Package Release Info


Update Info: Base Release
Available in Package Hub : 15 SP5





Change Logs

Version: 1.6.0-bp154.1.20
* Wed Apr 28 2021 Ferdinand Thiessen <>
- Update to debian maintained version 1.6.0:
  * Add support for IPv6 protocol (as in squid 3.x)
  * Bugfix: Convert special characters to fix XSS security problem.
  * Move text files to UTF-8 format.
  * Fix for missing content after percent sign
  * Fix for working (only) with squid 3.4 and higher.
- Update to debian maintained version 1.5.1
  * Updated links in documentation and sample files.
  * Use newer OpenLDAP search
  * Enable 'ldap deprecated' flag.
- Update to debian maintained version 1.5.0
  * Fixed a problem with Berkeley DB 5.x
  * Fixed inconsistent blocking.
  * Added Russian translation to
  * Added a feature to send log messages to syslog
  * Anonymized passwords (for connecting to the ldap or mysql
    server) written to logfiles when squidGuard is starting.
  * Added patch to check IP addresses against LDAP.
  * Added patch to allow quoted strings in the configuration file
  * Fixed a problem with regular expressions.
  * Added patch to enable blocking against DNS based blacklists
- Update to debian maintained version 1.4.1
  * Fix of a bypass problem with URLs which length is close to
    the limit defined by MAX_BUF in squidGuard and MAX_URL in
    squid. Increasing the buffer limit to be higher than the one
    defined in MAX_URL solves the issue.
  * Fix of another bypass problem, which is related to the
    definition of these buffer limits.
  * Fix of one buffer overflow problem in sgLog.c when overlong
    URLs are requested
  * Fixes CVE-2009-3700, CVE-2009-3826 and CVE-2015-8936
- Refreshed squidGuard-config.patch
- Refreshed default_config_pathfixes.patch
- Refreshed and renamed squidGuard-1.4-mysql.patch
  to squidGuard-mysql.patch
- Dropped upstream fixed patches
  * xss_fix_02_2015.patch
  * squidGuard-CVE-2009-3826.patch
  * squidGuard-CVE-2009-3700.patch
  * squidGuard-1.4_upgrade.patch
  * squidGuard-Makefile.patch
  * type_fixes.patch
* Fri Jun 19 2020 Martin Pluskal <>
- Fix building with gcc10
* Mon Jul 08 2019 Martin Wilck <>
- Use "su" directive in logrotate conf file (boo#1104856)
- Set user write permissions on /var/lib/squidGuard/db/blacklist
- Get rid of SysV init call in postrotate script
Version: 1.4-bp150.2.3
* Wed Feb 28 2018
- Cleanup with spec-cleaner
* Wed Feb 28 2018
- remove patches that modify generated code instead of template.
  They are already in the template and are unnedded.
  + squidGuard-trailing_dot.patch
  + squidGuard-unusual_url_end.patch
- update patches removing parts that update generated code
  + squidGuard-1.4_upgrade.patch
  + type_fixes.patch
- remove generated code before applying patches
- use SPDX 3.0 license and install it correctly
  squidGuard is GPL-2.0-only
* Thu Feb 15 2018
- Enable LDAP support (bnc#1081012)
- type_fixes.patch: Actually define functions so use use correct
  pointer sizes on 64-bit arches once LDAP support is enabled.
- Minor specfile and description cleanup
- Fix building on SLE12 by removing useless BR: on lynx
* Wed Oct 04 2017
- Merge SLE changes into Factory
* Thu Jun 29 2017
- default_config_pathfixes.patch:
  reference only existing filter lists in default installed config
* Mon Jun 20 2016
- add xss_fix_02_2015.patch:
  o fix XSS possibility in blocked error page by escaping all
    < and > in the printed url (CVE-2015-8936, bnc#985612)
- fix URL in README so it doesn't point at non-existent page
* Tue Mar 10 2015
- fix squid 3.4 error witch patch squidGuard-1.4_upgrade.patch
  see (bnc#1040757)
* Sat Mar 07 2015
- fix permissions for blacklist, conf, dbhome and logdir,
  so other tools like squidguardmanager can access
* Wed Sep 24 2014
- SuSE -> SUSE [bnc#889003]
* Thu Oct 14 2010
- fix squidGuard-CVE-2009-3826.patch patch
* Thu Jul 29 2010
- add squidGuard-CVE-2009-3700.patch,
  squidGuard-CVE-2009-3826.patch (bnc#550930)
* Wed Jul 14 2010
- add "missingok" to logrotate configuration
  (no logfile if never used causing error from cron when
  running logrotate)
* Wed Oct 14 2009
- fixed deps for SLES_9
  o Unknown tag: Recommends:
* Sat Oct 10 2009
- fix deps
  o PreReq: http_proxy
  o osc meta -e prjconf Prefer: squid3
* Fri Oct 09 2009
- fixed lost mods from kssingvo 20070702
  o "Requires: http_proxy"  now, as squid3 is an alternative
- spec
  o sorted TAGS
- rpmlint
  o non-utf8-spec-file
* Sat Sep 26 2009
- update to 1.4:
  + some fixes
  + Added MySQL support for authentication. The database is
    assumed to be configured on localhost.
  + Fixed to comply with the autoconf standard
  + Fixed broken "make test"
  + Added new runtime parameter "-P". This parameter changes
    the default behaviour from stop (emergency mode) to pass
    when an error in building the database files occurs. So
    this parameter only works in connection with the runtime
    paramter "-C". Before using "-P" in your environment
    make sure that nothing breakes when the building of the
    db files fail.
  + Added Spanish translation to squidGuard.cgi
- enabled --nolog option
- enabled mysql auth
- removed squidGuard-1.3-bl_less_noise.patch (upstream)
- adapted squidGuard-1.3-config.patch
- split up doc package
- package the cgi scripts (and babel files) in /srv/www/cgi-bin
- package blocked.gif in /srv/www/htdocs/images
- added squidGuard.logrotate script
* Tue Jul 22 2008
- added latest upstream patch (20080714) as two individual patches:
  * fix for squid complaining about progress bar
  * fix if URL was requested which ends with "://"
* Wed Jul 02 2008
- added latest upstream patch (20080613) as trailing_dot.patch
- "Requires: http_proxy"  now, as squid3 is an alternative
* Thu Nov 29 2007
- update to version 1.3:
  * Included configurable logging. New configure option --nolog
    suppress all runtime logmessages. Start and stop is still
    logged. Default behaviour is now to log the non debug
    messages except when the runtime option -d is supplied to
    squidGuard. May need some more finetuning in later versions.
    (bug 11) Made some slight changes to the outdated FAQ file.
  * Modified auth code to work with and without ldap (choosing
    subroutine rfc1738_unescape or sgFindUser in
  * Corrected include statement in
  * Added patch by Marc Clayton to include a progressbar to the
    build of the database files (bug 6).
  * Added patch by Eric Harrison to enable full sed compliance to
    rewrite statements (bug 7).
  * Corrected missing evaluation of configure parameters for
    logdir, dbhome and config file (bug 11).
  * Added patch from satish to block urls entries that include
    hostnames (bug 4).
  * Fixed broken regex evaluation (bug 12)
  * Fixed a compile problem on some systems (bug 10).
  * Corrected an issue with the fix for the double slash
    vulnerability (incorrectly found double slashes) (bug 1).
- fixed build/config issues
* Wed Jul 04 2007
- fixes from upstream:
  * double slash bug fix extracted from Patch-20070513 tarball
  * regexp bug fix extracted from Patch-20070520 tarball
  * compiler bug fix extracted from Patch-20070520 tarball