +206,14 @@
+ acl = sgAclCheckSource(src);
+ if((redirect = sgAclAccess(src,acl,&squidInfo)) == NULL){
+ if(src == NULL || src->cont_search == 0){
+- puts("");
++ puts("ERR");
+ break;
+ } else
+ if(src->next != NULL){
+ src = src->next;
+ continue;
+ } else {
+- puts("");
++ puts("ERR");
+ break;
+ }
+ } else {
+@@ -228,6 +228,10 @@
+ fprintf(stdout,"%s %s/%s %s %s\n",redirect,squidInfo.src,
+ squidInfo.srcDomain,squidInfo.ident,
+ squidInfo.method);
++ if (isdigit(redirect[0]) && isdigit(redirect[1]) && isdigit(redirect[2]) && redirect[3]==':') {
++ fprintf(stdout,"OK status=%c%c%c url=\"%s\"\n", redirect[0], redirect[1], redirect[2], &redirect[4]);
++ } else
++ fprintf(stdout,"OK rewrite-url=\"%s\"\n",redirect);
+ /* sgLogDebug("DEBUG: %s %s/%s %s %s\n",redirect,squidInfo.src,squidInfo.srcDomain,squidInfo.ident,squidInfo.method); */
+ break;
+ }
+--- squidGuard-1.5-beta.orig/src/main.c.in 2013-12-12 11:47:31.000000000 +1300
++++ squidGuard-1.5-beta.orig/src/main.c.in 2013-12-12 11:53:18.000000000 +1300
+@@ -185,7 +185,7 @@
+ sgReloadConfig();
+ }
+ if(failsafe_mode) {
+- puts("");
++ puts("ERR message=\"squidGuard failsafe mode\"");
+ fflush(stdout);
+ if(sig_hup){
+ sgReloadConfig();
+@@ -194,7 +194,7 @@
+ }
+ if(parseLine(buf,&squidInfo) != 1){
+ sgLogError("ERROR: Error parsing squid line: %s",buf);
+- puts("");
++ puts("BH message=\"squidGuard error parsing squid line\"");
+ }
+ else {
+ src = Source;
+@@ -206,14 +206,14 @@
+ acl = sgAclCheckSource(src);
+ if((redirect = sgAclAccess(src,acl,&squidInfo)) == NULL){
+ if(src == NULL || src->cont_search == 0){
+- puts("");
++ puts("ERR");
+ break;
+ } else
+ if(src->next != NULL){
+ src = src->next;
+ continue;
+ } else {
+- puts("");
++ puts("ERR");
+ break;
+ }
+ } else {
+@@ -225,9 +225,11 @@
+ squidInfo.ident[0] = '-';
+ squidInfo.ident[1] = '\0';
+ }
+- fprintf(stdout,"%s %s/%s %s %s\n",redirect,squidInfo.src,
+- squidInfo.srcDomain,squidInfo.ident,
+- squidInfo.method);
++ if (isdigit(redirect[0]) && isdigit(redirect[1]) && isdigit(redirect[2]) && redirect[3]==':') {
++ fprintf(stdout,"OK status=%c%c%c url=\"%s\"\n", redirect[0], redirect[1], redirect[2], &redirect[4]);
++ } else
++ fprintf(stdout,"OK rewrite-url=\"%s\"\n",redirect);
++
+ /* sgLogDebug("DEBUG: %s %s/%s %s %s\n",redirect,squidInfo.src,squidInfo.srcDomain,squidInfo.ident,squidInfo.method); */
+ break;
+ }
+--- squidGuard-1.5-beta.orig/src/sgDiv.c 2013-12-12 11:47:31.000000000 +1300
++++ squidGuard-1.5-beta.orig/src/sgDiv.c 2013-12-12 11:48:36.000000000 +1300
+@@ -782,7 +782,7 @@
+ }
+ sgLogError("ERROR: Going into emergency mode");
+ while(fgets(buf, MAX_BUF, stdin) != NULL){
+- puts("");
++ puts("ERR");
+ fflush(stdout);
+ }
+ sgLogError("ERROR: Ending emergency mode, stdin empty");
+--- squidGuard-1.5-beta.orig/src/sgDiv.c.in 2013-12-12 11:47:31.000000000 +1300
++++ squidGuard-1.5-beta.orig/src/sgDiv.c.in 2013-12-12 11:48:36.000000000 +1300
+@@ -782,7 +782,7 @@
+ }
+ sgLogError("ERROR: Going into emergency mode");
+ while(fgets(buf, MAX_BUF, stdin) != NULL){
+- puts("");
++ puts("ERR");
+ fflush(stdout);
+ }
+ sgLogError("ERROR: Ending emergency mode, stdin empty");
--- /dev/null
+--- a/src/sg.y.in 2014-04-14 16:23:39.183396677 +0200
++++ b/src/sg.y.in 2014-04-14 16:24:19.000000000 +0200
+@@ -795,9 +795,9 @@
+ {
+ struct Source *sp;
+ sp = lastSource;
+-
++/* DEBUG
+ @NOLOG1@ sgLogError("DEBUG: sgSourceLdapIpSearch called with: %s", url); @NOLOG2@
+-
++*/
+ if(!ldap_is_ldap_url(url)) {
+ sgLogError("%s: can't parse LDAP url %s",progname, url);
+ return;
+@@ -1311,10 +1311,12 @@
+ }
+ sp->domainlistDb = (struct sgDb *) sgCalloc(1,sizeof(struct sgDb));
+ sp->domainlistDb->type=SGDBTYPE_DOMAINLIST;
++/* DEBUG
+ sgLogError("init domainlist %s",sp->domainlist);
++*/
+ sgDbInit(sp->domainlistDb,sp->domainlist);
+ if(sp->domainlistDb->entries == 0) { /* empty database */
+- sgLogError("domainlist empty, removed from memory");
++ sgLogError("domainlist %s empty, removed from memory",sp->domainlist);
+ sgFree(sp->domainlistDb);
+ sp->domainlistDb = NULL;
+ }
+@@ -1356,10 +1356,12 @@
+ }
+ sp->urllistDb = (struct sgDb *) sgCalloc(1,sizeof(struct sgDb));
+ sp->urllistDb->type=SGDBTYPE_URLLIST;
++/* DEBUG
+ sgLogError("init urllist %s",sp->urllist);
++*/
+ sgDbInit(sp->urllistDb,sp->urllist);
+ if(sp->urllistDb->entries == 0) { /* empty database */
+- sgLogError("urllist empty, removed from memory");
++ sgLogError("urllist empty %s, removed from memory",sp->urllist);
+ sgFree(sp->urllistDb);
+ sp->urllistDb = NULL;
+ }
+@@ -2773,9 +2773,9 @@
+ char *interval;
+ struct UserInfo *userinfo;
+ static struct UserInfo info;
+-
++/* DEBUG
+ @NOLOG1@ sgLogError("DEBUG: sgFindUser called with: %s", ident); @NOLOG2@
+-
++*/
+ /* defined in the userDB? */
+ if(defined(src->userDb, ident, (char **) &userinfo) == 1) {
+ #ifdef HAVE_LIBLDAP
+--- a/src/sgDb.c 2014-04-17 08:53:29.961367395 +0200
++++ b/src/sgDb.c 2014-04-17 08:53:58.000000000 +0200
+@@ -48,7 +48,9 @@
+ strcat(dbfile,".db");
+ if(stat(dbfile,&st) == 0){
+ if(!createdb){
++/* DEBUG
+ sgLogNotice("INFO: loading dbfile %s",dbfile);
++*/
+ }
+ } else {
+ if(!createdb){
--- /dev/null
+Original input to stdout, to be useable with multiple redirectors
+when option -f is given on squidGuard start
+We have to remember the raw original URL as the URL is modified for testing
+purpose. So the exisiting HTML entities like %3F (?), %26 (&), %3D (=) etc. are changed
+which breaks the URL for further processing if it is send to stdout like we do it for the
+redirector chain (THIS patch).
+diff -Nur a/src/main.c.in b/src/main.c.in
+--- a/src/main.c.in 2009-09-27 21:41:50.000000000 +0200
++++ b/src/main.c.in 2013-06-01 21:18:55.000000000 +0200
+@@ -59,6 +59,7 @@
+ char **globalEnvp ;
+ int globalDebugTimeDelta = 0;
+ int globalDebug = 0;
++int globalFullStdout = 0;
+ int globalPid = 0;
+ int globalUpdate = 0;
+ int passthrough = 0;
+@@ -89,6 +90,7 @@
+ struct Acl *acl;
+ struct timeval start_time,ready_time,stop_time;
+ char buf[MAX_BUF];
++ char origraw[MAX_BUF];
+ char *redirect,tmp[MAX_BUF];
+ char *configFile = NULL;
+ time_t t;
+@@ -101,11 +102,14 @@
+ #ifdef USE_SYSLOG
+ openlog("squidGuard", LOG_PID | LOG_NDELAY | LOG_CONS, LOG_ at LOGFAC@);
+ #endif
+- while ((ch = getopt(argc, argv, "hbduPC:t:c:v")) != EOF)
++ while ((ch = getopt(argc, argv, "hbdfuPC:t:c:v")) != EOF)
+ switch (ch) {
+ case 'd':
+ globalDebug = 1;
+ break;
++ case 'f':
++ globalFullStdout = 1;
++ break;
+ case 'c':
+ configFile = optarg;
+ break;
+@@ -192,6 +193,8 @@
+ }
+ continue;
+ }
++ strcpy(origraw,buf);
++ if (strlen(origraw) && (origraw[strlen(origraw)-1] == '\n')) origraw[strlen(origraw)-1] = 0;
+ if(parseLine(buf,&squidInfo) != 1){
+ sgLogError("ERROR: Error parsing squid line: %s",buf);
+ puts("BH message=\"squidGuard error parsing squid line\"");
+@@ -206,7 +210,12 @@
+ acl = sgAclCheckSource(src);
+ if((redirect = sgAclAccess(src,acl,&squidInfo)) == NULL){
+ if(src == NULL || src->cont_search == 0){
++ if (globalFullStdout) {
++ puts(origraw);
++ }
++ else {
+ puts("ERR");
++ }
+ break;
+ } else
+ if(src->next != NULL){
+@@ -213,7 +214,12 @@
+ src = src->next;
+ continue;
+ } else {
++ if (globalFullStdout) {
++ puts(origraw);
++ }
++ else {
+ puts("ERR");
++ }
+ break;
+ }
+ } else {
--- /dev/null
+--- a/src/sg.l Sat Jan 30 13:51:12 2016
++++ b/src/sg.l Sat Jan 30 14:01:28 2016
+@@ -23,6 +23,8 @@
+
+ %}
+
++%option noinput
++%option nounput
+ ignore [,\t\r ]+
+ s [\t ]
+ d [0-9]
+--- a/src/sg.y.in Sat Jan 30 13:52:26 2016
++++ b/src/sg.y.in Sat Jan 30 14:00:50 2016
+@@ -26,6 +26,7 @@
+
+ #ifdef HAVE_LIBLDAP
+ #include "lber.h"
++#define LDAP_DEPRECATED 1
+ #include "ldap.h"
+ #endif
+
+@@ -1097,7 +1098,6 @@
+ foundip = 1;
+ unblockedip = 1;
+ if(s->ipquota.seconds != 0){
+- struct IpInfo uq;
+ time_t t = time(NULL) + globalDebugTimeDelta;
+ sgLogError("status %d time %d lasttime %d consumed %d", ipquota->status, ipquota->time, ipquota->last, ipquota->consumed);
+ sgLogError("renew %d seconds %d", s->ipquota.renew, s->ipquota.seconds);
+@@ -1157,7 +1157,6 @@
+ founduser = 1;
+ unblockeduser = 1;
+ if(s->userquota.seconds != 0){
+- struct UserInfo uq;
+ time_t t = time(NULL) + globalDebugTimeDelta;
+ //sgLogError("status %d time %d lasttime %d consumed %d", userquota->status, userquota->time, userquota->last, userquota->consumed);
+ //sgLogError("renew %d seconds %d", s->userquota.renew, s->userquota.seconds);
+--- a/src/sgDiv.c.in Sat Jan 30 13:52:10 2016
++++ b/src/sgDiv.c.in Sat Jan 30 13:59:16 2016
+@@ -18,6 +18,7 @@
+
+ #include "sg.h"
+ #include "sgEx.h"
++#include "HTEscape.h"
+
+ /* #define METEST 8; */
+
+@@ -692,7 +693,7 @@
+ struct UserInfo *userquota;
+ if(defined(s->userDb, req->ident, (char **) &userquota) == 1){
+ char qbuf[150];
+- sprintf(qbuf, "%d-%d-%d-%d-%d-%d", s->userquota.renew, s->userquota.seconds, userquota->status, userquota->time, userquota->last, userquota->consumed);
++ sprintf(qbuf, "%d-%d-%d-%d-%d-%d", s->userquota.renew, (int)s->userquota.seconds, userquota->status, (int)userquota->time, (int)userquota->last, userquota->consumed);
+ strcat(buf, qbuf);
+ } else {
+ strcat(buf, "noquota");
--- /dev/null
+--- a/src/version.h Thu Apr 17 17:00:48 2008
++++ b/src/version.h Fri May 08 20:44:48 2009
+@@ -16,4 +16,4 @@
+ (GPL) along with this program.
+ */
+
+-#define VERSION "1.5-alpha"
++#define VERSION "1.5-beta"