|
|
526eb3e |
%define _default_patch_fuzz 2
|
|
|
e6de151 |
# $Id: squidGuard.spec,v 1.21 2009/10/26 13:41:38 limb Exp $
|
|
|
afc430e |
|
|
John Berninger |
61d6d99 |
%define _dbtopdir %{_var}/%{name}
|
|
|
ec3f3d6 |
%define _dbhomedir %{_var}/%{name}/blacklists
|
|
|
ec3f3d6 |
%define _cgibin /var/www/cgi-bin
|
|
|
afc430e |
|
|
|
afc430e |
Name: squidGuard
|
|
|
d482d57 |
Version: 1.4
|
|
|
e6de151 |
Release: 8%{?dist}
|
|
|
afc430e |
Summary: Filter, redirector and access controller plugin for squid
|
|
|
afc430e |
|
|
|
afc430e |
Group: System Environment/Daemons
|
|
John Berninger |
01dbd76 |
License: GPLv2
|
|
|
afc430e |
|
|
|
de51c89 |
Source0: http://www.squidguard.org/Downloads/squidGuard-%{version}.tar.gz
|
|
|
afc430e |
Source1: squidGuard.logrotate
|
|
|
e6de151 |
Source2: http://squidguard.mesd.k12.or.us/blacklists.tgz
|
|
|
afc430e |
Source3: http://cuda.port-aransas.k12.tx.us/squid-getlist.html
|
|
|
afc430e |
|
|
|
ec3f3d6 |
# K12LTSP stuff
|
|
|
ec3f3d6 |
Source100: squidGuard.conf
|
|
|
ec3f3d6 |
Source101: update_squidguard_blacklists
|
|
|
ec3f3d6 |
Source102: squidguard
|
|
|
ec3f3d6 |
Source103: transparent-proxying
|
|
|
ec3f3d6 |
|
|
|
ec3f3d6 |
# SELinux (taken from K12LTSP package)
|
|
|
de51c89 |
#Source200: squidGuard.te
|
|
|
de51c89 |
#Source201: squidGuard.fc
|
|
|
ec3f3d6 |
|
|
|
526eb3e |
#Patch0: squidGuard-upstream.patch
|
|
|
f80aa72 |
#Patch1: squidGuard-paths.patch
|
|
John Berninger |
7804b7f |
Patch2: squid-getlist.html.patch
|
|
John Berninger |
7804b7f |
Patch3: squidGuard-perlwarning.patch
|
|
|
f80aa72 |
#Patch4: squidGuard-sed.patch
|
|
John Berninger |
7804b7f |
Patch5: squidGuard-makeinstall.patch
|
|
|
d482d57 |
#Patch6: squidGuard-1.3-SG-2008-06-13.patch
|
|
|
e6de151 |
Patch7: squidGuard-1.4-20091015.patch
|
|
|
e6de151 |
Patch8: squidGuard-1.4-20091019.patch
|
|
|
ec3f3d6 |
|
|
|
afc430e |
URL: http://www.squidguard.org/
|
|
|
afc430e |
|
|
|
afc430e |
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
|
|
d482d57 |
BuildRequires: bison, byacc, openldap-devel, flex, compat-db46
|
|
|
d482d57 |
#put db4-devel back and remove compat-db46 once release > 1.4
|
|
|
afc430e |
Requires: squid
|
|
|
681079b |
#Requires(post): %{_bindir}/chcon
|
|
|
ec3f3d6 |
Requires(post): /sbin/chkconfig
|
|
|
afc430e |
|
|
|
afc430e |
%description
|
|
|
afc430e |
squidGuard can be used to
|
|
|
afc430e |
- limit the web access for some users to a list of accepted/well known
|
|
|
afc430e |
web servers and/or URLs only.
|
|
|
afc430e |
- block access to some listed or blacklisted web servers and/or URLs
|
|
|
afc430e |
for some users.
|
|
|
afc430e |
- block access to URLs matching a list of regular expressions or words
|
|
|
afc430e |
for some users.
|
|
|
afc430e |
- enforce the use of domainnames/prohibit the use of IP address in
|
|
|
afc430e |
URLs.
|
|
|
afc430e |
- redirect blocked URLs to an "intelligent" CGI based info page.
|
|
|
afc430e |
- redirect unregistered user to a registration form.
|
|
|
afc430e |
- redirect popular downloads like Netscape, MSIE etc. to local copies.
|
|
|
afc430e |
- redirect banners to an empty GIF.
|
|
|
afc430e |
- have different access rules based on time of day, day of the week,
|
|
|
afc430e |
date etc.
|
|
|
afc430e |
- have different rules for different user groups.
|
|
|
afc430e |
- and much more..
|
|
|
afc430e |
|
|
|
afc430e |
Neither squidGuard nor Squid can be used to
|
|
|
afc430e |
- filter/censor/edit text inside documents
|
|
|
afc430e |
- filter/censor/edit embeded scripting languages like JavaScript or
|
|
|
afc430e |
VBscript inside HTML
|
|
|
afc430e |
|
|
|
afc430e |
%prep
|
|
|
afc430e |
%setup -q
|
|
|
afc430e |
%{__cp} %{SOURCE3} .
|
|
|
526eb3e |
#%patch0 -p1
|
|
|
f80aa72 |
#%patch1 -p1 -b .paths
|
|
John Berninger |
7804b7f |
%patch2 -p0
|
|
John Berninger |
7804b7f |
%patch3 -p2
|
|
|
f80aa72 |
#%patch4 -p1
|
|
John Berninger |
7804b7f |
%patch5 -p1
|
|
|
d482d57 |
#%patch6 -p0
|
|
|
e6de151 |
%patch7 -p0
|
|
|
e6de151 |
%patch8 -p0
|
|
|
ec3f3d6 |
|
|
|
ec3f3d6 |
%{__cp} %{SOURCE100} ./squidGuard.conf.k12ltsp.template
|
|
|
ec3f3d6 |
%{__cp} %{SOURCE101} ./update_squidguard_blacklists.k12ltsp.sh
|
|
|
afc430e |
|
|
|
afc430e |
%build
|
|
|
afc430e |
%configure \
|
|
|
afc430e |
--with-sg-config=%{_sysconfdir}/squid/squidGuard.conf \
|
|
|
e6de151 |
--with-sg-logdir=%{_var}/log/squidGuard \
|
|
|
d482d57 |
--with-sg-dbhome=%{_dbhomedir} \
|
|
|
ad20940 |
--with-db-inc=%{_includedir}/db4.6.21 \
|
|
|
ad20940 |
--with-db-lib=%{_libdir}/db4.6.21
|
|
|
afc430e |
|
|
John Berninger |
7804b7f |
#%{__make} %{?_smp_mflags}
|
|
John Berninger |
7804b7f |
%{__make}
|
|
|
ec3f3d6 |
|
|
|
ec3f3d6 |
pushd contrib
|
|
|
ec3f3d6 |
%{__make} %{?_smp_mflags}
|
|
|
ec3f3d6 |
popd
|
|
|
afc430e |
|
|
|
afc430e |
%install
|
|
|
afc430e |
%{__rm} -rf $RPM_BUILD_ROOT
|
|
|
afc430e |
|
|
|
526eb3e |
#%{__make} DESTDIR=$RPM_BUILD_ROOT install
|
|
|
526eb3e |
# This broke as of 1.2.1.
|
|
|
526eb3e |
%{__install} -p -D -m 0755 src/squidGuard $RPM_BUILD_ROOT%{_bindir}/squidGuard
|
|
|
afc430e |
|
|
|
afc430e |
%{__install} -p -D -m 0644 %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/squidGuard
|
|
|
afc430e |
%{__install} -p -D -m 0644 samples/sample.conf $RPM_BUILD_ROOT%{_sysconfdir}/squid/squidGuard.conf
|
|
|
e6de151 |
%{__install} -p -D -m 0644 %{SOURCE2} $RPM_BUILD_ROOT%{_dbtopdir}/blacklists.tar.gz
|
|
|
afc430e |
|
|
|
ec3f3d6 |
# Don't use SOURCE3, but use the allready patched one #165689
|
|
|
afc430e |
%{__install} -p -D -m 0755 squid-getlist.html $RPM_BUILD_ROOT%{_sysconfdir}/cron.daily/squidGuard
|
|
|
afc430e |
|
|
|
de51c89 |
#%{__install} -p -D %{SOURCE200} $RPM_BUILD_ROOT%{_sysconfdir}/selinux/targeted/src/policy/domains/program/squidGuard.te
|
|
|
de51c89 |
#%{__install} -p -D %{SOURCE201} $RPM_BUILD_ROOT%{_sysconfdir}/selinux/targeted/src/policy/file_contexts/program/squidGuard.fc
|
|
|
ec3f3d6 |
|
|
|
ec3f3d6 |
%{__install} -p -d $RPM_BUILD_ROOT%{_cgibin}
|
|
|
ec3f3d6 |
%{__install} samples/squid*cgi $RPM_BUILD_ROOT%{_cgibin}
|
|
|
ec3f3d6 |
|
|
|
ec3f3d6 |
%{__install} contrib/hostbyname/hostbyname $RPM_BUILD_ROOT%{_bindir}
|
|
|
ec3f3d6 |
%{__install} contrib/sgclean/sgclean $RPM_BUILD_ROOT%{_bindir}
|
|
|
ec3f3d6 |
|
|
|
ec3f3d6 |
%{__install} -p -D -m 0755 %{SOURCE102} $RPM_BUILD_ROOT%{_initrddir}/squidGuard
|
|
|
ec3f3d6 |
%{__install} -p -D -m 0755 %{SOURCE103} $RPM_BUILD_ROOT%{_initrddir}/transparent-proxying
|
|
|
ec3f3d6 |
|
|
|
e6de151 |
#pushd $RPM_BUILD_ROOT%{_dbhomedir}
|
|
|
e6de151 |
tar xfz $RPM_BUILD_ROOT%{_dbtopdir}/blacklists.tar.gz
|
|
|
e6de151 |
#popd
|
|
|
afc430e |
|
|
|
afc430e |
sed -i "s,dest/adult/,blacklists/porn/,g" $RPM_BUILD_ROOT%{_sysconfdir}/squid/squidGuard.conf
|
|
|
afc430e |
|
|
|
727f3fa |
%{__install} -p -D -m 0644 samples/babel.* $RPM_BUILD_ROOT%{_cgibin}
|
|
|
727f3fa |
|
|
|
e6de151 |
mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/log/squidGuard
|
|
|
e6de151 |
mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/log/squid
|
|
|
e6de151 |
ln -s ../squidGuard/squidGuard.log $RPM_BUILD_ROOT%{_localstatedir}/log/squid/squidGuard.log
|
|
|
e6de151 |
|
|
|
afc430e |
%clean
|
|
|
afc430e |
%{__rm} -rf $RPM_BUILD_ROOT
|
|
|
afc430e |
|
|
|
ec3f3d6 |
%post
|
|
|
ec3f3d6 |
# fix SELinux bits
|
|
|
de51c89 |
#%{_bindir}/chcon -R system_u:object_r:squid_cache_t /var/squidGuard >/dev/null 2>&1
|
|
|
de51c89 |
#%{_bindir}/chcon -R system_u:object_r:squid_log_t /var/log/squidGuard >/dev/null 2>&1
|
|
|
ec3f3d6 |
|
|
|
ec3f3d6 |
# do we need a new config file?
|
|
|
ec3f3d6 |
if [ -s %{_sysconfdir}/squid/squidGuard.conf ]; then
|
|
|
ec3f3d6 |
CONFFILE="%{_sysconfdir}/squid/squidGuard.conf.rpmnew"
|
|
|
ec3f3d6 |
echo "/etc/squid/squidGuard.conf created as /etc/squid/squidGuard.conf.rpmnew"
|
|
|
ec3f3d6 |
else
|
|
|
ec3f3d6 |
CONFFILE="/etc/squid/squidGuard.conf"
|
|
|
ec3f3d6 |
fi
|
|
|
ec3f3d6 |
cat %{_docdir}/%{name}-%{version}/squidGuard.conf.k12ltsp.template | \
|
|
|
ec3f3d6 |
sed s/SERVERNAME/$HOSTNAME/g > $CONFFILE
|
|
|
ec3f3d6 |
|
|
|
ec3f3d6 |
/sbin/chkconfig --add squidGuard
|
|
|
ec3f3d6 |
/sbin/chkconfig --add transparent-proxying
|
|
|
ec3f3d6 |
|
|
|
ec3f3d6 |
# reload SELinux policies
|
|
|
de51c89 |
#echo "Loading new SELinux policy"
|
|
|
de51c89 |
#pushd %{_sysconfdir}/selinux/targeted/src/policy/
|
|
|
de51c89 |
#%{__make} load &> /dev/null
|
|
|
de51c89 |
#popd
|
|
|
ec3f3d6 |
|
|
|
ec3f3d6 |
#### End of %post
|
|
|
ec3f3d6 |
|
|
|
ec3f3d6 |
%preun
|
|
|
ec3f3d6 |
if [ $1 = 0 ] ; then
|
|
|
ec3f3d6 |
service squidGuard stop >/dev/null 2>&1
|
|
|
ec3f3d6 |
/sbin/chkconfig --del squidGuard
|
|
|
ec3f3d6 |
/sbin/chkconfig --del transparent-proxying
|
|
|
ec3f3d6 |
fi
|
|
|
ec3f3d6 |
|
|
|
afc430e |
%files
|
|
|
afc430e |
%defattr(-,root,root)
|
|
|
afc430e |
%doc samples/*.conf
|
|
|
afc430e |
%doc samples/*.cgi
|
|
|
afc430e |
%doc samples/dest/blacklists.tar.gz
|
|
|
ec3f3d6 |
%doc COPYING GPL
|
|
|
afc430e |
%doc doc/*.txt doc/*.html doc/*.gif
|
|
|
ec3f3d6 |
%doc squidGuard.conf.k12ltsp.template
|
|
|
afc430e |
%{_bindir}/*
|
|
|
afc430e |
%config(noreplace) %{_sysconfdir}/squid/squidGuard.conf
|
|
|
afc430e |
%config(noreplace) %{_sysconfdir}/logrotate.d/squidGuard
|
|
|
afc430e |
%config(noreplace) %{_sysconfdir}/cron.daily/squidGuard
|
|
John Berninger |
61d6d99 |
%{_dbtopdir}/
|
|
|
de51c89 |
#%{_sysconfdir}/selinux/targeted/src/policy/domains/program/squidGuard.te
|
|
|
de51c89 |
#%{_sysconfdir}/selinux/targeted/src/policy/file_contexts/program/squidGuard.fc
|
|
John Berninger |
a933d41 |
%attr(0755,root,root) %{_cgibin}/*.cgi
|
|
|
e6de151 |
%config(noreplace) %{_cgibin}/squidGuard.cgi
|
|
|
727f3fa |
%{_cgibin}/babel.*
|
|
|
ec3f3d6 |
%{_initrddir}/squidGuard
|
|
|
ec3f3d6 |
%{_initrddir}/transparent-proxying
|
|
|
e6de151 |
%{_localstatedir}/log/squidGuard
|
|
|
e6de151 |
%{_localstatedir}/log/squid/squidGuard.log
|
|
|
afc430e |
|
|
|
afc430e |
%changelog
|
|
|
e6de151 |
* Mon Oct 26 2009 Jon Ciesla <limb@jcomserv.net> - 1.4-8
|
|
|
e6de151 |
- Applying upstream patches for CVE-2009-3700, BZ 530862.
|
|
|
e6de151 |
|
|
|
e6de151 |
* Thu Sep 24 2009 Jon Ciesla <limb@jcomserv.net> - 1.4-7
|
|
|
e6de151 |
- Make squidGuard.cgi config(noreplace)
|
|
|
e6de151 |
- Relocated logs, updated logrotate file.
|
|
|
e6de151 |
- Updated blacklist URL.
|
|
|
e6de151 |
|
|
|
727f3fa |
* Wed Sep 09 2009 Jon Ciesla <limb@jcomserv.net> - 1.4-6
|
|
|
727f3fa |
- Include babel files, BZ 522038.
|
|
|
727f3fa |
|
|
|
163313f |
* Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4-5
|
|
|
163313f |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
|
|
|
163313f |
|
|
|
df9e1a6 |
* Thu Mar 05 2009 Jon Ciesla <limb@jcomserv.net> - 1.4-4
|
|
|
df9e1a6 |
- Initscript cleanup, BZ 247065.
|
|
|
df9e1a6 |
|
|
|
681079b |
* Tue Feb 24 2009 Jon Ciesla <limb@jcomserv.net> - 1.4-3
|
|
|
681079b |
- Drop chcon Req.
|
|
|
681079b |
|
|
|
de51c89 |
* Mon Feb 23 2009 Jon Ciesla <limb@jcomserv.net> - 1.4-2
|
|
|
de51c89 |
- Dropping selinux policy and chcon, BZ 486634.
|
|
|
de51c89 |
- Fixed URL of Source0.
|
|
|
de51c89 |
|
|
|
d482d57 |
* Wed Feb 18 2009 Jon Ciesla <limb@jcomserv.net> - 1.4-1
|
|
|
d482d57 |
- Update to 1.4, BZ 485530.
|
|
|
d482d57 |
- Building against compat-db46 until next version.
|
|
|
d482d57 |
|
|
|
f80aa72 |
* Wed Feb 11 2009 Jon Ciesla <limb@jcomserv.net> - 1.3-1
|
|
|
f80aa72 |
- Update to 1.3.
|
|
|
f80aa72 |
- Dropped paths, sed patches, applied upstream.
|
|
|
f80aa72 |
- New SG-2008-06-13 patch.
|
|
|
e6de151 |
|
|
|
f02e034 |
* Wed Feb 11 2009 Jon Ciesla <limb@jcomserv.net> - 1.2.1-2
|
|
|
30083e4 |
- Fix sg-2008-06-13, BZ 452467.
|
|
|
30083e4 |
|
|
|
30083e4 |
* Wed Feb 11 2009 Jon Ciesla <limb@jcomserv.net> - 1.2.1-1
|
|
|
30083e4 |
- Update to 1.2.1, BZ 245377.
|
|
|
526eb3e |
- Dropped upstream patch.
|
|
|
526eb3e |
- Updated blacklists.
|
|
|
526eb3e |
|
|
|
5687e21 |
* Tue Feb 19 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 1.2.0-18
|
|
|
5687e21 |
- Autorebuild for GCC 4.3
|
|
|
5687e21 |
|
|
|
63090c9 |
* Wed Dec 05 2007 Release Engineering <rel-eng at fedoraproject dot org> - 1.2.0-17
|
|
|
63090c9 |
- Rebuild for deps
|
|
|
63090c9 |
|
|
John Berninger |
a933d41 |
* Fri Nov 16 2007 John Berninger <john at ncphotography dot com> 1.2.0-16
|
|
John Berninger |
a933d41 |
- Fix perms on cgi-bin files
|
|
John Berninger |
a933d41 |
|
|
John Berninger |
61d6d99 |
* Mon Mar 26 2007 John Berninger <jwb at redhat dot com> 1.2.0-15
|
|
John Berninger |
61d6d99 |
- Assert ownership of /var/squidGuard - bz 233915
|
|
John Berninger |
61d6d99 |
|
|
John Berninger |
69ffe7d |
* Tue Aug 29 2006 John Berninger <jwb at redhat dot com> 1.2.0-14
|
|
John Berninger |
69ffe7d |
- Bump release 'cause I forgot to add a patch file that's required
|
|
John Berninger |
69ffe7d |
|
|
John Berninger |
7804b7f |
* Tue Aug 29 2006 John Berninger <jwb at redhat dot com> 1.2.0-13
|
|
John Berninger |
7804b7f |
- general updates to confirm build on FC5/FC6
|
|
John Berninger |
7804b7f |
- updates to BuildRequires
|
|
John Berninger |
7804b7f |
|
|
|
ec3f3d6 |
* Fri Sep 09 2005 Oliver Falk <oliver@linux-kernel.at> - 1.2.0-12
|
|
|
ec3f3d6 |
- Make it K12LTSP compatible, so a possible upgrade doesn't break
|
|
|
ec3f3d6 |
anything/much...
|
|
|
ec3f3d6 |
- Add SELinux stuff
|
|
|
ec3f3d6 |
- Move dbdir to /var/squidGuard/blacklists, instead of /var/lib/squidGuard
|
|
|
ec3f3d6 |
- Added update script and template config from/for K12
|
|
|
ec3f3d6 |
- Add perlwarnings and sed patch
|
|
|
ec3f3d6 |
- Install cgis in /var/www/cgi-bin
|
|
|
ec3f3d6 |
- Added initrd stuff
|
|
|
ec3f3d6 |
- Remove questionable -ldb from make
|
|
|
ec3f3d6 |
- Remove questionable db version check
|
|
|
ec3f3d6 |
|
|
|
afc430e |
* Tue Sep 06 2005 Oliver Falk <oliver@linux-kernel.at> - 1.2.0-11
|
|
|
afc430e |
- More bugs from Bug #165689
|
|
|
afc430e |
Install cron script with perm 755
|
|
|
afc430e |
Don't use SOURCE3 in install section, we need to use the patched one
|
|
|
afc430e |
|
|
|
afc430e |
* Mon Sep 05 2005 Oliver Falk <oliver@linux-kernel.at> - 1.2.0-10
|
|
|
afc430e |
- Include GPL in doc section
|
|
|
afc430e |
|
|
|
afc430e |
* Mon Sep 05 2005 Oliver Falk <oliver@linux-kernel.at> - 1.2.0-9
|
|
|
afc430e |
- More 'bugs' from Bug #165689
|
|
|
afc430e |
Make changed on squid-getlist.html a patch, as sources should
|
|
|
afc430e |
match upstream sources, so they are wget-able...
|
|
|
afc430e |
|
|
|
afc430e |
* Mon Sep 05 2005 Oliver Falk <oliver@linux-kernel.at> - 1.2.0-8
|
|
|
afc430e |
- Bug #165689
|
|
|
afc430e |
|
|
|
afc430e |
* Thu May 19 2005 Oliver Falk <oliver@linux-kernel.at> - 1.2.0-7
|
|
|
afc430e |
- Update blacklists
|
|
|
afc430e |
- Cleanup specfile
|
|
|
afc430e |
|
|
|
afc430e |
* Fri Apr 08 2005 Oliver Falk <oliver@linux-kernel.at> - 1.2.0-6
|
|
|
afc430e |
- Fix build on RH 8 with db 4.0.14, by not applying the db4 patch
|
|
|
afc430e |
|
|
|
afc430e |
* Mon Feb 21 2005 Oliver Falk <oliver@linux-kernel.at> - 1.2.0-5
|
|
|
afc430e |
- Specfile cleaning
|
|
|
afc430e |
- Make it build with db4 again, by adding the db4-patch
|
|
|
afc430e |
|
|
|
afc430e |
* Mon Apr 12 2002 Oliver Pitzeier <oliver@linux-kernel.at> - 1.2.0-4
|
|
|
afc430e |
- Tweaks
|
|
|
afc430e |
|
|
|
afc430e |
* Mon Apr 08 2002 Oliver Pitzeier <oliver@linux-kernel.at> - 1.2.0-3
|
|
|
afc430e |
- Rebuild
|
|
|
afc430e |
|
|
|
afc430e |
* Mon Apr 08 2002 Oliver Pitzeier <oliver@linux-kernel.at> - 1.2.0-2
|
|
|
afc430e |
- Updated the blacklists and put it into the right place
|
|
|
afc430e |
I also descompress them
|
|
|
afc430e |
- Added a new "forbidden" script - the other ones are too
|
|
|
afc430e |
old and don't work.
|
|
|
afc430e |
|
|
|
afc430e |
* Fri Apr 05 2002 Oliver Pitzeier <oliver@linux-kernel.at> - 1.2.0-1
|
|
|
afc430e |
- Update to version 1.2.0
|
|
|
afc430e |
|
|
|
afc430e |
* Fri Jun 1 2001 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de>
|
|
|
afc430e |
- cleaned up for rhcontrib
|
|
|
afc430e |
|
|
|
afc430e |
* Fri Oct 13 2000 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de>
|
|
|
afc430e |
- initial build
|