squidGuard is a combined filter, redirector and access controller plugin
for Squid. It can be used to:
* limit the web access for some users to a list of accepted/well known web
servers and/or URLs only.
* block access to some listed or blacklisted web servers and/or URLs
for some users.
* block access to URLs matching a list of regular expressions or words
for some users.
* enforce the use of domainnames/prohibit the use of IP address in URLs.
* redirect blocked URLs to an "intelligent" CGI based info page.
* redirect unregistered user to a registration form.
* redirect popular downloads like Netscape, MSIE etc. to local copies.
* redirect banners to an empty GIF.
* have different access rules based on time of day, day of the week, date etc.
* have different rules for different user groups.
* and much more..
Changes in release 0.21.3:
* Fix segfault if using proxy server with SSL session and server
certificate verification fails.
* Fix leak of proxy hostname once per session (if a proxy is used).
* Add --with-libs configure argument; e.g. --with-libs=/usr/local picks
up any support libraries in /usr/local/{lib,include}
Changes in release 0.21.2:
* Fix 'make install' for VPATH builds.
* Use $(mandir) for installing man pages (Rodney Dawes).
* Follow some simple (yet illegal) relativeURI redirects.
* Always build ne_compress.obj in Win32 build (Branko Èibej).
* Fix decompression logic bug (Justin Erenkrantz <jerenkrantz@apache.org>)
(could give a decompress failure for particular responses)
* Fix ne_proppatch() to submit lock tokens for available locks.
* More optimisation of ne_sock_readline.
Changes in release 0.21.1:
* Don't include default SSL port in Host request header, which can
help interoperability with misbehaving servers (thanks to Rodney Dawes
<dobey@ximian.com>).
* Don't give a "truncated response" error from ne_decompress_destroy if
the acceptance function returns non-zero.
* Fix for Win32 build (Sander Striker <striker@apache.org>).
* Fix for cookie name/value being free()d (thanks to Dan Mullen).
* Optimisation of ne_sock_readline.
Changes in release 0.21.0:
* Socket layer implements read buffering; efficiency and performance
improvement. Based on work by Jeff Johnson <jbj@redhat.com>
* Cleanup of socket interface:
- renamed everything, s/sock_/ne_sock_/, s/SOCK_/NE_SOCK_/
- removed unused and inappropriate interfaces.
- renaming done by Olof Oberg <mill@pedgr571.sn.umu.se>
- see src/ChangeLog for the gory details.
* Fix typoed 'ne_destroy_fn' typedef (Olof Oberg).
* Support OpenSSL/ENGINE branch.
* Bogus ne_utf8_encode/decode functions removed.
* ne_base64() moved to ne_string.[ch].
* ne_token drops 'quotes' parameter; ne_qtoken added.
* ne_buffer_create_sized renamed to ne_buffer_ncreate.
* ne_xml_get_attr takes extra arguments and can resolve namespaces.
* ne_accept_response function type takes const ne_status pointer.
* Drop support for automatically following redirects:
- ne_redirect_register just takes a session pointer
- ne_redirect_location returns an ne_uri pointer
* configure changes: --with-ssl and --with-socks no longer take a directory
argument. To use SOCKS or SSL libraries/headers in non-system locations,
use ./configure CPPFLAGS=-I/... LDFLAGS=-L/...
* Reference documentation included for most of ne_alloc.h and ne_string.h,
and parts of ne_session.h and ne_request.h.
- see installed man pages, HTML documentation.
Changes in release 0.20.0:
* Major changes to DAV lock handling interface (ne_locks.h):
- struct ne_lock uses a full URI structure to identify locked resource
- ne_lock() requires that owner/token fields are malloc-allocated (or NULL)
on entry
- introduce a "lock store" type, ne_lock_store, to replace the lock session;
accessor functions all renamed to ne_lockstore_*.
- ne_lock_iterate replaced with a first/next "cursor"-style interface
- If: headers use an absoluteURI (RFC2518 compliance fix).
- fix for handling shared locks on DAV servers which return many active locks
in the LOCK response (thanks to Keith Wannamaker)
* Moved URI/path manipulation functions under ne_* namespace (ne_uri.h):
- path handling functions renamed to ne_path_*
- URI structure handling to ne_uri_*; struct uri becomes ne_uri.
- ne_uri_parse doesn't take a 'defaults' parameter any more
- if URI port is unspecified, ne_uri_parse sets port to 0 not -1.
- added ne_uri_unparse and ne_uri_defaultport functions.
* New 'ne_fill_server_uri' function to initialize a URI structure with
the server details for a given session (useful with locks interface).
* ne_decompress_{reader,destroy} are defined as passthrough-functions
if zlib support is not enabled.
* API change: ne_ssl_provide_fn returns void not int.
* Added NE_SSL_FAILMASK for verify failure sanity check.
* Removed return codes NE_SERVERAUTH and and NE_AUTHPROXY; correct
documentation, NE_PROXYAUTH is given for proxy auth failure.
* Require zlib >= 1.1.4 to avoid possible vulnerability in earlier versions.
See http://www.gzip.org/zlib/advisory-2002-03-11.txt for more details.
(version check can be skipped by passing --with-force-zlib to configure)
* New 'ne_ssl_readable_dname' function to create a human-readable string
from an X509 distinguished name.
* Fix support for newer versions of libxml2 (thanks to Jon Trowbridge
<trow@gnu.org>).
* Fix corruption of reason_phrase in status object returned by
ne_propset_status.
* More lenient handling of whitespace in response headers.
* ne_content_type_handler will give a charset of "ISO-8859-1" if no charset
parameter is specified for a text/* media type (as per RFC2616).
* Miscellaneous cleanups and fixes (Jeff Johnson <jbj@redhat.com>).
Changes in release 0.19.4:
* Support bundled build of expat 1.95.x (Branko Èibej).
Update submitted by Joel Wilsson <joelw@unix.se> in PR 17812.
PTHREAD_OPTS. This allows us to ignore the "require" inherited from the
glib/buildlink.mk file, which was originally causing "require native" to
be used for mozilla and was causing build problems on platforms without
native pthreads.
comes from devel/glib/buildlink. devel/glib requires a pthread library but
www/mozilla optionally wants a native pthread library. Checking for
PTHREAD_TYPE != "native" will work, but we may want to consider expanding
the capabilities of pthread.buildlink.mk to cover this scenario.
size and in the correct format, it is not re-encoded (losing quality)
anymore but just copied.
Problem noted by Jeff McMahill. Andrew Brown and Jaromir Dolecek helped
me with perl.
Bump PKGREVISION.
Give Apache a user and group by default, not only with suexec.
The variables for this have changed from APACHE_SUEXEC_USER and
APACHE_SUEXEC_GROUP to APACHE_USER and APACHE_GROUP.
Mention 'Apache' in COMMENT.
Use variables for the version number instead of copying it around.
Bump PKGREVISION.
For apache{,6}:
Change paths to /var/httpd instead of /var/spool/httpd.
Honour STRIPFLAG.
Add --without-confadjust as configure argument.
Enable the 'define' module.
For apache:
Enable proxy module on NOPIC platforms.
Some of these changes are based on pkg/17469 by Greg A. Woods, some on
comments by Johnny Lam.
Reviewed by Johnny Lam.
Changes since 5.10:
o more man page fixes from Thomas Klausner
o de-K&R C-ification
o fix Date: header for daemon mode
o fix core dump when asking for /cgi-bin/ when CGI isn't configured
o use a valid Server: header
hard coding /etc/bins.
install a default binsrc as an example which can be copied to
${PKG_SYSCONFDIR}/bins/binsrc and/or ~/.bins/binsrc
bump PKGREVISION to bins-1.1.10nb1
"file" is in "path"'s allocation. This fixes a bug where the server task
would randomly try to acces a file as a directory, and fail. Bump
PKGREVISION, as this was a fairly serious bug.
* Fix diffs between tags
* Fix duplicate accesskeys and id's in the "front" page
* Fix typo in JavaScript download window parameter
* Include query string in JavaScript download links in order to unbreak
downloads from non-default CVS roots
* Don't display @ForbiddenFiles in directory listings; also make sure their
logs are not accessible via direct URLs
* Fix dir sort order breakage when there are rogue files in the repository
dir and the sort order is not by file name
* Add -f; avoid reading ~/.cvsrc
Bug Fixes:
Install two DLLs for the Win32 version. Don't crash for HTTP servers that send
headers prefixed with whitespace. Make the "edit selected entry" option work.
Don't write uncompressed data to the cache with a header saying it is
compressed. Be more lenient in detecting spiders that cannot make requests.
The wwwoffle-tools programs now handle dir names as if they had http:// in
front. Disallow wwwoffle requests for protocols that WWWOFFLE does not
handle. Use the command line config filename in error messages. Fix to allow
compilation on SGI IRIX. Handle XHTML style tags when modifying HTML. Updated
setuid/setgid code. Some memory leaks removed and potential crashes removed
due to using lint).
New Features:
Split up Set-Cookie headers since browsers can't handle them.
Don't request deflated data since WWWOFFLE and servers don't agree on format.
Added a form on the monitor options page to stop monitoring a URL.
The confirm-requests option now asks for confirmation for page reloads.
Documentation:
Update FAQ to reference privoxy as well as JunkBuster.
Describe how to modify htdig templates to work with WWWOFFLE.
1) Linking a shared library against a static "socks{4,5}" library
does not have the desired effect of eliminating the dependency on
"socks" (not as it does for binaries).
2) No package linked against "libwww" seems to actually utilize
"socks".
Also bump the PKGREVISION and buildlink DEPENDS to the current level,
and liberalize the (formal) dependency on "openssl", for the benefit
of pre-NetBSD-1.5 systems. From now on, we can have no more issues
with "openssl" or "socks{4,5}" versions, as only the libwwwssl.*
shared libraries carry a run-time dependency on "openssl", but no
package links against them, and no "libwww" shared libraries can carry
a run-time dependency on any "socks" libraries. [Previous versions, of
course, may have had issues -- see PR 17010, which this is a partial
fix for.]
from ChangeLog:
- Lots of patches from Daniel for various things..
- Martin Robinson sent a patch for find dialog where it keeps the last search
term, I'll improve this later on.
- Agh! the typo that made the minimum font size not stick was back! fixed
again. Thanks to Daniel for finding out.
- Add a wrapper for all gtk_moz_embed_load_url() -->
_skipstone_load_url() for
skipstone internal use only and it adds a grab_focus on the embedding
widget
to help Daniel out on his upcoming kiosk mode patch.
- Patch from Devik to fix --enable-cvs-mozilla and fix
compilation on mozilla 1.0rc3
- Patch from Daniel for fixing minor leaks when config files don't
exist.
- Added an Up button plugin, must place an up.xpm inside your theme
directory or it won't display a pixmap
