squidguard, both versions in portage, stop working after a while because of a log buffer overflow error. The error is visible in the log with those lines: > overflow in vsprintf (sgLogError): Success > going into emergency mode After this error occured squidguard will not work till squid is reloaded or even restarted (not sure now anymore). The patch will replace the vsprintf call with a safe one and additionally increase the log buffer size (4k->8k). The patch applies cleanly to both portage versions and with this patch squidguard never entered emergency mode anymore.
Created attachment 182264 [details] squidguard sqlog overflow fix
Btw, I posted the patch on the upstream mailing list.
Fixed in revision 1.4-r1, without buffer size increase. Please send squidguard-1.4-vsnprintf.patch to upstream for inclusion. Thanks!
The bug seems not fixed yet, I can't point to the actual error though :( 2009-04-25 10:39:27 [144641] Warning: Possible bypass attempt. Found multiple slashes where only one is expected: http://www.sysmath.com/xtkxysx_omrs_en//images/omrs_banner.jpg 2009-04-25 23:02:24 [144641] overflow in vsprintf (sgLogError): Success 2009-04-25 23:02:27 [144641] Going into emergency mode using [ebuild R ] net-proxy/squidguard-1.4-r1 USE="-ldap" 0 kB
not yet fixed
overflow fixed, emergency mode not yet fixed.
Created attachment 189439 [details] corrected patch not to enter emergency mode anymore and add log entries to (really) fix log overflow error (...probably...)
I've replaced sgLogFatalError with fprintf(stderr. Since both current revisions use the same vsnprintf.patch, you could either install the new version (-r3) or re-emerge the stable version (-r1).
