Created by command: /usr/bin/tito tagtags/ufdbGuard-1.33.4-CentOS7^0 ufdbGuard-1.33.4-CentOS7
parent
c96e9effcc
commit
2c2796164e
2 changed files with 357 additions and 0 deletions
@ -0,0 +1 @@ |
|||||||
|
1.33.4-CentOS7 ./ |
@ -0,0 +1,356 @@ |
|||||||
|
# ufdbGuard.spec.CentOS7 |
||||||
|
|
||||||
|
%global _hardened_build 1 |
||||||
|
%global version 1.33.4 |
||||||
|
|
||||||
|
# no stripping of the binaries |
||||||
|
%global __os_install_post %{nil} |
||||||
|
%define debug_package %{nil} |
||||||
|
%define __strip /bin/true |
||||||
|
|
||||||
|
### %__global_cflags -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches %{_hardened_cflags} %{_performance_cflags} |
||||||
|
%define __global_cflags -O2 -g -pipe -Wall -grecord-gcc-switches %{_hardened_cflags} %{_performance_cflags} |
||||||
|
|
||||||
|
Name: ufdbGuard |
||||||
|
Version: %{version} |
||||||
|
Release: CentOS7 |
||||||
|
Summary: ufdbGuard is a URL filter for Squid |
||||||
|
License: GNU General Public License v2.0 only |
||||||
|
Group: Internet/Proxy |
||||||
|
|
||||||
|
# FHS says no package may have files under /usr/local nor /opt |
||||||
|
# Prefix: /usr/local/ufdbguard |
||||||
|
Prefix: /usr |
||||||
|
|
||||||
|
Provides: ufdbguardd |
||||||
|
Provides: ufdbgclient |
||||||
|
Provides: ufdbhttpd |
||||||
|
Provides: ufdbsignal |
||||||
|
Provides: ufdb-pstack |
||||||
|
Provides: ufdbpeek |
||||||
|
Provides: ufdbGenTable, ufdbConvertDB |
||||||
|
Provides: ufdbUpdate |
||||||
|
Provides: ufdbAnalyse |
||||||
|
Provides: ufdb_analyse_urls, ufdb_analyse_users, ufdb_top_urls, ufdb_top_users |
||||||
|
|
||||||
|
URL: http://www.urlfilterdb.com/ |
||||||
|
|
||||||
|
# The sources for many versions of ufdbGuard are on sourceforge.net (Source0) |
||||||
|
# The latest version can also be downloaded from URLfilterDB (Source1) |
||||||
|
Source: https://www.urlfilterdb.com/files/downloads/%{name}-%{version}.tar.gz |
||||||
|
# Source0: http://sourceforge.net/projects/ufdbguard/ |
||||||
|
# Source1: http://www.urlfilterdb.com/en/downloads/software_doc.html |
||||||
|
|
||||||
|
# Buildroot: /local/src/ufdbGuard-%{version} |
||||||
|
# Buildroot: . |
||||||
|
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot-%(%{__id_u} -n) |
||||||
|
|
||||||
|
# required packages for ufdbguardd |
||||||
|
Requires: glibc >= 2.17 |
||||||
|
Requires: openssl >= 1.0.1e |
||||||
|
Requires: bzip2-libs >= 1.0.6 |
||||||
|
Requires: zlib >= 1.2.7 |
||||||
|
# required packages for ufdbUpdate |
||||||
|
Requires: wget >= 1.14 |
||||||
|
Requires: tar, gzip |
||||||
|
# require packages for ufdb-pstack |
||||||
|
Requires: gdb >= 7.6.1 |
||||||
|
Requires: yum-utils >= 1.1.31 |
||||||
|
# required packages for installation |
||||||
|
Requires: at |
||||||
|
# required packages for analysis scripts |
||||||
|
Requires: perl |
||||||
|
%global __requires_exclude %{?__requires_exclude}|perl\\(CGI::|perl\\(FCGI:: |
||||||
|
# squid is required but may be installed from source and not using an RPM, |
||||||
|
# or ufdbguard is used on a system where squid is not installed. |
||||||
|
# Requires: squid |
||||||
|
# gdb is highly recommended but not a requirement |
||||||
|
# Requires: gdb |
||||||
|
|
||||||
|
Buildrequires: openssl-devel >= 1.0.1e |
||||||
|
Buildrequires: bzip2-devel >= 1.0.6 |
||||||
|
Buildrequires: zlib-devel >= 1.2.7 |
||||||
|
Buildrequires: make, gcc, bison, flex |
||||||
|
Buildrequires: bind-utils |
||||||
|
|
||||||
|
# TODO: %_initddir is macro for /etc/rc.d/init.d |
||||||
|
Requires(post): chkconfig |
||||||
|
Requires(preun): chkconfig |
||||||
|
Requires(preun): initscripts |
||||||
|
Requires(pre): shadow-utils |
||||||
|
|
||||||
|
%description |
||||||
|
ufdbGuard is a free URL filter for Squid with additional features like |
||||||
|
SafeSearch enforcement for a large number of search engines, safer HTTPS |
||||||
|
visits and dynamic detection of proxies (URL filter circumventors). |
||||||
|
|
||||||
|
ufdbGuard supports free and commercial URL databases that can be |
||||||
|
downloaded from various sites and vendors. |
||||||
|
You can also make your own URL database for ufdbGuard. |
||||||
|
|
||||||
|
|
||||||
|
%post |
||||||
|
|
||||||
|
echo >&2 |
||||||
|
echo "ufdbGuard is installed." >&2 |
||||||
|
echo "See the Reference Manual for further instructions and configuration." >&2 |
||||||
|
echo "Seek help at https://www.urlfilterdb.com in case you have a question or an issue." >&2 |
||||||
|
echo >&2 |
||||||
|
|
||||||
|
job=`grep ufdbUpdate /var/spool/cron/* 2>/dev/null | grep -v "^#" ` |
||||||
|
if [ "$job" = "" ] |
||||||
|
then |
||||||
|
echo "There is not yet a cron job for ufdbUpdate *****" >&2 |
||||||
|
echo >&2 |
||||||
|
fi |
||||||
|
|
||||||
|
# This adds the proper /etc/rc*.d links for the script |
||||||
|
/sbin/chkconfig --add ufdb |
||||||
|
# |
||||||
|
# echo "#!/bin/sh" > /tmp/ufdb.postinstall |
||||||
|
# echo "echo Updating debuginfo ..." >> /tmp/ufdb.postinstall |
||||||
|
# echo "debuginfo-install -y -q glibc >/dev/null 2>&1" >> /tmp/ufdb.postinstall |
||||||
|
# echo "debuginfo-install -y -q zlib >/dev/null 2>&1" >> /tmp/ufdb.postinstall |
||||||
|
# echo "debuginfo-install -y -q bzip2 >/dev/null 2>&1" >> /tmp/ufdb.postinstall |
||||||
|
# echo "debuginfo-install -y -q openssl >/dev/null 2>&1" >> /tmp/ufdb.postinstall |
||||||
|
# chmod +x /tmp/ufdb.postinstall |
||||||
|
# # |
||||||
|
# echo "The installation of the ufdbGuard package is almost finished." >&2 |
||||||
|
# echo "Execute /tmp/ufdb.postinstall to update debuginfo for glibc, zlib, bzip2 and openssl. *****" >&2 |
||||||
|
# echo >&2 |
||||||
|
|
||||||
|
at now + 3min <<EOF |
||||||
|
debuginfo-install -y -q glibc >/dev/null 2>&1 |
||||||
|
debuginfo-install -y -q zlib >/dev/null 2>&1 |
||||||
|
debuginfo-install -y -q bzip2 >/dev/null 2>&1 |
||||||
|
debuginfo-install -y -q openssl >/dev/null 2>&1 |
||||||
|
EOF |
||||||
|
|
||||||
|
# |
||||||
|
# TODO: run check_dns |
||||||
|
|
||||||
|
%preun |
||||||
|
if [ $1 = 0 ] ; then |
||||||
|
/sbin/service ufdb stop >/dev/null 2>&1 |
||||||
|
/sbin/chkconfig --del ufdb |
||||||
|
fi |
||||||
|
|
||||||
|
|
||||||
|
# for pre-F13: |
||||||
|
%clean |
||||||
|
[ %{buildroot} != "/" ] && echo rm -rf %{buildroot} |
||||||
|
|
||||||
|
# ufdbGuard is installed with user ufdb and group ufdb |
||||||
|
%pre |
||||||
|
# set -x |
||||||
|
getent group ufdb >/dev/null || groupadd -r ufdb |
||||||
|
getent passwd ufdb >/dev/null || \ |
||||||
|
useradd -r -g ufdb -d /var/ufdbguard -M -s /usr/bin/sh \ |
||||||
|
-c "ufdbGuard URL filter" ufdb |
||||||
|
exit 0 |
||||||
|
|
||||||
|
%prep |
||||||
|
# echo prep in %{buildroot} |
||||||
|
# set -x |
||||||
|
# TODO %setup -q |
||||||
|
%setup -q |
||||||
|
|
||||||
|
%build |
||||||
|
echo build in `pwd` |
||||||
|
%configure \ |
||||||
|
--with-ufdb-user=ufdb \ |
||||||
|
--prefix=/usr \ |
||||||
|
--with-ufdb-bindir=/usr/sbin \ |
||||||
|
--with-ufdb-piddir=/var/run/ufdbguard \ |
||||||
|
--with-ufdb-mandir=/usr/share/man \ |
||||||
|
--with-ufdb-images_dir=/var/ufdbguard/images \ |
||||||
|
--with-ufdb-logdir=/var/ufdbguard/logs \ |
||||||
|
--with-ufdb-samplesdir=/var/ufdbguard/samples \ |
||||||
|
--with-ufdb-config=/etc/ufdbguard \ |
||||||
|
--with-ufdb-dbhome=/var/ufdbguard/blacklists |
||||||
|
|
||||||
|
%{__make} %{?_smp_mflags} |
||||||
|
|
||||||
|
%install |
||||||
|
# echo install |
||||||
|
# env |
||||||
|
[ %{buildroot} != "/" ] && rm -rf %{buildroot} |
||||||
|
%{__make} DESTDIR=%{buildroot} mkdirsredhatcentos install |
||||||
|
# the install makes a backup of the conf file that we do not want in the package |
||||||
|
rm -f %{buildroot}/etc/ufdbguard/ufdbGuard.conf.pre-v1.* |
||||||
|
|
||||||
|
# echo |
||||||
|
# echo "The configuration file of ufdbGuard is /etc/ufdbguard/ufdbGuard.conf" |
||||||
|
# echo "The system configuration file for the ufdbGuard Software Suite is /etc/sysconfig/ufdbguard" |
||||||
|
|
||||||
|
# ufdbsignal is suid-root since it must be able to send a signal to ufdbguardd. |
||||||
|
# ufdbsignal is a very simple program which checks the uid to see if the user is permitted to send a signal. |
||||||
|
# ufdbsignal reads the pid from /var/run/ufdbguardd/ufdbguardd.pid. |
||||||
|
|
||||||
|
%verifyscript |
||||||
|
|
||||||
|
if [ ! -f /etc/sysconfig/ufdbguard ] |
||||||
|
then |
||||||
|
echo "/etc/sysconfig/ufdbguard does not exist." >&2 |
||||||
|
else |
||||||
|
eval `grep "^DOWNLOAD_USER=" /etc/sysconfig/ufdbguard` |
||||||
|
if [ "$DOWNLOAD_USER" = "" ] |
||||||
|
then |
||||||
|
echo "The username for periodical downloads of the URL database is not set." >&2 |
||||||
|
echo "Edit /etc/sysconfig/ufdbguard and set DOWNLOAD_USER and DOWNLOAD_PASSWORD." >&2 |
||||||
|
else |
||||||
|
echo "DOWNLOAD_USER is set to $DOWNLOAD_USER in /etc/sysconfig/ufdbguard" |
||||||
|
fi |
||||||
|
fi |
||||||
|
|
||||||
|
if [ ! -f /etc/ufdbguard/ufdbGuard.conf ] |
||||||
|
then |
||||||
|
echo "/etc/ufdbguard/ufdbGuard.conf does not exist." |
||||||
|
else |
||||||
|
set -- `grep ^dbhome /etc/ufdbguard/ufdbGuard.conf` |
||||||
|
# must get rid of quotes or else "if [ ! -d $DBDIR ]" fails :-( |
||||||
|
DBDIR=`echo ${2:-notset} | sed -e 's,",,g' ` |
||||||
|
if [ $DBDIR = notset ] |
||||||
|
then |
||||||
|
DBDIR=/var/ufdbguard/blacklists |
||||||
|
echo "/etc/ufdbguard/ufdbGuard.conf: dbhome is not set" >&2 |
||||||
|
echo "Using default value for dbhome: $DBDIR" >&2 |
||||||
|
fi |
||||||
|
if [ ! -d $DBDIR ] |
||||||
|
then |
||||||
|
echo "/etc/ufdbguard/ufdbGuard.conf: dbhome $DBDIR: directory does not exist" >&2 |
||||||
|
else |
||||||
|
if [ ! -d $DBDIR/adult -o ! -d $DBDIR/checked ] |
||||||
|
then |
||||||
|
echo "/etc/ufdbguard/ufdbGuard.conf: dbhome $DBDIR:" >&2 |
||||||
|
echo "The directory for the URL database does not contain subdirectories for adult and/or checked." >&2 |
||||||
|
echo "This means that the URL database of URLfilterDB is not used." >&2 |
||||||
|
echo "If you intend to use the URL database of URLfilterDB, make sure that " >&2 |
||||||
|
echo "\"ufdbUpdate [-v]\" runs without errors to download the URL database." >&2 |
||||||
|
echo "See the Reference Manual for more information." >&2 |
||||||
|
fi |
||||||
|
fi |
||||||
|
fi |
||||||
|
|
||||||
|
exit 0 |
||||||
|
|
||||||
|
|
||||||
|
%postun |
||||||
|
|
||||||
|
job=`grep ufdbUpdate /var/spool/cron/* 2>/dev/null | grep -v "^#" ` |
||||||
|
if [ "$job" != "" ] |
||||||
|
then |
||||||
|
echo "Note: there is still a cron job for ufdbUpdate." >&2 |
||||||
|
fi |
||||||
|
|
||||||
|
exit 0 |
||||||
|
|
||||||
|
|
||||||
|
# %config |
||||||
|
# /etc/sysconfig/ufdbguard |
||||||
|
# /etc/ufdbguard/ufdbGuard.conf |
||||||
|
|
||||||
|
%files |
||||||
|
%defattr(-,root,root,-) |
||||||
|
/etc/init.d/ufdb |
||||||
|
%config(noreplace) %attr(-,ufdb,ufdb) /etc/sysconfig/ufdbguard |
||||||
|
%config(noreplace) %attr(-,ufdb,ufdb) /etc/ufdbguard/ufdbGuard.conf |
||||||
|
/var/ufdbguard/images/default.flv |
||||||
|
/var/ufdbguard/images/default.mp3 |
||||||
|
/var/ufdbguard/images/default.mpeg |
||||||
|
/var/ufdbguard/images/default.wmv |
||||||
|
/var/ufdbguard/images/forbidden-normal-de.png |
||||||
|
/var/ufdbguard/images/forbidden-normal-en.png |
||||||
|
/var/ufdbguard/images/forbidden-normal-es.png |
||||||
|
/var/ufdbguard/images/forbidden-normal-fr.png |
||||||
|
/var/ufdbguard/images/forbidden-normal-it.png |
||||||
|
/var/ufdbguard/images/forbidden-normal-nl.png |
||||||
|
/var/ufdbguard/images/forbidden-normal-pl.png |
||||||
|
/var/ufdbguard/images/forbidden-normal-pt.png |
||||||
|
/var/ufdbguard/images/forbidden-normal-sv.png |
||||||
|
/var/ufdbguard/images/forbidden-normal-tr.png |
||||||
|
/var/ufdbguard/images/no-ads.png |
||||||
|
/var/ufdbguard/images/smallcross.png |
||||||
|
/var/ufdbguard/images/square.png |
||||||
|
/var/ufdbguard/images/transparent.png |
||||||
|
/var/ufdbguard/samples/execdomainlist.sh |
||||||
|
/var/ufdbguard/samples/execuserlist.sh |
||||||
|
/var/ufdbguard/samples/URLblocked.cgi |
||||||
|
/usr/sbin/ufdb-pstack |
||||||
|
/usr/sbin/ufdbAnalyse |
||||||
|
/usr/sbin/ufdbConvertDB |
||||||
|
/usr/sbin/ufdbGenTable |
||||||
|
/usr/sbin/ufdbUpdate |
||||||
|
/usr/sbin/ufdb_analyse_urls |
||||||
|
/usr/sbin/ufdb_analyse_users |
||||||
|
/usr/sbin/ufdb_top_urls |
||||||
|
/usr/sbin/ufdb_top_users |
||||||
|
/usr/sbin/ufdbgclient |
||||||
|
/usr/sbin/ufdbguardd |
||||||
|
/usr/sbin/ufdbhttpd |
||||||
|
%attr(4755,root,root) /usr/sbin/ufdbsignal |
||||||
|
/usr/share/man/man1/ufdb_analyse_urls.1 |
||||||
|
/usr/share/man/man1/ufdb_analyse_users.1 |
||||||
|
/usr/share/man/man1/ufdb_top_urls.1 |
||||||
|
/usr/share/man/man1/ufdb_top_users.1 |
||||||
|
/usr/share/man/man1/ufdbAnalyse.1 |
||||||
|
/usr/share/man/man8/ufdbgclient.8 |
||||||
|
/usr/share/man/man8/ufdbguardd.8 |
||||||
|
/usr/share/man/man8/ufdbhttpd.8 |
||||||
|
/usr/share/man/man8/ufdbupdate.8 |
||||||
|
%dir %attr(-,ufdb,ufdb) /var/ufdbguard/blacklists |
||||||
|
%dir %attr(-,ufdb,ufdb) /var/ufdbguard/blacklists/security |
||||||
|
# The cacerts get updated by ufdbUpdate: |
||||||
|
%verify(not md5 size mtime) %attr(644,ufdb,ufdb) /var/ufdbguard/blacklists/security/cacerts |
||||||
|
# log files go to /var/ufdbguard/logs |
||||||
|
%dir %attr(-,ufdb,ufdb) /var/ufdbguard/logs |
||||||
|
# pid files go to /var/run/ufdbguard |
||||||
|
%dir %attr(755,ufdb,ufdb) /var/run/ufdbguard |
||||||
|
|
||||||
|
%doc README CHANGELOG |
||||||
|
# TODO |
||||||
|
|
||||||
|
%changelog |
||||||
|
* Tue Feb 20 2018 Daniel Berteaud <daniel@firewall-services.com> 1.33.4-CentOS7 |
||||||
|
- new package built with tito |
||||||
|
|
||||||
|
* Thu Sep 21 2017 Marcus Kool <marcus-dot-kool@urlfilterdb.com> - 1.33.4 |
||||||
|
Fix: URLs with very long domainnames may cause a crash if the URL is not in the URL database |
||||||
|
Fix: ufdbguardd did not obey 'continue' inside a source |
||||||
|
Fix: the logfile did not not contain "PASS URL" for all allowed URLs |
||||||
|
Fix: suppress another warning by ufdbGenTable if the -q option is used |
||||||
|
Fix: execuserlist with large arguments cannot be cached |
||||||
|
Fix: ufdbguardd sometimes does not use the correct source for its decision |
||||||
|
Fix: in-addr also matched URLs without an IP address |
||||||
|
Configuration: the option squid-uses-active-bumping was missing in the default configuration file |
||||||
|
|
||||||
|
* Tue Jun 6 2017 Marcus Kool <marcus-dot-kool@urlfilterdb.com> - 1.33.3 |
||||||
|
Fix: ufdbgclient truncates Squid request lines to 8K which means that very long URLs cannot be filtered |
||||||
|
Fix: ufdbGenTable erroneously warned about URLs inside a comment |
||||||
|
Fix: make ufdbGuard compile on FreeBSD |
||||||
|
Fix: when evaluate-and IPv4/6 is used in a source definition, the source may not matched |
||||||
|
Fix: ufdbguardd did not accept the IPv6 address '::' |
||||||
|
Enhancement: several warnings for IPv4 and IPv6 addresses inside a source were implemented |
||||||
|
|
||||||
|
* Wed May 23 2017 Marcus Kool <marcus-dot-kool@urlfilterdb.com> - 1.33.2 |
||||||
|
Fix: ufdbguardd may incorrectly abort with a fatal error cannot-get-rwlock-for-database-refresh-after-many-attempts |
||||||
|
Fix: safesearch did not work in 2 out of 3 cases |
||||||
|
Fix: ufdbguard did not compile on FreeBSD. |
||||||
|
Fix: crash due to stack overwrite in uploadStatistics/logStatistics |
||||||
|
Documentation: added use-ipv6-on-wan option to Reference Manual |
||||||
|
|
||||||
|
* Wed Mar 15 2017 Marcus Kool <marcus-dot-kool@urlfilterdb.com> - 1.33.1 |
||||||
|
Enhancement: IPv6 support for sources with new keywords ipv6 and ipv6list |
||||||
|
Enhancement: detect certificates of ucweb.com and uc.cn of the ucweb browser that circumvents URL filters |
||||||
|
Enhancement: ufdbgclient has new -m parameter to use multithreading and improve performance |
||||||
|
Enhancement: make ufdbguardd.pid world-readable |
||||||
|
Enhancement: allow UTF8 characters in URLs |
||||||
|
Enhancement: new keyword ufdb-log-url-details controls if URLs in the log file have parameters or not |
||||||
|
Fix: on the ARM platform generated URL tables were corrupt |
||||||
|
Fix: implicitly allowed URLs were logged with category "any" instead of the correct category ID |
||||||
|
Fix: prevent false positives with Tor proxy detection on port 443 |
||||||
|
Fix: failed probes for <IP>:443 were not properly cached and resulted in too many probes for IP |
||||||
|
Fix: when reverse IP lookups are used, the URL category was not logged correctly (was logged as "any") |
||||||
|
Fix: ufdbGenTable uses less memory |
||||||
|
Fix: the feature "block-bumped-connect on" never blocked a CONNECT request |
||||||
|
|
Loading…
Reference in new issue