rpms/squidGuard/F-11 squidGuard-1.4-20091015.patch, NONE, 1.1 squidGuard-1.4-20091019.patch, NONE, 1.1 squidGuard.spec, 1.19, 1.20

Mon Oct 26 13:41:38 UTC 2009

Author: limb

Update of /cvs/pkgs/rpms/squidGuard/F-11
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv9112/F-11

Modified Files:
	squidGuard.spec 
Added Files:
	squidGuard-1.4-20091015.patch squidGuard-1.4-20091019.patch 
Log Message:
Applying upstream patches for CVE-2009-3700, BZ 530862.


squidGuard-1.4-20091015.patch:
 sgLog.c |   14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

--- NEW FILE squidGuard-1.4-20091015.patch ---
--- src/sgLog.c	2007-11-16 10:58:32.000000000 -0600
+++ src/sgLog.c	2009-10-15 14:25:14.000000000 -0500
@@ -5 +5 @@
-  This software product, squidGuard, is copyrighted (C) 1998-2007
+  This software product, squidGuard, is copyrighted (C) 1998-2009
@@ -58,2 +58,2 @@
-  if(vsprintf(msg, format, ap) > (MAX_BUF - 1)) 
-    fprintf(stderr,"overflow in vsprintf (sgLog): %s",strerror(errno));
+  if(vsnprintf(msg, MAX_BUF, format, ap) > (MAX_BUF - 1)) 
+    fprintf(stderr,"overflow in vsnprintf (sgLog): %s",strerror(errno));
@@ -90,2 +90,2 @@
-  if(vsprintf(msg, format, ap) > (MAX_BUF - 1)) 
-    sgLogFatalError("overflow in vsprintf (sgLogError): %s",strerror(errno));
+  if(vsnprintf(msg, MAX_BUF, format, ap) > (MAX_BUF - 1)) 
+    sgLog(globalErrorLog, "overflow in vsnprintf (sgLogError): %s",strerror(errno));
@@ -107,2 +107,2 @@
-  if(vsprintf(msg, format, ap) > (MAX_BUF - 1)) 
-    return;
+  if(vsnprintf(msg, MAX_BUF, format, ap) > (MAX_BUF - 1)) 
+    sgLog(globalErrorLog, "overflow in vsnprintf (sgLogError): %s",strerror(errno));

squidGuard-1.4-20091019.patch:
 sgDiv.c.in |    6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

--- NEW FILE squidGuard-1.4-20091019.patch ---
--- src/sgDiv.c.in	2008-07-14 11:02:43.000000000 -0500
+++ src/sgDiv.c.in	2009-10-19 14:26:04.000000000 -0500
@@ -748 +748 @@
-      strcat(buf, req->orig);
+      strncat(buf, req->orig, 2048);
--- src/sg.h.in	2007-11-16 10:58:32.000000000 -0600
+++ src/sg.h.in	2009-10-19 14:25:23.000000000 -0500
@@ -76 +76 @@
-#define MAX_BUF 4096
+#define MAX_BUF 12288


Index: squidGuard.spec
===================================================================
RCS file: /cvs/pkgs/rpms/squidGuard/F-11/squidGuard.spec,v
retrieving revision 1.19
retrieving revision 1.20
diff -u -p -r1.19 -r1.20
--- squidGuard.spec	9 Sep 2009 18:07:04 -0000	1.19
+++ squidGuard.spec	26 Oct 2009 13:41:38 -0000	1.20
@@ -7,7 +7,7 @@
 
 Name:			squidGuard
 Version:		1.4
-Release:		6%{?dist}
+Release:		8%{?dist}
 Summary:		Filter, redirector and access controller plugin for squid
 
 Group:			System Environment/Daemons
@@ -15,7 +15,7 @@ License:		GPLv2
 
 Source0:		http://www.squidguard.org/Downloads/squidGuard-%{version}.tar.gz
 Source1:		squidGuard.logrotate
-Source2:		http://ftp.teledanmark.no/pub/www/proxy/%{name}/contrib/blacklists.tar.gz
+Source2:		http://squidguard.mesd.k12.or.us/blacklists.tgz
 Source3:		http://cuda.port-aransas.k12.tx.us/squid-getlist.html
 
 # K12LTSP stuff
@@ -35,6 +35,8 @@ Patch3:			squidGuard-perlwarning.patch
 #Patch4:			squidGuard-sed.patch
 Patch5:			squidGuard-makeinstall.patch
 #Patch6:			squidGuard-1.3-SG-2008-06-13.patch
+Patch7:			squidGuard-1.4-20091015.patch
+Patch8:			squidGuard-1.4-20091019.patch
 
 URL:			http://www.squidguard.org/
 
@@ -79,6 +81,8 @@ Neither squidGuard nor Squid can be used
 #%patch4 -p1
 %patch5	-p1
 #%patch6 -p0
+%patch7 -p0
+%patch8 -p0
 
 %{__cp} %{SOURCE100} ./squidGuard.conf.k12ltsp.template
 %{__cp} %{SOURCE101} ./update_squidguard_blacklists.k12ltsp.sh
@@ -86,7 +90,7 @@ Neither squidGuard nor Squid can be used
 %build
 %configure \
 	--with-sg-config=%{_sysconfdir}/squid/squidGuard.conf \
-	--with-sg-logdir=%{_var}/log/squid \
+	--with-sg-logdir=%{_var}/log/squidGuard \
 	--with-sg-dbhome=%{_dbhomedir} \
 	--with-db-inc=%{_includedir}/db4.6.21 \
 	--with-db-lib=%{_libdir}/db4.6.21
@@ -107,7 +111,7 @@ popd
 
 %{__install} -p -D -m 0644 %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/squidGuard
 %{__install} -p -D -m 0644 samples/sample.conf $RPM_BUILD_ROOT%{_sysconfdir}/squid/squidGuard.conf
-%{__install} -p -D -m 0644 %{SOURCE2} $RPM_BUILD_ROOT%{_dbhomedir}/blacklists.tar.gz
+%{__install} -p -D -m 0644 %{SOURCE2} $RPM_BUILD_ROOT%{_dbtopdir}/blacklists.tar.gz
 
 # Don't use SOURCE3, but use the allready patched one #165689
 %{__install} -p -D -m 0755 squid-getlist.html $RPM_BUILD_ROOT%{_sysconfdir}/cron.daily/squidGuard
@@ -124,14 +128,18 @@ popd
 %{__install} -p -D -m 0755 %{SOURCE102} $RPM_BUILD_ROOT%{_initrddir}/squidGuard
 %{__install} -p -D -m 0755 %{SOURCE103} $RPM_BUILD_ROOT%{_initrddir}/transparent-proxying
 
-pushd $RPM_BUILD_ROOT%{_dbhomedir}
-tar xfz $RPM_BUILD_ROOT%{_dbhomedir}/blacklists.tar.gz
-popd
+#pushd $RPM_BUILD_ROOT%{_dbhomedir}
+tar xfz $RPM_BUILD_ROOT%{_dbtopdir}/blacklists.tar.gz
+#popd
 
 sed -i "s,dest/adult/,blacklists/porn/,g" $RPM_BUILD_ROOT%{_sysconfdir}/squid/squidGuard.conf
 
 %{__install} -p -D -m 0644 samples/babel.* $RPM_BUILD_ROOT%{_cgibin}
 
+mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/log/squidGuard
+mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/log/squid
+ln -s ../squidGuard/squidGuard.log  $RPM_BUILD_ROOT%{_localstatedir}/log/squid/squidGuard.log
+
 %clean
 %{__rm} -rf $RPM_BUILD_ROOT
 
@@ -184,11 +192,22 @@ fi
 #%{_sysconfdir}/selinux/targeted/src/policy/domains/program/squidGuard.te
 #%{_sysconfdir}/selinux/targeted/src/policy/file_contexts/program/squidGuard.fc
 %attr(0755,root,root) %{_cgibin}/*.cgi
+%config(noreplace) %{_cgibin}/squidGuard.cgi
 %{_cgibin}/babel.*
 %{_initrddir}/squidGuard
 %{_initrddir}/transparent-proxying
+%{_localstatedir}/log/squidGuard
+%{_localstatedir}/log/squid/squidGuard.log
 
 %changelog
+* Mon Oct 26 2009 Jon Ciesla <limb at jcomserv.net> - 1.4-8
+- Applying upstream patches for CVE-2009-3700, BZ 530862.
+
+* Thu Sep 24 2009 Jon Ciesla <limb at jcomserv.net> - 1.4-7
+- Make squidGuard.cgi config(noreplace)
+- Relocated logs, updated logrotate file.
+- Updated blacklist URL.
+
 * Wed Sep 09 2009 Jon Ciesla <limb at jcomserv.net> - 1.4-6
 - Include babel files, BZ 522038.
 
@@ -213,7 +232,7 @@ fi
 - Update to 1.3.
 - Dropped paths, sed patches, applied upstream.
 - New SG-2008-06-13 patch.
-
+ 
 * Wed Feb 11 2009 Jon Ciesla <limb at jcomserv.net> - 1.2.1-2
 - Fix sg-2008-06-13, BZ 452467.
 


