Hello community, here is the log from the commit of package squidGuard checked in at Wed Jul 9 01:42:37 CEST 2008. -------- --- squidGuard/squidGuard.changes 2007-11-29 12:13:09.000000000 +0100 +++ squidGuard/squidGuard.changes 2008-07-02 19:32:04.607722000 +0200 @@ -1,0 +2,6 @@ +Wed Jul 2 19:28:36 CEST 2008 - kssingvo@suse.de + +- added latest upstream patch (20080613) as trailing_dot.patch +- "Requires: http_proxy" now, as squid3 is an alternative + +------------------------------------------------------------------- New: ---- squidGuard-1.3-trailing_dot.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ squidGuard.spec ++++++ --- /var/tmp/diff_new_pack.kW9602/_old 2008-07-09 01:36:47.000000000 +0200 +++ /var/tmp/diff_new_pack.kW9602/_new 2008-07-09 01:36:47.000000000 +0200 @@ -1,7 +1,7 @@ # # spec file for package squidGuard (Version 1.3) # -# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. # This file and all modifications and additions to the pristine # package are under the same license as the package itself. # @@ -10,23 +10,25 @@ # norootforbuild + Name: squidGuard -BuildRequires: bison db-devel flex openldap2-devel +BuildRequires: bison db-devel flex openldap2-devel squid License: GPL v2 or later Group: Productivity/Networking/Web/Proxy AutoReqProv: on Version: 1.3 -Release: 1 +Release: 48 Url: http://www.squidguard.org/ Provides: squidgrd Obsoletes: squidgrd -PreReq: squid +PreReq: http_proxy BuildRoot: %{_tmppath}/%{name}-%{version}-build -Summary: filter plugin for squid +Summary: Filter plugin for squid Source0: squidGuard-%{version}.tar.bz2 Source1: README.SuSE Patch0: squidGuard-1.3-config.patch Patch1: squidGuard-1.3-bl_less_noise.patch +Patch2: squidGuard-1.3-trailing_dot.patch %description SquidGuard is a free (GPL), flexible and ultra-fast filter, redirector, @@ -45,6 +47,7 @@ %setup -n squidGuard-%{version} %patch0 -p1 %patch1 -p1 +%patch2 -p1 find -type d | xargs chmod 755 cp %{SOURCE1} . @@ -90,7 +93,10 @@ %doc contrib doc samples test %changelog -* Thu Nov 29 2007 - kssingvo@suse.de +* Wed Jul 02 2008 kssingvo@suse.de +- added latest upstream patch (20080613) as trailing_dot.patch +- "Requires: http_proxy" now, as squid3 is an alternative +* Thu Nov 29 2007 kssingvo@suse.de - update to version 1.3: * Included configurable logging. New configure option --nolog suppress all runtime logmessages. Start and stop is still @@ -114,12 +120,12 @@ * Corrected an issue with the fix for the double slash vulnerability (incorrectly found double slashes) (bug 1). - fixed build/config issues -* Wed Jul 04 2007 - kssingvo@suse.de +* Wed Jul 04 2007 kssingvo@suse.de - fixes from upstream: * double slash bug fix extracted from Patch-20070513 tarball * regexp bug fix extracted from Patch-20070520 tarball * compiler bug fix extracted from Patch-20070520 tarball -* Thu May 10 2007 - kssingvo@suse.de +* Thu May 10 2007 kssingvo@suse.de - upgrade to version 1.2.1: * Fixed multiple slash bypass vulnerabilty. * Fixed some bugs in squidGuard-simple.cgi and added a @@ -150,34 +156,34 @@ * Added a fix provided by Francesco Ranieri to solve an issue with the (un)escaping of the authentication "domain%%5cusername". - adapted configuration related patches -* Thu Mar 29 2007 - rguenther@suse.de +* Thu Mar 29 2007 rguenther@suse.de - add bison and flex BuildRequires -* Wed Jan 25 2006 - mls@suse.de +* Wed Jan 25 2006 mls@suse.de - converted neededforbuild to BuildRequires -* Tue Nov 08 2005 - dmueller@suse.de +* Tue Nov 08 2005 dmueller@suse.de - don't build as root -* Thu Apr 29 2004 - ro@suse.de +* Thu Apr 29 2004 ro@suse.de - added -fno-strict-aliasing -* Wed Jun 25 2003 - kssingvo@suse.de +* Wed Jun 25 2003 kssingvo@suse.de - fixed db->open() call, like Thorsten suggested -* Tue Feb 04 2003 - kssingvo@suse.de +* Tue Feb 04 2003 kssingvo@suse.de - made pathes FHS 2.2 clean -* Thu Aug 01 2002 - kssingvo@suse.de +* Thu Aug 01 2002 kssingvo@suse.de - added README.SuSE (as suggest in bugzilla #16670) -* Mon Jul 08 2002 - kukuk@suse.de +* Mon Jul 08 2002 kukuk@suse.de - Fix to build without existing squid user - Add squid to PreRequires. -* Wed Jun 26 2002 - ro@suse.de +* Wed Jun 26 2002 ro@suse.de - fix directory permissions -* Wed Jan 09 2002 - ro@suse.de +* Wed Jan 09 2002 ro@suse.de - use db package (update to 1.2.0 to make it compile) -* Wed Sep 26 2001 - bjacke@suse.de +* Wed Sep 26 2001 bjacke@suse.de - use buildroot - correct permissions in /var/squidGuard - rename squigrd -> squidGuard -* Tue Apr 10 2001 - ro@suse.de +* Tue Apr 10 2001 ro@suse.de - added group tag -* Wed Jun 28 2000 - bodammer@suse.de +* Wed Jun 28 2000 bodammer@suse.de - installing a useable test configuration -* Fri Jun 23 2000 - bodammer@suse.de +* Fri Jun 23 2000 bodammer@suse.de - initial package of squidGuard Version 1.1.4 ++++++ squidGuard-1.3-config.patch ++++++ --- /var/tmp/diff_new_pack.kW9602/_old 2008-07-09 01:36:48.000000000 +0200 +++ /var/tmp/diff_new_pack.kW9602/_new 2008-07-09 01:36:48.000000000 +0200 @@ -59,7 +59,7 @@ #define ERROR_LOGFILE "squidGuard.error" -#define DEFAULT_CONFIGFILE "@prefix@/squidGuard/squidGuard.conf" -+#define DEFAULT_CONFIGFILE "/etc/squidGuard.conf" ++#define DEFAULT_CONFIGFILE "/etc/squidguard.conf" #define DEFAULT_LOGDIR "@prefix@/squidGuard/log" #define DEFAULT_DBHOME "@prefix@/squidGuard/db" #define EXEC_PROGRAM "@prefix@/bin/squidGuard" ++++++ squidGuard-1.3-trailing_dot.patch ++++++ --- squidGuard-1.3/src/sgDiv.c.in.orig 2007-11-03 14:59:49.000000000 +0100 +++ squidGuard-1.3/src/sgDiv.c.in 2008-06-13 19:01:43.000000000 +0200 @@ -94,6 +94,7 @@ int parseLine(line, s) int i = 0; char c; int report_once = 1; + int trailingdot = 1; size_t strsz; int ndx = 0; @@ -148,6 +149,16 @@ int parseLine(line, s) report_once--; } } + else if ('.' == p[ndx] && '/' == p[ndx+1] && trailingdot == 0) { + /* If the domain has trailing dot, remove (problem found with squid 3.0 stable1-5) */ + /* if this char is a dot and the next char is a slash, then shift the rest of the string left one char */ + /* We do this only the first time it is encountered. */ + trailingdot++; + size_t sz = strlen(p+ndx+1); + strncpy(p+ndx,p+ndx+1, sz); + p[ndx+sz] = '\0'; + @NOLOG1@ sgLogError("Warning: Possible bypass attempt. Found a trailing dot in the domain name: %s", s->orig); @NOLOG2@ + } else { /* increment the string indexer */ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org