[Buildroot] [PATCH] squidguard: new package
Guillaume GARDET
guillaume.gardet at oliseo.fr
Wed Oct 8 20:38:12 UTC 2014
Signed-off-by: Guillaume GARDET <guillaume.gardet at oliseo.fr>
---
package/Config.in | 1 +
package/squidguard/Config.in | 24 +++++
package/squidguard/fix-for-db5.patch | 11 ++
package/squidguard/squidGuard-CVE-2009-3700.patch | 46 +++++++++
package/squidguard/squidGuard-CVE-2009-3826.patch | 26 +++++
package/squidguard/squidGuard-Makefile.patch | 115 +++++++++++++++++++++
package/squidguard/squidGuard.conf | 20 ++++
.../squidguard/squidguard-1.4-cross-compile.patch | 38 +++++++
package/squidguard/squidguard.mk | 41 ++++++++
9 files changed, 322 insertions(+)
create mode 100644 package/squidguard/Config.in
create mode 100644 package/squidguard/fix-for-db5.patch
create mode 100644 package/squidguard/squidGuard-CVE-2009-3700.patch
create mode 100644 package/squidguard/squidGuard-CVE-2009-3826.patch
create mode 100644 package/squidguard/squidGuard-Makefile.patch
create mode 100644 package/squidguard/squidGuard.conf
create mode 100644 package/squidguard/squidguard-1.4-cross-compile.patch
create mode 100644 package/squidguard/squidguard.mk
diff --git a/package/Config.in b/package/Config.in
index ea89c96..9c1f282 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -1083,6 +1083,7 @@ endif
source "package/spice/Config.in"
source "package/spice-protocol/Config.in"
source "package/squid/Config.in"
+ source "package/squidguard/Config.in"
source "package/sshpass/Config.in"
source "package/strongswan/Config.in"
source "package/stunnel/Config.in"
diff --git a/package/squidguard/Config.in b/package/squidguard/Config.in
new file mode 100644
index 0000000..8d3c28e
--- /dev/null
+++ b/package/squidguard/Config.in
@@ -0,0 +1,24 @@
+comment "squidguards needs Squid"
+ depends on !BR2_PACKAGE_SQUID
+
+config BR2_PACKAGE_SQUIDGUARD
+ bool "squidguard"
+ select BR2_PACKAGE_BISON
+ select BR2_PACKAGE_FLEX
+ select BR2_PACKAGE_BERKELEYDB
+ depends on BR2_PACKAGE_SQUID
+ help
+ SquidGuard is a free (GPL), flexible and ultra-fast filter,
+ redirector, and access controller plugin for squid.
+
+ http://www.squidguard.org/
+
+if BR2_PACKAGE_SQUIDGUARD
+ config BR2_PACKAGE_SQUIDGUARD_DEFAULT_CONF
+ bool "squidguard default blacklists and configuration"
+ help
+ Add default blacklists provided by squidGuard and associated
+ configuration file.
+
+ http://www.squidguard.org/
+endif
diff --git a/package/squidguard/fix-for-db5.patch b/package/squidguard/fix-for-db5.patch
new file mode 100644
index 0000000..29fd19b
--- /dev/null
+++ b/package/squidguard/fix-for-db5.patch
@@ -0,0 +1,11 @@
+--- a/src/sgDb.c.orig 2014-07-23 13:10:54.335454387 +0200
++++ b/src/sgDb.c 2014-07-23 13:14:15.167901834 +0200
+@@ -114,7 +114,7 @@ void sgDbInit(Db, file)
+ }
+ }
+ #endif
+-#if DB_VERSION_MAJOR == 4
++#if DB_VERSION_MAJOR >= 4
+ if(globalUpdate || createdb || (dbfile != NULL && stat(dbfile,&st))){
+ flag = DB_CREATE;
+ if(createdb)
diff --git a/package/squidguard/squidGuard-CVE-2009-3700.patch b/package/squidguard/squidGuard-CVE-2009-3700.patch
new file mode 100644
index 0000000..d370787
--- /dev/null
+++ b/package/squidguard/squidGuard-CVE-2009-3700.patch
@@ -0,0 +1,46 @@
+Index: squidGuard-1.4/src/sgLog.c
+===================================================================
+--- squidGuard-1.4.orig/src/sgLog.c 2007-11-16 17:58:32.000000000 +0100
++++ squidGuard-1.4/src/sgLog.c 2010-07-29 13:47:50.000000000 +0200
+@@ -2,7 +2,7 @@
+ By accepting this notice, you agree to be bound by the following
+ agreements:
+
+- This software product, squidGuard, is copyrighted (C) 1998-2007
++ This software product, squidGuard, is copyrighted (C) 1998-2009
+ by Christine Kronberg, Shalla Secure Services. All rights reserved.
+
+ This program is free software; you can redistribute it and/or modify it
+@@ -55,8 +55,8 @@ void sgLog(log, format, va_alist)
+ char msg[MAX_BUF];
+ va_list ap;
+ VA_START(ap, format);
+- if(vsprintf(msg, format, ap) > (MAX_BUF - 1))
+- fprintf(stderr,"overflow in vsprintf (sgLog): %s",strerror(errno));
++ if(vsnprintf(msg, MAX_BUF, format, ap) > (MAX_BUF - 1))
++ fprintf(stderr,"overflow in vsnprintf (sgLog): %s",strerror(errno));
+ va_end(ap);
+ date = niso(0);
+ if(globalDebug || log == NULL) {
+@@ -87,8 +87,8 @@ void sgLogError(format, va_alist)
+ char msg[MAX_BUF];
+ va_list ap;
+ VA_START(ap, format);
+- if(vsprintf(msg, format, ap) > (MAX_BUF - 1))
+- sgLogFatalError("overflow in vsprintf (sgLogError): %s",strerror(errno));
++ if(vsnprintf(msg, MAX_BUF, format, ap) > (MAX_BUF - 1))
++ sgLog(globalErrorLog, "overflow in vsnprintf (sgLogError): %s",strerror(errno));
+ va_end(ap);
+ sgLog(globalErrorLog,"%s",msg);
+ }
+@@ -104,8 +104,8 @@ void sgLogFatalError(format, va_alist)
+ char msg[MAX_BUF];
+ va_list ap;
+ VA_START(ap, format);
+- if(vsprintf(msg, format, ap) > (MAX_BUF - 1))
+- return;
++ if(vsnprintf(msg, MAX_BUF, format, ap) > (MAX_BUF - 1))
++ sgLog(globalErrorLog, "overflow in vsnprintf (sgLogError): %s",strerror(errno));
+ va_end(ap);
+ sgLog(globalErrorLog,"%s",msg);
+ sgEmergency();
diff --git a/package/squidguard/squidGuard-CVE-2009-3826.patch b/package/squidguard/squidGuard-CVE-2009-3826.patch
new file mode 100644
index 0000000..8d2b623
--- /dev/null
+++ b/package/squidguard/squidGuard-CVE-2009-3826.patch
@@ -0,0 +1,26 @@
+Index: squidGuard-1.4/src/sg.h.in
+===================================================================
+--- squidGuard-1.4.orig/src/sg.h.in
++++ squidGuard-1.4/src/sg.h.in
+@@ -73,7 +73,7 @@ int tolower();
+ #define REQUEST_TYPE_REDIRECT 2
+ #define REQUEST_TYPE_PASS 3
+
+-#define MAX_BUF 4096
++#define MAX_BUF 12288
+
+ #define DEFAULT_LOGFILE "squidGuard.log"
+ #define WARNING_LOGFILE "squidGuard.log"
+Index: squidGuard-1.4/src/sgDiv.c.in
+===================================================================
+--- squidGuard-1.4.orig/src/sgDiv.c.in
++++ squidGuard-1.4/src/sgDiv.c.in
+@@ -745,7 +745,7 @@ char *sgParseRedirect(redirect, req, acl
+ p++;
+ break;
+ case 'u': /* Requested URL */
+- strcat(buf, req->orig);
++ strncat(buf, req->orig, 2048);
+ p++;
+ break;
+ default:
diff --git a/package/squidguard/squidGuard-Makefile.patch b/package/squidguard/squidGuard-Makefile.patch
new file mode 100644
index 0000000..650baa2
--- /dev/null
+++ b/package/squidguard/squidGuard-Makefile.patch
@@ -0,0 +1,115 @@
+Index: Makefile.in
+===================================================================
+--- a/Makefile.in.orig
++++ b/Makefile.in
+@@ -15,9 +15,9 @@ LIBS = @LIBS@
+ RM = rm -f
+ MKINSTALLDIRS = mkdir -p
+
+-prefix = @prefix@
+-exec_prefix = @exec_prefix@
+-bindir = $(exec_prefix)/bin
++prefix = $(DESTDIR)@prefix@
++exec_prefix = $(DESTDIR)@exec_prefix@
++bindir = @bindir@
+ infodir = $(prefix)/info
+ logdir = @sg_logdir@
+ configfile = @sg_config@
+@@ -47,34 +47,28 @@ install: install-build install-conf
+
+ install-conf:
+ @echo Installing configuration file ;
+- @if [ ! -d $(prefix)/squidGuard ]; then \
+- $(MKINSTALLDIRS) $(prefix)/squidGuard ; \
+- echo Created directory $(prefix)/squidGuard ; \
+- chown -R $(SQUIDUSER) $(prefix)/squidGuard || exit 1 ; \
+- echo Assigned $(prefix)/squidGuard to user $(SQUIDUSER) ; \
++ @if [ ! -d $(DESTDIR)$(prefix)/squidGuard ]; then \
++ $(MKINSTALLDIRS) $(DESTDIR)$(prefix)/squidGuard ; \
++ echo Created directory $(DESTDIR)$(prefix)/squidGuard ; \
+ fi ;
+- @if [ ! -d $(dbhomedir) ]; then \
+- $(MKINSTALLDIRS) $(dbhomedir) ; \
+- echo Created directory $(dbhomedir) ; \
+- chown -R $(SQUIDUSER) $(dbhomedir) || exit 1 ; \
+- echo Assigned $(dbhomedir) to user $(SQUIDUSER) ; \
++ @if [ ! -d $(DESTDIR)$(dbhomedir) ]; then \
++ $(MKINSTALLDIRS) $(DESTDIR)$(dbhomedir) ; \
++ echo Created directory $(DESTDIR)$(dbhomedir) ; \
+ fi ;
+- @if [ ! -d $(logdir) ]; then \
+- $(MKINSTALLDIRS) $(logdir) ; \
+- echo Created directory $(logdir) ; \
+- chown -R $(SQUIDUSER) $(logdir) || exit 1 ; \
+- echo Assigned $(logdir) to user $(SQUIDUSER) ; \
++ @if [ ! -d $(DESTDIR)$(logdir) ]; then \
++ $(MKINSTALLDIRS) $(DESTDIR)$(logdir) ; \
++ echo Created directory $(DESTDIR)$(logdir) ; \
+ fi ;
+- @if [ ! -d `dirname $(configfile)` ]; then \
++ @if [ ! -d `dirname $(DESTDIR)$(configfile)` ]; then \
+ umask 022 ; \
+- mkdir -p `dirname $(configfile)` ; \
+- echo No configuration directory found. Created `dirname $(configfile)`. ; \
++ mkdir -p `dirname $(DESTDIR)$(configfile)` ; \
++ echo No configuration directory found. Created `dirname $(DESTDIR)$(configfile)`. ; \
+ fi;
+- @if test ! -f $(configfile); then \
+- cp samples/sample.conf $(configfile) || exit 1 ; \
++ @if test ! -f $(DESTDIR)$(configfile); then \
++ cp samples/sample.conf $(DESTDIR)$(configfile) || exit 1 ; \
+ echo Copied sample squidGuard.conf ; \
+- chmod 644 $(configfile) || exit 1 ; \
+- echo $(configfile) is now readable ; \
++ chmod 644 $(DESTDIR)$(configfile) || exit 1 ; \
++ echo $(DESTDIR)$(configfile) is now readable ; \
+ echo The initial configuration is complete. ; \
+ else \
+ echo Configuration file found. Not changing anything ; \
+@@ -84,7 +78,7 @@ install-conf:
+ @echo ;
+
+ install-build:
+- @echo Installing squidGuard
++ @echo Installing squidGuard in $(bindir)
+ @if [ ! -d $(bindir) ]; then \
+ $(MKINSTALLDIRS) $(bindir) ; \
+ fi ; \
+Index: src/Makefile.in
+===================================================================
+--- a/src/Makefile.in.orig
++++ b/src/Makefile.in
+@@ -31,11 +31,11 @@ top_srcdir = @top_srcdir@
+ srcdir = @srcdir@
+ VPATH = @srcdir@
+
+-prefix = @prefix@
+-exec_prefix = @exec_prefix@
+-bindir = $(exec_prefix)/bin
+-logdir = @sg_logdir@
+-cfgdir = @sg_cfgdir@
++prefix = $(DESTDIR)@prefix@
++exec_prefix = $(DESTDIR)@exec_prefix@
++bindir = $(DESTDIR)@bindir@
++logdir = $(DESTDIR)@sg_logdir@
++cfgdir = $(DESTDIR)@sg_cfgdir@
+ infodir = $(prefix)/info
+
+ OBJS = main.o sgLog.o sgDb.o HTParse.o sgDiv.o sgFree.o y.tab.o lex.yy.o
+@@ -122,12 +122,13 @@ uninstall:: uninstall.bin
+
+ install.bin:: squidGuard
+ @echo making $@ in `basename \`pwd\``
+- @$(MKDIR) $(bindir) $(logdir) $(cfgdir)
+- $(INSTALL_PROGRAM) squidGuard $(bindir)/squidGuard
++ @$(MKDIR) $(DESTDIR)$(bindir) $(DESTDIR)$(logdir) $(DESTDIR)$(cfgdir)
++ @echo installing squidGuard in $(DESTDIR)$(bindir)/squidGuard
++ $(INSTALL_PROGRAM) squidGuard $(DESTDIR)$(bindir)/squidGuard
+
+ uninstall.bin::
+ @echo making $@ in `basename \`pwd\``
+- $(RM) $(bindir)/squidGuard
++ $(RM) $(DESTDIR)$(bindir)/squidGuard
+
+ update::
+ @echo making $@ in `basename \`pwd\``
diff --git a/package/squidguard/squidGuard.conf b/package/squidguard/squidGuard.conf
new file mode 100644
index 0000000..c2d612f
--- /dev/null
+++ b/package/squidguard/squidGuard.conf
@@ -0,0 +1,20 @@
+#
+# Default config file for squidGuard
+#
+
+dbhome /var/lib/squidGuard/db
+logdir /var/log/squidGuard
+
+
+dest blacklist {
+ domainlist blacklist/domains
+ urllist blacklist/urls
+ expressionlist blacklist/expressions
+ }
+
+acl {
+ default {
+ pass !blacklist all
+ redirect http://localhost/block.html
+ }
+}
\ No newline at end of file
diff --git a/package/squidguard/squidguard-1.4-cross-compile.patch b/package/squidguard/squidguard-1.4-cross-compile.patch
new file mode 100644
index 0000000..43fced9
--- /dev/null
+++ b/package/squidguard/squidguard-1.4-cross-compile.patch
@@ -0,0 +1,38 @@
+--- a/configure.orig 2014-07-17 13:40:02.276083485 +0200
++++ b/configure 2014-07-17 13:41:04.645497630 +0200
+@@ -4602,7 +4602,7 @@ fi
+
+ LIBS="$LIBS -ldb"
+ if test "$cross_compiling" = yes; then
+- db_ok_version=no
++ db_ok_version=yes
+ else
+ cat >conftest.$ac_ext <<_ACEOF
+
+@@ -4671,7 +4671,7 @@ if test $db_ok_version = no; then
+ fi
+
+ if test "$cross_compiling" = yes; then
+- db_ok_version=no
++ db_ok_version=yes
+ else
+ cat >conftest.$ac_ext <<_ACEOF
+
+@@ -4741,7 +4741,7 @@ if test $db_ok_version = no; then
+ fi
+
+ if test "$cross_compiling" = yes; then
+- dbg2_ok_version=no
++ dbg2_ok_version=yes
+ else
+ cat >conftest.$ac_ext <<_ACEOF
+
+@@ -4806,7 +4806,7 @@ _ACEOF
+ fi
+
+ if test "$cross_compiling" = yes; then
+- dbg3_ok_version=no
++ dbg3_ok_version=yes
+ else
+ cat >conftest.$ac_ext <<_ACEOF
+
diff --git a/package/squidguard/squidguard.mk b/package/squidguard/squidguard.mk
new file mode 100644
index 0000000..d2f062f
--- /dev/null
+++ b/package/squidguard/squidguard.mk
@@ -0,0 +1,41 @@
+###############################################################################
+#
+# squidguard
+#
+###############################################################################
+
+SQUIDGUARD_VERSION = 1.4
+SQUIDGUARD_SOURCE = squidGuard-$(SQUIDGUARD_VERSION).tar.gz
+SQUIDGUARD_SITE = http://www.squidguard.org/Downloads/
+SQUIDGUARD_LICENCE = GPLv2+
+SQUIDGUARD_LICENCE_FILE = COPYING
+SQUIDGUARD_CONF_OPTS += --with-sg-config=/etc/squidGuard.conf \
+ --with-sg-logdir=/var/log/squidGuard \
+ --with-sg-dbhome=/var/lib/squidGuard/db \
+ --with-db-inc=$(STAGING_DIR)/usr/include \
+ --with-db-lib=$(STAGING_DIR)/usr/lib
+SQUIDGUARD_DEPENDENCIES = bison flex berkeleydb
+
+
+ifeq ($(BR2_PACKAGE_SQUIDGUARD_DEFAULT_CONF),y)
+
+define DEFAULT_BLACKLIST
+ $(INSTALL) -m 0644 -D $(SQUIDGUARD_DIR)/test/blacklist/domains \
+ $(TARGET_DIR)/var/lib/squidGuard/db/blacklist/domains
+ $(INSTALL) -m 0644 -D $(SQUIDGUARD_DIR)/test/blacklist/expressions \
+ $(TARGET_DIR)/var/lib/squidGuard/db/blacklist/expressions
+ $(INSTALL) -m 0644 -D $(SQUIDGUARD_DIR)/test/blacklist/urls \
+ $(TARGET_DIR)/var/lib/squidGuard/db/blacklist/urls
+endef
+
+define DEFAULT_CONF
+ $(INSTALL) -m 0644 -D package/squidguard/squidGuard.conf \
+ $(TARGET_DIR)/etc/squidGuard.conf
+endef
+
+SQUIDGUARD_POST_INSTALL_TARGET_HOOKS = DEFAULT_BLACKLIST DEFAULT_CONF
+
+endif
+
+
+$(eval $(autotools-package))
--
1.8.4.5
More information about the buildroot
mailing list