a) refer 'perl' in their Makefile, or
b) have a directory name of p5-*, or
c) have any dependency on any p5-* package
Like last time, where this caused no complaints.
Bump PKGREVISION.
Introduction:
=============
This patch fixes one buffer overflow problem in sgLog.c when overlong URLs
are requested. SquidGuard will then go into emergency mode were no blocking
occurs. This is not required in this situation.
The URLs must be build with a overlong sequence of slashes (/).
ATTENTION: While squidGuard will no longer go into emergeny mode when one
overlong URL is passed to it, it is possible to use the overlong URL to
bypass the filter. This vulnerability is not fixed by this patch!
You can check if this vulnerability is actually exploited on your system
by checking the logfile squidGuard.log for the following warning (provided
you have not used the option --with-nolog=yes with configure before compiling
squidguard):
Warning: Possible bypass attempt. Found multiple slashes where only one is expected:
* Included last fixes for 1.4 final.
* Some cleanup and fine work: added information about "-b" parameter to the
help output. Added "!" to the list of allowed characters in urls.
* Added a switch to turn on the progress bar.
* Bug fixes.
* Added MySQL support for authentication.
pkgsrc changes:
- Honor squidGuard's name.
- Use PKGINSTALL frame work.
- More integration to squid; common configuration and logging directories.
Now depends on squid package.
- Switch to use db4; it might be selectable by option.
- Install some examples of configuration.
Todo:
- LDAP support option.
- Installing documents.
- DESTDIR support.
Release 1.3
2007-09-19 Included configurable logging. New configure option --nolog
suppress all runtime logmessages. Start and stop is still logged.
Default behaviour is now to log the non debug messages except
when the runtime option -d is supplied to squidGuard. May need
some more finetuning in later versions. (bug 11)
Made some slight changes to the outdated FAQ file.
2007-09-13 Modified auth code to work with and without ldap (choosing
subroutine rfc1738_unescape or sgFindUser in sg.y.in)
2007-08-20 Corrected include statement in sg.h.in.
2007-07-16 Added patch by Marc Clayton to include a progressbar to the
build of the database files (bug 6).
2007-07-01 Added patch by Eric Harrison to enable full sed compliance
to rewrite statements (bug 7).
2007-06-02 Corrected missing evaluation of configure parameters for
logdir, dbhome and config file (bug 11).
2007-05-25 Added patch from satish to block urls entries that include
hostnames (bug 4).
2007-05-20 Fixed broken regex evaluation (bug 12)
Fixed a compile problem on some systems (bug 10).
2007-05-10 Corrected an issue with the fix for the double
slash vulnerability (incorrectly found double
slashes) (bug 1).
Release 1.2.1
2007-04-10 Fixed multiple slash bypass vulnerabilty.
2007-03-17 Fixed some bugs in squidGuard-simple.cgi and added a
German version of it.
2007-03-16 Fixed encoding bypass vulnerabilty.
2007-03-16 Updated y.tab.c.bison and y.tab.h.bison to the recent
version.
2007-02-02 Fixed bug in user authentication.
2007-01-20 Fixed some typos which broke compilation on Sun Solaris
when using the Sun CC compiler.
2007-01-12 Corrected unproper evaluated if-clause, which broke the
BerkeleyDB 2 compatibility.
Fixed minor typo in samples/Makefile.in.
2006-12-29 Replaced the sleepycat links from the configure program with
the oracle links.
Corrected typo in Makefile.in.
2006-12-16 Removed a stupid bug from the Makefile in the docs directory.
2006-12-10 Removed references to squidguard.org in Makefile.in in the
Doc directory (squidguard.org is down).
Added ISSUES.txt file about known problem with the current
code (any information that is missing and should go in there
is gladly welcomed).
2006-06-17 Release now supports LDAP queries for authentication:
Added Chris Frey's ldap patches and fixes (03, 05, 06,
07 and 10; Patches from:
http://www.netdirect.ca/software/category.php?cat=SquidGuard).
The LDAP feature can be included during the configure run
by setting --with-ldap. Per default ldap support will not
be compiled in.
Added a fix provided by Francesco Ranieri to solve an issue
with the (un)escaping of the authentication "domain%5cusername".
Patch Release 1.2.0p3
2005-12-09 Modfied configure Skript to allow to specify the name of
the useraccount the squid cache is using.
Modified Makefile.in that during the installation the
necessary squidGuard directories are created if they are
not existing. Additionally a default configuration file
will be copied to the default location for squidGuard unless
an old one is found there.
Patch Release 1.2.0p2
2005-10-13 Added Adam Gorski's bugfix to correct a a null pointer access
bug in logging.
Added Chris Freys bugfix a bug where it won't search the url
db if the domain db is empty.
Added Chris Frey's buffer overflow checks (except for commenting
out the part from line 446 to 470 in sgDb.c).
(Patches from:
http://www.netdirect.ca/software/category.php?cat=SquidGuard)
Patch Release 1.2.0p1
2005-10-11 Added support for Berkeley DB 4.x
in the process. (More information on tech-pkg.)
Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and
installing .la files.
Bump PKGREVISION (only) of all packages depending directly on the above
via a buildlink3 include.
squidGuard is a combined filter, redirector and access controller plugin
for Squid. It can be used to:
* limit the web access for some users to a list of accepted/well known web
servers and/or URLs only.
* block access to some listed or blacklisted web servers and/or URLs
for some users.
* block access to URLs matching a list of regular expressions or words
for some users.
* enforce the use of domainnames/prohibit the use of IP address in URLs.
* redirect blocked URLs to an "intelligent" CGI based info page.
* redirect unregistered user to a registration form.
* redirect popular downloads like Netscape, MSIE etc. to local copies.
* redirect banners to an empty GIF.
* have different access rules based on time of day, day of the week, date etc.
* have different rules for different user groups.
* and much more..
