rpms/squidGuard/devel squidGuard-upstream.patch, NONE, 1.1 squidGuard.spec, 1.2, 1.3 squidGuard-destdir.patch, 1.1, NONE squidguard-1.2.0-db4.patch, 1.1, NONE
John Berninger (jwb)
fedora-extras-commits at redhat.com
Wed Aug 30 01:21:44 UTC 2006
Author: jwb
Update of /cvs/extras/rpms/squidGuard/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv31286
Modified Files:
squidGuard.spec
Added Files:
squidGuard-upstream.patch
Removed Files:
squidGuard-destdir.patch squidguard-1.2.0-db4.patch
Log Message:
Rebuilding for FC6 per BZ 165689
squidGuard-upstream.patch:
--- NEW FILE squidGuard-upstream.patch ---
diff -urN squidGuard-1.2.0/NewFeatures.txt squidGuard-1.2.0-patched/NewFeatures.txt
--- squidGuard-1.2.0/NewFeatures.txt 1969-12-31 19:00:00.000000000 -0500
+++ squidGuard-1.2.0-patched/NewFeatures.txt 2004-12-02 15:57:32.000000000 -0500
@@ -0,0 +1,133 @@
+
+This patch adds the following new features to squidguard-1.2.0:
+
+LDAP User Grouping Support:
+---------------------------
+
+Squidguard now searches LDAP using specified LDAP search URLs whenever
+a username is not found in an existing user list. The two new keywords
+in the squidguard.conf file that enable this are as follows:
+
+ ldapusersearch This keyword goes in the Source {} config block, and
+ specifies an LDAP URL to use to search for an unknown
+ user name.
+
+ You can specify multple LDAP URLs per Source block.
+
+ Use '%s' to reference the username in your LDAP URL.
+
+ If the search returns a record, the user is considered
+ "found", otherwise the next URL in the same Source
+ block is tried.
+
+ Squidguard caches the "found" state of each search,
+ even when a user name is not found. The cache
+ is valid for ldapcachetime seconds.
+
+ ldapcachetime This global keyword specifies the number of seconds
+ to cache LDAP search results before contacting
+ the LDAP server again. This keyword is global and
+ must go outside any Source/Destination/Rule blocks.
+
+ Setting this value to a reasonably low value can
+ allow simulation of near-realtime user groupings
+ in LDAP without restarting squidguard.
+
+ Recommended value: 300
+
+
+ ldapbinddn This global keyword specifies the DN to bind to
+ the LDAP server as.
+
+ ldapbindpass Password to bind to the LDAP server. This is a
+ global keyword.
+
+ ldapprotover LDAP protocol version. This is a global keyword.
+ Use this to force squidguard to connect to the
+ LDAP server with a certain protocol version. If
+ unable to use the specified protocol version,
+ squidguard will enter emergency mode.
+
+ Valid values: 2 or 3
+
+Programmatic User Lists:
+------------------------
+
+Instead of putting a list of users in a file, you can now run a program
+or script to list users on stdout. This user list behaves exactly like
+a regular userlist, loaded at start time, and stored in memory statically.
+
+ execuserlist This keyword goes in the Source {} block, and
+ specifies a command to run that will write a list
+ of usernames on stdout.
+
+
+Supported LDAP URL extensions:
+------------------------------
+
+According to the available LDAP RFC's, there is only one defined extension,
+called "bindname". This extension can be used to define a DN to bind with,
+on a per-URL basis.
+
+The format of such an URL is rather hideous, since commas are used to
+separate both the extensions in the URL and the elements of the DN.
+To handle this, commas separating the URL extensions are real commas, while
+the commas in the DN are defined with hex codes. (Hex %2c is a comma)
+
+Example:
+
+ ldap://ldap.example.com/ou=groups,dc=example,dc=com\
+ ?homeDirectory?sub?(uid=cdfrey)\
+ ?bindname=cn=cdfrey%2cdc=example%2cdc=com,x-bindpass=password
+
+The above example shows multiple extensions specified in one URL.
+
+As it happens, both of those extensions are supported in the LDAP patch,
+and have the following meanings:
+
+ bindname As specified in RFC2255, this extension defines
+ the DN name to use during the bind to the LDAP
+ server.
+
+ x-bindpass As specified in RFC2255, extensions starting with
+ "x-" are user defined. This extension allows the
+ URL to define the password required to bind to
+ the LDAP server.
+
+Both of these extensions override the global defaults "ldapbinddn" and
+"ldapbindpass" (see above).
+
+
+
+
+Example Configuration:
+----------------------
+
+Below is an example squidguard.conf file, showing the various user list
+options:
+
+------------------- Example squidguard.conf snippet ------------------------
+
+dbhome /var/lib/squidguard
+logdir /var/log/squidguard
+
+# ldap cache time in seconds
+ldapcachetime 300
+
+ldapbinddn cn=root, dc=example, dc=com
+ldapbindpass secret
+
+src INTERNAL_LAN {
+ ip 192.168.0.0/24 127.0.0.1
+ within workhours
+ user dave,chris,john, marconi
+
+ # uses the default binddn and bindpass above
+ ldapusersearch ldap://ldap.example.com/cn=squidguardusers,ou=groups,dc=example,dc=com?memberUid?sub?(&(objectclass=posixGroup)(memberUid=%s))
+
+ execuserlist sed "s/:.*$//" /etc/passwd
+ log internal_lan
+}
+
+------------------------------ End snippet ---------------------------------
+
diff -urN squidGuard-1.2.0/configure squidGuard-1.2.0-patched/configure
--- squidGuard-1.2.0/configure 2001-12-18 05:16:53.000000000 -0500
+++ squidGuard-1.2.0-patched/configure 2004-12-02 15:57:25.000000000 -0500
@@ -1,12 +1,81 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by Autoconf 2.52.
+# Generated by GNU Autoconf 2.59.
#
-# Copyright 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001
-# Free Software Foundation, Inc.
+# Copyright (C) 2003 Free Software Foundation, Inc.
# This configure script is free software; the Free Software Foundation
# gives unlimited permission to copy, distribute and modify it.
+## --------------------- ##
+## M4sh Initialization. ##
+## --------------------- ##
+# Be Bourne compatible
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
+ emulate sh
+ NULLCMD=:
+ # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which
+ # is contrary to our usage. Disable this feature.
+ alias -g '${1+"$@"}'='"$@"'
+elif test -n "${BASH_VERSION+set}" && (set -o posix) >/dev/null 2>&1; then
+ set -o posix
+fi
+DUALCASE=1; export DUALCASE # for MKS sh
+
+# Support unset when possible.
+if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then
+ as_unset=unset
+else
+ as_unset=false
+fi
+
+
+# Work around bugs in pre-3.0 UWIN ksh.
+$as_unset ENV MAIL MAILPATH
+PS1='$ '
+PS2='> '
+PS4='+ '
+
+# NLS nuisances.
+for as_var in \
+ LANG LANGUAGE LC_ADDRESS LC_ALL LC_COLLATE LC_CTYPE LC_IDENTIFICATION \
+ LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER \
+ LC_TELEPHONE LC_TIME
+do
+ if (set +x; test -z "`(eval $as_var=C; export $as_var) 2>&1`"); then
+ eval $as_var=C; export $as_var
+ else
+ $as_unset $as_var
+ fi
+done
+
+# Required to use basename.
+if expr a : '\(a\)' >/dev/null 2>&1; then
+ as_expr=expr
+else
+ as_expr=false
[...14880 lines suppressed...]
-}
-
-#if __STDC__
-char *sgAclAccess(struct Source *src, struct Acl *acl, struct SquidInfo *req)
-#else
-char *sgAclAccess(src, acl, req)
- struct Source *src;
- struct Acl *acl;
- struct SquidInfo *req;
-#endif
-{
- int access = 1,result;
- char *redirect = NULL, *dbdata = NULL, *p;
- struct sgRewrite *rewrite = NULL;
- struct AclDest *aclpass = NULL;
- if(acl == NULL)
- return NULL;
- if(acl->pass == NULL)
- acl->pass = defaultAcl->pass;
- if(acl->pass != NULL){
- for(aclpass = acl->pass; aclpass != NULL; aclpass = aclpass->next){
- if(aclpass->dest != NULL && !aclpass->dest->active)
- continue;
- if(aclpass->type == ACL_TYPE_TERMINATOR){
- access=aclpass->access;
- break;
- }
- if(aclpass->type == ACL_TYPE_INADDR){
- if(req->dot){
- access=aclpass->access;
- break;
- }
- continue;
- }
- if(aclpass->dest->domainlistDb != NULL){
- result = defined(aclpass->dest->domainlistDb, req->domain, &dbdata);
- if(result == DB_NOTFOUND)
- continue;
- if(result){
- if(aclpass->access){
- access++;
- break;
- } else {
- access = 0;
- break;
- }
- }
- }
- if(aclpass->dest->urllistDb != NULL && access){
- result = defined(aclpass->dest->urllistDb,req->strippedurl, &dbdata);
- if(result == DB_NOTFOUND)
- continue;
- if(result){
- if(aclpass->access){
- access++;
- break;
- } else {
- access = 0;
- break;
- }
- }
- }
- if(aclpass->dest->regExp != NULL && access){
- if((result = sgRegExpMatch(aclpass->dest->regExp,req->url)) != 0){
- if(aclpass->access){
- access++;
- break;
- } else {
- access = 0;
- break;
- }
- }
- }
- }
- if(!access){
- if(dbdata != NULL)
- redirect = dbdata;
- else if(aclpass->dest != NULL && aclpass->dest->redirect != NULL)
- redirect = aclpass->dest->redirect;
- else if(aclpass->dest != NULL && aclpass->dest->rewrite != NULL &&
- (redirect =
- sgRewriteExpression(aclpass->dest->rewrite,req->orig)) != NULL){
- ;
- }
- else if(acl->redirect == NULL)
- redirect = defaultAcl->redirect;
- else
- redirect = acl->redirect;
- }
- } else { /* acl->pass == NULL, probably defaultAcl->pass == NULL */
- access=0;
- redirect = defaultAcl->redirect;
- }
- if(acl->rewrite == NULL)
- rewrite = defaultAcl->rewrite;
- else
- rewrite = acl->rewrite;
- if(rewrite != NULL && access){
- if((p = sgRewriteExpression(rewrite,req->orig)) != NULL){
- redirect = p;
- if(rewrite->logfile != NULL){
- globalLogFile = rewrite->logfile;
- sgLogRequest(globalLogFile,req,acl,aclpass,rewrite);
- }
- }
- } else if(redirect != NULL) {
- redirect = sgParseRedirect(redirect, req, acl, aclpass);
- if(src != NULL && src->logfile != NULL)
- globalLogFile = src->logfile;
- if(aclpass == NULL || aclpass->dest == NULL){
- if(defaultAcl->logfile != NULL)
- globalLogFile = defaultAcl->logfile;
- } else
- if(aclpass->dest->logfile != NULL)
- globalLogFile = aclpass->dest->logfile;
- if(globalLogFile != NULL)
- sgLogRequest(globalLogFile,req,acl,aclpass,NULL);
- }
- return redirect;
-}
-
-#if __STDC__
-void yyerror(char *s)
-#else
-void yyerror(s)
- char *s;
-#endif
-{
- sgLogFatalError("%s in configfile %s line %d",s,configFile,lineno);
-}
-
-
-#if __STDC__
-int yywrap()
-#else
-int yywrap()
-#endif
-{
- return 1;
-}
diff -urN squidGuard-1.2.0/src/y.tab.h.bison squidGuard-1.2.0-patched/src/y.tab.h.bison
--- squidGuard-1.2.0/src/y.tab.h.bison 2001-12-18 09:34:04.000000000 -0500
+++ squidGuard-1.2.0-patched/src/y.tab.h.bison 1969-12-31 19:00:00.000000000 -0500
@@ -1,56 +0,0 @@
-typedef union {
- char *string;
- char *tval;
- char *dval;
- char *dvalcron;
- int *integer;
-} YYSTYPE;
-#define WORD 257
-#define END 258
-#define START_BRACKET 259
-#define STOP_BRACKET 260
-#define WEEKDAY 261
-#define DESTINATION 262
-#define REWRITE 263
-#define ACL 264
-#define TIME 265
-#define TVAL 266
-#define DVAL 267
-#define DVALCRON 268
-#define SOURCE 269
-#define CIDR 270
-#define IPCLASS 271
-#define CONTINUE 272
-#define IPADDR 273
-#define DBHOME 274
-#define DOMAINLIST 275
-#define URLLIST 276
-#define EXPRESSIONLIST 277
-#define IPLIST 278
-#define DOMAIN 279
-#define USER 280
-#define USERLIST 281
-#define USERQUOTA 282
-#define IP 283
-#define NL 284
-#define NUMBER 285
-#define PASS 286
-#define REDIRECT 287
-#define LOGDIR 288
-#define SUBST 289
-#define CHAR 290
-#define MINUTELY 291
-#define HOURLY 292
-#define DAILY 293
-#define WEEKLY 294
-#define DATE 295
-#define WITHIN 296
-#define OUTSIDE 297
-#define ELSE 298
-#define LOGFILE 299
-#define ANONYMOUS 300
-#define CONTINIOUS 301
-#define SPORADIC 302
-
-
-extern YYSTYPE yylval;
Index: squidGuard.spec
===================================================================
RCS file: /cvs/extras/rpms/squidGuard/devel/squidGuard.spec,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- squidGuard.spec 9 Sep 2005 12:16:10 -0000 1.2
+++ squidGuard.spec 30 Aug 2006 01:21:44 -0000 1.3
@@ -5,7 +5,7 @@
Name: squidGuard
Version: 1.2.0
-Release: 12%{?dist}
+Release: 13%{?dist}
Summary: Filter, redirector and access controller plugin for squid
Group: System Environment/Daemons
@@ -26,17 +26,17 @@
Source200: squidGuard.te
Source201: squidGuard.fc
-Patch0: squidGuard-destdir.patch
+Patch0: squidGuard-upstream.patch
Patch1: squidGuard-paths.patch
-Patch2: squidguard-1.2.0-db4.patch
-Patch3: squid-getlist.html.patch
-Patch4: squidGuard-perlwarning.patch
-Patch5: squidGuard-sed.patch
+Patch2: squid-getlist.html.patch
+Patch3: squidGuard-perlwarning.patch
+Patch4: squidGuard-sed.patch
+Patch5: squidGuard-makeinstall.patch
URL: http://www.squidguard.org/
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
-BuildRequires: db4-devel
+BuildRequires: db4-devel, bison, byacc, openldap-devel, flex
Requires: squid
Requires(post): %{_bindir}/chcon
Requires(post): /sbin/chkconfig
@@ -68,12 +68,12 @@
%prep
%setup -q
%{__cp} %{SOURCE3} .
-%patch0 -p1 -b .destdir
+%patch0 -p1
%patch1 -p1 -b .paths
-%patch2 -p0 -b .db4
-%patch3 -p0
-%patch4 -p2
-%patch5 -p1
+%patch2 -p0
+%patch3 -p2
+%patch4 -p1
+%patch5 -p1
%{__cp} %{SOURCE100} ./squidGuard.conf.k12ltsp.template
%{__cp} %{SOURCE101} ./update_squidguard_blacklists.k12ltsp.sh
@@ -84,7 +84,8 @@
--with-sg-logdir=%{_var}/log/squid \
--with-sg-dbhome=%{_dbhomedir}
-%{__make} %{?_smp_mflags}
+#%{__make} %{?_smp_mflags}
+%{__make}
pushd contrib
%{__make} %{?_smp_mflags}
@@ -176,6 +177,10 @@
%{_initrddir}/transparent-proxying
%changelog
+* Tue Aug 29 2006 John Berninger <jwb at redhat dot com> 1.2.0-13
+- general updates to confirm build on FC5/FC6
+- updates to BuildRequires
+
* Fri Sep 09 2005 Oliver Falk <oliver at linux-kernel.at> - 1.2.0-12
- Make it K12LTSP compatible, so a possible upgrade doesn't break
anything/much...
--- squidGuard-destdir.patch DELETED ---
--- squidguard-1.2.0-db4.patch DELETED ---
More information about the fedora-extras-commits
mailing list